------------------------------------------------------------------ --- Changelog.all ----------- Thu Apr 27 16:00:55 UTC 2023 ------ ------------------------------------------------------------------ ------------------------------------------------------------------ ------------------ 2023-4-25 - Apr 25 2023 ------------------- ------------------------------------------------------------------ ++++ libtpms: - 0001-tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch: Fixes CVE-2023-1017 & CVE-2023-1018: fixed memory corruptions in CryptParameterDecryption (bsc#1206022 bsc#1206023) ------------------------------------------------------------------ ------------------ 2023-4-21 - Apr 21 2023 ------------------- ------------------------------------------------------------------ ++++ libxml2: - Security update: * [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings isn't deterministic - Added patch libxml2-CVE-2023-29469.patch * [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in xmlSchemaFixupComplexType - Added patch libxml2-CVE-2023-28484-1.patch - Added patch libxml2-CVE-2023-28484-2.patch - Remove unneeded dependency (bsc#1209918). ++++ libxml2-python: - Security update: * [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings isn't deterministic - Added patch libxml2-CVE-2023-29469.patch * [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in xmlSchemaFixupComplexType - Added patch libxml2-CVE-2023-28484-1.patch - Added patch libxml2-CVE-2023-28484-2.patch - Remove unneeded dependency (bsc#1209918). ------------------------------------------------------------------ ------------------ 2023-4-19 - Apr 19 2023 ------------------- ------------------------------------------------------------------ ++++ dmidecode: - use-read_file-to-read-from-dump.patch: Fix an old harmless bug which would prevent root from using the --from-dump option since the latest security fixes (bsc#1210418). ------------------------------------------------------------------ ------------------ 2023-4-18 - Apr 18 2023 ------------------- ------------------------------------------------------------------ ++++ glib2: - Update glib2-fix-normal-form-handling-in-gvariant.patch: Backported from upstream to fix regression on s390x. (bsc#1210135, glgo#GNOME/glib!2978) ------------------------------------------------------------------ ------------------ 2023-4-14 - Apr 14 2023 ------------------- ------------------------------------------------------------------ ++++ dmidecode: Security fixes (CVE-2023-30630) - dmidecode-split-table-fetching-from-decoding.patch: dmidecode: Clean up function dmi_table so that it does only one thing (bsc#1210418). - dmidecode-write-the-whole-dump-file-at-once.patch: When option - -dump-bin is used, write the whole dump file at once, instead of opening and closing the file separately for the table and then for the entry point (bsc#1210418). - dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch: Make sure that the file passed to option --dump-bin does not already exist (bsc#1210418). - ensure-dev-mem-is-a-character-device-file.patch: Add a safety check on the type of the mem device file we are asked to read from, if we are root (bsc#1210418). 3 recommended fixes from upstream: - dmioem-typo-fix-virutal-virtual.patch: Simple typo fix in a user-visible string. - dmidecode-fortify-entry-point-length-checks.patch: Ensure that the SMBIOS entry point is long enough to include all the fields we need. - dmioem-hpe-oem-record-237-firmware-change.patch: Properly decode the last field of HPE OEM record type 237. ------------------------------------------------------------------ ------------------ 2023-4-12 - Apr 12 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). - mtdblock: tolerate corrected bit-flips (git-fixes). - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes). - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). - commit 6504d96 ------------------------------------------------------------------ ------------------ 2023-4-11 - Apr 11 2023 ------------------- ------------------------------------------------------------------ ++++ avahi: - Add avahi-CVE-2023-1981.patch: emit error if requested service is not found (boo#1210328 CVE-2023-1981). ++++ kernel-default: - tracing: Add trace_array_puts() to write into instance (git-fixes). - commit 059865f - blacklist.conf: add a not-relevant ftrace commit - commit 2220417 - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). - commit 03fd814 - tracing: Free error logs of tracing instances (git-fixes). - commit b4f001c - tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). - commit b3421ec - ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). - commit 46954c5 - ring-buffer: Fix race while reader and writer are on the same page (git-fixes). - commit c740036 - rcu: Fix rcu_torture_read ftrace event (git-fixes). - commit cb9e9b0 - mm: mmap: remove newline at the end of the trace (git-fixes). - commit 01340e1 - tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). - commit f76dcf0 ------------------------------------------------------------------ ------------------ 2023-4-10 - Apr 10 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - cifs: double lock in cifs_reconnect_tcon() (git-fixes). - commit cdf6666 ------------------------------------------------------------------ ------------------ 2023-4-9 - Apr 9 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - kABI workaround for xhci (git-fixes). - commit cbab93c - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). - iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). - iio: light: cm32181: Unregister second I2C client if present (git-fixes). - iio: adc: ad7791: fix IRQ flags (git-fixes). - iio: adis16480: select CONFIG_CRC32 (git-fixes). - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). - tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes). - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). - tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). - usb: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). - usb: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes). - xhci: Free the command allocated for setting LPM if we return early (git-fixes). - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes). - usb: xhci: tegra: fix sleep in atomic call (git-fixes). - nilfs2: fix sysfs interface lifetime (git-fixes). - commit 3aae146 ------------------------------------------------------------------ ------------------ 2023-4-8 - Apr 8 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - gpio: davinci: Add irq chip flag to skip set wake (git-fixes). - gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). - commit b56644c ------------------------------------------------------------------ ------------------ 2023-4-7 - Apr 7 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP platform (git-fixes). - commit f336cd9 - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes). - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes). - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). - pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). - pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). - platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). - platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes). - commit a8eaaa9 ++++ mozilla-nss: - Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) with fixes to PBKDF2 parameter validation. ++++ wayland: - U_util-Limit-size-of-wl_map.patch U_util-set-errno-when-hitting-WL_MAP_MAX_OBJECTS.patch * fixes Reference-count overflow in libwayland-server SHM handling (CVE-2021-3782, bsc#1190486) ------------------------------------------------------------------ ------------------ 2023-4-6 - Apr 6 2023 ------------------- ------------------------------------------------------------------ ++++ grub2: - Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064) (bsc#1209234) * 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch - Fix installation over serial console ends up in infinite boot loop (bsc#1187810) (bsc#1209667) (bsc#1209372) * 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch ++++ kernel-default: - btrfs: fix race between quota disable and quota assign ioctls (CVE-2023-1611 bsc#1209687). - commit dcf095c - Update patches.suse/Fix-double-fget-in-vhost_net_set_backend.patch (git-fixes bsc#1210203 CVE-2023-1838). Added CVE reference. - commit 39f99de - Input: focaltech - use explicitly signed char type (git-fixes). - Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). - drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). - fbdev: au1200fb: Fix potential divide by zero (git-fixes). - fbdev: lxfb: Fix potential divide by zero (git-fixes). - fbdev: intelfb: Fix potential divide by zero (git-fixes). - fbdev: nvidia: Fix potential divide by zero (git-fixes). - fbdev: tgafb: Fix potential divide by zero (git-fixes). - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). - ALSA: asihpi: check pao in control_message() (git-fixes). - ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). - commit 83ef835 ------------------------------------------------------------------ ------------------ 2023-4-5 - Apr 5 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: b8ac29b40183 timekeeping: contribute wall clock to rng on time change Breaks kABI and not critical - commit 3ea8922 - timers: Prevent union confusion from unexpected (git-fixes) - commit 80b3ef6 - alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) - commit 67d84fc - wireguard: ratelimiter: use hrtimer in selftest (git-fixes) - commit b77ea41 - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168 CVE-2023-0394). - commit cab54ec - Refresh patches.suse/scsi-qla2xxx-Add-option-to-disable-FC2-Target-suppor.patch. - commit c7b89ec - blacklist.conf: cosmetic, not a fix - commit 524a401 - Refresh patches.suse/HID-u2fzero-ignore-incomplete-packets-without-data.patch. added alternate commit ID - commit d8e619b - clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). - commit 5ced514 - usb: ucsi: Fix ucsi->connector race (git-fixes). - commit 513d457 ++++ harfbuzz: - Add CVE-2023-25193.patch: limit how far we skip when looking back (bsc#1207922 CVE-2023-25193). ------------------------------------------------------------------ ------------------ 2023-4-4 - Apr 4 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Define kernel-vanilla as source variant The vanilla_only macro is overloaded. It is used for determining if there should be two kernel sources built as well as for the purpose of determmioning if vanilla kernel should be used for kernel-obs-build. While the former can be determined at build time the latter needs to be baked into the spec file template. Separate the two while also making the latter more generic. $build_dtbs is enabled on every single rt and azure branch since 15.3 when the setting was introduced, gate on the new $obs_build_variant setting as well. - commit 36ba909 - USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). - commit 632f169 - Refresh patches.suse/drm-amd-display-Fail-atomic_check-early-on-normalize.patch (git-fixes) Alt-commit - commit ceb3eab - Refresh patches.suse/drm-amdgpu-fence-Fix-oops-due-to-non-matching-drm_sc.patch (git-fixes) Alt-commit - commit c85372d - Refresh patches.suse/drm-amd-display-fix-issues-with-driver-unload.patch (git-fixes) Alt-commit - commit e974612 - Refresh patches.suse/drm-amd-display-Fix-COLOR_SPACE_YCBCR2020_TYPE-matri.patch (git-fixes) Alt-commit - commit 7941903 - Refresh patches.suse/drm-amd-display-Calculate-output_color_space-after-p.patch (git-fixes) Alt-commit - commit 107d5d6 ------------------------------------------------------------------ ------------------ 2023-4-3 - Apr 3 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). - nvme-tcp: always fail a request when sending it failed (bsc#1208902). - commit 8d76faa - cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). - commit edea1ec - cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). - commit dd2e168 - cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). - commit e5fbb85 - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). - commit 435fcff - platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). - platform/x86: think-lmi: certificate support clean ups (bsc#1210050). - platform/x86: think-lmi: Certificate authentication support (bsc#1210050). - platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). - platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). - platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). - platform/x86: think-lmi: Opcode support (bsc#1210050). - platform/x86: think-lmi: add debug_cmd (bsc#1210050). - commit 49b6cc8 - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - commit 41ac816 - platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). - platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). - platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). - platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). - platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). - platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). - platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). - platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). - platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). - platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). - platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). - platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). - platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). - platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). - platform/x86: thinkpad_acpi: Don't use test_bit on an integer (bsc#1210050). - platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). - platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). - platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). - platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). - platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). - platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). - platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). - platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). - platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). - platform/x86: thinkpad_acpi: Remove "goto err_exit" from hotkey_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). - platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). - platform/x86: thinkpad_acpi: Make *_init() functions return - ENODEV instead of 1 (bsc#1210050). - platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). - platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). - platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). - platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). - platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). - platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). - platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). - platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). - commit 9704026 - NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes). - commit bb218a4 ++++ openssl-1_1: - Security Fix: [CVE-2023-0465, bsc#1209878] * Invalid certificate policies in leaf certificates are silently ignored * Add openssl-CVE-2023-0465.patch - Security Fix: [CVE-2023-0466, bsc#1209873] * Certificate policy check not enabled * Add openssl-CVE-2023-0466.patch ------------------------------------------------------------------ ------------------ 2023-4-2 - Apr 2 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Input: alps - fix compatibility with -funsigned-char (bsc#1209805). - pinctrl: amd: Disable and mask interrupts on resume (git-fixes). - pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). - pinctrl: at91-pio4: fix domain name assignment (git-fixes). - commit 4704fd1 ------------------------------------------------------------------ ------------------ 2023-4-1 - Apr 1 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). - regulator: Handle deferred clk (git-fixes). - commit b056d1f ------------------------------------------------------------------ ------------------ 2023-3-31 - Mar 31 2023 ------------------- ------------------------------------------------------------------ ++++ glib2: - Add glib2-fix-normal-form-handling-in-gvariant.patch: Backported from upstream to fix normal form handling in GVariant. (CVE-2023-24593, CVE-2023-25180, bsc#1209714, bsc#1209713, glgo#GNOME/glib!3125) ++++ kernel-default: - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes). - commit 1abdd92 - ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). - ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes). - ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes). - commit 5254cf5 - remove "PCI: hv: Use async probing to reduce boot time" (bsc#1207185). - commit 9e80db8 - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). - r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). - net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). - ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). - ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). - ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). - thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). - thunderbolt: Disable interrupt auto clear for rings (git-fixes). - thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). - thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). - thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). - drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes). - net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). - ca8210: fix mac_len negative array access (git-fixes). - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes). - HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes). - ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes). - serial: fsl_lpuart: Fix comment typo (git-fixes). - serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes). - commit 182d88d ++++ timezone: - timezone update 2023c: * Revert changes made in 2023b - timezone update 2023b: * Lebanon delays the start of DST this year. - timezone update 2023a: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. - Refresh tzdata-china.diff ------------------------------------------------------------------ ------------------ 2023-3-30 - Mar 30 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - arch: fix broken BuildID for arm64 and riscv (bsc#1209798). - commit 2ca3471 - Fix error path in pci-hyperv to unlock the mutex state_lock - commit 3898057 - lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). - commit b3df611 ------------------------------------------------------------------ ------------------ 2023-3-29 - Mar 29 2023 ------------------- ------------------------------------------------------------------ ++++ containerd: - Update to containerd v1.6.19 for Docker v23.0.2-ce. Upstream release notes: Includes fixes for: - CVE-2023-25153 bsc#1208423 - CVE-2023-25173 bsc#1208426 ++++ kernel-default: - Delete patches.suse/Makefile-link-with-z-noexecstack-no-warn-rwx-segment.patch. - Delete patches.suse/x86-link-vdso-and-boot-with-z-noexecstack-no-warn-rw.patch. Again, delete patches causing bsc#1209798, which were restored by accident. - commit bbfb5d1 - powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). - powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). - powerpc/kexec_file: fix implicit decl error (bsc#1194869). - powerpc/vmlinux.lds: Don't discard .comment (bsc#1194869). - powerpc/vmlinux.lds: Don't discard .rela* for relocatable builds (bsc#1194869). - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). - powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). - powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). - powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). - commit 3d61390 - blacklist.conf: Add fix not needed in 5.14 d80f6de9d601 powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case - commit 8fa612c - powerpc/btext: add missing of_node_put (bsc#1065729). - commit 986d3dc - net: asix: fix modprobe "sysfs: cannot create duplicate filename" (git-fixes). - commit f535630 - net: usb: asix: remove redundant assignment to variable reg (git-fixes). - commit c20b71b - net: usb: use eth_hw_addr_set() (git-fixes). - commit f6de603 - kvm: initialize all of the kvm_debugregs structure before sending it to userspace (bsc#1209532 CVE-2023-1513). - commit 0b16baa - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). - commit 8723ead - powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). - powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). - powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). - commit 6122a0b - Update patches.suse/prlimit-do_prlimit-needs-to-have-a-speculation-check.patch (bsc#1209256 CVE-2017-5753). - commit e09128d - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - commit 448e27d - blacklist.conf: cleanup, not a fix - commit 29c7dbf - blacklist.conf: cleanup, not fix - commit e3722ae - blacklist.conf: documentation update of a little used driver only - commit 9deed66 - blacklist.conf: documentation only - commit de3860f - s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). - commit 8168fab - PCI: hv: Use async probing to reduce boot time (bsc#1207185). - PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). - Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally" (bsc#1207185). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - commit b4eeab5 - Bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052 CVE-2023-28464). - commit 8b25016 ++++ runc: - Update to runc v1.1.5. Upstream changelog is available from . Includes fixes for the following CVEs: - CVE-2023-25809 bsc#1209884 - CVE-2023-27561 bsc#1208962 - CVE-2023-28642 bsc#1209888 * Fix the inability to use `/dev/null` when inside a container. * Fix changing the ownership of host's `/dev/null` caused by fd redirection (a regression in 1.1.1). bsc#1168481 * Fix rare runc exec/enter unshare error on older kernels. * nsexec: Check for errors in `write_log()`. - Drop version-specific Go requirement. ------------------------------------------------------------------ ------------------ 2023-3-28 - Mar 28 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - smb3: fix unusable share after force unmount failure (bsc#1193629). - commit 1091b58 - cifs: fix dentry lookups in directory handle cache (bsc#1193629). - commit 663c78d - smb3: lower default deferred close timeout to address perf regression (bsc#1193629). - commit bb31b2c - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). - commit 7a7c9a9 - cifs: avoid race conditions with parallel reconnects (bsc#1193629). - commit e64476f - cifs: append path to open_enter trace event (bsc#1193629). - commit 2eff580 - cifs: print session id while listing open files (bsc#1193629). - commit 851a108 - cifs: dump pending mids for all channels in DebugData (bsc#1193629). - commit 6d11c27 - cifs: empty interface list when server doesn't support query interfaces (bsc#1193629). - commit 9a0c2a5 - cifs: do not poll server interfaces too regularly (bsc#1193629). - commit 7762f86 - cifs: lock chan_lock outside match_session (bsc#1193629). - commit 4cfd2c2 - cifs: check only tcon status on tcon related functions (bsc#1193629). - commit 6e30684 - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466). - commit 3dab1fe - s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). - blacklist.conf: remove 9a39abb7c9aa - commit bbd2ed5 - s390/dasd: fix no record found for raw_track_access (bsc#1207574). - commit f363675 - Update references in patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch (bsc#1198400 bsc#1209779 CVE-2023-1637). - commit 87fc4f6 - Update references in patches.suse/NFSD-fix-use-after-free-in-nfsd4_ssc_setup_dul.patch (git-fixes bsc#1209788 CVE-2023-1652). - commit f81ee89 - platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). - platform/x86: think-lmi: only display possible_values if available (git-fixes). - platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). - platform/x86: think-lmi: add missing type attribute (git-fixes). - mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). - commit 0563887 - Revert "Revert "x86: link vdso and boot with -z noexecstack" (bsc#1209798)" This reverts commit 26c6d5069004c3a470d53c3a53228ad5d44aa2a5. - commit 4af196c - Revert "Revert "Makefile: link with -z noexecstack --no-warn-rwx-segments" (bsc#1209798)" This reverts commit 7db37fcbd312a083337d722b2c5543e6bf3a5c70. - commit e9292ed - Revert "Makefile: link with -z noexecstack --no-warn-rwx-segments" (bsc#1209798) This reverts commit 34f9acb95470d2d2543e314cadd40a0e1c0ee6e1. It causes problems on aarch64: ... BuildID Mismatch vmlinux= vmlinux_debuginfo= - commit 7db37fc - Revert "x86: link vdso and boot with -z noexecstack" (bsc#1209798) This reverts commit dc30142edffcbb9537e3cc47b176cb97109792c7. It causes problems on aarch64: ... BuildID Mismatch vmlinux= vmlinux_debuginfo= - commit 26c6d50 ++++ podman: - Update to version 4.4.4: * Bump to v4.4.4 * Release notes for v4.4.4 * libpod: always use direct mapping * macos pkginstaller: do not fail when podman-mac-helper fails * podman-mac-helper: install: do not error if already installed * Bump to v4.4.4-dev - spec: Bump required version for libcontainers-common (bsc#1209495) ------------------------------------------------------------------ ------------------ 2023-3-27 - Mar 27 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - mm: memcg: fix swapcached stat accounting (bsc#1209804). - commit 8f8bc2f - xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). - commit 6692117 - xfs: remove xfs_setattr_time() declaration (git-fixes). - commit aa31e13 - blacklist.conf: Add da34a8484d16 mm: memcontrol: deprecate charge moving - commit 6635ae8 - blacklist.conf: Add c91bdc935899 mm: memcontrol: don't allocate cgroup swap arrays when memcg is disabled - commit 61fff14 - blacklist.conf: Add dbb16df6443c Revert "memcg: cleanup racy sum avoidance code" - commit 6069ccd - blacklist.conf: Add 9b3016154c91 memcg: sync flush only if periodic flush is delayed - commit b4b0020 - sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). - commit 40303b2 - Drop build fix patch causing a regression on aarch64 (bsc#1209798) Delete patches.suse/Makefile-link-with-z-noexecstack-no-warn-rwx-segment.patch - commit cc75cf8 - net: usb: lan78xx: Limit packet length to skb->len (git-fixes). - commit 53c4e74 - lan78xx: Fix memory allocation bug (git-fixes). - commit 8d1f2f9 - lan78xx: Fix race condition in disconnect handling (git-fixes). - commit 5612173 - lan78xx: Fix race conditions in suspend/resume handling (git-fixes). - commit 27662e3 - lan78xx: Fix partial packet errors on suspend/resume (git-fixes). - commit 6979f29 - lan78xx: Fix exception on link speed change (git-fixes). - commit f7c495b - lan78xx: Add missing return code checks (git-fixes). - Refresh patches.suse/lan78xx-Enable-LEDs-and-auto-negotiation.patch. - commit adb9750 - lan78xx: Remove unused pause frame queue (git-fixes). - commit f843fdb - lan78xx: Set flow control threshold to prevent packet loss (git-fixes). - commit 6bbd43a - lan78xx: Remove unused timer (git-fixes). - commit 685aa9a - lan78xx: Fix white space and style issues (git-fixes). - commit 7f22f3d - usb: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). - usb: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). - usb: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes). - usb: cdns3: Fix issue with using incorrect PCI device function (git-fixes). - usb: cdnsp: Fixes issue with redundant Status Stage (git-fixes). - usb: typec: tcpm: fix warning when handle discover_identity message (git-fixes). - usb: gadget: u_audio: don't let userspace block driver unbind (git-fixes). - usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). - usb: dwc3: Fix a typo in field name (git-fixes). - usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). - USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). - USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). - USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes). - USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes). - USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). - commit 7d86b44 ++++ mozilla-nss: - Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) to validate extra PBKDF2 parameters according to FIPS 140-3. ++++ installation-images-LeapMicro: - Drop leap-micro.patch as LeapMicro specific changes are already part of the source archive ------------------------------------------------------------------ ------------------ 2023-3-26 - Mar 26 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - hwmon: fix potential sensor registration fail if of_node is missing (git-fixes). - commit 07bdfd9 ------------------------------------------------------------------ ------------------ 2023-3-25 - Mar 25 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). - firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes). - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). - ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). - ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). - drm/i915/gt: perform uc late init after probe error injection (git-fixes). - drm/i915/active: Fix missing debug object activation (git-fixes). - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes). - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes). - i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes). - i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). - Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). - Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes). - wifi: mac80211: fix qos on mesh interfaces (git-fixes). - net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). - atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). - net: phy: Ensure state transitions are processed from phy_stop() (git-fixes). - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). - net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). - commit d23fee6 ------------------------------------------------------------------ ------------------ 2023-3-24 - Mar 24 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Refresh patches.suse/arm64-Avoid-repeated-AA64MMFR1_EL1-register-read-on-.patch. Patch is merged upstream. Update headers. - commit 1a36cd0 - Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681) linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly, they dropped *-71.ucode, hence the workaround leads to the firmware load failure. Drop the old workaround now. - commit 7a74f9a - arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) - commit 7b4b228 - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) - commit 33ca96b - arm64: dts: imx8mp: correct usb clocks (git-fixes) - commit 6f82a6d - blacklist.conf: ("lockdep: Fix -Wunused-parameter for _THIS_IP_") - commit a81781d - arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) - commit 3fb6c9b - arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) - commit 6bf0b7f - Update patches.suse/tun-avoid-double-free-in-tun_free_netdev.patch (bsc#1209635 CVE-2022-4744 git-fixes). Added CVE reference. - commit 730f781 - arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) - commit d75fe48 - net/sched: tcindex: update imperfect hash filters respecting rcu (CVE-2023-1281 bsc#1209634). - commit aced962 ++++ openssl-1_1: - Security Fix: [CVE-2023-0464, bsc#1209624] * Excessive Resource Usage Verifying X.509 Policy Constraints * Add openssl-CVE-2023-0464.patch ++++ podman: - Update to version 4.4.3: * Bump to v4.4.3 * Release notes for v4.4.3 * compat: /auth: parse server address correctly * vendor github.com/containers/common@v0.51.1 * pkginstaller: bump Qemu to version 7.2.0 * podman machine: Adjust Chrony makestep config * [v4.4] fix --health-on-failure=restart in transient unit * podman logs passthrough driver support --cgroups=split * journald logs: simplify entry parsing * podman logs: read journald with passthrough * journald: remove initializeJournal() * netavark: only use aardvark ip as nameserver * compat API: network create return 409 for duplicate * fix "podman logs --since --follow" flake * system service --log-level=trace: support hijack * podman-mac-helper: exit 1 on error * bump golang.org/x/net to v0.8.0 * Fix package restore * Quadlet - use the default runtime * Bump to v4.4.3-dev - Remove patch (merged upstream): * Quadlet-use-the-default-runtime.patch (https://github.com/containers/podman/pull/17601) ------------------------------------------------------------------ ------------------ 2023-3-23 - Mar 23 2023 ------------------- ------------------------------------------------------------------ ++++ drbd-utils: - bsc#1208922: fails to replace directory /lib/drbd with symlink * modify drbd-utils.spec to manipulate the symlink in %postun and %posttrans script ++++ grub2: - Fix aarch64 kiwi image's file not found due to '/@' prepended to path in btrfs filesystem. (bsc#1209165) * grub2-btrfs-05-grub2-mkconfig.patch ++++ kernel-default: - Delete patches.suse/trace-hwlat-make-use-of-the-helper-function-kthread_run_on_cpu.patch Cleanup commit ff78f6679d2e ("trace/hwlat: make use of the helper function kthread_run_on_cpu()") was added to SLE15-SP4 to avoid a conflict when backporting 08697bca9bbb ("trace/hwlat: Do not start per-cpu thread if it is already running"). However, the needed helper function kthread_run_on_cpu() is missing in this codestream. The rt_debug config enables hwlat and then failed to build. Revert adding the cleanup patch and instead adjust context of patches.suse/trace-hwlat-Do-not-start-per-cpu-thread-if-it-is-already-running.patch. - commit 86cbb00 - cifs: use DFS root session instead of tcon ses (bsc#1193629). - commit 67abae4 - cifs: return DFS root session id in DebugData (bsc#1193629). - commit cadd823 - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). - commit 596d51f - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). - commit 8d91ba8 - cifs: generate signkey for the channel that's reconnecting (bsc#1193629). - commit a188b7e - cifs: Fix smb2_set_path_size() (git-fixes). - commit 969e280 - cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). - commit 9c6865d - Refresh patches.suse/locking-rwbase-Mitigate-indefinite-writer-starvation.patch. Update patch metadata and move to sorted section. - commit b2600c8 - fs/proc: task_mmu.c: don't read mapcount for migration entry (CVE-2023-1582, bsc#1209636). - commit 7b0d6b1 - drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes). - drm/i915: Remove unused bits of i915_vma/active api (git-fixes). - commit d37a1a8 - Add the already cherry-picked id to a driver base patch - commit c16d60a - Add i915 revert on stable 5.15.y to blacklist It's fixed by the proper patch instead - commit 23d11f5 - tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes). - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes). - ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes). - drm/i915/psr: Use calculated io and fast wake lines (git-fixes). - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes). - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes). - drm/amdkfd: Fix an illegal memory access (git-fixes). - mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). - PCI/DPC: Await readiness of secondary bus after reset (git-fixes). - drm/i915/display: clean up comments (git-fixes). - drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). - drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). - drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). - commit f8f59a8 ++++ ldb: - Remove no longer needed ldb-memory-bug-15096-4.15-ldbonly.patch - Add cve-2023-0614.patch: Address CVE-2023-0614 - CVE-2023-0614: samba: Access controlled AD LDAP attributes can be discovered; (bsc#1209485); (bso#15270); - Update to version 2.4.4 + CVE-2022-32746 ldb: db: Use-after-free occurring in database audit logging module; (bso#15009); (bsc#1201490). ++++ lshw: - Update to version B.02.19.2+git.20230320 (bsc#1209531): * fix NVMe multipath detection * NVMe: fix logical name with native multipath ------------------------------------------------------------------ ------------------ 2023-3-22 - Mar 22 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - drm/i915: Don't use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Don't use stolen memory for ring buffers with LLC (git-fixes). - commit 60b6f88 - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - commit ec97cf5 - blacklist.conf: kABI - commit d693a6f - blacklist.conf: changes exports to user space in a way that is not a bug fix - commit f047586 - kconfig: Update config changed flag before calling callback (git-fixes). - commit 4822afa - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). - commit 263387d - af_unix: Get user_ns from in_skb in unix_diag_get_exact() (bsc#1209290 CVE-2023-28327). - commit dee84d8 - netlink: prevent potential spectre v1 gadgets (bsc#1209547 CVE-2017-5753). - commit 35271d8 - drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). - commit d8ec347 - keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). - commit 2977668 - KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi). - commit b299bd6 - SUNRPC: Fix a server shutdown leak (git-fixes). - NFSD: Protect against filesystem freezing (git-fixes). - NFS: fix disabling of swap (git-fixes). - nfs4trace: fix state manager flag printing (git-fixes). - NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes). - nfsd: fix race to check ls_layouts (git-fixes). - NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). - nfsd: zero out pointers after putting nfsd_files on COPY setup error (git-fixes). - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - pNFS/filelayout: Fix coalescing test for single DS (git-fixes). - SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes). - nfsd: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes). - nfsd: shut down the NFSv4 state objects before the filecache (git-fixes). - nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes). - NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). - NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4.1 provide mount option to toggle trunking discovery (git-fixes). - NFSv4: keep state manager thread active if swap is enabled (git-fixes). - commit 4ee2a42 ++++ multipath-tools: - Update to version 0.9.0+117+suse.78cc20b: * libmultipath: avoid grouping paths wrongly with "find_multipaths smart" (bsc#1209623) * fix multipath-tools build with liburcu 0.14.0 ++++ rp-pppoe: - Require iproute2 instead of net-tools ------------------------------------------------------------------ ------------------ 2023-3-21 - Mar 21 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - commit 757cf27 - struct dwc3: mask new member (git-fixes). - commit 29d28eb - USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). - commit 5d4bb23 - blacklist.conf: kABI - commit 1170e89 - blacklist.conf: kABI - commit fb6be59 - tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-fixes). - commit 5dae012 - ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). - commit e7730cf - tracing: Make splice_read available again (git-fixes). - commit 83c2809 - trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes). - commit b67192b - trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes). - commit 091a305 - trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). - commit 907b256 - tracing: Make tracepoint lockdep check actually test something (git-fixes). - commit b2e4082 - blacklist.conf: kABI - commit 6922af5 - ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes). - commit 59f3693 - tracing: Check field value in hist_field_name() (git-fixes). - commit a92eb30 - tracing: Do not let histogram values have some modifiers (git-fixes). - commit 2761bfa - tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-fixes). - commit 1bf9381 - ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes). - commit 94bd9c6 - blacklist.conf: add a not-relevant ftrace cleanup - commit 57cd4dc - debugfs: add debugfs_lookup_and_remove() (git-fixes). - commit 6f9f252 - Update patches.suse/scsi-ufs-ufs-mediatek-Fix-error-checking-in-ufs_mtk_init_va09_pwr_ctrl Adding CVE and bsc reference (git-fixes CVE-2023-23001 bsc#1208829). - commit 2128b6e - x86/perf/zhaoxin: Add stepping check for ZXC (git fixes). - perf/x86/intel: Add Emerald Rapids (git fixes). - perf/x86/intel/uncore: Add Emerald Rapids (git fixes). - perf/x86/msr: Add Emerald Rapids (git fixes). - perf/x86/rapl: Treat Tigerlake like Icelake (git fixes). - perf/core: Call LSM hook after copying perf_event_attr (git fixes). - perf/x86/amd: fix potential integer overflow on shift of a int (git fixes). - perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes). - perf: Fix possible memleak in pmu_dev_alloc() (git fixes). - bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes). - perf/x86/intel/pt: Fix sampling using single range output (git fixes). - perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes). - perf/x86/intel: Fix pebs event constraints for SPR (git fixes). - perf/x86/intel: Fix pebs event constraints for ICL (git fixes). - perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes). - x86/cpu: Add several Intel server CPU model numbers (git fixes). - perf/x86/rapl: Add support for Intel AlderLake-N (git fixes). - perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes). - perf/x86/uncore: Add new Raptor Lake S support (git fixes). - x86/cpu: Add CPU model numbers for Meteor Lake (git fixes). - x86/cpu: Add new Raptor Lake CPU model number (git fixes). - perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes). - perf/x86/intel: Fix pebs event constraints for ADL (git fixes). - perf/x86/intel/ds: Fix precise store latency handling (git fixes). - perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes). - perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes). - perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes). - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes). - perf/x86/intel: Fix event constraints for ICL (git fixes). - perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes). - perf/x86/uncore: Clean up uncore_pci_ids (git fixes). - perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes). - x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes). - perf/x86/intel: Don't extend the pseudo-encoding to GP counters (git fixes). - perf/core: Inherit event_caps (git fixes). - perf/x86/uncore: Add Raptor Lake uncore support (git fixes). - perf/x86/intel/pt: Relax address filter validation (git fixes). - x86/perf: Default set FREEZE_ON_SMI for all (git fixes). - perf: Always wake the parent event (git fixes). - x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes). - perf/x86/rapl: fix AMD event handling (git fixes). - x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes). - x86/cpu: Add Raptor Lake to Intel family (git fixes). - commit 74e398e - Refresh patches.suse/NFSv3-handle-out-of-order-write-replies.patch. Careless typo - might cause bsc#1209457 - commit 1d76618 ++++ zstd: - Fix CVE-2022-4899, bsc#1209533 * Fix buffer underflow when dir1 == "" * Disallow empty string as an argument for --output-dir-flat="" and --output-dir-mirror="". - Added patches: * Disallow-empty-output-directory.patch * Fix-buffer-underflow-for-null-dir1.patch ++++ shim: - Updated shim signature after shim 15.7 be signed back: signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458) ------------------------------------------------------------------ ------------------ 2023-3-20 - Mar 20 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - fotg210-udc: Add missing completion handler (git-fixes). - commit 6b598ac - USB: fix memory leak with using debugfs_lookup() (git-fixes). - commit 4c4d5c0 - net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). - commit 146b5ac - ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504). - commit e7df378 - supported.conf: Remove duplicate entry. - commit 2c93f73 - IB/hfi1: Update RMT size calculation (git-fixes) - commit 46a7a1c - IB/hfi1: Assign npages earlier (git-fixes) - commit b6b4a13 - serial: qcom-geni: fix console shutdown hang (git-fixes). - serial: 8250_fsl: fix handle_irq locking (git-fixes). - serial: 8250_em: Fix UART port type (git-fixes). - interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes). - interconnect: fix mem leak when freeing nodes (git-fixes). - interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes). - firmware: xilinx: don't make a sleepable memory allocation from an atomic context (git-fixes). - fbdev: omapfb: cleanup inconsistent indentation (git-fixes). - hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: tmp512: drop of_match_ptr for ID table (git-fixes). - hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes). - hwmon: (ina3221) return prober error code (git-fixes). - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes). - hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes). - hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes). - media: m5mols: fix off-by-one loop termination error (git-fixes). - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes). - nfc: pn533: initialize struct pn533_out_arg properly (git-fixes). - mmc: sdhci_am654: lower power-on failed message severity (git-fixes). - ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes). - drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes). - drm/sun4i: fix missing component unbind on bind errors (git-fixes). - drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes). - drm/panfrost: Don't sync rpm suspension after mmu flushing (git-fixes). - drm/shmem-helper: Remove another errant put in error path (git-fixes). - clk: HI655X: select REGMAP instead of depending on it (git-fixes). - docs: Correct missing "d_" prefix for dentry_operations member d_weak_revalidate (git-fixes). - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git-fixes). - drm/connector: print max_requested_bpc in state debugfs (git-fixes). - drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes). - nfc: change order inside nfc_se_io error path (git-fixes). - regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes). - media: rc: gpio-ir-recv: add remove function (git-fixes). - media: ov5640: Fix analogue gain control (git-fixes). - PCI: Add SolidRun vendor ID (git-fixes). - drm/nouveau/kms/nv50-: remove unused functions (git-fixes). - regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git-fixes). - regulator: Flag uncontrollable regulators as always_on (git-fixes). - commit fc61e5c ++++ samba: - CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords in cleartext; (bso#15315); (bsc#1209481). - CVE-2023-0225: Samba AD DC "dnsHostname" attribute can be deleted by unprivileged authenticated users; (bso#15276); (bsc#1209483). - CVE-2023-0614: samba: Access controlled AD LDAP attributes can be discovered; (bso#15270); (bsc#1209485). ------------------------------------------------------------------ ------------------ 2023-3-18 - Mar 18 2023 ------------------- ------------------------------------------------------------------ ++++ mozilla-nss: - Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546) to update session->lastOpWasFIPS before destroying the key after derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE, CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases. - Update nss-fips-pct-pubkeys.patch (bsc#1207209) to remove some excess code. ------------------------------------------------------------------ ------------------ 2023-3-17 - Mar 17 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Delete patches.suse/drm-i915-Don-t-use-BAR-mappings-for-ring-buffers-wit.patch Resulted in an Oops / hang at boot (bsc#1209436) - commit 0da96b0 - hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848). - x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848). - commit c3dd9ac ++++ suseconnect-ng: - Update to version 1.1.0~git0.e3c41e60892e: * Bump to v1.1.0 ------------------------------------------------------------------ ------------------ 2023-3-16 - Mar 16 2023 ------------------- ------------------------------------------------------------------ ++++ conmon: - build against go 1.19 [bsc#1209307] ++++ kernel-default: - Update references in patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch (git-fixes bsc#1209291 CVE-2023-28328). - commit dc99e31 - Refresh patches.suse/drm-amd-display-fix-issues-with-driver-unload.patch. Fix build warning: .../amdgpu_dm/amdgpu_dm.c: In function 'amdgpu_dm_fini': .../amdgpu_dm/amdgpu_dm.c:1417:6: warning: unused variable 'i' [-Wunused-variable] int i; ^ - commit 25c8b43 - x86/msr: Remove .fixup usage (git-fixes). - kABI: x86/msr: Remove .fixup usage (kabi). - Refresh patches.suse/x86-futex-Remove-.fixup-usage.patch. - commit c013cdd - x86/fpu: Cache xfeature flags from CPUID (git-fixes). - commit b735f37 - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes). - x86: Annotate call_on_stack() (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - Refresh patches.suse/x86-sgx-set-active-memcg-prior-to-shmem-allocation.patch. - x86/kvm: Don't use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes). - x86: Annotate call_on_stack() (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - Refresh patches.suse/x86-sgx-set-active-memcg-prior-to-shmem-allocation.patch. - x86/kvm: Don't use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - commit cd115f3 - rpm/group-source-files.pl: Fix output difference when / is in location While previous attempt to fix group-source-files.pl in 6d651362c38 "rpm/group-source-files.pl: Deal with {pre,post}fixed / in location" breaks the infinite loop, it does not properly address the issue. Having prefixed and/or postfixed forward slash still result in different output. This commit changes the script to use the Perl core module File::Spec for proper path manipulation to give consistent output. - commit 4161bf9 ++++ sudo: - Fix CVE-2023-28486, sudo does not escape control characters in log messages, (CVE-2023-28486, bsc#1209362) * sudo-CVE-2023-28486.patch - Fix CVE-2023-28487, sudo does not escape control characters in sudoreplay output (CVE-2023-28487, bsc#1209361) ------------------------------------------------------------------ ------------------ 2023-3-15 - Mar 15 2023 ------------------- ------------------------------------------------------------------ ++++ python3-core: - Add bpo-44434-libgcc_s-for-pthread_cancel.patch which eliminates unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ++++ python3: - Add bpo-44434-libgcc_s-for-pthread_cancel.patch which eliminates unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ------------------------------------------------------------------ ------------------ 2023-3-14 - Mar 14 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492). - commit 23fd14b - Require suse-kernel-rpm-scriptlets at all times. The kernel packages call scriptlets for each stage, add the dependency to make it clear to libzypp that the scriptlets are required. There is no special dependency for posttrans, these scriptlets run when transactions are resolved. The plain dependency has to be used to support posttrans. - commit 56c4dbe - Replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments. - commit e356c9b - mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262). - commit ca9be2b - watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617). - commit 34bfa16 - blacklist.conf: Add cgroup locking optimizations be288169712f cgroup: reduce dependency on cgroup_mutex 671c11f0619e cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree - commit a274f6f - fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258). - commit 49f82de - blacklist.conf: Add 9360d035a579 panic: Separate sysctl logic from CONFIG_SMP - commit 70188a8 - blacklist.conf: Add 9df918698408 kernel/panic: move panic sysctls to its own file - commit 7099ede - prlimit: do_prlimit needs to have a speculation check (bsc#1209256). - commit 90a3f2f - blacklist.conf: this is very hard to explain. This patch stops a staging driver from doing something extremely stupid, but it is visible and not technically a fix - commit 55006f0 - blacklist.conf: Add c16bdeb5a39f rlimit: Fix RLIMIT_NPROC enforcement failure caused by capability calls in set_user And also reasoning dependency/guard 2863643fb8b9 ("set_user: add capability check when rlimit(RLIMIT_NPROC) exceeds") - commit 2a2c4f0 - blacklist.conf: this is very hard to explain. This patch stops a staging driver from doing something extremely stupid, but it is visible and not technically a fix - commit a35c342 - s390/kexec: fix ipl report address for kdump (bsc#1207529). - commit b51985a - rpm/kernel-obs-build.spec.in: Remove SLE11 cruft - commit 871eeb4 - rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159). - commit d31c746 - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). - commit 4b74bf5 - rds: rds_rm_zerocopy_callback() correct order for list_add_tail() (CVE-2023-1078 bsc#1208601). - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078 bsc#1208601). - commit b467b16 - blacklist.conf: add some X86 ARCHITECTURE git-fixes - commit 6e9c445 ++++ multipath-tools: - Update to version 0.9.0+114+suse.48792e7: * libmultipath: pathinfo: don't fail for devices lacking INQUIRY properties (gh#opensvc/multipath-tools#56) * libmpathpersist: use conf->timeout for updating persistent reservations (gh#opensvc/multipath-tools#45) * libmultipath: is_path_valid(): check if device is in use (bsc#1203141) (added libmount dependency) * libmultipath: orphan paths if coalesce_paths frees newmp (bsc#1207546) * multipathd: handle no active paths in update_map_pr (bsc#1207546) * multipathd: make pr registration consistent (bsc#1207546) * multipath.conf(5): improve documentation of dev_loss_tmo (bsc#1207546) * libmpathpersist: fix command keyword ordering (bsc#1207546, bsc#1209345) * libmultipath: fix 'show paths format' failure * Use "queue_mode bio" for NVMeoF/TCP devices * minor upstream bug fixes * man page fixes * hwtable fixes * github workflow adaptations from Factory / SLE15-SP5 ++++ suseconnect-ng: - Update to version 1.0.0~git23.406b219ccc9e: * Added MemTotal detection for HwInfo * move 'ExcludeArch' out of the if block ------------------------------------------------------------------ ------------------ 2023-3-13 - Mar 13 2023 ------------------- ------------------------------------------------------------------ ++++ curl: - Security fixes: * [bsc#1209209, CVE-2023-27533] TELNET option IAC injection Add curl-CVE-2023-27533-no-sscanf.patch curl-CVE-2023-27533.patch * [bsc#1209210, CVE-2023-27534] SFTP path ~ resolving discrepancy Add curl-CVE-2023-27534.patch * [bsc#1209211, CVE-2023-27535] FTP too eager connection reuse Add curl-CVE-2023-27535.patch * [bsc#1209212, CVE-2023-27536] GSS delegation too eager connection re-use Add curl-CVE-2023-27536.patch * [bsc#1209214, CVE-2023-27538] SSH connection too eager reuse still Add curl-CVE-2023-27538.patch ++++ kernel-default: - net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075 bsc#1208598). - commit 04f7ce9 - blacklist.conf: feature, not fix - commit 3b9cbfd - blacklist.conf: duplicate - commit 082c8b7 - Update patches.suse/hid-bigben_probe-validate-report-count.patch (bsc#1208605). Added bugzilla reference to fix already applied - commit 784a3b2 - scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes). - commit 1bde01c - signal: Implement force_fatal_sig (git-fixes). - blacklist.conf: remove it - commit fc01034 - bpf, x64: Factor out emission of REX byte in more cases (git-fixes). - blacklist.conf: remove it - commit 3ad465f - bpf: Fix extable address check (git-fixes). - bpf: Fix extable fixup offset (git-fixes). - x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes). - x86/sgx: Fix free page accounting (git-fixes). - signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes). - signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes). - commit 128d44a - wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext" (git-fixes). - tpm/eventlog: Don't abort tpm_read_log on faulty ACPI address (git-fixes). - commit c121561 - NFS: nfsiod should not block forever in mempool_alloc() (git-fixes). - commit 3938521 - KABI FIX FOR NFSv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - commit 3fe030b ++++ osinfo-db: - Update to database version 20230308 osinfo-db-20230308.tar.xz ++++ patterns-microos: - include libica based cryptographic acceleration for s/390x (jsc#SMO-208) - 5.4.0 ------------------------------------------------------------------ ------------------ 2023-3-12 - Mar 12 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ASoC: zl38060 add gpiolib dependency (git-fixes). - pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes). - phy: rockchip-typec: Fix unsigned comparison with less than zero (git-fixes). - PCI: Add ACS quirk for Wangxun NICs (git-fixes). - PCI: Take other bus devices into account when distributing resources (git-fixes). - PCI: Align extra resources for hotplug bridges properly (git-fixes). - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes). - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes). - tools/iio/iio_utils:fix memory leak (git-fixes). - mei: bus-fixup:upon error print return values of send and receive (git-fixes). - staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes). - serial: sc16is7xx: setup GPIO controller later in probe (git-fixes). - tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes). - tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes). - usb: uvc: Enumerate valid values for color matching (git-fixes). - USB: ene_usb6250: Allocate enough memory for full object (git-fixes). - usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes). - media: uvcvideo: Silence memcpy() run-time false positive warnings (git-fixes). - media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git-fixes). - media: uvcvideo: Handle errors from calls to usb_string (git-fixes). - media: uvcvideo: Handle cameras with invalid descriptors (git-fixes). - mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git-fixes). - firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes). - ASoC: zl38060: Remove spurious gpiolib select (git-fixes). - Bluetooth: hci_sock: purge socket queues in the destruct() callback (git-fixes). - commit 1135294 ------------------------------------------------------------------ ------------------ 2023-3-11 - Mar 11 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - kABI workaround for hid quirks (git-fixes). - commit 2ce6cac - HID: retain initial quirks set up when creating HID devices (git-fixes). - commit 0d98469 - PCI: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes). - kABI: PCI: dwc: Add dw_pcie_ops.host_deinit() callback (kabi). - commit ccb0b3a - thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes). - Refresh patches.suse/thermal-drivers-tsens-Sort-out-msm8976-vs-msm8956-da.patch. - commit 0c14aac - drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes). - drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes). - drm/msm/a5xx: fix context faults during ring switch (git-fixes). - drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes). - drm/msm/a5xx: fix highest bank bit for a530 (git-fixes). - drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git-fixes). - drm/msm: Fix potential invalid ptr free (git-fixes). - vfio/type1: restore locked_vm (git-fixes). - vfio/type1: track locked_vm per dma (git-fixes). - vfio/type1: prevent underflow of locked_vm via exec() (git-fixes). - tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes). - usb: gadget: configfs: Restrict symlink creation is UDC already binded (git-fixes). - usb: typec: intel_pmc_mux: Don't leak the ACPI device reference count (git-fixes). - wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git-fixes). - wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes). - wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes). - wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes). - wifi: mt7601u: fix an integer underflow (git-fixes). - wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (git-fixes). - wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes). - wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes). - thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes). - thermal: intel: Fix unsigned comparison with less than zero (git-fixes). - wifi: ath9k: use proper statements in conditionals (git-fixes). - tty: serial: imx: Handle RS485 DE signal active high (git-fixes). - usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes). - usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes). - usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes). - usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git-fixes). - commit 31f8312 - nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes). - drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes). - drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes). - media: i2c: imx219: Fix binning for RAW8 capture (git-fixes). - media: i2c: imx219: Split common registers from mode tables (git-fixes). - PCI: Avoid FLR for AMD FCH AHCI adapters (git-fixes). - firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git-fixes). - media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes). - drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm: amd: display: Fix memory leakage (git-fixes). - drm/radeon: free iio for atombios when driver shutdown (git-fixes). - drm/amd/display: Fix potential null-deref in dm_resume (git-fixes). - drm/edid: fix AVI infoframe aspect ratio handling (git-fixes). - drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes). - drm/omap: dsi: Fix excessive stack usage (git-fixes). - drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes). - hwmon: (coretemp) Simplify platform device handling (git-fixes). - HID: multitouch: Add quirks for flipped axes (git-fixes). - HID: logitech-hidpp: Don't restart communication if not necessary (git-fixes). - HID: Add Mapping for System Microphone Mute (git-fixes). - pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes). - spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes). - regulator: s5m8767: Bounds check id indexing into arrays (git-fixes). - regulator: max77802: Bounds check regulator id against opmode (git-fixes). - KEYS: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes). - drm/vc4: dpi: Add option for inverting pixel clock and output enable (git-fixes). - mt76: mt7915: fix polling firmware-own status (git-fixes). - media: uvcvideo: Fix memory leak of object map on error exit path (git-fixes). - pinctrl: mediatek: fix coding style (git-fixes). - media: uvcvideo: Check controls flags before accessing them (git-fixes). - media: uvcvideo: Use control names from framework (git-fixes). - media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes). - media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes). - media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes). - media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes). - commit af57661 - Documentation/hw-vuln: Document the interaction between IBRS and STIBP (git-fixes). - ALSA: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes). - dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes). - docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes). - ASoC: codecs: lpass: fix incorrect mclk rate (git-fixes). - ASoC: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes). - ASoC: soc-compress: Reposition and add pcm_mutex (git-fixes). - Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes). - ACPI: Don't build ACPICA with '-Os' (git-fixes). - ACPI: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes). - clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes). - arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes). - arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git-fixes). - arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git-fixes). - arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git-fixes). - arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes). - arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes). - arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git-fixes). - arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes). - ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git-fixes). - arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes). - arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes). - ACPI: resource: Add helper function acpi_dev_get_memory_resources() (git-fixes). - ath9k: htc: clean up statistics macros (git-fixes). - ath9k: hif_usb: simplify if-if to if-else (git-fixes). - ASoC: codecs: tx-macro: move to individual clks from bulk (git-fixes). - ASoC: codecs: rx-macro: move to individual clks from bulk (git-fixes). - ASoC: codecs: tx-macro: move clk provider to managed variants (git-fixes). - ASoC: codecs: rx-macro: move clk provider to managed variants (git-fixes). - arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes). - ASoC: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes). - ASoC: fsl_sai: Update to modern clocking terminology (git-fixes). - commit 8491e1c ------------------------------------------------------------------ ------------------ 2023-3-10 - Mar 10 2023 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 4.1.4 - Workaround for broken Tumbleweed package libfdisk1 ++++ drbd-utils: - bsc#1208922: fails to replace directory /lib/drbd with symlink * modify drbd-utils.spec to rename it in pretrans script ++++ kernel-default: - tap: tap_open(): correctly initialize socket uid (CVE-2023-1076 bsc#1208599). - tun: tun_chr_open(): correctly initialize socket uid (CVE-2023-1076 bsc#1208599). - net: add sock_init_data_uid() (CVE-2023-1076 bsc#1208599). - netfilter: nf_tables: fix null deref due to zeroed list head (CVE-2023-1095 bsc#1208777). - commit 1969911 - arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes) - commit 17b413e - crypto: arm64 - Fix unused variable compilation warnings of (git-fixes) - commit bedb569 - arm64: make is_ttbrX_addr() noinstr-safe (git-fixes) - commit 04f9814 - arm64: mm: kfence: only handle translation faults (git-fixes) - commit 53720ca - arm64: atomics: remove LL/SC trampolines (git-fixes) - commit abb3814 - arm64: dts: juno: Add missing MHU secure-irq (git-fixes) - commit 8ba9b76 - arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes) - commit 830c0c2 - arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes) - commit bf5800f - arm64: Treat ESR_ELx as a 64-bit register (git-fixes) - commit 2dadb72 - blacklist.conf: add some X86 git-fixes - commit 05ac891 - blacklist.conf: ("arm64: dts: ten64: remove redundant interrupt declaration for") - commit b0f32f5 ------------------------------------------------------------------ ------------------ 2023-3-9 - Mar 9 2023 ------------------- ------------------------------------------------------------------ ++++ cups: - 0001-cups-dests.c-cupsGetNamedDest-set-IPP_STATUS_ERROR_N.patch improves logging on 'IPP_STATUS_ERROR_NOT_FOUND' error that fixes bsc#1191467, bsc#1198932: "lpr reports 'No such file or directory' for missing catalogue files" "/usr/bin/lpr: No such file or directory" - after-network_target-sssd_service.patch is derived from https://github.com/apple/cups/issues/5550 with its https://github.com/apple/cups/commit/aaebca5660fdd7f7b6f30461f0788d91ef6e2fee and SUSE PTF:24471 cups.SUSE_SLE-15_Update cups-2.2.7-wait-for-network.patch to add "After=network.target sssd.service" to the systemd unit source files cupsd.service.in and cups.cups-lpdAT.service.in to fix bsc#1201234, bsc#1200321: "Missing network dependency in systemd unit for cups-2.2.7" "CUPS may not always start if sssd is in use" ++++ ignition: - Add `dasd_mod.dasd=autodetect` to kernel command line parameters (for Ignition device support on S/390) [boo#1207903] ++++ kernel-default: - Update patch reference for HID fixes (CVE-2023-25012 bsc#1207560) - commit ac09f05 - qede: avoid uninitialized entries in coal_entry array (bsc#1205846). - qede: fix interrupt coalescing configuration (bsc#1205846). - commit bcd42d6 - PCI/PTM: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes). - commit da09379 - PCI: qcom: Fix host-init error handling (git-fixes). - PCI: Unify delay handling for reset and resume (git-fixes). - PCI/PM: Always disable PTM for all devices during suspend (git-fixes). - PCI: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git-fixes). - PCI/PM: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git-fixes). - PCI: qcom: Fix pipe clock imbalance (git-fixes). - PCI: mediatek-gen3: Assert resets to ensure expected init state (git-fixes). - PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git-fixes). - PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes). - PCI: xgene: Revert "PCI: xgene: Use inbound resources for setup" (git-fixes). - PCI: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes). - PCI: Reduce warnings on possible RW1C corruption (git-fixes). - kABI: PCI: Reduce warnings on possible RW1C corruption (kabi). - Refresh patches.suse/0001-kABI-more-hooks-for-PCI-changes.patch. - PCI: aardvark: Fix link training (git-fixes). - Refresh patches.suse/PCI-aardvark-Fix-checking-for-link-up-via-LTSSM-stat.patch. - commit 3cab0bb - blacklist.conf: add some PCI git-fixes - commit 259b001 - platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git-fixes). - commit b403668 - NFSv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - NFSD: pass range end to vfs_fsync_range() instead of count (git-fixes). - nfsd: don't call nfsd_file_put from client states seqfile display (git-fixes). - NFSD: Finish converting the NFSv3 GETACL result encoder (git-fixes). - NFSD: Finish converting the NFSv2 GETACL result encoder (git-fixes). - nfs4: Fix kmemleak when allocate slot failed (git-fixes). - NFSv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - NFSv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). - SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes). - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - NFSv4: Fix a potential state reclaim deadlock (git-fixes). - NFSv4/pNFS: Always return layout stats on layout return for flexfiles (git-fixes). - NFSD: fix use-after-free on source server when doing inter-server copy (git-fixes). - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - NFSD: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes). - nfsd: Fix a memory leak in an error handling path (git-fixes). - NFSv4/pnfs: Fix a use-after-free bug in open (git-fixes). - NFSv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes). - NFSv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - NFSv4: Don't hold the layoutget locks across multiple RPC calls (git-fixes). - SUNRPC: Return true/false (not 1/0) from bool functions (git-fixes). - NFS: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes). - NFS: nfsiod should not block forever in mempool_alloc() (git-fixes). - commit 4c29b9b - blacklist.conf: fixes for bugs we don't have - commit afbbfc5 ------------------------------------------------------------------ ------------------ 2023-3-8 - Mar 8 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - malidp: Fix NULL vs IS_ERR() checking (bsc#1208843 CVE-2023-23004). - commit 87efba8 - Delete patches.suse/livepatch-define-a-macro-for-new-api-identification.patch. This definition was used by kgraft codestreams (SLE12-SP3), but the livepatch support for such codestreams has ended. - commit f5aeaad - Do not sign the vanilla kernel (bsc#1209008). - commit cee4d89 - blacklist.conf: false positive - commit 086f5da - nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633). - nvme-auth: don't use NVMe status codes (bsc#1202633). - nvme-auth: mark nvme_auth_wq static (bsc#1202633). - nvme-auth: use workqueue dedicated to authentication (bsc#1202633). - nvme-auth: fix smatch warning complaints (bsc#1202633). - nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633). - nvme-auth: remove redundant auth_work flush (bsc#1202633). - nvme-auth: convert dhchap_auth_list to an array (bsc#1202633). - nvme-auth: check chap ctrl_key once constructed (bsc#1202633). - nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633). - nvme-auth: remove redundant deallocations (bsc#1202633). - nvme-auth: clear sensitive info right after authentication completes (bsc#1202633). - nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633). - nvme-auth: don't keep long lived 4k dhchap buffer (bsc#1202633). - nvme-auth: remove redundant if statement (bsc#1202633). - nvme-auth: don't override ctrl keys before validation (bsc#1202633). - nvme-auth: don't ignore key generation failures when initializing ctrl keys (bsc#1202633). - nvme-auth: remove redundant buffer deallocations (bsc#1202633). - nvme-auth: don't re-authenticate if the controller is not LIVE (bsc#1202633). - nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633). - nvme-auth: rename authentication work elements (bsc#1202633). - nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633). - commit 67a47c5 - blacklist.conf: kABI, cosmetic - commit f03aa8f - Add cherry-picked id for nouveau patch - commit d18ab1d - VFS: filename_create(): fix incorrect intent (bsc#1197534). - commit a961e32 - KABI FIX FOR: NFSv4.1 query for fs_location attr on a new file system (Never, kabi). - commit f615f65 ++++ qemu: - Fix bsc#1180207 (CVE-2020-14394) * Patches added: hw-usb-hcd-xhci-Fix-unbounded-loop-in-xh.patch ++++ suseconnect-ng: - Update to version 1.0.0~git19.b225bc3: * Make keepalive on SUMA systems exit without error (bsc#1207876) * Update README.md * Add deactivate API to ruby bindings (bsc#1202705) ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#633 - Include openssl hmac for SLE Micro (bsc#1208981) - Include openssl hmac in SLE Micro installation images (bsc#1208981) - 16.57.26 ------------------------------------------------------------------ ------------------ 2023-3-7 - Mar 7 2023 ------------------- ------------------------------------------------------------------ ++++ gnutls: - FIPS: PBKDF2 additional requirements [bsc#1209001] * Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N) * Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1) * Set the minimum iterations count to 1000 (SP 800-132 sec 5.2) * Set the minimum passlen of 20 characters (SP SP800-132 sec 5) * Add regression tests for the new PBKDF2 requirements. * Add gnutls-FIPS-pbkdf2-additional-requirements.patch ++++ hwdata: - update to 0.368: * Update pci, usb and vendor ids ++++ kernel-default: - update internal module version number for cifs.ko (bsc#1193629). - commit c325c43 - drm/virtio: Fix NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776 CVE-2023-22998). - commit cd9c832 - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl "$HOME/group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - commit 6d65136 - media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes). - commit e70e8d4 - media: platform: ti: Add missing check for devm_regulator_get (git-fixes). - commit 08661ee - phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function (CVE-2023-23000 bsc#1208816). - commit 4632142 - Update patch reference for media fix (CVE-2023-1118 bsc#1208837) - commit 778b9f2 - media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes). - commit 2ff7792 - struct uvc_device move flush_status new member to end (git-fixes). - commit 8ba3f50 - media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes). - commit 9dd8ca0 - media: coda: Add check for kmalloc (git-fixes). - commit 8c98f78 - media: coda: Add check for dcoda_iram_alloc (git-fixes). - commit 705609f - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - Delete patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch. - commit 9b1b9b9 - blacklist.conf: cosmetic, not a bug fix - commit a1eb9b6 - net/ulp: use consistent error code when blocking ULP (CVE-2023-0461 bsc#1208787). - net/ulp: prevent ULP without clone op from entering the LISTEN status (CVE-2023-0461 bsc#1208787). - commit bad820e - KABI FIX FOR: NFSD: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - commit bd901a6 - KABI FIX FOR: NFS: Further optimisations for 'ls -l' (git-fixes). - commit 894aa13 - SUNRPC: Fix socket waits for write buffer space (git-fixes). - NFSv4: Protect the state recovery thread against direct reclaim (git-fixes). - NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes). - NFSD: Fix nfsd_breaker_owns_lease() return values (git-fixes). - NFSD: COMMIT operations must not return NFS?ERR_INVAL (git-fixes). - sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes). - net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes). - SUNRPC allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes). - NFSv4 handle port presence in fs_location server string (git-fixes). - NFSv4 expose nfs_parse_server_name function (git-fixes). - NFSv4.1 query for fs_location attr on a new file system (git-fixes). - NFSv4 store server support for fs_location attribute (git-fixes). - NFSv4 remove zero number of fs_locations entries error check (git-fixes). - NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes). - nfs: nfs4clinet: check the return value of kstrdup() (git-fixes). - NFSv4 only print the label when its queried (git-fixes). - NFSD: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes). - NFSD: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - NFS: Create a new nfs_alloc_fattr_with_label() function (git-fixes). - NFS: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes). - NFS: Don't allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes). - NFS: Further optimisations for 'ls -l' (git-fixes). - commit fc8bee1 - blacklist.conf: NFS updates - commit 424a052 ++++ openssl-1_1: FIPS: Service-level indicator [bsc#1208998] * Add additional check required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. * Add openssl-1_1-ossl-sli-008-pbkdf2-salt_pass_iteration.patch ++++ vim: - Updated to version 9.0 with patch level 1386, fixes the following security problems * Fixing bsc#1207780 - (CVE-2023-0512) VUL-0: CVE-2023-0512: vim: Divide By Zero in GitHub repository vim/vim prior to 9.0.1247 * Fixing bsc#1208957 - (CVE-2023-1175) VUL-0: CVE-2023-1175: vim: Incorrect Calculation of Buffer Size * Fixing bsc#1208959 - (CVE-2023-1170) VUL-0: CVE-2023-1170: vim: Heap-based Buffer Overflow in vim prior to 9.0.1376 * Fixing bsc#1208828 - (CVE-2023-1127) VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown() - for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 ------------------------------------------------------------------ ------------------ 2023-3-6 - Mar 6 2023 ------------------- ------------------------------------------------------------------ ++++ glibc: - amd-cacheinfo.patch: x86: Cache computation for AMD architecture (bsc#1207957) ++++ kernel-default: - selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232). - selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232). - selftests/powerpc: Move perror closer to its use (bsc#1206232). - commit cc3db6d - cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629). - commit 6b88ff8 - cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes). - commit 2d97db4 - cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629). - commit aef7d88 - cifs: match even the scope id for ipv6 addresses (bsc#1193629). - commit a3d06fc - cifs: update ip_addr for ses only for primary chan setup (bsc#1193629). - commit 9b0633d - cifs: use tcon allocation functions even for dummy tcon (git-fixes). - commit 4cb2b33 - cifs: use the least loaded channel for sending requests (bsc#1193629). - commit cfdb032 - smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629). - commit 8183847 - selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103). - selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103). - commit 11e08ba - cifs: get rid of dns resolve worker (bsc#1193629). - commit 2cb37b3 - cifs: Fix warning and UAF when destroy the MR list (git-fixes). - commit 5fa5f21 - cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes). - commit f517a17 - cifs: return a single-use cfid if we did not get a lease (bsc#1193629). - commit 90e06b0 - cifs: Check the lease context if we actually got a lease (bsc#1193629). - commit 8e90bef - cifs: Replace remaining 1-element arrays (bsc#1193629). - commit a459269 - cifs: Convert struct fealist away from 1-element array (bsc#1193629). - commit da04015 - cifs: fix mount on old smb servers (boo#1206935). - commit 1f96ba2 - cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629). - commit 54e33cf - cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629). - commit be0bd63 - cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629). - commit 0882d15 - cifs: don't try to use rdma offload on encrypted connections (bsc#1193629). - commit e4e0061 - cifs: split out smb3_use_rdma_offload() helper (bsc#1193629). - commit 04a4e24 - cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629). - commit 3e469a4 - cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629). - commit 406d57e - cifs: prevent data race in smb2_reconnect() (bsc#1193629). - commit 57b5cfd - cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629). - commit 1affc8c - cifs: print last update time for interface list (bsc#1193629). - commit 77e9288 - cifs: Replace zero-length arrays with flexible-array members (bsc#1193629). - commit ccb5ba6 - cifs: Use kstrtobool() instead of strtobool() (bsc#1193629). - commit 782ea60 - cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes). - commit 107b2e5 - cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes). - commit fe84ac1 - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - commit 152a069 - Refresh patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. - Refresh patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. Fix bug introduced by broken backport (bsc#1208628). - commit d902e3e - Move upstreamed i915 and media fixes into sorted section - commit f79acc7 - ocfs2: Fix data corruption after failed write (bsc#1208542). - commit 92f0180 - nvme-fabrics: show well known discovery name (bsc#1200054). - commit 0dc6ff3 - hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes). - commit cf78232 - ASoC: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes). - commit ef46bcf - ALSA: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes). - ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes). - ASoC: adau7118: don't disable regulators on device unbind (git-fixes). - watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes). - watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes). - watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes). - watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes). - vc_screen: don't clobber return value in vcs_read (git-fixes). - vc_screen: modify vcs_size() handling in vcs_read() (git-fixes). - wifi: ath11k: allow system suspend to survive ath11k (git-fixes). - vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes). - VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes). - tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes). - tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes). - tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes). - USB: serial: option: add support for VW/Skoda "Carstick LTE" (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes). - usb: max-3421: Fix setting of I/O pins (git-fixes). - usb: musb: mediatek: don't unregister something that wasn't registered (git-fixes). - USB: core: Don't hold device lock while reading the "descriptors" sysfs file (git-fixes). - usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes). - usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes). - wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes). - wifi: cfg80211: Fix use after free for wext (git-fixes). - wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes). - wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes). - wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes). - wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes). - wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes). - wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes). - wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes). - wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes). - wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes). - wifi: rtw89: Add missing check for alloc_workqueue (git-fixes). - wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes). - wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes). - wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes). - wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes). - wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes). - wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes). - wifi: iwlegacy: common: don't call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8723be: don't call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8188ee: don't call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8821ae: don't call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes). - commit 795b424 - thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes). - thermal: intel: quark_dts: fix error pointer dereference (git-fixes). - rtc: allow rtc_read_alarm without read_alarm callback (git-fixes). - rtc: pm8xxx: fix set-alarm race (git-fixes). - rtc: sun6i: Always export the internal oscillator (git-fixes). - spi: tegra210-quad: Fix validate combined sequence (git-fixes). - nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes). - remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes). - remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes). - mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes). - mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes). - mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes). - mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes). - mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes). - mtd: spi-nor: core: fix implicit declaration warning (git-fixes). - mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes). - mtd: dataflash: remove duplicate SPI ID table (git-fixes). - soundwire: cadence: Don't overflow the command FIFOs (git-fixes). - phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes). - PCI: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes). - PCI: Fix dropping valid root bus resources with .end = zero (git-fixes). - PCI/PM: Observe reset delay irrespective of bridge_d3 (git-fixes). - PCI/IOV: Enlarge virtfn sysfs name buffer (git-fixes). - PCI: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes). - serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes). - serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes). - tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes). - printf: fix errname.c list (git-fixes). - pinctrl: mediatek: Initialize variable *buf to zero (git-fixes). - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes). - pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes). - pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes). - spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes). - spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes). - sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes). - thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes). - thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes). - thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes). - thermal/drivers/tsens: fix slope values for msm8939 (git-fixes). - thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes). - thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes). - net/rose: Fix to not accept on connected socket (git-fixes). - platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes). - platform/x86: amd-pmc: Correct usage of SMU version (git-fixes). - selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes). - platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes). - platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes). - commit 14a6c6a - media: saa7134: Use video_unregister_device for radio_dev (git-fixes). - media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes). - media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes). - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes). - media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes). - media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes). - media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes). - media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes). - media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes). - media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes). - media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes). - Input: iqs626a - drop unused device node references (git-fixes). - Input: ads7846 - don't check penirq immediately for 7845 (git-fixes). - Input: ads7846 - always set last command to PWRDOWN (git-fixes). - Input: ads7846 - don't report pressure for ads7845 (git-fixes). - Input: iqs269a - configure device with a single block write (git-fixes). - Input: iqs269a - increase interrupt handler return delay (git-fixes). - Input: iqs269a - drop unused device node references (git-fixes). - i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes). - iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes). - misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes). - misc: enclosure: Fix doc for enclosure_find() (git-fixes). - lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes). - leds: led-core: Fix refcount leak in of_led_get() (git-fixes). - mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes). - mfd: cs5535: Don't build on UML (git-fixes). - gpu: host1x: Don't skip assigning syncpoints to channels (git-fixes). - gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes). - hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes). - hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes). - hwmon: (ftsteutates) Fix scaling of measurements (git-fixes). - Revert "HID: logitech-hidpp: add a module parameter to keep firmware gestures" (git-fixes). - hid: bigben_probe(): validate report count (git-fixes). - HID: bigben: use spinlock to safely schedule workers (git-fixes). - HID: bigben_worker() remove unneeded check on report_field (git-fixes). - HID: bigben: use spinlock to protect concurrent accesses (git-fixes). - HID: asus: use spinlock to safely schedule workers (git-fixes). - HID: asus: use spinlock to protect concurrent accesses (git-fixes). - gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes). - lib/mpi: Fix buffer overrun when SG is too long (git-fixes). - leds: led-class: Add missing put_device() to led_put() (git-fixes). - mmc: jz4740: Work around bug on JZ4760(B) (git-fixes). - mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes). - mmc: sdio: fix possible resource leaks in some error paths (git-fixes). - HID: core: Fix deadloop in hid_apply_multiplier (git-fixes). - HID: elecom: add support for TrackBall 056E:011C (git-fixes). - staging: mt7621-dts: change palmbus address to lower case (git-fixes). - commit ed4a4d9 - drm/i915: Don't use BAR mappings for ring buffers with LLC (git-fixes). - dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes). - dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes). - dt-bindings: power: supply: pm8941-coincell: Don't require charging properties (git-fixes). - firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes). - firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes). - eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes). - dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes). - drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes). - drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes). - drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes). - drm/msm/mdp5: Add check for kzalloc (git-fixes). - drm/msm/dpu: Add check for pstates (git-fixes). - drm/msm/dpu: Add check for cstate (git-fixes). - drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes). - drm/msm: use strscpy instead of strncpy (git-fixes). - drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes). - dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes). - drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes). - drm/msm/gem: Add check for kmalloc (git-fixes). - drm/msm: clean event_thread->worker in case of an error (git-fixes). - drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes). - drm/mediatek: Clean dangling pointer on bind error path (git-fixes). - drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes). - drm/mediatek: Drop unbalanced obj unref (git-fixes). - drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes). - drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes). - drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes). - drm/bridge: lt9611: pass a pointer to the of node (git-fixes). - drm/bridge: lt9611: fix clock calculation (git-fixes). - drm/bridge: lt9611: fix programming of video modes (git-fixes). - drm/bridge: lt9611: fix polarity programming (git-fixes). - drm/bridge: lt9611: fix HPD reenablement (git-fixes). - drm/bridge: lt9611: fix sleep mode setup (git-fixes). - drm/vc4: hdmi: Correct interlaced timings again (git-fixes). - drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes). - drm/vc4: hvs: Set AXI panic modes (git-fixes). - drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes). - drm: tidss: Fix pixel format definition (git-fixes). - drm/bridge: lt8912b: Add hot plug detection (git-fixes). - drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes). - drm/vkms: Fix memory leak in vkms_init() (git-fixes). - drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes). - drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes). - gpio: vf610: connect GPIO label to dev name (git-fixes). - dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes). - dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes). - commit 3467b1b - auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes). - Documentation: simplify and clarify DCO contribution example language (git-fixes). - clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes). - clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes). - clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes). - clk: imx: avoid memory leak (git-fixes). - clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes). - clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes). - clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes). - dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes). - dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes). - dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes). - dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes). - dmaengine: dw-edma: Drop chancnt initialization (git-fixes). - dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes). - dmaengine: dw-edma: Don't permit non-inc interleaved xfers (git-fixes). - dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes). - driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes). - drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes). - drivers: base: transport_class: fix possible memory leak (git-fixes). - driver core: fix resource leak in device_add() (git-fixes). - driver core: fix potential null-ptr-deref in device_add() (git-fixes). - comedi: use menuconfig for main Comedi menu (git-fixes). - Revert "char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol" (git-fixes). - backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes). - docs: gdbmacros: print newest record (git-fixes). - drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes). - drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes). - drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes). - audit: update the mailing list in MAINTAINERS (git-fixes). - docs: ftrace: fix a issue with duplicated subtitle number (git-fixes). - ASoC: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes). - ASoC: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes). - ASoC: dt-bindings: meson: fix gx-card codec node regex (git-fixes). - ASoC: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes). - ASoC: rsnd: fixup #endif position (git-fixes). - Bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes). - Bluetooth: L2CAP: Fix potential user-after-free (git-fixes). - crypto: crypto4xx - Call dma_unmap_page when done (git-fixes). - crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes). - crypto: qat - fix out-of-bounds read (git-fixes). - Revert "crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete" (git-fixes). - crypto: xts - Handle EBUSY correctly (git-fixes). - crypto: seqiv - Handle EBUSY correctly (git-fixes). - crypto: essiv - Handle EBUSY correctly (git-fixes). - crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes). - crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes). - crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). - drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes). - drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes). - drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes). - clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes). - clk: mxl: Fix a clk entry by adding relevant flags (git-fixes). - clk: mxl: Add option to override gate clks (git-fixes). - clk: mxl: Remove redundant spinlocks (git-fixes). - clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes). - drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes). - commit d5e5686 - ARM: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes). - ARM: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes). - ARM: dts: exynos: correct TMU phandle in Odroid XU (git-fixes). - ARM: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes). - ARM: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes). - ARM: dts: exynos: correct TMU phandle in Exynos4 (git-fixes). - ARM: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes). - applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). - arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes). - ASoC: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes). - ASoC: mchp-spdifrx: fix controls which rely on rsr register (git-fixes). - ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes). - ALSA: hda/ca0132: minor fix for allocation size (git-fixes). - ACPI: battery: Fix missing NUL-termination with large strings (git-fixes). - ACPICA: nsrepair: handle cases without a return value correctly (git-fixes). - ACPICA: Drop port I/O validation for some regions (git-fixes). - ARM: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes). - arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes). - arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes). - arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes). - arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes). - arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes). - arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes). - arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes). - arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes). - arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes). - arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes). - ARM: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes). - ARM: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes). - ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes). - ARM: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes). - arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes). - arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes). - arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes). - arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes). - arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes). - arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes). - ARM: bcm2835_defconfig: Enable the framebuffer (git-fixes). - ARM: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes). - ARM: imx: Call ida_simple_remove() for ida_simple_get (git-fixes). - ARM: s3c: fix s3c64xx_set_timer_source prototype (git-fixes). - ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes). - ARM: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes). - ALSA: hda/realtek - fixed wrong gpio assigned (git-fixes). - ALSA: hda/conexant: add a new hda codec SN6180 (git-fixes). - ACPI: NFIT: fix a potential deadlock during NFIT teardown (git-fixes). - ARM: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes). - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes). - ASoC: rt715-sdca: fix clock stop prepare timeout issue (git-fixes). - ASoC: cs42l56: fix DT probe (git-fixes). - ASoC: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes). - ASoC: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes). - ALSA: hda: Do not unset preset when cleaning up codec (git-fixes). - ACPI / x86: Add support for LPS0 callback handler (git-fixes). - commit b514cae - Refresh patches.suse/ipmi-ssif-Add-a-timer-between-request-retries.patch. - Refresh patches.suse/ipmi-ssif-Remove-rtc_us_timer.patch. - Refresh patches.suse/ipmi-ssif-resend_msg-cannot-fail.patch. - Refresh patches.suse/ipmi_ssif-Rename-idle-state-and-check.patch. - commit 39421c5 - KABI fix for: NFSv3: handle out-of-order write replies (bsc#1205544). - commit 931f6bd - NFSv3: handle out-of-order write replies (bsc#1205544). - commit 96398e7 ++++ libgcrypt: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] * Add libgcrypt-FIPS-ECC-PCT-Add-transition-to-error.patch - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] * Add libgcrypt-FIPS-ECC-disallow-skip-test.patch ++++ sudo: - sudo-dont-enable-read-after-pty_finish.patch * bsc#1203201 * Do not re-enable the reader when flushing the buffers as part of pty_finish(). * While sudo-observe-SIGCHLD patch applied earlier prevents a race condition from happening, this fixes a related buffer hang. ------------------------------------------------------------------ ------------------ 2023-3-4 - Mar 4 2023 ------------------- ------------------------------------------------------------------ ++++ libgcrypt: - FIPS: PBKDF2: Add additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf fips indicator in _gcry_fips_indicator_kdf() [bsc#1208926] * Add libgcrypt-FIPS-pkdf2-Additional-checks.patch ------------------------------------------------------------------ ------------------ 2023-3-3 - Mar 3 2023 ------------------- ------------------------------------------------------------------ ++++ grub2: - Make grub more robust against storage race condition causing system boot failures (bsc#1189036) * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch ++++ kernel-default: - locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270). - commit 87b3e0b - locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270). - commit c4762ff - locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270). - commit 61aa9bc - locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270). - commit 164c146 - locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270). - commit 05a6130 - locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270). - commit 2d3049a - locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270). - commit 6c03884 - locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270). - commit 7ef94ea - locking: Add missing __sched attributes (bsc#1207270). - commit 241a50d - locking/rwsem: Make handoff bit handling more consistent (bsc#1207270). - commit 68640da ++++ libX11: - U_Don-t-try-to-destroy-NULL-condition-variables.patch * fixes regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881) ------------------------------------------------------------------ ------------------ 2023-3-2 - Mar 2 2023 ------------------- ------------------------------------------------------------------ ++++ bcache-tools: - bcache-tools: improve is_zoned_device() (bsc#1208425) 0029-bcache-tools-improve-is_zoned_device.patch ++++ cups: - cups-branch-2.2-commit-876fdc1c90a885a58644c8757bc1283c9fd5bcb7.diff is https://github.com/OpenPrinting/cups/commit/876fdc1c90a885a58644c8757bc1283c9fd5bcb7 which belongs to https://github.com/OpenPrinting/cups/issues/308 that fixes bsc#1191525, bsc#1203446: "Print jobs on cups.sock return with EAGAIN (Resource temporarily unavailable)" "/usr/bin/lpr: Error - The printer or class does not exist." ++++ dracut: - Update to version 055+suse.335.gccf7fbc6: * feat(lvm): always include all drivers that LVM can use (bsc#1206195) * fix(dracut.spec): require libopenssl1_1-hmac for dracut-fips (bsc#1206439) ++++ kernel-default: - wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes). - commit 4c1ac5d ++++ mozilla-nss: - Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546). ++++ qemu: - Fix: bsc#1185000, CVE-2021-3507 * Patches added: hw-block-fdc-Prevent-end-of-track-overru.patch ------------------------------------------------------------------ ------------------ 2023-3-1 - Mar 1 2023 ------------------- ------------------------------------------------------------------ ++++ containerd: - Re-build containerd to use updated golang-packaging. jsc#1342 ++++ gnutls: - libgnutls: Increase the limit of TLS PSK usernames from 128 to 65535 characters. [bsc#1208237, jsc#PED-1562] * Upstream: https://gitlab.com/gnutls/gnutls/commit/f032324a * Add gnutls-increase-TLS-PSK-username-limit.patch ++++ kernel-default: - blacklist.conf: Add oops_limit accretion disk - commit b22c6d0 - powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612). - commit c4cafd6 - platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420). - commit 30beac0 - IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes) - commit adff7f2 - IB/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes) - commit 3bdf9ca - RDMA/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes) - commit 878e0eb - iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes) - commit d90e67e - RDMA/irdma: Cap MSIX used to online CPUs + 1 (git-fixes) - commit 05d982b - RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes) - commit 7eb2c03 - RDMA/siw: Fix user page pinning accounting (git-fixes) - commit d72f1f4 ++++ libmicrohttpd: - Apply patch for bsc#1208745 CVE-2023-27371 fix parser bug that could be used to crash servers using the MHD_PostProcessor * fix-parser-bug-MHD_PostProcessor.patch ++++ python3-core: - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329, bsc#1208471) blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters ++++ python3: - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329, bsc#1208471) blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters ------------------------------------------------------------------ ------------------ 2023-2-28 - Feb 28 2023 ------------------- ------------------------------------------------------------------ ++++ glibc: - gmon-hash-table-size.patch: gmon: Fix allocated buffer overflow (CVE-2023-0687, bsc#1207975, BZ #29444) ++++ kernel-default: - fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759). - commit 91990ec - usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes). - commit 4549b2e - Update patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch (bsc#1208741 CVE-2023-22995). Added CVE reference for fix already present - commit 3d3f080 - net: mpls: fix stale pointer if allocation fails during device rename (bsc#1208700 CVE-2023-26545). - commit 7ee1e3a - RDMA/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes) - commit 364a0c0 - RDMA/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes) - commit 4c3dcae ++++ mozilla-nss: - Add nss-fips-pct-pubkeys.patch (bsc#1207209) for pairwise consistency checks. Thanks to Martin for the DHKey parts. ++++ systemd: - Import commit dad0071f15341be2b24c2c9d073e62617e0b46733 (merge of v249.16) - Fix return non-zero value when disabling SysVinit service (bsc#1208432) ++++ sudo: - Added sudo-no-double-free.patch * bsc#1208595, CVE-2023-27320 * Fix a situation where per-command chroot sudoers rules can cause a double-free. ------------------------------------------------------------------ ------------------ 2023-2-27 - Feb 27 2023 ------------------- ------------------------------------------------------------------ ++++ gnutls: - FIPS: Fix pct_test() return code in case of error [bsc#1207183] * Rebase with the upstream version: gnutls-FIPS-PCT-DH.patch ++++ ignition: - Update to version 2.15.0: * Features * Support offline Tang provisioning via pre-shared advertisement (3.4.0) * Allow enabling discard passthrough on LUKS devices (3.4.0) * Allow specifying arbitrary LUKS open options (3.4.0) * Ship aarch64 macOS ignition-validate binary in GitHub release artifacts * Changes * Mark the 3.4.0 config spec as stable * No longer accept configs with version 3.4.0-experimental * Create new 3.5.0-experimental config spec from 3.4.0 * Fail if files/links/dirs conflict with systemd units or dropins * Warn if template for enabled systemd instance unit has no Install section * Warn if filesystem overwrites partitioned disk * Warn if wipeTable overwrites a filesystem that would otherwise be reused * Warn if user/group specified for hard link * Install ignition-apply in /usr/libexec * Allow distros to add Ignition command-line arguments from a unit drop-in * Convert NEWS to Markdown and move to docs site * Require Go 1.18+ * Bug fixes * Don't overwrite LUKS1 volume when storage.luks.wipeVolume is false * Request network when custom Clevis config has needsNetwork set * Fix creating LUKS volume with custom Clevis config that uses TPM2 * Avoid logging spurious error when a LUKS volume wasn't previously formatted * Fix version string in ignition-validate release container * Fix reproducibility of systemd preset file in ignition-apply output * Document that user/group fields aren't applied to hard links * Clarify spec docs for files/directories/links group fields - Modified 0002-allow-multiple-mounts-of-same-device.patch to add new Ignition spec version - Add 0001-ignore-missing-qemu-blockdev.patch [bsc#1207679] to support booting without configuration device on s390x. - Move all /usr/libexec contents to %sbindir ++++ kernel-default: - iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes). - commit 944a8e8 - Avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529). - commit 9236175 - x86/mm: Randomize per-cpu entry area (bsc#1207845 CVE-2023-0597). - commit 3959431 ++++ libcontainers-common: - Add registry.suse.com to the unqualified-search-registries ++++ makedumpfile: - fix wrong free issue in init_xen_crash_info (bsc#1201209) ++++ podman: - Add patch to let quadlet use the default runtime Added patch: * Quadlet-use-the-default-runtime.patch => Remove dependency on crun ++++ salt: - Fix problem with detecting PTF packages (bsc#1208691) - Added: * skip-package-names-without-colon-bsc-1208691-578.patch ++++ samba: - Prevent use after free of messaging_ctdb_fde_ev structs; (bso#15293); (bsc#1207416). ------------------------------------------------------------------ ------------------ 2023-2-25 - Feb 25 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - [xen] fix "direction" argument of iov_iter_kvec() (git-fixes). - commit defee4c ------------------------------------------------------------------ ------------------ 2023-2-24 - Feb 24 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes). - commit fca2519 - x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). - commit d392a17 - x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). - commit cd8f1e2 - blacklist.conf: add "xen/netback: don't call kfree_skb() under spin_lock_irqsave()" - commit 49e8a38 - xen-netfront: Fix NULL sring after live migration (git-fixes). - commit 81410eb - xen/netback: fix build warning (git-fixes). - Refresh patches.suse/xen-netback-Ensure-protocol-headers-don-t-fall-in-th.patch. - commit 18cf292 - xen/platform-pci: add missing free_irq() in error path (git-fixes). - commit 1274346 - xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes). - commit e6b17f1 - xen/netback: do some code cleanup (git-fixes). - Refresh patches.suse/xen-netback-don-t-call-kfree_skb-with-interrupts-dis.patch. - commit ea1b704 - xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes). - commit 264c043 ++++ podman: - Update to version 4.4.2: * Bump to v4.4.2 * Release notes for v4.4.2 * Revert "CI: Temporarily disable all AWS EC2-based tasks" * kube play: only enforce passthrough in Quadlet * Emergency fix for man pages: check for broken includes * CI: Temporarily disable all AWS EC2-based tasks * quadlet system tests: add useful defaults, logging * volume,container: chroot to source before exporting content * install sigproxy before start/attach * Update to c/image 5.24.1 * events + container inspect test: RHEL fixes * Bump to v4.4.2-dev - Remove patches (merged upstream): * volume-container-chroot-to-source-before-exporting-content.patch - podman.spec: add `crun` requirement for quadlet (https://github.com/containers/podman/pull/17601) ++++ sudo: - Added sudo-no-passwd-for-nonexisting-cmd.patch * bsc#1206772 * If NOPASSWD is specified, don't ask for password if command is not found. ------------------------------------------------------------------ ------------------ 2023-2-23 - Feb 23 2023 ------------------- ------------------------------------------------------------------ ++++ glibc: - strncmp-avx2-boundary.patch: Fix avx2 strncmp offset compare condition check (bsc#1208358, BZ #25933) ++++ kdump: - run kdump.service only after kdump-early.service (bsc#1196335) - don't skip infiniband interfaces (bsc#1186745) (not a complete fix, requires a patch in dracut as well) ++++ kernel-default: - xfs: convert ptag flags to unsigned (git-fixes). - commit a339957 - xfs: don't leak btree cursor when insrec fails after a split (git-fixes). - commit fb35824 - xfs: don't assert fail on perag references on teardown (git-fixes). - commit d42b263 - xfs: zero inode fork buffer at allocation (git-fixes). - commit e8b3335 - block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). - commit 9308710 - scsi: lpfc: Copyright updates for 14.2.0.10 patches (bsc#1208607). - scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607). - scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607). - scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607). - scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607). - scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607). - scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534). - scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607). - scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607). - scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607). - scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607). - scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607). - commit eecdcbc ++++ kexec-tools: - kexec-tools-ppc64-remove-rma_top-limit.patch: remove ram_top restriction (bsc#1203410) - kexec-bootloader: Add -a argument to load using kexec_load_file() when available (boo#1202820). ++++ libnvme: - Switch from quilt based to git based maintenance * remove 0001-fabrics-Lower-log-level-in-__nvmf_add_ctrl.patch * remove 0002-fabrics-Remove-double-connection-error-logging.patch * remove 0003-fabrics-Introduce-connection-connect-error-mapping.patch * remove 0004-libnvme-Export-nvme_ctrl_get_config.patch * remove 0005-tree-Factor-lookup-code-for-controller.patch * remove 0006-fabrics-Consider-config-from-file-when-adding-new-co.patch * remove 0007-python-add-missing-ctrl-attrs-to-Python-bindings.patch * remove 0008-libnvme-accessors-for-dhchap_key-variables.patch * remove 0009-fabrics-Update-controller-authentication-in-nvmf_add.patch * remove 0010-json-fixup-dhchap_ctrl_key-definitions.patch * remove 0011-tree-rename-controller-dhchap_key-to-dhchap_ctrl_key.patch * remove 0012-Parse-dhchap_host_key-on-controller-level.patch * remove 0013-json-schema-add-dhchap_key-details-to-host-section.patch * remove 0014-nvme-tree-avoid-segfault-if-auth-keys-are-unavailabl.patch * remove 0015-fabrics-restructrure-nvmf_get_discovery_log.patch * remove 0016-tree-simplifiy-nvme_subsystem_lookup_namespace.patch * remove 0017-tree-make-nvme_subsystem_scan_namespace-idempotent.patch * remove 0018-tree-make-nvme_ctrl_scan_namespace-idempotent.patch * remove 0019-Fix-llx-lx-build-warnings-on-powerpc.patch * remove 0020-fabrics-sanitize-dump-config-output.patch * remove 0021-fabrics-Fix-build_options-return-values.patch * remove 0022-fabrics-Duplicate-strings-when-merging-configs.patch * remove 0023-libnvme.map-add-nvme_ctrl_is_persistent.patch * remove 0024-libnvme.map-export-nvme_ctrl_-get-set-_dhchap_host_k.patch - Always sanitize traddr and trsvcid entries (bsc#1207435) * fabrics: Always sanitize discovery log entries * util: Add ECONNECTREFUSED to enum nvme_connect_err - Print controller name for dis/connect command (git-fixes) * fabrics: Add nqn to connect/disconnect log entry - Allow tracking unique discover controllers (bsc#1186689) * tree: Add unique discovery controller flag - Build documentation because shipped version is outdate ++++ nvme-cli: - Switch from quilt based to git based maintenance * remove 0001-fabrics-Already-connected-uses-a-different-error-cod.patch * remove 0002-fabrics-skip-connect-if-the-transport-types-don-t-ma.patch * remove 0003-nvme-print-Show-paths-from-the-first-namespace-only.patch * remove 0004-nvme-print-Show-ANA-state-only-for-one-namespace.patch * remove 0005-fabrics-Honor-config-file-for-connect-all.patch * remove 0006-fabrics-Remove-dhchap-ctrl-secret-from-discover-conn.patch * remove 0007-fabrics-error-message-for-nvme-discover-connect-all-.patch * remove 0008-fabrics-avoid-segfault-when-nvme-discover-fails-with.patch * remove 0009-fabrics-avoid-segfault-if-transport-type-is-omitted.patch * remove 0010-nvme-Return-status-error-code-for-effects-log-comman.patch * remove 0011-nvme-fix-nvme-get-feature-with-H-option.patch * remove 0012-fabrics-Avoid-nvme_scan_ctrl-when-disconnecting.patch * remove 0013-nvme-Do-not-print-error-message-in-collect_effects_l.patch * remove 0014-nvme-print-Handle-NULL-hostid-in-JSON-output.patch * remove 0015-nvme-print-sanitize-the-get-feature-async-event-conf.patch * remove 0016-fabrics-nvme-config-modify-depends-on-n-and-t-argume.patch * remove 0017-fabrics-Honor-JSON-config-file-in-connect-all-comman.patch * remove 0018-fabrics-Trigger-auto-connect-if-config.json-exists.patch * remove 0019-nvme-Add-show-topology-command.patch * remove 0020-doc-Add-nvme-show-topology-documnetation.patch * remove 0021-completions-Add-show-topology-tab-completion.patch * remove 0022-fabrics-fix-persistent-handling-during-connect-all-w.patch * remove 0100-harden_nvmf-connect@.service.patch - Sanitize traddr and trsvcid avoid buffer overrun (bsc#1207435) * json_discovery_log: avoid buffer overrun - Extend udev rule to pass --host-interface argument to nvme-cli (bsc#1208001) * udev: Add HOST_IFACE to udev rule - Build documentation to be up to date - Fix build warning (git-fixes) * fabrics: 'e->traddr' is static - Improvements for supported-log-pages (bsc#1209550) * nvme-doc: update man page for supported-log-pages * nvme-print: sanitize supported-log-pages output - Fix read command (bsc#1209564) * nvme: fix block count and data size logic - Fix mounting filesystems via fstab (bsc#1208075) * fabrics: Fix ordering for auto connect services ++++ salt: - Fixes pkg.version_cmp on openEuler systems and a few other OS flavors - Make pkg.remove function from zypperpkg module to handle also PTF packages - Added: * 3004-implement-zypper-removeptf-574.patch * fixes-pkg.version_cmp-on-openeuler-systems-and-a-few.patch ------------------------------------------------------------------ ------------------ 2023-2-22 - Feb 22 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). - scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). - scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). - scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). - scsi: qla2xxx: Fix printk() format string (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). - scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). - scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). - scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). - scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). - scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). - scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). - scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). - scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). - scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). - scsi: qla2xxx: Fix erroneous link down (bsc#1208570). - scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). - scsi: qla2xxx: Fix stalled login (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). - scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). - scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). - scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). - commit e9e64c0 - hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes). - x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes). - PCI: hv: update comment in x86 specific hv_arch_irq_unmask (git-fixes). - hv: fix comment typo in vmbus_channel/low_latency (git-fixes). - commit e18f1a9 - drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes). - commit 43b143c - drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes). - commit 6cc703f - powercap: fix possible name leak in powercap_register_zone() (git-fixes). - commit d3806fa - usb: dwc3: qcom: suppress unused-variable warning (git-fixes). - commit f901e29 ++++ python3-core: - Add bpo27321-email-no-replace-header.patch to stop email.generator.py from replacing a non-existent header (bsc#1208443, gh#python/cpython#71508). ++++ libxslt: - Security Fix: [bsc#1208574, CVE-2021-30560] * Use after free in Blink XSLT * Add libxslt-CVE-2021-30560.patch ++++ python3: - Add bpo27321-email-no-replace-header.patch to stop email.generator.py from replacing a non-existent header (bsc#1208443, gh#python/cpython#71508). ++++ qemu: - Fixes bsc#1205808 (CVE-2022-4144), bsc#1203788 (CVE-2022-3165), bsc#1197653 (CVE-2022-1050) * Patches added: hw-display-qxl-Assert-memory-slot-fits-i.patch hw-display-qxl-Avoid-buffer-overrun-in-q.patch hw-display-qxl-Document-qxl_phys2virt.patch hw-display-qxl-Have-qxl_log_command-Retu.patch hw-display-qxl-Pass-requested-buffer-siz.patch ui-vnc-clipboard-fix-integer-underflow-i.patch hw-pvrdma-Protect-against-buggy-or-malic.patch ------------------------------------------------------------------ ------------------ 2023-2-21 - Feb 21 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: false positive - commit b59e5d1 - usb: musb: Add and use inline function musb_otg_state_string (git-fixes). - commit cd1604d - usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes). - commit 4523590 - usb: musb: remove schedule work called after flush (git-fixes). - commit f3d8faf - usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes). - commit b3d3528 - usb: dwc3: qcom: clean up icc init (git-fixes). - commit 88d9416 - usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes). - commit b64ea4c - usb: dwc3: qcom: clean up suspend callbacks (git-fixes). - commit 2e3d004 - usb: dwc3: qcom: fix wakeup implementation (git-fixes). - Refresh patches.suse/usb-dwc3-core-leave-default-DMA-if-the-controller-do.patch. - commit 9b6a3e2 - Revert "usb: dwc3: qcom: Keep power domain on to retain controller status" (git-fixes). - commit 2174f55 - usb: dwc3: core: Host wake up support from system suspend (git-fixes). - Refresh patches.suse/usb-dwc3-core-leave-default-DMA-if-the-controller-do.patch. - commit f82f88f - usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes). - commit dc0c872 - usb: dwc3: qcom: fix gadget-only builds (git-fixes). - commit d9b764b - vmxnet3: move rss code block under eop descriptor (bsc#1208212). - commit 4cd8f2e - usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes). - commit f6409bd - usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes). - Refresh patches.suse/usb-dwc3-qcom-fix-runtime-PM-wakeup.patch. - Refresh patches.suse/usb-dwc3-qcom-fix-use-after-free-on-runtime-PM-wakeu.patch. - commit a8bd7ad - blacklist.conf: kABI - commit b99a3c8 - s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes). - commit 4a4e22d ++++ podman: - podman.spec: set PREFIX at build stage (boo#1208510) ++++ qemu: - Fix bsc#1206527 * Patches added: s390x-tod-kvm-don-t-save-restore-the-TOD.patch ------------------------------------------------------------------ ------------------ 2023-2-20 - Feb 20 2023 ------------------- ------------------------------------------------------------------ ++++ cockpit: - Leap 15 doesn't have setroubleshoot-server ++++ kernel-default: - blacklist.conf: ("ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer") - commit 5089b86 - ARM: renumber bits related to _TIF_WORK_MASK (git-fixes) - commit c91243e - blacklist.conf: ("ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation") - commit 400cab3 - blacklist.conf: ("ARM: at91: pm: avoid soft resetting AC DLL") - commit 6bcebc9 - blacklist.conf: ("ARM: dts: at91: sama7g5: fix signal name of pin PB2") - commit 919e157 - ARM: dts: am5748: keep usb4_tm disabled (git-fixes) - commit b8d72b7 - blacklist.conf: ("ARM: dts: at91: sama7g5ek: specify proper regulator output ranges") - commit 3ab614b - blacklist.conf: ("ARM: at91: pm: fix DDR recalibration when resuming from backup and") - commit 0f7a39d - blacklist.conf: ("ARM: at91: pm: fix self-refresh for sama7g5") - commit be8848f - Update patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch (CVE-2023-23559 bsc#1207051). Added CVE reference to patch already merged through git-fixes - commit a3e1190 - ARM: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes) - commit 91b832e - ARM: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes) - commit 1de40c0 - blacklist.conf: ("ARM: dts: qcom-msm8974: fix irq type on blsp2_uart1") - commit fa5a88a - blacklist.conf: ("ARM: dts: ux500: Fix Gavini accelerometer mounting matrix") - commit 2b7186a - blacklist.conf: ("ARM: dts: ux500: Fix Codina accelerometer mounting matrix") - commit aaa59d4 - xen/arm: Fix race in RB-tree based P2M accounting (git-fixes) - commit 6cae44e - ARM: dts: stm32: add missing usbh clock and fix clk order on (git-fixes) - commit 34357fd - blacklist.conf: ("ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt") - commit c94ffa5 - virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449). - Refresh patches.suse/x86-sev-Get-the-AP-jump-table-address-from-secrets-page. - commit efc1984 - virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449). - Refresh patches.suse/x86-sev-Get-the-AP-jump-table-address-from-secrets-page. - commit 9995360 - virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449). - virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449). - virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449). - virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449). - commit 61ff2a0 - blacklist.conf: ("ARM: versatile: Add missing of_node_put in dcscb_init") - commit 346b599 - ARM: omap: remove debug-leds driver (git-fixes) - commit 8b7f9eb - blacklist.conf: ("ARM: dts: at91: sama7g5: remove interrupt-parent from gic node") - commit 7886324 - irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes) - commit 7eff197 - blacklist.conf: ("ARM: dts: at91: sama7g5ek: enable pull-up on flexcom3 console lines") - commit 5fe218b - blacklist.conf: ("arm/xen: Fix some refcount leaks") - commit e7dd5e5 - blacklist.conf: ("ARM: dts: at91: sama7g5: Remove unused properties in i2c nodes") - commit 8a32969 - blacklist.conf: ("ARM: dts: at91: fix low limit for CPU regulator") - commit 51d5738 - ARM: remove some dead code (git-fixes) - commit f7ced4a - blacklist.conf: ("ARM: 9179/1: uaccess: avoid alignment faults in") - commit ac48f9d - blacklist.conf: ("ARM: dts: gpio-ranges property is now required") - commit 8e50da0 - blacklist.conf: ("Revert "ARM: 9070/1: Make UNWINDER_ARM depend on ld.bfd or ld.lld") - commit 6e45b56 - blacklist.conf: ("Documentation, arch: Remove leftovers from CIFS_WEAK_PW_HASH") - commit db21aa5 - blacklist.conf: ("ARM: dts: at91: update alternate function of signal PD20") - commit 638e70e - ARM: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes) - commit b3c9eb5 - ARM: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes) - commit 255b829 - kmap_local: don't assume kmap PTEs are linear arrays in memory (git-fixes) Update config/armv7hl/default too. - commit 4f3ffba - ARM: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes) - commit 9fe9f3d - blacklist.conf: ("ARM: 9131/1: mm: Fix PXN process with LPAE feature") - commit 401f82c - drm/vmwgfx: Avoid NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331 CVE-2022-38096) - commit 1c4885c ------------------------------------------------------------------ ------------------ 2023-2-17 - Feb 17 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist: add commit 752f59637128 ("docs: filesystems: update netfs-api.rst reference") - commit b636a21 - fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429). - commit eb9d928 - ceph: flush cap releases when the session is flushed (bsc#1208428). - commit 6cc818b - block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes). - blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes). - block: don't allow splitting of a REQ_NOWAIT bio (git-fixes). - block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes). - blk-mq: fix possible memleak when register 'hctx' failed (git-fixes). - block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes). - block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes). - md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes). - md: fix a crash in mempool_free (git-fixes). - md/bitmap: Fix bitmap chunk size overflow issues (git-fixes). - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes). - block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC" (git-fixes). - block: fix and cleanup bio_check_ro (git-fixes). - commit 1404ba9 - blacklist.conf: add git-fixes commit which won't be backported - commit 9c78c8a - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - Refresh patches.suse/net-mana-Fix-IRQ-name-add-PCI-and-queue-number.patch. - commit e0863ac - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - commit b973d25 - drm/amd/display: Fail atomic_check early on normalize_zpos error (git-fixes). - net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path (git-fixes). - net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-fixes). - commit 305b479 ++++ systemd: - Drop build requirement on libpci, it's not more needed since udev hwdb was introduced 11 years ago. ++++ podman: - Add patch to fix bsc#1208364 aka CVE-2023-0778 Added patch: * volume-container-chroot-to-source-before-exporting-content.patch ------------------------------------------------------------------ ------------------ 2023-2-16 - Feb 16 2023 ------------------- ------------------------------------------------------------------ ++++ gnutls: - FIPS: Make the jitterentropy calls thread-safe [bsc#1208146] * Add gnutls-FIPS-jitterentropy-threadsafe.patch - FIPS: GnuTLS DH/ECDH PCT public key regeneration [bsc#1207183] * Rebase patches with the version submitted upstream. * Avoid copying the key material: gnutls-FIPS-PCT-DH.patch * Improve logic around memory release: gnutls-FIPS-PCT-ECDH.patch - Security Fix: [bsc#1208143, CVE-2023-0361] * Bleichenbacher oracle in TLS RSA key exchange * Add gnutls-CVE-2023-0361.patch ++++ kernel-default: - Set references for "drm/vmwgfx: Validate the box size for the snooped cursor" (bsc#1203332 CVE-2022-36280) - commit 9d6fa3b ++++ systemd-rpm-macros: - Bump version to 12 - Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079). ------------------------------------------------------------------ ------------------ 2023-2-15 - Feb 15 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328). - exit: Allow oops_limit to be disabled (bsc#1207328). - commit 75afc24 - panic: Introduce warn_limit (bsc#1207328). - panic: Consolidate open-coded panic_on_warn checks (bsc#1207328). - kasan: no need to unset panic_on_warn in end_report() (bsc#1207328). - ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328). - panic: unset panic_on_warn inside panic() (bsc#1207328). - commit 2d71785 - Update patches.suse/0001-exit-Put-an-upper-limit-on-how-often-we-can-oops.patch (bsc#1207328, bsc#1208290). - commit d66a2b6 - usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes). - drm/i915: Fix VBT DSI DVO port handling (git-fixes). - commit d08ee1f ++++ mozilla-nss: - Add manpages to mozilla-nss-tools (bsc#1208242) ------------------------------------------------------------------ ------------------ 2023-2-14 - Feb 14 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - exit: Move force_uaccess back into do_exit (bsc#1207328). - blacklist.conf: blacklist fixups for unsupported arches - exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328). - objtool: Add a missing comma to avoid string concatenation (bsc#1207328). - commit a5e521f - exit: Put an upper limit on how often we can oops (bsc#1207328). - sysctl: add a new register_sysctl_init() interface (bsc#1207328). - exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328). - exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328). - exit: Add and use make_task_dead (bsc#1207328). - commit b158add - blacklist.conf: Add 4a7ba45b1a43 memcg: fix possible use-after-free in memcg_write_event_control() - commit 6452dee - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - commit da88ecc - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes). - x86/asm: Fix an assembler warning with current binutils (git-fixes). - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes). - x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes). - x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes). - x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes). - x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes). - signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes). - x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (git-fixes). - commit e419e31 - blacklist.conf: add some x86 entries - commit a9b7553 - x86/bugs: Flush IBP in ib_prctl_set() (bsc#1207773 CVE-2023-0045). - commit e08d6f4 - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - commit 28d64fc - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - commit a36b0e7 - Delete patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch. - commit 2fa3c94 ++++ libcontainers-common: - New upstream release 20230214 - bump c/storage to 1.45.3 - bump c/image to 5.24.1 - bump c/common to 0.51.0 - containers.conf: * add commented out options containers.read_only, engine.platform_to_oci_runtime, engine.events_container_create_inspect_data, network.volume_plugin_timeout, engine.runtimes.youki, machine.provider * remove deprecated setting containers.userns_size * add youki to engine.runtime_supports_json - shortnames.conf: pull in latest upstream version - storage.conf: add commented out option storage.transient_store - correct license to APACHE-2.0 only (there's no GPLv3 code to be found) - add source URLs to spec - drop pointless copyright year ++++ tar: - Fix CVE-2022-48303, tar has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump (CVE-2022-48303, bsc#1207753) * fix-CVE-2022-48303.patch - Fix hang when unpacking test tarball, bsc#1202436 * remove bsc1202436.patch * bsc1202436-1.patch * bsc1202436-1.patch ------------------------------------------------------------------ ------------------ 2023-2-13 - Feb 13 2023 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - Update to version 10.1.0 (bsc#1207133, bsc#1208097, bsc#1208099 ) - Removes a warning about system_token entry present in the credentials file. - Adds logrotate configuration for log rotation. ++++ kernel-default: - RDMA/usnic: use iommu_map_atomic() under spin_lock() (git-fixes) - commit af04c13 - RDMA/irdma: Fix potential NULL-ptr-dereference (git-fixes) - commit c54f45a - IB/IPoIB: Fix legacy IPoIB due to wrong number of queues (git-fixes) - commit 16b662e - IB/hfi1: Restore allocated resources on failed copyout (git-fixes) - commit ccc63fc - [infiniband] READ is "data destination", not source... (git-fixes) - commit e72e699 - bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (git-fixes). - commit 6dd7272 - bpf: Skip task with pid=1 in send_signal_common() (git-fixes). - commit e9da05e - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes). - commit 6d2cfdd - trace_events_hist: add check for return value of 'create_hist_field' (git-fixes). - commit 6dd7173 - tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes). - commit cac7b63 - xfs: estimate post-merge refcounts correctly (bsc#1208183). - commit 5ea2f7f - xfs: hoist refcount record merge predicates (bsc#1208183). - commit 295092d - usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes). - commit 26849f9 - nvdimm: disable namespace on error (bsc#1166486). - commit 195740e ++++ libzypp: - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) - version 17.31.8 (22) ++++ mdadm: - Update the following patch for (bsc#1207868) 1005-mdadm-enable-Intel-Alderlake-RSTe-configuration.patch ++++ python-cryptography: - Add patch CVE-2023-23931-dont-allow-update-into.patch (bsc#1208036, CVE-2023-23931) * Don't allow update_into to mutate immutable objects ++++ sudo: - Added sudo-fix_NULL_deref_RunAs.patch * bsc#1206483 * Fix a situation where "sudo -U otheruser -l" would dereference a NULL pointer. ------------------------------------------------------------------ ------------------ 2023-2-12 - Feb 12 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes). - commit 81770af ------------------------------------------------------------------ ------------------ 2023-2-11 - Feb 11 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: hda/realtek: Add Positivo N14KP6-TG (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP platform (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes). - commit 58ec4c2 - clk: ingenic: jz4760: Update M/N/OD calculation algorithm (git-fixes). - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-fixes). - pinctrl: single: fix potential NULL dereference (git-fixes). - pinctrl: aspeed: Fix confusing types in return value (git-fixes). - pinctrl: mediatek: Fix the drive register definition of some Pins (git-fixes). - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes). - ASoC: topology: Return -ENOMEM on memory allocation failure (git-fixes). - ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes). - ALSA: pci: lx6464es: fix a debug loop (git-fixes). - commit 1f306c4 ------------------------------------------------------------------ ------------------ 2023-2-10 - Feb 10 2023 ------------------- ------------------------------------------------------------------ ++++ haproxy: - VUL-0: serious vulnerability in the HTTP/1 parser (bsc#1208132) o Apply upstream patch: 2.0-2.5-BUG-CRITICAL-http-properly-reject-empty-http-header-.patch - The output buffer is not zero-initialized. If we don't clear reserved bytes, fcgi requests sent to backend will leak sensitive data. o Apply proposed patch: 0001-output-buffer-is-not-zero-initialized.path ++++ kernel-default: - drm/i915: Initialize the obj flags for shmem objects (git-fixes). - drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes). - drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-fixes). - selftests: forwarding: lib: quote the sysctl values (git-fixes). - can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes). - net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes). - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-fixes). - efi: Accept version 2 of memory attributes table (git-fixes). - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes). - selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes). - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes). - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes). - ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes). - i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes). - i2c: mxs: suppress probe-deferral error message (git-fixes). - i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes). - drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes). - platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes). - platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-fixes). - net/x25: Fix to not accept on connected socket (git-fixes). - fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes). - ASoC: Intel: bytcht_es8316: move comment to the right place (git-fixes). - ASoC: Intel: boards: fix spelling in comments (git-fixes). - commit 3e5740a ++++ mozilla-nss: - update to NSS 3.79.4 (bsc#1208138) * Bug 1804640 - improve handling of unknown PKCS#12 safe bag types. (CVE-2023-0767) ++++ Mesa: - U_ReturnME.patch * fixes blackscreen in Return To Monkey Island on Intel graphics (boo#1208145) ++++ systemd: - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package: they may deserve a dedicated sub-package in the future but for now move them to udev so they aren't installed in systemd based containers. ------------------------------------------------------------------ ------------------ 2023-2-9 - Feb 9 2023 ------------------- ------------------------------------------------------------------ ++++ containerd: - Update to containerd v1.6.16 for Docker v23.0.1-ce. Upstream release notes: ++++ kernel-default: - watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210) Also enable module in aarch64 default configuration. - commit 75d6ed8 - mbcache: Fixup kABI of mb_cache_entry (bsc#1207653). - commit fa7eb4a - jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590). - commit 6fe03db - blacklist.conf: Add inapplicable ppc fixes - commit 27b4e1f - blacklist.conf: Add more unsupported ppc architecture paths - commit 7ff8dae - ACPI: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224). - ACPI: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224). - ACPI: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224). - ACPI: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224). - ACPI: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224). - ACPI: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224). - ACPI: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224). - ACPI: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224). - ACPI: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224). - ACPI: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224). - ACPI: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224). - ACPI: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224). - ACPI: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224). - commit 35655fa - of/address: Return an error when no valid dma-ranges are found (git-fixes). - usb: gadget: f_hid: fix refcount leak on error path (git-fixes). - commit 787429a ++++ openSUSE-repos-LeapMicro: - Update to version 20230209.87a5e9e: * Drop obsoleting of TW from openSUSE-repos-MicroOS * Do not use distver for TW and MicroOS openh264 repo ++++ podman: - Update to version 4.4.1: * Bump to v4.4.1 * Update release notes for Podman 4.4.1 * kube play: do not teardown unconditionally on error * Resolve symlink path for qemu directory if possible * events: document journald identifiers * Quadlet: exit 0 when there are no files to process * Cleanup podman-systemd.unit file * Install podman-systemd.unit man page, make quadlet discoverable * Add missing return after errors * oci: bind mount /sys with --userns=(auto|pod:) * docs: specify order preference for FROM * Cirrus: Fix & remove GraphQL API tests * test: adapt test to work on cgroupv1 * make hack/markdown-preprocess parallel-safe * Fix default handling of pids-limit * system tests: fix volume exec/noexec test * Bump to v4.4.1-dev ------------------------------------------------------------------ ------------------ 2023-2-8 - Feb 8 2023 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 4.1.3 - Suppress SELinux relabelling output in quiet mode - Documentation readability improvements ++++ kernel-default: - cifs: do not include page data when checking signature (git-fixes). - commit 371ed21 - net: sched: fix race condition in qdisc_graft() (CVE-2023-0590 bsc#1207795). - net_sched: add __rcu annotation to netdev->qdisc (CVE-2023-0590 bsc#1207795). - commit 37e8915 - usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes). - commit b8e6a95 - Remove duplicate Git-commit tag in patch file - commit e53c839 - nvmet-auth: add missing goto in nvmet_setup_auth() (bsc#1207050 CVE-2023-0122). - commit bf95e5e - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207125 CVE-2023-23455). - commit 7c3cc04 - blacklist.conf: kABI - commit 2978c58 - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036 CVE-2023-23454). - commit 6b9dae7 ++++ openssl-1_1: - FIPS: Serialize jitterentropy calls [bsc#1207994] * Add openssl-1_1-serialize-jitterentropy-calls.patch ------------------------------------------------------------------ ------------------ 2023-2-7 - Feb 7 2023 ------------------- ------------------------------------------------------------------ ++++ curl: - Security Fix: [bsc#1207992, CVE-2023-23916] * HTTP multi-header compression denial of service * Add curl-CVE-2023-23916.patch - Security Fixes: * HSTS ignored on multiple requests [bsc#1207990, CVE-2023-23914] * HSTS amnesia with --parallel [bsc#1207991, CVE-2023-23915] * Add curl-CVE-2023-23914-23915.patch ++++ kernel-default: - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes). - commit 7c7cc75 - drm/hyperv: Add error message for fb size greater than allocated (git-fixes). - commit cafd34d - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - commit 6de96d2 - Delete for regression addressed (bsc#1207933) patches.suse/0029-zram-do-not-lookup-algorithm-in-backends-table.patch. - commit bebd4c7 - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - commit 6a283ad - IB/hfi1: Remove user expected buffer invalidate race (git-fixes) - commit 02f72aa - IB/hfi1: Immediately remove invalid memory from hardware (git-fixes) - commit 9a77ebc - IB/hfi1: Fix expected receive setup error exit issues (git-fixes) - commit b274778 - IB/hfi1: Reserve user expected TIDs (git-fixes) - commit fe650ef - IB/hfi1: Reject a zero-length user expected buffer (git-fixes) - commit 09b161d - RDMA/core: Fix ib block iterator counter overflow (git-fixes) - commit dd46f2f - RDMA/rxe: Prevent faulty rkey generation (git-fixes) - commit d9dabe6 - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes) - commit 3feb1bc - Update kabi files from 5.14.21-150400.24.41.1 (January 2023 update). - commit 2e08d61 - net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842). - commit a65c09c - blacklist.conf: kABI - commit f264e1b - blacklist.conf: kABI - commit a5843b9 - blacklist.conf: kABI - commit 61ccddd - RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes) - commit 06d39b7 - RDMA/srp: Move large values to a new enum for gcc13 (git-fixes) - commit 1322a9f - arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes). - ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes). - ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes). - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes). - HID: playstation: sanity check DualSense calibration data (git-fixes). - extcon: usbc-tusb320: fix kernel-doc warning (git-fixes). - selftests: Provide local define of __cpuid_count() (git-fixes). - selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes). - tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes). - commit fe9cb53 ++++ less: - Apply "cve-2022-46663.patch" to fix a vulnerability in less that could be exploited for denial-of-service attacks or even remote code execution by printing specially crafted escape sequences to the terminal. [CVE-2022-46663, bsc#1207815] ++++ ceph: - Update to 16.2.11-58-g38d6afd3b78: + test/CMakeLists.txt: move 'APPEND rgw_libs Boost::filesystem' to top level ++++ systemd: - Drop a workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Import commit 119740915155d473de087bd633ba62c1c3e47d36 (merge of v249.15) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/1bfa716e7fb6d7169cece864e75dfe9e52914c99...119740915155d473de087bd633ba62c1c3e47d36 - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. ++++ suse-build-key: - Establish multiple new 4096 RSA keys that we will switch to mid of 2023. (jsc#PED-2777) - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SLE (RPM+repos). - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserver key for SLE (RPM+repos). - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF RPMs. - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: new RSA 4096 key for the SUSE registry registry.suse.com, installed as suse-container-key-2023.pem and suse-container-key-2023.asc - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. ------------------------------------------------------------------ ------------------ 2023-2-6 - Feb 6 2023 ------------------- ------------------------------------------------------------------ ++++ glibc: - dlopen-filter-object.patch: elf: Allow dlopen of filter object to work (bsc#1207571, BZ #16272) - powerpc-tst-ucontext.patch: powerpc: Fix unrecognized instruction errors with recent GCC ++++ kernel-default: - x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes). - commit 905c5a6 - hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes). - commit aae275a - x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes). - commit bd7d55d - Update patch tags - patches.suse/watchdog-diag288_wdt-do-not-use-stack-buffers-for-ha.patch - patches.suse/watchdog-diag288_wdt-fix-__diag288-inline-assembly.patch - commit 9dc3955 - powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869). - powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869). - powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869). - powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869). - powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869). - powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869). - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869). - commit 9e11a71 - powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes). - commit 42a147d - usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes). - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes). - usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes). - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes). - serial: 8250_dma: Fix DMA Rx rearm race (git-fixes). - iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes). - iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes). - iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes). - iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes). - iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes). - iio: hid: fix the retval in accel_3d_capture_sample (git-fixes). - iio:adc:twl6030: Enable measurement of VAC (git-fixes). - iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes). - iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes). - iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes). - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes). - iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes). - iio: adc: stm32-dfsdm: fill module aliases (git-fixes). - fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes). - fbcon: Check font dimension limits (git-fixes). - commit 0505fbb ++++ systemd: - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package - systemd-testsuite: move the integration tests in a dedicated sub directory. ++++ nfs-utils: - Rename all drop-in options.conf files as 10-options.conf This makes it easier for other packages to over-ride with a drop-in with a later sequence number. resource-agents does this. (bsc#1207843) ------------------------------------------------------------------ ------------------ 2023-2-5 - Feb 5 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Move upstreamed net patch into sorted section - commit 6bb42b5 - efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes). - drm/i915/adlp: Fix typo for reference clock (git-fixes). - drm/i915: Fix potential bit_17 double-free (git-fixes). - drm/vc4: hdmi: make CEC adapter name unique (git-fixes). - commit 0b0e115 ------------------------------------------------------------------ ------------------ 2023-2-3 - Feb 3 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - commit 70827db - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). - commit a36f04c - btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158). - btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158). - commit df99a9d - btrfs: qgroup: remove outdated TODO comments (bsc#1207158). - commit 0780574 - btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158). - commit 672de9e - btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158). - commit 8a7e537 - ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes). - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes). - net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes). - netrom: Fix use-after-free caused by accept on already connected socket (git-fixes). - net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes). - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes). - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes). - netrom: Fix use-after-free of a listening socket (git-fixes). - commit 27bf187 - ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs, speaker don't work for a HP platform (git-fixes). - commit 1379d54 ++++ graphite2: - fixed license string [bsc#1207676]: LGPL-2.1-or-later OR MPL-2.0 OR GPL-2.0-or-later ------------------------------------------------------------------ ------------------ 2023-2-2 - Feb 2 2023 ------------------- ------------------------------------------------------------------ ++++ hwdata: - update to 0.367: * Update pci, usb and vendor ids ++++ kernel-default: - ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes). - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes). - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes). - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes). - drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes). - arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes). - drm/amd/display: fix issues with driver unload (git-fixes). - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes). - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes). - ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes). - cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes). - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes). - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes). - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes). - drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes). - r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes). - net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes). - spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes). - drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes). - i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes). - i2c: mv64xxx: Remove shutdown method from driver (git-fixes). - thermal/core: Remove duplicate information when an error occurs (git-fixes). - arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes). - commit f0fb46a - drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734). - commit bbfc833 ++++ podman: - Remove patches (merged upstream or resolved otherwise): * 0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch * 0002-Make-the-priority-for-picking-the-storage-driver-con.patch * 0003-Only-override-the-graphdriver-to-vfs-if-the-priority.patch - remove long obsolete update scriptlets - Update to version 4.4.0: * Bump to v4.4.0 * Final release notes for v4.4.0 * Emergency fix for RHEL8 gating tests * Do not mount /dev/tty into rootless containers * Fixes port collision issue on use of --publish-all * Fix usage of absolute windows paths with --image-path * fix #17244: use /etc/timezone where `timedatectl` is missing on Linux * podman-events: document verbose create events * Making gvproxy.exe optional for building Windows installer * Add gvproxy to Windows packages * Match VT device paths to be blocked from mounting exactly * Clean up more language for inclusiveness * Set runAsNonRoot=true in gen kube * quadlet: Add device support for .volume files * fix: running check error when podman is default in wsl * fix: don't output "ago" when container is currently up and running * journald: podman logs only show logs for current user * journald: podman events only show events for current user * Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml) * DB: make loading container states optional * ps: do not sync container * Allow --device-cgroup-rule to be passed in by docker API * [v4.4] Bump to Buildah v1.29.0 * Bump to v4.4.0-dev * Bump to v4.4.0-RC3 * Create release notes for v4.4.0 * Cirrus: Update operating branch * fix APIv2 python attach test flake * ps: query health check in batch mode * make example volume import, not import volume * Correct output when inspecting containers created with --ipc * Vendor containers/(storage, image, common, buildah) * Get correct username in pod when using --userns=keep-id * ps: get network data in batch mode * build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0 * add hack/perf for comparing two container engines * systems: retrofit dns options test to honor other search domains * ps: do not create copy of container config * libpod: set search domain independently of nameservers * libpod,netavark: correctly populate /etc/resolv.conf with custom dns server * podman: relay custom DNS servers to network stack * (fix) mount_program is in storage.options.overlay * Change example target to default in doc * network create: do not allow `default` as name * kube-play: add support for HostPID in podSpec * build(deps): bump github.com/docker/docker * Let's see if #14653 is fixed or not * Add support for podman build --group-add * vendor in latests containers/(storage, common, build, image) * unskip network update test * do not install swagger by default * pasta: skip "Local forwarder, IPv4" test * add testbindings Makefile target * update CI images to include pasta * [CI:DOCS] Add CNI deprecation notices to documentation * Cirrus: preserve podman-server logs * waitPidStop: reduce sleep time to 10ms * StopContainer: return if cleanup process changed state * StopSignal: add a comment * StopContainer: small refactor * waitPidStop: simplify code * e2e tests: reenable long-skipped build test * Add openssh-clients to podmanimage * Reworks Windows smoke test to tunnel through interactive session. * fix bud-multiple-platform-with-base-as-default-arg flake * Remove ReservedAnnotations from kube generate specification * e2e: update test/README.md * e2e: use isRootless() instead of rootless.IsRootless() * Cleanup documentation on --userns=auto * Bump to v4.4.0-dev * Bump to v4.4.0-rc2 * Vendor in latest c/common * sig-proxy system test: bump timeout * build(deps): bump github.com/containernetworking/plugins * rootless: rename auth-scripts to preexec-hooks * Docs: version-check updates * commit: use libimage code to parse changes * [CI:DOCS] Remove experimental mac tutorial * man: Document the interaction between --systemd and --privileged * Make rootless privileged containers share the same tty devices as rootfull ones * container kill: handle stopped/exited container * Vendor in latest containers/(image,ocicrypt) * add a comment to container removal * Vendor in latest containers/storage * Cirrus: Run machine tests on PR merge * fix flake in kube system test * kube play: complete container spec * E2E Tests: Use inspect instead of actual data to avoid UDP flake * Use containers/storage/pkg/regexp in place of regexp * Vendor in latest containers/storage * Cirrus: Support using updated/latest NV/AV in PRs * Limit replica count to 1 when deploying from kubernetes YAML * Set StoppedByUser earlier in the process of stopping * podman-play system test: refactor * Bump to v4.4.0-dev * Bump to v4.4.0-RC1 * network: add support for podman network update and --network-dns-server * service container: less verbose error logs * Quadlet Kube - add support for PublishPort key * e2e: fix systemd_activate_test * Compile regex on demand not in init * [docker compat] Don't overwrite the NetworkMode if containers.conf overrides netns. * E2E Test: Play Kube set deadline to connection to avoid hangs * Only prevent VTs to be mounted inside privileged systemd containers * e2e: fix play_kube_test * Updated error message for supported VolumeSource types * Introduce pkg retry logic in win installer task * logformatter: include base SHA, with history link * Network tests: ping redhat.com, not podman.io * cobra: move engine shutdown to Execute * Updated options for QEMU on Windows hosts * Update Mac installer to use gvproxy v0.5.0 * podman: podman rm -f doesn't leave processes * oci: check for valid PID before kill(pid, 0) * linux: add /sys/fs/cgroup if /sys is a bind mount * Quadlet: Add support for ConfigMap key in Kube section * remove service container _after_ pods * Kube Play - allow setting and overriding published host ports * oci: terminate all container processes on cleanup * Update win-sshproxy to 0.5.0 gvisor tag * Vendor in latest containers/common * Fix a potential defer logic error around locking * logformatter: nicer formatting for bats failures * logformatter: refactor verbose line-print * e2e tests: stop using UBI images * k8s-file: podman logs --until --follow exit after time * journald: podman logs --until --follow exit after time * journald: seek to time when --since is used * podman logs: journald fix --since and --follow * Preprocess files in UTF-8 mode * Bump golang.org/x/tools from 0.4.0 to 0.5.0 in /test/tools * Vendor in latest containers/(common, image, storage) * Switch to C based msi hooks for win installer * hack/bats: improve usage message * hack/bats: add --remote option * hack/bats: fix root/rootless logic * Describe copy volume options * Support sig-proxy for podman-remote attach and start * libpod: fix race condition rm'ing stopping containers * e2e: fix run_volume_test * Add support for Windows ARM64 * Add shared --compress to man pages * Add container error message to ContainerState * Man page checker: require canonical name in SEE ALSO * system df: improve json output code * kube play: fix the error logic with --quiet * System tests: quadlet network test * Fix: List container with volume filter * adding -dryrun flag * Quadlet Container: Add support for EnvironmentFile and EnvironmentHost * Kube Play: use passthrough as the default log-driver if service-container is set * System tests: add missing cleanup * System tests: fix unquoted question marks * Build and use a newer systemd image * Quadlet Network - Fix the name of the required network service * System Test Quadlet - Volume dependency test did not test the dependency * fix `podman system connection - tcp` flake * vendor: bump c/storage to a747b27 * Fix instructions about setting storage driver on command-line * Test README - point users to hack/bats * System test: quadlet kube basic test * Fixed `podman update --pids-limit` * podman-remote,bindings: trim context path correctly when its emptydir * Quadlet Doc: Add section for .kube files * e2e: fix containers_conf_test * Allow '/' to prefix container names to match Docker * Remove references to qcow2 * Fix typos in man page regarding transient storage mode. * make: Use PYTHON var for .install.pre-commit * Add containers.conf read-only flag support * Explain that relabeling/chowning of volumes can take along time * events: support "die" filter * infra/abi: refactor ContainerRm * When in transient store mode, use rundir for bundlepath * quadlet: Support Type=oneshot container files * hacks/bats: keep QUADLET env var in test env * New system tests for conflicting options * Vendor in latest containers/(buildah, image, common) * Output Size and Reclaimable in human form for json output * podman service: close duplicated /dev/null fd * ginkgo tests: apply ginkgolinter fixes * Add support for hostPath and configMap subpath usage * export: use io.Writer instead of file * rootless: always create userns with euid != 0 * rootless: inhibit copy mapping for euid != 0 * pkg/domain/infra/abi: introduce `type containerWrapper` * vendor: bump to buildah ca578b290144 and use new cache API * quadlet: Handle booleans that have defaults better * quadlet: Rename parser.LookupBoolean to LookupBooleanWithDefault * Add podman-clean-transient.service service * Stop recording annotations set to false * Unify --noheading and -n to be consistent on all commands * pkg/domain/infra/abi: add `getContainers` * Update vendor of containters/(common, image) * specfile: Drop user-add depedency from quadlet subpackage. * quadlet: Default BINDIR to /usr/bin if tag not specified * Quadlet: add network support * Add comment for jsonMarshal command * Always allow pushing from containers-storage * libpod: move NetNS into state db instead of extra bucket * Add initial system tests for quadlets * quadlet: Add --user option * libpod: remove CNI word were no longer applicable * libpod: fix header length in http attach with logs * podman-kube@ template: use `podman kube` * build(deps): bump github.com/docker/docker * wait: add --ignore option * qudlet: Respect $PODMAN env var for podman binary * e2e: Add assert-key-is-regex check to quadlet e2e testsuite * e2e: Add some assert to quadlet test to make sure testcases are sane * remove unmapped ports from inspect port bindings * update podman-network-create for clarity * Vendor in latest containers/common with default capabilities * pkg/rootless: Change error text ... * rootless: add cli validator * rootless: define LIBEXECPODMAN * doc: fix documentation for idmapped mounts * bump golangci-lint to v1.50.1 * build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2 * [CI:DOCS] podman-mount: s/umount/unmount/ * create/pull --help: list pull policies * Network Create: Add --ignore flag to support idempotent script * Make qemu security model none * libpod: use OCI idmappings for mounts * stop reporting errors removing containers that don't exist * test: added test from wait endpoint with to long label * quadlet: Default VolatileTmp to off * build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.11 * docs/options/ipc: fix list syntax * Docs: Add dedicated DOWNLOAD doc w/ links to bins * Make a consistently-named windows installer * checkpoint restore: fix --ignore-static-ip/mac * add support for subpath in play kube for named volumes * build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0 * golangci-lint: remove three deprecated linters * parse-localbenchmarks: separate standard deviation * build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0 * podman play kube support container startup probe * Add podman buildx version support * Cirrus: Collect benchmarks on machine instances * Cirrus: Remove escape codes from log files * [CI:DOCS] Clarify secret target behavior * Fix typo on network docs * podman-remote build add --volume support * remote: allow --http-proxy for remote clients * Cleanup kube play workloads if error happens * health check: ignore dependencies of transient systemd units/timers * fix: event read from syslog * Fixes secret (un)marshaling for kube play. * Remove 'you' from man pages * build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools * [CI:DOCS] test/README.md: run tests with podman-remote * e2e: keeps the http_proxy value * Makefile: Add podman-mac-helper to darwin client zip * test/e2e: enable "podman run with ipam none driver" for nv * [skip-ci] GHA/Cirrus-cron: Fix execution order * kube sdnotify: run proxies for the lifespan of the service * Update containers common package * podman manpage: Use man-page links instead of file names * e2e: fix e2e tests in proxy environment * Fix test * disable healthchecks automatically on non systemd systems * Quadlet Kube: Add support for userns flag * [CI:DOCS] Add warning about --opts,o with mount's -o * Add podman system prune --external * Add some tests for transient store * runtime: In transient_store mode, move bolt_state.db to rundir * runtime: Handle the transient store options * libpod: Move the creation of TmpDir to an earlier time * network create: support "-o parent=XXX" for ipvlan * compat API: allow MacAddress on container config * Quadlet Kube: Add support for relative path for YAML file * notify k8s system test: move sending message into exec * runtime: do not chown idmapped volumes * quadlet: Drop ExecStartPre=rm %t/%N.cid * Quadlet Kube: Set SyslogIdentifier if was not set * Add a FreeBSD cross build to the cirrus alt build task * Add completion for --init-ctr * Fix handling of readonly containers when defined in kube.yaml * Build cross-compilation fixes * libpod: Track healthcheck API changes in healthcheck_unsupported.go * quadlet: Use same default capability set as podman run * quadlet: Drop --pull=never * quadlet: Change default of ReadOnly to no * quadlet: Change RunInit default to no * quadlet: Change NoNewPrivileges default to false * test: podman run with checkpoint image * Enable 'podman run' for checkpoint images * test: Add tests for checkpoint images * CI setup: simplify environment passthrough code * Init containers should not be restarted * Update c/storage after https://github.com/containers/storage/pull/1436 * Set the latest release explicitly * add friendly comment * fix an overriding logic and load config problem * Update the issue templates * Update vendor of containers/(image, buildah) * [CI:DOCS] Skip windows-smoke when not useful * [CI:DOCS] Remove broken gate-container docs * OWNERS: add Jason T. Greene * hack/podmansnoop: print arguments * Improve atomicity of VM state persistence on Windows * [CI:BUILD] copr: enable podman-restart.service on rpm installation * macos: pkg: Use -arm64 suffix instead of -aarch64 * linux: Add -linux suffix to podman-remote-static binaries * linux: Build amd64 and arm64 podman-remote-static binaries * container create: add inspect data to event * Allow manual override of install location * Run codespell on code * Add missing parameters for checkpoint/restore endpoint * Add support for startup healthchecks * Add information on metrics to the `network create` docs * Introduce podman machine os commands * Document that ignoreRootFS depends on export/import * Document ignoreVolumes in checkpoint/restore endpoint * Remove leaveRunning from swagger restore endpoint * libpod: Add checks to avoid nil pointer dereference if network setup fails * Address golangci-lint issues * Bump golang version to 1.18 * Documenting Hyper-V QEMU acceleration settings * Kube Play: fix the handling of the optional field of SecretVolumeSource * Update Vendor of containers/(common, image, buildah) * Fix swapped NetInput/-Output stats * libpod: Use O_CLOEXEC for descriptors returned by (*Container).openDirectory * chore: Fix MD for Troubleshooting Guide link in GitHub Issue Template * test/tools: rebuild when files are changed * ginkgo tests: apply ginkgolinter fixes * ginkgo: restructure install work flow * Fix manpage emphasis * specgen: support CDI devices from containers.conf * vendor: update containers/common * pkg/trust: Take the default policy path from c/common/pkg/config * Add validate-in-container target * Adding encryption decryption feature * container restart: clean up healthcheck state * Add support for podman-remote manifest annotate * Quadlet: Add support for .kube files * Update vendor of containers/(buildah, common, storage, image) * specgen: honor user namespace value * [CI:DOCS] Migrate OSX Cross to M1 * quadlet: Rework uid/gid remapping * GHA: Fix cirrus re-run workflow for other repos. * ssh system test: skip until it becomes a test * shell completion: fix hard coded network drivers * libpod: Report network setup errors properly on FreeBSD * E2E Tests: change the registry for the search test to avoid authentication * pkginstaller: install podman-mac-helper by default * Fix language. Mostly spelling a -> an * podman machine: Propagate SSL_CERT_FILE and SSL_CERT_DIR to systemd environment. * [CI:DOCS] Fix spelling and typos * Modify man page of "--pids-limit" option to correct a default value. * Update docs/source/markdown/podman-remote.1.md * Update pkg/bindings/connection.go * Add more documentation on UID/GID Mappings with --userns=keep-id * support podman-remote to connect tcpURL with proxy * Removing the RawInput from the API output * fix port issues for CONTAINER_HOST * CI: Package versions: run in the 'main' step * build(deps): bump github.com/rootless-containers/rootlesskit * pkg/domain: Make checkExecPreserveFDs platform-specific * e2e tests: fix restart race * Fix podman --noout to suppress all output * remove pod if creation has failed * pkg/rootless: Implement rootless.IsFdInherited on FreeBSD * Fix more podman-logs flakes * healthcheck system tests: try to fix flake * libpod: treat ESRCH from /proc/PID/cgroup as ENOENT * GHA: Configure workflows for reuse * compat,build: handle docker's preconfigured cacheTo,cacheFrom * docs: deprecate pasta network name * utils: Enable cgroup utils for FreeBSD * pkg/specgen: Disable kube play tests on FreeBSD * libpod/lock: Fix build and tests for SHM locks on FreeBSD * podman cp: fix copying with "." suffix * pkginstaller: bump Qemu to version 7.1.0 * specgen,wasm: switch to crun-wasm wherever applicable * vendor: bump c/common to v0.50.2-0.20221111184705-791b83e1cdf1 * libpod: Make unit test for statToPercent Linux only * Update vendor of containers/storage * fix connection usage with containers.conf * Add --quiet and --no-info flags to podman machine start * Add hidden podman manifest inspect -v option * Bump github.com/onsi/gomega from 1.24.0 to 1.24.1 * Add podman volume create -d short option for driver * Vendor in latest containers/(common,image,storage) * Add podman system events alias to podman events * Fix search_test to return correct version of alpine * Bump golang.org/x/tools from 0.1.12 to 0.3.0 in /test/tools * GHA: Fix undefined secret env. var. * Release notes for 4.3.1 * GHA: Fix make_email-body script reference * Add release keys to README * GHA: Fix typo setting output parameter * GHA: Fix typo. * New tool, docs/version-check * Formalize our compare-against-docker mechanism * Add restart-sec for container service files * test/tools: bump module to go 1.17 * contrib/cirrus/check_go_changes.sh: ignore test/tools/vendor * Bump github.com/coreos/go-systemd/v22 from 22.4.0 to 22.5.0 * Bump golang.org/x/term from 0.1.0 to 0.2.0 * Bump golang.org/x/sys from 0.1.0 to 0.2.0 * Bump github.com/container-orchestrated-devices/container-device-interface * build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 in /test/tools * libpod: Add FreeBSD support in packageVersion * Allow podman manigest push --purge|-p as alias for --rm * [CI:DOCS] Add performance tutorial * [CI:DOCS] Fix build targets in build_osx.md. * fix --format {{json .}} output to match docker * remote: fix manifest add --annotation * Skip test if `--events-backend` is necessary with podman-remote * kube play: update the handling of PersistentVolumeClaim * system tests: fix a system test in proxy environment * Use single unqualified search registry on Windows * test/system: Add, use tcp_port_probe() to check for listeners rather than binds * test/system: Add tests for pasta(1) connectivity * test/system: Move network-related helpers to helpers.network.bash * test/system: Use procfs to find bound ports, with optional address and protocol * test/system: Use port_is_free() from wait_for_port() * libpod: Add pasta networking mode * More log-flake work * Fix test flakes caused by improper podman-logs * fix incorrect systemd booted check * Cirrus: Add tests for GHA scripts * GHA: Update scripts to pass shellcheck * Cirrus: Shellcheck github-action scripts * Cirrus: shellcheck support for github-action scripts * GHA: Fix cirrus-cron scripts * Makefile: don't install to tmpfiles.d on FreeBSD * Make sure we can build and read each line of docker py's api client * Docker compat build api - make sure only one line appears per flush * Run codespell on code * Update vendor of containers/(image, storage, common) * Allow namespace path network option for pods. * Cirrus: Never skip running Windows Cross task * GHA: Auto. re-run failed cirrus-cron builds once * GHA: Migrate inline script to file * GHA: Simplify script reference * test/e2e: do not use apk in builds * remove container/pod id file along with container/pod * Cirrus: Synchronize windows image * Add --insecure,--tls-verify,--verbose flags to podman manifest inspect * runtime: add check for valid pod systemd cgroup * CI: set and verify DESIRED_NETWORK (netavark, cni) * [CI:DOCS] troubleshooting: document keep-id options * Man pages: refactor common options: --security-opt * Cirrus: Guarantee CNI testing w/o nv/av present * Cirrus: temp. disable all Ubuntu testing * Cirrus: Update to F37beta * buildah bud tests: better handling of remote * quadlet: Warn in generator if using short names * Add Windows Smoke Testing * Add podman kube apply command * docs: offer advice on installing test dependencies * Fix documentation on read-only-tmpfs * version bump to 4.4.0-dev * deps: bump go-criu to v6 * Makefile: Add cross build targets for freebsd * pkg/machine: Make this build on FreeBSD/arm64 * pkg/rctl: Remove unused cgo dependency * man pages: assorted underscore fixes * Upgrade GitHub actions packages from v2 to v3 * vendor github.com/godbus/dbus/v5@4b691ce * [CI:DOCS] fix --tmpdir typos * Do not report that /usr/share/containers/storage.conf has been edited. * Eval symlinks on XDG_RUNTIME_DIR * hack/podmansnoop * rootless: support keep-id with one mapping * rootless: add argument to GetConfiguredMappings * Update vendor containers/(common,storage,buildah,image) * Fix deadlock between 'podman ps' and 'container inspect' commands * Add information about where the libpod/boltdb database lives * Consolidate the dependencies for the IsTerminal() API * Ensure that StartAndAttach locks while sending signals * ginkgo testing: fix podman usernamespace join * Test runners: nuke podman from $PATH before tests * volumes: Fix idmap not working for volumes * FIXME: Temporary workaround for ubi8 CI breakage * System tests: teardown: clean up volumes * update api versions on docs.podman.io * system tests: runlabel: use podman-under-test * system tests: podman network create: use random port * sig-proxy test: bump timeout * play kube: Allow the user to import the contents of a tar file into a volume * Clarify the docs on DropCapability * quadlet tests: Disable kmsg logging while testing * quadlet: Support multiple Network= * quadlet: Add support for Network=... * Fix manpage for podman run --network option * quadlet: Add support for AddDevice= * quadlet: Add support for setting seccomp profile * quadlet: Allow multiple elements on each Add/DropCaps line * quadlet: Embed the correct binary name in the generated comment * quadlet: Drop the SocketActivated key * quadlet: Switch log-driver to passthrough * quadlet: Change ReadOnly to default to enabled * quadlet tests: Run the tests even for (exected) failed tests * quadlet tests: Fix handling of stderr checks * Remove unused script file * notifyproxy: fix container watcher * container/pod id file: truncate instead of throwing an error * quadlet: Use the new podman create volume --ignore * Add podman volume create --ignore * logcollector: include aardvark-dns * build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 * build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1 * docs: generate systemd: point to kube template * docs: kube play: mention restart policy * Fixes: 15858 (podman system reset --force destroy machine) * fix search flake * use cached containers.conf * adding regex support to the ancestor ps filter function * Fix `system df` issues with `-f` and `-v` * markdown-preprocess: cross-reference where opts are used * Default qemu flags for Windows amd64 * build(deps): bump golang.org/x/text from 0.3.8 to 0.4.0 * Update main to reflect v4.3.0 release * build(deps): bump github.com/docker/docker * move quadlet packages into pkg/systemd * system df: fix image-size calculations * Add man page for quadlet * Fix small typo * testimage: add iproute2 & socat, for pasta networking * Set up minikube for k8s testing * Makefile: don't install systemd generator binaries on FreeBSD * [CI:BUILD] copr: podman rpm should depend on containers-common-extra * Podman image: Set default_sysctls to empty for rootless containers * Don't use github.com/docker/distribution * libpod: Add support for 'podman top' on FreeBSD * libpod: Factor out jail name construction from stats_freebsd.go * pkg/util: Add pid information descriptors for FreeBSD * Initial quadlet version integrated in golang * bump golangci-lint to v1.49.0 * Update vendor containers/(common,image,storage) * Allow volume mount dups, iff source and dest dirs * rootless: fix return value handling * Change to correct break statements * vendor containers/psgo@v1.8.0 * Clarify that MacOSX docs are client specific * libpod: Factor out the call to PidFdOpen from (*Container).WaitForExit * Add swagger install + allow version updates in CI * Cirrus: Fix windows clone race * build(deps): bump github.com/docker/docker * kill: wait for the container * generate systemd: set --stop-timeout for stopping containers * hack/tree_status.sh: print diff at the end * Fix markdown header typo * markdown-preprocess: add generic include mechanism * markdown-preprocess: almost complete OO rewrite * Update tests for changed error messages * Update c/image after https://github.com/containers/image/pull/1299 * Man pages: refactor common options (misc) * Man pages: Refactor common options: --detach-keys * vendor containers/storage@main * Man pages: refactor common options: --attach * build(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0 * KillContainer: improve error message * docs: add missing options * Man pages: refactor common options: --annotation (manifest) * build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 * system tests: health-on-failure: fix broken logic * build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 * build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1 * ContainerEngine.SetupRootless(): Avoid calling container.Config() * Container filters: Avoid use of ctr.Config() * Avoid unnecessary calls to Container.Spec() * Add and use Container.LinuxResource() helper * play kube: notifyproxy: listen before starting the pod * play kube: add support for configmap binaryData * Add and use libpod/Container.Terminal() helper * Revert "Add checkpoint image tests" * Revert "cmd/podman: add support for checkpoint images" * healthcheck: fix --on-failure=stop * Man pages: Add mention of behavior due to XDG_CONFIG_HOME * build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6 * Avoid unnecessary timeout of 250msec when waiting on container shutdown * health checks: make on-failure action retry aware * libpod: Remove 100msec delay during shutdown * libpod: Add support for 'podman pod' on FreeBSD * libpod: Factor out cgroup validation from (*Runtime).NewPod * libpod: Move runtime_pod_linux.go to runtime_pod_common.go * specgen/generate: Avoid a nil dereference in MakePod * libpod: Factor out cgroups handling from (*Pod).refresh * Adds a link to OSX docs in CONTRIBUTING.md * Man pages: refactor common options: --os-version * Create full path to a directory when DirectoryOrCreate is used with play kube * Return error in podman system service if URI scheme is not unix/tcp * Man pages: refactor common options: --time * man pages: document some --format options: images * Clean up when stopping pods * Update vendor of containers/buildah v1.28.0 * Proof of concept: nightly dependency treadmill ++++ suse-module-tools: - Update to version 15.4.16: * modprobe.conf: s390x: remove softdep on fbcon (boo#1207853) ------------------------------------------------------------------ ------------------ 2023-2-1 - Feb 1 2023 ------------------- ------------------------------------------------------------------ ++++ docker: - update to 20.10.23-ce. * see upstream changelog at https://docs.docker.com/engine/release-notes/#201023 - drop kubic flavor as kubic is EOL. this removes: kubelet.env docker-kubic-service.conf 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch ++++ kernel-default: - scsi: Revert "scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT" (git-fixes). - commit 03470cd - scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes). - scsi: ufs: core: Enable link lost interrupt (git-fixes). - scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes). - scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes). - commit 280e1ff ------------------------------------------------------------------ ------------------ 2023-1-31 - Jan 31 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: add drivers/video/fbdev/hyperv_fb.c This branch defaults to DRM. - commit 35643e4 - ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). - ipmi:ssif: Increase the message retry time (bsc#1206459). - commit 05eee5d ------------------------------------------------------------------ ------------------ 2023-1-30 - Jan 30 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update tags patches.suse/ext4-Fix-check-for-block-being-out-of-directory-size.patch. - commit 7dd4cb0 - ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771). - commit 117a059 - ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770). - commit dfd7632 - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - commit 20e2b2f - ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768). - commit 4b2997d - btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes). - commit db40f07 - tracing/hist: Fix issue of losting command info in error_log (git-fixes). - commit 3ae8811 - tracing: Fix race where histograms can be called before the event (git-fixes). - commit 3fe5f69 - tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes). - commit 2e96b05 - blacklist.conf: add not-relevant ftrace fixes - commit 2ba4363 - blacklist.conf: add commits for tracking skb drop reasons - commit f7cc13a - blacklist.conf: add a move of trace_pid_list logic - commit 8c14765 - tracing: Fix mismatched comment in __string_len (git-fixes). - commit ed647e2 - module: Don't wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - commit 35ea4d8 - Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode" (git-fixes). - commit c8ef0bf ------------------------------------------------------------------ ------------------ 2023-1-29 - Jan 29 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes). - commit ff23887 - Delete patches.suse/0004-block-check-minor-range-in-device_add_disk.patch. - commit 89a42b5 - blacklist.conf: add git-fix commit which won't be backported - commit 1012afa - loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes). - block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes). - elevator: update the document of elevator_switch (git-fixes). - bfq: fix waker_bfqq inconsistency crash (git-fixes). - dm integrity: clear the journal on suspend (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes). - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - blk-throttle: prevent overflow while calculating wait time (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - zram: do not lookup algorithm in backends table (git-fixes). - block: ensure iov_iter advances for added pages (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - block/bio: remove duplicate append pages code (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). - dm: requeue IO if mapping table not yet available (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - Revert "Revert "block, bfq: honor already-setup queue merges"" (git-fixes). - bfq: fix use-after-free in bfq_dispatch_request (git-fixes). - block, bfq: don't move oom_bfqq (git-fixes). - block/bfq_wf2q: correct weight to ioprio (git-fixes). - dm: fix alloc_dax error handling in alloc_dev (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - block: check minor range in device_add_disk() (git-fixes). - virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes). - swim3: add missing major.h include (git-fixes). - commit 4a07308 - block: use bdev_get_queue() in bio.c (git-fixes). - Refresh for the above change, patches.suse/block-fix-rq-qos-breakage-from-skipping-rq_qos_done_.patch. - commit c3aca76 ++++ c-ares: - Update to version 1.19.0 Security: * Low. Stack overflow in ares_set_sortlist() which is used during c-ares initialization and typically provided by an administrator and not an end user. (bsc#1208067, CVE-2022-4904) Changes: * Add ARES_OPT_HOSTS_FILE similar to ARES_OPT_RESOLVCONF for specifying a custom hosts file location. Bug fixes: * Fix memory leak in reading /etc/hosts when using localhost fallback. * Fix chain building c-ares when libresolv is already included by another project. * File lookup should not immediately abort as there may be other tries due to search criteria. * Asterisks should be allowed in host validation as CNAMEs may reference wildcard domains. * AutoTools build system referenced bad STDC_HEADERS macro. * Even if one address class returns a failure for ares_getaddrinfo() we should still return the results we have. * Fix ares_getaddrinfo() numerical address resolution with AF_UNSPEC * Fix tools and help information. * Various documentation fixes and cleanups. * Add include guards to ares_data.h * c-ares could try to exceed maximum number of iovec entries supported by system. * The RFC6761 6.3 states localhost subdomains must be offline too ------------------------------------------------------------------ ------------------ 2023-1-28 - Jan 28 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: add git-fixes commits which won't be backported - commit 6443e7d ------------------------------------------------------------------ ------------------ 2023-1-27 - Jan 27 2023 ------------------- ------------------------------------------------------------------ ++++ cockpit: - restore dependency on /usr/bin/pwscore (bsc#1202277) - remove remove-pwscore.patch ++++ kernel-default: - Update patches.suse/xfs-get-root-inode-correctly-at-bulkstat.patch (git-fixes bsc#1207501 ltc#201370). - commit e6e8484 - Update patches.suse/btrfs-fix-processing-of-delayed-tree-block-refs-duri.patch (bsc#1206057 bsc#1207506 ltc#201368). - commit 15be8ec - Update patches.suse/btrfs-fix-processing-of-delayed-data-refs-during-bac.patch (bsc#1206056 bsc#1207507 ltc#201367). - commit 1354bb5 ++++ ceph: - Update to 16.2.11-57-g9be7fb44a33: + ceph.spec.in: Replace %usrmerged macro with regular version check - checkin.sh: default to ses7p branch - Update to 16.2.11-56-gc067055f8f5: + (bsc#1199183) osd, tools, kv: non-aggressive, on-line trimming of accumulated dups + (bsc#1200262) ceph-volume: fix fast device alloc size on mulitple device + (bsc#1200501) cephadm: update monitoring container images + (bsc#1200978) mgr/dashboard: prevent alert redirect + (bsc#1201797) mgr/volumes: Add subvolumegroup resize cmd + (bsc#1201837) mgr/volumes: Fix subvolume discover during upgrade (CVE-2022-0670) + (bsc#1201976) monitoring/ceph-mixin: add RGW host to label info + (bsc#1202077) mgr/dashboard: enable addition of custom Prometheus alerts + (bsc#1203375) python-common: Add 'KB' to supported suffixes in SizeMatcher + (bsc#1204430) ceph-crash: drop privleges to run as "ceph" user, rather than root (CVE-2022-3650) + (bsc#1205025) rgw: Guard against malformed bucket URLs (CVE-2022-3854) + (bsc#1205436) mgr/dashboard: fix rgw connect when using ssl ++++ sg3_utils: - Update to version 1.47+13.75d23ac: * rescan-scsi-bus: speed large multipath scans (bsc#1207706) * rescan-scsi-bus.sh speed testonline() * rescan-scsi-bus.sh: add option --no-lip-scan * rescan-scsi-bus: sgdevice26: do not traverse sg class if scsi_device isnot added * rescan-scsi-bus.sh: fix handling of '-I ' option ------------------------------------------------------------------ ------------------ 2023-1-26 - Jan 26 2023 ------------------- ------------------------------------------------------------------ ++++ jitterentropy: - jitterentropy-with-debug.patch: build with debuginfo (bsc#1207789) ++++ kernel-default: - ext4: fix deadlock due to mbcache entry corruption (bsc#1207653). - commit ea7e0f8 - ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652). - commit 5549473 - ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651). - commit c18a79b - ocfs2: clear dinode links count in case of error (bsc#1207650). - commit a2d0061 - ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649). - commit 29f0a1d - ext4,f2fs: fix readahead of verity data (bsc#1207648). - commit ed4271e - mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647). - commit 947b83a - jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646). - commit c61f342 - jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645). - commit d4e2227 - jbd2: fix potential buffer head reference count leak (bsc#1207644). - commit 45a2852 - jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643). - commit 8fd722e - vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642). - commit 4685fa4 - jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641). - commit b0b81dd - ocfs2: fix crash when mount with quota enabled (bsc#1207640). - commit 5afbf05 - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - commit 1e65abd - quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639). - commit a7495d2 - blacklist.conf: Blacklist dd5532a4994b - commit 4bd9a40 - writeback: avoid use-after-free after removing device (bsc#1207638). - commit 1776642 - ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637). - commit 17f75d7 - ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636). - commit 86dbaea - ext4: allocate extended attribute value in vmalloc area (bsc#1207635). - commit 3278f6d - ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634). - commit 587e0b3 - ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633). - commit 09b6e51 - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894). - commit e824a9a - fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632). - commit 59e5f40 - ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631). - commit fcf7010 - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - commit a4ce862 - ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630). - commit 3052920 - blacklist.conf: Blacklist 89481b5fa8c0 - commit aafc810 - ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629). - commit 9d7a800 - ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628). - commit b215d68 - ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627). - commit 5e2318b - ext4: add missing validation of fast-commit record lengths (bsc#1207626). - commit 9374e7a - ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625). - commit bea0a27 - ext4: don't set up encryption key during jbd2 transaction (bsc#1207624). - commit 94c26c2 - ext4: disable fast-commit of encrypted dir operations (bsc#1207623). - commit 8b84b5f - ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622). - commit 868c482 - ext4: don't allow journal inode to have encrypt flag (bsc#1207621). - commit fa42934 - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - commit fe391f3 - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620). - commit b0bf8bc - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619). - commit 0e8c6a3 - ext4: add helper to check quota inums (bsc#1207618). - commit 710d5f0 - blacklist.conf: Blacklist 78742d4d056d - commit 510a3a2 - ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617). - commit 4fac5ac - blacklist.conf: Blacklist 318cdc822c63 - commit efccaca - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - commit a2ec490 - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - commit 786ae72 - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - commit 0e67070 - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - commit b11568d - ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616). - commit 191b92e - ext4: factor out ext4_fc_get_tl() (bsc#1207615). - commit 4278623 - ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614). - commit 54601c7 - ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613). - commit dca6962 - ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612). - commit 65b0d99 - ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611). - commit 313959b - ext4: goto right label 'failed_mount3a' (bsc#1207610). - commit 73881e2 - ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609). - commit 60277f8 - ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608). - commit d8d3c16 - ext4: place buffer head allocation before handle start (bsc#1207607). - commit 767ca31 - ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606). - commit 7864371 - ext4: don't increase iversion counter for ea_inodes (bsc#1207605). - commit 15b3923 - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - commit 0a2f6bf - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - commit a8218a0 - ext4: don't run ext4lazyinit for read-only filesystems (bsc#1207603). - commit d920748 - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - commit efade7c - ext4: continue to expand file system when the target size doesn't reach (bsc#1206882). - commit caafbe8 - ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602). - commit 550c1e6 - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - commit 846b339 - blacklist.conf: Blacklist mballoc opimization fixes - commit 2ee70c1 - ext4: avoid resizing to a partial cluster size (bsc#1206880). - commit cee3b5d - blacklist.conf: Blacklist b24e77ef1c6d - commit 5f27096 - blacklist.conf: Blacklist 51ae846cff56 - commit 8cb8660 - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - commit 7565182 - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - commit 5344160 - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - commit 51cff2a - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - commit 0336ab6 - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - commit b84af9c - blacklist.conf: Blacklist 4978c659e7b5 - commit a7e7239 - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - commit e6b6979 - blacklist.conf: Blacklist fs/ext2 - commit 1e7297b - blacklist.conf: Blacklist 4efd9f0d120c - commit 3b5e25a - ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594). - commit 90713b0 - blacklist.conf: Blacklist c864ccd182d6 - commit bc0a035 - blacklist.conf: Blacklist cc5095747edf - commit 60d47ef - ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593). - commit 2407741 - ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592). - commit b2577a3 - ext4: fast commit may miss file actions (bsc#1207591). - commit ea4e204 - ext4: fast commit may not fallback for ineligible commit (bsc#1207590). - commit 5e4d8de - ext4: simplify updating of fast commit stats (bsc#1207589). - commit 85414f9 - ext4: drop ineligible txn start stop APIs (bsc#1207588). - commit 62a4d65 - vfs: make sync_filesystem return errors from ->sync_fs (git-fixes). - commit eff9790 - fs: remove __sync_filesystem (git-fixes). - commit 88736d7 - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - commit e201f3b ++++ systemd: - Move systemd-cryptenroll into udev package. ++++ tiff: - security update: * CVE-2022-48281 [bsc#1207413] + tiff-CVE-2022-48281.patch ------------------------------------------------------------------ ------------------ 2023-1-25 - Jan 25 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update patches.suse/btrfs-send-fix-sending-link-commands-for-existing-fi.patch (bsc#1206036 bsc#1207500 ltc#201363). - commit 5345944 - efi: rt-wrapper: Add missing include (git-fixes). - commit 3d91aef - mei: me: add meteor lake point M DID (git-fixes). - USB: serial: option: add Quectel EM05CN modem (git-fixes). - USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes). - USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes). - USB: serial: option: add Quectel EC200U modem (git-fixes). - USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes). - usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes). - usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes). - xhci: Fix null pointer dereference when host dies (git-fixes). - xhci-pci: set the dma max_seg_size (git-fixes). - drm/amd/display: Fix set scaling doesn's work (git-fixes). - drm/i915/display: Check source height is > 0 (git-fixes). - wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes). - nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes). - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes). - fbdev: omapfb: avoid stack overflow warning (git-fixes). - virtio_pci: modify ENOENT to EINVAL (git-fixes). - arm64: efi: Execute runtime services from a dedicated stack (git-fixes). - drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes). - drm/amdgpu: drop experimental flag on aldebaran (git-fixes). - staging: mt7621-dts: change some node hex addresses to lower case (git-fixes). - commit bd99d4d ++++ libcontainers-common: - Reverts https://build.opensuse.org/request/show/1060361 Changes introduced to c/storage's storage.conf which adds a driver_priority attribute would break consumers of libcontainer-common as long as those packages are vendoring an older c/storage version. Instead of patching every consumer, we're reverting this change, until those packages have been updated downstream. [boo#1207509] ++++ libnvme: - Fix import error in python-libnvme (bsc#1207159) * add 0024-libnvme.map-export-nvme_ctrl_-get-set-_dhchap_host_k.patch - spec file: add %check target ++++ openssl-1_1: - Security Fix: [bsc#1207533, CVE-2023-0286] * Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address * Add openssl-CVE-2023-0286.patch - Security Fix: [bsc#1207536, CVE-2023-0215] * Use-after-free following BIO_new_NDEF() * Add patches: - openssl-CVE-2023-0215-1of4.patch - openssl-CVE-2023-0215-2of4.patch - openssl-CVE-2023-0215-3of4.patch - openssl-CVE-2023-0215-4of4.patch - Security Fix: [bsc#1207538, CVE-2022-4450] * Double free after calling PEM_read_bio_ex() * Add patches: - openssl-CVE-2022-4450-1of2.patch - openssl-CVE-2022-4450-2of2.patch - Security Fix: [bsc#1207534, CVE-2022-4304] * Timing Oracle in RSA Decryption * Add patches: - openssl-CVE-2022-4304-1of2.patch - openssl-CVE-2022-4304-2of2.patch ++++ vim: - Updated to version 9.0 with patch level 1234, fixes the following security problems * Fixing bsc#1207396 VUL-0: CVE-2023-0433: vim: Heap-based Buffer Overflow in vim prior to 9.0.1225 * Fixing bsc#1207162 VUL-1: CVE-2023-0288: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189. * Fixing bsc#1206868 VUL-1: CVE-2023-0054: vim: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. * Fixing bsc#1206867 VUL-1: CVE-2023-0051: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144. * Fixing bsc#1206866 VUL-1: CVE-2023-0049: vim: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. - refreshed vim-7.4-highlight_fstab.patch - for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1040...v9.0.1234 ------------------------------------------------------------------ ------------------ 2023-1-24 - Jan 24 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes). - commit 2c44713 - tracing: Fix issue of missing one synthetic field (git-fixes). - commit 3def245 - tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes). - commit 6ed0eab - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes). - commit 750c560 - tracing/hist: Fix wrong return value in parse_action_params() (git-fixes). - commit ebbb4bd - tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes). - commit e866c70 - tracing/probes: Handle system names with hyphens (git-fixes). - commit 2323e61 - ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes). - commit a14379e - ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes). - commit 8869d2a - tracing: Add DYNAMIC flag for dynamic events (git-fixes). - kABI: Preserve TRACE_EVENT_FL values (git-fixes). - commit f696f09 - IB/mad: Don't call to function that might sleep while in atomic context (git-fixes). - commit 1b3cb60 - cifs: remove unused function (bsc#1193629). - commit dddb552 - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629). - commit 107299a - cifs: handle cache lookup errors different than -ENOENT (bsc#1193629). - commit 263d1e1 - cifs: remove duplicate code in __refresh_tcon() (bsc#1193629). - commit ede0049 - cifs: don't take exclusive lock for updating target hints (bsc#1193629). - commit 441f914 - cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629). - commit 6dbdc1d - cifs: fix potential deadlock in cache_refresh_path() (git-fixes). - commit 4646a4f - jbd2: use the correct print format (git-fixes). - commit 34db311 - tracing: Fix warning on variable 'struct trace_array' (git-fixes). - commit 771db36 - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes). - commit ac58cae - tracing: Avoid adding tracer option before update_tracer_options (git-fixes). - commit ce3e735 - tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes). - commit 52007fe - tracing: Make tp_printk work on syscall tracepoints (git-fixes). - commit b728605 - tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes). - blacklist.conf: Remove the commit from the list - commit 54d48a6 - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes). - commit 954cfad - blacklist.conf: prerequisites break kABI - commit ea0d023 - tracing: Have type enum modifications copy the strings (git-fixes). - commit fdf4a79 - mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes). - commit 5bb0d81 - tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes). - commit 9aa6f06 - tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes). - commit 31030cc - tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes). - commit d84d209 - tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes). - commit 2d97144 - ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes). - commit fb54c7f ------------------------------------------------------------------ ------------------ 2023-1-23 - Jan 23 2023 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 4.1.2 - Don't try to mount user mounts if they don't exist [boo#1207366] ++++ kernel-default: - ath11k_hw_params unremane cal_size (bsc#1199701 CVE-2020-24588). - commit 042d893 - ath11k_hw_params reinsert deleted members (bsc#1199701 CVE-2020-24588). - commit 36b3581 - netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits (CVE-2023-0179 bsc#1207034). - commit 3ea68f0 - tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - commit 1b48195 - tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - commit 42e71d6 - SUNRPC: Don't dereference xprt->snd_task if it's a cookie (git-fixes). - commit b6b2aeb - tracing: Add '__rel_loc' using trace event macros (git-fixes). - commit 6bca62f - tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes). - commit c14bed0 - tracing: Fix a kmemleak false positive in tracing_map (git-fixes). - commit de3f801 - tracing: Don't use out-of-sync va_list in event printing (git-fixes). - commit cf27dc0 - SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes). - commit 1620581 - SUNRPC: Update trace flags (git-fixes). - commit 491eea9 - blacklist.conf: add a not-relevant ftrace fix - commit a05a606 - scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (bsc#1206006). - commit f397f8a - blacklist.conf: Add upstream config paths. - commit 4a7f4f2 - sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes) - commit cd7192b - sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes) - commit 3e6177d - sched/core: Introduce sched_asym_cpucap_active() (git-fixes) - commit 97e4a68 - sched, cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes) - commit 18a9947 - wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes) - commit ad3a9e3 - sched/core: Avoid obvious double update_rq_clock warning (git-fixes) - commit 97af059 - sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes) - commit b78774a - sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes) - commit 8c13d3e - sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes) - commit acf4640 - ath11k_hwparams: hide new member spectral (bsc#1199701 CVE-2020-24588). - commit 665734d - Refresh patches.suse/USB-gadgetfs-Fix-race-between-mounting-and-unmountin.patch. Now in mainline. Add to sorted section. - commit 6995158 - kABI workaround for struct acpi_ec (bsc#1207149). - commit 67b47b6 - ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149). - ACPI: EC: Fix EC address space handler unregistration (bsc#1207149). - ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149). - ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149). - commit 6a8ca13 - Update patches.suse/crypto-dh-implement-FIPS-PCT.patch (jsc#SLE-21132,bsc#1191256,bsc#1207184). - commit 0f2985d - Update patches.suse/crypto-ecdh-implement-FIPS-PCT.patch (jsc#SLE-21132,bsc#1191256,bsc#1207184). - commit 65a34a6 ++++ systemd: - Make sure that /lib/udev exists and is a symlink to /usr/lib/udev when the testsuite is run. ++++ openSUSE-repos-LeapMicro: - Update to version 20230123.088570b: * Use http as the redirect target does not support https * Add openh264 repos as enabled by default ------------------------------------------------------------------ ------------------ 2023-1-22 - Jan 22 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - VMCI: Use threaded irqs instead of tasklets (git-fixes). - gsmi: fix null-deref in gsmi_get_variable (git-fixes). - misc: fastrpc: Fix use-after-free race condition for maps (git-fixes). - misc: fastrpc: Don't remove map on creater_process and device_release (git-fixes). - w1: fix WARNING after calling w1_process() (git-fixes). - w1: fix deadloop in __w1_remove_master_device() (git-fixes). - driver core: Fix test_async_probe_init saves device in wrong array (git-fixes). - staging: vchiq_arm: fix enum vchiq_status return types (git-fixes). - serial: atmel: fix incorrect baudrate setup (git-fixes). - tty: fix possible null-ptr-defer in spk_ttyio_release (git-fixes). - serial: pch_uart: Pass correct sg to dma_unmap_sg() (git-fixes). - tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (git-fixes). - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes). - usb: host: ehci-fsl: Fix module alias (git-fixes). - usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes). - usb: gadget: g_webcam: Send color matching descriptor per frame (git-fixes). - usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes). - usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes). - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (git-fixes). - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (git-fixes). - usb: xhci: Check endpoint is valid before dereferencing it (git-fixes). - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (git-fixes). - usb: cdns3: remove fetched trb from cache before dequeuing (git-fixes). - thunderbolt: Use correct function to calculate maximum USB3 link rate (git-fixes). - thunderbolt: Do not call PM runtime functions in tb_retimer_scan() (git-fixes). - thunderbolt: Do not report errors if on-board retimers are found (git-fixes). - pinctrl: rockchip: fix mux route data for rk3568 (git-fixes). - mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (git-fixes). - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (git-fixes). - PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes). - soc: imx8m: Fix incorrect check for of_clk_get_by_name() (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_notification (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_response (git-fixes). - memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (git-fixes). - memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (git-fixes). - memory: tegra: Remove clients SID override programming (git-fixes). - drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (git-fixes). - drm/amd/display: Calculate output_color_space after pixel encoding adjustment (git-fixes). - drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes). - drm/i915: re-disable RC6p on Sandy Bridge (git-fixes). - dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (git-fixes). - dmaengine: Fix double increment of client_count in dma_chan_get() (git-fixes). - dmaengine: tegra210-adma: fix global intr clear (git-fixes). - phy: phy-can-transceiver: Skip warning if no "max-bitrate" (git-fixes). - phy: Revert "phy: qualcomm: usb28nm: Add MDM9607 init sequence" (git-fixes). - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (git-fixes). - phy: ti: fix Kconfig warning and operator precedence (git-fixes). - Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" (git-fixes). - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (git-fixes). - wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (git-fixes). - virtio-net: correctly enable callback during start_xmit (git-fixes). - net: mdio: validate parameter addr in mdiobus_get_phy() (git-fixes). - net: usb: sr9700: Handle negative len (git-fixes). - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (git-fixes). - net: nfc: Fix use-after-free in local_cleanup() (git-fixes). - l2tp: Don't sleep and disable BH under writer-side sk_callback_lock (git-fixes). - commit b75f08a - comedi: adv_pci1760: Fix PWM instruction handling (git-fixes). - ACPI: PRM: Check whether EFI runtime is available (git-fixes). - ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes). - Revert "ARM: dts: armada-39x: Fix compatible string for gpios" (git-fixes). - Revert "ARM: dts: armada-38x: Fix compatible string for gpios" (git-fixes). - arm64: dts: qcom: msm8992: Don't use sfpb mutex (git-fixes). - arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git-fixes). - ARM: imx: add missing of_node_put() (git-fixes). - arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes). - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes). - ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes). - ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes). - Revert "arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0" (git-fixes). - dmaengine: lgm: Move DT parsing after initialization (git-fixes). - dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes). - dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (git-fixes). - dmaengine: idxd: Let probe fail when workqueue cannot be enabled (git-fixes). - Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes). - Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes). - commit 5b33587 ------------------------------------------------------------------ ------------------ 2023-1-21 - Jan 21 2023 ------------------- ------------------------------------------------------------------ ++++ systemd: - Import commit 1bfa716e7fb6d7169cece864e75dfe9e52914c99 (merge of v249.14) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/540e0bd5374f9f42f1e645eb15971431ebb4b8c8...1bfa716e7fb6d7169cece864e75dfe9e52914c99 - Rebase 1001-udev-use-lock-when-selecting-the-highest-priority-de.patch ------------------------------------------------------------------ ------------------ 2023-1-20 - Jan 20 2023 ------------------- ------------------------------------------------------------------ ++++ gnutls: - FIPS: Change all the 140-2 references to FIPS 140-3 in order to account for the new FIPS certification [bsc#1207346] * Add gnutls-FIPS-140-3-references.patch ++++ kernel-default: - Update patches.suse/HID-check-empty-report_list-in-hid_validate_values.patch (git-fixes, bsc#1206784). - commit b88f181 - Update patches.suse/HID-check-empty-report_list-in-bigben_probe.patch (git-fixes, bsc#1206784). - commit dc5fa1c - Update patches.suse/HID-betop-check-shape-of-output-reports.patch (git-fixes, bsc#1207186). - commit fb93871 - USB: gadgetfs: Fix race between mounting and unmounting (CVE-2022-4382 bsc#1206258). - commit 458382c - git_sort: add usb-linus branch for gregkh/usb - commit 67c0004 ++++ tpm2-0-tss: - add 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch: fixes CVE-2023-22745 (bsc#1207325): Buffer Overlow in TSS2_RC_Decode. Overly large RC values passed to the TSS2 function could lead to memory overread or memory overread. ------------------------------------------------------------------ ------------------ 2023-1-19 - Jan 19 2023 ------------------- ------------------------------------------------------------------ ++++ cpupower: - Originally by aabdallah@suse.com: Don't exist if perf is unavailable. * Fix for SG#64023, bsc#1202890: A turbostat-Dont-exist-if-perf-is-unavailable.patch: ++++ kernel-default: - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: scsi_debug: Fix a warning in resp_report_zones() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_verify() (git-fixes). - scsi: efct: Fix possible memleak in efct_device_init() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: elx: libefc: Fix second parameter type in state callbacks (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - commit fd6cfde - Update patch reference for sound fix (CVE-2023-0266 bsc#1207134) - commit a076073 - btrfs: join running log transaction when logging new name (bsc#1207263). - commit 862de17 - btrfs: fix assertion failure when logging directory key range item (bsc#1207263). - commit fdf19d2 - btrfs: prepare extents to be logged before locking a log tree path (bsc#1207263). - commit 2e8db4d - btrfs: remove useless path release in the fast fsync path (bsc#1207263). - commit 6542fdf - btrfs: use single variable to track return value at btrfs_log_inode() (bsc#1207263). - commit 801e9e3 - btrfs: avoid inode logging during rename and link when possible (bsc#1207263). - commit 8842469 - bnxt_en: add dynamic debug support for HWRM messages (git-fixes). - Refresh patches.suse/bnxt_en-Increase-firmware-message-response-DMA-wait-.patch. - commit 8e93e3e - i40e: Disallow ip4 and ip6 l4_4_bytes (git-fixes). - i40e: Fix not setting default xps_cpus after reset (git-fixes). - octeontx2-pf: Fix potential memory leak in otx2_init_tc() (jsc#SLE-24682). - igb: Allocate MSI-X vector when testing (git-fixes). - net: tun: Fix use-after-free in tun_detach() (git-fixes). - i40e: Fix error handling in i40e_init_module() (git-fixes). - ixgbevf: Fix resource leak in ixgbevf_init_module() (git-fixes). - qlcnic: fix sleep-in-atomic-context bugs caused by msleep (git-fixes). - octeontx2-af: Fix reference count issue in rvu_sdp_init() (jsc#SLE-24682). - octeontx2-pf: Add check for devm_kcalloc (git-fixes). - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (git-fixes). - sfc: fix potential memleak in __ef100_hard_start_xmit() (git-fixes). - octeontx2-af: debugsfs: fix pci device refcount leak (git-fixes). - net/mlx4: Check retval of mlx4_bitmap_init (git-fixes). - net: liquidio: simplify if expression (git-fixes). - net: ena: Fix error handling in ena_init() (git-fixes). - bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes). - net: macvlan: Use built-in RCU list checking (git-fixes). - net: liquidio: release resources when liquidio driver open failed (git-fixes). - net: macvlan: fix memory leaks of macvlan_common_newlink (git-fixes). - cxgb4vf: shut down the adapter when t4vf_update_port_info() failed in cxgb4vf_open() (git-fixes). - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (git-fixes). - net: tun: call napi_schedule_prep() to ensure we own a napi (git-fixes). - drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (git-fixes). - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (git-fixes). - tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (git-fixes). - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-fixes). - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes). - bnxt_en: fix the handling of PCIE-AER (git-fixes). - bnxt_en: refactor bnxt_cancel_reservations() (git-fixes). - net: tun: Fix memory leaks of napi_get_frags (git-fixes). - commit 098df56 - btrfs: stop doing unnecessary log updates during a rename (bsc#1207263). - commit af7d282 - btrfs: remove unnecessary NULL check for the new inode during rename exchange (bsc#1207263). - commit bf101e4 - btrfs: avoid logging all directory changes during renames (bsc#1207263). - commit 4234518 - HID: betop: check shape of output reports (git-fixes). - HID: revert CHERRY_MOUSE_000C quirk (git-fixes). - HID: check empty report_list in bigben_probe() (git-fixes). - HID: check empty report_list in hid_validate_values() (git-fixes). - HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes). - tomoyo: fix broken dependency on *.conf.default (git-fixes). - efi: tpm: Avoid READ_ONCE() for accessing the event log (git-fixes). - docs: Fix the docs build with Sphinx 6.0 (git-fixes). - drm/i915/gt: Reset twice (git-fixes). - regulator: da9211: Use irq handler when ready (git-fixes). - pinctrl: amd: Add dynamic debugging for active GPIOs (git-fixes). - arm64: atomics: format whitespace consistently (git-fixes). - commit a241497 ++++ systemd: - Don't overwrite /etc/pam.d/systemd-user on update (bsc#1207264) Regression introduced when systemd was forked for 15.4. ++++ rpm: - update pythondeps-python310.diff: replace with minimal fix to support python 3.xx (bsc#1207294) - add pythondeps-python310.diff and add match-python-version-if-minor.diff: * fix missing python(abi) for 3.XX versions (bsc#1207294) ------------------------------------------------------------------ ------------------ 2023-1-18 - Jan 18 2023 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 4.1.1 - Mount user specific binddirs last: Prevously the internal mounts would potentially overwrite user bind mounts [boo#1205011] - selinux: Relabel shadowed /var files during update to make sure they don't interfere with the update [boo#1205937] - Clean up /var/lib/overlay more aggressively [boo#1206947] - tukit: Merge /etc overlay into parent if --discard is used together with --continue - previously the files were incorrectly always merged with the currently running system - status: do not execute the status command if experimental - Don't delete created mount point dirs any more - Small code optimizations ++++ haproxy: - VUL-0: CVE-2023-0056: haproxy: segfault DoS (bsc#1207181) o Apply upstream patch: 0001-BUG-MEDIUM-mux-h2-Refuse-interim-responses-with-end-.patch ++++ kernel-default: - PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP (bsc#1207269). - commit d337d79 - btrfs: pass the dentry to btrfs_log_new_name() instead of the inode (bsc#1207263). - commit db8e195 - btrfs: add helper to delete a dir entry from a log tree (bsc#1207263). - commit f7a9c31 - btrfs: stop trying to log subdirectories created in past transactions (bsc#1207263). - commit 7c6f2ce - btrfs: stop copying old dir items when logging a directory (bsc#1207263). - commit f0f8008 - btrfs: put initial index value of a directory in a constant (bsc#1207263). - commit 72e8d53 - KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init() (bsc#1206616). - Refresh patches.suse/KVM-x86-Report-error-when-setting-CPUID-if-Hyper-V-a.patch. - commit 957a2a9 - btrfs: don't log unnecessary boundary keys when logging directory (bsc#1207263). - commit 4b59646 - btrfs: remove write and wait of struct walk_control (bsc#1207263). - commit f7b4e9a - ath11k: change return buffer manager for QCA6390 (bsc#1199701 CVE-2020-24588). - Refresh patches.kabi/hide-appended-member-supports_dynamic_smps_6ghz.patch. - Refresh patches.suse/ath11k-set-correct-NL80211_FEATURE_DYNAMIC_SMPS-for-.patch. - commit 9f7ada4 - ath11k: Change number of TCL rings to one for QCA6390 (bsc#1199701 CVE-2020-24588). - Refresh patches.kabi/hide-appended-member-supports_dynamic_smps_6ghz.patch. - Refresh patches.suse/ath11k-set-correct-NL80211_FEATURE_DYNAMIC_SMPS-for-.patch. - commit d6ca39b - net: sched: disallow noqueue for qdisc classes (bsc#1207237 CVE-2022-47929). - commit f7f84ac - Refresh patches.suse/scsi-mpt3sas-Remove-usage-of-dma_get_required_mask-A.patch. - commit cdcfa1d - ath11k: use hw_params to access board_size and cal_offset (bsc#1199701 CVE-2020-24588). - commit e135fc0 - ath11k: Add spectral scan support for QCN9074 (bsc#1199701 CVE-2020-24588). - commit 026f93a - ath11k: Introduce spectral hw configurable param (bsc#1199701 CVE-2020-24588). - commit 576bcf6 - ath11k: Refactor spectral FFT bin size (bsc#1199701 CVE-2020-24588). - commit ab5a009 - blacklist.conf: kABI - commit 2049d90 - blacklist.conf: fix affects only unsupported hardware and is complex - commit f76a544 - mt76: mt7921: avoid unnecessary spin_lock/spin_unlock in mt7921_mcu_tx_done_event (git-fixes). - commit 089efbe - blacklist.conf: false positive - commit 62d28a7 ++++ multipath-tools: - Fix "rpm --verify" (bsc#1207232) ++++ bluez: - Add mgmt-tester-Fix-null-dereference-issue-reported-by-s.patch - This patch fixes the null dereference reported by the scan-build. (bsc#1204426)(CVE-2022-3563) ------------------------------------------------------------------ ------------------ 2023-1-17 - Jan 17 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Documentation: Remove bogus claim about del_timer_sync() (git-fixes). - commit 1100a76 - cifs: Fix uninitialized memory read for smb311 posix symlink create (git-fixes). - commit 6c87295 - cifs: fix potential memory leaks in session setup (bsc#1193629). - commit a50abb3 - cifs: do not query ifaces on smb1 mounts (git-fixes). - commit 525e434 - cifs: fix double free on failed kerberos auth (git-fixes). - commit c048c3a - cifs: remove redundant assignment to the variable match (bsc#1193629). - commit 5b8956d - cifs: fix file info setting in cifs_open_file() (git-fixes). - commit e6259cb - cifs: fix file info setting in cifs_query_path_info() (git-fixes). - commit 1b4d4fe - cifs: fix interface count calculation during refresh (git-fixes). - commit 46ee30a - cifs: refcount only the selected iface during interface update (git-fixes). - commit bd6c57b - cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1193629). - commit bc728e2 - cifs: fix race in assemble_neg_contexts() (bsc#1193629). - commit b120307 - cifs: ignore ipc reconnect failures during dfs failover (bsc#1193629). - commit 2b37719 - wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload (git-fixes). - commit 1185bd8 - wifi: mt76: sdio: poll sta stat when device transmits data (git-fixes). - commit a94c4e2 - wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (git-fixes). - commit 5e2a5dd - wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (git-fixes). - commit 14a8748 - tick/sched: Fix non-kernel-doc comment (git-fixes). - commit f87a2cc - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation. - commit 6458db5 ++++ openssl-1_1: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] * Add openssl-fips-DH-Pair-wise-Consistency.patch ++++ podman: - add patch: 0003-Only-override-the-graphdriver-to-vfs-if-the-priority.patch (backport of https://github.com/containers/storage/pull/1468) ++++ python-py: - Remove all traces of py._path.svn{url,wc}. (bsc#1204364, CVE-2022-42969) - Add patch remove-svn-remants.patch to help with that goal. - Refresh pr_222.patch as needed for above. ++++ tcl: - [bsc#1206623], tcl-string-compare.patch: Fix [string compare -length] on big endian and improve [string equal] on little endian. ------------------------------------------------------------------ ------------------ 2023-1-16 - Jan 16 2023 ------------------- ------------------------------------------------------------------ ++++ gnutls: - FIPS: GnuTLS DH/ECDH PCT public key regeneration [bsc#1207183] * Add gnutls-FIPS-PCT-DH.patch gnutls-FIPS-PCT-ECDH.patch ++++ kernel-default: - blacklist.conf: 461ab10ef7e6 ("ceph: switch to vfs_inode_has_locks() to fix file lock bug") - commit fd3cf81 - rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage - commit 6020754 - USB: gadget: Fix use-after-free during usb config switch (git-fixes). - commit 0889148 - usb: gadget: udc: core: remove usage of list iterator past the loop body (git-fixes). - commit 0bb0a32 - usb: gadget: udc: core: Revise comments for USB ep enable/disable (git-fixes). - commit f9853da - usb: gadget: udc: core: Print error code in usb_gadget_probe_driver() (git-fixes). - commit 31875c7 - usb: gadget: udc: core: Use pr_fmt() to prefix messages (git-fixes). - commit 89beb81 - usb: fotg210-udc: Fix ages old endianness issues (git-fixes). - commit 324082f - blacklist.conf: false positive - commit eb58aba - blacklist.conf: false positive - commit 23de7da - blacklist.conf: false positive - commit 19ef3e5 - blacklist.conf: cleanup that changes kABI - commit eea8908 - blacklist.conf: false positive - commit 52ff06b - s390/qeth: fix various format strings (git-fixes). - commit 2ee54d9 ++++ sudo: - Added sudo-CVE-2023-22809.patch * CVE-2023-22809 * bsc#1207082 * Prevent '--' in the EDITOR environment variable which can allow users to edit sensitive files as root. ------------------------------------------------------------------ ------------------ 2023-1-14 - Jan 14 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (git-fixes). - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP platform (git-fixes). - ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (git-fixes). - ALSA: hda/realtek - Turn on power early (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - commit ffbf830 - efi: fix userspace infinite retry read efivars after EFI runtime services page fault (git-fixes). - ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (git-fixes). - ASoC: wm8904: fix wrong outputs volume after power reactivation (git-fixes). - ALSA: control-led: use strscpy in set_led_id() (git-fixes). - ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle (git-fixes). - ALSA: hda: cs35l41: Don't return -EINVAL from system suspend/resume (git-fixes). - ALSA: usb-audio: Relax hw constraints for implicit fb sync (git-fixes). - ALSA: usb-audio: Make sure to stop endpoints before closing EPs (git-fixes). - platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (git-fixes). - platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (git-fixes). - platform/surface: aggregator: Add missing call to ssam_request_sync_free() (git-fixes). - platform/surface: aggregator: Ignore command messages not intended for us (git-fixes). - platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe (git-fixes). - drm/msm/adreno: Make adreno quirks not overwrite each other (git-fixes). - drm/msm: another fix for the headless Adreno GPU (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix description of core clock (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (git-fixes). - dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (git-fixes). - drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (git-fixes). - dt-bindings: msm/dsi: Don't require vdds-supply on 10nm PHY (git-fixes). - dt-bindings: msm/dsi: Don't require vcca-supply on 14nm PHY (git-fixes). - drm/virtio: Fix GEM handle creation UAF (git-fixes). - commit 127798d ++++ nfs-utils: - 0026-modprobe-avoid-error-messages-if-sbin-sysctl-fail.patch Avoid modprobe errors when sysctl is not installed. (bsc#1200710 bsc#1207022 bsc#1206781) - 0027-nfsd-allow-server-scope-to-be-set-with-config-or-com.patch Add "-S scope" option to rpc.nfsd to simplify fail-over cluster config. (bsc#1203746) ------------------------------------------------------------------ ------------------ 2023-1-13 - Jan 13 2023 ------------------- ------------------------------------------------------------------ ++++ firewalld: - Fix firewall-offline-cmd fails with ERROR: Calling pre func Added following patch (bsc#1206928) [+ 0003-firewall-offline-cmd-fail-fix.patch] ++++ kernel-default: - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - commit 49b518d - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (git-fixes). - ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (git-fixes). - ALSA: line6: fix stack overflow in line6_midi_transmit (git-fixes). - ALSA: line6: correct midi status byte when receiving data from podxt (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (git-fixes). - drm/amdgpu: handle polaris10/11 overlap asics (v2) (git-fixes). - drm/amdgpu: make display pinning more flexible (v2) (git-fixes). - HID: plantronics: Additional PIDs for double volume key presses quirk (git-fixes). - HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (git-fixes). - remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (git-fixes). - soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (git-fixes). - PCI: Fix pci_device_is_present() for VFs by checking PF (git-fixes). - wifi: wilc1000: sdio: fix module autoloading (git-fixes). - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (git-fixes). - ima: Fix a potential NULL pointer access in ima_restore_measurement_list (git-fixes). - ipmi: fix long wait in unload when IPMI disconnect (git-fixes). - drm/connector: send hotplug uevent on connector cleanup (git-fixes). - ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (git-fixes). - selftests: Use optional USERCFLAGS and USERLDFLAGS (git-fixes). - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (git-fixes). - selftests: set the BUILD variable to absolute path (git-fixes). - drm/i915/migrate: fix length calculation (git-fixes). - drm/i915/migrate: fix offset calculation (git-fixes). - drm/i915/migrate: don't check the scratch page (git-fixes). - commit 1d4442d - media: stv0288: use explicitly signed char (git-fixes). - commit 72af28b - mm: compaction: kABI: avoid pglist_data kABI breakage (bsc#1207010). - commit 488d3ad ++++ libappindicator3: - Provide RH/Fedora used libappindicator-gtk3 symbol required by Slack (bsc#1207112). ++++ libcontainers-common: - storage.conf: Unset 'driver' and set 'driver_priority' to allow podman to use 'btrfs' if available and fallback to 'overlay' if not. - .spec: rm %post script to set 'btrfs' as storage driver in storage.conf ++++ podman: - Make the priority for picking the storage driver configurable (bsc#1197093) (backport of https://github.com/containers/storage/pull/1460) - add patch: 0002-Make-the-priority-for-picking-the-storage-driver-con.patch ------------------------------------------------------------------ ------------------ 2023-1-12 - Jan 12 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path (performance bsc#1203219). - commit 82bc0ed - mm: compaction: support triggering of proactive compaction by user (bsc#1207010). - commit a9c5d6a - octeontx2-pf: Fix lmtst ID used in aura free (jsc#SLE-24682). - octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B header extraction support (jsc#SLE-24682). - octeontx2-pf: Fix pfc_alloc_status array overflow (jsc#SLE-24682). - octeontx2-pf: Fix SQE threshold checking (jsc#SLE-24682). - octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (jsc#SLE-24682). - octeontx2-pf: Fix unused variable build error (jsc#SLE-24682). - octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly (jsc#SLE-24682). - octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon (jsc#SLE-24682). - octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon (jsc#SLE-24682). - octeontx2-af: return correct ptp timestamp for CN10K silicon (jsc#SLE-24682). - octeontx2-pf: Add egress PFC support (jsc#SLE-24682). - octeontx2-pf: Reduce minimum mtu size to 60 (jsc#SLE-24682). - octeontx2-af: Set NIX link credits based on max LMAC (jsc#SLE-24682). - octeontx2-af: Limit link bringup time at firmware (jsc#SLE-24682). - octeontx2-af: Skip CGX/RPM probe incase of zero lmac count (jsc#SLE-24682). - octeontx2: Modify mbox request and response structures (jsc#SLE-24682). - octeontx2-af: Don't reset previous pfc config (jsc#SLE-24682). - octeontx2-af: fix operand size in bitwise operation (jsc#SLE-24682). - commit a2de709 - cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP mode (bsc#1201068). - commit 15e54a9 - cpufreq: ACPI: Only set boost MSRs on supported CPUs (bsc#1205485). - commit 2fc91f1 - cpufreq: ACPI: Remove unused variables 'acpi_cpufreq_online' and 'ret' (bsc#1205485). - commit bac712b - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove call to memset before free device/resource/connection (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - drbd: set QUEUE_FLAG_STABLE_WRITES (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - commit 26591d7 ++++ mozilla-nss: - Add upstream patch nss-fix-bmo1774654.patch to fix CVE-2022-3479 (bsc#1204272) ++++ salt: - Control the collection of lvm grains via config (bsc#1204939) - Added: * control-the-collection-of-lvm-grains-via-config.patch ------------------------------------------------------------------ ------------------ 2023-1-11 - Jan 11 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update patches.suse/dmaengine-idxd-Fix-crc_val-field-for-completion-reco.patch (bsc#1206554). Added bugzilla number - commit 1fe5012 - blacklist.conf: add two drbd git-fixes to ignore - commit d03d927 - ibmveth: Always stop tx queues during close (bsc#1065729). - commit 11e0f4a - cpufreq: ACPI: Defer setting boost MSRs (bsc#1205485). - commit 32f938b - Refresh patches.suse/octeontx2-Move-devlink-registration-to-be-last-devli.patch. Added missing hunk in backport. - commit 9b34e71 - xfs: get root inode correctly at bulkstat (git-fixes). - commit ecbb587 - xfs: get rid of assert from xfs_btree_islastblock (git-fixes). - commit f759e44 - xfs: fix incorrect i_nlink caused by inode racing (git-fixes). - commit c814812 - xfs: fix incorrect error-out in xfs_remove (git-fixes). - commit 0241b15 - xfs: initialize the check_owner object fully (git-fixes). - commit 42eb8fb - xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes). - commit 48cbefa - xfs: fix memory leak in xfs_errortag_init (git-fixes). - commit 881b44a - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes). - commit 0bf8d62 - xfs: return errors in xfs_fs_sync_fs (git-fixes). - commit 0f9b0ad - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes). - commit 9430296 - powerpc: Take in account addition CPU node when building kexec FDT (bsc#1207016 ltc#201108). - powerpc: export the CPU node count (bsc#1207016 ltc#201108). - commit 4ca3eba - xfs: fix maxlevels comparisons in the btree staging code (git-fixes). - commit d0f5fd6 - blacklist.conf: misattributed - commit ee5f25a - blacklist.conf: too risky - commit 51ffe7a - blacklist.conf: misattributed, we do not have this bug - commit bc3473d ++++ mozilla-nss: - update to NSS 3.79.3 (bsc#1207038) * Bug 1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates (CVE-2022-23491) ------------------------------------------------------------------ ------------------ 2023-1-10 - Jan 10 2023 ------------------- ------------------------------------------------------------------ ++++ samba: - CVE-2022-38023 Additional patches for the PDC role's netlogon server; (bso#15240); (bsc#1206504); ------------------------------------------------------------------ ------------------ 2023-1-9 - Jan 9 2023 ------------------- ------------------------------------------------------------------ ++++ hwinfo: - merge gh#openSUSE/hwinfo#127 - create xen usb controller device if necessary (bsc#1204294) - 21.84 ++++ kernel-default: - cifs: Fix kmap_local_page() unmapping (git-fixes). - commit ff2c079 - Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout" (git-fixes). - drm/i915/gvt: fix vgpu debugfs clean in remove (git-fixes). - drm/i915/gvt: fix gvt debugfs destroy (git-fixes). - drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (git-fixes). - drm/imx: ipuv3-plane: Fix overlay plane width (git-fixes). - drm/meson: Reduce the FIFO lines held when AFBC is not used (git-fixes). - drm/panfrost: Fix GEM handle creation ref-counting (git-fixes). - thermal: int340x: Add missing attribute for data rate base (git-fixes). - caif: fix memory leak in cfctrl_linkup_request() (git-fixes). - usb: rndis_host: Secure rndis_query check against int overflow (git-fixes). - dt-bindings: net: sun8i-emac: Add phy-supply property (git-fixes). - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (git-fixes). - nfc: Fix potential resource leaks (git-fixes). - vmxnet3: correctly report csum_level for encapsulated packet (git-fixes). - gpio: sifive: Fix refcount leak in sifive_gpio_probe (git-fixes). - fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (git-fixes). - commit ac1915a ++++ net-snmp: - Hardening systemd services setting "ProtectHome=true" caused home directory size and allocation to be listed incorrectly (bsc#1206044). add: * net-snmp-5.9.3-harden_snmpd.service.patch * net-snmp-5.9.3-harden_snmptrapd.service.patch delete: * net-snmp-5.9.1-harden_snmpd.service.patch * net-snmp-5.9.1-harden_snmptrapd.service.patch ++++ systemd: - Ship systemd-pstore with udev (jsc#PED-2663) - Import commit 540e0bd5374f9f42f1e645eb15971431ebb4b8c8 29fb8a2dd0 core/unit: try to submit stop_when_unneeded queue on removing dependencies bd63eab381 core/device: start units specified in SYSTEMD_WANTS if it is not running e0898fa873 coredump: do not allow user to access coredumps with changed uid/gid/capabilities (bsc#1205000 CVE-2022-4415) 119424f96e coredump: adjust whitespace 3833d5a408 coredump: drop an unused variable 36728edcfd coredump: Fix format string type mismatch 34f6867a8a analyze: use DumpUnitsMatchingPatternsByFileDescriptor e67a7087ec manager: add DumpUnitsMatchingPatternsByFileDescriptor() feb8f2a983 manager: rename dbus method 98fed27339 analyze: extend the dump command to accept patterns a06d9470af man: document the Dump() calls of the PID 1 D-Bus interface, and what they are 79eb37a5e0 cryptsetup: retry TPM2 unseal operation if it fails with TPM2_RC_PCR_CHANGED (bsc#1204944) - Drop 5000-coredump-Fix-format-string-type-mismatch.patch 5001-coredump-drop-an-unused-variable.patch 5002-coredump-adjust-whitespace.patch 5003-coredump-do-not-allow-user-to-access-coredumps-with-.patch They have been merged into SUSE/v249 branch. ++++ python-setuptools: - Add CVE-2022-40897-ReDos.patch to fix Regular Expression Denial of Service (ReDoS) in package_index.py. bsc#1206667 ++++ samba: - CVE-2021-20251: samba: Bad password count not incremented atomically; (bso#14611); (bsc#1206546). ------------------------------------------------------------------ ------------------ 2023-1-6 - Jan 6 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - powerpc/powernv: add missing of_node_put (bsc#1065729). - commit 678d5a8 - rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs This makes in-tree KMPs more consistent with externally built KMPs and silences several rpmlint warnings. - commit 02b7735 - rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_* Dummy gcc pretends to support -mrecord-mcount option but actual gcc on ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in check failure. As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT in the exception list, replace them with a general pattern. And add OBJTOOL as well. - commit 887416f - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - commit 83e47e1 - KVM: x86: fix uninitialized variable use on KVM_REQ_TRIPLE_FAULT (bsc#1204652 CVE-2022-3344). - blacklist.conf: blacklist commit id df0bb47baa95aad133820b149851d5b94cbc6790 which duplicates commit id e542baf30b48605d4336bf54b98e76b8fb98af30. - commit c2fe422 - powerpc/xive/spapr: correct bitmap allocation size (fate#322438 git-fixes). - commit e6f2b08 - Refresh patches.suse/NFS-Handle-missing-attributes-in-OPEN-reply.patch. Update commit log to prevent patch and quilt from thinking it should apply the example hunks and fail. - commit a6bcec2 - patches.suse/btrfs-fix-resolving-backrefs-for-inline-extent-follo.patch: (bsc#1206456). - commit 31db88a - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - commit 4f80fa3 ------------------------------------------------------------------ ------------------ 2023-1-5 - Jan 5 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: mpt3sas: Remove usage of dma_get_required_mask() API (bsc#1206912,bsc#1206098). - scsi: mpt3sas: re-do lost mpt3sas DMA mask fix (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Don't change DMA mask while reallocating pools (bsc#1206912,bsc#1206098). - commit 496371c - KVM: x86: remove exit_int_info warning in svm_handle_exit (bsc#1204652 CVE-2022-3344). - KVM: x86: allow L1 to not intercept triple fault (bsc#1204652 CVE-2022-3344). - KVM: x86: forcibly leave nested mode on vCPU reset (bsc#1204652 CVE-2022-3344). - KVM: x86: add kvm_leave_nested (bsc#1204652 CVE-2022-3344). - KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use (bsc#1204652 CVE-2022-3344). - KVM: x86: nSVM: leave nested mode on vCPU free (bsc#1204652 CVE-2022-3344). - commit a745b62 - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428 bsc#1206619). - commit 894711e - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - Refresh patches.suse/memcg-deprecate-memory.force_empty-knob.patch. - commit 855cb6d - mm/mempolicy: fix memory leak in set_mempolicy_home_node system call (bsc#1206468). - commit 2ac9622 - vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (git-fixes). - vhost: fix range used in translate_desc() (git-fixes). - vringh: fix range used in iotlb_translate() (git-fixes). - vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes). - vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (git-fixes). - commit 4896995 - Move upstreamed kexec patch into sorted section - commit 8762bd7 ++++ net-snmp: - Fixed NULL pointer exception issue when handling ipDefaultTTL or pv6IpForwarding (bsc#1205148, CVE-2022-44793, bsc#1205150, CVE-2022-44792). add: * net-snmp-5.9.3-disallow_SET_requests_with_NULL_varbind.patch - Enable AES-192 and AES-256 privacy protocol (bsc#1206828). ++++ python-future: - Add CVE-2022-40899.patch to fix REDoS in http.cookiejar gh#PythonCharmers/python-future#610 bsc#1206673 ------------------------------------------------------------------ ------------------ 2023-1-4 - Jan 4 2023 ------------------- ------------------------------------------------------------------ ++++ hwdata: - update to 0.366: * Update pci, usb and vendor ids ++++ kernel-default: - blacklist.conf: Add ppc ddw fix only applicable to 5.15 - commit b91171d - blacklist.conf: Add 710ffe671e01 sched/psi: Stop relying on timer_pending() for poll_work rescheduling - commit 8adb37f ------------------------------------------------------------------ ------------------ 2023-1-3 - Jan 3 2023 ------------------- ------------------------------------------------------------------ ++++ drbd-utils: - drbd.service fails to load - incorrect path to executable (bsc#1206754) * use %suse_version to replace %UsrMerge * modify drbd-utils.spec for create symbolic folder "/lib/drbd" ++++ kernel-default: - sched/uclamp: Make task_fits_capacity() use util_fits_cpu() (git-fixes) - commit a265076 - sched/uclamp: Fix relationship between uclamp and migration (git-fixes) - commit d4e9f78 - sched/core: Fix comparison in sched_group_cookie_match() (git-fixes) - commit f64ffc5 - sched/core: Fix the bug that task won't enqueue into core (git-fixes) - commit f50eaf7 - sched/topology: Remove redundant variable and fix incorrect (git-fixes) - commit 653c1b4 - blacklist.conf: removes a feature - commit 4da5756 - blacklist.conf: misattributed - commit 3e3a9a5 - blacklist.conf: pSeries and powernv get dt from firmware - commit c257ae8 - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (fate#322438 git-fixes). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - commit 773dc74 - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - commit 7d406bf - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - commit ae77c26 - xfrm: Fix oops in __xfrm_state_delete() (bsc#1206794). - commit b8910c1 - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - commit 7c1cca0 - Refresh patches.suse/drm-amdgpu-sdma_v4_0-turn-off-SDMA-ring-buffer-in-th.patch Alt-commit - commit 41b83ab - Refresh patches.suse/drm-i915-reg-Fix-spelling-mistake-Unsupport-Unsuppor.patch Alt-commit - commit d746af5 - Refresh patches.suse/drm-amdgpu-fix-sdma-doorbell-init-ordering-on-APUs.patch Alt-commit - commit 0f2757b - Refresh patches.suse/drm-amdkfd-Fix-memory-leak-in-kfd_mem_dmamap_userptr.patch Alt-commit - commit a635317 - Refresh patches.suse/drm-i915-ttm-never-purge-busy-objects.patch Alt-commit - commit be2dd4d - Refresh patches.suse/drm-msm-Make-.remove-and-.shutdown-HW-shutdown-consi.patch Alt-commit - commit a0ff67b - Refresh patches.suse/drm-msm-dsi-fix-the-inconsistent-indenting.patch Alt-commit - commit c6fc5ca - Refresh patches.suse/drm-i915-fix-a-possible-refcount-leak-in-intel_dp_ad.patch Alt-commit - commit d4ca67b - Refresh patches.suse/drm-amdgpu-move-iommu_resume-before-ip-init-resume.patch Alt-commit - commit d5590c6 ++++ libksba: - Security fix: [bsc#1206579, CVE-2022-47629] * Integer overflow in the CRL signature parser. * Add libksba-CVE-2022-47629.patch ------------------------------------------------------------------ ------------------ 2023-1-2 - Jan 2 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - EDAC/mc_sysfs: Increase legacy channel support to 12 (bsc#1205263). - commit 4cb5420 - blacklist.conf: add scsi-mpt3sas-Fix-return-value-check-of-dma_get_required_mask.patch (bsc#1206098) - Delete patches.suse/scsi-mpt3sas-Fix-return-value-check-of-dma_get_required_mask.patch. This patch breaks Xen. - commit cc3a20c - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - commit bcbd230 - RDMA/siw: Fix pointer cast warning (git-fixes) - commit 366e50d - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (git-fixes) - commit 0dbba4f - RDMA/hns: Fix XRC caps on HIP08 (git-fixes) - commit 59e36ed - RDMA/hns: Fix error code of CMD (git-fixes) - commit 5f70364 - RDMA/hns: Fix page size cap from firmware (git-fixes) - commit 6cde7a4 - RDMA/hns: Fix PBL page MTR find (git-fixes) - commit 8abc588 - RDMA/hns: Fix AH attr queried by query_qp (git-fixes) - commit adf2f5b - RDMA/srp: Fix error return code in srp_parse_options() (git-fixes) - commit 6f932f1 - RDMA/hfi1: Fix error return code in parse_platform_config() (git-fixes) - commit e3f1da5 - RDMA: Disable IB HW for UML (git-fixes) - commit 79de999 - RDMA/nldev: Fix failure to send large messages (git-fixes) - commit 8afb6ef - RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (git-fixes) - commit 7f11c74 - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (git-fixes) - commit 9304b2c - RDMA/hns: fix memory leak in hns_roce_alloc_mr() (git-fixes) - commit 8bd6757 - RDMA/irdma: Initialize net_type before checking it (git-fixes) - commit c1ce45c - RDMA/hfi: Decrease PCI device reference count in error path (git-fixes) - commit 4b06dc0 - RDMA/hns: Fix ext_sge num error when post send (git-fixes) - commit 6e743d4 - RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (git-fixes) - commit 0f16ea1 - RDMA/siw: Set defined status for work completion with undefined status (git-fixes) - commit a9ebe54 - RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port (git-fixes) - commit 26efba0 - RDMA/core: Make sure "ib_port" is valid when access sysfs node (git-fixes) - commit 00cffbb - RDMA/restrack: Release MR restrack when delete (git-fixes) - commit 20085bc - RDMA/siw: Fix immediate work request flush to completion queue (git-fixes) - commit 4193611 - RDMA/irdma: Report the correct link speed (git-fixes) - commit 83b7019 - RDMA/core: Fix order of nldev_exit call (git-fixes) - commit 76dc905 - RDMA/efa: Add EFA 0xefa2 PCI ID (git-fixes) - commit 7e28dca - RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (git-fixes) - commit 9035bce ------------------------------------------------------------------ ------------------ 2023-1-1 - Jan 1 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT (git-fixes). - ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT (git-fixes). - commit 1504232 - rtc: cmos: Fix wake alarm breakage (git-fixes). - commit de5fcc7 - rtc: cmos: Fix event handler registration ordering issue (git-fixes). - Revert "platform/chrome: cros_ec_typec: Cleanup switch handle return paths" (git-fixes). - commit ec01d22 - HID: wacom: Ensure bootloader PID is usable in hidraw mode (git-fixes). - HID: mcp2221: don't connect hidraw (git-fixes). - remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() (git-fixes). - remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() (git-fixes). - remoteproc: qcom_q6v5_pas: detach power domains on remove (git-fixes). - remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove (git-fixes). - remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() (git-fixes). - remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() (git-fixes). - mfd: pm8008: Fix return value check in pm8008_probe() (git-fixes). - rtc: mxc_v2: Add missing clk_disable_unprepare() (git-fixes). - rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() (git-fixes). - rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (git-fixes). - rtc: snvs: Allow a time difference on clock register read (git-fixes). - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (git-fixes). - misc: ocxl: fix possible name leak in ocxl_file_register_afu() (git-fixes). - vfio: platform: Do not pass return buffer to ACPI _RST method (git-fixes). - gpiolib: cdev: fix NULL-pointer dereferences (git-fixes). - drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (git-fixes). - drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (git-fixes). - wifi: mt76: do not run mt76u_status_worker if the device is not running (git-fixes). - wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (git-fixes). - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (git-fixes). - wifi: ath9k: verify the expected usb_endpoints are present (git-fixes). - hamradio: baycom_epp: Fix return type of baycom_send_packet() (git-fixes). - mmc: renesas_sdhi: better reset from HS400 mode (git-fixes). - mmc: f-sdh30: Add quirks for broken timeout clock capability (git-fixes). - ipmi: fix memleak when unload ipmi driver (git-fixes). - HID: hid-sensor-custom: set fixed size for custom attributes (git-fixes). - hwmon: (jc42) Fix missing unlock on error in jc42_write() (git-fixes). - hwmon: (jc42) Restore the min/max/critical temperatures on resume (git-fixes). - hwmon: (jc42) Convert register access and caching to regmap/regcache (git-fixes). - regulator: core: fix use_count leakage when handling boot-on (git-fixes). - media: si470x: Fix use-after-free in si470x_int_in_callback() (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (git-fixes). - media: dvb-frontends: fix leak of memory fw (git-fixes). - nilfs2: fix shift-out-of-bounds due to too large exponent of block size (git-fixes). - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (git-fixes). - soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe (git-fixes). - rtc: cmos: fix build on non-ACPI platforms (git-fixes). - extcon: usbc-tusb320: Factor out extcon into dedicated functions (git-fixes). - tty: serial: altera_uart_{r,t}x_chars() need only uart_port (git-fixes). - tty: serial: clean up stop-tx part in altera_uart_tx_chars() (git-fixes). - rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (git-fixes). - mfd: pm8008: Remove driver data structure pm8008_data (git-fixes). - platform/chrome: cros_ec_typec: Cleanup switch handle return paths (git-fixes). - gpiolib: Get rid of redundant 'else' (git-fixes). - soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - usb: typec: Factor out non-PD fwnode properties (git-fixes). - gpiolib: make struct comments into real kernel docs (git-fixes). - mt76: stop the radar detector after leaving dfs channel (git-fixes). - extcon: usbc-tusb320: Add support for TUSB320L (git-fixes). - extcon: usbc-tusb320: Add support for mode setting and reset (git-fixes). - commit cfb92f2 - clk: st: Fix memory leak in st_of_quadfs_setup() (git-fixes). - drm/amd/display: Use the largest vready_offset in pipe group (git-fixes). - drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid() (git-fixes). - drm/amd/display: fix array index out of bound error in bios parser (git-fixes). - drm/etnaviv: add missing quirks for GC300 (git-fixes). - drm/fourcc: Fix vsub/hsub for Q410 and Q401 (git-fixes). - drm/sti: Use drm_mode_copy() (git-fixes). - drm/rockchip: Use drm_mode_copy() (git-fixes). - drm/msm: Use drm_mode_copy() (git-fixes). - drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback (git-fixes). - drm/amdgpu: Fix type of second parameter in trans_msg() callback (git-fixes). - drm/amd/display: prevent memory leak (git-fixes). - clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock() (git-fixes). - clocksource/drivers/sh_cmt: Access registers according to spec (git-fixes). - crypto: hisilicon/qm - fix missing destroy qp_idr (git-fixes). - drm/fourcc: Add packed 10bit YUV 4:2:0 format (git-fixes). - drm/amd/display: Manually adjust strobe for DCN303 (git-fixes). - commit f4d3289 - ata: ahci: Fix PCS quirk application for suspend (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB (git-fixes). - ALSA: usb-audio: add the quirk for KT0206 device (git-fixes). - ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list (git-fixes). - apparmor: Fix memleak in alloc_ns() (git-fixes). - apparmor: Use pointer to struct aa_label for lbs_cred (git-fixes). - apparmor: Fix abi check to include v8 abi (git-fixes). - apparmor: fix lockdep warning when removing a namespace (git-fixes). - apparmor: fix a memleak in multi_transaction_new() (git-fixes). - brcmfmac: return error when getting invalid max_flowrings from dongle (git-fixes). - ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (git-fixes). - acct: fix potential integer overflow in encode_comp_t() (git-fixes). - ACPICA: Fix error code path in acpi_ds_call_control_method() (git-fixes). - binfmt_misc: fix shift-out-of-bounds in check_special_flags (git-fixes). - can: kvaser_usb: do not increase tx statistics when sending error message frames (git-fixes). - commit 86527dd ------------------------------------------------------------------ ------------------ 2022-12-31 - Dec 31 2022 ------------------- ------------------------------------------------------------------ ++++ python-certifi: - remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle certs (bsc#1206212 CVE-2022-23491) - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 - Add removeTrustCor.patch ------------------------------------------------------------------ ------------------ 2022-12-29 - Dec 29 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code (git-fixes). - commit 0741514 - Revert an ASoC patch that cuased a regression (bsc#1206703) Delete: patches.suse/ASoC-soc-pcm-Don-t-zero-TDM-masks-in-__soc_pcm_open.patch - commit f822682 ------------------------------------------------------------------ ------------------ 2022-12-28 - Dec 28 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Refresh patches.suse/drm-i915-ttm-never-purge-busy-objects.patch Fix the compilation warning/error for SLE15-SP4 code; should be reverted for SLE15-SP5 - commit 01b9ce4 - cifs: update internal module number (bsc#1193629). - commit 2c23471 - cifs: don't leak -ENOMEM in smb2_open_file() (bsc#1193629). - cifs: use origin fullpath for automounts (bsc#1193629). - commit d701916 - cifs: set correct status of tcon ipc when reconnecting (bsc#1193629). - commit 57f84f1 - cifs: optimize reconnect of nested links (bsc#1193629). - cifs: fix source pathname comparison of dfs supers (bsc#1193629). - commit 2490abe - cifs: fix confusing debug message (bsc#1193629). - cifs: don't block in dfs_cache_noreq_update_tgthint() (bsc#1193629). - commit 2d792b4 - cifs: refresh root referrals (bsc#1193629). - cifs: fix refresh of cached referrals (bsc#1193629). - commit 5f89779 - cifs: don't refresh cached referrals from unactive mounts (bsc#1193629). - cifs: share dfs connections and supers (bsc#1193629). - commit d487cdb - cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1193629). - cifs: set resolved ip in sockaddr (bsc#1193629). - commit 6b4ca3c - cifs: remove unused smb3_fs_context::mount_options (bsc#1193629). - commit 45748b3 - cifs: get rid of mount options string parsing (bsc#1193629). - cifs: use fs_context for automounts (bsc#1193629). - commit 3459851 - cifs: reduce roundtrips on create/qinfo requests (bsc#1193629). - commit 5298349 - cifs: set correct ipc status after initial tree connect (bsc#1193629). - cifs: set correct tcon status after initial tree connect (bsc#1193629). - commit c4c2e58 - cifs: Remove duplicated include in cifsglob.h (bsc#1193629). - commit e5a8551 - cifs: fix oops during encryption (bsc#1199294). - commit ddcc642 - cifs: print warning when conflicting soft vs. hard mount options specified (bsc#1193629). - commit d3798b8 - cifs: fix missing display of three mount options (bsc#1193629). - commit de33d28 - cifs: fix various whitespace errors in headers (bsc#1193629). - commit 8d59280 - cifs: minor cleanup of some headers (bsc#1193629). - commit 86a2d1f - cifs: skip alloc when request has no pages (bsc#1193629). - commit 992bc71 - cifs: Parse owner/group for stat in smb311 posix extensions (bsc#1193629). - commit fa4a327 - cifs: Add "extbuf" and "extbuflen" args to smb2_compound_op() (bsc#1193629). - commit 9c7ee24 - pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (git-fixes). - crypto: ccree - Make cc_debugfs_global_fini() available for module init function (git-fixes). - ASoC: ops: Correct bounds check for second channel on SX controls (git-fixes). - clk: Fix pointer casting to prevent oops in devm_clk_release() (git-fixes). - commit b22634c - usb: gadget: uvc: Rename bmInterfaceFlags -> bmInterlaceFlags (git-fixes). - usb: dwc3: core: defer probe on ulpi_read_id timeout (git-fixes). - usb: ulpi: defer ulpi_register on ulpi_read_id timeout (git-fixes). - usb: gadget: uvc: Prevent buffer overflow in setup handler (git-fixes). - usb: storage: Add check for kcalloc (git-fixes). - USB: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: f81534: fix division by zero on line-speed change (git-fixes). - USB: serial: f81232: fix division by zero on line-speed change (git-fixes). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (git-fixes). - usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes). - usb: cdnsp: fix lack of ZLP for ep0 (git-fixes). - usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq (git-fixes). - usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system for Raptor Lake (git-fixes). - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (git-fixes). - wifi: rtl8xxxu: Fix the channel width reporting (git-fixes). - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (git-fixes). - wifi: iwlwifi: mvm: fix double free on tx path (git-fixes). - wifi: mt76: fix coverity overrun-call in mt76_get_txpower() (git-fixes). - wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails (git-fixes). - wifi: mac80211: fix memory leak in ieee80211_if_add() (git-fixes). - wifi: ath10k: Fix return value in ath10k_pci_init() (git-fixes). - wifi: rtw89: fix physts IE page check (git-fixes). - wifi: rtw89: Fix some error handling path in rtw89_core_sta_assoc() (git-fixes). - wifi: rtw89: use u32_encode_bits() to fill MAC quota value (git-fixes). - wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port (git-fixes). - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (git-fixes). - wifi: rtl8xxxu: gen2: Turn on the rate control (git-fixes). - commit 4d78293 - uio: uio_dmem_genirq: Fix deadlock between irq config and handling (git-fixes). - uio: uio_dmem_genirq: Fix missing unlock in irq configuration (git-fixes). - usb: roles: fix of node refcount leak in usb_role_switch_is_parent() (git-fixes). - usb: typec: tipd: Fix spurious fwnode_handle_put in error path (git-fixes). - usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register fails (git-fixes). - usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (git-fixes). - usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (git-fixes). - tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (git-fixes). - usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer (git-fixes). - commit 00e7f07 - test_firmware: fix memory leak in test_firmware_init() (git-fixes). - thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2 (git-fixes). - thermal/drivers/imx8mm_thermal: Validate temperature range (git-fixes). - spi: spi-gpio: Don't set MOSI as an input if not 3WIRE mode (git-fixes). - spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE (git-fixes). - thermal: core: fix some possible name leaks in error paths (git-fixes). - tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init() (git-fixes). - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm: acpi: Call acpi_put_table() to fix memory leak (git-fixes). - commit 3ea2187 - soc: mediatek: pm-domains: Fix the power glitch issue (git-fixes). - serial: sunsab: Fix error handling in sunsab_init() (git-fixes). - serial: pch: Fix PCI device refcount leak in pch_request_dma() (git-fixes). - serial: stm32: move dma_request_chan() before clk_prepare_enable() (git-fixes). - spi: Update reference to struct spi_controller (git-fixes). - soc: qcom: Select REMAP_MMIO for LLCC driver (git-fixes). - soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe (git-fixes). - drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static (git-fixes). - soc: qcom: llcc: make irq truly optional (git-fixes). - commit 41d3c92 - regulator: core: fix deadlock on regulator enable (git-fixes). - pstore: Properly assign mem_type property (git-fixes). - pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (git-fixes). - pwm: mediatek: always use bus clock for PWM on MT7622 (git-fixes). - pwm: lpc18xx-sct: Fix a comment to match code (git-fixes). - pwm: sifive: Call pwm_sifive_update_clock() while mutex is held (git-fixes). - pwm: tegra: Improve required rate calculation (git-fixes). - selftests: devlink: fix the fd redirect in dummy_reporter_test (git-fixes). - r6040: Fix kmemleak in probe and remove (git-fixes). - selftests/powerpc: Fix resource leaks (git-fixes). - serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle (git-fixes). - serial: amba-pl011: avoid SBSA UART accessing DMACR register (git-fixes). - serial: 8250_bcm7271: Fix error handling in brcmuart_init() (git-fixes). - serial: tegra: Read DMA status before terminating (git-fixes). - staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (git-fixes). - staging: rtl8192u: Fix use after free in ieee80211_rx() (git-fixes). - regulator: qcom-labibb: Fix missing of_node_put() in qcom_labibb_regulator_probe() (git-fixes). - regulator: core: fix resource leak in regulator_register() (git-fixes). - regulator: core: fix module refcount leak in set_supply() (git-fixes). - regulator: bd718x7: Drop unnecessary info print (git-fixes). - regulator: core: use kfree_const() to free space conditionally (git-fixes). - regulator: qcom-rpmh: Fix PMR735a S3 regulator spec (git-fixes). - regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() (git-fixes). - selftests/efivarfs: Add checking of the test return value (git-fixes). - selftests/ftrace: event_triggers: wait longer for test_event_enable (git-fixes). - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes). - pstore/ram: Fix error return code in ramoops_probe() (git-fixes). - pstore/zone: Use GFP_ATOMIC to allocate zone buffer (git-fixes). - regulator: twl6030: fix get status of twl6032 regulators (git-fixes). - regulator: slg51000: Wait after asserting CS pin (git-fixes). - commit b3e3245 - nfc: pn533: Clear nfc_target before being used (git-fixes). - phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices (git-fixes). - power: supply: fix null pointer dereferencing in power_supply_get_battery_info (git-fixes). - power: supply: ab8500: Fix error handling in ab8500_charger_init() (git-fixes). - power: supply: z2_battery: Fix possible memleak in z2_batt_probe() (git-fixes). - power: supply: fix residue sysfs file in error handle route of __power_supply_register() (git-fixes). - PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled (git-fixes). - PCI: vmd: Disable MSI remapping after suspend (git-fixes). - PCI: dwc: Fix n_fts[] array overrun (git-fixes). - PCI/sysfs: Fix double free in error path (git-fixes). - PCI: Check for alloc failure in pci_request_irq() (git-fixes). - pinctrl: pinconf-generic: add missing of_node_put() (git-fixes). - pinctrl: k210: call of_node_put() (git-fixes). - mtd: spi-nor: Fix the number of bytes for the dummy cycles (git-fixes). - mtd: spi-nor: hide jedec_id sysfs attribute if not present (git-fixes). - mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (git-fixes). - mtd: maps: pxa2xx-flash: fix memory leak in probe (git-fixes). - mtd: lpddr2_nvm: Fix possible null-ptr-deref (git-fixes). - proc: fixup uptime selftest (git-fixes). - PNP: fix name memory leak in pnp_alloc_dev() (git-fixes). - PM: hibernate: Fix mistake in kerneldoc comment (git-fixes). - PM: runtime: Do not call __rpm_callback() from rpm_idle() (git-fixes). - platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() (git-fixes). - platform/mellanox: mlxbf-pmc: Fix event typo (git-fixes). - platform/x86: intel_scu_ipc: fix possible name leak in __intel_scu_ipc_register() (git-fixes). - platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() (git-fixes). - platform/x86: huawei-wmi: fix return value calculation (git-fixes). - pinctrl: meditatek: Startup with the IRQs disabled (git-fixes). - commit 9546018 - mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (git-fixes). - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (git-fixes). - mmc: core: Normalize the error handling branch in sd_read_ext_regs() (git-fixes). - mmc: renesas_sdhi: alway populate SCC pointer (git-fixes). - mmc: mmci: fix return value check of mmc_add_host() (git-fixes). - mmc: wbsd: fix return value check of mmc_add_host() (git-fixes). - mmc: via-sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: meson-gx: fix return value check of mmc_add_host() (git-fixes). - mmc: omap_hsmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: atmel-mci: fix return value check of mmc_add_host() (git-fixes). - mmc: wmt-sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix return value check of mmc_add_host() (git-fixes). - mmc: toshsd: fix return value check of mmc_add_host() (git-fixes). - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: rtsx_pci: fix return value check of mmc_add_host() (git-fixes). - mmc: pxamci: fix return value check of mmc_add_host() (git-fixes). - mmc: mxcmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: moxart: fix return value check of mmc_add_host() (git-fixes). - mtd: Fix device name leak when register device failed in add_mtd_device() (git-fixes). - commit 5e3071e - mailbox: zynq-ipi: fix error handling while device_register() fails (git-fixes). - mailbox: arm_mhuv2: Fix return value check in mhuv2_probe() (git-fixes). - mailbox: mpfs: read the system controller's status (git-fixes). - mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe() (git-fixes). - mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (git-fixes). - mfd: mt6360: Add bounds checking in Regmap read/write call-backs (git-fixes). - mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - HSI: omap_ssi_core: Fix error handling in ssi_init() (git-fixes). - HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (git-fixes). - iio: fix memory leak in iio_device_register_eventset() (git-fixes). - iio: adc128s052: add proper .data members in adc128_of_match table (git-fixes). - iio: temperature: ltc2983: make bulk write buffer DMA-safe (git-fixes). - iio: adc: ad_sigma_delta: do not use internal iio_dev lock (git-fixes). - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (git-fixes). - i2c: mux: reg: check return value after calling platform_get_resource() (git-fixes). - i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (git-fixes). - hwrng: amd - Fix PCI device refcount leak (git-fixes). - integrity: Fix memory leakage in keyring allocation error path (git-fixes). - mmc: alcor: fix return value check of mmc_add_host() (git-fixes). - ipmi: fix use after free in _ipmi_destroy_user() (git-fixes). - ipmi: kcs: Poll OBF briefly to reduce OBE latency (git-fixes). - Input: wistron_btns - disable on UML (git-fixes). - Input: elants_i2c - properly handle the reset GPIO when power is off (git-fixes). - Input: joystick - fix Kconfig warning for JOYSTICK_ADC (git-fixes). - media: saa7164: fix missing pci_disable_device() (git-fixes). - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-core: Fix ignored return value in dvb_register_frontend() (git-fixes). - media: dvb-core: Fix double free in dvb_register_device() (git-fixes). - media: imon: fix a race condition in send_packet() (git-fixes). - media: solo6x10: fix possible memory leak in solo_sysfs_init() (git-fixes). - media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() (git-fixes). - media: vimc: Fix wrong function called when vimc_init() fails (git-fixes). - media: adv748x: afe: Select input port when initializing AFE (git-fixes). - media: v4l2-ctrls: Fix off-by-one error in integer menu control check (git-fixes). - media: vivid: fix compose size exceed boundary (git-fixes). - staging: media: tegra-video: fix device_node use after free (git-fixes). - staging: media: tegra-video: fix chan->mipi value on error (git-fixes). - media: i2c: ad5820: Fix error path (git-fixes). - ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (git-fixes). - media: camss: Clean up received buffers on failed start of streaming (git-fixes). - media: videobuf-dma-contig: use dma_mmap_coherent (git-fixes). - lib/fonts: fix undefined behavior in bit shift for get_default_font (git-fixes). - lib/debugobjects: fix stat count and optimize debug_objects_mem_init (git-fixes). - media: v4l2-dv-timings.c: fix too strict blanking sanity checks (git-fixes). - mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse() (git-fixes). - commit 492bdad - driver core: Fix bus_type.match() error handling in __driver_attach() (git-fixes). - Refresh patches.suse/drivers-base-implement-dev_enable_async_probe.patch. - commit 72f2b42 - drm/i915/display: Don't disable DDI/Transcoder when setting phy test pattern (git-fixes). - drm/i915: Fix documentation for intel_uncore_forcewake_put__locked (git-fixes). - dmaengine: idxd: Fix crc_val field for completion record (git-fixes). - Documentation: devres: add missing devm_acpi_dma_controller_free() helper (git-fixes). - HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (git-fixes). - device property: Fix documentation for fwnode_get_next_parent() (git-fixes). - Documentation: devres: add missing MEM helper (git-fixes). - firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes). - drivers: dio: fix possible memory leak in dio_init() (git-fixes). - Documentation: devres: add missing PHY helpers (git-fixes). - dt-bindings: gpio: gpio-davinci: Increase maxItems in gpio-line-names (git-fixes). - fbdev: fbcon: release buffer when fbcon_do_set_font() failed (git-fixes). - fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (git-fixes). - fbdev: uvesafb: don't build on UML (git-fixes). - fbdev: geode: don't build on UML (git-fixes). - fbdev: vermilion: decrease reference count in error path (git-fixes). - fbdev: via: Fix error in via_core_init() (git-fixes). - fbdev: pm2fb: fix missing pci_disable_device() (git-fixes). - fbdev: ssd1307fb: Drop optional dependency (git-fixes). - crypto: img-hash - Fix variable dereferenced before check 'hdev->req' (git-fixes). - crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() (git-fixes). - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak (git-fixes). - crypto: cryptd - Use request context instead of stack for sub-request (git-fixes). - crypto: ccree - Remove debugfs when platform_driver_register failed (git-fixes). - crypto: rockchip - rework by using crypto_engine (git-fixes). - crypto: rockchip - remove non-aligned handling (git-fixes). - crypto: rockchip - better handle cipher key (git-fixes). - crypto: rockchip - add fallback for ahash (git-fixes). - crypto: rockchip - add fallback for cipher (git-fixes). - crypto: rockchip - do not store mode globally (git-fixes). - crypto: rockchip - do not do custom power management (git-fixes). - crypto: n2 - add missing hash statesize (git-fixes). - crypto: nitrox - avoid double free on error path in nitrox_sriov_init() (git-fixes). - crypto: sun8i-ss - use dma_addr instead u32 (git-fixes). - hamradio: don't call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - Documentation: bonding: update miimon default to 100 (git-fixes). - Revert "dt-bindings: marvell,prestera: Add description for device-tree bindings" (git-fixes). - dt-bindings: clock: qcom,aoncc-sm8250: fix compatible (git-fixes). - drm/amdkfd: Fix memory leakage (git-fixes). - drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (git-fixes). - drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() (git-fixes). - drm/amd/pm/smu11: BACO is supported when it's in BACO state (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for dual link DSI (git-fixes). - drm/amdgpu: fix pci device refcount leak (git-fixes). - drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() (git-fixes). - drm/mediatek: Modify dpi power on/off sequence (git-fixes). - drm/i915: remove circ_buf.h includes (git-fixes). - drm/i915/ttm: never purge busy objects (git-fixes). - drm/radeon: Add the missed acpi_put_table() to fix memory leak (git-fixes). - drm/etnaviv: don't truncate physical page address (git-fixes). - dt-bindings: display: sun6i-dsi: Fix clock conditional (git-fixes). - drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (git-fixes). - Revert "drm/amd/display: Limit max DSC target bpp for specific monitors" (git-fixes). - drm/amdgpu/powerplay/psm: Fix memory leak in power state init (git-fixes). - drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure (git-fixes). - drm/vmwgfx: Validate the box size for the snooped cursor (git-fixes). - drm/rockchip: lvds: fix PM usage counter unbalance in poweron (git-fixes). - drm/vmwgfx: Fix a sparse warning in kernel docs (git-fixes). - drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge (git-fixes). - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink (git-fixes). - floppy: Fix memory leak in do_floppy_init() (git-fixes). - Documentation/features-refresh.sh: Only sed the beginning "arch" of ARCH_DIR (git-fixes). - docs/zh_CN: Fix '.. only::' directive's expression (git-fixes). - Documentation: devres: add missing PWM helper (git-fixes). - drm/vmwgfx: Don't use screen objects when SEV is active (git-fixes). - drm/shmem-helper: Avoid vm_open error paths (git-fixes). - drm/shmem-helper: Remove errant put in error path (git-fixes). - drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420 (git-fixes). - drm/bridge: ti-sn65dsi86: Fix output polarity setting bug (git-fixes). - drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend (git-fixes). - HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk (git-fixes). - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10 (git-fixes). - gpiolib: fix memory leak in gpiochip_setup_dev() (git-fixes). - fbcon: Use kzalloc() in fbcon_prepare_logo() (git-fixes). - gpiolib: check the 'ngpios' property in core gpiolib code (git-fixes). - gpiolib: improve coding style for local variables (git-fixes). - drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read() (git-fixes). - commit 1ce780f - Refresh patches.suse/dt-bindings-clocks-imx8mp-Add-ID-for-usb-suspend-clo.patch Correct the doubly defined IMX8MP_CLK_END - commit 880f395 - ASoC: rt5670: Remove unbalanced pm_runtime_put() (git-fixes). - ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (git-fixes). - ASoC: wm8994: Fix potential deadlock (git-fixes). - ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() (git-fixes). - ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (git-fixes). - ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() (git-fixes). - ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (git-fixes). - class: fix possible memory leak in __class_register() (git-fixes). - chardev: fix error handling in cdev_device_add() (git-fixes). - Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_ll: don't call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() (git-fixes). - Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS (git-fixes). - can: tcan4x5x: Remove invalid write in clear_interrupts (git-fixes). - can: kvaser_usb_leaf: Fix bogus restart events (git-fixes). - can: kvaser_usb_leaf: Fix wrong CAN state after stopping (git-fixes). - can: kvaser_usb_leaf: Set Warning state even without bus errors (git-fixes). - clk: qcom: clk-krait: fix wrong div2 functions (git-fixes). - clk: qcom: lpass-sc7180: Fix pm_runtime usage (git-fixes). - clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs (git-fixes). - clk: imx: replace osc_hdmi with dummy (git-fixes). - clk: imx: imx8mp: add shared clk gate for usb suspend clk (git-fixes). - clk: rockchip: Fix memory leak in rockchip_clk_register_pll() (git-fixes). - clk: sunxi-ng: v3s: Correct the header guard of ccu-sun8i-v3s.h (git-fixes). - clk: renesas: r9a06g032: Repair grave increment error (git-fixes). - clk: nomadik: correct struct name kernel-doc warning (git-fixes). - clk: socfpga: Fix memory leak in socfpga_gate_init() (git-fixes). - clk: samsung: Fix memory leak in _samsung_clk_register_pll() (git-fixes). - ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe (git-fixes). - ASoC: mediatek: mt8173: Enable IRQ when pdata is ready (git-fixes). - ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd (git-fixes). - ASoC: dt-bindings: wcd9335: fix reset line polarity in example (git-fixes). - binfmt: Fix error return code in load_elf_fdpic_binary() (git-fixes). - binfmt_elf: fix documented return value for load_elf_phdrs() (git-fixes). - Bluetooth: btusb: Add debug message for CSR controllers (git-fixes). - can: mcba_usb: Fix termination command argument (git-fixes). - can: sja1000: fix size of OCR_MODE_MASK define (git-fixes). - clk: Provide new devm_clk helpers for prepared and enabled clocks (git-fixes). - clk: generalize devm_clk_get() a bit (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (git-fixes). - commit 4b9e60b - arm64: dts: mt8183: Fix Mali GPU clock (git-fixes). - amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() (git-fixes). - ASoC: qcom: Add checks for devm_kcalloc (git-fixes). - ASoC: pxa: fix null-pointer dereference in filter() (git-fixes). - ASoC: jz4740-i2s: Handle independent FIFO flush bits (git-fixes). - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (git-fixes). - ALSA: pcm: Set missing stop_operating flag at undoing trigger start (git-fixes). - ALSA: asihpi: fix missing pci_disable_device() (git-fixes). - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (git-fixes). - ARM: dts: qcom: apq8064: fix coresight compatible (git-fixes). - arm64: dts: qcom: sm8250: fix USB-DP PHY registers (git-fixes). - ARM: dts: armada-39x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-38x: Fix compatible string for gpios (git-fixes). - ARM: dts: turris-omnia: Add switch port 6 node (git-fixes). - ARM: dts: turris-omnia: Add ethernet aliases (git-fixes). - ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port (git-fixes). - arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC (git-fixes). - arm64: dts: qcom: sm8250: drop bogus DP PHY clock (git-fixes). - arm64: dts: qcom: sm8250: correct LPASS pin pull down (git-fixes). - arm64: dts: qcom: msm8916: Drop MSS fallback compatible (git-fixes). - arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias (git-fixes). - arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (git-fixes). - arm64: dts: qcom: sdm630: fix UART1 pin bias (git-fixes). - arm64: dts: qcom: msm8996: fix GPU OPP table (git-fixes). - arm64: dts: qcom: msm8996: fix supported-hw in cpufreq OPP tables (git-fixes). - arm64: dts: qcom: msm8996: Add MSM8996 Pro support (git-fixes). - arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (git-fixes). - arm64: dts: qcom: sm8250-sony-xperia-edo: fix touchscreen bias-disable (git-fixes). - arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins (git-fixes). - ARM: dts: nuvoton: Remove bogus unit addresses from fixed-partition nodes (git-fixes). - arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node (git-fixes). - arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node (git-fixes). - arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name (git-fixes). - arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings (git-fixes). - arm64: dts: mt2712-evb: Fix usb vbus regulators unit names (git-fixes). - arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names (git-fixes). - arm64: dts: mt2712e: Fix unit address for pinctrl node (git-fixes). - arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators (git-fixes). - arm64: dts: mt6779: Fix devicetree build warnings (git-fixes). - arm64: dts: mt7622: drop r_smpl property from mmc node (git-fixes). - arm64: dts: mt8183: drop drv-type from mmc-node (git-fixes). - ARM: dts: stm32: Fix AV96 WLAN regulator gpio property (git-fixes). - ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96 (git-fixes). - arm: dts: spear600: Fix clcd interrupt (git-fixes). - ARM: mmp: fix timer_read delay (git-fixes). - ARM: ux500: do not directly dereference __iomem (git-fixes). - Revert "ARM: dts: imx7: Fix NAND controller size-cells" (git-fixes). - ASoC: cs42l51: Correct PGA Volume minimum value (git-fixes). - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (git-fixes). - ASoC: fsl_micfil: explicitly clear CHnF flags (git-fixes). - ASoC: fsl_micfil: explicitly clear software reset bit (git-fixes). - ASoC: soc-pcm: Add NULL check in BE reparenting (git-fixes). - ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine transitions (git-fixes). - ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register (git-fixes). - ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (git-fixes). - ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (git-fixes). - ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name (git-fixes). - arm64: dts: rockchip: fix ir-receiver node names (git-fixes). - ARM: dts: rockchip: fix ir-receiver node names (git-fixes). - arm: dts: rockchip: remove clock-frequency from rtc (git-fixes). - arm: dts: rockchip: fix node name for hym8563 rtc (git-fixes). - arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series (git-fixes). - ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (git-fixes). - commit 0882612 - Move upstreamed patches into sorted section - commit 407fb87 - Update patches.kabi/usb.h-struct-usb_device-hide-new-member.patch (git-fixes bsc#1206664 CVE-2022-4662). - Update patches.suse/USB-core-Prevent-nested-device-reset-calls.patch (git-fixes bsc#1206664 CVE-2022-4662). - commit 3b17120 ------------------------------------------------------------------ ------------------ 2022-12-27 - Dec 27 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update patch reference for mali drm fix (CVE-2022-3115 bsc#1206393) - commit 92552e2 - Update patch reference for wilc1000 fix (CVE-2022-47520 bsc#1206515) - commit 9822092 - kabi/severities: ignore kABI change for meson driver fix (CVE-2022-3112 bsc#1206399) - commit d487c3e - media: meson: vdec: potential dereference of null pointer (CVE-2022-3112 bsc#1206399). - commit 9d391c5 - usb: dwc3: qcom: fix runtime PM wakeup (git-fixes). - commit e80a310 - Update patch reference for BT fix (CVE-2022-3564 bsc#1206073) - commit 6efc048 - usb: dwc3: fix PHY disable sequence (git-fixes). - commit 7228f51 - blacklist.conf: cleanup that depends on the new feature of support for scatter/gather in uvc gadgets - commit 0558392 - blacklist.conf: cleanup that depends on the new feature of support for scatter/gather in uvc gadgets - commit 788ee91 - blacklist.conf: cleanup breaking kABI - commit e89eed6 - blacklist.conf: cleanup designed to break kABI - commit 8110223 - net: usb: smsc95xx: fix external PHY reset (git-fixes). - commit d0d567a ------------------------------------------------------------------ ------------------ 2022-12-25 - Dec 25 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: iscsi: kabi: add iscsi_conn_queue_work back (git-fixes). - commit ed33fcf ------------------------------------------------------------------ ------------------ 2022-12-24 - Dec 24 2022 ------------------- ------------------------------------------------------------------ ++++ libzypp: - Hint to "zypper removeptf" to remove PTFs. - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF "zypper install - - -PTF" or a dedicated "zypper removeptf PTF" should be used. This will update the installed PTF packages to theit latest version. - version 17.31.7 (22) ++++ zypper: - BuildRequires: libzypp-devel >= 17.31.7. - Provide "removeptf" command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. But you don't want the dependant packages to be removed together with the PTF, which is what the remove command would do. The removeptf command however will aim to replace the dependant packages by their official update versions. - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - version 1.14.59 ------------------------------------------------------------------ ------------------ 2022-12-23 - Dec 23 2022 ------------------- ------------------------------------------------------------------ ++++ grub2: - Make grub.cfg invariant to efi and legacy platforms (bsc#1205200) - Removed patch linuxefi * grub2-secureboot-provide-linuxefi-config.patch * grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch * grub2-secureboot-use-linuxefi-on-uefi.patch - Rediff * grub2-btrfs-05-grub2-mkconfig.patch * grub2-efi-xen-cmdline.patch * grub2-s390x-05-grub2-mkconfig.patch * grub2-suse-remove-linux-root-param.patch ------------------------------------------------------------------ ------------------ 2022-12-22 - Dec 22 2022 ------------------- ------------------------------------------------------------------ ++++ ca-certificates-mozilla: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle "valid before nov 30 2022" and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 Patch: remove-trustcor.patch ++++ kernel-default: - sbitmap: fix lockup while swapping (bsc#1206602). - commit dc64fbc ++++ zlib: - Follow up fix for bsc#1203652 due to libxml2 breakage * bsc1203652-2.patch ++++ tar: - Fix hang when unpacking test tarball, bsc#1202436 * bsc1202436.patch ------------------------------------------------------------------ ------------------ 2022-12-21 - Dec 21 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - vsock: Enable y2038 safe timeval for timeout (bsc#1206101). - vsock: Refactor vsock_*_getsockopt to resemble sock_getsockopt (bsc#1206101). - commit e791efd ------------------------------------------------------------------ ------------------ 2022-12-20 - Dec 20 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - commit 4371191 - blacklist.conf: misattributed - commit e5b755e - rtc: pcf85063: Fix reading alarm (git-fixes). - commit 424b0c4 - rtc: pcf85063: fix pcf85063_clkout_control (gut-fixes). - commit 6c3ba9b - rtc: ds1347: fix value written to century register (git-fixes). - commit c64b579 - net/mlx5: Fix mlx5_get_next_dev() peer device matching (bsc#1206536). - net/mlx5: Lag, filter non compatible devices (bsc#1206536). - commit 7f6b5b4 ------------------------------------------------------------------ ------------------ 2022-12-19 - Dec 19 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: duplicate - commit 302a460 - blacklist.conf: misattributed in upstream, fixes a feature we lack - commit fca7a76 - tracing/doc: Fix typos on the timerlat tracer documentation (git-fixes). - commit f1f58a1 - MAINTAINERS: update arm,vic.yaml reference (git-fixes). - commit 60bf131 - MAINTAINERS: fix update references to stm32 audio bindings (git-fixes). - commit 5fab9fb - blacklist.conf: breaks kABI, not important in our configurations - commit 93e7ee0 - MAINTAINERS: update gpio-zynq.yaml reference (git-fixes). - commit ced834d - MAINTAINERS: update arm,pl353-smc.yaml reference (git-fixes). - commit 62c9d5b - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - commit 3bcf3ad - NFSD: fix use-after-free in __nfs42_ssc_open() (bsc#1206209 CVE-2022-4379). - commit 42200b2 ++++ samba: - Update to 4.15.13 * CVE-2022-37966 rc4-hmac Kerberos session keys issued to modern servers; (bso#15237); (bsc#1205385); * CVE-2022-37967 Kerberos constrained delegation ticket forgery possible against Samba AD DC; (bso#15231); (bsc#1205386); * CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided; (bso#15240); (bsc#1206504); * filter-subunit is inefficient with large numbers of knownfails; (bso#15258); * The KDC logic arround msDs-supportedEncryptionTypes differs from Windows; (bso#13135); * Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue; (bso#15197); - Adjust the systemd drop-in file for named service; (bsc#1201689); * Paths are additive so do not repeat paths from named.service * Prefix the samba DLZ directory with "-" to ignore this path if it does not exists ++++ vim: - Updated to version 9.0 with patch level 1040, fixes the following security problems * Fixing bsc#1206028 VUL-0: CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 * Fixing bsc#1206071 VUL-0: CVE-2022-3520: vim: Heap-based Buffer Overflow * Fixing bsc#1206072 VUL-0: CVE-2022-3591: vim: Use After Free * Fixing bsc#1206075 VUL-0: CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882. * Fixing bsc#1206077 VUL-0: CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804. * Fixing bsc#1205797 VUL-0: CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c - for the complete list of changes see https://github.com/vim/vim/compare/v9.0.814...v9.0.1040 ------------------------------------------------------------------ ------------------ 2022-12-16 - Dec 16 2022 ------------------- ------------------------------------------------------------------ ++++ cloud-netconfig-azure: - Update to version 1.7: + Overhaul policy routing setup (issue #19) + Support alias IPv4 ranges (issue #14) + Add support for NetworkManager (bsc#1204549) + Remove dependency on netconfig + Install into libexec directory + Clear stale ifcfg files for accelerated NICs (bsc#1199853) + More debug messages + Documentation update ++++ cloud-netconfig-ec2: - Update to version 1.7: + Overhaul policy routing setup (issue #19) + Support alias IPv4 ranges (issue #14) + Add support for NetworkManager (bsc#1204549) + Remove dependency on netconfig + Install into libexec directory + Clear stale ifcfg files for accelerated NICs (bsc#1199853) + More debug messages + Documentation update ++++ cloud-netconfig-gce: - Update to version 1.7: + Overhaul policy routing setup (issue #19) + Support alias IPv4 ranges (issue #14) + Add support for NetworkManager (bsc#1204549) + Remove dependency on netconfig + Install into libexec directory + Clear stale ifcfg files for accelerated NICs (bsc#1199853) + More debug messages + Documentation update ------------------------------------------------------------------ ------------------ 2022-12-15 - Dec 15 2022 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - Update to version 10.0.8 (bsc#1206428) - Fix regression introduced by 10.0.7. When the hosts file was modified such that there is no empty line at the end of the file the content after removing the registration data does not match the content prior to registration. The update fixes the issue triggered by an index logic error. ++++ kernel-default: - Update patches.suse/drm-amdkfd-Check-for-null-pointer-after-calling-kmem.patch (CVE-2022-3108 bsc#1206389 git-fixes). - commit cc09cbc - lkdtm/bugs: Check for the NULL pointer after calling kmalloc (CVE-2022-3104 bsc#1206396). - commit 5144632 - Update patches.suse/media-mtk-vcodec-potential-dereference-of-null-point.patch (CVE-2022-3113 bsc#1206390 git-fixes). - commit 3cbcfe5 - Update patches.suse/msft-hv-2553-hv_netvsc-Add-check-for-kvmalloc_array.patch (CVE-2022-3107 bsc#1206395 git-fixes). - commit 74c81de - Update patches.suse/power-supply-wm8350-power-Add-missing-free-in-free_c.patch (CVE-2022-3111 bsc#1206394 git-fixes). - commit 3e68171 - Update patches.suse/RDMA-uverbs-Check-for-null-return-of-kmalloc_array.patch (jsc#SLE-19249 bsc#1206398 CVE-2022-3105). - commit 1d5d55f - Update patches.suse/sfc_ef100-potential-dereference-of-null-pointer.patch (git-fixes bsc#1206397 CVE-2022-3106). Added CVE reference - commit 7a802f9 - Update patches.suse/msft-hv-2684-net-mana-Fix-race-on-per-CQ-variable-napi-work_done.patch (git-fixes bsc#1206188). Added bugzilla reference - commit 495320f - padata: Fix list iterator in padata_do_serial() (git-fixes). - commit 7ce0fe3 - HID: usbhid: Add ALWAYS_POLL quirk for some mice (git-fixes). - commit 43731f8 ++++ procps: - Extend patch procps-3.3.17-library-bsc1181475.patch (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ++++ osinfo-db: - Update to database version 20221130 osinfo-db-20221130.tar.xz - Add support for SLE Micro 5.4 add-slem5.4-support.patch - Fix value add-slem5.3-support.patch ------------------------------------------------------------------ ------------------ 2022-12-14 - Dec 14 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - restore m_can_lec_type (git-fixes). - commit 785d940 - can: m_can: is_lec_err(): clean up LEC error handling (git-fixes). - commit c7997f5 - can: m_can: fix typo prescalar -> prescaler (git-fixes). - commit b0ef074 - can: do not increase rx_bytes statistics for RTR frames (git-fixes). - commit 5858150 - can: do not increase rx statistics when generating a CAN rx error message frame (git-fixes). - Refresh patches.suse/can-kvaser_usb_hydra-do-not-report-txerr-and-rxerr-d.patch. - Refresh patches.suse/can-kvaser_usb_leaf-do-not-report-txerr-and-rxerr-du.patch. - Refresh patches.suse/can-pch_can-do-not-report-txerr-and-rxerr-during-bus.patch. - commit db678c8 - Update patches.suse/clk-imx-Add-check-for-kcalloc.patch (CVE-2022-3114 bsc#1206391 git-fixes). - commit 064b31b - kABI: reintroduce a non-inline usleep_range (git-fixes). - commit 21c3a5e - units: add the HZ macros (git-fixes). - commit 3f20d38 - units: Add SI metric prefix definitions (git-fixes). - commit de9d9f3 - can: kvaser_usb: make use of units.h in assignment of frequency (git-fixes). - commit 595fe30 - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - commit c4d1409 - module: change to print useful messages from elf_validity_check() (git-fixes). - commit cc1513a - module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes). - commit f0db1f3 - blacklist.conf: module loader cleanup, not a bug fix - commit 143fbeb - tracing: Free buffers when a used dynamic event is removed (git-fixes). - commit f5bb197 - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - commit 1bf2379 - tracing/osnoise: Fix duration type (git-fixes). - commit e223ebb ------------------------------------------------------------------ ------------------ 2022-12-13 - Dec 13 2022 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.331.g05b9ccb7: * feat(kernel-modules): exclude USB drivers in strict hostonly mode (bsc#1186056) * fix(multipath): warn if included with no multipath devices and no user conf (bsc#1069169) * fix(dracut.sh): improve detection of installed kernel versions (bsc#1205175) * fix(nfs): chown using rpc default group (bsc#1204929) ++++ kernel-default: - timers: implement usleep_idle_range() (git-fixes). - commit 8d5d397 - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - commit 99b40af - rtmutex: Add acquire semantics for rtmutex lock acquisition slow path (bnc#1203829). - commit f0851ea ++++ libsolv: - fix "keep installed" jobs not disabling "best update" rules - do not autouninstall suse ptf packages - ensure duplinvolvedmap_all is reset when a solver is reused - special case file dependencies in the testcase writer - support stringification of multiple solvables - new weakdep introspection interface similar to ruleinfos - support decision reason queries - support merging of related decissions - support stringification of ruleinfo, decisioninfo and decision reasons - support better info about alternatives - new '-P' and '-W' options for testsolv - bump version to 0.7.23 ++++ sqlite3: - bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch: relying on --safe for execution of an untrusted CLI script ++++ selinux-policy: - Updated fix_networkmanager.patch to fixe labeling of nm-dispatcher and nm-priv-helper until the packaging is adjusted (bsc#1206355) - Update fix_chronyd.patch to allow sendto towards NetworkManager_dispatcher_custom_t. Added new interface networkmanager_dispatcher_custom_dgram_send for this (bsc#1206357) - Update fix_dbus.patch to allow dbus to watch lib directories (bsc#1205895) ++++ suseconnect-ng: - Update to version 1.0.0~git14.17a7901: * Don't write system_token to service credentials files * Allow non-root users to use --version * Add: ExcludeArch: %ix86 s390 ppc64 to the .spec file, so we skip builds for unsupported architectures. * Update Dockerfile.yast * Use openssl go for SLE and Leap 15.5+ builds * Fix keepalive feature notice during installation * Fix requires for all rhel clone distributions like alma, rocky... ------------------------------------------------------------------ ------------------ 2022-12-12 - Dec 12 2022 ------------------- ------------------------------------------------------------------ ++++ curl: - Security Fix: [bsc#1206309, CVE-2022-43552] * HTTP Proxy deny use-after-free * Add curl-CVE-2022-43552.patch - Security Fix: [bsc#1206308, CVE-2022-43551] * Fix Another HSTS bypass via IDN * Add curl-CVE-2022-43551.patch ++++ kernel-default: - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - commit bb70275 - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - commit 82dd88a - s390/boot: add secure boot trailer (bsc#1205257 LTC#200451). - commit 9fd2fd0 - blacklist.conf: Append 'drm/vc4: hvs: Reset muxes at probe time' - commit 7d65cb6 ------------------------------------------------------------------ ------------------ 2022-12-11 - Dec 11 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - random: convert to using fops->write_iter() (bsc#1204911). - commit a7bff26 - random: zero buffer after reading entropy from userspace (bsc#1204911). - commit 3217a87 - random: allow partial reads if later user copies fail (bsc#1204911). - commit 9005c8f - random: check for signals every PAGE_SIZE chunk of /dev/random (bsc#1204911). - commit 19aa9ae - random: convert to using fops->read_iter() (bsc#1204911). - commit 10d2455 - random: remove outdated INT_MAX >> 6 check in urandom_read() (bsc#1204911). - commit 485f330 - Drop FIPS mode DRBG->getrandom(2) wire-up (bsc#1191259) - Delete patches.suse/0001-char-random-wire-up-userspace-interface-to-SP800-90B.patch. - Delete patches.suse/0002-char-random-reinstantiate-DRBGs-once-optimized-sha51.patch. - commit 84d63aa ------------------------------------------------------------------ ------------------ 2022-12-9 - Dec 9 2022 ------------------- ------------------------------------------------------------------ ++++ grub2: - Move unsupported zfs modules into 'extras' packages (bsc#1205554) (PED-2947) ++++ kernel-default: - SCSI: iscsi: kabi: fix libiscsi new field (git-fixes). - scsi: iscsi: Fix possible memory leak when device_register() failed (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (git-fixes). - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: iscsi: Run recv path from workqueue (git-fixes). - scsi: iscsi: Add recv workqueue helpers (git-fixes). - scsi: iscsi: Rename iscsi_conn_queue_work() (git-fixes). - scsi: hisi_sas: Limit max hw sectors for v3 HW (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: mpt3sas: Fix out-of-bounds compiler warning (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: iscsi: Fix harmless double shift bug (git-fixes). - scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (git-fixes). - commit 49caf69 - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206273). - commit f576f6c - blacklist.conf: added 80019f113832 ("fuse: always initialize sb->s_fs_info") - commit dda205a - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - commit a097aee - Refresh patches.suse/fbdev-smscufx-Fix-use-after-free-in-ufx_ops_open.patch. Update metadata (Git-commit and Patch-mainline). - commit 8f64db0 - Update patch reference for proc fixes (CVE-2022-4378 bsc#1206207) - commit cab6fa7 - Revert "drm/vc4: hvs: Reset muxes at probe time (git-fixes)." (bsc#1202341) This reverts commit 303122d0f2160411fa1068220bc59849d848550d. The reverted change clears hardware state on the RPi4, which leaves the screen blank. Without it, the display works correctly. - commit 957f968 - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload (git-fixes). - vmxnet3: use correct intrConf reference when using extended queues (git-fixes). - vmxnet3: correctly report encapsulated LRO packet (git-fixes). - proc: proc_skip_spaces() shouldn't think it is working on C strings (git-fixes). - proc: avoid integer type confusion in get_proc_long (git-fixes). - commit 3a866aa - macsec: add missing attribute validation for offload (git-fixes). - net: thunderbolt: fix memory leak in tbnet_open() (git-fixes). - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (git-fixes). - ca8210: Fix crash by zero initializing data (git-fixes). - ieee802154: cc2520: Fix error return code in cc2520_hw_init() (git-fixes). - net: mdio: fix unbalanced fwnode reference count in mdio_device_release() (git-fixes). - NFC: nci: Bounds check struct nfc_target arrays (git-fixes). - Bluetooth: Fix not cleanup led when bt_init fails (git-fixes). - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (git-fixes). - e1000e: Fix TX dispatch condition (git-fixes). - HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes). - HID: hid-lg4ff: Add check for empty lbuf (git-fixes). - gpio: amd8111: Fix PCI device reference count leak (git-fixes). - ACPI: HMAT: Fix initiator registration for single-initiator systems (git-fixes). - ACPI: HMAT: remove unnecessary variable initialization (git-fixes). - pinctrl: intel: Save and restore pins in "direct IRQ" mode (git-fixes). - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (git-fixes). - commit a0e4929 ++++ util-linux: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - Add util-linux-fix-tests-when-at-symbol-in-path.patch ------------------------------------------------------------------ ------------------ 2022-12-8 - Dec 8 2022 ------------------- ------------------------------------------------------------------ ++++ containerd: - Update to containerd v1.6.12 to fix CVE-2022-23471 bsc#1206235. Upstream release notes: ++++ kernel-default: - scsi: iscsi: Merge suspend fields (git-fixes). - Refresh patches.suse/scsi-iscsi-Fix-NOP-handling-during-conn-recovery.patch. - commit 0f7d01e - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mpt3sas: Fail reset operation if config request timed out (git-fixes). - scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map() (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: hisi_sas: Free irq vectors in order for v3 HW (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() (git-fixes). - scsi: pm8001: Fix tag leaks on error (git-fixes). - scsi: pm8001: Fix task leak in pm8001_send_abort_all() (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm8001: Fix pm80xx_pci_mem_copy() interface (git-fixes). - scsi: mpi3mr: Fix memory leaks (git-fixes). - scsi: mpi3mr: Fix reporting of actual data transfer size (git-fixes). - scsi: smartpqi: Fix kdump issue when controller is locked up (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (git-fixes). - scsi: pm8001: Fix use-after-free for aborted TMF sas_task (git-fixes). - scsi: core: Reallocate device's budget map on queue depth change (git-fixes). - scsi: pm80xx: Fix double completion for SATA devices (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: ufs: Treat link loss as fatal error (git-fixes). - scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode() (git-fixes). - scsi: pm8001: Fix bogus FW crash for maxcpus=1 (git-fixes). - scsi: qedf: Change context reset messages to ratelimited (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qedf: Add stag_work to all the vports (git-fixes). - scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup() (git-fixes). - scsi: mpi3mr: Fixes around reply request queues (git-fixes). - scsi: sr: Don't use GFP_DMA (git-fixes). - scsi: ufs: Fix a kernel crash during shutdown (git-fixes). - commit b966a92 - ext4: Fixup pages without buffers (bsc#1205495). - commit 31c03d6 - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - Refresh patches.suse/scsi-libiscsi-Teardown-iscsi_cls_conn-gracefully.patch. - commit c3c0393 - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (git-fixes). - scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - commit 82fa2c6 - scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match the definition (git-fixes). - Refresh patches.suse/scsi-ufs-core-Stop-clearing-UNIT-ATTENTIONS. - commit 0c849f9 - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - Refresh patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch - commit 5addeac - scsi: core: Fix scsi_mode_sense() buffer length handling (git-fixes). - scsi: pm80xx: Fix memory leak during rmmod (git-fixes). - scsi: hisi_sas: Use managed PCI functions (git-fixes). - scsi: ncr53c8xx: Remove unused retrieve_from_waiting_list() function (git-fixes). - commit 5431fc1 ++++ policycoreutils: - Keep important files in /sbin/ instead of /usr/sbin/ ------------------------------------------------------------------ ------------------ 2022-12-7 - Dec 7 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: add git-fixes to be blacklisted - commit cbba3af - btrfs: check if root is readonly while setting security xattr (bsc#1206147). - commit 50a73ba - btrfs: do not allow compression on nodatacow files (bsc#1206149). - commit 5167f62 - btrfs: export a helper for compression hard check (bsc#1206149). - commit f5cf2dc - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - commit 6215cd5 - xen/netback: don't call kfree_skb() with interrupts disabled (bsc#1206114, XSA-424, CVE-2022-42328, CVE-2022-42329). - commit 90098d3 - xen/netback: Ensure protocol headers don't fall in the non-linear area (bsc#1206113, XSA-423, CVE-2022-3643). - commit 6c8da66 ++++ systemd: - Fix systemd-coredump to not allow user to access coredumps with changed uid/gid/capabilities (bsc#1205000 CVE-2022-4415) Add 5000-coredump-Fix-format-string-type-mismatch.patch Add 5001-coredump-drop-an-unused-variable.patch Add 5002-coredump-adjust-whitespace.patch Add 5003-coredump-do-not-allow-user-to-access-coredumps-with-.patch ------------------------------------------------------------------ ------------------ 2022-12-6 - Dec 6 2022 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - Guard dmidecode dependency (bsc#1206082) ++++ containerd: - Update to containerd v1.6.11. Upstream release notes: - Update to containerd v1.6.9 for Docker v20.10.21-ce. Also includes a fix for CVE-2022-27191. boo#1206065 bsc#1197284 Upstream release notes: ++++ docker: - Update to Docker 20.10.21-ce. See upstream changelog online at . bsc#1206065 bsc#1205375 CVE-2022-36109 - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch * 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch - The PRIVATE-REGISTRY patch will now output a warning if it is being used (in preparation for removing the feature). This feature was never meant to be used by users directly (and is only available in the -kubic/CaaSP version of the package anyway) and thus should not affect any users. ++++ hwdata: - update to 0.365: + Updated pci, usb and vendor ids. ++++ kernel-default: - mm/memory.c: fix race when faulting a device private page (CVE-2022-3523, bsc#1204363). nouveau: fix migrate_to_ram() for faulting page (CVE-2022-3523, bsc#1204363). mm/memory: return vm_fault_t result from migrate_to_ram() callback (CVE-2022-3523, bsc#1204363). kabi: workaround for migrate_vma.fault_page (CVE-2022-3523, bsc#1204363). - commit 14f6a2f ++++ selinux-policy: - Updated fix_networkmanager.patch to allow NetworkManager to watch net_conf_t (bsc#1206109) ------------------------------------------------------------------ ------------------ 2022-12-5 - Dec 5 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057). - commit 83a8ed2 - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056). - commit 2ec426f - btrfs: send: fix send failure of a subcase of orphan inodes (bsc#1206036). - commit 90cbaac - btrfs: send: fix failures when processing inodes with no links (bsc#1206036). - commit f017ade - btrfs: send: use boolean types for current inode status (bsc#1206036). - commit 36f86c0 - btrfs: send: refactor arguments of get_inode_info() (bsc#1206036). - commit a80bf85 - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1206051). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1206050). - ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1206049). - ceph: fix inode reference leakage in ceph_get_snapdir() (bsc#1206048). - ceph: do not update snapshot context when there is no new snapshot (bsc#1206047). - ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (bsc#1206046). - ceph: properly handle statfs on multifs setups (bsc#1206045). - commit 777e847 - btrfs: send: remove unused type parameter to iterate_inode_ref_t (bsc#1206036). - commit 0e9e4f2 - btrfs: send: remove unused found_type parameter to lookup_dir_item_inode() (bsc#1206036). - commit 7f2d376 - blacklist.conf: added 1b2ba3c5616e ("ceph: flush the mdlog for filesystem sync") - commit a1975bc - btrfs: send: always use the rbtree based inode ref management infrastructure (bsc#1206036). - commit e503e70 - blacklist.conf: added 5bd76b8de5b7 ("ceph: fix NULL pointer dereference for req->r_session") - commit 33375e7 - btrfs: send: fix sending link commands for existing file paths (bsc#1206036). - commit 382a30f - blacklist.conf: added aa1d627207ca ("ceph: Use kcalloc for allocating multiple elements") - commit 169da79 - blacklist.conf: added 89d43d0551a8 ("ceph: put the requests/sessions when it fails to alloc memory") - commit e095309 - blacklist.conf: added 0e24421ac431 ("ceph: fix mdsmap decode when there are MDS's beyond max_mds") - commit 0e95811 - btrfs: send: introduce recorded_ref_alloc and recorded_ref_free (bsc#1206036). - commit f582043 - btrfs: prevent subvol with swapfile from being deleted (bsc#1206035). - commit 17d1de0 - sched: Disable sched domain debugfs creation on ppc64 unless sched_verbose is specified (bnc#1205653). - commit 039564b - char: tpm: Protect tpm_pm_suspend with locks (git-fixes). - Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (git-fixes). - commit 0216ffd ++++ libcontainers-common: - Remove registry.suse.com from search unqualified-search-registries: registry.suse.com responds very slowly to pagination repository listings (https://docs.docker.com/registry/spec/api/#pagination) and thereby causes every `podman search` to take over 90s. We have to remove it until this regression is fixed. ++++ systemd: - Import commit bcf040075f682f67370ddf7ab93d7a0d8b9cd9cc ab0f962e4c core/device: Log on every event received from udev 2dcb7c77fe udev/net_id: show the correct identifier in the debug output of dev_pci_onboard() 5b824103e0 udev/net_id: add debug logging for construction of device names cb6925410b udev: add one more assertion 82e343153a udev: drop assertion which is always false cef726986b udev: support by-path devlink for multipath nvme block devices (bsc#1200723) 00b34f08d9 tests: minor simplification in test-execute e5b4571c20 tests: make test-execute pass on openSUSE - Drop the following patches since they have been merged in 'SUSE/v249' branch: 6000-udev-net_id-add-debug-logging-for-construction-of-de.patch 6001-udev-net_id-show-the-correct-identifier-in-the-debug.patch ++++ timezone: - timezone update 2022g (bsc#1177460): * In the Mexican state of Chihuahua, the border strip near the US will change to agree with nearby US locations on 2022-11-30. The strip's western part, represented by Ciudad Juárez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. A new Zone America/Ciudad_Juarez splits from America/Ojinaga. * Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. * Changes for pre-1996 northern Canada * Update to past DST transition in Colombia (1993), Singapore (1981) * timegm is now supported by default ------------------------------------------------------------------ ------------------ 2022-12-4 - Dec 4 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - usb: dwc3: gadget: Return -ESHUTDOWN on ep disable (git-fixes). - Refresh patches.suse/usb-dwc3-gadget-Clear-ep-descriptor-last.patch. - commit eede34a - usb: dwc3: gadget: conditionally remove requests (git-fixes). - Refresh patches.suse/usb-dwc3-gadget-Clear-ep-descriptor-last.patch. - commit baddb4e - i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set (git-fixes). - i2c: npcm7xx: Fix error handling in npcm_i2c_init() (git-fixes). - pinctrl: single: Fix potential division by zero (git-fixes). - mmc: sdhci-sprd: Fix no reset data and command after voltage switch (git-fixes). - mmc: mmc_test: Fix removal of debugfs file (git-fixes). - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (git-fixes). - mmc: core: Fix ambiguous TRIM and DISCARD arg (git-fixes). - ASoC: ops: Fix bounds check for _sx controls (git-fixes). - ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes). - wifi: wilc1000: validate number of channels (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute (git-fixes). - wifi: wilc1000: validate pairwise and authentication suite offsets (git-fixes). - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - selftests: mptcp: fix mibit vs mbit mix up (git-fixes). - Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (git-fixes). - Input: soc_button_array - add use_low_level_irq module parameter (git-fixes). - Input: goodix - try resetting the controller when no config is set (git-fixes). - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (git-fixes). - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on - >set_termios() (git-fixes). - tools: iio: iio_generic_buffer: Fix read size (git-fixes). - iio: pressure: ms5611: fixed value compensation bug (git-fixes). - ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes). - ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes). - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes). - net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes). - platform/x86: hp-wmi: Ignore Smart Experience App event (git-fixes). - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (git-fixes). - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (git-fixes). - ata: libata-core: do not issue non-internal commands once EH is pending (git-fixes). - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (git-fixes). - mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (git-fixes). - wifi: ath11k: Fix QCN9074 firmware boot on x86 (git-fixes). - wifi: mac80211: Fix ack frame idr leak when mesh has no route (git-fixes). - wifi: airo: do not assign -1 to unsigned char (git-fixes). - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (git-fixes). - wifi: mac80211: fix memory free error when registering wiphy fail (git-fixes). - audit: fix undefined behavior in bit shift for AUDIT_BIT (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 (git-fixes). - platform/x86: ideapad-laptop: Disable touchpad_switch (git-fixes). - selftests: mptcp: make sendfile selftest work (git-fixes). - ASoC: fsl_sai: use local device pointer (git-fixes). - mmc: sdhci-brcmstb: Enable Clock Gating to save power (git-fixes). - mmc: sdhci-brcmstb: Re-organize flags (git-fixes). - ata: libata-scsi: simplify __ata_scsi_queuecmd() (git-fixes). - iio: ms5611: Simplify IO callback parameters (git-fixes). - selftests: mptcp: more stable simult_flows tests (git-fixes). - commit 4ec7214 ------------------------------------------------------------------ ------------------ 2022-12-3 - Dec 3 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Blacklist io-wq-max_worker-fixes on SP4 Commit bc369921d670 ("io-wq: max_worker fixes") claims to fix 2e480058ddc2 ("io-wq: provide a way to limit max number of workers") but actually fixes 7a842fb589e3 ("io-wq: code clean of io_wqe_create_worker()") which we don't carry in SP4. Blacklist it to silent git-fixes. Nevertheless, it is required in SP5. This commit must be reverted there. - commit 4da02f1 ------------------------------------------------------------------ ------------------ 2022-12-2 - Dec 2 2022 ------------------- ------------------------------------------------------------------ ++++ haveged: - Synchronize haveged instances during switching root (bsc#1203079) * Add haveged-switch-root.patch ++++ kernel-default: - io-wq: exclusively gate signal based exit on get_signal() return (git-fixes). - commit 0f61b91 - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573) - commit 51c7091 - Fix patches.suse/MM-reclaim-mustn-t-enter-FS-for-swap-over-NFS.patch Fixed implicit-function-declaration warning when swap is disabled (bsc#1205993). - commit 2816166 - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ina3221) Fix shunt sum critical calculation (git-fixes). - hwmon: (ltc2947) fix temperature scaling (git-fixes). - ARM: at91: rm9200: fix usb device clock id (git-fixes). - commit e077c40 ++++ mozilla-nss: - Update nss-fips-approved-crypto-non-ec.patch to disapprove the creation of DSA keys, i.e. mark them as not-fips (bsc#1201298) ------------------------------------------------------------------ ------------------ 2022-12-1 - Dec 1 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - block: Do not reread partition table on exclusively open device (bsc#1190969). - commit e522e07 - Update patch reference for ATM fix (CVE-2022-3635 bsc#1204631) - commit 7ef6216 - Move upstreamed i915 fix into sorted section - commit 8ee5ebf ++++ util-linux: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - util-linux-uuidd-prevent-root-owning.patch: Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. ++++ util-linux-systemd: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - util-linux-uuidd-prevent-root-owning.patch: Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. ------------------------------------------------------------------ ------------------ 2022-11-30 - Nov 30 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/hyperv: Update 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (git-fixes). - commit 86dd4ce - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: mdiobus: fix unbalanced node reference count (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - wifi: cfg80211: don't allow multi-BSSID in S1G (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type (git-fixes). - net: wwan: iosm: fix kernel test robot reported error (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe() (git-fixes). - e100: Fix possible use after free in e100_xmit_prepare (git-fixes). - fm10k: Fix error handling in fm10k_init_module() (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - can: m_can: Add check for devm_clk_get (git-fixes). - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (git-fixes). - can: etas_es58x: es58x_init_netdev(): free netdev when register_candev() (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - Revert "net: phy: meson-gxl: improve link-up behavior" (git-fixes). - commit 225e8fd - net: stmmac: work around sporadic tx issue on link-up (git-fixes). - commit e5a3408 - KVM: x86/mmu: Fix race condition in direct_page_fault (bsc#1205882, CVE-2022-45869). - commit e2a86d6 - Add support for enabling livepatching related packages on -RT (jsc#PED-1706) - commit 9d41244 - blacklist.conf: faeture, not fix - commit 8c4e5cb - blacklist.conf: kABI - commit e518f66 - blacklist.conf: misattributed - commit dd8dac1 - blacklist.conf: kABI - commit 267578b - blacklist.conf: kABI - commit ca10017 - mac80211: radiotap: Use BIT() instead of shifts (git-fixes). - commit fa4dbfe - char: xillybus: Fix trivial bug with mutex (bsc#1205764 CVE-2022-45888). - char: xillybus: Prevent use-after-free due to race condition (bsc#1205764 CVE-2022-45888). - commit 8d88aac - platform/x86/intel/pmt: Sapphire Rapids PMT errata fix (jsc#PED-2684 bsc#1205683). - commit a6ac9d8 ++++ selinux-policy: - Add fix_irqbalance.patch: support netlink socket operations (bsc#1205434) - Drop fix_irqbalance.patch: superseded by upstream ------------------------------------------------------------------ ------------------ 2022-11-29 - Nov 29 2022 ------------------- ------------------------------------------------------------------ ++++ containerd: - add devel subpackage, which is needed by open-vm-tools ++++ kernel-default: - Refresh patches.suse/ibmvnic-Properly-dispose-of-all-skbs-during-a-failov.patch. Fix metadata - commit f4fe6e0 - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - commit 9f37b44 - config: arm64: Fix Freescale LPUART dependency (boo#1204063) Commit 8d7f37c61a07 inserted CONFIG_SERIAL_FSL_LPUART_CONSOLE=y but forgot to change CONFIG_SERIAL_FSL_LPUART=m to =y as dependency, as the upstream Kconfig appears to be missing it for this driver. - commit c1cdcc5 - blacklist.conf: kABI - commit 27ebcbb - Move upstreamed input patch into sorted section (bsc#1190256) - commit 32c618e - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - commit 17b7c9d - blacklist.conf: kABI - commit 3301053 - usb: xhci-mtk: check boundary before check tt (git-fixes). - commit 401f88b - usb: xhci-mtk: update fs bus bandwidth by bw_budget_table (git-fixes). - commit bfe9566 - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - commit dab6b8a - x86/entry: Work around Clang __bdos() bug (git-fixes). - commit e06d1d8 - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - commit ec4c7d4 - x86/Xen: streamline (and fix) PV CPU enumeration (git-fixes). - commit eddf207 - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (git-fixes). - commit 9e93e06 - io_uring: fix possible poll event lost in multi shot mode (git-fixes). - commit 2b11ccf ++++ libtirpc: - consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) - add binddynport-honor-ip_local_reserved_ports.patch ------------------------------------------------------------------ ------------------ 2022-11-28 - Nov 28 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - io-wq: ensure we exit if thread group is exiting (git-fixes). - io_uring: fix missing sigmask restore in io_cqring_wait() (git-fixes). - io_uring: pin SQPOLL data before unlocking ring lock (git-fixes). - io_uring: drop ctx->uring_lock before acquiring sqd->lock (git-fixes). - io_uring: fix missing mb() before waitqueue_active (git-fixes). - commit 83b832a - cifs: fix missing unlock in cifs_file_copychunk_range() (git-fixes). - commit c1df133 - cifs: Use after free in debug code (git-fixes). - commit 64acc9c - cifs: add check for returning value of SMB2_set_info_init (git-fixes). - commit 98fbee7 - cifs: Fix wrong return value checking when GETFLAGS (git-fixes). - commit 70eda18 - cifs: add check for returning value of SMB2_close_init (git-fixes). - commit f80dd26 - cifs: Fix connections leak when tlink setup failed (git-fixes). - commit 173646f - KVM: x86: Retry page fault if MMU reload is pending and root has no sp (bsc#1205744). - commit 2631fac - drm/i915: fix TLB invalidation for Gen12 video and compute engines (CVE-2022-4139 bsc#1205700). - commit 80818ce - Refresh patches.suse/misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch (CVE-2022-3424 bsc#1204166) Taken from v10 patch in char-misc subsystem tree - commit 70dae18 - Update patches.suse/HID-roccat-Fix-use-after-free-in-roccat_read.patch (bsc#1203960 CVE-2022-41850). - commit 94bd71f - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI" - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - commit a5fb15b - Bluetooth: L2CAP: Fix u8 overflow (CVE-2022-45934 bsc#1205796). - commit 966bbc0 - usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: cdnsp: Fix issue with Clear Feature Halt Endpoint (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - scripts/faddr2line: Fix regression in name resolution on ppc64le (git-fixes). - commit 45d3e4c - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - commit 0c767bc - Move upstreamed sound and WiFi patches into sorted section - commit 5e6ff3d ++++ libcontainers-common: - add requires on util-linux-systemd for findmnt in profile script - only set storage_driver env when no libpod exists - avoid quoting issue ++++ samba: - Install a systemd drop-in file for named service to allow read/write access to the DLZ directory; (bsc#1201689); ------------------------------------------------------------------ ------------------ 2022-11-27 - Nov 27 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - drm/amd/display: Add HUBP surface flip interrupt handler (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: cdns3: host: fix endless superspeed hub port reset (git-fixes). - USB: bcma: Make GPIO explicitly optional (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - docs: update mediator contact information in CoC doc (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - i2c: tegra: Allocate DMA memory for DMA engine (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - ASoC: rt1019: Fix the TDM settings (git-fixes). - ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (git-fixes). - selftests/intel_pstate: fix build for ARCH=x86_64 (git-fixes). - wifi: wext: use flex array destination for memcpy() (git-fixes). - docs, kprobes: Fix the wrong location of Kprobes (git-fixes). - docs/core-api: expand Fedora instructions for GCC plugins (git-fixes). - mtd: spi-nor: intel-spi: Disable write protection only if asked (git-fixes). - commit 26e07a5 - io_uring: ensure IORING_REGISTER_IOWQ_MAX_WORKERS works with SQPOLL (git-fixes). - commit 8665d84 ------------------------------------------------------------------ ------------------ 2022-11-26 - Nov 26 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Refresh patches.suse/xfs-move-recovery-needed-state-updates-to-xfs_log_mo.patch. - commit 4ec24fa - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: soc-pcm: Don't zero TDM masks in __soc_pcm_open() (git-fixes). - net: thunderx: Fix the ACPI memory leak (git-fixes). - nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - arcnet: fix potential memory leak in com20020_probe() (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - macsec: Fix invalid error code set (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (git-fixes). - arm64: dts: rockchip: add enable-strobe-pulldown to emmc phy on nanopi4 (git-fixes). - ARM: dts: am335x-pcm-953: Define fixed regulators in root node (git-fixes). - ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (git-fixes). - ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - bus: sunxi-rsb: Remove the shutdown callback (git-fixes). - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes). - commit 39ef4db ------------------------------------------------------------------ ------------------ 2022-11-25 - Nov 25 2022 ------------------- ------------------------------------------------------------------ ++++ kdump: - Make the kdump-save.service reboot after kdump-save is finished (bsc#1204000) - fix renaming of qeth interfaces (bsc#1204743, bsc#1144337) - ppc64: rebuild initrd image after migration (bsc#1191410) ++++ kernel-default: - l2tp: Serialize access to sk_user_data with sk_callback_lock (bsc#1205711 CVE-2022-4129). - commit ad37086 - Update metadata references - commit a01d008 - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (git-fixes) - commit 396a739 - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes) - commit 981cb44 - RDMA/hns: Disable local invalidate operation (git-fixes) - commit 90ecfab - IB/hfi1: Correctly move list in sc_disable() (git-fixes) - commit fa439f0 - RDMA/cma: Use output interface for net_dev check (git-fixes) - commit 568074d - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes) - commit 569a9cb - RDMA/cm: Use SLID in the work completion as the DLID in responder side (git-fixes) - commit e86643f - RDMA/irdma: Use s/g array in post send only when its valid (git-fixes) - commit 6692dc0 - RDMA/mlx5: Set local port to one when accessing counters (git-fixes) - commit 9acd436 - RDMA/hns: Remove the num_qpc_timer variable (git-fixes) - commit 89b5b80 - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes) - commit c586fc0 - RDMA/hns: Fix supported page size (git-fixes) - commit 64653d9 - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes) - commit 78022ca - RDMA/rxe: Limit the number of calls to each tasklet (git-fixes) - commit 37d447b - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes) - commit ba2976b - RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes) - commit 97ffea6 - RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes) - commit 46a2a2b - RDMA/rxe: Remove useless pkt parameters (git-fixes) - commit 06b2d37 - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - commit 7ec3772 - RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes) - commit ba8caf3 - RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes) - commit b510b17 - RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (git-fixes) - commit 6c11e07 - RDMA/hns: Remove the num_cqc_timer variable (git-fixes) - commit ed86cd6 - RDMA/hns: Correct the type of variables participating in the shift operation (git-fixes) - commit cecc570 - RDMA/hns: Replace tab with space in the right-side comments (git-fixes) - commit 4c89a77 - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes) - commit 40de52c - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - commit 36c1898 - RDMA/hns: Remove magic number (git-fixes) - commit 014def9 ++++ libtpms: - fix build for ppc64le: use -Wl,--no-as-needed in check-local [bsc#1204556] ++++ libzypp: - Avoid calling getsockopt when we know the info already. This patch hopefully fixes logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections. (for bsc#1178233) - Enhance yaml-cpp detection (fixes #428) - No need to redirect 'history.logfile=/dev/null' into the target. - MultiCurl: Make sure to reset the progress function when falling back. - version 17.31.6 (22) ------------------------------------------------------------------ ------------------ 2022-11-24 - Nov 24 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - KVM: s390: pv: don't allow userspace to set the clock under PV (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes jsc#PED-611). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes jsc#PED-611). - commit c226df2 - Update patch references for Bluetooth fixes (CVE-2022-42896 bsc#1205709 CVE-2022-42895 bsc#1205705) - commit 30ec8de - spi: tegra210-quad: Fix duplicate resource error (git-fixes). - spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - commit 019145b ++++ lshw: - Update to version B.02.19.2+git.20220831: * PA-RISC: handle pushd failure ++++ selinux-policy: - fix_sysnetwork.patch: firewalld uses /etc/sysconfig/network/ for network interface definition instead of /etc/sysconfig/network-scripts/, modified sysnetwork.fc to reflect that (bsc#1205580). ------------------------------------------------------------------ ------------------ 2022-11-23 - Nov 23 2022 ------------------- ------------------------------------------------------------------ ++++ conmon: - Update to version 2.1.5: * don't leak syslog_identifier * logging: do not read more that the buf size * logging: fix error handling * Makefile: Fix install for FreeBSD * signal: Track changes to get_signal_descriptor in the FreeBSD version * Packit: initial enablement - Update to version 2.1.4: * Fix a bug where conmon crashed when it got a SIGCHLD ++++ kernel-default: - blacklist.conf: duplicate - commit 5eaee0f - blacklist.conf: duplicate - commit d84acf3 - blacklist.conf: duplicate - commit 5ea51bc - blacklist.conf: duplicate - commit f3d467e - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - s390: fix nospec table alignments (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - commit 378329e - xfs: reserve quota for target dir expansion when renaming files (bsc#1205679). - commit d93b22e - drivers: net: slip: fix NPD bug in sl_tx_timeout() (bsc#1205671 CVE-2022-41858). - commit 99b5127 - dm: remove unnecessary assignment statement in alloc_dev() (git-fixes). - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - commit 79ca470 - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051). - Replace the in-house patch by the above upstream version, patches.suse/md-raid0-fix-buffer-overflow-at-debug-print.patch. - commit e122ea5 - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm: fix double accounting of flush with data (git-fixes). - dm: interlock pending dm_io and dm_wait_for_bios_completion (git-fixes). - dm: properly fix redundant bio-based IO accounting (git-fixes). - dm: revert partial fix for redundant bio-based IO accounting (git-fixes). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - commit 6214ae1 - blacklist.conf: add non-backport git-fixes commit - commit 054a1a9 - NFSD: Cap rsize_bop result based on send buffer size (bsc#1205128 CVE-2022-43945). - NFSD: Protect against send buffer overflow in NFSv3 READ (bsc#1205128 CVE-2022-43945). - NFSD: Protect against send buffer overflow in NFSv2 READ (bsc#1205128 CVE-2022-43945). - NFSD: Protect against send buffer overflow in NFSv3 READDIR (bsc#1205128 CVE-2022-43945). - NFSD: Protect against send buffer overflow in NFSv2 READDIR (bsc#1205128 CVE-2022-43945). - SUNRPC: Fix svcxdr_init_encode's buflen calculation (bsc#1205128 CVE-2022-43945). - SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation (bsc#1205128 CVE-2022-43945). - commit dd4f720 ++++ libnvme: - export nvme_ctrl_is_peristent() (bsc#1205657) * add 0023-libnvme.map-add-nvme_ctrl_is_persistent.patch ++++ nvme-cli: - fix 'persistent' handling during connect-all with JSON file (bsc#1205657) * add 0022-fabrics-fix-persistent-handling-during-connect-all-w.patch ++++ shim: - Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe because grub2 is not ready. (bsc#1205588) - Kernel can boot with the NX compatibility flag since 82e0d6d76a2a7 be merged to v5.19. On the other hand, upstream is working on improve compressed kernel stage for NX: [PATCH v3 00/24] x86_64: Improvements at compressed kernel stage https://www.spinics.net/lists/kernel/msg4599636.html ++++ vim: - Updated to version 9.0 with patch level 0814, fixes the following problems * Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow * Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483. * Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490. * Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598. * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c * Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer() * Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c * Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c * Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c * Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag() * Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. * Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c * Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free * Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse() * Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321 - ignore-flaky-test-failure.patch: Ignore failure of flaky tests - disable-unreliable-tests-arch.patch: Removed - for the complete list of changes see https://github.com/vim/vim/compare/v9.0.0313...v9.0.0814 ------------------------------------------------------------------ ------------------ 2022-11-22 - Nov 22 2022 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - Update to version 10.0.7 (bsc#1191880, bsc#1195925, bsc#1195924) - Implement functionality to detect if an update server has a new cert. Import the new cert when it is detected. - Forward port fix-for-sles12-disable-ipv6.patch - From 10.0.6 (bsc#1205089) - Credentials are equal when username and password are the same ignore other entries in the credentials file - Handle multiple zypper names in process table, zypper and Zypp-main to properly detect the running process ++++ kernel-default: - xfs: reserve quota for dir expansion when linking/unlinking files (bsc#1205616). - commit 1330e05 - add another bug reference to some hyperv changes (bsc#1205617). - commit 0b5e3d4 - net/smc: kABI workarounds for struct smc_sock (git-fixes). - commit d9f52e8 ++++ libarchive: - Fix CVE-2022-36227, Handle a calloc returning NULL (CVE-2022-36227, bsc#1205629) * CVE-2022-36227.patch ++++ libcontainers-common: - Update bundled common to 0.50.1 - Update bundled image to 5.23.1 - Update bundled storage to 1.44.0 - Drop bundled podman - Bump version to 20221122 - Install container-storage-driver.sh in /etc/ on Leap & SLE ++++ podman: - switch to building with go 1.17 - use %%make_* macros - drop /usr/share/user-tmpfiles.d/podman-docker.conf on SLE & Leap - remove rpmlintrc (contained only obsolete filters) - remove obsolete with_libostree (we don't build on anything older than SLE 15) - add patch: 0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch (hotfix for https://github.com/containers/podman/issues/16765) - Update to version 4.3.1: 4.3.1: [#]## Bugfixes - Fixed a deadlock between the `podman ps` and `podman container inspect` commands [#]## Misc - Updated the containers/image library to v5.23.1 4.3.0: [#]## Features - A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers. - A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted ([#15067](https://github.com/containers/podman/issues/15067)). - A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command). - The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend. - Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers). - Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers). - The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml` ([#14955](https://github.com/containers/podman/issues/14955)). - The `podman kube play` command now supports the `emptyDir` volume type ([#13309](https://github.com/containers/podman/issues/13309)). - The `podman kube play` command now supports the `HostUsers` field in the pod spec. - The `podman play kube` command now supports `binaryData` in ConfigMaps. - The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options. - The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user ([#15402](https://github.com/containers/podman/issues/15402)). - The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out. - Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images. - The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge "PATH=$PATH:/my/app" ...`) ([#15288](https://github.com/containers/podman/issues/15288)). - The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container). - The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container) ([#15294](https://github.com/containers/podman/issues/15294)). - The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file ([#15523](https://github.com/containers/podman/issues/15523)). - The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options. - The `podman restart` command now supports the `--cidfile` and `--filter` options. - The `podman rm` command now supports the `--filter` option to select which containers will be removed. - The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images. - The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility. - The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility. - The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility ([#14767](https://github.com/containers/podman/issues/14767)). - The `podman manifest create` command now accepts a new option, `--amend`/`-a`. - The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility. - The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`. - The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets. - The `podman secret ls` command now accepts the `--quiet`/`-q` option. - The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format. - The `podman stats` command now accepts the `--no-trunc` option. - The `podman save` command now accepts the `--signature-policy` option ([#15869](https://github.com/containers/podman/issues/15869)). - The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods ([#15674](https://github.com/containers/podman/issues/15674)). - A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility. - The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set ([#14707](https://github.com/containers/podman/issues/14707)). [#]## Changes - Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match ([#4217](https://github.com/containers/podman/issues/4217)). - The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function. - A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success. - When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored. - The installer for the Windows Podman client has been improved. - The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers) ([#15666](https://github.com/containers/podman/issues/15666)). - Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container ([#15878](https://github.com/containers/podman/issues/15878)). - Events for containers that are part of a pod now include the ID of the pod in the event. - SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication. - The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this. - The `podman inspect` command on containers now includes the digest of the image used to create the container. - Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled. [#]## Bugfixes - Fixed a bug where the `podman network prune` and `podman container prune` commands did not properly support the `--filter label!=` option ([#14182](https://github.com/containers/podman/issues/14182)). - Fixed a bug where the `podman kube generate` command added an unnecessary `Secret: null` line to generated YAML ([#15156](https://github.com/containers/podman/issues/15156)). - Fixed a bug where the `podman kube generate` command did not set `enableServiceLinks` and `automountServiceAccountToken` to false in generated YAML ([#15478](https://github.com/containers/podman/issues/15478) and [#15243](https://github.com/containers/podman/issues/15243)). - Fixed a bug where the `podman kube play` command did not properly handle CPU limits ([#15726](https://github.com/containers/podman/issues/15726)). - Fixed a bug where the `podman kube play` command did not respect default values for liveness probes ([#15855](https://github.com/containers/podman/issues/15855)). - Fixed a bug where the `podman kube play` command did not bind ports if `hostPort` was not specified but `containerPort` was ([#15942](https://github.com/containers/podman/issues/15942)). - Fixed a bug where the `podman kube play` command sometimes did not create directories on the host for `hostPath` volumes. - Fixed a bug where the remote Podman client's `podman manifest push` command did not display progress. - Fixed a bug where the `--filter "{{.Config.Healthcheck}}"` option to `podman image inspect` did not print the image's configured healthcheck ([#14661](https://github.com/containers/podman/issues/14661)). - Fixed a bug where the `podman volume create -o timeout=` option could be specified even when no volume plugin was in use. - Fixed a bug where the `podman rmi` command did not emit `untag` events when removing tagged images ([#15485](https://github.com/containers/podman/issues/15485)). - Fixed a bug where API forwarding with `podman machine` VMs on windows could sometimes fail because the pipe was not created in time ([#14811](https://github.com/containers/podman/issues/14811)). - Fixed a bug where the `podman pod rm` command could error if removal of a container in the pod was interrupted by a reboot. - Fixed a bug where the `exited` and `exec died` events for containers did not include the container's labels ([#15617](https://github.com/containers/podman/issues/15617)). - Fixed a bug where running Systemd containers on a system not using Systemd as PID 1 could fail ([#15647](https://github.com/containers/podman/issues/15647)). - Fixed a bug where Podman did not pass all necessary environment variables (including `$PATH`) to Conmon when starting containers ([#15707](https://github.com/containers/podman/issues/15707)). - Fixed a bug where the `podman events` command could function improperly when no events were present ([#15688](https://github.com/containers/podman/issues/15688)). - Fixed a bug where the `--format` flag to various Podman commands did not properly handle template strings including a newline (`\n`) ([#13446](https://github.com/containers/podman/issues/13446)). - Fixed a bug where Systemd-managed pods would kill every container in a pod when a single container exited ([#14546](https://github.com/containers/podman/issues/14546)). - Fixed a bug where the `podman generate systemd` command would generate incorrect YAML for pods created without the `--name` option. - Fixed a bug where the `podman generate systemd --new` command did not properly set stop timeout ([#16149](https://github.com/containers/podman/issues/16149)). - Fixed a bug where a broken OCI spec resulting from the system rebooting while a container is being started could cause the `podman inspect` command to be unable to inspect the container until it was restarted. - Fixed a bug where creating a container with a working directory on an overlay volume would result in the container being unable to start ([#15789](https://github.com/containers/podman/issues/15789)). - Fixed a bug where attempting to remove a pod with running containers without `--force` would not error and instead would result in the pod, and its remaining containers, being placed in an unusable state ([#15526](https://github.com/containers/podman/issues/15526)). - Fixed a bug where memory limits reported by `podman stats` could exceed the maximum memory available on the system ([#15765](https://github.com/containers/podman/issues/15765)). - Fixed a bug where the `podman container clone` command did not properly handle environment variables whose value contained an `=` character ([#15836](https://github.com/containers/podman/issues/15836)). - Fixed a bug where the remote Podman client would not print the container ID when running the `podman-remote run --attach stdin` command. - Fixed a bug where the `podman machine list --format json` command did not properly show machine starting status. - Fixed a bug where automatic updates would not error when attempting to update a container with a non-fully qualified image name ([#15879](https://github.com/containers/podman/issues/15879)). - Fixed a bug where the `podman pod logs --latest` command could panic ([#15556](https://github.com/containers/podman/issues/15556)). - Fixed a bug where Podman could leave lingering network namespace mounts on the system if cleaning up the network failed. - Fixed a bug where specifying an unsupported URI scheme for `podman system service` to listen at would result in a panic. - Fixed a bug where the `podman kill` command would sometimes not transition containers to the exited state ([#16142](https://github.com/containers/podman/issues/16142)). [#]## API - Fixed a bug where the Compat DF endpoint reported incorrect reference counts for volumes ([#15720](https://github.com/containers/podman/issues/15720)). - Fixed a bug in the Compat Inspect endpoint for Networks where an incorrect network option was displayed, causing issues with `docker-compose` ([#15580](https://github.com/containers/podman/issues/15580)). - The Libpod Restore endpoint for Containers now features a new query parameter, `pod`, to set the pod that the container will be restored into ([#15018](https://github.com/containers/podman/issues/15018)). - Fixed a bug where the REST API could panic while retrieving images. - Fixed a bug where a cancelled connection to several endpoints could induce a memory leak. [#]## Misc - Error messages when attempting to remove an image used by a non-Podman container have been improved ([#15006](https://github.com/containers/podman/issues/15006)). - Podman will no longer print a warning that `/` is not a shared mount when run inside a container ([#15295](https://github.com/containers/podman/issues/15295)). - Work is ongoing to port Podman to FreeBSD. - The output of `podman generate systemd` has been adjusted to improve readability. - A number of performance improvements have been made to `podman create` and `podman run`. - A major reworking of the manpages to ensure duplicated options between commands have the same description text has been performed. - Updated Buildah to v1.28.0 - Updated the containers/image library to v5.23.0 - Updated the containers/storage library to v1.43.0 - Updated the containers/common library to v0.50.1 ++++ slirp4netns: - New upstream release 1.2.0: * Add slirp4netns --target-type=bess /path/to/bess.sock for supporting UML (#281) * Explicitly support DHCP (#270) * Update parson to v1.1.3 (#273) kgabis/parson@70dc239...2d7b3dd * Refactored tests (#271) - modernize spec file ------------------------------------------------------------------ ------------------ 2022-11-21 - Nov 21 2022 ------------------- ------------------------------------------------------------------ ++++ irqbalance: - Add mainline fixes (bnc#1204962, bsc#1206661): A irqbalance-properly-check-if-irq-is-banned.patch A get-irq-module-relationship-from-sys-bus-pci-driver.patch A irqbalance-ui-skip-in-parse_setup-to-avoid-coredump.patch A Fix-uninitialized-variable.patch ++++ kernel-default: - blacklist.conf: kABI - commit f550bb4 - tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (git-fixes). - commit dc34c13 - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (git-fixes). - commit 23caa81 - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - commit 9bbef30 - tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (git-fixes). - commit 68dace2 - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - commit 2e9b117 - ring_buffer: Do not deactivate non-existant pages (git-fixes). - commit 0458d7a - ftrace: Optimize the allocation for mcount entries (git-fixes). - commit 5b2b25a - ftrace: Fix the possible incorrect kernel message (git-fixes). - commit 7323c8c - tracing: Fix memory leak in tracing_read_pipe() (git-fixes). - commit 690c08a - net/smc: kABI workarounds for struct smc_link (git-fixes). - commit 0cbe94a - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - commit 11920bc - blacklist.conf: duplicate - commit ddd82f9 - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - Refresh patches.suse/gup-Turn-fault_in_pages_-readable-writeable-into-fault_in_-readable-writeable.patch. - commit aec526a - blacklist.conf: duplicate - commit dcdcbbd - MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (git-fixes). - commit 16f21a3 - tracing/ring-buffer: Have polling block on watermark (git-fixes). - commit 5c3e4d5 - powerpc/pseries/vas: Declare pseries_vas_fault_thread_fn() as static (bsc#1194869). - commit 02a3582 - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - commit f98b221 - blacklist.conf: kABI - commit 431bd9c - blacklist.conf: duplicate - commit 53c7bfc - platform/x86/intel: hid: add quirk to support Surface Go 3 (git-fixes). - commit 23ccaa2 - blacklist.conf: too intrusive - commit 67ad270 - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - commit 7c94cdb - blacklist.conf: Add fixes for unsupported platforms - commit 10ca02b - net: smsc95xx: add support for Microchip EVB-LAN8670-USB (git-fixes). - commit af40ba9 - Update patch reference for rtl8712 driver fix (CVE-2022-4095 bsc#1205514) - commit 67f2ad4 - usbnet: smsc95xx: Don't reset PHY behind PHY driver's back (git-fixes). - commit b693ef6 - usb: smsc: use eth_hw_addr_set() (git-fixes). - commit 67dd1e9 - powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S (bsc#1194869). - commit 6d56eff - patches.suse/btrfs-fix-deadlock-between-quota-enable-and-other-qu.patch: (bsc#1205521). - commit a75b0e8 ++++ openssl-1_1: - FIPS: Service-level indicator [bsc#1190651] * Mark PBKDF2 with key shorter than 112 bits as non-approved * Add openssl-1_1-ossl-sli-007-pbkdf2-keylen.patch ++++ sudo: - Added sudo-utf8-ldap-schema.patch * Change sudo-ldap schema from ASCII to UTF8. * Fixes bsc#1197998 * Credit to William Brown * https://github.com/sudo-project/sudo/pull/163 ++++ suse-module-tools: - Update to version 15.4.15: Backport bug fixes from factory * driver-check.sh, unblacklist: convert egrep to grep -E (bsc#1203092) * kernel-scriptlets: don't pass flags to weak-modules2 (bsc#1195391) * driver-check.sh: avoid false positive error messages (boo#1200107) - Update to version 15.4.14: * 80-hotplug-cpu-mem.rules: use CONST{arch} (bsc#1204423) ++++ toolbox: - bump the container version to 5.4 ------------------------------------------------------------------ ------------------ 2022-11-19 - Nov 19 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes). - commit c6c293f - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - commit 287b2ba - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: typec: mux: Enter safe mode only when pins need to be reconfigured (git-fixes). - Revert "usb: dwc3: disable USB core PHY management" (git-fixes). - serial: 8250: Flush DMA Rx on RLSI (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (git-fixes). - Revert "tty: n_gsm: replace kicktimer with delayed_work" (git-fixes). - Revert "tty: n_gsm: avoid call of sleeping functions from atomic context" (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - tty: serial: fsl_lpuart: don't break the on-going transfer when global reset (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - firmware: coreboot: Register bus in module init (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - speakup: fix a segfault caused by switching consoles (git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: adc: mp2629: fix potential array out of bound access (git-fixes). - iio: adc: mp2629: fix wrong comparison of channel (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - commit 5d6506d ------------------------------------------------------------------ ------------------ 2022-11-18 - Nov 18 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net/smc: Fix possible leaked pernet namespace in smc_init() (git-fixes). - net/smc: Fix an error code in smc_lgr_create() (git-fixes). - net/smc: Fix possible access to freed memory in link clear (git-fixes). - net/smc: Fix slab-out-of-bounds issue in fallback (git-fixes). - net/smc: Only save the original clcsock callback functions (git-fixes). - net/smc: Fix sock leak when release after smc_shutdown() (git-fixes). - net/smc: send directly on setting TCP_NODELAY (git-fixes). - net/smc: Send directly when TCP_CORK is cleared (git-fixes). - net/smc: Avoid overwriting the copies of clcsock callback functions (git-fixes). - net/smc: Forward wakeup to smc socket waitqueue after fallback (git-fixes). - commit a5aa4ad - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (git-fixes). - x86/hyperv: fix invalid writes to MSRs during root partition kexec (git-fixes). - clocksource/drivers/hyperv: add data structure for reference TSC MSR (git-fixes). - Drivers: hv: fix repeated words in comments (git-fixes). - HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes). - drm/hyperv: Add ratelimit on error message (git-fixes). - scsi: storvsc: remove an extraneous "to" in a comment (git-fixes). - Drivers: hv: vmbus: Don't wait for the ACPI device upon initialization (git-fixes). - Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes). - Drivers: hv: vmbus: Fix kernel-doc (git-fixes). - drm/hyperv: Don't overwrite dirt_needed value set by host (git-fixes). - Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes). - Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes). - PCI: Move PCI_VENDOR_ID_MICROSOFT/PCI_DEVICE_ID_HYPERV_VIDEO definitions to pci_ids.h (git-fixes). - tools: hv: kvp: remove unnecessary (void*) conversions (git-fixes). - Drivers: hv: remove duplicate word in a comment (git-fixes). - tools: hv: Remove an extraneous "the" (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - Drivers: hv: vmbus: Release cpu lock in error case (git-fixes). - Drivers: hv: Fix syntax errors in comments (git-fixes). - scsi: storvsc: Fix typo in comment (git-fixes). - Drivers: hv: vmbus: fix typo in comment (git-fixes). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - x86/hyperv: Disable hardlockup detector by default in Hyper-V guests (git-fixes). - Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes). - hv_sock: Add validation for untrusted Hyper-V values (git-fixes). - hv_sock: Copy packets sent by Hyper-V out of the ring buffer (git-fixes). - hv_sock: Check hv_pkt_iter_first_raw()'s return value (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - commit 5a5a746 - Update kabi files. Update using the released November MU kernel 5.14.21-150400.24.33.2 - commit b0daa6c - sched: Clear ttwu_pending after enqueue_task() (git fixes (sched/core)). - commit 8216675 - soc: imx8m: Enable OCOTP clock before reading the register (git-fixes). - arm64: dts: imx8mn: Fix NAND controller size-cells (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes). - ARM: dts: imx7: Fix NAND controller size-cells (git-fixes). - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - bridge: switchdev: Fix memory leaks when changing VLAN protocol (git-fixes). - net: phy: marvell: add sleep time after enabling the loopback bit (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - commit f0f96f8 - soundwire: intel: Initialize clock stop timeout (bsc#1205507). - commit ed7ad85 ++++ tiff: - security update: * CVE-2022-3570 [bsc#1205422] * CVE-2022-3598 [bsc#1204642] + tiff-CVE-2022-3598,3570.patch ++++ shim: - Add shim-Enable-the-NX-compatibility-flag-by-default.patch to enable the NX compatibility flag by default. (jsc#PED-127) - Drop upstreamed patch: - shim-Enable-TDX-measurement-to-RTMR-register.patch - Enable TDX measurement to RTMR register (jsc#PED-1273) - 4fd484e4c2 15.7 ------------------------------------------------------------------ ------------------ 2022-11-17 - Nov 17 2022 ------------------- ------------------------------------------------------------------ ++++ cni: - Add patch to fix bsc#1181961 aka CVE-2021-20206 added 0001-tighten-up-plugin-finding-logic.patch - disable usage of go modules to fix build failures with go 1.19 ++++ cni-plugins: - Add patch to fix bsc#1181961 aka CVE-2021-20206 added 0001-tighten-up-plugin-finding-logic.patch ++++ kernel-default: - io_uring: fix io_timeout_remove locking (git-fixes). - io_uring: correct __must_hold annotation (git-fixes). - commit afa1999 - Update metadata references - commit 48537d5 - KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes). - commit 64aefe3 - KVM: SVM: retrieve VMCB from assembly (git-fixes). - commit fdd0aa2 - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - block: blk_queue_enter() / __bio_queue_enter() must return - EAGAIN for nowait (git-fixes). - blk-mq: fix io hung due to missing commit_rqs (git-fixes). - block/rnbd-srv: Set keep_id to true after mutex_trylock (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - block: add bio_start_io_acct_time() to control start_time (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git-fixes). - commit 58eed28 - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - Refresh for the above change, patches.suse/0002-nbd-fix-possible-overflow-on-first_minor-in-nbd_dev_.patch. - commit 8281951 - KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes). - commit 7b25718 - KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (git-fixes). - commit 7867341 - KVM: x86: use a separate asm-offsets.c file (git-fixes). - commit 0602ab1 - KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (git-fixes). - commit 499c3ca - drm/amdkfd: Migrate in CPU page fault use current mm (git-fixes). - commit f476661 - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - pinctrl: rockchip: list all pins in a possible mux route for PX30 (git-fixes). - platform/surface: aggregator: Do not check for repeated unsequenced packets (git-fixes). - platform/x86/intel: pmc: Don't unconditionally attach Intel PMC when virtualized (git-fixes). - arm64: efi: Fix handling of misaligned runtime regions and drop warning (git-fixes). - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (git-fixes). - nilfs2: fix use-after-free bug of ns_writer on remount (git-fixes). - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: hda/hdmi - enable runtime pm for more AMD display audio (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - drm/amdgpu: disable BACO on special BEIGE_GOBY card (git-fixes). - wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (git-fixes). - thunderbolt: Add DP OUT resource when DP tunnel is discovered (git-fixes). - drm/amdkfd: handle CPU fault on COW mapping (git-fixes). - drm/amdkfd: avoid recursive lock in migrations back to RAM (git-fixes). - commit 438c140 - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (git-fixes). - commit 89491ed - KVM: x86: Report error when setting CPUID if Hyper-V allocation fails (git-fixes). - commit 335e5aa - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - block: drop unused includes in (git-fixes). - commit a549255 - blacklist.conf: add commits suggested by git-fixes which won't be backported - commit d1fe12d - KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes). - commit d6a15a7 - KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init() (git-fixes). - commit ce66979 - KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (git-fixes). - commit 3387324 - KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (git-fixes). - commit 1b36b28 ++++ libcontainers-common: - add container-storage-driver.sh (bsc#1197093) ++++ python3-core: - Add bsc1188607-pythreadstate_clear-decref.patch to fix crash in the garbage collection (bsc#1188607). ++++ python3: - Add bsc1188607-pythreadstate_clear-decref.patch to fix crash in the garbage collection (bsc#1188607). ++++ salt: - Pass the context to pillar ext modules - Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685) - Detect module run syntax version - Implement automated patches alignment for the Salt Bundle - Ignore extend declarations from excluded SLS files (bsc#1203886) - Clarify pkg.installed pkg_verify documentation - Enhance capture of error messages for Zypper calls in zypperpkg module - Make pass renderer configurable and fix detected issues - Workaround fopen line buffering for binary mode (bsc#1203834) - Added: * detect-module.run-syntax.patch * fopen-workaround-bad-buffering-for-binary-mode-563.patch * make-pass-renderer-configurable-other-fixes-532.patch * clarify-pkg.installed-pkg_verify-documentation.patch * align-amazon-ec2-nitro-grains-with-upstream-pr-bsc-1.patch * pass-the-context-to-pillar-ext-modules.patch * ignore-extend-declarations-from-excluded-sls-files.patch * include-stdout-in-error-message-for-zypperpkg-559.patch ++++ shim: - Update to 15.7 (bsc#1198458)(jsc#PED-127) - Patches (git log --oneline --reverse 15.6..15.7) 0eb07e1 Make SBAT variable payload introspectable 092c2b2 Reference MokListRT instead of MokList 8b59b69 Add a link to the test plan in the readme. 4fd484e Enable TDX measurement to RTMR register 14d6339 Discard load-options that start with a NUL 5c537b3 shim: Flush the memory region from i-cache before execution 2d4ebb5 load_cert_file: Fix stack issue ea4911c load_cert_file: Use EFI RT memory function 0cf43ac Add -malign-double to IA32 compiler flags 17f0233 pe: Fix image section entry-point validation 5169769 make-archive: Build reproducible tarball aa1b289 mok: remove MokListTrusted from PCR 7 53509ea CryptoPkg/BaseCryptLib: fix NULL dereference 616c566 More coverity modeling ea0d0a5 Update shim's .sbat to sbat,3 dd8be98 Bump grub's sbat requirement to grub,3 1149161 (HEAD -> main, tag: 15.7, origin/main, origin/HEAD) Update version to 15.7 - 15.7 release note https://github.com/rhboot/shim/releases Make SBAT variable payload introspectable by @chrisccoulson in #483 Reference MokListRT instead of MokList by @esnowberg in #488 Add a link to the test plan in the readme. by @vathpela in #494 [V3] Enable TDX measurement to RTMR register by @kenplusplus in #485 Discard load-options that start with a NUL by @frozencemetery in #505 load_cert_file bugs by @esnowberg in #523 Add -malign-double to IA32 compiler flags by @nicholasbishop in #516 pe: Fix image section entry-point validation by @iokomin in #518 make-archive: Build reproducible tarball by @julian-klode in #527 mok: remove MokListTrusted from PCR 7 by @baloo in #519 - Drop upstreamed patch: - shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch - Cryptlib/CryptAuthenticode: fix NULL pointer dereference in AuthenticodeVerify() - 53509eaf22 15.7 - shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch - For backporting the following patches between 15.6 with aa1b289a1a (jsc#PED-127) - The following patches are merged to 15.7 aa1b289a1a mok: remove MokListTrusted from PCR 7 0cf43ac6d7 Add -malign-double to IA32 compiler flags ea4911c2f3 load_cert_file: Use EFI RT memory function 2d4ebb5a79 load_cert_file: Fix stack issue 5c537b3d0c shim: Flush the memory region from i-cache before execution 14d6339829 Discard load-options that start with a NUL 092c2b2bbe Reference MokListRT instead of MokList 0eb07e11b2 Make SBAT variable payload introspectable - Update shim.changes, added missed shim 15.6-rc1 and 15.6 changelog to the item in Update to 15.6. (bsc#1198458) ------------------------------------------------------------------ ------------------ 2022-11-16 - Nov 16 2022 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - Add patch to block IPv6 on SLE12 (bsc#1203382) ++++ kernel-default: - KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (git-fixes). - commit 3ada3ae - tcp: Fix data races around icsk->icsk_af_ops (CVE-2022-3566 bsc#1204405). - commit f7cc985 - ipv6: Fix data races around sk->sk_prot (CVE-2022-3567 bsc#1204414). - ipv6: annotate some data-races around sk->sk_prot (CVE-2022-3567 bsc#1204414). - commit 654a4f7 - KVM: nVMX: Rename handle_vm{on,off}() to handle_vmx{on,off}() (git-fixes). - commit 7218ba7 - KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1 (git-fixes). - commit b0f3ab9 - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (git-fixes). - commit 81fd9e6 - KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (git-fixes). - commit 1a1eab3 - KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (git-fixes). - commit e7e1382 - KVM: SEV: Mark nested locking of vcpu->lock (git-fixes). - commit 5f6bf6f - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (git-fixes). - commit e3ae104 - KVM: x86: avoid loading a vCPU after .vm_destroy was called (git-fixes). - commit 29af845 - KVM: Move wiping of the kvm->vcpus array to common code (git-fixes). - commit 9720dc5 - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1205427 LTC#200502). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205427 LTC#200502). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - commit ad7cfae - nilfs2: fix deadlock in nilfs_count_free_blocks() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: at_hdmac: Don't allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (git-fixes). - commit f7fc242 - dmaengine: at_hdmac: Fix concurrency over the active list (git-fixes). - dmaengine: at_hdmac: Free the memset buf without holding the chan lock (git-fixes). - dmaengine: at_hdmac: Fix concurrency over descriptor (git-fixes). - dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (git-fixes). - dmaengine: at_hdmac: Protect atchan->status with the channel lock (git-fixes). - dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (git-fixes). - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (git-fixes). - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (git-fixes). - dmaengine: at_hdmac: Don't start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - commit 718fc6d - KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog (git-fixes). - commit d582f6e - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - commit 3e58402 - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - commit d022167 - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (git-fixes). - commit af8969b - KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (git-fixes). - commit 4c10c2f - x86/futex: Remove .fixup usage (git-fixes). - commit 687839d - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100). - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100). - commit ca2ce49 - x86/extable: Extend extable functionality (git-fixes). - commit 28f726d - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - commit 6805cb3 - x86/uaccess: Implement macros for CMPXCHG on user addresses (git-fixes). - commit 680ab7c - Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (git-fixes). - Refresh config. - commit 7888244 - KVM: x86/pmu: Fix and isolate TSX-specific performance event logic (git-fixes). - commit e13feb1 - kABI: Fix kABI after "KVM: x86/pmu: Use different raw event masks for AMD and Intel" (git-fixes). - commit d086901 - KVM: x86/pmu: Use different raw event masks for AMD and Intel (git-fixes). - commit fd5bd7c ++++ openssl-1_1: - FIPS: Service-level indicator [bsc#1190651] * Consider RSA siggen/sigver with PKCS1 padding also approved * Add openssl-1_1-ossl-sli-006-rsa_pkcs1_padding.patch - FIPS: Service-level indicator [bsc#1190651] * Return the correct indicator for a given EC group order bits * Add openssl-1_1-ossl-sli-005-EC_group_order_bits.patch ++++ openSUSE-repos-LeapMicro: - Update to version 20221116.d3d7bc7: * Use zypp style variable for DIST_ARCH boo#1205460 * Remove service generated service file on uninstall ++++ qemu: - Fix qemu "block limits" VPD emulation broken (bsc#1202364) * Patches added: hw-scsi-scsi-generic-Fixup-VPD-block-lim.patch scsi-generic-Fix-emulated-block-limits-V.patch ++++ samba: - Update to 4.15.12 * CVE-2022-42898: samba: heimdal: Samba buffer overflow vulnerabilities on 32-bit systems; (bso#15203); (bsc#1205126). - Update to 4.15.11 * Allow rebuild of Centos 8 images after move to vault for Samba 4.15; (bso#15193). * CVE-2022-3437: samba: Buffer overflow in Heimdal unwrap_des3(); (bso#15134); (bsc#1204254) ------------------------------------------------------------------ ------------------ 2022-11-15 - Nov 15 2022 ------------------- ------------------------------------------------------------------ ++++ libdb-4_8: - Security fix: [bsc#1174414, CVE-2019-2708] * libdb: Data store execution leads to partial DoS * Backport the upsteam commits: - Fixed several possible crashes when running db_verify on a corrupted database. [#27864] - Fixed several possible hangs when running db_verify on a corrupted database. [#27864] - Added a warning message when attempting to verify a queue database which has many extent files. Verification will take a long time if there are many extent files. [#27864] * Add libdb-4_8-CVE-2019-2708.patch ++++ hwdata: - update to 0.364: + Updated pci, usb and vendor ids. ++++ kernel-default: - xen/gntdev: Accommodate VMA splitting (git-fixes). - commit 0745691 - KVM: x86/mmu: WARN if old _or_ new SPTE is REMOVED in non-atomic path (git-fixes). - commit bc980a8 - KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap (git-fixes). - commit d3e6160 - blacklist.conf: add fcb732d8f8cf ("KVM: x86/xen: Fix runstate updates to be atomic when preempting vCPU") - commit d42ecb5 - blacklist.conf: add 55749769fe60 ("KVM: x86: Fix wall clock writes in Xen shared_info not to mark page dirty") - commit 08e6ef4 - KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes). - commit a7fc31c - KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes). - commit f0c4a2c - KVM: x86: emulator: update the emulation mode after rsm (git-fixes). - commit debb42a - KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes). - commit a9da797 - KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes). - commit e252f98 - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (git-fixes). - commit f452678 - KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes). - commit c7494f8 - KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes). - commit b042017 - KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes). - commit ce5ff67 - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (git-fixes). - commit e0caade - Update patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch Patch (44b3834b2eed5 "arm64: errata: Remove AES hwcap for COMPAT tasks") added new workaround identifier. Remove one placeholder to keep kABI intact. - commit e23b992 - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default - commit fbe1536 - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (git-fixes) - commit c70ddd5 - arm64: fix rodata=full again (git-fixes) - commit 62260a8 - kabi: sk_buff.scm_io_uring (bsc#1204228 CVE-2022-2602). - commit 9a9bd27 ++++ libnvme: - fabrics: Duplicate strings when merging configs (bsc#1205019) * add 0022-fabrics-Duplicate-strings-when-merging-configs.patch - remove unused patch (duplicated of patch #0013) * remove 0022-json-schema-add-dhchap_key-details-to-host-section.patch ++++ nvme-cli: - Honor JSON config file in connect-all command (bsc#1203204 bsc#1203163) * add 0016-fabrics-nvme-config-modify-depends-on-n-and-t-argume.patch * add 0017-fabrics-Honor-JSON-config-file-in-connect-all-comman.patch * add 0018-fabrics-Trigger-auto-connect-if-config.json-exists.patch - Add show-topology command (bsc#1200089) * add 0019-nvme-Add-show-topology-command.patch * add 0020-doc-Add-nvme-show-topology-documnetation.patch * add 0021-completions-Add-show-topology-tab-completion.patch ++++ shim: - Add shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch for backporting the following patches between 15.6 with aa1b289a1a (jsc#PED-127): aa1b289a1a16774afc3143b8948d97261f0872d0 mok: remove MokListTrusted from PCR 7 0cf43ac6d78c6f47f8b91210639ac1aa63665f0b Add -malign-double to IA32 compiler flags ea4911c2f3ce8f8f703a1476febac86bb16b00fd load_cert_file: Use EFI RT memory function 2d4ebb5a798aafd3b06d2c3cb9c9840c1caa41ef load_cert_file: Fix stack issue 5c537b3d0cf8c393dad2e61d49aade68f3af1401 shim: Flush the memory region from i-cache before execution 14d63398298c8de23036a4cf61594108b7345863 Discard load-options that start with a NUL 092c2b2bbed950727e41cf450b61c794881c33e7 Reference MokListRT instead of MokList 0eb07e11b20680200d3ce9c5bc59299121a75388 Make SBAT variable payload introspectable - Add shim-Enable-TDX-measurement-to-RTMR-register.patch to support enhance shim measurement to TD RTMR. (jsc#PED-1273) - For pushing openSUSE:Factory/shim to SLE15-SP5, sync the shim.spec and shim.changes: (jsc#PED-127) - Add some change log from SLE shim.changes to Factory shim.changes Those messages are added "(sync shim.changes from SLE)" tag. - Add the following changes to shim.spec - only apply Patch100, the shim-bsc1198101-opensuse-cert-prompt.patch on openSUSE. - Enable the AArch64 signature check for SLE: [#] AArch64 signature signature=%{SOURCE13} ------------------------------------------------------------------ ------------------ 2022-11-14 - Nov 14 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (git-fixes). - scsi: qedf: Populate sysfs attributes for vport (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - commit 71fe2f3 - intel_idle: make SPR C1 and C1E be independent (jsc#PED-1936). - commit 6f9a5d3 - cpuidle: intel_idle: Drop redundant backslash at line end (jsc#PED-1936). - commit 593da52 - cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (jsc#PED-849). - commit 4bf905f - cpufreq: intel_pstate: Handle no_turbo in frequency invariance (jsc#PED-849). - commit 41e314e - intel_idle: Fix SPR C6 optimization (jsc#PED-824 jsc#PED-1936). - commit 29ea7f2 - intel_idle: Fix the 'preferred_cstates' module parameter (jsc#PED-824 jsc#PED-1936). - commit 07146fb - intel_idle: Add AlderLake support (jsc#PED-824). - commit 6094f58 - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - commit 1a14cb1 - KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled (bsc#1205007). - commit a0ddd6a - io_uring/af_unix: defer registered files gc to io_uring release (bsc#1204228 CVE-2022-2602). - commit 52299ff ------------------------------------------------------------------ ------------------ 2022-11-13 - Nov 13 2022 ------------------- ------------------------------------------------------------------ ++++ tiff: - security update: * CVE-2022-3597 [bsc#1204641] * CVE-2022-3626 [bsc#1204644] * CVE-2022-3627 [bsc#1204645] + tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch * CVE-2022-3599 [bsc#1204643] + tiff-CVE-2022-3599.patch * CVE-2022-3970 [bsc#1205392] + tiff-CVE-2022-3970.patch ++++ xfsprogs: - mkfs: don't trample the gid set in the protofile (bsc#1205266) - Add xfsprogs-mkfs-don-t-trample-the-gid-set-in-the-protofile.patch - mkfs: prevent corruption of passed-in suboption string values (bsc#1205377) - Add xfsprogs-mkfs-prevent-corruption-of-passed-in-suboption-strin.patch - mkfs: terminate getsubopt arrays properly (bsc#1205284) - Add xfsprogs-mkfs-terminate-getsubopt-arrays-properly.patch - xfs_repair: ignore empty xattr leaf blocks (bsc#1205272) - Add xfsprogs-xfs_repair-ignore-empty-xattr-leaf-blocks.patch ------------------------------------------------------------------ ------------------ 2022-11-11 - Nov 11 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - fuse: add file_modified() to fallocate (bsc#1205332). - fuse: fix readdir cache race (bsc#1205331). - commit 75f741e - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - commit aa8c5d3 - net: phy: mscc: macsec: clear encryption keys when freeing a flow (git-fixes). - macsec: clear encryption keys from the stack after setting up offload (git-fixes). - macsec: fix detection of RXSCs when toggling offloading (git-fixes). - macsec: fix secy->n_rx_sc accounting (git-fixes). - macsec: delete new rxsc when offload fails (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - soundwire: qcom: check for outanding writes before doing a read (git-fixes). - soundwire: qcom: reinit broadcast completion (git-fixes). - phy: ralink: mt7621-pci: add sentinel to quirks table (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - mtd: parsers: bcm47xxpart: Fix halfblock reads (git-fixes). - media: v4l: subdev: Fail graciously when getting try data for NULL state (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: rkisp1: Zero v4l2_subdev_format fields in when validating links (git-fixes). - media: rkisp1: Use correct macro for gradient registers (git-fixes). - media: rkisp1: Initialize color space on resizer sink and source pads (git-fixes). - media: rkisp1: Don't pass the quantization to rkisp1_csm_config() (git-fixes). - mtd: parsers: bcm47xxpart: print correct offset on read error (git-fixes). - video/fbdev/stifb: Implement the stifb_fillrect() function (git-fixes). - commit 5883e57 - can: j1939: j1939_send_one(): fix missing CAN header initialization (git-fixes). - can: af_can: fix NULL pointer dereference in can_rx_register() (git-fixes). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - efi: random: Use 'ACPI reclaim' memory for random seed (git-fixes). - efi: random: reduce seed size to 32 bytes (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (git-fixes). - drm/msm/hdmi: fix IRQ lifetime (git-fixes). - i2c: xiic: Add platform module alias (git-fixes). - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - HID: playstation: add initial DualSense Edge controller support (git-fixes). - drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV case (git-fixes). - drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (git-fixes). - commit 5a3b429 ++++ libslirp: - added patches fix https://gitlab.freedesktop.org/slirp/libslirp/-/issues/64 + libslirp-semicolon.patch ------------------------------------------------------------------ ------------------ 2022-11-10 - Nov 10 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/fpu: Drop fpregs lock before inheriting FPU permissions (bnc#1205282). - commit bbde2ef - blacklist.conf: cleanup designed to break kABI - commit e1ca2ce - blacklist.conf: cleanup designed to break kABI - commit 3471afe - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - commit f29a164 - io_uring: disable polling signalfd pollfree files (CVE-2022-3176 bsc#1203391). - commit ff11e05 - blacklist.conf: kABI - commit 52ff77d - blacklist.conf: prerequisites would break kABI - commit 3f3b1f5 ++++ libcontainers-common: - postinstall script: slight cleanup, no functional change ++++ mozilla-nss: - Update nss-fips-approved-crypto-non-ec.patch to allow the use SHA keygen mechs (bsc#1191546). - Update nss-fips-constructor-self-tests.patch to ensure abort() is called when the repeat integrity check fails (bsc#1198980). ------------------------------------------------------------------ ------------------ 2022-11-9 - Nov 9 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: this patch would need an inordinary number of prerequisites for a race in a corner case - commit 4987ef8 - blacklist.conf: kABI - commit 29e4b4e - Update patch metadata for media fix (CVE-2022-3903 bsc#1205220) - commit 899a453 - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (git-fixes). - commit 9091aa0 ++++ python3-core: - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding extremely long domain names. ++++ python3: - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding extremely long domain names. ------------------------------------------------------------------ ------------------ 2022-11-8 - Nov 8 2022 ------------------- ------------------------------------------------------------------ ++++ iputils: - Backport 2 fixes for bsc#1203957: 0001-ping-Add-SA_RESTART-to-sa_flags.patch 0002-ping-Make-ping_rts-struct-static.patch ++++ kernel-default: - Update patches.suse/scsi-ibmvfc-Avoid-path-failures-during-live-migratio.patch (bsc#1065729 bsc#1204810 ltc#200162). - commit ba4e679 - drm/i915/gvt: fix double free bug in split_2MB_gtt_entry (bsc#1204780, CVE-2022-3707) - commit 3d29636 - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - commit 32de176 - Refresh patches.suse/scsi-ibmvfc-Do-not-wait-for-initial-device-scan.patch. Refresh to upstream version of patch. - commit aba4ad9 - Refresh sorted patches. - commit 3d3be93 - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729). - commit 2f0fa7f - Update patches.suse/arm64-Add-AMPERE1-to-the-Spectre-BHB-affected-list.patch (git-fixes, bsc#1205153). Add reference to bsc#1205153. - commit 08070be - arm64: Add AMPERE1 to the Spectre-BHB affected list (git-fixes). - arm64: errata: Add Cortex-A55 to the repeat tlbi list (git-fixes). Enable CONFIG_ARM64_ERRATUM_2441007, too - commit 57ef351 - ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111). - ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111). - commit fdb6d05 - rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE This new form was added in commit b8c86872d1dc (riscv: fix detection of toolchain Zicbom support). - commit e9f2ba6 ++++ suseconnect-ng: - Update to version 1.0.0~git0.faee7c196dc1: * Revert "packaging: 1.0.0 -> 1.0" - Update to version v1.0~git0.32cac3fb5047: * packaging: 1.0.0 -> 1.0 ------------------------------------------------------------------ ------------------ 2022-11-7 - Nov 7 2022 ------------------- ------------------------------------------------------------------ ++++ lvm2-device-mapper: - killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216) - bug-1203216_lvmlockd-purge-the-lock-resources-left-in-previous-l.patch ++++ kernel-default: - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (git-fixes). - commit 4b18e0d - io-wq: don't retry task_work creation failure on fatal conditions (bnc#1205113). - io-wq: Remove duplicate code in io_workqueue_create() (bnc#1205113). - io-wq: fix silly logic error in io_task_work_match() (bnc#1205113). - io-wq: fix cancellation on create-worker failure (bnc#1205113). - commit f9f6f38 - Add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149) - commit 888e01e - cifs: fix use-after-free on the link name (bsc#1193629). - commit c8e18d6 - cifs: avoid unnecessary iteration of tcp sessions (bsc#1193629). - commit 3b19f83 - cifs: always iterate smb sessions using primary channel (bsc#1193629). - commit 5cac47b - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1193629). - commit 6bd980d - cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1193629). - commit 4170ae6 - cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1193629). - commit b7ff361 - Move upstreamed tracing patch into sorted section - commit c9209ac ++++ krb5: - Fix integer overflows in PAC parsing; (CVE-2022-42898); (bso#15203), (bsc#1205126). - Added patches: * 0010-Fix-integer-overflows-in-PAC-parsing.patch ++++ lvm2: - killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216) - bug-1203216_lvmlockd-purge-the-lock-resources-left-in-previous-l.patch ++++ libzypp: - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - properly reset range requests (bsc#1204548) - version 17.31.5 (22) ++++ zypper: - Update man page and explain '.no_auto_prune' (bsc#1204956) - Allow to (re)add a service with the same URL (bsc#1203715) - Explain outdatedness of repos (fixes #463) - BuildRequires: libzypp-devel >= 17.31.5 - version 1.14.58 ------------------------------------------------------------------ ------------------ 2022-11-5 - Nov 5 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - commit e9c6d7c - arm64: entry: avoid kprobe recursion (git-fixes). - Documentation: devres: add missing I2C helper (git-fixes). - i2c: piix4: Fix adapter not be removed in piix4_remove() (git-fixes). - efi/tpm: Pass correct address to memblock_reserve (git-fixes). - arm64: dts: juno: Add thermal critical trip points (git-fixes). - firmware: arm_scmi: Make Rx chan_setup fail on memory errors (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (git-fixes). - dt-bindings: power: gpcv2: add power-domains property (git-fixes). - arm64: dts: imx8: correct clock order (git-fixes). - ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (git-fixes). - commit 9fbcbe8 ------------------------------------------------------------------ ------------------ 2022-11-4 - Nov 4 2022 ------------------- ------------------------------------------------------------------ ++++ conmon: - Add patch to fix build with make >= 4.4: * 0001-Fix-tools-Makefile-with-GNU-make-4.4.patch ++++ grub2: - Security fixes and hardenings * 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch * 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch - Fix CVE-2022-2601 (bsc#1205178) * 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch * 0004-font-Remove-grub_font_dup_glyph.patch * 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch * 0006-font-Fix-integer-overflow-in-BMP-index.patch * 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch * 0008-fbutil-Fix-integer-overflow.patch - Fix CVE-2022-3775 (bsc#1205182) * 0009-font-Fix-an-integer-underflow-in-blit_comb.patch * 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch * 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch * 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch - Bump upstream SBAT generation to 3 ++++ ipset: - Tumbleweed is not affected by the following SLE issues: bsc#1122853 ++++ kernel-default: - Move upstreamed patches into sorted section - commit 490afd7 - x86/sev: Don't use cc_platform_has() for early SEV-SNP calls (bsc#1204970). - x86/boot: Don't propagate uninitialized boot_params->cc_blob_address (bsc#1204970). - x86/boot: Fix the setup data types max limit (bsc#1204970). - x86/compressed/64: Add identity mappings for setup_data entries (bsc#1204970). - x86/sev: Annotate stack change in the #VC handler (bsc#1204970). - x86/sev: Remove duplicated assignment to variable info (bsc#1204970). - commit 1ad6c0c - selftests/pidfd_test: Remove the erroneous ',' (git-fixes). - vsock: fix possible infinite sleep in vsock_connectible_wait_data() (git-fixes). - vsock: remove the unused 'wait' in vsock_connectible_recvmsg() (git-fixes). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - rose: Fix NULL pointer dereference in rose_send_frame() (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: fdp: Fix potential memory leak in fdp_nci_send() (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (git-fixes). - xhci: Add quirk to reset host back to default state at shutdown (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - kernfs: fix use-after-free in __kernfs_remove (git-fixes). - serial: core: move RS485 configuration tasks from drivers into core (git-fixes). - commit 356bf7e - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - Bluetooth: virtio_bt: Use skb_put to set length (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - fs/binfmt_elf: Fix memory leak in load_elf_binary() (git-fixes). - commit 9e67c0b - Move upstreamed BT fixes into sorted section - commit 9cff1e2 - blacklist.conf: add 8250_mtk entry that was reverted - commit c43b30f ++++ pixman: - Add pixman-CVE-2022-44638.patch: avoid an integer overflow (boo#1205033 CVE-2022-44638). ++++ suse-module-tools: - Update to version 15.4.13: * 80-hotplug-cpu-mem.rules: restrict cpu rule to x86_64 (bsc#1204423) ------------------------------------------------------------------ ------------------ 2022-11-3 - Nov 3 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - IB/core: Fix a nested dead lock as part of ODP flow (git-fixes) - commit 6f2ee60 - Update kabi files. Refresh from Nov 2022 MU - 5.14.21-150400.24.28.1 - commit a5edbce - ALSA: hiface: fix repeated words in comments (git-fixes). - commit 1897e56 - ALSA: scarlett2: Add Focusrite Clarett+ 8Pre support (git-fixes). - ALSA: scarlett2: Add support for the internal "standalone" switch (git-fixes). - ALSA: scarlett2: Split scarlett2_config_items[] into 3 sections (git-fixes). - ALSA: usb-audio: scarlett2: Use struct_size() helper in scarlett2_usb() (git-fixes). - commit 51a746f - ALSA: usb-audio: Add mixer mapping for Gigabyte B450/550 Mobos (git-fixes). - Refresh patches.suse/ALSA-usb-audio-More-comprehensive-mixer-map-for-ASUS.patch. - commit aad3dbe - ALSA: line6: remove line6_set_raw declaration (git-fixes). - ALSA: usb-audio: Add quirk to enable Avid Mbox 3 support (git-fixes). - ALSA: usb-audio: make read-only array marker static const (git-fixes). - ALSA: line6: Replace sprintf() with sysfs_emit() (git-fixes). - ALSA: usb/6fire: fix repeated words in comments (git-fixes). - ALSA: usb-audio: remove redundant assignment to variable c (git-fixes). - commit 7b36d72 - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (bsc#1204705). - commit 2e712ad ++++ systemd: - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 ae2067b062 time-util: fix buffer-over-run (bsc#1204968 CVE-2022-3821) 0469b9f2bc pstore: do not try to load all known pstore modules ad05f54439 pstore: Run after modules are loaded ccad817445 core: Add trigger limit for path units 281d818fe3 core/mount: also add default before dependency for automount mount units ffe5b4afa8 logind: fix crash in logind on user-specified message string ++++ sudo: - Added sudo-CVE-2022-43995.patch * CVE-2022-43995 * bsc#1204986 * Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend. ------------------------------------------------------------------ ------------------ 2022-11-2 - Nov 2 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Refresh patches.suse/ppc64-kdump-Limit-kdump-base-to-512MB.patch to upstream version. - commit 0f63234 - Update patch references to patches.suse/0001-floppy-disable-FDRAWCMD-by-default.patch (bsc#1200692 CVE-2022-33981). - commit 913147c - scsi: scsi_transport_fc: Use %u for dev_loss_tmo (bsc#1202914). - commit 0d14223 - iommu/vt-d: Do not falsely log intel_iommu is unsupported kernel option (bsc#1204947). - commit 440c18c - wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() (CVE-2022-3628 bsc#1204868). - commit 968feec - Drop Dell Dock regression fix patch again (bsc#1204719) It tunred out to be bogus, a different fix is needed - commit 2c62bb9 - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - commit dc8f2da - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - commit d6d1732 - Move upstreamed sound patches into sorted section - commit a5b0f8c - ALSA: usb-audio: Fix regression with Dell Dock jack detection (bsc#1204719). - commit ec69ec6 - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Fix spelling mistake "unsolicted" -> "unsolicited" (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - commit f06c1f8 - RDMA/irdma: Remove the unnecessary variable saddr (git-fixes) [#] Conflicts: [#] series.conf - commit cc60033 - RDMA/irdma: Use net_type to check network type (git-fixes) [#] Conflicts: [#] series.conf - commit cc0ac5a - Drop verbose nvme logging feature (bsc#1200567) This feature caused regressions by logging all failed NVMe commands. Though not all of them are actually a real error. E.g. libnvme is probing for features and handling fails correctly. Upstream fixed this by disabling this feature and looking into making this an opt-in option. - Delete patches.suse/nvme-add-verbose-error-logging.patch. - Delete patches.suse/nvme-don-t-print-verbose-errors-for-internal-passthr.patch. - commit a82baa8 - RDMA/irdma: Validate udata inlen and outlen (git-fixes) - commit c66230c - RDMA/irdma: Add support for address handle re-use (git-fixes) - commit 456aa9c - RDMA/irdma: Move union irdma_sockaddr to header file (git-fixes) - commit 01da806 - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - commit 82010dd - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - commit 82368b9 - RDMA/srp: Support more than 255 rdma ports (git-fixes) - commit 6da7233 - RDMA/srp: Handle dev_set_name() failure (git-fixes) - commit 2aa5768 - RDMA/srp: Use the attribute group mechanism for sysfs attributes (git-fixes) - commit ee393a3 - RDMA/srp: Rework the srp_add_port() error path (git-fixes) - commit cf4fa33 - livepatch: fix race between fork and KLP transition (bsc#1071995). - commit bc0a77a - RDMA/srpt: Introduce a reference count in struct srpt_device (git-fixes) - commit fecc405 - RDMA/srpt: Fix a use-after-free (git-fixes) - commit e0cd3e8 - RDMA/srpt: Duplicate port name members (git-fixes) - commit accb2fe - Update patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch (bsc#1204693). - commit 9cde40b ++++ openSUSE-repos-LeapMicro: - Update to version 20221103.b904c44: * drop dependency on suse-release ------------------------------------------------------------------ ------------------ 2022-11-1 - Nov 1 2022 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Fix rules not loaded when restarting auditd.service(bsc#1204844) ++++ kernel-default: - blacklist.conf: scripts/gdb: Allow to read printk log buffer on 32-bit systems; hardly needed by anyone - commit c5107b2 - printk: wake waiters for safe and NMI contexts (bsc#1204934). - commit ccf6fd7 - printk: use atomic updates for klogd work (bsc#1204934). - commit 42aa5d7 - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - commit 91ae0ab - Revert "workqueue: remove unused cancel_work()" (bsc#1204933). - commit a8f292e - signal: break out of wait loops on kthread_stop() (bsc#1204926). - commit 1f81ec4 - net/mlx5e: Properly disable vlan strip on non-UL reps (git-fixes). - commit ea8a4bd - net: ipvtap - add __init/__exit annotations to module init/exit funcs (git-fixes). - commit bcfb537 - bonding: 802.3ad: fix no transmission of LACPDUs (git-fixes). - commit 0446df6 - net: moxa: get rid of asymmetry in DMA mapping/unmapping (git-fixes). - commit 6609905 - net: ipa: don't assume SMEM is page-aligned (git-fixes). - commit 41f9dec - stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() (git-fixes). - commit bb8b4d3 - Update metadata references - commit bdfc8f9 - Refresh patches.suse/drm-bridge-lt8912b-fix-corrupted-image-output.patch. Alt-commit - commit f154e04 - Refresh patches.suse/drm-bridge-lt8912b-set-hdmi-or-dvi-mode.patch. Alt-commit - commit 54a25a3 - Refresh patches.suse/drm-bridge-lt8912b-add-vsync-hsync.patch. Alt-commit - commit 6755cca - Refresh patches.suse/drm-amdgpu-don-t-register-a-dirty-callback-for-non-a.patch. Alt-commit - commit 5548e46 - Refresh patches.suse/drm-msm-dsi-Fix-number-of-regulators-for-SDM660.patch. Alt-commit - commit c51fb10 - Refresh patches.suse/drm-msm-dsi-Fix-number-of-regulators-for-msm8996_dsi.patch. Alt-commit - commit e910e60 - Refresh patches.suse/drm-msm-dp-delete-DP_RECOVERED_CLOCK_OUT_EN-to-fix-t.patch. Alt-commit - commit 8f4fbd6 - Refresh patches.suse/drm-amdgpu-make-sure-to-init-common-IP-before-gmc.patch. Alt-commit - commit d839738 - Refresh patches.suse/drm-amdgpu-move-nbio-sdma_doorbell_range-into-sdma-c.patch. Alt-commit - commit 4202af7 - Refresh patches.suse/drm-amdgpu-move-nbio-ih_doorbell_range-into-ih-code-.patch. Alt-commit - commit 6a84f94 - Refresh patches.suse/drm-simpledrm-Fix-return-type-of-simpledrm_simple_di.patch. Alt-commit - commit c6e149e - Refresh patches.suse/drm-nouveau-fix-another-off-by-one-in-nvbios_addr.patch. Alt-commit - commit 7c051d6 - Refresh patches.suse/drm-amd-display-Only-use-depth-36-bpp-linebuffers-on.patch. Alt-commit - commit e1c296d - Refresh patches.suse/Revert-drm-amdgpu-display-set-vblank_disable_immedia.patch. Alt-commit - commit 1bf4062 - Refresh patches.suse/drm-fourcc-fix-integer-type-usage-in-uapi-header.patch. Alt-commit - commit 174b777 - Refresh patches.suse/drm-bridge-ti-sn65dsi83-Handle-dsi_lanes-0-as-invali.patch. Alt-commit - commit d529823 - Refresh patches.suse/Revert-drm-amd-pm-keep-the-BACO-feature-enabled-for-.patch. Alt-commit - commit b27902a ------------------------------------------------------------------ ------------------ 2022-10-31 - Oct 31 2022 ------------------- ------------------------------------------------------------------ ++++ lvm2-device-mapper: - dracut-initqueue timeouts with 5.3.18-150300.59.63 kernel on ppc64le (bsc#1199074) - in lvm2.spec, change device_mapper_version from 1.02.163 to %{lvm2_version}_1.02.163 ++++ kernel-default: - RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - commit a0cf107 - IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - commit e49e34a - RDMA/rxe: Fix resize_finish() in rxe_queue.c (git-fixes) - commit 6b44016 - RDMA/siw: Fix QP destroy to wait for all references dropped. (git-fixes) - commit 61cef3e - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - commit 296a57b - RDMA/srp: Fix srp_abort() (git-fixes) - commit 7984b35 - RDMA/irdma: Align AE id codes to correct flush code and event (git-fixes) - commit c55a705 - RDMA/rxe: Fix the error caused by qp->sk (git-fixes) - commit 85ed907 - RDMA/rxe: Fix "kernel NULL pointer dereference" error (git-fixes) - commit 94f5187 - RDMA/mlx5: Don't compare mkey tags in DEVX indirect mkey (git-fixes) - commit cbf3855 - RDMA/irdma: Report RNR NAK generation in device caps (git-fixes) - commit 7306409 - RDMA/irdma: Return correct WC error for bind operation failure (git-fixes) - commit bb7b5cd - RDMA/irdma: Return error on MR deregister CQP failure (git-fixes) - commit e8ec2a2 - RDMA/irdma: Report the correct max cqes from query device (git-fixes) - commit 2b8a0ed - RDMA/siw: Pass a pointer to virt_to_page() (git-fixes) - commit c54f89a - usb: gadget: bdc: fix typo in comment (git-fixes). - commit 0b9f194 - usb: typec: tcpm: fix typo in comment (git-fixes). - commit a66c855 - RDMA/srp: Set scmnd->result only when scmnd is not NULL (git-fixes) - commit 458db53 - RDMA/cma: Fix arguments order in net device validation (git-fixes) - commit 81952c8 - RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - commit f572d06 - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - commit 934e48d - RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes) - commit 6e82f19 - RDMA/rxe: Fix rnr retry behavior (git-fixes) - commit 7a75da5 - RDMA/rxe: For invalidate compare according to set keys in mr (git-fixes) - commit 66293aa - RDMA/rxe: Fix mw bind to allow any consumer key portion (git-fixes) - commit c8934f1 - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - commit 79b1a39 - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - commit 706d0f6 - RDMA: remove useless condition in siw_create_cq() (git-fixes) - commit 6f61f5a - RDMA/irdma: Fix setting of QP context err_rq_idx_valid field (git-fixes) - commit 026149f - RDMA/irdma: Fix VLAN connection with wildcard address (git-fixes) - commit f75f6bd - RDMA/irdma: Fix a window for use-after-free (git-fixes) - commit 5ca4a5f - RDMA/rxe: Fix deadlock in rxe_do_local_ops() (git-fixes) - commit afef467 - RDMA/irdma: Fix sleep from invalid context BUG (git-fixes) - commit 735c971 - RDMA/irdma: Do not advertise 1GB page size for x722 (git-fixes) - commit ccc988f - RDMA/qedr: Fix reporting QP timeout attribute (git-fixes) - commit c6a81d4 - RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - commit 2b22d3a - RDMA/hns: Add the detection for CMDQ status in the device initialization process (git-fixes) - commit 7090c13 - RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - commit 2a9e949 - blacklist.conf: Clarify status of 6f5c672d17f583b081e283927f5040f726c54598. - commit cfc21b5 - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - commit 3602f60 - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - iio: bmc150-accel-core: Fix unsafe buffer attributes (git-fixes). - iio: adxl372: Fix unsafe buffer attributes (git-fixes). - iio: temperature: ltc2983: allocate iio channels once (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - usb: dwc3: gadget: Don't set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - ACPI: video: Make backlight class device registration a separate step (v2) (git-fixes). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - net: usb: r8152: Add in new Devices that are supported for Mac-Passthru (git-fixes). - arm64/mm: Consolidate TCR_EL1 fields (git-fixes). - commit 510527f ++++ lvm2: - dracut-initqueue timeouts with 5.3.18-150300.59.63 kernel on ppc64le (bsc#1199074) - in lvm2.spec, change device_mapper_version from 1.02.163 to %{lvm2_version}_1.02.163 ++++ libxml2: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ++++ libxml2-python: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ++++ tar: - Fix unexpected inconsistency when making directory, bsc#1203600 * tar-avoid-overflow-in-symlinks-tests.patch * tar-fix-extract-unlink.patch - Update race condition fix, bsc#1200657 * tar-fix-race-condition.patch - Refresh bsc1200657.patch ++++ timezone: - timezone update 2022f (bsc#1177460): * Mexico will no longer observe DST except near the US border * Chihuahua moves to year-round -06 on 2022-10-30 * Fiji no longer observes DST * Move links to 'backward' * In vanguard form, GMT is now a Zone and Etc/GMT a link * zic now supports links to links, and vanguard form uses this * Simplify four Ontario zones * Fix a Y2438 bug when reading TZif data * Enable 64-bit time_t on 32-bit glibc platforms * Omit large-file support when no longer needed * In C code, use some C23 features if available * Remove no-longer-needed workaround for Qt bug 53071 - Refreshed patches: * fat.patch * tzdata-china.diff ------------------------------------------------------------------ ------------------ 2022-10-30 - Oct 30 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - commit 2afc9ce - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - commit c6de351 ------------------------------------------------------------------ ------------------ 2022-10-29 - Oct 29 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - tracing: Fix reading strings from synthetic events (git-fixes). - commit b3d60fe - tracing: Add "(fault)" name injection to kernel probes (git-fixes). - commit e8dfbfa - tracing: Move duplicate code of trace_kprobe/eprobe.c into header (git-fixes). - commit 4676a84 - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - commit 40cb188 - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - commit 9e07624 - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - commit 35b9e24 - ring-buffer: Fix race between reset page and reading page (git-fixes). - commit e172e8c - tracing: Wake up waiters when tracing is disabled (git-fixes). - commit e65663f - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - commit d726bd0 - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - commit 3f155a7 - ALSA: rme9652: use explicitly signed char (git-fixes). - ALSA: au88x0: use explicitly signed char (git-fixes). - ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600 (git-fixes). - commit 1285ea5 - device property: Fix documentation for *_match_string() APIs (git-fixes). - PM: domains: Fix handling of unavailable/disabled idle states (git-fixes). - PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (git-fixes). - mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - ALSA: aoa: Fix I2S device accounting (git-fixes). - ALSA: Use del_timer_sync() before freeing timer (git-fixes). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (git-fixes). - ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile (git-fixes). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - drm/i915/dp: Reset frl trained flag before restarting FRL training (git-fixes). - drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (git-fixes). - drm/msm/dp: fix IRQ lifetime (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm: fix use-after-free on probe deferral (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - commit a89c8ce - blacklist.conf: add reverted ASoC patches - commit 67ca727 ------------------------------------------------------------------ ------------------ 2022-10-28 - Oct 28 2022 ------------------- ------------------------------------------------------------------ ++++ python-kiwi: - Fixed kexec options setup in kiwi-dump-reboot The dracut module 99kiwi-dump-reboot creates an options list for kexec. Under certain conditions the options list can contain multiple spaces which leads to an error when calling kexec. This commit makes sure to trim white spaces. This Fixes #2178 Backported from upstream c694e25b22 - Bump version up to 9.24.43 This version includes: * Fixed error handling for setfiles policy lookup Errors from os.scandir were not catched. In addition the path to run scandir was not properly created * Prefer file based syscall in kexec when possible (bsc#1203896) Use file based syscall in kexec if available. This is needed to support boot on an secure boot enabled system and is in general more reliable to boot into the system on real hardware platforms * Correct setfiles relabeling This change was inspired by a change done on Fedora's livecd-tools from here: livecd-tools/livecd-tools#236. The patch corrects issues with the setfiles SELinux relabel command. The issues become apparent when the host and guest policies differ. Thus it becomes required to explicitly set the policy to decouple from eventual unwanted host settings. * Fix helper method to detect dracut outfile format The method _get_boot_image_output_file_format_from_dracut_code is used in kiwi to match parts of the dracut code for the used output file format. Beginning with dracut-056 the code part checked has changed syntactically such that the match did no longer work. This commit increases the scope of the match and replace pattern and Fixes #2149 * Fixed handling of signing_keys in cmdline options When passing signing_keys with the --add-repo|--set-repo commandline options the delimiter to separate the single key information is a colon(:). However, this is stupid when kiwi expects the signing key to be references as an URI format like file://... Therefore this patch changes the delimiter from colon(:) to semicolon(;) * Setup SELinux on every system prepare / build (#2148) Setup SELinux on every system prepare / build such that all image types benefit from it not only the disk (oem) type * Install all of QEMU to Ubuntu arm integration test * rename user to ubuntu for Ubuntu integration test * Move to sphinx>=5.0.0 * Fixed sphinx extlinks rendering In Sphinx v5 warning will be treated as errors. This results in the following warning to be an error: extlinks: Sphinx-6.0 will require a caption string to contain exactly one '%s' and all other '%' need to be escaped as '%%'. This commit applies the required quoting * Added example aarch64 integration test for Ubuntu Created a RaspberryPI image description for Ubuntu(jammy) as integration test for building aarch64 images and added it to the integration test matrix * Added --target-arch for image info Allow cross arch dependency solving * Add support for group id in users setting Allow to specify the group id in the groups list a user should belong to. The group id can be placed as part of the group name separated by a colon like in the following example: Please note kiwi checks if the provided group already exists and only creates a group if it is not already present in the system. As default groups are usually provided by the OS itself including its preferred group id, you will intentionally not be able to overwrite group id for existing groups. This Fixes #2064 ++++ kernel-default: - net: mscc: ocelot: fix address of SYS_COUNT_TX_AGING counter (git-fixes). - commit a23c712 - net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() (git-fixes). - commit 9684564 - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (git-fixes). - commit bcb13eb - Update patch reference for USB fix (bsc#1196018 CVE-2022-28748 bsc#1202686 CVE-2022-2964) - commit 0ee154e - i40e: Fix to stop tx_timeout recovery if GLOBR fails (git-fixes). - commit 9ae1da4 - iavf: Fix reset error handling (git-fixes). - commit d4babdd - iavf: Fix adminq error handling (git-fixes). - commit 403a1a3 - net: moxa: pass pdev instead of ndev to DMA functions (git-fixes). - commit e117a5b - mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice (git-fixes). - commit 6677912 - net: dsa: mv88e6060: prevent crash on an unused port (git-fixes). - commit 00d6b8c - fec: Fix timer capture timing in `fec_ptp_enable_pps()` (git-fixes). - commit 1a47f16 - dpaa2-eth: trace the allocated address instead of page struct (git-fixes). - commit 1020d1e - net: atlantic: fix aq_vec index out of range error (git-fixes). - commit 46d90a2 - plip: avoid rcu debug splat (git-fixes). - commit eb203b2 - net: bgmac: Fix a BUG triggered by wrong bytes_compl (git-fixes). - commit cb50cd4 - net: bcmgenet: Indicate MAC is in charge of PHY PM (git-fixes). - commit 1147d60 - xfs: convert XLOG_FORCED_SHUTDOWN() to xlog_is_shutdown() (git-fixes). - commit ab97572 - xfs: fix xfs_ifree() error handling to not leak perag ref (git-fixes). - commit 2b17a84 - can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - mac802154: Fix LQI recording (git-fixes). - media: vivid: set num_in/outputs to 0 if not supported (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes). - media: vivid: s_fbuf: add more sanity checks (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (git-fixes). - commit 78420ce ++++ openssl-1_1: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel [bsc#1202148] ++++ python3-core: - Add CVE-2022-37454-sha3-buffer-overflow.patch to fix bsc#1204577 (CVE-2022-37454, gh#python/cpython#98517) buffer overflow in hashlib.sha3_* implementations (originally from the XKCP library). ++++ python3: - Add CVE-2022-37454-sha3-buffer-overflow.patch to fix bsc#1204577 (CVE-2022-37454, gh#python/cpython#98517) buffer overflow in hashlib.sha3_* implementations (originally from the XKCP library). ++++ suseconnect-ng: - Update to version 1.0.0~git0.60e48564a714 (bsc#1204821): * packaging: obsolete suseconnect < 1.0.0 * packaging: don't end the summary with a dot ------------------------------------------------------------------ ------------------ 2022-10-27 - Oct 27 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Add CVE reference to patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch (bsc#1196018 CVE-2022-28748 CVE-2022-2964). - commit 1298a2a - HID: hidraw: fix memory leak in hidraw_release() (git-fixes). - commit 0e980ee - octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (git-fixes). - commit cc822b8 - octeontx2-af: Fix key checking for source mac (git-fixes). - commit 2b15002 - octeontx2-af: Fix mcam entry resource leak (git-fixes). - commit 1934a04 - octeontx2-af: suppress external profile loading warning (git-fixes). - commit f03aa66 - octeontx2-af: Apply tx nibble fixup always (git-fixes). - commit 127ded0 - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes). - commit fd012c5 - nfp: ethtool: fix the display error of `ethtool -m DEVNAME` (git-fixes). - commit 145a612 - net/ice: fix initializing the bitmap in the switch code (git-fixes). - commit 1864c2e - net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ size (git-fixes). - commit 0f9b4b8 - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (git-fixes). - commit 26fe2e5 - netdevsim: fib: Fix reference count leak on route deletion failure (git-fixes). - commit ef84aaa - ice: do not setup vlan for loopback VSI (git-fixes). - commit 2f72810 - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (git-fixes). - commit c63938e - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (git-fixes). - commit 435b54b - sfc: disable softirqs for ptp TX (git-fixes). - commit def7cc9 - octeontx2-pf: Fix UDP/TCP src and dst port tc filters (git-fixes). - commit a2053ff - net: fix IFF_TX_SKB_NO_LINEAR definition (git-fixes). - commit 36a8155 - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - thunderbolt: Explicitly enable lane adapter hotplug events at startup (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: host: xhci-plat: suspend/resume clks for brcm (git-fixes). - usb: host: xhci-plat: suspend and resume clocks (git-fixes). - soundwire: intel: fix error handling on dai registration issues (git-fixes). - soundwire: cadence: Don't overwrite msg->buf during write commands (git-fixes). - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (git-fixes). - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (git-fixes). - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (git-fixes). - spi: Ensure that sg_table won't be used after being freed (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - selinux: use "grep -E" instead of "egrep" (git-fixes). - thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - selinux: allow FIOCLEX and FIONCLEX with policy capability (git-fixes). - commit 2b3f1b5 - gcov: support GCC 12.1 and newer compilers (git-fixes). - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (git-fixes). - drm/amd/display: Fix vblank refcount in vrr transition (git-fixes). - kbuild: rpm-pkg: fix breakage when V=1 is used (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - HID: roccat: Fix use-after-free in roccat_read() (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - drm/amd/display: Remove interface for periodic interrupt 1 (git-fixes). - drm/meson: explicitly remove aggregate driver at module unload time (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm: bridge: dw_hdmi: only trigger hotplug event on link change (git-fixes). - drm/nouveau/kms/nv140-: Disable interlacing (git-fixes). - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (git-fixes). - drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook (git-fixes). - drm/virtio: Check whether transferred 2D BO is shmem (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/chrome: cros_ec: Notify the PM of wake events during resume (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - regulator: core: Prevent integer underflow (git-fixes). - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (git-fixes). - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (git-fixes). - ima: fix blocking of security.ima xattrs of unsupported algorithms (git-fixes). - commit 73e3036 - arm64: topology: move store_cpu_topology() to shared code (git-fixes). - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (git-fixes). - ARM: dts: imx6sx: add missing properties for sram (git-fixes). - ARM: dts: imx6sll: add missing properties for sram (git-fixes). - ARM: dts: imx6sl: add missing properties for sram (git-fixes). - ARM: dts: imx6qp: add missing properties for sram (git-fixes). - ARM: dts: imx6dl: add missing properties for sram (git-fixes). - ARM: dts: imx6q: add missing properties for sram (git-fixes). - ARM: dts: imx7d-sdb: config the max pressure for tsc2046 (git-fixes). - ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (git-fixes). - ASoC: SOF: pci: Change DMI match info to support all Chrome platforms (git-fixes). - ALSA: usb-audio: Fix last interface check for registration (git-fixes). - ALSA: usb-audio: Register card at the last interface (git-fixes). - Bluetooth: L2CAP: Fix user-after-free (git-fixes). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release (git-fixes). - Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - ARM: decompressor: Include .data.rel.ro.local (git-fixes). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (git-fixes). - ACPI: tables: FPDT: Don't call acpi_os_map_memory() on invalid phys address (git-fixes). - ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (git-fixes). - ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd() (git-fixes). - commit de318d1 - blacklist.conf: update blacklist - commit 78ca650 - kABI: Fix kABI after backport Forcibly leave nested virt when SMM state is toggled (git-fixes). - commit 8343da0 - kABI: Fix kABI after backport Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - commit 44b42bd - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - commit e6fc5be - kABI: Fix kABI after backport Update vPMCs when retiring branch instructions (git-fixes). - commit 4209455 - kABI: Fix kABI after backport Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - commit 9fc8292 ++++ mozilla-nss: - Require libjitter only for SLE15-SP4 and greater ++++ osinfo-db: - Update to database version 20221018 osinfo-db-20221018.tar.xz ------------------------------------------------------------------ ------------------ 2022-10-26 - Oct 26 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - KVM: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors (git-fixes). - commit 22e05f5 - overflow.h: restore __ab_c_size (git-fixes). - commit 9dbc158 - KVM: x86: Add KVM_CAP_ENABLE_CAP to x86 (git-fixes). - commit 3acb74c - KVM: x86/pmu: Don't truncate the PerfEvtSeln MSR when creating a perf event (git-fixes). - commit 9a723c2 - overflow: Implement size_t saturating arithmetic helpers (jsc#PED-1211). - commit fecede0 - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - commit d072831 - blacklist.conf: Add cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id - commit 382b2e7 - blacklist.conf: Add c530a3c716b9 sched/psi: Fix periodic aggregation shut off - commit 56b9a2a - KVM: x86: nSVM/nVMX: set nested_run_pending on VM entry which is a result of RSM (git-fixes). - commit 274c60f - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - commit 5377513 - KVM: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state (git-fixes). - commit cd056ba - KVM: x86: nSVM: fix potential NULL derefernce on nested migration (git-fixes). - commit 272884f - KVM: x86: Sync the states size with the XCR0/IA32_XSS at, any time (git-fixes). - commit c927187 - KVM: x86: Keep MSR_IA32_XSS unchanged for INIT (git-fixes). - commit c61458a - KVM: x86: Forcibly leave nested virt when SMM state is toggled (git-fixes). - commit f22036a - Update patches.suse/usb-mon-make-mmapped-memory-read-only.patch (bsc#1204653 CVE-2022-43750). Added CVE and bsc - commit 93b1d48 - KVM: x86/pmu: Fix available_event_types check for REF_CPU_CYCLES event (git-fixes). - commit 436d9eb - KVM: x86: Update vPMCs when retiring branch instructions (git-fixes). - Refresh patches.suse/kvm-emulate-do-not-adjust-size-of-fastop-and-setcc-subroutines.patch. - commit 1f8391b - KVM: x86: Update vPMCs when retiring instructions (git-fixes). - commit c4d4a64 - KVM: x86/pmu: Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - commit 91025b1 - KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - commit 8080b0e - kABI: Fix kABI after backport Always set kvm_run->if_flag (git-fixes). - KVM: x86: Always set kvm_run->if_flag (git-fixes). - commit daa5fd4 - KVM: x86/mmu: Don't advance iterator after restart due to yielding (git-fixes). - commit 86c02c7 - KVM: x86/mmu: Retry page fault if root is invalidated by memslot update (git-fixes). - commit c96dbdc ++++ expat: - Security fix: * (CVE-2022-43680, bsc#1204708) use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations - Added patch expat-CVE-2022-43680.patch ++++ mozilla-nss: - update to NSS 3.79.2 (bsc#1204729) * bmo#1785846 - Bump minimum NSPR version to 4.34.1. * bmo#1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. ------------------------------------------------------------------ ------------------ 2022-10-25 - Oct 25 2022 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.323.gca0e74f0: * fix(network-manager): always install the library plugins directory (bsc#1202014) * feat(dracut-init.sh): add inst_libdir_dir() helper (bsc#1202014) A series of fixes for NVMeoF boot (bsc#1203368): * fix(network-legacy): misleading duplicate address detection using wicked * fix(man): dracut.cmdline.7: clarify "rd.nvmf.discover=fc,auto" * fix(network): avoid double brackets around IPv6 address * feat(nvmf): set rd.neednet=1 if tcp records encountered * fix(man): dracut.cmdline(7): correct syntax for rd.nonvmf * fix(network): don't use same ifname multiple times * fix(nvmf): run cmdline hook before parse-ip-opts.sh * fix(nvmf): avoid calling "exit" in a cmdline hook * fix(nvmf): make sure "rd.nvmf.discover=fc,auto" takes precedence * fix(nvmf): don't use "finished" queue for autoconnect * fix(nvmf): don't create did-setup file * fix(nvmf): no need to load the nvme module * fix(nvmf): don't try to validate network connections in cmdline hook * fix(nvmf): nvme list-subsys prints the address using commas as separator * fix(nvmf): deprecate old nvmf cmdline options * fix(nvmf): set executable bit on nvmf-autoconnect.sh ++++ gnutls: - Fix AVX CPU feature detection for OSXSAVE [bsc#1203299] * Fixes a SIGILL termination at the verzoupper instruction when trying to run GnuTLS on a Linux kernel with the noxsave command line parameter set. Relevant mostly for virutal systems. * Upstream bug: https://gitlab.com/gnutls/gnutls/issues/1282 * Add gnutls-clear-AVX-bits-if-it-cannot-be-queried-XSAVE.patch ++++ kernel-default: - KVM: fix avic_set_running for preemptable kernels (git-fixes). - commit 457ae39 - KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (git-fixes). - commit 58e3def - xen/gntdev: Prevent leaking grants (git-fixes). - commit 73a7df7 - KVM: nVMX: Ignore SIPI that arrives in L2 when vCPU is not in WFS (git-fixes). - commit 8c88ccd - KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" (git-fixes). - commit f7976c7 - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - commit 938654e - usb: gadget: f_fs: stricter integer overflow checks (git-fixes). - commit 07d2846 - blacklist.conf: prerequisites too risky - commit 93c5479 - scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (bnc#1204498). - commit e73c4d3 - usb: cdc-wdm: Use skb_put_data() instead of skb_put/memcpy pair (git-fixes). - commit a0de208 - Update patch reference for patches.suse/devlink-Fix-use-after-free-after-a-failed-reload.patch (git-fixes bsc#1204637 CVE-2022-3625). - commit fd50fbc - pinctrl: Ingenic: JZ4755 bug fixes (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: fix static_branch manipulation (git-fixes). - commit afe6697 ++++ libcontainers-common: - set detached sigstore attachments for the SUSE controlled registries ++++ libtasn1: - Add libtasn1-CVE-2021-46848.patch: Fixed off-by-one array size check that affects asn1_encode_simple_der (CVE-2021-46848, bsc#1204690). ++++ rpm: - Strip critical bit in signature subpackage parsing * modified patch: pgpharden.diff - Add workaround to make newer dnf versions no longer deadlock after it imported a pubkey [bnc#1202750] * new patch: keyimportdeadlock.diff ++++ suse-build-key: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put our PEM key there too (bsc#1204706) ------------------------------------------------------------------ ------------------ 2022-10-24 - Oct 24 2022 ------------------- ------------------------------------------------------------------ ++++ docker: - Fix wrong After: in docker.service, fixes bsc#1188447 ++++ grub2: - Include loopback into signed grub2 image (jsc#PED-2150) ++++ kernel-default: - io_uring: use original request task for inflight tracking (CVE-2022-40476 bsc#1203435). - commit 941d6b4 - Update patches.suse/powerpc-pseries-vas-Pass-hw_cpu_id-to-node-associati.patch (bsc#1194869 bsc#1204428 ltc#200180). - commit fe8b379 - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - commit d934ca7 - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - commit ed18dc7 - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - commit 4649dee - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - commit 554a8e9 - net: mvpp2: fix mvpp2 debugfs leak (bsc#1204417 CVE-2022-3535). - bnx2x: fix potential memory leak in bnx2x_tpa_stop() (bsc#1204402 CVE-2022-3542). - nfp: fix use-after-free in area_cache_get() (bsc#1204415 CVE-2022-3545). - commit 8e53774 - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (git-fixes). - commit f81f58f - tracing: Replace deprecated CPU-hotplug functions (git-fixes). - Refresh patches.suse/tracing-osnoise-Fix-missed-cpus_read_unlock-in-start_per_cpu_kthreads.patch. - commit b1bca55 - tracing: kprobe: Make gen test module work in arm and riscv (git-fixes). - commit 57b2377 - tracing: kprobe: Fix kprobe event gen test module on exit (git-fixes). - commit 81447e5 - cifs: update internal module number (bsc#1193629). - commit 4202154 - cifs: fix memory leaks in session setup (bsc#1193629). - commit 5c729d0 - cifs: drop the lease for cached directories on rmdir or rename (bsc#1193629). - commit 46e0f22 - smb3: interface count displayed incorrectly (bsc#1193629). - commit e073a89 - cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1193629). - commit 7afbdb6 - cifs: set rc to -ENOENT if we can not get a dentry for the cached dir (bsc#1193629). - commit 328e60a - cifs: use LIST_HEAD() and list_move() to simplify code (bsc#1193629). - commit e5c0c94 - cifs: Fix xid leak in cifs_get_file_info_unix() (bsc#1193629). - commit a50e886 - cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1193629). - commit 45683eb - cifs: Fix xid leak in cifs_flock() (bsc#1193629). - commit d234b14 - cifs: Fix xid leak in cifs_copy_file_range() (bsc#1193629). - commit f56cd1f - cifs: Fix xid leak in cifs_create() (bsc#1193629). - commit a1d5012 - smb3: improve SMB3 change notification support (bsc#1193629). - commit 8a4313f - nilfs2: fix leak of nilfs_root in case of writer thread creation failure (CVE-2022-3646 bsc#1204646). - nilfs2: fix use-after-free bug of struct nilfs_root (CVE-2022-3649 bsc#1204647). - commit af91749 - Update patch reference for vsock fix (CVE-2022-3629 bsc#1204635) - commit 6c49703 - Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() (CVE-2022-3640 bsc#1204619). - commit 5d68cf0 - can: j1939: j1939_session_destroy(): fix memory leak of skbs (CVE-2022-3633 bsc#1204650). - commit da3122e - KVM: s390x: fix SCK locking (git-fixes). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - commit aa7345b - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: atomisp: prevent integer overflow in sh_css_set_black_frame() (git-fixes). - media: ipu3-imgu: Fix NULL pointer dereference in active selection access (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: mceusb: set timeout to at least timeout provided (git-fixes). - commit fbd2a07 ------------------------------------------------------------------ ------------------ 2022-10-22 - Oct 22 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - cpufreq: qcom: fix writes in read-only memory region (git-fixes). - cpufreq: qcom: fix memory leak in error path (git-fixes). - ACPI: extlog: Handle multiple records (git-fixes). - HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (git-fixes). - commit a940189 - ALSA: hda/realtek: Add another HP ZBook G9 model quirks (bsc#1203699). - commit 9b4cf06 ------------------------------------------------------------------ ------------------ 2022-10-21 - Oct 21 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1193629). - commit 181d702 - cifs: lease key is uninitialized in smb1 paths (bsc#1193629). - commit 395fb1f - smb3: must initialize two ACL struct fields to zero (bsc#1193629). - commit 2dfd980 - cifs: fix double-fault crash during ntlmssp (bsc#1193629). - commit 958d087 - cifs: fix static checker warning (bsc#1193629). - commit 6695ea2 - cifs: use ALIGN() and round_up() macros (bsc#1193629). - commit b4d4efd - cifs: find and use the dentry for cached non-root directories also (bsc#1193629). - commit 14482fe - cifs: enable caching of directories for which a lease is held (bsc#1193629). - commit cc4f4c4 - cifs: prevent copying past input buffer boundaries (bsc#1193629). - commit 9130844 - cifs: fix uninitialised var in smb2_compound_op() (bsc#1193629). - commit bdc0943 - cifs: improve symlink handling for smb2+ (bsc#1193629). - commit 0b6be9d - smb3: clarify multichannel warning (bsc#1193629). - commit 96b1224 - cifs: fix skipping to incorrect offset in emit_cached_dirents (bsc#1193629). - commit 6750b0a - smb3: fix oops in calculating shash_setkey (bsc#1193629). - commit fdb4064 - cifs: secmech: use shash_desc directly, remove sdesc (bsc#1193629). - commit d652300 - smb3: rename encryption/decryption TFMs (bsc#1193629). - commit 074ff14 - cifs: replace kfree() with kfree_sensitive() for sensitive data (bsc#1193629). - commit a9c83e0 - cifs: remove initialization value (bsc#1193629). - commit 650b157 - cifs: Replace a couple of one-element arrays with flexible-array members (bsc#1193629). - commit 2e6a4d1 - smb3: do not log confusing message when server returns no network interfaces (bsc#1193629). - commit fe343ed - cifs: store a pointer to a fid in the cfid structure instead of the struct (bsc#1193629). - commit 4bc719f - cifs: improve handlecaching (bsc#1193629). - commit 460040b - cifs: Make tcon contain a wrapper structure cached_fids instead of cached_fid (bsc#1193629). - commit 999f1a7 - smb3: add dynamic trace points for tree disconnect (bsc#1193629). - commit c71b282 - Fix formatting of client smbdirect RDMA logging (bsc#1193629). - commit bc2ae55 - Handle variable number of SGEs in client smbdirect send (bsc#1193629). - commit af0f632 - Reduce client smbdirect max receive segment size (bsc#1193629). - commit e36b32c - Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629). - commit 1c625b9 - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1193629). - commit 174687c - cifs: destage dirty pages before re-reading them for cache=none (bsc#1193629). - commit 9eab309 - cifs: return correct error in ->calc_signature() (bsc#1193629). - commit 0ace108 - cifs: misc: fix spelling typo in comment (bsc#1193629). - commit 0177a68 - cifs: update internal module number (bsc#1193629). - commit a83e618 - cifs: add missing spinlock around tcon refcount (bsc#1193629). - commit a915086 - cifs: always initialize struct msghdr smb_msg completely (bsc#1193629). - commit 7ba2dbe - cifs: don't send down the destination address to sendmsg for a SOCK_STREAM (bsc#1193629). - commit cc67d16 - cifs: revalidate mapping when doing direct writes (bsc#1193629). - commit 3e6da03 - cifs: fix small mempool leak in SMB2_negotiate() (bsc#1193629). - commit 9ad1214 - smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait (bsc#1193629). - commit 569211d - smb3: fix temporary data corruption in insert range (bsc#1193629). - commit 4153b9f - smb3: fix temporary data corruption in collapse range (bsc#1193629). - commit e11095d - smb3: Move the flush out of smb2_copychunk_range() into its callers (bsc#1193629). - commit 7cc3491 - cifs: Add helper function to check smb1+ server (bsc#1193629). - commit 8d3cf57 - cifs: Use help macro to get the mid header size (bsc#1193629). - commit 56cfb79 - cifs: Use help macro to get the header preamble size (bsc#1193629). - commit a32d0c7 - cifs: skip extra NULL byte in filenames (bsc#1193629). - commit 3c2966f - smb3: missing inode locks in punch hole (bsc#1193629). - commit d5ef2ce - smb3: missing inode locks in zero range (bsc#1193629). - commit 67739d5 - cifs: move from strlcpy with unused retval to strscpy (bsc#1193629). - commit 1545859 - cifs: Fix memory leak on the deferred close (bsc#1193629). - commit 0e66dd6 - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1193629). - commit e09b402 - cifs: remove unused server parameter from calc_smb_size() (bsc#1193629). - commit 3f30130 - cifs: Do not access tcon->cfids->cfid directly from is_path_accessible (bsc#1193629). - commit 7188f4f - cifs: Add constructor/destructors for tcon->cfid (bsc#1193629). - commit 7eb31f4 - SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1193629). - commit 7267460 - smb3: allow deferred close timeout to be configurable (bsc#1193629). - commit 19f7caa - cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1193629). - commit 25de0c1 - cifs: Move cached-dir functions into a separate file (bsc#1193629). - commit fc0e55e - cifs: fix lock length calculation (bsc#1193629). - commit 2661e11 - cifs: update internal module number (bsc#1193629). - commit 53f5daf - cifs: alloc_mid function should be marked as static (bsc#1193629). - commit f066ea5 - cifs: remove "cifs_" prefix from init/destroy mids functions (bsc#1193629). - commit 21e261c - cifs: remove useless DeleteMidQEntry() (bsc#1193629). - commit b684635 - cifs: when insecure legacy is disabled shrink amount of SMB1 code (bsc#1193629). - commit 96f98e3 - blacklist.conf: add an entry for IDXD that has been already fixed - commit 7531ae1 - dmaengine: idxd: force wq context cleanup on device disable path (git-fixes). - commit e06ba18 - nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() (CVE-2022-3621 bsc#1204574). - commit f8016b1 - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (bsc#1203922). - commit 1d187cf - Move upstreamed sound patches into sorted section - commit 4c058b6 - Bluetooth: L2CAP: Fix memory leak in vhci_write (CVE-2022-3619 bsc#1204569). - commit b649754 - drm/amdgpu: fix sdma doorbell init ordering on APUs (git-fixes). - net: phy: dp83822: disable MDI crossover status change interrupt (git-fixes). - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (git-fixes). - net: phy: dp83867: Extend RX strap quirk for SGMII mode (git-fixes). - ata: ahci-imx: Fix MODULE_ALIAS (git-fixes). - commit 273eb71 ++++ libarchive: - Fix CVE-2021-31566, modifies file flags of symlink target (CVE-2021-31566, bsc#1192426.patch) CVE-2021-31566.patch - Fix bsc#1192427, processing fixup entries may follow symbolic links bsc1192427.patch ++++ libtpms: - Added patches: 0001-tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch 0002-tpm2-Add-maxSize-parameter-to-TPM2B_Marshal-for-sani.patch 0003-tpm2-Restore-original-value-if-unmarsalled-value-was.patch - CVE-2021-3623: Fixed out-of-bounds access when trying to resume the state of the vTPM (bsc#1187767) ------------------------------------------------------------------ ------------------ 2022-10-20 - Oct 20 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - powerpc/64s: Fix build failure when CONFIG_PPC_64S_HASH_MMU is not set (bsc#1204413 ltc#200176). - commit 0850b12 - powerpc/pseries: Stop selecting PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). - Refresh patches.suse/powerpc-Rename-PPC_NATIVE-to-PPC_HASH_MMU_NATIVE.patch. - commit abb9ade - powerpc/64s: Make hash MMU support configurable (bsc#1204413 ltc#200176). - Refresh patches.suse/lkdtm-disable-return-thunks-in-rodata-c.patch. Update config files. - commit 5b2abcf - fuse: fix deadlock between atomic O_TRUNC and page invalidation (bsc#1204533). - commit a0e6630 - Correct JIRA reference to Impl entries (jsc#PED-833 jsc#PED-850 jsc#PED-825 jsc#PED-822 jsc#PED-846 jsc#PED-817 jsc#PED-851 jsc#PED-857 jsc#PED-842 jsc#PED-813 jsc#PED-1084 jsc#PED-1096 jsc#PED-1085 jsc#PED-1649 jsc#PED-1082 jsc#PED-856) - commit c7d3570 - powerpc/pseries/vas: Add VAS IRQ primary handler (bsc#1204413 ltc#200176). - powerpc: Ignore DSI error caused by the copy/paste instruction (bsc#1204413 ltc#200176). - powerpc/64s: Move hash MMU support code under CONFIG_PPC_64S_HASH_MMU (bsc#1204413 ltc#200176). - Refresh patches.suse/Revert-powerpc-rtas-Implement-reentrant-rtas-call.patch - Refresh patches.suse/powerpc-Add-kABI-placeholder-to-struct-pci_controlle.patch - Refresh patches.suse/powerpc-pseries-wire-up-rng-during-setup_arch.patch - powerpc: make memremap_compat_align 64s-only (bsc#1204413 ltc#200176). - powerpc/64: pcpu setup avoid reading mmu_linear_psize on 64e or radix (bsc#1204413 ltc#200176). - powerpc/64s: Rename hash_hugetlbpage.c to hugetlbpage.c (bsc#1204413 ltc#200176). - powerpc/64s: Make flush_and_reload_slb a no-op when radix is enabled (bsc#1204413 ltc#200176). - powerpc/pseries: lparcfg don't include slb_size line in radix mode (bsc#1204413 ltc#200176). - powerpc/64s: Move and rename do_bad_slb_fault as it is not hash specific (bsc#1204413 ltc#200176). - Refresh patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch - powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). Update config files. - commit da125ff ++++ kernel-firmware: - Update firmware for CS35L41 codecs (bsc#1203699): copied from https://github.com/CirrusLogic/linux-firmware ++++ protobuf: - Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941, bsc#1203681 * Add protobuf-CVE-2022-1941.patch - Fix a potential DoS issue when parsing with binary data in protobuf-java, CVE-2022-3171, bsc#1204256 * Add protobuf-CVE-2022-3171.patch - Refresh protobuf-CVE-2021-22570.patch - Backport changes from 3.16.x tree for apply recent CVE patches * Add protobuf-51026d922970e06475f005b39287963594134b96.patch * Add protobuf-6ee16a9c60e734104aeb738503fe3f411c97bd88.patch * Add protobuf-73e0d748b9acdc40b693f2879ce82ecb1a849b81.patch * Add protobuf-7bff8393cab939bfbb9b5c69b3fe76b4d83c41ee.patch * Add protobuf-4f02f056b5cea99052bfdfb6698afe47a3cf2964.patch * Add protobuf-763c3588740b97e8e80b1b1a1a2dc4f417647133.patch * Add protobuf-6c92f9dff1807c142edf6780d775b58a3b078591.patch * Add protobuf-4e93585e8bb234efeacb7737b8d080968c5ab91e.patch * Add protobuf-58d4420e2dd8a3cd354fff9db0052881c25369ce.patch - Reorganize patch set ordering ++++ rsync: - Fix --delay-updates never updates after interruption [bsc#1204538] * Added patch rsync-fix-delay-updates-never-updates-after-interruption.patch ++++ wicked: - version 0.6.70 - build: Link as Position Independent Executable (bsc#1184124) - dhcp4: Fix issues in reuse of last lease (bsc#1187655) - dhcp6: Add option to refresh lease (jsc#SLE-9492,jsc#SLE-24307) - dhcp6: Remove address before release (USGv6 DHCPv6_1_2_07b) - dhcp6: Ignore lease release status (USGv6 DHCPv6_1_2_07e,1_3_03) - dhcp6: Consider ppp interfaces supported (gh#openSUSE/wicked#924) - team: Fix to configure port priority in teamd (bsc#1200505) - firewall-ext: No config change on ifdown (bsc#1201053,bsc#118950) - wireless: Fix SEGV on supplicant restart (gh#openSUSE/wicked#931) - wireless: Add support for WPA3 and PMF (bsc#1198894) - wireless: Remove libiw dependencies (gh#openSUSE/wicked#910) - client: Fix SEGV on empty xpath results (gh#openSUSE/wicked#919) - client: Add release options to ifdown/ifreload (jsc#SLE-10249) - dbus: Clear string array before append (gh#openSUSE/wicked#913) - socket: Fix SEGV on heavy socket restart errors (bsc#1192508) - systemd: Remove systemd-udev-settle dependency (bsc#1186787) ------------------------------------------------------------------ ------------------ 2022-10-19 - Oct 19 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - r8152: Rate limit overflow messages (CVE-2022-3594 bsc#1204479). - commit a745ef5 - Update patch reference for HID fix (CVE-2022-3577 bsc#1204470) - commit 3ac3b39 ++++ libX11: - U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch * security update for CVE-2022-3554 (bsc#1204422) - U_Fix-two-memory-leaks-in-_XFreeX11XCBStructure.patch * security update for CVE-2022-3555 (bsc#1204425) ++++ permissions: - Update to version 20201225: * permissions for enlightenment helper on 32bit arches (bsc#1194047) ++++ selinux-policy: - Update to version 20221019. Refreshed: * distro_suse_to_distro_redhat.patch * fix_apache.patch * fix_chronyd.patch * fix_cron.patch * fix_init.patch * fix_kernel_sysctl.patch * fix_networkmanager.patch * fix_rpm.patch * fix_sysnetwork.patch * fix_systemd.patch * fix_systemd_watch.patch * fix_unconfined.patch * fix_unconfineduser.patch * fix_unprivuser.patch * fix_xserver.patch - Dropped fix_cockpit.patch as this is now packaged with cockpit itself - Remove the ipa module, freeip ships their own module - Added fix_alsa.patch to allow reading of config files in home directories - Extended fix_networkmanager.patch and fix_postfix.patch to account for SUSE systems - Added dontaudit_interface_kmod_tmpfs.patch to prevent AVCs when startproc queries the running processes - Updated fix_snapper.patch to allow snapper to talk to rpm via dbus ------------------------------------------------------------------ ------------------ 2022-10-18 - Oct 18 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - kcm: avoid potential race in kcm_tx_work (bsc#1204355 CVE-2022-3521). - commit 2d76ec0 - tcp/udp: Fix memory leak in ipv6_renew_options() (bsc#1204354 CVE-2022-3524). - commit f8049de - Update metadata references - commit d0bf0fb - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - commit ea6713d - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - commit 230768b - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - commit a19c478 - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - commit bc36cf4 - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - commit 40cb8e4 - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - commit a5b4ebf - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - commit 2e0386a - sch_sfb: Also store skb len before calling child enqueue (CVE-2022-3586 bsc#1204439). - sch_sfb: Don't assume the skb is still around after enqueueing to child (CVE-2022-3586 bsc#1204439). - commit 6788943 - Update patch reference for mISDN fix (CVE-2022-3565 bsc#1204431) - commit 5d0836e - cifs: fix wrong unlock before return from cifs_tree_connect() (bsc#1193629). - commit ca24a6e - cifs: avoid use of global locks for high contention data (bsc#1193629). - commit 003b496 - cifs: remove remaining build warnings (bsc#1193629). - commit 2a6d64f - cifs: list_for_each() -> list_for_each_entry() (bsc#1193629). - commit 98f1884 - smb2: small refactor in smb2_check_message() (bsc#1193629). - commit 2913774 - cifs: remove minor build warning (bsc#1193629). - commit 9dd2f9e - cifs: remove some camelCase and also some static build warnings (bsc#1193629). - commit 7a903b5 - cifs: remove unnecessary (void*) conversions (bsc#1193629). - commit 352182a - cifs: remove unnecessary type castings (bsc#1193629). - commit e2ea7fd - cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1193629). - commit 8c39800 - smb3: check xattr value length earlier (bsc#1193629). - commit 87cd516 - smb3: workaround negprot bug in some Samba servers (bsc#1193629). - commit 031af61 - cifs: remove unnecessary locking of chan_lock while freeing session (bsc#1193629). - commit 0303046 - cifs: fix race condition with delayed threads (bsc#1193629). - commit 491d550 - cifs: update cifs_ses::ip_addr after failover (bsc#1193629). - commit 9ed4aa9 - cifs: avoid deadlocks while updating iface (bsc#1193629). - commit 3a5c612 - cifs: periodically query network interfaces from server (bsc#1193629). - commit dd3e063 - cifs: during reconnect, update interface if necessary (bsc#1193629). - commit 8dea5e1 - cifs: change iface_list from array to sorted linked list (bsc#1193629). - commit 1b05ccf - smb3: use netname when available on secondary channels (bsc#1193629). - commit 6d17daa - smb3: fix empty netname context on secondary channels (bsc#1193629). - commit 51fad96 - cifs: when a channel is not found for server, log its connection id (bsc#1193629). - commit 1b306b2 - smb3: add trace point for SMB2_set_eof (bsc#1193629). - commit c6da1d3 - cifs: populate empty hostnames for extra channels (bsc#1193629). - commit f2f92b2 - cifs: return errors during session setup during reconnects (bsc#1193629). - commit d557671 - smb3: remove unneeded null check in cifs_readdir (bsc#1193629). - commit 7eaa3dc - cifs: cache the dirents for entries in a cached directory (bsc#1193629). - commit 0ddb648 - cifs: truncate the inode and mapping when we simulate fcollapse (bsc#1193629). - commit 3b07034 ++++ util-linux: - Fix file conflict during upgrade (boo#1204211). ++++ supportutils: - Added lifecycle information (issue#140) - Changes to version 3.1.21 + Added type output with df command in fs-diskio.txt (issue#141) + Gather all files in /etc/security/limits.d/ (issue#142) + Fixed KVM virtualization detection on bare metal (bsc#1184689) + Added logging using journalctl (bsc#1200330) + Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) + Added system logging configuration and checking in messages_config.txt (issue#103) + If rsyslog not installed collect more from journalctl (issue#120) + Added systemd-status.txt for the status of all service units (issue#125) + autofs includes files in (+dir:) (issue#111) + Get current sar data before collecting files (bsc#1192648) + Collects everything in /etc/multipath/ (bsc#1192252) + Collects power management information in hardware.txt (bsc#1197428) + Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) + Fixed conf_files and conf_text_files so y2log is gathered (issue#134, bsc#1202269) + Update to nvme_info and block_info #133 (bsc#1202417) + Added IO scheduler (issue#136) + Added includedir directories from /etc/sudoers (bsc#1188086) ++++ util-linux-systemd: - Fix file conflict during upgrade (boo#1204211). ------------------------------------------------------------------ ------------------ 2022-10-17 - Oct 17 2022 ------------------- ------------------------------------------------------------------ ++++ curl: - Security Fix: [bsc#1204383, CVE-2022-32221] * POST following PUT confusion * Add curl-CVE-2022-32221.patch - Security Fix: [bsc#1204386, CVE-2022-42916] * HSTS bypass via IDN * Add curl-CVE-2022-42916.patch ++++ kernel-default: - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - commit 1ad6725 - dmaengine: idxd: deprecate token sysfs attributes for read buffers (jsc#PED-679). - commit c137213 - dmaengine: idxd: change bandwidth token to read buffers (jsc#PED-679). - Refresh patches.suse/dmaengine-idxd-restore-traffic-class-defaults-after-.patch. - commit d0c1256 - i2c: i801: Add support for Intel Meteor Lake-P (jsc#PED-732). - spi: pxa2xx: Add support for Intel Meteor Lake-P (jsc#PED-732). - scsi: ufs: ufs-pci: Add support for Intel MTL (jsc#PED-732). - commit 11c983f - Update patch reference for Intel MTL-P USB patch (jsc#PED-732) - commit 4ca8c18 - pinctrl: alderlake: Fix register offsets for ADL-N variant (jsc#PED-676). - pinctrl: alderlake: Add Intel Alder Lake-N pin controller support (jsc#PED-676). - commit 5492389 - Update patch reference for Intel ADL-N eMMC patch (jsc#PED-676) - commit 4c38b45 - thunderbolt: Add support for Intel Raptor Lake (jsc#PED-634). - commit 0ec42f9 - pinctrl: alderlake: Add Raptor Lake-S ACPI ID (jsc#PED-634). - mfd: intel-lpss: Add Intel Raptor Lake PCH-S PCI IDs (jsc#PED-634). - spi: pxa2xx: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - commit 06d5787 - Update patch references for intel_th RPL-S support (jsc#PED-634) - commit 900e952 - i2c: i801: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - i2c: i801: Improve handling of chip-specific feature definitions (jsc#PED-634). - i2c: i801: Add support for Intel Ice Lake PCH-N (jsc#PED-634). - commit 46a17cc - scsi: ufs: ufs-pci: Add support for Intel ADL (jsc#PED-707). - commit 356d2a6 - thermal: int340x: Mode setting with new OS handshake (jsc#PED-678). - commit c03fef0 - thermal: int340x: Update OS policy capability handshake (jsc#PED-678). - commit 2487fcb - Update patch reference for macvlan fix (CVE-2022-3526 bsc#1204353) - commit 740e86c - rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. - commit bdc0bf7 - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - commit 7c692ec - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - commit 5521322 - arm64/bti: Disable in kernel BTI when cross section thunks are broken (git-fixes) - commit 2f51dd9 - blacklist.conf: ("arm64/mm: drop HAVE_ARCH_PFN_VALID") - commit f836660 - clk: at91: fix the build with binutils 2.27 (git-fixes). - commit a34e36d ++++ libksba: - Security fix: [bsc#1204357, CVE-2022-3515] * Detect a possible overflow directly in the TLV parser. * Add libksba-CVE-2022-3515.patch ++++ tiff: - security update: * CVE-2022-2519 [bsc#1202968] * CVE-2022-2520 [bsc#1202973] * CVE-2022-2521 [bsc#1202971] + tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch * CVE-2022-2867 [bsc#1202466] * CVE-2022-2868 [bsc#1202467] * CVE-2022-2869 [bsc#1202468] + tiff-CVE-2022-2867,CVE-2022-2868,CVE-2022-2869.patch ++++ libxml2: - Security fixes: * [CVE-2022-40303, bsc#1204366] Fix integer overflows with XML_PARSE_HUGE + Added patch libxml2-CVE-2022-40303.patch * [CVE-2022-40304, bsc#1204367] Fix dict corruption caused by entity reference cycles + Added patch libxml2-CVE-2022-40304.patch ++++ libzypp: - Do not clean up MediaSetAccess before using the geoip file (fixes #424) - version 17.31.4 (22) ++++ libxml2-python: - Security fixes: * [CVE-2022-40303, bsc#1204366] Fix integer overflows with XML_PARSE_HUGE + Added patch libxml2-CVE-2022-40303.patch * [CVE-2022-40304, bsc#1204367] Fix dict corruption caused by entity reference cycles + Added patch libxml2-CVE-2022-40304.patch ------------------------------------------------------------------ ------------------ 2022-10-16 - Oct 16 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Input: xpad - add supported devices as contributed on github (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (git-fixes). - misc: pci_endpoint_test: Aggregate params checking for xfer (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - commit 4dee064 ------------------------------------------------------------------ ------------------ 2022-10-15 - Oct 15 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: oss: Fix potential deadlock at unregistration (git-fixes). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - commit c900b4a - ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored (git-fixes). - drm/amd/pm: smu7_hwmgr: fix potential off-by-one overflow in 'performance_levels' (git-fixes). - Revert "drm/amdgpu: use dirty framebuffer helper" (git-fixes). - drm/i915/ehl: Update MOCS table for EHL (git-fixes). - commit 3ca51e4 ------------------------------------------------------------------ ------------------ 2022-10-14 - Oct 14 2022 ------------------- ------------------------------------------------------------------ ++++ drbd-utils: - bsc#1204276 remove crm-fence-peer.sh for drbd8 to avoid confusion with v9 ++++ kdump: - fix network-related dracut options handling for fadump case (bsc#1201051) - fix broken URL in manpage (bsc#1187312) - use inst_binary to install kdump-save (bsc#1202981) ++++ kernel-default: - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - openvswitch: add nf_ct_is_confirmed check before assigning the helper (git-fixes). - selftests: netfilter: Fix nft_fib.sh for all.rp_filter=1 (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: cfg80211: fix ieee80211_data_to_8023_exthdr handling of small packets (git-fixes). - wifi: mac80211: fix decap offload for stations on AP_VLAN interfaces (git-fixes). - wifi: mac80211: fix probe req HE capabilities access (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - macvlan: enforce a consistent minimal mtu (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - watchdog/hpwdt: Include nmi.h only if CONFIG_HPWDT_NMI_DECODING (git-fixes). - commit cb006e7 - Drop a incorrectly doubly applied WiFi fix patch - commit 9d35b83 - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: cfg80211/mac80211: reject bad MBSSID elements (git-fixes). - commit b28d368 - Move upstramed WiFi fix patches into sorted section - commit bef1692 ++++ libzypp: - Improve download of optional files (fixes #416) - Do not use geoip rewrites if the repo has explicit country settings. - Implement geoIP feature for zypp. This patch adds a feature to rewrite request URLs to the repo servers by querying a geoIP file from download.opensuse.org. This file can return a redirection target depending on the clients IP adress, this way we can directly contact a local mirror of d.o.o instead. The redir target stays valid for 24hrs. This feature can be disabled in zypp.conf by setting 'download.use_geoip_mirror = false'. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - version 17.31.3 (22) ------------------------------------------------------------------ ------------------ 2022-10-13 - Oct 13 2022 ------------------- ------------------------------------------------------------------ ++++ dbus-1: - Fix a potential crash that could be triggered by an invalid signature. (CVE-2022-42010, bsc#1204111) * fix-upstream-CVE-2022-42010.patch - Fix an out of bounds read caused by a fixed length array (CVE-2022-42011, bsc#1204112) * fix-upstream-CVE-2022-42011.patch - A message in non-native endianness with out-of-band Unix file descriptors would cause a use-after-free and possible memory corruption CVE-2022-42012, bsc#1204113) * fix-upstream-CVE-2022-42012.patch - Disable asserts (bsc#1087072) - Refreshed patches * fix-upstream-CVE-2020-35512.patch ++++ dbus-1-x11: - Fix a potential crash that could be triggered by an invalid signature. (CVE-2022-42010, bsc#1204111) * fix-upstream-CVE-2022-42010.patch - Fix an out of bounds read caused by a fixed length array (CVE-2022-42011, bsc#1204112) * fix-upstream-CVE-2022-42011.patch - A message in non-native endianness with out-of-band Unix file descriptors would cause a use-after-free and possible memory corruption CVE-2022-42012, bsc#1204113) * fix-upstream-CVE-2022-42012.patch - Disable asserts (bsc#1087072) - Refreshed patches * fix-upstream-CVE-2020-35512.patch ++++ hwdata: - update to 0.363: + Updated pci, usb and vendor ids. ++++ kernel-default: - clk: bcm: rpi: Add support for VEC clock (bsc#1196632) - commit 188fe72 - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - commit 66b047b - clk: bcm2835: Round UART input clock up (bsc#1188238) - commit f465b19 - ALSA: hda/hdmi: Fix the converter allocation for the silent stream (git-fixes). - ALSA: hda/hdmi: change type for the 'assigned' variable (git-fixes). - commit 6c73200 - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - docs: update mediator information in CoC docs (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - drm/amd/display: skip audio setup when audio stream is enabled (git-fixes). - drm/amd/display: update gamut remap if plane has changed (git-fixes). - drm/amd/display: Assume an LTTPR is always present on fixed_vs links (git-fixes). - drm/amd/display: Fix double cursor on non-video RGB MPO (git-fixes). - ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: arm_scmi: Harden accesses to the sensor domains (git-fixes). - firmware: arm_scmi: Improve checks in the info_get operations (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling (git-fixes). - ALSA: hda/hdmi: Fix the converter reuse for the silent stream (git-fixes). - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - commit 07f5789 - Drop TI clk patch that has been reverted in 5.15.y stable - commit bfab74f - Updated metadata references for bsc#1200788 CVE-2022-2153: Updated patches (from Juergen Gross) - patches.suse/KVM-x86-Avoid-theoretical-NULL-pointer-dereference-i.patch - patches.suse/KVM-x86-Check-lapic_in_kernel-before-attempting-to-s.patch - patches.suse/KVM-x86-Forbid-VMM-to-set-SYNIC-STIMER-MSRs-when-Syn.patch - commit e9364fc ------------------------------------------------------------------ ------------------ 2022-10-12 - Oct 12 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - thunderbolt: Fix buffer allocation of devices with no DisplayPort adapters (git-fixes). - commit 2534904 - fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-2978 bsc#1202700). - commit e1802d7 - thunderbolt: Add missing device ID to tb_switch_is_alpine_ridge() (git-fixes). - commit 9447425 - thunderbolt: Disable LTTPR on Intel Titan Ridge (git-fixes). - commit 9dce26f - usb/hcd: Fix dma_map_sg error check (git-fixes). - commit 82f7672 - kabi/severities: ignore CS35L41-specific exports (bsc#1203699) - commit 9f486fe - ALSA: hda: cs35l41: Support System Suspend (bsc#1203699). - ALSA: hda: cs35l41: Remove suspend/resume hda hooks (bsc#1203699). - ALSA: hda/cs_dsp_ctl: Fix mutex inversion when creating controls (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Ensure pwr_lock is held before reading/writing controls (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Minor clean and redundant code removal (bsc#1203699). - commit 54175bd - PCI: mediatek-gen3: Change driver name to mtk-pcie-gen3 (git-fixes). - dt-bindings: PCI: microchip,pcie-host: fix missing dma-ranges (git-fixes). - dt-bindings: PCI: microchip,pcie-host: fix missing clocks properties (git-fixes). - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - PCI/ASPM: Correct LTR_L1.2_THRESHOLD computation (git-fixes). - PCI/ASPM: Ignore L1 PM Substates if device lacks capability (git-fixes). - i2c: designware: Fix handling of real but unexpected device interrupts (git-fixes). - pinctrl: microchip-sgpio: Correct the fwnode_irq_get() return value check (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - Input: i8042 - fix refount leak on sparc (git-fixes). - Input: synaptics-rmi4 - fix firmware update operations with bootloader v8 (git-fixes). - Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - commit 6628947 - Add cherry-picked ID for AMDGPU patch - commit 005b431 ++++ mozilla-nss: - Add nss-allow-slow-tests.patch, which allows a timed test to run longer than 1s. This avoids turning slow builds into broken builds. ++++ openSUSE-repos-LeapMicro: - Update to version 20221012.1c71da6: * Remove trailing endif - Update to version 20221012.07c2eae: * MicroOS should builds on Factory version only - Update to version 20221012.ea3218c: * Ensure that MicroOS flavor is not build on Leap - Update to version 20221012.c4167e1: * fix broken spec * Remove unwanted second spec * Rebase MicroOS on top of single-spec setup * Initial MicroOS flavor based on TW ++++ timezone: - timezone update 2022e (bsc#1177460): * Jordan and Syria switch from +02/+03 with DST to year-round +03 - timezone update 2022d: * Palestine transitions are now Saturdays at 02:00 * Simplify three Ukraine zones into one - timezone update 2022c: * Work around awk bug * Improve tzselect on intercontinental Zones - timezone update 2022b: * Chile's DST is delayed by a week in September 2022 boo#1202324 * Iran no longer observes DST after 2022 * Rename Europe/Kiev to Europe/Kyiv * New zic -R option * Vanguard form now uses %z * Finish moving duplicate-since-1970 zones to 'backzone' - Refresh tzdata-china.diff - Remove upstreamed bsc1202310.patch ------------------------------------------------------------------ ------------------ 2022-10-11 - Oct 11 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - octeontx2-pf: cn10k: Fix egress ratelimit configuration (git-fixes). - commit dfc0a0a - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (git-fixes). - commit cc0874b - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (git-fixes). - commit 6750e0f - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (git-fixes). - commit 6f3b54a - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy (git-fixes). - commit afc53c0 - iavf: Fix handling of dummy receive descriptors (git-fixes). - commit e9bd3c0 - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (git-fixes). - commit 155ccd4 - net: dsa: sja1105: silent spi_device_id warnings (git-fixes). - commit ee0b547 - net: stmmac: remove redunctant disable xPCS EEE call (git-fixes). - commit 9493b1a - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git-fixes). - commit 53fbc66 - net: stmmac: fix dma queue left shift overflow issue (git-fixes). - commit 1deb58f - net: dsa: microchip: ksz_common: Fix refcount leak bug (git-fixes). - commit c46e25b - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (git-fixes). - commit dff326f - net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (git-fixes). - commit e347cfb - ip: Fix data-races around sysctl_ip_fwd_update_priority (git-fixes). - commit 4ea8f18 - sfc: fix kernel panic when creating VF (git-fixes). - commit 33eba8c - sfc: fix use after free when disabling sriov (git-fixes). - commit 2fa14d7 - net: stmmac: fix leaks in probe (git-fixes). - commit 97831ef - KVM: x86: Register perf callbacks after calling vendor's hardware_setup() (git-fixes). - Refresh patches.suse/KVM-x86-Register-Processor-Trace-interrupt-hook-iff-.patch. - commit 871c62a - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - commit 31ce443 - KVM: VMX: Inject #PF on ENCLS as "emulated" #PF (git-fixes). - commit cc0ea0c - usb: ehci: Fix a function name in comments (git-fixes). - commit 610087d - KVM: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled (git-fixes). - commit 93cdb54 - net: ftgmac100: Hold reference returned by of_get_child_by_name() (git-fixes). - commit 0961942 - bnxt_en: Fix bnxt_refclk_read() (git-fixes). - commit 4187bc1 - bnxt_en: fix livepatch query (git-fixes). - commit cc62415 - bnxt_en: Fix bnxt_reinit_after_abort() code path (git-fixes). - commit e387d75 - bnxt_en: reclaim max resources if sriov enable fails (git-fixes). - commit 9161aa5 - net/mlx5e: Ring the TX doorbell on DMA errors (git-fixes). - commit 7fdc3a9 - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (git-fixes). - commit 5e19505 - KVM: x86: do not report preemption if the steal time cache is stale (git-fixes). - commit c293d6b - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (git-fixes). - commit 385f6b7 - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (git-fixes). - commit 368984e - can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (git-fixes). - commit 809cb98 - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - dt-bindings: crypto: ti,sa2ul: drop dma-coherent property (git-fixes). - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (git-fixes). - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: marvell/octeontx - prevent integer overflows (git-fixes). - crypto: inside-secure - Replace generic aes with libaes (git-fixes). - Revert "crypto: qat - reduce size of mapped region" (git-fixes). - crypto: inside-secure - Change swab to swab32 (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: qat - fix default value of WDT timer (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - crypto: sahara - don't sleep when in softirq (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.1 (git-fixes). - drm/i915: Reject unsupported TMDS rates on ICL+ (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.0 (git-fixes). - drm/amd/display: Correct MPC split policy for DCN301 (git-fixes). - commit 353fbde ++++ permissions: - Update to version 20201225: * fix regression introduced by backport of security fix (bsc#1203911) ------------------------------------------------------------------ ------------------ 2022-10-10 - Oct 10 2022 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.302.gc7aee2dc: * fix(dmsquash-live): correct regression introduced with shellcheck changes (bsc#1203894) * fix(systemd): add missing modprobe@.service (bsc#1203749) * fix(i18n): do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267) ++++ kernel-default: - Update patches.suse/mm-rmap-Fix-anon_vma-degree-ambiguity-leading-to-double-reuse.patch (CVE-2022-42703, bsc#1204168, git-fixes, bsc#1203098). - commit fef8e31 - blacklist.conf: 30ea703a38ef x86/cpu: Include the header of init_ia32_feat_ctl()'s prototype - commit fdb1f20 - misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os (CVE-2022-3424 bsc#1204166). - commit bbc730f - wifi: mac80211: fix crash in beacon protection for P2P-device (CVE-2022-42722 bsc#1204125). - commit 38da0b9 - wifi: mac80211: fix MBSSID parsing use-after-free (CVE-2022-42719 bsc#1204051). - commit bab6e58 - mac80211: fix memory leaks with element parsing (CVE-2022-42719 bsc#1204051). - commit f9a2be2 - wifi: mac80211: refactor elements parsing with parameter struct (CVE-2022-42719 bsc#1204051). - mac80211: always allocate struct ieee802_11_elems (CVE-2022-42719 bsc#1204051). - mac80211: mlme: find auth challenge directly (CVE-2022-42719 bsc#1204051). - mac80211: move CRC into struct ieee802_11_elems (CVE-2022-42719 bsc#1204051). - commit b28a982 - ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference (bsc#1204171 CVE-2022-3435). - commit 1b0c1c8 - selftests: net: fix nexthop warning cleanup double ip typo (bsc#1204171 CVE-2022-3435). - commit e3962a5 - selftests: net: add delete nexthop route warning test (bsc#1204171 CVE-2022-3435). - commit 85deab0 - wifi: cfg80211: avoid nontransmitted BSS list corruption (CVE-2022-42721 bsc#1204060). - wifi: cfg80211: fix BSS refcounting bugs (CVE-2022-42720 bsc#1204059). - commit 82311e4 - net: ipv4: fix route with nexthop object delete warning (bsc#1204171 CVE-2022-3435). - commit a94edc1 - Update metadata references - commit 61773f9 - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - commit 1eff3d6 - Revert "SUNRPC: Remove unreachable error condition" (git-fixes). - NFS: Fix another fsync() issue after a server reboot (git-fixes). - NFSv4: Fixes for nfs4_inode_return_delegation() (git-fixes). - commit 80742b5 - blacklist.conf: and unwanted md patches - commit 96bda12 ++++ systemd: - Add 1012-man-describe-the-net-naming-schemes-specific-to-SLE.patch (bsc#1204179) - Make "sle15-sp3" net naming scheme still available for backward compatibility reason ++++ zlib: - Fix bsc#1203652, inflate() does not update strm.adler if DFLTCC is used * bsc1203652.patch ++++ python3-ec2metadata: - Update to version 4.0.0 (bsc#1204066) + Disambiguate cli options for duplicate endpoints. This is an incompatible change for some API versions of IMDS. When a duplicate endpoint is detected the cli option for both endpoints is expanded to a unique name. ------------------------------------------------------------------ ------------------ 2022-10-9 - Oct 9 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: stex: Properly zero out the passthrough command structure (bsc#1203514 CVE-2022-40768). - commit f2b2e4a - ALSA: hda: Fix position reporting on Poulsbo (git-fixes). - ALSA: usb-audio: Fix potential memory leaks (git-fixes). - ALSA: usb-audio: Fix NULL dererence at error path (git-fixes). - commit 6c7f2c9 - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - commit 3c6ffc4 - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - virt: vbox: convert to use dev_groups (git-fixes). - usb: mtu3: fix failed runtime suspend in host only mode (git-fixes). - Revert "usb: storage: Add quirk for Samsung Fit flash" (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - xhci: Don't show warning for reinit on known broken suspend (git-fixes). - xhci: dbc: Fix memory leak in xhci_alloc_dbc() (git-fixes). - commit 4feb234 - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - USB: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - usb: common: debug: Check non-standard control requests (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - thunderbolt: Explicitly reset plug events delay back to USB4 spec value (git-fixes). - commit d8ee195 - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - Refresh patches.suse/soc-sunxi-sram-Prevent-the-driver-from-being-unbound.patch. - commit a85e811 - spmi: pmic-arb: correct duplicate APID to PPID mapping logic (git-fixes). - spmi: pmic-arb: do not ack and clear peripheral interrupts in cleanup_irq (git-fixes). - slimbus: qcom-ngd: cleanup in probe error path (git-fixes). - slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Fix probe function ordering issues (git-fixes). - commit 3e1f43f - serial: 8250: Fix restoring termios speed after suspend (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - remoteproc: imx_rproc: Simplify some error message (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - commit a448666 - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - mtd: rawnand: fsl_elbc: Fix none ECC mode (git-fixes). - mtd: rawnand: intel: Don't re-define NAND_DATA_IFACE_CHECK_ONLY (git-fixes). - mtd: rawnand: intel: Remove undocumented compatible string (git-fixes). - mtd: rawnand: intel: Read the chip-select line from the correct OF node (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - platform/x86: asus-wmi: Document the panel_od sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the egpu_enable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute (git-fixes). - platform/chrome: cros_ec_typec: Correct alt mode index (git-fixes). - platform/chrome: fix memory corruption in ioctl (git-fixes). - platform/chrome: fix double-free in chromeos_laptop_prepare() (git-fixes). - platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - commit b26b1a7 - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - mailbox: mpfs: account for mbox offsets while sending (git-fixes). - mailbox: mpfs: fix handling of the reg property (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - mfd: fsl-imx25: Fix check for platform_get_irq() errors (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (git-fixes). - media: uvcvideo: Fix memory leak in uvc_gpio_parse (git-fixes). - media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (git-fixes). - media: cedrus: Fix endless loop in cedrus_h265_skip_bits() (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args() (git-fixes). - commit f4e8a30 - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: ltc2497: Fix reading conversion results (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: magnetometer: yas530: Change data type of hard_offsets to signed (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - commit b02859c - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - dt-bindings: phy: qcom,qmp-usb3-dp: fix bogus clock-cells property (git-fixes). - dt-bindings: phy: qcom,qmp: fix bogus clock-cells property (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix maximum chip select value (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix compatible string (git-fixes). - HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - HID: multitouch: Add memory barriers (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (git-fixes). - drm/msm/dp: Silence inconsistent indent warning (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - dt-bindings: display/msm: dpu-sdm845: add missing DPU opp-table (git-fixes). - dt-bindings: display/msm: dpu-sc7180: add missing DPU opp-table (git-fixes). - commit 71c6639 - drm/scheduler: quieten kernel-doc warnings (git-fixes). - commit 95b96ec - drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - commit f6c9019 - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: baikal-t1: Add SATA internal ref clock buffer (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: mxs: use platform_driver_register (git-fixes). - dmaengine: hisilicon: Add multi-thread support for a DMA channel (git-fixes). - dmaengine: hisilicon: Fix CQ head update (git-fixes). - dmaengine: hisilicon: Disable channels when unregister hisi_dma (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - commit 89292ab - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (git-fixes). - clk: baikal-t1: Fix invalid xGMAC PTP clock divider (git-fixes). - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (git-fixes). - clk: imx: scu: fix memleak on platform_device_add() fails (git-fixes). - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: ast2600: BCLK comes from EPLL (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - commit c248e05 - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: sprd: Hold reference returned by of_get_parent() (git-fixes). - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: meson: Hold reference returned by of_get_parent() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - ASoC: codecs: tx-macro: fix kcontrol put (git-fixes). - ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() (git-fixes). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - ASoC: wm_adsp: Handle optional legacy support (git-fixes). - commit 8f6277f - Move upstreamed DRM, NVMe and sound patches into sorted section - commit 48ff6f0 - arm64: ftrace: fix module PLTs with mcount (git-fixes). - ARM: Drop CMDLINE_* dependency on ATAGS (git-fixes). - ARM: dts: exynos: fix polarity of VBUS GPIO of Origen (git-fixes). - ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family (git-fixes). - ARM: dts: turris-omnia: Add label for wan port (git-fixes). - ARM: dts: armada-38x: Add gpio-ranges for pin muxing (git-fixes). - ARM: dts: kirkwood: lsxl: remove first ethernet port (git-fixes). - ARM: dts: kirkwood: lsxl: fix serial line (git-fixes). - ARM: dts: turris-omnia: Fix mpp26 pin name and comment (git-fixes). - arm64: dts: qcom: sc7280: Cleanup the lpasscc node (git-fixes). - arm64: dts: ti: k3-j7200: fix main pinmux range (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (git-fixes). - ARM: defconfig: drop CONFIG_USB_FSL_USB2 (git-fixes). - ARM: defconfig: drop CONFIG_PTP_1588_CLOCK=y (git-fixes). - ARM: defconfig: drop CONFIG_SERIAL_OMAP references (git-fixes). - ARM: defconfig: clean up multi_v4t and multi_v5 configs (git-fixes). - ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes). - ASoC: tas2764: Fix mute/unmute (git-fixes). - ASoC: tas2764: Drop conflicting set_bias_level power setting (git-fixes). - ASoC: tas2764: Allow mono streams (git-fixes). - ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - ASoC: mt6359: fix tests for platform_get_irq() failure (git-fixes). - ALSA: hda/hdmi: Don't skip notification handling during PM operation (git-fixes). - ALSA: dmaengine: increment buffer pointer atomically (git-fixes). - ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - ARM: dts: integrator: Tag PCI host with device_type (git-fixes). - commit 5a02ba2 ------------------------------------------------------------------ ------------------ 2022-10-8 - Oct 8 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - i40e: Fix dropped jumbo frames statistics (git-fixes). - commit b407b7d - net: bonding: fix use-after-free after 802.3ad slave unbind (git-fixes). - commit 05b9579 - net: bonding: fix possible NULL deref in rlb code (git-fixes). - commit 8542934 - net: dp83822: disable rx error interrupt (git-fixes). - commit f74888c - net: dp83822: disable false carrier interrupt (git-fixes). - commit ba1cc16 - net: dsa: bcm_sf2: force pause link settings (git-fixes). - commit 5258d4a - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (git-fixes). - commit 29e4721 - ice: Fix switchdev rules book keeping (git-fixes). - commit 5c21799 - igb: Make DMA faster when CPU is active on the PCIe link (git-fixes). - commit db90cd9 - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (git-fixes). - commit da7ba2e - igb: fix a use-after-free issue in igb_clean_tx_ring (git-fixes). - commit 12acd2f - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (git-fixes). - commit 547f6a9 - mlxsw: spectrum_cnt: Reorder counter pools (git-fixes). - commit f2c7808 - net: hns3: don't push link state to VF if unalive (git-fixes). - commit 7f6680c - net: hns3: set port base vlan tbl_sta to false before removing old vlan (git-fixes). - commit 8c8d58b - i40e: Fix call trace in setup_tx_descriptors (git-fixes). - commit 7d70f11 - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes). - commit 6a72a8e - ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes). - commit ddb5b75 - net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete (git-fixes). - commit b8286fc - net: altera: Fix refcount leak in altera_tse_mdio_create (git-fixes). - commit e80ff1b - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - commit a76859c - net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (git-fixes). - commit 04259d9 - stmmac: intel: Fix an error handling path in intel_eth_pci_probe() (git-fixes). - commit fed21d9 - net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register (git-fixes). - commit 2227ee5 - net: bgmac: support MDIO described in DT (git-fixes). - commit bf1f5f9 ------------------------------------------------------------------ ------------------ 2022-10-7 - Oct 7 2022 ------------------- ------------------------------------------------------------------ ++++ gnutls: - FIPS: Set error state when jent init failed in FIPS mode [bsc#1202146] * Add patch gnutls-FIPS-Set-error-state-when-jent-init-failed.patch ++++ kernel-default: - drm/nouveau: wait for the exclusive fence after the shared ones v2 (bsc#1152472) Backporting notes: * context changes - commit 0261ec2 - drm/amd/display: Changed pipe split policy to allow for multi-display (bsc#1152472) Backporting notes: * remove changes to non-existing 201 and 31 directories - commit e6a9bdd - drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ (bsc#1152472) Backporting notes: * replace IP_VERSION() with CHIP_ constants - commit d27747b - blacklist.conf: Append 'drm/bridge: Add stubs for devm_drm_of_get_bridge when OF is disabled' - commit e1d0d55 - blacklist.conf: Append 'drm/amd/display: Fix wrong format specifier in amdgpu_dm.c' - commit debed4c - blacklist.conf: Append 'drm/amdgpu: Fix resource leak on probe error path' - commit 116f3cc - drm/amdgpu/gfx10: add wraparound gpu counter check for APUs as well (bsc#1152472) Backporting notes: * also fix default branch - commit 0bf8eb3 - drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 (bsc#1152489) Backporting notes: * update additional patch on top - commit 1550ef2 - Update patches.suse/ACPI-processor-idle-Practically-limit-Dummy-wait-wor.patch (bsc#1203767,bsc#1203802). - commit c6ebacb ++++ libvirt: - apparmor: Fix QEMU access for UEFI variable files 7aec69b7-apparmor-Fix-QEMU-access-for-UEFI.patch boo#1203976 ++++ openSUSE-repos-LeapMicro: - Update to version 20221007.638a03b: * Packaging: set default package name as openSUSE-repos for non-flavour - Update to version 20221007.0e44106: * Packaging: made it to be real multibuild ++++ ovmf: - Add patches to fix detection issue of NVME controller (bsc#1203825) - ovmf-MdeModulePkg-NvmExpressDxe-fix-check-for-Cap.Css.patch - ovmf-MdeModulePkg-NvmExpressPei-fix-check-for-NVM-command.patch ++++ suseconnect-ng: - Update to version 0.0.10~git2.ee561b8: * Drop .git from tar ------------------------------------------------------------------ ------------------ 2022-10-6 - Oct 6 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - nvme: ensure subsystem reset is single threaded (bsc#1203290 CVE-2022-3169). - commit f73d666 - nvme: restrict management ioctls to admin (bsc#1203290 CVE-2022-3169). - commit c28a770 - net/mlx5e: Update netdev features after changing XDP state (git-fixes). - commit 5d7478c - net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (git-fixes). - commit 92e1426 - hinic: Avoid some over memory allocation (git-fixes). - commit 41f381d - net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc() (git-fixes). - commit b92d6d0 - net: chelsio: cxgb4: Avoid potential negative array offset (git-fixes). - commit 4cc759d - net/mlx5e: TC, fix decap fallback to uplink when int port not supported (git-fixes). - commit 35c9b8d - net: dsa: ksz9477: port mirror sniffing limited to one port (git-fixes). - commit 9996ff6 - nvme: don't print verbose errors for internal passthrough requests (bsc#1202187). - commit eaa4989 - blacklist.conf: update the list - commit 78eff9b - s390/smp: enforce lowcore protection on CPU restart (git-fixes). - KVM: s390: pv: don't present the ecall interrupt twice (bsc#1203229 LTC#199905). - commit aed7a32 ++++ ceph: - Update to 16.2.9-539-gea74dd900cd: + (bsc#1202292) ceph.spec.in: Add -DFMT_DEPRECATED_OSTREAM to CXXFLAGS ++++ net-snmp: - update to 5.9.3 (bsc#1201103, jsc#SLE-11203): - security: - These two CVEs can be exploited by a user with read-only credentials: - CVE-2022-24805 A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. - These CVEs can be exploited by a user with read-write credentials: - CVE-2022-24806 Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously - CVE-2022-24807 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808 A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. - Fixed library versioning bug found in 5.9.2. - Library version change to libsnmp40. - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. - Fixed python2 backward compability. add: * net-snmp-5.9.3-fixed-python2-bindings.patch - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. - Change to use systemd service files directly from net-snmp package. add: * net-snmp-5.9.1-suse-systemd-service-files.patch * net-snmp-5.9.1-harden_snmpd.service.patch * net-snmp-5.9.1-harden_snmptrapd.service.patch remove: * snmpd.service * snmptrapd.service * harden_snmpd.service.patch * harden_snmptrapd.service.patch - Refactor and remove obsolete patches to work with version number 5.9.3: add: * net-snmp-5.9.3-pie.patch * net-snmp-5.9.3-fix-create-v3-user-outfile.patch * net-snmp-5.9.1-add-lustre-fs-support.patch * net-snmp-5.9.1-fix-Makefile.PL.patch * net-snmp-5.9.1-modern-rpm-api.patch * net-snmp-5.9.1-net-snmp-config-headercheck.patch * net-snmp-5.9.1-perl-tk-warning.patch * net-snmp-5.9.1-snmpstatus-suppress-output.patch * net-snmp-5.9.1-socket-path.patch * net-snmp-5.9.1-subagent-set-response.patch * net-snmp-5.9.1-testing-empty-arptable.patch * net-snmp-5.9.1-velocity-mib.patch remove: * net-snmp-5.9.1-pie.patch * net-snmp-5.9.1-fix-create-v3-user-outfile.patch * net-snmp-5.7.3-add-lustre-fs-support.patch * net-snmp-5.7.3-Fix-Makefile.PL.patch * net-snmp-5.7.3-modern-rpm-api.patch * net-snmp-5.7.3-net-snmp-config-headercheck.patch * net-snmp-5.7.3-perl-tk-warning.patch * net-snmp-5.7.3-snmpstatus-suppress-output.patch * net-snmp-5.7.3-socket-path.patch * net-snmp-5.7.3-subagent-set-response.patch * net-snmp-5.7.3-testing-empty-arptable.patch * net-snmp-5.7.3-velocity-mib.patch * net-snmp-5.7.3-fix-create-v3-user-outfile.patch * net-snmp-5.7.3-pie.patch * net-snmp-4.7.2-systemd.patch * net-snmp-5.7.3-build-with-openssl-1.1.patch * net-snmp-5.7.3-fix-agentx-freezing-on-timeout.patch * net-snmp-5.7.3-fix-missing-mib-hrStorage-indexes.patch * net-snmp-5.7.3-fix-snmpd-crashing-when-an-agentx-disconnects.patch * net-snmp-5.7.3-fix-snmp_pdu_parse-incomplete.patch * net-snmp-5.7.3-fix-subagent-data-corruption.patch * net-snmp-5.7.3-helpers-table-skip-if-next-handler-called.patch * net-snmp-5.7.3-host-mib-skip-autofs-entries.patch * net-snmp-5.7.3-make-extended-mib-read-only.patch * net-snmp-5.7.3-netgroups.patch * net-snmp-5.7.3-Remove-U64-typedef.patch * net-snmp-5.7.3-snmptrapd-add-forwarder-info.patch * net-snmp-5.7.3-swintst_rpm-Protect-against-unspecified-Group-name.patch * net-snmp-5.7.3-ucd-snmp-mib-add-64-bit-mem-obj.patch * net-snmp-python3.patch ++++ rsync: - Add support for --trust-sender parameter (patch by Jie Gong in bsc#1202970). (related to CVE-2022-29154, bsc#1201840) * Added patch rsync-CVE-2022-29154-trust-sender-1.patch * Added patch rsync-CVE-2022-29154-trust-sender-2.patch ------------------------------------------------------------------ ------------------ 2022-10-5 - Oct 5 2022 ------------------- ------------------------------------------------------------------ ++++ gnutls: - FIPS: Make XTS key check failure not fatal [bsc#1203779] * Add gnutls-Make-XTS-key-check-failure-not-fatal.patch ++++ kernel-default: - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment. - commit 20a025b - Clean up kernel-config settings via run_oldconfig.sh Invoke run_oldconfig.sh to clean the kernel-config settings from unset symbols. Otherwise these settings interfere with actual config changes. - commit 8a799ae - blacklist.conf: not relevant in our configurations - commit 586058b - media: imx-jpeg: Disable slot interrupt when frame done (git-fixes). - commit 36d622f - media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes). - commit e2ddfcf - media: imx-jpeg: Fix potential array out of bounds in queue_setup (git-fixes). - commit 8041860 - media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes). - commit d514aa5 - x86/ibt,ftrace: Make function-graph play nice (bsc#1203969). - commit c020446 - media: imx-jpeg: Leave a blank space before the configuration data (git-fixes). - commit a2d45c7 - blacklist.conf: Append 'sysfb: Enable boot time VESA graphic mode selection' - commit b93ba64 - media: imx-jpeg: Correct some definition according specification (git-fixes). - commit bdf4126 - blacklist.conf: not relevant in our configurations - commit 8171bfe - media: vsp1: Fix offset calculation for plane cropping. - commit dc309b5 - media: exynos4-is: Change clk_disable to clk_disable_unprepare (git-fixes). - commit 332ca3f - media: st-delta: Fix PM disable depth imbalance in delta_probe (git-fixes). - commit 30518b0 - media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe (git-fixes). - commit f62e31e - media: aspeed: Fix an error handling path in aspeed_video_probe() (git-fixes). - commit c014d5c - media: coda: Add more H264 levels for CODA960 (git-fixes). - commit 75d6462 - media: coda: Fix reported H264 profile (git-fixes). - commit 1533555 - Revert "constraints: increase disk space for all architectures" (bsc#1203693). This reverts commit 43a9011f904bc7328d38dc340f5e71aecb6b19ca. - commit 3d33373 - blacklist.conf: Append 'fbdev: Hot-unplug firmware fb devices on forced removal' - commit 0b6410b - blacklist.conf: Append 'Revert "fbdev: fbmem: add a helper to determine if an aperture is used by a fw fb"' - commit b1ae504 - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes). - wifi: mt76: mt7915: do not check state before configuring implicit beamform (git-fixes). - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload (git-fixes). - wifi: mt76: sdio: fix transmitting packet hangs (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes). - commit 3bb5d97 - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes). - spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - net: wwan: iosm: Call mutex_init before locking it (git-fixes). - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (git-fixes). - net: thunderbolt: Enable DMA paths only after rings are enabled (git-fixes). - commit e714654 - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller (git-fixes). - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes). - i2c: mlxbf: support lock mechanism (git-fixes). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - eth: alx: take rtnl_lock on resume (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure (git-fixes). - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend (git-fixes). - can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes). - commit ac7ee01 ++++ openssl-1_1: - FIPS: OpenSSL service-level indicator - Allow AES XTS 256 [bsc#1190651] * Add patches: openssl-1_1-ossl-sli-004-allow-aes-xts-256.patch ++++ libzypp: - Resolver: Fix missing --[no]-recommends initialization in update (fixes #openSUSE/zypper#459, bsc#1201972) - Log ONLY_NAMESPACE_RECOMMENDED because this is what corresponds to --[no]-recommends. - version 17.31.2 (22) ++++ zypper: - BuildRequires: libzypp-devel >= 17.31.2. - Fix --[no]-allow-vendor-change feedback in install command (bsc#1201972) - version 1.14.57 ------------------------------------------------------------------ ------------------ 2022-10-4 - Oct 4 2022 ------------------- ------------------------------------------------------------------ ++++ grub2: - Add patches for automatic TPM disk unlock (jsc#SLE-24018) (bsc#1196668) (jsc#PED-1276) * 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch * 0002-cryptodisk-Refactor-to-discard-have_it-global.patch * 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch * 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch * 0005-cryptodisk-Improve-cryptomount-u-error-message.patch * 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch * 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch * 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch * 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch * 0010-protectors-Add-key-protectors-framework.patch * 0011-tpm2-Add-TPM-Software-Stack-TSS.patch * 0012-protectors-Add-TPM2-Key-Protector.patch * 0013-cryptodisk-Support-key-protectors.patch * 0014-util-grub-protect-Add-new-tool.patch - Fix no disk unlocking happen (bsc#1196668) * 0001-crytodisk-fix-cryptodisk-module-looking-up.patch - Fix build error * fix-tpm2-build.patch ++++ kernel-default: - blacklist.conf: df5b035b5683 x86/cacheinfo: Add a cpu_llc_shared_mask() UP variant - commit bc73e4e - blacklist.conf: 00da0cb385d0 Documentation/ABI: Mention retbleed vulnerability info file for sysfs - commit 4726e8f - Drop the ACPI patch temporarily as it causes a regression (bsc#1203794) Delete patches.suse/ACPI-resource-skip-IRQ-override-on-AMD-Zen-platforms.patch - commit 8842ef4 - fbcon: Fix accelerated fbdev scrolling while logo is still shown (bsc#1152472) - commit 7656242 - parisc/stifb: Fix fb_is_primary_device() only available with (bsc#1152489) - commit dee3343 - parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489) - commit daa8575 - parisc/stifb: Implement fb_is_primary_device() (bsc#1152489) - commit f86cf76 - fbcon: Add option to enable legacy hardware acceleration (bsc#1152472) Backporting changes: * context fixes in other patch * update config - commit 68203bf - parisc/sticon: fix reverse colors (bsc#1152489) - commit f94c66b - char: pcmcia: synclink_cs: Fix use-after-free in mgslpc_ops (CVE-2022-41848 bsc#1203987). - commit a144c48 - fbdev: smscufx: Fix use-after-free in ufx_ops_open() (CVE-2022-41849 bsc#1203992). - commit db3bfe7 ++++ protobuf: - Fix potential Denial of Service in protobuf-java in the parsing procedure for binary data, CVE-2021-22569, bsc#1194530 * Add protobuf-improve-performance-of-parsing-unknown-fields-in-Java.patch ++++ osinfo-db: - jsc#PED-2113 [Virt Tools] Refresh Virtualization Tools for Xen and KVM Management ------------------------------------------------------------------ ------------------ 2022-10-3 - Oct 3 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net: mana: Add rmb after checking owner bits (git-fixes). - commit 85bfc78 - Makefile.debug: re-enable debug info for .S files (git-fixes). - commit 50458f2 - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (bsc#1194869). - commit 48283d1 ++++ mozilla-nss: - Update nss-fips-approved-crypto-non-ec.patch to allow the use of DSA keys (verification only) (bsc#1201298). - Update nss-fips-constructor-self-tests.patch to add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). ------------------------------------------------------------------ ------------------ 2022-10-2 - Oct 2 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup() (git-fixes). - Refresh patches.suse/usb-dwc3-gadget-Avoid-duplicate-requests-to-enable-R.patch. - commit 0719451 - usb: typec: ucsi: Remove incorrect warning (git-fixes). - media: rkvdec: Disable H.264 error detection (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - ASoC: cs42l42: Only report button state if there was a button interrupt (git-fixes). - commit 06be809 ------------------------------------------------------------------ ------------------ 2022-10-1 - Oct 1 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - commit 209f0a1 - Add cherry-picked commit id for an AMDGPU patch (git-fixes) - commit 505fbbc - usb: dwc3: gadget: Refactor pullup() (git-fixes). - commit f481a77 - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - Refresh patches.suse/usb-dwc3-gadget-Avoid-duplicate-requests-to-enable-R.patch. - Refresh patches.suse/usb-dwc3-gadget-Prevent-repeat-pullup.patch. - commit 6d90a05 - wifi: mac80211: fix regression with non-QoS drivers (git-fixes). - selftests: Fix the if conditions of in test_extra_filter() (git-fixes). - net: phy: Don't WARN for PHY_UP state in mdio_bus_phy_resume() (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - thunderbolt: Add support for Intel Maple Ridge single port controller (git-fixes). - Revert "usb: add quirks for Lenovo OneLink+ Dock" (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - commit ce89825 - gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - Input: iqs62x-keys - drop unused device node references (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - mmc: hsq: Fix data stomping during mmc recovery (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - commit 02160f0 - drm/i915/gt: Restrict forced preemption to the active context (git-fixes). - Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time" (git-fixes). - drm/bridge: lt8912b: fix corrupted image output (git-fixes). - drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes). - drm/bridge: lt8912b: add vsync hsync (git-fixes). - Revert "firmware: arm_scmi: Add clock management to the SCMI power domain" (git-fixes). - drm/amdgpu: don't register a dirty callback for non-atomic (git-fixes). - firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes). - firmware: arm_scmi: Harden accesses to the reset domains (git-fixes). - commit 509f7ae - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: ingenic-tcu: Properly enable registers before accessing timers (git-fixes). - arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes). - ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/gma500: Fix BUG: sleeping function called from invalid context errors (git-fixes). - drm/amdgpu: make sure to init common IP before gmc (git-fixes). - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule() (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards (git-fixes). - drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes). - drm/amdgpu: Separate vf2pf work item init from virt data exchange (git-fixes). - commit 931f4f4 - Add blacklist and alt-commit for ASoC cs35l41 patches (bsc#1203699) - commit b1bfeae ------------------------------------------------------------------ ------------------ 2022-9-30 - Sep 30 2022 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 4.1.0 - t-u: Add a "setup-kdump" command; implements [jsc#PED-1441] - Export TRANSACTIONAL_UPDATE_ROOT (the path to the snapshot) in the update environment; implements [jsc#PED-1078] - Add support for "notify" reboot method for desktop use [gh#openSUSE/transactional-update#93] - Fix kdump initrd recreation detection; the check was performed in the active snapshot instead of the target snapshot - Document register command [bsc#1202900] - Avoid unnecessary snapshots for register command [bsc#1202901] - Various optimizations for register command - Remove bogus error message when triggering reboot - Rework /etc overlay documentation in "The Transactional Update Guide" - Fix incorrect manpage formatting - Remove leftover "salt" reboot method in configuration example file - Replace deprecated std::mem_fn with lambdas ++++ kernel-default: - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - commit 6f3c833 - scsi: smartpqi: Add module param to disable managed ints (bsc#1203893). - commit e1af9a1 - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). Dropped: patches.suse/lpfc-decouple-port_template-and-vport_template.patch - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - commit 23fee86 - supported.conf: mark spi-pxa2xx-platform as supported (bsc#1203699) It's required for the sound on recent Intel machines - commit d17d5e0 - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - commit 495ecbc - wifi: cfg80211: ensure length byte is present before access (CVE-2022-41674 bsc#1203770). - wifi: cfg80211/mac80211: reject bad MBSSID elements (CVE-2022-41674 bsc#1203770). - wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() (CVE-2022-41674 bsc#1203770). - commit 79b409a - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Fix spelling mistake "definiton" -> "definition" (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: qla2xxx: Define static symbols (bsc#1203935). - scsi: qla2xxx: Enhance driver tracing with separate tunable and more (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets" (bsc#1203935). - scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - commit 76fee71 - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - commit df43957 - kabi/severities: add mlx5 internal symbols - commit cbdf7d1 - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (bsc#1196869). - commit 421a33e - ALSA: hda/realtek: More robust component matching for CS35L41 (bsc#1203699). - commit 13ee63f ++++ kernel-firmware: - Add firmware files for CS35L41 codecs (bsc#1203699) Copied from the upstream linux-firmware tree ++++ multipath-tools: - Use %tmpfiles_create macro for tmpfiles.d file - Update to version 0.9.0+62+suse.3e048d4: * Fix multipathd authorization bypass and symlink attack (bsc#1202739 CVE-2022-41973 CVE-2022-41974) * add multipath-dracut.conf: dracut config file to install tmpfiles.d/multipath.conf in initramfs ++++ python-gobject: - Update to version 3.42.2: * Error out instead of crashing when marshaling unsupported fundamental types in some cases :mr:`180` * Add a workaround for a PyPy 3.9+ bug when threads are used :mr:`200` * Fix crashes when marshaling zero terminated arrays for certain item types :mr:`191` * Fix a crash/refcounting error in case marshaling a hash table fails :mr:`191` * Make the test suite pass again with PyPy :mr:`191` * tests: support running tests with (MSVC) CPython 3.8+ on Windows :mr:`206` * interface: Fix leak when overriding GInterfaceInfo :mr:`204` * setup.py: look up pycairo headers without importing the module (helps with building on Windows and MSVC CPython 3.8+) :mr:`205` ++++ qemu: - Fix bsc#1198038, CVE-2022-0216 * Patches added: scsi-lsi53c895a-really-fix-use-after-fre.patch ++++ selinux-policy: - Updated quilt couldn't unpack tarball. This will cause ongoing issues so drop the sed statement in the %prep section and add distro_suse_to_distro_redhat.patch to add the necessary changes via a patch ------------------------------------------------------------------ ------------------ 2022-9-29 - Sep 29 2022 ------------------- ------------------------------------------------------------------ ++++ docker: - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux. - Fix syntax of boolean dependency ++++ kernel-default: - kABI: fix adding another field to scsi_device (bsc#1203039). - scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039). - Refresh patches.kabi/blk-mq-fix-kabi-support-concurrent-queue-quiesce-unquiesce.patch. - Refresh patches.kabi/kABI-fix-adding-field-to-scsi_device.patch. - commit 38a6998 - mm: Fix PASID use-after-free issue (bsc#1203908). - commit e2ea645 - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - commit 2c277d7 - spi: propagate error code to the caller of acpi_spi_device_alloc() (bsc#1203699). - spi: Return deferred probe error when controller isn't yet available (bsc#1203699). - commit 719f957 - cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock (bsc#1196869). - commit 20ffc1f - kABI workaround for spi changes (bsc#1203699). - commit 57d4f4f - cgroup: Fix race condition at rebind_subsystems() (bsc#1203902). - commit ec3105d - ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model (bsc#1203699). - commit 274acc0 - cs-dsp and serial-multi-instantiate enablement (bsc#1203699) - Update config files - Update supported.conf - commit 6b0538d - platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (bsc#1203699). - ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699). - ACPI / scan: Create platform device for CS35L41 (bsc#1203699). - platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699). - platform/x86: serial-multi-instantiate: Reorganize I2C functions (bsc#1203699). - platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (bsc#1203699). - spi: Add API to count spi acpi resources (bsc#1203699). - spi: Support selection of the index of the ACPI Spi Resource before alloc (bsc#1203699). - spi: Create helper API to lookup ACPI info for spi device (bsc#1203699). - i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699). - commit 66cfc1c - ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699). - ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699). - ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties (bsc#1203699). - ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41 (bsc#1203699). - ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware (bsc#1203699). - commit 3025b3b - ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699). - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-Lenovo-Yoga9-14IAP7.patch. - commit d934822 - ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699). - ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699). - ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops (bsc#1203699). - commit 6e401a7 - Revert "ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations" (bsc#1203699). - ALSA: hda: cs35l41: Add module parameter to control firmware load (bsc#1203699). - ALSA: hda: cs35l41: Support Firmware switching and reloading (bsc#1203699). - ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699). - ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables (bsc#1203699). - ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699). - commit 8707600 - ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699). - ASoC: cs35l41: Do not print error when waking from hibernation (bsc#1203699). - ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699). - ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code (bsc#1203699). - ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699). - ALSA: hda: cs35l41: Support multiple load paths for firmware (bsc#1203699). - ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699). - ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver (bsc#1203699). - ALSA: hda: cs35l41: Add initial DSP support and firmware loading (bsc#1203699). - ALSA: hda: cs35l41: Save codec object inside component struct (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls (bsc#1203699). - ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41 (bsc#1203699). - ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699). - ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations (bsc#1203699). - ALSA: hda: cs35l41: Don't dereference fwnode handle (bsc#1203699). - ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699). - ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference (bsc#1203699). - commit 0179f7c - ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static (bsc#1203699). - ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699). - ASoC: cs35l41: Correct some control names (bsc#1203699). - ASoC: cs35l41: Add endianness flag in snd_soc_component_driver (bsc#1203699). - commit f2b0e66 - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - commit a26b9a2 - ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops (bsc#1203699). - Refresh patches.suse/ALSA-hda-realtek-Add-a-quirk-for-HP-OMEN-16-8902-mut.patch. - commit 342e19c - ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec (bsc#1203699). - commit 0fd2db1 - ALSA: hda: cs35l41: Add Amp Name based on channel and index (bsc#1203699). - ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845/865 G9 (bsc#1203699). - ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - commit 4800a47 - ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code (bsc#1203699). - ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops (bsc#1203699). - ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699). - ALSA: hda: cs35l41: Remove Set Channel Map api from binding (bsc#1203699). - ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop (bsc#1203699). - ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699). - commit 346d9b0 - ALSA: hda/cs8409: Support manual mode detection for CS42L42 (bsc#1203699). - ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver (bsc#1203699). - ASoC: cs35l41: Support external boost (bsc#1203699). - ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use (bsc#1203699). - ALSA: hda: cs35l41: Handle all external boost setups the same way (bsc#1203699). - ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699). - ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699). - ALSA: hda: cs35l41: Move boost config to initialization code (bsc#1203699). - ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699). - ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699). - commit e34c590 - ASoC: cs42l42: Move CS42L42 register descriptions to general include (bsc#1203699). - ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START (bsc#1203699). - ASoC: cs42l42: Handle system suspend (bsc#1203699). - ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling (bsc#1203699). - ASoC: cs42l42: Report full jack status when plug is detected (bsc#1203699). - ASoC: cs42l42: Report initial jack state (bsc#1203699). - ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699). - ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699). - ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699). - ASoC: cs42l42: free_irq() before powering-down on probe() fail (bsc#1203699). - ASoC: cs42l42: Reset and power-down on remove() and failed probe() (bsc#1203699). - ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler (bsc#1203699). - ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks (bsc#1203699). - ASoC: cs42l42: Use two thresholds and increased wait time for manual type detection (bsc#1203699). - ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699). - ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script (bsc#1203699). - ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts (bsc#1203699). - ASoC: cs42l42: Fix WARN in remove() if running without an interrupt (bsc#1203699). - ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699). - ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699). - ASoC: cs42l42: Allow time for HP/ADC to power-up after enable (bsc#1203699). - ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699). - ASoC: cs42l42: Don't claim to support 192k (bsc#1203699). - ASoC: cs42l42: Don't reconfigure the PLL while it is running (bsc#1203699). - commit 866431d - ALSA: hda: cs35l41: Put the device into safe mode for external boost (bsc#1203699). - ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699). - ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699). - ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699). - ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699). - ALSA: cs35l41: Check hw_config before using it (bsc#1203699). - ALSA: cs35l41: Unify hardware configuration (bsc#1203699). - commit ac37bc4 - ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699). - ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699). - ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants (bsc#1203699). - ALSA: hda/cs8409: Re-order quirk table into ascending order (bsc#1203699). - ALSA: hda/cs8409: Fix Warlock to use mono mic configuration (bsc#1203699). - commit af84f1a - ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9 (bsc#1203699). - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-HP-Dev-One.patch. - Refresh patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-HP-machin.patch. - commit 7831f17 - ASoC: cs35l41: Remove unnecessary param (bsc#1203699). - ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699). - commit 8ea9da8 - ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699). - Refresh patches.suse/ALSA-hda-realtek-Add-a-quirk-for-HP-OMEN-16-8902-mut.patch. - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-HP-Dev-One.patch. - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-Lenovo-Yoga9-14IAP7.patch. - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-the-Framework-Laptop.patch. - Refresh patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-HP-machin.patch. - Refresh patches.suse/ALSA-hda-realtek-fix-right-sounds-and-mute-micmute-L-024a7ad9eb4d.patch. - Refresh patches.suse/ALSA-hda-realtek-fix-right-sounds-and-mute-micmute-L.patch. - commit a813cc9 - ASoC: cs35l41: Fix DSP mbox start command and global enable order (bsc#1203699). - ASoC: cs35l41: Fix max number of TX channels (bsc#1203699). - ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699). - ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699). - ALSA: hda: cs35l41: Tidyup code (bsc#1203699). - ALSA: hda: cs35l41: Make use of the helper function dev_err_probe() (bsc#1203699). - ALSA: hda: cs35l41: Add missing default cases (bsc#1203699). - ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace (bsc#1203699). - ALSA: hda: cs35l41: Add calls to newly added test key function (bsc#1203699). - ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699). - ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699). - commit 31fd8da - firmware: cs_dsp: Add memory chunk helpers (bsc#1203699). - firmware: cs_dsp: Add pre_stop callback (bsc#1203699). - ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699). - ASoC: wm_adsp: Fix event for preloader (bsc#1203699). - ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed (bsc#1203699). - firmware: cs_dsp: Fix overrun of unterminated control name string (bsc#1203699). - ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699). - ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699). - ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699). - ASoC: wm_adsp: Correct control read size when parsing compressed buffer (bsc#1203699). - ASoC: cs35l41: Add support for hibernate memory retention mode (bsc#1203699). - ASoC: cs35l41: Update handling of test key registers (bsc#1203699). - ASoC: wm_adsp: Add support for "toggle" preloaders (bsc#1203699). - firmware: cs_dsp: Clear core reset for cache (bsc#1203699). - ASoC: cs35l41: Correct handling of some registers in the cache (bsc#1203699). - ASoC: cs35l41: Correct DSP power down (bsc#1203699). - ASoC: cs35l41: Remove incorrect comment (bsc#1203699). - ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699). - ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699). - ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699). - firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer (bsc#1203699). - firmware: cs_dsp: Allow creation of event controls (bsc#1203699). - firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699). - firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699). - firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl (bsc#1203699). - firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699). - firmware: cs_dsp: Print messages from bin files (bsc#1203699). - firmware: cs_dsp: Add pre_run callback (bsc#1203699). - firmware: cs_dsp: Add version checks on coefficient loading (bsc#1203699). - firmware: cs_dsp: Add lockdep asserts to interface functions (bsc#1203699). - firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699). - ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret' (bsc#1203699). - commit 545439c - supported.conf: Add cs_dsp firmware module (bsc#1203699) - commit af1ea30 - Update config files: enable CS35L41 support (bsc#1203699) - commit 195ddb7 - ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops (bsc#1203699). - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-Lenovo-Yoga9-14IAP7.patch. - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-the-Framework-Laptop.patch. - Refresh patches.suse/ALSA-hda-realtek-fix-speakers-and-micmute-on-HP-855-.patch. - commit 0a4cbdb - ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699). - Refresh patches.suse/ALSA-hda-ALC287-Add-Lenovo-IdeaPad-Slim-9i-14ITL5-sp.patch. - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-Legion-Y9000X-2019.patch. - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-Lenovo-Yoga9-14IAP7.patch. - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-the-Framework-Laptop.patch. - Refresh patches.suse/ALSA-hda-realtek-fix-speakers-and-micmute-on-HP-855-.patch. - commit b3dce35 - ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699). - commit 39ffdf8 - ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699). - ASoC: cs35l41: Create shared function for boost configuration (bsc#1203699). - ASoC: cs35l41: Create shared function for setting channels (bsc#1203699). - ASoC: cs35l41: Create shared function for errata patches (bsc#1203699). - ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699). - ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699). - ASoC: cs35l41: Convert tables to shared source code (bsc#1203699). - ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699). - ASoC: cs35l41: Fix link problem (bsc#1203699). - ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699). - ASoC: cs35l41: DSP Support (bsc#1203699). - ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699). - ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699). - ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699). - ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699). - ASoC: wm_adsp: remove a repeated including (bsc#1203699). - firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic DSPs (bsc#1203699). - ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops (bsc#1203699). - ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699). - ASoC: wm_adsp: move firmware loading to client (bsc#1203699). - ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core (bsc#1203699). - ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699). - ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699). - ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699). - ASoC: wm_adsp: Split DSP power operations into helper functions (bsc#1203699). - ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699). - ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699). - ASoC: wm_adsp: Rename generic DSP support (bsc#1203699). - ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699). - ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers (bsc#1203699). - ASoC: wm_adsp: Move check for control existence (bsc#1203699). - ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699). - ASoC: cs35l41: Binding fixes (bsc#1203699). - misc: cs35l41: Remove unused pdn variable (bsc#1203699). - ASoC: cs35l41: Fix a bunch of trivial code formating/style issues (bsc#1203699). - ASoC: cs35l41: Fixup the error messages (bsc#1203699). - ASoC: cs35l41: Don't overwrite returned error code (bsc#1203699). - ASoC: cs35l41: Combine adjacent register writes (bsc#1203699). - ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot (bsc#1203699). - ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699). - ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699). - ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699). - ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699). - commit 5d21207 - kABI: Add back removed struct paca member (bsc#1203664 ltc#199236). - Revert "powerpc/rtas: Implement reentrant rtas call" (bsc#1203664 ltc#199236). - commit 93ebb75 ++++ osinfo-db: - Update to database version 20220830 osinfo-db-20220830.tar.xz ++++ samba: - Update to 4.15.10 * Possible use after free of connection_struct when iterating smbd_server_connection->connections; (bso#15128); (bsc#1200102). * smbXsrv_connection_shutdown_send result leaked; (bso#15174). * Spotlight RPC service returns wrong response when Spotlight is disabled on a share; (bso#15086). * acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr; (bso#15126). * Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1; (bso#15153). * assert failed: !is_named_stream(smb_fname)") at ../../lib/util/fault.c:197; (bso#15161). * Missing READ_LEASE break could cause data corruption; (bso#15148). * rpcclient can crash using setuserinfo(2); (bso#15124). * Samba fails to build with glibc 2.36 caused by including in libreplace; (bso#15132). * SMB1 negotiation can fail to handle connection errors; (bso#15152). * samba-tool domain join segfault when joining a samba ad domain; (bso#15078). - Update to 4.15.9 * CVE-2022-32742:SMB1 code does not correct verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085); (bsc#1201496). * CVE-2022-32746: samba: Use-after-free occurring in database audit logging; (bso#15009); (bso#15096); (bsc#1201490). * CVE-2022-2031: samba, ldb: AD users can bypass certain restrictions associated with changing passwords; (bso#15047); (bsc#1201495); * CVE-2022-32745: samba: ldb: AD users can crash the server process with an LDAP add or modify request; (bso#15008); (bso#15096); (bsc#1201492). * CVE-2022-2031: samba, ldb: AD users can bypass certain restrictions associated with changing passwords; (bso#15047); (bsc#1201495); * CVE-2022-32744: samba, ldb: AD users can forge password change requests for any user; (bso#15074); (bso#15047); (bsc#1201493). ++++ selinux-policy: - Update fix_networkmanager.patch to ensure NetworkManager chrony dispatcher is properly labled and update fix_chronyd.patch to ensure chrony helper script has proper label to be used by NetworkManager. Also allow NetworkManager_dispatcher_custom_t to query systemd status (bsc#1203824) ++++ shim: - shim-install: ensure grub.cfg created is not overwritten after installing grub related files ------------------------------------------------------------------ ------------------ 2022-9-28 - Sep 28 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: add scsi commit that's too invasive - commit ed3d357 - struct ehci_hcd: hide new element going into a hole (git-fixes). - commit 859270b - USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes). - commit 71e1e4f - xen/usb: don't use arbitrary_virt_to_machine() (git-fixes). - commit 9497b70 - usb: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes). - usb: host: xhci: use ffs() in xhci_mem_init() (git-fixes). - commit f930b4a - usb: Drop commas after SoC match table sentinels (git-fixes). - commit c8fc91a - struct xhci_hcd: restore member now dynamically allocated (git-fixes). - commit ac47acd - xhci: Allocate separate command structures for each LPM command (git-fixes). - commit 33fbca4 - USB: core: Fix RST error in hub.c (git-fixes). - commit 19a77db ------------------------------------------------------------------ ------------------ 2022-9-27 - Sep 27 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - fuse: Remove the control interface for virtio-fs (bsc#1203798). - commit a23dd0d - constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. - commit 43a9011 - usb.h: struct usb_device: hide new member (git-fixes). - commit fbd8f4a - USB: core: Prevent nested device-reset calls (git-fixes). - commit 9ef8532 - usb: dwc3: disable USB core PHY management (git-fixes). - commit 1a35727 - Update patch referecen for ALSA fix (CVE-2022-3303 bsc#1203769) - commit 9addbc1 - ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel systems (bsc#1203767). - commit ec98644 - NFSv4.2: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes). - NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - NFSv4.2 fix problems with __nfs42_ssc_open (git-fixes). - net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - NFSv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFSv4: Fix races in the legacy idmapper upcall (git-fixes). - sunrpc: fix expiry of auth creds (git-fixes). - NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFSv4.1: Don't decrease the value of seq_nr_highest_sent (git-fixes). - pNFS/flexfiles: Report RDMA connection errors to the server (git-fixes). - Revert "pNFS: nfs3_set_ds_client should set NFS_CS_NOPING" (git-fixes). - lockd: detect and reject lock arguments that overflow (git-fixes). - SUNRPC: Fix xdr_encode_bool() (git-fixes). - nfsd: eliminate the NFSD_FILE_BREAK_* flags (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes). - NFSD: Clean up the show_nf_flags() macro (git-fixes). - SUNRPC: Don't leak sockets in xs_local_connect() (git-fixes). - SUNRPC: Don't call connect() more than once on a TCP socket (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes). - commit 510ad2f ++++ mozilla-nss: - Update nss-fips-approved-crypto-non-ec.patch to allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - Update nss-fips-constructor-self-tests.patch to hopefully export sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980). ++++ python-msgpack: - Loose the filelist for the package info to avoid FTBFS on SLE-15-SP5 (bsc#1203743). ++++ selinux-policy: - Update fix_xserver.patch to add greetd support (bsc#1198559) ------------------------------------------------------------------ ------------------ 2022-9-26 - Sep 26 2022 ------------------- ------------------------------------------------------------------ ++++ lvm2-device-mapper: - lvmlockd is not supporting sanlock (bsc#1203482) - set 1 for _supportsanlock in lvm2.spec for enabling sanlock. ++++ kernel-default: - x86/sev: Add missing __init annotations to SEV init routines (jsc#SLE-19924 jsc#SLE-24814). - Refresh patches.suse/x86-sev-Get-the-AP-jump-table-address-from-secrets-page. - commit e7f768c - scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" (git-fixes). - commit c7d72a7 - i2c: mlxbf: Fix frequency calculation (git-fixes). - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (git-fixes). - i2c: mlxbf: incorrect base address passed during io write (git-fixes). - i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible (git-fixes). - commit abc7475 ++++ expat: - Security fix: * (CVE-2022-40674, bsc#1203438) use-after-free in the doContent function in xmlparse.c - Added patch expat-CVE-2022-40674.patch ++++ lvm2: - lvmlockd is not supporting sanlock (bsc#1203482) - set 1 for _supportsanlock in lvm2.spec for enabling sanlock. ++++ sssd: - Fix sdap_access_host No matching host rule found; (bsc#1202559); Add patch 0001-Fix-sdap_access_host-No-matching-host-rule-found.patch ++++ openSUSE-repos-LeapMicro: - Update to version 20220926.da3133a: * Corrected path and name for LeapMicro debug repo - Update to version 20220926.c75597d: * Run spec-cleaner on specs - Update to version 20220926.e27264d: * Add LeapMicro - Update to version 20220926.be4cbf8: * Specs for multibuild support as we have >2 flavors ++++ salt: - Handle non-UTF-8 bytes in core grains generation (bsc#1202165) - Fix Syndic authentication errors (bsc#1199562) - Add Amazon EC2 detection for virtual grains (bsc#1195624) - Fix the regression in schedule module releasded in 3004 (bsc#1202631) - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Change the delimeters to prevent possible tracebacks on some packages with dpkg_lowpkg - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) - Fix test_ipc unit test - Added: * retry-if-rpm-lock-is-temporarily-unavailable-547.patch * change-the-delimeters-to-prevent-possible-tracebacks.patch * fix-test_ipc-unit-tests.patch * backport-syndic-auth-fixes.patch * fix-the-regression-in-schedule-module-releasded-in-3.patch * add-amazon-ec2-detection-for-virtual-grains-bsc-1195.patch * ignore-non-utf8-characters-while-reading-files-with-.patch * fix-state.apply-in-test-mode-with-file-state-module-.patch ++++ rust-keylime: - Rebase bindgen.patch and upstream the change - Rebase keylime-agent.conf.diff - Store the configuration file in /usr/etc/keylime/agent.conf - Fix keylime user creation - Drop webapp service port in firewall XML service file - Update to version 0.1.0+git.1663769444.6318234: * Update comments in the configuration file * config: Align config locations with the python components * config: Add configuration file version * config: Add back support for KEYLIME_DIR env var * Change configuration format to TOML * Add support for using passphrase protected key * Do not try to load TPM data generated by another TPM * Allow using existing key and certificate * Remove the agent TPM data from the config struct * Rename the configuration options * Use password to generate EK when provided * Add tpm_ownerpassword option to keylime.conf * Add cargo audit to CI static tests * Add agent and faked_measured_boot_log tests context * Appease clippy ------------------------------------------------------------------ ------------------ 2022-9-25 - Sep 25 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: remove blacklisted patch This patch was incorrectly blacklisted, but in fact is needeed, so remove the blacklist first. - commit 858de69 - serial: fsl_lpuart: Reset prior to registration (git-fixes). - workqueue: don't skip lockdep work dependency in cancel_work_sync() (git-fixes). - arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes). - media: flexcop-usb: fix endpoint type check (git-fixes). - usb: dwc3: core: leave default DMA if the controller does not support 64-bit DMA (git-fixes). - drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes). - drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() (git-fixes). - drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks (git-fixes). - drm/panfrost: devfreq: set opp to the recommended one to configure regulator (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - wifi: mac80211_hwsim: check length for virtio packets (git-fixes). - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (git-fixes). - drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - serial: atmel: remove redundant assignment in rs485_config (git-fixes). - video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes). - commit 05ff2c7 ------------------------------------------------------------------ ------------------ 2022-9-24 - Sep 24 2022 ------------------- ------------------------------------------------------------------ ++++ openSUSE-repos-LeapMicro: - Update to version 20220924.5761673: * requested in https://code.opensuse.org/leap/features/issue/91 * Disable post-build checks due to boo#1203715 * Initial rpm spec logic is based on rpm-repos-openSUSE from Neal ------------------------------------------------------------------ ------------------ 2022-9-23 - Sep 23 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - commit 338849f - kexec_file: drop weak attribute from functions (bsc#1196444). - commit 3df1852 - KVM: avoid NULL pointer dereference in kvm_dirty_ring_push (bsc#1198189 CVE-2022-1263). - commit 7717214 - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - commit a0517d1 - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - commit 6bb0d35 - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes). - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes). - arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes). - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes). - selftests: forwarding: add shebang for sch_red.sh (git-fixes). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - wifi: mt76: fix reading current per-tid starting sequence number for aggregation (git-fixes). - batman-adv: Fix hang up with small MTU hard-interface (git-fixes). - net: phy: aquantia: wait for the suspend/resume operations to finish (git-fixes). - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully (git-fixes). - gpio: mockup: fix NULL pointer dereference when removing debugfs (git-fixes). - selftests: forwarding: Fix failing tests with old libnet (git-fixes). - commit 4895eee ------------------------------------------------------------------ ------------------ 2022-9-22 - Sep 22 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - Add 0002-selinux-temporary-remove-setroubleshoot-section.patch (jsc#CSD-77) - Add dependency policycoreutils-python-utils for cockpit-selinux (bsc#1203371) - Minor changes in cockpit.spec file to adjust macros in conditionals for SLE Micro ++++ kernel-default: - net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes). - commit a413591 - net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes). - commit 7bd201a - net: enetc: Use pci_release_region() to release some resources (git-fixes). - commit 15bc221 - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (git-fixes). - commit 568058d - net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes). - commit a7df60c - net: stmmac: fix out-of-bounds access in a selftest (git-fixes). - commit 1d801d7 - net: macb: Fix PTP one step sync support (git-fixes). - commit c6f42d2 - net: wwan: iosm: remove pointless null check (git-fixes). - commit 4eccfc1 - eth: sun: cassini: remove dead code (git-fixes). - commit aa42615 - net: stmmac: remove unused get_addr() callback (git-fixes). - commit 14586bc - Revert "ice: Hide bus-info in ethtool for PRs in switchdev mode" (git-fixes). - commit 2b88535 - net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes). - commit 63c3906 - net: dsa: felix: fix tagging protocol changes with multiple CPU ports (git-fixes). - commit 41e3617 - net: dsa: introduce helpers for iterating through ports using dp (git-fixes). - commit 5001021 - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes). - commit 1bdfd3c - net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes). - commit f002bf7 - net: phy: at803x: move page selection fix to config_init (git-fixes). - commit 02fb6c3 - ice: Match on all profiles in slow-path (git-fixes). - commit 5ba2957 - net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes). - commit 1308dcb - blacklist.conf: update blacklist - commit e0df553 - blacklist.conf: update blacklist - commit d975e01 - blacklist.conf: update blacklist - commit 2402036 - ALSA: hda: Fix Nvidia dp infoframe (git-fixes). - ALSA: hda/tegra: set depop delay for tegra (git-fixes). - ALSA: hda/tegra: Update scratch reg. communication (git-fixes). - ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes). - commit 636d297 - ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop (git-fixes). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - commit a4ecf82 - dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() (git-fixes). - Revert "ALSA: usb-audio: Split endpoint setups for hw_params and prepare" (git-fixes). - ALSA: core: Fix double-free at snd_card_new() (git-fixes). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes). - gpio: mockup: remove gpio debugfs when remove device (git-fixes). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: goodix - add compatible string for GT1158 (git-fixes). - Input: goodix - add support for GT1158 (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes). - usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes). - ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes). - commit 6a1df1e ++++ mozilla-nss: - Update nss-fips-approved-crypto-non-ec.patch to prevent sessions from getting flagged as non-FIPS (bsc#1191546). - Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - Enable nss-fips-drbg-libjitter.patch now that we have a patched libjitter to build with (bsc#1202870). ++++ libusb-1_0: - Added 0002-gracefully-handle-buggy-config0-devices.patch * Fix regression where some buggy devices no longer work if they have a configuration value of 0. * [bsc#1201590] ++++ tcl: - Fix a race condition in test socket-13.1 (tcl-test-socket-13.1.patch). ------------------------------------------------------------------ ------------------ 2022-9-21 - Sep 21 2022 ------------------- ------------------------------------------------------------------ ++++ drbd-utils: - drbd-utils.spec force _localstatedir to use /var/lib in runtime (bsc#1203220) ++++ kernel-default: - Refresh patches.suse/iommu-vt-d-Acquiring-lock-in-domain-ID-allocation-helpers Fix spin deadlock in intel_iommu (bsc#1203505) - commit 69d294e - media: dvb-core: Fix UAF due to refcount races at releasing (CVE-2022-41218 bsc#1202960). - commit bdcd7ab - Update kabi files: import symvers from MU 5.14.21-150400.24.21 - commit a9db6f7 ++++ libnvme: - Fixes for controller authentication (bsc#1201501 bsc#1201700 bsc#1201701 bsc#1201717) * add 0007-python-add-missing-ctrl-attrs-to-Python-bindings.patch * add 0008-libnvme-accessors-for-dhchap_key-variables.patch * add 0009-fabrics-Update-controller-authentication-in-nvmf_add.patch * add 0010-json-fixup-dhchap_ctrl_key-definitions.patch * add 0011-tree-rename-controller-dhchap_key-to-dhchap_ctrl_key.patch * add 0012-Parse-dhchap_host_key-on-controller-level.patch * add 0013-json-schema-add-dhchap_key-details-to-host-section.patch * add 0014-nvme-tree-avoid-segfault-if-auth-keys-are-unavailabl.patch * add 0015-fabrics-restructrure-nvmf_get_discovery_log.patch - Subsystem scanning logic fixes * add 0016-tree-simplifiy-nvme_subsystem_lookup_namespace.patch * add 0017-tree-make-nvme_subsystem_scan_namespace-idempotent.patch * add 0018-tree-make-nvme_ctrl_scan_namespace-idempotent.patch - Fix PowerPC build warnings * add 0019-Fix-llx-lx-build-warnings-on-powerpc.patch - Fabrics fixes * add 0020-fabrics-sanitize-dump-config-output.patch * add 0021-fabrics-Fix-build_options-return-values.patch ++++ nvme-cli: - Support auto discovery, add %systemd_ordering to spec file (bsc#1186399) - fabrics: Remove dhchap-ctrl-secret from discover/connect-all (bsc#1201701) * add 0006-fabrics-Remove-dhchap-ctrl-secret-from-discover-conn.patch - Fabrics related bug fixes * add 0007-fabrics-error-message-for-nvme-discover-connect-all-.patch * add 0008-fabrics-avoid-segfault-when-nvme-discover-fails-with.patch * add 0009-fabrics-avoid-segfault-if-transport-type-is-omitted.patch * add 0010-nvme-Return-status-error-code-for-effects-log-comman.patch * add 0011-nvme-fix-nvme-get-feature-with-H-option.patch * add 0012-fabrics-Avoid-nvme_scan_ctrl-when-disconnecting.patch * add 0013-nvme-Do-not-print-error-message-in-collect_effects_l.patch * add 0014-nvme-print-Handle-NULL-hostid-in-JSON-output.patch * add 0015-nvme-print-sanitize-the-get-feature-async-event-conf.patch ++++ podman: - Update to version 4.2.1: * Bump to v4.2.1 * Add release notes for v4.2.1 * remove SkipIfNotFedora() from events test * fix podman events with custom format * Drop stale config value resulting in asymmetric config * Fix list of default capabilities * Add container GID to additional groups (CVE-2022-2989 / bsc#1202809, removes patch 0001-Add-container-GID-to-additional-groups.patch) * libpod: Ensure that generated container names are random * Fix bind-mount-option annotation in gen/play kube * Improved Windows compatibility for machine command * updated apiv2 tests to reflect hash compat fix * api: return imageID instead of imageName, for "Image" when Podman API is queried * Inhibit SIGTERM during Conmon startup * Fix example sections to follow the same format * Fix template name inconsistency * service: make move to sub-cgroup non fatal * Remove duplicate annotations in generated service yaml * Compat API image remove events now have 'delete' status * [CI:DOCS] Automatically set podman version in pkginstaller * Allow colons in windows file paths * Fixes isRootfull check using qemu machine on Windows * vendor containers/psgo@v1.7.3 * Allow podman to run in an environment with keys containing spaces * Document restrictions on transport in FROM * Improved Windows compatibility * pass environment variables to container clone * podman save: update --compress validation * sort hc.Binds returned from compat api * Cirrus: Update podman-machine comment * podman images and friends can take one image as argument * [CI:DOCS] Add .DS_Store to gitignore * podman-kube@.service.in: Remove Restart=never option with typo * Fix #15499 already connected network * [CI:DOCS] Cirrus: Update meta-task for EC2 image * fix CI: remove hardcodeded alpine version * fix CI: remove hardcodeded alpine version * Preserve all unknown PolicyRequirement fields on (podman image trust set) * Reorganize the types in policy.go a bit * Add support for showing keyPaths in (podman image trust show) * Support (image trust show) for sigstoreSigned entries * BREAKING CHANGE: Change how (podman image trust show) represents multiple requirements * Reorganize descriptionsOfPolicyRequirements a bit * Use the full descriptionsOfPolicyRequirements for the default scope * Rename haveMatchRegistry to registriesDConfigurationForScope * Rename tempTrustShowOutput to entry * Split descriptionsOfPolicyRequirements out of getPolicyShowOutput * Recognize the new lookaside names for simple signing sigstore * Add a unit test for trust.PolicyDescription * Make the output of (podman image trust show) deterministic * Make most of pkg/trust package-private * Move most of ImageEngine.ShowTrust into pkg/trust.PolicyDescription * Add support for sigstoreSigned in (podman image trust set) * Create new policy entries together with validating input * Improve validation of data in ImageEngine.SetTrust * Move most of imageEngine.SetTrust to pkg/trust.AddPolicyEntries * Add a variable for scope * Make trust.CreateTempFile private * Reorganize pkg/trust * Remove an unused trust.ShowOutput type * Remove commented out code * libpod: UpdateContainerStatus: do not wait for container * Skip / update some tests under runc * Bump to v4.2.1-dev * test: update apply-podman-deltas for new tests * build: implement --cache-to,--cache-from and --cache-ttl * vendor: bump buildah to v1.27.0 ------------------------------------------------------------------ ------------------ 2022-9-20 - Sep 20 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: e9b6013a7ce3 x86/speculation: Update link to AMD speculation whitepaper - commit 2ebf815 - EDAC/dmc520: Don't print an error for each unconfigured interrupt line (bsc#1190497). - commit c59e321 - blacklist.conf: ad2c302bc604 EDAC/sifive: Fix non-kernel-doc comment - commit 1146177 - Update patch reference for media fix (CVE-2022-3239 bsc#1203552) - commit 9054a9f - supported.conf: Add drivers/virt/coco/sevguest/sevguest - commit 14b71be - virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814). - Update config files. - commit 07e76d6 - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - commit 575230a ++++ patterns-microos: - removed cockpit-kdump which is not yet ready - 5.3.9 ------------------------------------------------------------------ ------------------ 2022-9-19 - Sep 19 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924, jsc#SLE-24814). - Refresh patches.suse/revert-x86-sev-expose-sev_es_ghcb_hv_call-for-use-by-hyperv.patch. - commit eaa3ba3 - x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924, jsc#SLE-24814). - Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch. - commit cecec70 - x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924, jsc#SLE-24814). - Refresh patches.suse/revert-x86-sev-expose-sev_es_ghcb_hv_call-for-use-by-hyperv.patch. - commit d7a984b - x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814). - Refresh patches.suse/revert-x86-sev-expose-sev_es_ghcb_hv_call-for-use-by-hyperv.patch. - commit df057b9 - x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924, jsc#SLE-24814). - Refresh patches.suse/revert-x86-sev-expose-sev_es_ghcb_hv_call-for-use-by-hyperv.patch. - commit 27da7ad - x86/compressed/64: Detect/setup SEV/SME features earlier during boot (jsc#SLE-19924, jsc#SLE-24814). - Refresh patches.suse/x86-sev-define-the-linux-specific-guest-termination-reasons.patch. - commit 509599d - kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Put globals that are accessed early into the .data section (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix bool function returning negative value (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix return value check in alloc_shared_pages() (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to get extended report (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add identity mapping for Confidential Computing blob (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Add a pointer to Confidential Computing blob in bootparams (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924, jsc#SLE-24814). - KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI kexec handling into common code (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI vendor table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI config table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI system table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924, jsc#SLE-24814). - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add helper for validating pages in early enc attribute changes (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add helper for validating pages in the decompression stage (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814). - x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Use MSR read/write helpers instead of inline assembly (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Create a separate mapping for the GHCB save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Create a separate mapping for the SEV-ES save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924, jsc#SLE-24814). - commit 08ede5a - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - commit b42af07 ++++ util-linux: - libuuid improvements (bsc#1201959, PED-1150): * libuuid: Fix range when parsing UUIDs (util-linux-libuuid-uuid_parse-overrun.patch). * Improve cache handling for short running applications-increment the cache size over runtime (util-linux-libuuid-improve-cache-handling.patch). * Implement continuous clock handling for time based UUIDs (util-linux-libuuid-continuous-clock-handling.patch). * Check clock value from clock file to provide seamless libuuid update (util-linux-libuuid-check-clock-value.patch). ++++ mdadm: - mdadm.spec: add EXTRAVERSION string to make command line (jsc#SLE-24761, bsc#1193566) ++++ util-linux-systemd: - libuuid improvements (bsc#1201959, PED-1150): * libuuid: Fix range when parsing UUIDs (util-linux-libuuid-uuid_parse-overrun.patch). * Improve cache handling for short running applications-increment the cache size over runtime (util-linux-libuuid-improve-cache-handling.patch). * Implement continuous clock handling for time based UUIDs (util-linux-libuuid-continuous-clock-handling.patch). * Check clock value from clock file to provide seamless libuuid update (util-linux-libuuid-check-clock-value.patch). ------------------------------------------------------------------ ------------------ 2022-9-18 - Sep 18 2022 ------------------- ------------------------------------------------------------------ ++++ cloud-netconfig-azure: - /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in Tumbleweed, update path (poo#116221) ++++ cloud-netconfig-ec2: - /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in Tumbleweed, update path (poo#116221) ++++ cloud-netconfig-gce: - /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in Tumbleweed, update path (poo#116221) ------------------------------------------------------------------ ------------------ 2022-9-17 - Sep 17 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes). - pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes). - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (git-fixes). - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (git-fixes). - of/device: Fix up of_dma_configure_id() stub (git-fixes). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - drm/i915: Implement WaEdpLinkRateDataReload (git-fixes). - vfio/type1: Unpin zero pages (git-fixes). - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - efi: libstub: Disable struct randomization (git-fixes). - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - commit a8d151e - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes). - drm/bridge: display-connector: implement bus fmts callbacks (git-fixes). - commit a41cdd0 ------------------------------------------------------------------ ------------------ 2022-9-16 - Sep 16 2022 ------------------- ------------------------------------------------------------------ ++++ drbd-utils: - restore drbd scripts back to /usr/lib/drbd from /lib/drbd (bsc#1203220) Update drbd-utils.spec - fix drbd-bash-completion Update rpmlint-build-error.patch ++++ grub2: - Fix installation failure due to unavailable nvram device on ppc64le (bsc#1201361) * 0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch ++++ kernel-default: - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - commit 37ef226 - xen-blkfront: Cache feature_persistent value before advertisement (git-fixes). - commit 3ed3cdd - Update references: - patches.kabi/kabi-return-type-change-of-secure_ipv-46-_port_ephem.patch - patches.suse/secure_seq-use-the-64-bits-of-the-siphash-for-port-o.patch - patches.suse/tcp-add-small-random-increments-to-the-source-port.patch - patches.suse/tcp-drop-the-hash_32-part-from-the-index-calculation.patch - patches.suse/tcp-dynamically-allocate-the-perturb-table-used-by-s.patch - patches.suse/tcp-increase-source-port-perturb-table-to-2-16.patch - patches.suse/tcp-resalt-the-secret-every-10-seconds.patch - patches.suse/tcp-use-different-parts-of-the-port_offset-for-index.patch (add CVE-2022-32296 bsc#1200288) - commit 07e021d - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (git-fixes). - commit 33b6bc1 - xen-blkfront: Advertise feature-persistent as user requested (git-fixes). - commit 55b30a0 - xen-blkback: Advertise feature-persistent as user requested (git-fixes). - commit aa17727 - xen-blkfront: Apply 'feature_persistent' parameter when connect (git-fixes). - commit ea0d055 - xen-blkback: Apply 'feature_persistent' parameter when connect (git-fixes). - commit 8bac828 - xen-blkback: fix persistent grants negotiation (git-fixes). - commit 8c9e86e - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - commit 8ae5e2f - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - commit fe2de2e - xen-blkfront: Handle NULL gendisk (git-fixes). - commit ff9be3a - blacklist.conf: add 1dbd11ca75fe ("xen: remove gnttab_query_foreign_access") as it would break KABI - commit 893d5df - KVM: SVM: fix tsc scaling cache logic (bsc#1203263). - commit 9311053 - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (git-fixes). - commit 4acefb4 - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes). - commit c7cc445 - KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall (git-fixes). - commit cfc201b - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi() (git-fixes). - commit 001f866 - KVM: X86: Fix when shadow_root_level=5 && guest root_level<4 (git-fixes). - commit 4d133af ++++ colord: - Add colord-CVE-2021-42523.patch: fix a small memory leak in sqlite3_exec (boo#1202802 CVE-2021-42523). ++++ mozilla-nss: - Update nss-fips-approved-crypto-non-ec.patch to prevent keys from getting flagged as non-FIPS and add remaining TLS mechanisms. - Add nss-fips-drbg-libjitter.patch to use libjitterentropy for entropy. This is disabled until we can avoid the inline assembler in the latter's header file that relies on GNU extensions. - Update nss-fips-constructor-self-tests.patch to fix an abort() when both NSS_FIPS and /proc FIPS mode are enabled. ++++ openssl-1_1: - FIPS: Default to RFC-7919 groups for genparam and dhparam * Add openssl-1_1-FIPS-default-RFC7919.patch [bsc#1180995] ++++ python3-core: - Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix CVE-2020-10735 (bsc#1203125) to limit amount of digits converting text to int and vice vera (potential for DoS). Originally by Victor Stinner of Red Hat. ++++ microos-tools: - Update to version 2.17: - selinux-autorelabel-generator: Don't cross partition boundaries for /.snapshots when relabeling [issue#11] ++++ python3: - Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix CVE-2020-10735 (bsc#1203125) to limit amount of digits converting text to int and vice vera (potential for DoS). Originally by Victor Stinner of Red Hat. ------------------------------------------------------------------ ------------------ 2022-9-15 - Sep 15 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - dmaengine: idxd: fix retry value to be constant for duration of function call (git-fixes). - dmaengine: idxd: match type for retries var in idxd_enqcmds() (git-fixes). - commit ad373ba - dmaengine: idxd: change MSIX allocation based on per wq activation (jsc#PED-664). - dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664). - dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664). - commit d9570b4 - Update patch referece for IDXD fix (jsc#PED-729) - commit 0666616 - dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755). - commit b9e7fd2 - dmaengine: idxd: update IAA definitions for user header (jsc#PED-763). - commit 966fd07 - dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682). - Refresh patches.suse/dmaengine-idxd-set-defaults-for-wq-configs.patch. - commit b8b62ed - dmaengine: idxd: handle invalid interrupt handle descriptors (jsc#PED-682). - commit 4d43b5f - dmaengine: idxd: create locked version of idxd_quiesce() call (jsc#PED-682). - commit 84c33cd - dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682). - commit 7f570d2 - dmaengine: idxd: move interrupt handle assignment (jsc#PED-682). - commit c11ff86 - dmaengine: idxd: int handle management refactoring (jsc#PED-682). - commit a2ea081 - dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682). - commit 10afe67 - dmaengine: idxd: set defaults for wq configs (jsc#PED-688). - Refresh patches.suse/dmaengine-idxd-fix-wq-settings-post-wq-disable.patch. - commit d90c3a3 - PCI: Disable MSI for Tegra234 Root Ports (git-fixes). - PCI: Correct misspelled words (git-fixes). - PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes). - commit 2fdd511 - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387). - commit 7d30fcd - net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes). - commit cdb75aa - igb: skip phy status check where unavailable (git-fixes). - commit a3b27da - ice: fix possible under reporting of ethtool Tx and Rx statistics (git-fixes). - commit c2f52c2 - ice: fix crash when writing timestamp on RX rings (git-fixes). - commit fb0a1aa - net/mlx5: Drain fw_reset when removing device (git-fixes). - commit 97a86a6 - net/mlx5e: Remove HW-GRO from reported features (git-fixes). - commit 4a77968 - net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes). - commit f953f8f - net/mlx5e: Properly block LRO when XDP is enabled (git-fixes). - commit 6b1fa7c - net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes). - commit a1cfc32 - net/qla3xxx: Fix a test in ql_reset_work() (git-fixes). - commit 52c2fa5 - net: systemport: Fix an error handling path in bcm_sysport_probe() (git-fixes). - commit b45f6dc - net: macb: Increment rx bd head after allocating skb and buffer (git-fixes). - commit 41b13b2 - net: ipa: get rid of a duplicate initialization (git-fixes). - commit a69d7cd - net: ipa: record proper RX transaction count (git-fixes). - commit 0de4988 - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes). - commit cf3c3f2 - net: ethernet: mediatek: ppe: fix wrong size passed to memset() (git-fixes). - commit f134be1 - ice: Fix race during aux device (un)plugging (git-fixes). - commit 4278261 - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (git-fixes). - commit ca8eb08 - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (git-fixes). - commit d224ca3 - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (git-fixes). - commit 95340f0 - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (git-fixes). - commit bda7960 - net: emaclite: Add error handling for of_address_to_resource() (git-fixes). - commit a361614 - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - commit 014fc77 - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (git-fixes). - commit 72dc370 - net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (git-fixes). - commit 1fa6443 - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (git-fixes). - commit f4b10fd - net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (git-fixes). - commit 6d689b8 - net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK (git-fixes). - commit cda6d8f - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (git-fixes). - commit fc0f29e - net: bcmgenet: hide status block before TX timestamping (git-fixes). - commit 7471b10 - net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes). - commit 77bb15d - net: mscc: ocelot: fix broken IP multicast flooding (git-fixes). - commit 9360c59 - net: bcmgenet: Revert "Use stronger register read/writes to assure ordering" (git-fixes). - commit 2e1c776 - net: ftgmac100: access hardware register after clock ready (git-fixes). - commit 6f339f4 - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - commit 673e9bc - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - commit 04343f5 - Update patches.suse/SUNRPC-Prevent-immediate-close-reconnect.patch (git-fixes, bsc#1203338). - commit 1a26f26 ++++ linux-glibc-devel: - Add the rest of 1.0 IAA operation definitions to the user header (jsc#PED-813). + dmaengine-idxd-update-IAA-definitions-for-user-heade.patch ++++ suseconnect-ng: - Update to version 0.0.10~git0.5f84106: * Fix System-Token support in ruby binding (bsc#1203341) * Added the PACKAGE.md file ------------------------------------------------------------------ ------------------ 2022-9-14 - Sep 14 2022 ------------------- ------------------------------------------------------------------ ++++ hwdata: - update to 0.362: + Updated pci, usb and vendor ids. ++++ kernel-default: - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link (git-fixes). - commit 6e948de - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - commit 6052c6d - mlxsw: i2c: Fix initialization error flow (git-fixes). - commit b1671b5 - net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address() (git-fixes). - commit d6232d0 - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes). - commit 5811714 - dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes). - commit 20972b2 - net: stmmac: Fix unset max_speed difference between DT and non-DT platforms (git-fixes). - commit 21d6298 - vrf: fix packet sniffing for traffic originating from ip tunnels (git-fixes). - commit 656f34a - net: hns3: fix the concurrency between functions reading debugfs (git-fixes). - commit b62a96b - net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes). - commit 91c7940 - net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator (git-fixes). - commit 587d5e0 - net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes). - commit e5cbf9e - blacklist.conf: update blacklist - commit b64ff66 - jfs: prevent NULL deref in diFree (bsc#1203389 CVE-2022-3202). - commit 1259272 - usb: typec: tipd: Add an additional overflow check (git-fixes). - commit b1f97fa - usb: typec: tipd: Don't read/write more bytes than required (git-fixes). - commit e669366 - Update patch references for ALSA fixes (jsc#PED-652 jsc#PED-720) - commit 3c5b516 - ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720). - commit 012fcdf - ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720). - commit ae48fdf - ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652). - commit c23d1e1 - Update DRM UDL patches from upstreamed patches (bsc#1195917) Dropped: patches.suse/0001-drm-udl-Restore-display-mode-on-resume.patch - commit eab8d35 ------------------------------------------------------------------ ------------------ 2022-9-13 - Sep 13 2022 ------------------- ------------------------------------------------------------------ ++++ dmidecode: 2 recommended fixes from upstream: - news-fix-typo.patch: We ship the NEWS file so avoid including a typo in it. - dmioem-fix-segmentation-fault-in-dmi_hp_240_attr.patch: Passing NULL to a %s printf conversion specifier is illegal, and can result in a segmentation fault. Current version of glibc doesn't mind, but alternative, past or future libc implementations could crash, so let's fix it. - Update to upstream version 3.4: * This update implements jsc#SLE-24502 and jsc#PED-1466. * [COMPATIBILITY] Document how the UUID fields are interpreted. * [PORTABILITY] Don't use memcpy on /dev/mem on arm64. * Support for SMBIOS 3.4.0. This includes new memory device types, new processor upgrades, new slot types and characteristics, decoding of memory module extended speed, new system slot types, new processor characteristics and new format of Processor ID. * Support for SMBIOS 3.5.0. This includes new processor upgrades, BIOS characteristics, new slot characteristics, new on-board device types, new pointing device interface types, and a new record type (type 45 - Firmware Inventory Information). * Decode HPE OEM records 194, 199, 203, 236, 237, 238 ans 240. * Bug fixes: Fix OEM vendor name matching * Minor improvements: Add bios-revision, firmware-revision and system-sku-number to -s option Use the most appropriate unit for cache size Decode system slot base bus width and peers Skip details of uninstalled memory modules Don't display the raw CPU ID in quiet mode Improve the formatting of the manual pages * Obsoletes dmidecode-add-enumerated-values-from-smbios-3.3.0.patch, dmidecode-add-logical-non-volatile-device.patch, dmidecode-add-memory-device-types-from-smbios-3.4.0.patch, dmidecode-add-processor-characteristics-bits-from-smbios-3.4.0.patch, dmidecode-add-processor-upgrades-from-smbios-3.4.0.patch, dmidecode-add-slot-characteristics2-from-smbios-3.4.0.patch, dmidecode-add-system-slot-types-from-smbios-3.4.0.patch, dmidecode-fix-formatting-of-tpm-table-output.patch, dmidecode-fix-redfish-hostname-print-length.patch, dmidecode-fix-system-slot-information-for-pcie-ssd.patch, dmidecode-missing-commas.patch, dmidecode-only-scan-dev-mem-for-entry-point-on-x86.patch and dmidecode-skip-details-of-uninstalled-memory-modules.patch. ++++ jitterentropy: - jitterentropy-split-internal-header.patch: Hide the non-GNUC constructs that are library internal from the exported header. (bsc#1202870) ++++ kernel-default: - ice: Allow operation with reduced device MSI-X (bsc#1201987). - commit adb8f10 - usb: hub: avoid warm port reset during USB3 disconnect (git-fixes). - commit 8af7b8e - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - commit 49a8536 - arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes) - commit 8e1f358 - arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes) Enable this errata fix configuration option to arm64/default. - commit c8ec028 - Revert "arm64: Mitigate MTE issues with str{n}cmp()" (git-fixes) - commit 3916261 - arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes) - commit 0ad904d - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - commit ec23c84 - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - commit 4b6dc41 - btrfs: fix space cache corruption and potential double allocations (bsc#1203361). - commit 0479f45 - btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() (bsc#1203360). - commit 5ceb88f ++++ permissions: - Update to version 20201225: * chkstat: also consider group controlled paths (bsc#1203018, CVE-2022-31252) ------------------------------------------------------------------ ------------------ 2022-9-12 - Sep 12 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - KVM: x86: do not report a vCPU as preempted outside instruction boundaries (bsc#1203066 CVE-2022-39189). - commit c89b7e4 - blacklist.conf: add 3 commits for git-fixes not needed - commit 6f1ca85 - netfilter: nf_tables: do not allow RULE_ID to refer to another chain (CVE-2022-2586 bsc#1202095). - netfilter: nf_tables: do not allow CHAIN_ID to refer to another table (CVE-2022-2586 bsc#1202095). - netfilter: nf_tables: do not allow SET_ID to refer to another table (CVE-2022-2586 bsc#1202095). - commit 42bb8dc - Update patches.suse/dccp-don-t-duplicate-ccid-when-cloning-dccp-sock.patch references (add CVE-2020-16119 bsc#1177471). - commit 7d3c30f - Update message from free_area_init (bsc#1203101) Refreshed: patches.suse/0002-mm-handle-uninitialized-numa-nodes-gracefully.patch - commit 58d8d59 - blacklist.conf: unwanted s390 commits - commit 7773032 - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - commit d609cb4 - kbuild: disable header exports for UML in a straightforward way (git-fixes). - docs: i2c: i2c-topology: fix incorrect heading (git-fixes). - commit 96f4a7a ++++ libarchive: - Fix CVE-2021-23177, extracting a symlink with ACLs modifies ACLs of target (CVE-2021-23177, bsc#1192425) * CVE-2021-23177.patch ++++ selinux-policy: - Revamped rtorrent module ++++ shim: - Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066) ++++ suseconnect-ng: - Update to version 0.0.9~git10.de887da7231f: * Respect the PROXY_ENABLED environment variable ------------------------------------------------------------------ ------------------ 2022-9-11 - Sep 11 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - hwmon: (mr75203) enable polling for all VM channels (git-fixes). - hwmon: (mr75203) fix multi-channel voltage reading (git-fixes). - hwmon: (mr75203) fix voltage equation for negative source input (git-fixes). - hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors (git-fixes). - hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map" not defined (git-fixes). - dt-bindings: hwmon: (mr75203) fix "intel,vm-map" property to be optional (git-fixes). - hwmon: (tps23861) fix byte order in resistance register (git-fixes). - commit 4be15df ------------------------------------------------------------------ ------------------ 2022-9-10 - Sep 10 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes). - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - commit e787e77 - ASoC: qcom: sm8250: add missing module owner (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - commit fdc009b - Move upstreamed patches into sorted section - commit 9769cb9 ++++ sudo: - Modified sudo-sudoers.patch * bsc#1177578 * Removed redundant and confusing 'secure_path' settings in sudo-sudoers file. ------------------------------------------------------------------ ------------------ 2022-9-9 - Sep 9 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197 LTC#199895). - commit a3c49e0 - net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume (git-fixes). - commit 196b9a7 - net: stmmac: dwmac-qcom-ethqos: add platform level clocks management (git-fixes). - commit 9419c89 - net: axienet: fix RX ring refill allocation failure handling (git-fixes). - commit 4644276 - bnx2x: fix built-in kernel driver load failure (git-fixes). - commit 4c90c2b - net: stmmac: only enable DMA interrupts when ready (git-fixes). - commit 8b7732b - net: stmmac: perserve TX and RX coalesce value during XDP setup (git-fixes). - commit 7ef4525 - net: stmmac: enhance XDP ZC driver level switching performance (git-fixes). - commit 0b61dc1 - bnx2x: fix driver load from initrd (git-fixes). - commit 922bb4e - Update metadata references - commit b8d9524 - regulator: core: Clean up on enable failure (git-fixes). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - vt: Clear selection before changing the font (git-fixes). - clk: bcm: rpi: Prevent out-of-bounds access (git-fixes). - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (git-fixes). - drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - media: mceusb: Use new usb_control_msg_*() routines (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - usb: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes). - usb: dwc3: pci: Add support for Intel Raptor Lake (git-fixes). - usb: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (git-fixes). - usb-storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (git-fixes). - commit 8d6d69c ++++ openssl-1_1: - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] * Add openssl-1_1-fips-list-only-approved-digest-and-pubkey-algorithms.patch * Disabled test 15-test_ec.t in FIPS mode ++++ libtirpc: - fix CVE-2021-46828: libtirpc: DoS vulnerability with lots of connections (bsc#1201680) - add 0001-Fix-DoS-vulnerability-in-libtirpc.patch ++++ patterns-microos: - added cockpit-selinux (jsc#CSD-77) - 5.3.8 ------------------------------------------------------------------ ------------------ 2022-9-8 - Sep 8 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net: dsa: microchip: fix bridging with more than two member ports (git-fixes). - commit f2a5e08 - net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes). - commit 577992b - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes). - commit f16c949 - net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP over IP (git-fixes). - commit 391f1b3 - net: axienet: reset core on initialization prior to MDIO access (git-fixes). - Refresh patches.suse/net-axienet-setup-mdio-unconditionally.patch. - commit afb1beb - net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set() (git-fixes). - commit c38c182 - blacklist.conf: update blacklist - commit 9d146c4 - Update patches.suse/watchqueue-make-sure-to-serialize-wqueue-defunct-pro.patch (git-fixes, CVE-2022-1882, bsc#1199904). - add references to CVE-2022-1882, bsc#1199904 - commit b499e0d ++++ libgcrypt: - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] * Add libgcrypt-FIPS-rndjent_poll.patch ------------------------------------------------------------------ ------------------ 2022-9-7 - Sep 7 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - Enable build of cockpit-selinux package (CSD-77) ++++ kernel-default: - x86: link vdso and boot with -z noexecstack - -no-warn-rwx-segments (bsc#1203200). - Makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - x86: link vdso and boot with -z noexecstack - -no-warn-rwx-segments (bsc#1203200). - Makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - commit 7e1512f - usb: gadget: f_uac2: fix superspeed transfer (git-fixes). - commit 2e0f852 - Revert "ipv6: Honor all IPv6 PIO Valid Lifetime values" (bsc#1202989). - commit 2353f59 ++++ bluez: - Add shared-gatt-server-Fix-heap-overflow-when-appending-.patch - The code shall check if the prepare writes would append more the allowed maximum attribute length. (bsc#1194704 CVE-2022-0204) ++++ libgcrypt: - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. * Add libgcrypt-FIPS-kdf-leylength.patch - FIPS: Zeroize buffer and digest in check_binary_integrity() * Add libgcrypt-FIPS-Zeroize-hmac.patch [bsc#1191020] ++++ pam: - Update pam_motd to the most current version. This fixes various issues and adds support for mot.d directories [jsc#PED-1712]. * Added: pam-ped1712-pam_motd-directory-feature.patch ++++ regionServiceClientConfigEC2: - Update to version 4.1.0 (bsc#1203215) + New certs for 52.79.82.165 and 54.247.166.75 ------------------------------------------------------------------ ------------------ 2022-9-6 - Sep 6 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit-podman: - Re-package node_modules.obscpio with latest version of obs-service-node_modules ++++ gnutls: - FIPS: Zeroize the calculated hmac and new_hmac in the check_binary_integrity() function. [bsc#1191021] * Add gnutls-FIPS-Zeroize-check_binary_integrity.patch - FIPS: Additional modifications to the SLI. [bsc#1190698] * Mark CMAC and GMAC and non-approved in gnutls_pbkfd2(). * Mark HMAC keylength less than 112 bits as non-approved in gnutls_pbkfd2(). * Adapt the pbkdf2 selftest and the regression tests accordingly. * Add gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch ++++ kernel-default: - net: stmmac: dwc-qos: Disable split header for Tegra194 (bsc#1194904). - net: stmmac: disable Split Header (SPH) for Intel platforms (bsc#1194904). - commit 80bcb5a - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (git-fixes). - scsi: ufs: core: Fix another task management completion race (git-fixes). - scsi: ufs: core: Fix task management completion timeout race (git-fixes). - commit b8be98c - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - commit d1c233b - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes). - commit 9eefb78 - USB: serial: ch341: fix lost character on LCR updates (git-fixes). - commit 62469ec - USB: serial: ch314: use usb_control_msg_recv() (git-fixes). - commit 53e1aa3 - usb: gadget: f_uac2: clean up some inconsistent indenting (git-fixes). - commit 44a2b58 - usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop (git-fixes). - commit f62cbbb - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (git-fixes). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - vfio/ccw: Remove UUID from s390 debug log (git-fixes). - s390/cpumf: Handle events cycles and instructions identical (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/stp: clock_delta should be signed (git-fixes). - s390/kexec: handle R_390_PLT32DBL rela in arch_kexec_apply_relocations_add() (git-fixes). - commit 9886bfd - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvmet: Expose max queues to configfs (bsc#1201865). - commit 51b9b2e - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - commit f1d7d3e - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - commit d57061d - netfilter: nf_tables: disallow binding to already bound chain (CVE-2022-39190 bsc#1203117). - commit bb5b67f - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - commit 35d24e5 - usb: dwc3: qcom: Add helper functions to enable,disable wake irqs (git-fixes). - commit 4ff0a76 - usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core (git-fixes). - commit a9fc9d1 - drivers: usb: dwc3-qcom: Add sdm660 compatible (git-fixes). - commit 4f92bad - usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API (git-fixes). - commit 88f2cbc - ARM: dts: at91: sama5d2_icp: don't keep vdd_other enabled all the time (git-fixes). - ARM: dts: at91: sama5d27_wlsom1: don't keep ldo2 enabled all the time (git-fixes). - ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges (git-fixes). - ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges (git-fixes). - soc: fsl: select FSL_GUTS driver for DPIO (git-fixes). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - soc: imx: gpcv2: Assert reset before ungating clock (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (git-fixes). - HID: add Lenovo Yoga C630 battery quirk (git-fixes). - HID: AMD_SFH: Add a DMI quirk entry for Chromebooks (git-fixes). - HID: thrustmaster: Add sparco wheel and fix array length (git-fixes). - HID: asus: ROG NKey: Ignore portion of 0x5a report (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - drm/amd/display: avoid doing vm_init multiple time (git-fixes). - drm/amdgpu: Increase tlb flush timeout for sriov (git-fixes). - drm/amd/display: Fix pixel clock programming (git-fixes). - drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid (git-fixes). - drm/amd/display: clear optc underflow before turn off odm clock (git-fixes). - drm/amd/display: For stereo keep "FLIP_ANY_FRAME" (git-fixes). - drm/amd/display: Fix HDMI VSIF V3 incorrect issue (git-fixes). - drm/amd/display: Avoid MPC infinite loop (git-fixes). - udmabuf: Set the DMA mask for the udmabuf device (v2) (git-fixes). - media: pvrusb2: fix memory leak in pvr_probe (git-fixes). - ACPI: thermal: drop an always true check (git-fixes). - commit c8964fa ++++ ovmf: - Add patches to disable option ROM on sev (bsc#1199156) - Backported the following patches: - ovmf-MdeModulePkg-Update-PciEnumeratorSupport-to-ignore-O.patch cb8349f01a MdeModulePkg: Update PciEnumeratorSupport to ignore OptionRom if needed - ovmf-OvmfPkg-IncompatiblePciDeviceSupportDxe-Ignore-Optio.patch c477b2783f OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Td guest - ovmf-OvmfPkg-IncompatiblePciDeviceSupportDxe-Refine-the-c.patch 149ed8e421 OvmfPkg/IncompatiblePciDeviceSupportDxe: Refine the configuration - To disable option ROM both on tdx and sev: ovmf-bsc1199156-OvmfPkg-IncompatiblePciDeviceSupportDxe-Ignore-Optio.patch ------------------------------------------------------------------ ------------------ 2022-9-5 - Sep 5 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - Update kdump-suse.patch to match upstream. ++++ kernel-default: - mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() (CVE-2022-39188, bsc#1203107). - commit 3a89213 - fuse: ioctl: translate ENOSYS (bsc#1203139). - fuse: limit nsec (bsc#1203138). - commit 7e9c40c - netfilter: nf_conntrack_irc: Tighten matching on DCC message (CVE-2022-2663 bsc#1202097). - netfilter: nf_conntrack_irc: Fix forged IP logic (CVE-2022-2663 bsc#1202097). - commit 81db4dd - blacklist.conf: breaks kABI in a hard to fix way - commit cc459f1 - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes). - commit 68f2e3d - Update patches.kabi/kABI-Fix-kABI-after-mm-rmap-Fix-anon_vma-degree-ambi.patch (git-fixes, bsc#1203098). - Update patches.suse/mm-rmap-Fix-anon_vma-degree-ambiguity-leading-to-double-reuse.patch (git-fixes, bsc#1203098). Add reference to bsc#1203098. - commit 866ab35 ++++ sqlite3: - update to 3.39.3: * Use a statement journal on DML statement affecting two or more database rows if the statement makes use of a SQL functions that might abort. * Use a mutex to protect the PRAGMA temp_store_directory and PRAGMA data_store_directory statements, even though they are decremented and documented as not being threadsafe. ++++ microos-tools: - Update to version 2.16: - 98selinux-microos: Make the btrfs subvolume writable temporarily [boo#1202395] ++++ nfs-utils: - add 0025-nfsdcltrack-getopt_long-fails-on-a-non-x86_64-archs.patch Fix nfsdcltrack bug that affected non-x86 archs. (bsc#1202627) ++++ patterns-microos: - added cockpit-kdump (jsc#SMO-166) - 5.3.7 ------------------------------------------------------------------ ------------------ 2022-9-4 - Sep 4 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops" (git-fixes). - commit 44c1db1 - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). - Input: rk805-pwrkey - fix module autoloading (git-fixes). - tty: n_gsm: avoid call of sleeping functions from atomic context (git-fixes). - tty: n_gsm: replace kicktimer with delayed_work (git-fixes). - tty: n_gsm: initialize more members at gsm_alloc_mux() (git-fixes). - tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (git-fixes). - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes). - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes). - staging: rtl8712: fix use after free bugs (git-fixes). - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes). - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes). - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes). - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes). - commit f95732e - ALSA: hda/sigmatel: Keep power up while beep is enabled (bsc#1200544). - commit 9d2056c ------------------------------------------------------------------ ------------------ 2022-9-3 - Sep 3 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio" (git-fixes). - commit fa5bfaa - mmc: core: Fix UHS-I SD 1.8V workaround branch (git-fixes). - drm/i915: fix null pointer dereference (git-fixes). - soundwire: qcom: fix device status array range (git-fixes). - misc: fastrpc: fix memory corruption on open (git-fixes). - misc: fastrpc: fix memory corruption on probe (git-fixes). - iio: ad7292: Prevent regulator double disable (git-fixes). - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes). - iio: adc: mcp3911: make use of the sign bit (git-fixes). - usb: cdns3: fix issue with rearming ISO OUT endpoint (git-fixes). - usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer (git-fixes). - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes). - usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes). - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - usb: typec: tcpm: Return ENOTSUPP for power supply prop writes (git-fixes). - musb: fix USB_MUSB_TUSB6010 dependency (git-fixes). - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes). - commit b6c0927 - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes). - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes). - drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 (git-fixes). - drm/msm/dsi: fix the inconsistent indenting (git-fixes). - drm/i915/display: avoid warnings when registering dual panel backlight (git-fixes). - drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported" (git-fixes). - driver core: Don't probe devices after bus_type.match() probe deferral (git-fixes). - commit ed7d76e - s390/hypfs: avoid error message under KVM (bsc#1032323). - commit d15dd85 - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - commit b3967e5 - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - commit 83dc2f8 - KVM: X86: avoid uninitialized 'fault.async_page_fault' from fixed-up #PF (git-fixes). - commit 5ee26ea - KVM: x86: revalidate steal time cache if MSR value changes (git-fixes). - commit 5409e90 - KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (git-fixes). - commit 3aea465 - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - commit 5500abe - KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4 (git-fixes). - commit b35717b ------------------------------------------------------------------ ------------------ 2022-9-2 - Sep 2 2022 ------------------- ------------------------------------------------------------------ ++++ lvm2-device-mapper: - lvm2.spec %post deletes libdevmapper and triggers kernel panic (bsc#1198523) - change %post behaviour, only do deleting job for non-link folder ++++ kernel-default: - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - commit 60b85eb - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - commit a591a18 - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes). - commit 92eb839 - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes). - commit 280d133 - KVM: SVM: Unwind "speculative" RIP advancement if INTn injection "fails" (git-fixes). - commit 2197604 - KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 (git-fixes). - commit 96927c2 - KVM: VMX: Print VM-instruction error as unsigned (git-fixes). - commit 68c3e1f - KVM: nVMX: Defer APICv updates while L2 is active until L1 is active (git-fixes). - commit f2721a9 - KVM: SVM: fix panic on out-of-bounds guest IRQ (git-fixes). - commit c23060e - KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated (git-fixes). - commit d1a201b - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (git-fixes). - commit bd3093f - KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (git-fixes). - commit fab67c0 - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_flush_tlb() (git-fixes). - commit e697bdc - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063). - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063). - scsi: lpfc: Remove SANDiags related code (bsc#1203063). - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063). - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063). - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063). - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063). - commit 0cdf70f - mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times (git-fixes). - commit 5abb01b - Drop mtd patch that was reverted in the stable tree It may lead to some data loss, hence reverted in the upstream stable tree. - commit 6e6a4da - kabi/severities: ignore kABI changes in mwifiex drivers Those symbols are used only locally in mwifiex (sub-)modules. - commit 60b35e7 - mwifiex: Ignore BTCOEX events from the 88W8897 firmware (git-fixes). - commit aa22b95 - blacklist.conf: Add mwifiex entries that have been reverted in stable tree - commit d49d2ba - spi: Fix incorrect cs_setup delay handling (git-fixes). - vdpa_sim: avoid putting an uninitialized iova_domain (git-fixes). - commit 832166f - blacklist.conf: add already reverted commit for stable-5.15.x - commit fe76880 - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - commit 7b86962 - blacklist.conf: update blacklist - commit b02d3d9 - net: dsa: felix: purge skb from TX timestamping queue if it cannot be sent (git-fies). - commit 9da9e21 - net: dsa: tag_ocelot_8021q: break circular dependency with ocelot switch lib (git-fies). - Refresh patches.suse/net-dsa-felix-break-at-first-CPU-port-during-init-an.patch. - commit 0908246 - Input: i8042 - add additional TUXEDO devices to i8042 quirk tables (git-fies). - Input: i8042 - add TUXEDO devices to i8042 quirk tables (git-fies). - commit bba711c - Input: i8042 - merge quirk tables (git-fies). - Refresh patches.suse/Input-i8042-Apply-probe-defer-to-more-ASUS-ZenBook-m.patch. - commit 18e20bc - Input: i8042 - move __initconst to fix code styling warning (git-fies). - commit 783d1cd - nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf (git-fies). - loop: Check for overflow while configuring loop (git-fies). - wifi: rtlwifi: remove always-true condition pointed out by GCC 12 (git-fies). - commit a3214fc - fbdev: fbcon: Properly revert changes when vc_resize() failed (git-fies). - commit 165b4a4 - kcm: fix strp_init() order and cleanup (git-fies). - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (git-fies). - commit d2a4fb7 - Drop usbnet patches that caused problems on stable 5.15 - commit c6293d4 - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fies). - commit bc8005d - Add already cherry-picked AMD gfx commits to Alt-commit - commit f32f5d7 - blacklist.conf: add ax25 entry that isn't applicable to SLE15-SP4 kernel - commit 4066ddd - ax25: Fix ax25 session cleanup problems (git-fixes). - Refresh patches.kabi/net-ax25_dev-kabi-workaround.patch. - commit 0281308 - drm/amd/display: Fix surface optimization regression on Carrizo (git-fixes). - commit 71b9a30 - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes). kABI: Fix kABI after "mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse" (git-fixes). - commit 513d1e1 - drm/amd/display: Reset DMCUB before HW init (git-fixes). - drm/amd/display: Optimize bandwidth on following fast update (git-fixes). - drm/amd/display: Add option to defer works of hpd_rx_irq (git-fixes). - commit 026dde7 - Drop a wrongly picked up batmna-adv patch Blacklist it as well - commit 16220d6 - blacklist.conf: Add already reverted ACPI PM entries - commit f0bfc90 - Update patch reference for media fix (CVE-2022-3078 bsc#1203041) - commit 0804984 - ieee802154/adf7242: defer destroy_workqueue call (git-fixes). - Bluetooth: L2CAP: Fix build errors in some archs (git-fixes). - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes). - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected (git-fixes). - ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 (git-fixes). - ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 (git-fixes). - ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array (git-fixes). - ALSA: seq: Fix data-race at module auto-loading (git-fixes). - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - commit 3a9bb8d ++++ lvm2: - lvm2.spec %post deletes libdevmapper and triggers kernel panic (bsc#1198523) - change %post behaviour, only do deleting job for non-link folder ++++ openssl-1_1: - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] * Add openssl-1_1-fips-drbg-selftest.patch - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. * Add openssl-1_1-FIPS_drbg-rewire.patch ++++ libzypp: - UsrEtc: Store logrotate files in %{_distconfdir} if defined (fixes #402) - Log backtrace on SIGABRT too. - Need to explicitly enable building experimental code. Otherwise an old Notcurses++ package which happens to be present in the buildenv breaks the build (fixes #412). - Work around libyui/libyui#78 on code 15.4 and older. - Stop using std::*ary_function; deprecated and removed in c++17. - Don't expose header files which use types not available in c++11. In 15.3 and older, YAST and PK compile with -std=c++11. - Remove no longer needed %post code (bsc#1203649) - Enable zck support for SLE15-SP4 and newer. On Leap it is enabled since 15.1 (bsc#1189282) - version 17.31.1 (22) ++++ osinfo-db: - bsc#1202827 - Fail to deploy sle15sp5 guest via virt-install with osinfo add-sle15sp5-support.patch ++++ perl: - fix File::Path rmtree/remove_tree race condition [bnc#1047178] [CVE-2017-6512] new patch: perl-file_path_rmtree_fchmod.diff ++++ setools: - Added README.SUSE and drop recommend for python3-networkx altogether (bsc#1202676) ++++ zypper: - UsrEtc: Store logrotate files in %{_distconfdir} if defined (fixes #441, fixes #444) - Remove unneeded code to compute the PPP status. Since libzypp 17.23.0 the PPP status is auto established. No extra solver run is needed. - Make sure 'up' respects solver related CLI options (bsc#1201972) - Fix tests to use locale "C.UTF-8" rather than "en_US". - Fix man page (fixes #451) - version 1.14.56 ------------------------------------------------------------------ ------------------ 2022-9-1 - Sep 1 2022 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Migration of logrotate configuration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. ++++ kernel-default: - KVM: x86/mmu: make apf token non-zero to fix bug (git-fixes). - commit e35969c - KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU (git-fixes). - commit ef21a23 - KVM: x86/mmu: Move "invalid" check out of kvm_tdp_mmu_get_root() (git-fixes). - commit b06d410 - KVM: x86: SVM: don't passthrough SMAP/SMEP/PKE bits in !NPT && !gCR0.PG case (git-fixes). - commit 31c8f31 - KVM: SVM: Don't intercept #GP for SEV guests (git-fixes). - commit 97eedc7 - blacklist.conf: Add two commits 5102bb1c9f82 psi: Fix "defined but not used" warnings when CONFIG_PROC_FS=n ec2444530612 psi: Fix "no previous prototype" warnings when CONFIG_CGROUPS=n - commit 0f4ea54 - KVM: LAPIC: Also cancel preemption timer during SET_LAPIC (git-fixes). - commit c7dbeaf - KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock (git-fixes). - commit 0f30cb5 - xen/gntdev: fix unmap notification order (git-fixes). - commit 556f435 - md/raid1: fix missing bitmap update w/o WriteMostly devices (bsc#1203036). - commit 4e8b0d8 - KVM: nVMX: Synthesize TRIPLE_FAULT for L2 if emulation is required (git-fixes). - commit f36e374 - KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all (git-fixes). - commit 967f4a3 - KVM: x86: check PIR even for vCPUs with disabled APICv (git-fixes). - commit 109f3b2 - KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled (git-fixes). - commit d503d18 - KVM: MMU: shadow nested paging does not have PKU (git-fixes). - commit a1f1354 - KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg() (git-fixes). - commit 779fd48 - KVM: x86: ignore APICv if LAPIC is not enabled (git-fixes). - commit a7fa5e6 - xen: detect uninitialized xenbus in xenbus_init (git-fixes). - commit bdde7fc - KVM: x86/mmu: include EFER.LMA in extended mmu role (git-fixes). - commit 97d9b98 - KVM: nVMX: don't use vcpu->arch.efer when checking host state on nested state load (git-fixes). - commit 5bf1fed - xen: don't continue xenstore initialization in case of errors (git-fixes). - commit e090e14 - KVM: x86/mmu: Don't freak out if pml5_root is NULL on 4-level host (git-fixes). - commit 00a89e1 - rpm/kernel-source.spec.in: simplify finding of broken symlinks "find -xtype l" will report them, so use that to make the search a bit faster (without using shell). - commit 13bbc51 - kabi/severities: add drivers/scsi/hisi_sas for bsc#1202471 - commit 0f9d7a1 ++++ openssl-1_1: - Fix memory leaks introduced by openssl-1.1.1-fips.patch [bsc#1203046] * Add patch openssl-1.1.1-fips-fix-memory-leaks.patch ++++ python3-core: - Add patch CVE-2021-28861-double-slash-path.patch: * http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. (bsc#1202624, CVE-2021-28861) ++++ libvirt: - vmx: Require networkName for bridged and custom NICs db0564b4-vmx-Require-networkName.patch bsc#1202630 ++++ python3: - Add patch CVE-2021-28861-double-slash-path.patch: * http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. (bsc#1202624, CVE-2021-28861) ++++ yast2: - Added a parameter to NetworkService.EnableDisableNow method in order to ensure that the selected network service is enabled even when the selection has not been modified (bsc#1202479) - 4.4.52 ------------------------------------------------------------------ ------------------ 2022-8-31 - Aug 31 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - powerpc: Avoid discarding flags in system_call_exception() (bsc#1194869). - commit df6bb12 - llc: fix netdevice reference leaks in llc_ui_bind() (CVE-2022-28356 bsc#1197391). - commit 42c82d5 - mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there. - commit 403d89f - kernel-source: include the kernel signature file We assume that the upstream tarball is used for released kernels. Then we can also include the signature file and keyring in the kernel-source src.rpm. Because of mkspec code limitation exclude the signature and keyring from binary packages always - mkspec does not parse spec conditionals. - commit e76c4ca - kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages - commit 4b42fb2 - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - commit 1bd288c ++++ freetype2: - disable brotli linkage / WOFF2 support for now to keep dependencies as before. ++++ gcc12: - Prune invalid-license rpmlint warnings, the SLE12 codestream doesn't get fixed but FF applies there, too. [bsc#1185337] ++++ microos-tools: - Update to version 2.15 - 98selinux-microos: Add grep as dependency ++++ runc: - Update to runc v1.1.4. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.4. bsc#1202021 * Fix mounting via wrong proc fd. When the user and mount namespaces are used, and the bind mount is followed by the cgroup mount in the spec, the cgroup was mounted using the bind mount's mount fd. * Switch kill() in libcontainer/nsenter to sane_kill(). * Fix "permission denied" error from runc run on noexec fs. * Fix failed exec after systemctl daemon-reload. Due to a regression in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded. (boo#1202821) ++++ samba: - CVE-2022-1615: Do not ignore errors in random number generation; (bso#15103); (bsc#1202976); - CVE-2022-32743: Implement validated dnsHostName write rights; (bso#14833); (bsc#1202803); ++++ suseconnect-ng: - Update to version 0.0.9~git8.f9adb71: * Use standard buildconditionals * Strip the binaries (saves ~ 30%) ++++ vim: - Updated to version 9.0 with patch level 0313, fixes the following problems * Fixing bsc#1200884 Vim: Error on startup * Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32 * Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37 * Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37 * Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl() * Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044 * Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045 * Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046. * Fixing bsc#1201620 PUBLIC SUSE Linux Enterprise Server 15 SP4 Basesystem zbalogh@suse.com NEW --- SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue * Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock() * Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar() * Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char * Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote() * Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent() * Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk() * Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both() * Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name() * Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc() * Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len() * Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow * Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes() * Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk() * Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite() * Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int() * Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check() * Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs() * Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special() * Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr() * Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand * Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line() * Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string() * Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr() * Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() * Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails() * Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet() * Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function() * Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len() * Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar() * Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c * Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240 * Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval * Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00 ++++ yast2: - Do not ask for user input while checking file conflicts if the delayed progress popup is not shown (bsc#1201924, bsc#1202892) - backported from master - 4.4.51 ------------------------------------------------------------------ ------------------ 2022-8-30 - Aug 30 2022 ------------------- ------------------------------------------------------------------ ++++ gdk-pixbuf: - Add 0001-jpeg-Increase-memory-limit-for-loading-image-data.patch: fix loading of larger images (glgo#GNOME/gdk-pixbuf#216). ++++ kernel-default: - af_key: Do not call xfrm_probe_algs in parallel (bsc#1202898 CVE-2022-3028). - commit d480d95 - Update patches.suse/watchdog-export-lockup_detector_reconfigure.patch (bsc#1202872 ltc#197920). - commit 310a79a - ipmi: fix initialization when workqueue allocation fails (git-fixes). - commit 4e7ceb0 ++++ Mesa: - changing default driver from 'iris' to 'i965' for Intel Gen8-11 hardware again, but this time the correct way; "-Dprefer-iris=false" needs to be set for both builds - Mesa-drivers *and* Mesa (boo#1202850, comment#29) ++++ gcc12: - Update to gcc-12 branch head, e927d1cf141f221c5a32574bde0, git416 * includes GCC 12.2 release * includes recent fixes backported from trunk ++++ openssl-1_1: - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] * Add openssl-1_1-jitterentropy-3.4.0.patch * Add build dependency on jitterentropy-devel >= 3.4.0 and libjitterentropy3 >= 3.4.0 ++++ microos-tools: - Update to version 2.14 - Fix Makefile to install sysext-add-debug - Update to version 2.13 - 98selinux-microos: Don't rely on selinux=1 [bsc#1202449] - Add sysext-add-debug - Make sure /var/lib/overlay exists before relabeling ------------------------------------------------------------------ ------------------ 2022-8-29 - Aug 29 2022 ------------------- ------------------------------------------------------------------ ++++ ca-certificates-mozilla: - Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 Removed: - Hellenic Academic and Research Institutions RootCA 2011 ++++ keepalived: - FATAL: Module ip_vs not found in directory /lib/modules/5.14.21-150400.24.18-default (bsc#1202808) Set ProtectKernelModules to false in service file ++++ kernel-default: - kABI: scsi: libiscsi: fix removal of iscsi_create_conn (bsc#1198410). - commit 3bc90b6 - blacklist.conf: Add a few entries for ALSA - commit ce7ed14 - asm-generic: sections: refactor memory_intersects (git-fixes). - commit bfaae5b - ext4: fix incorrect type issue during replay_del_range (bsc#1202867). - commit d192fa1 - blacklist.conf: Add reverted patch d11219ad53dc amdgpu: disable powerpc support for the newer display engine c653c591789b drm/amdgpu: Re-enable DCN for 64-bit powerpc - commit 15ec992 - bpf: Don't use tnum_range on array range checking for poke descriptors (bsc#1202564 bsc#1202860 CVE-2022-2905). - commit 56cd61e ++++ Mesa: - revert previous change, since it resulted in Xorg and Mesa no longer being able to load "i965" driver at all! This affects many if not almost all Intel GPU users. I can't tell why this happens, but I'm afraid we need to act immediately (boo#1202850); reopened boo#1200965 for now ... ++++ gcc12: - Add gcc12-fifo-jobserver-support.patch that adds support for FIFO jobserver for make. ------------------------------------------------------------------ ------------------ 2022-8-28 - Aug 28 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ACPI: processor: Remove freq Qos request for all CPUs (git-fixes). - commit 57c696d - Move upstreamed patches into sorted section - commit 1d06339 ------------------------------------------------------------------ ------------------ 2022-8-27 - Aug 27 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - arm64: fix rodata=full (git-fixes). - arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76 (git-fixes). - commit 470861e ------------------------------------------------------------------ ------------------ 2022-8-26 - Aug 26 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add profiles-permit-php-fpm-pid-files-directly-under-run.patch https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344) ++++ kernel-default: - scsi: libiscsi: Add iscsi_cls_conn to sysfs after initialization (bsc#1198410). - Refresh patches.kabi/kABI-fix-removal-of-iscsi_destroy_conn.patch. - Refresh patches.suse/scsi-libiscsi-Teardown-iscsi_cls_conn-gracefully.patch. - commit bb43920 - ceph: don't truncate file in atomic_open (bsc#1202824). - ceph: don't leak snap_rwsem in handle_cap_grant (bsc#1202823). - ceph: use correct index when encoding client supported features (bsc#1202822). - commit d0f574e - tracing: Have filter accept "common_cpu" to be consistent (git-fixes). - commit 31941eb - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes). - commit 55e2fc7 - tracing: Use a struct alignof to determine trace event field alignment (git-fixes). - commit 500082c - ftrace/x86: Add back ftrace_expected assignment (git-fixes). - commit d5efa05 - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes). - commit 904f517 - blacklist.conf: tracepoint cleanup for drivers/char/random - commit 15d84d3 - ratelimit: Fix data-races in ___ratelimit() (git-fixes). - nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout (git-fixes). - r8152: fix the RX FIFO settings when suspending (git-fixes). - r8152: fix the units of some registers for RTL8156A (git-fixes). - rose: check NULL rose_loopback_neigh->loopback (git-fixes). - spi: meson-spicc: add local pow2 clock ops to preserve rate between messages (git-fixes). - regulator: pca9450: Remove restrictions for regulator-name (git-fixes). - pinctrl: qcom: sm8250: Fix PDC map (git-fixes). - venus: pm_helpers: Fix warning in OPP during probe (git-fixes). - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes). - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes). - vfio: Clear the caps->buf to NULL after free (git-fixes). - PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes). - phy: samsung: phy-exynos-pcie: sanitize init/power_on callbacks (git-fixes). - PCI: aardvark: Fix reporting Slot capabilities on emulated bridge (git-fixes). - PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes). - pinctrl: intel: Check against matching data instead of ACPI companion (git-fixes). - platform/chrome: cros_ec_proto: don't show MKBP version if unsupported (git-fixes). - usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch (git-fixes). - usb: renesas: Fix refcount leak bug (git-fixes). - usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes). - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes). - usb: cdns3: fix random warning message when driver load (git-fixes). - usb: cdns3 fix use-after-free at workaround 2 (git-fixes). - vboxguest: Do not use devm for irq (git-fixes). - commit 4349f84 - net: phy: Don't WARN for PHY_READY state in mdio_bus_phy_resume() (git-fixes). - drm/ttm: Fix dummy res NULL ptr deref bug (git-fixes). - drm/nouveau: recognise GA103 (git-fixes). - lib/list_debug.c: Detect uninitialized lists (git-fixes). - irqchip/tegra: Fix overflow implicit truncation warnings (git-fixes). - mmc: tmio: avoid glitches when resetting (git-fixes). - HID: multitouch: new device class fix Lenovo X12 trackpad sticky (git-fixes). - gadgetfs: ep_io - wait until IRQ finishes (git-fixes). - habanalabs/gaudi: mask constant value before cast (git-fixes). - habanalabs/gaudi: fix shift out of bounds (git-fixes). - commit 5ff4970 - audit: fix potential double free on error path from fsnotify_add_inode_mark (git-fixes). - apparmor: fix overlapping attachment computation (git-fixes). - apparmor: fix setting unconfined mode on a loaded profile (git-fixes). - apparmor: Fix memleak in aa_simple_write_to_buffer() (git-fixes). - apparmor: fix reference count leak in aa_pivotroot() (git-fixes). - apparmor: fix aa_label_asxprint return check (git-fixes). - apparmor: Fix failed mount permission check error message (git-fixes). - apparmor: fix quiet_denied for file rules (git-fixes). - apparmor: fix absroot causing audited secids to begin with = (git-fixes). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_irq_ctrl() (git-fixes). - drm/meson: Fix overflow implicit truncation warnings (git-fixes). - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes). - dmaengine: dw-axi-dmac: ignore interrupt if no descriptor (git-fixes). - dmaengine: dw-axi-dmac: do not print NULL LLI during error (git-fixes). - clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description (git-fixes). - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes). - clk: ti: Stop using legacy clkctrl names for omap4 and 5 (git-fixes). - commit 7a7a70b ++++ libapparmor: - add profiles-permit-php-fpm-pid-files-directly-under-run.patch https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344) ++++ oniguruma: - Added d3e402928b6eb3327f8f7d59a9edfa622fec557b.patch: (boo#1157805 CVE-2019-19246) oniguruma: Heap-based buffer over-read in str_lower_case_match in regexec.c - Added 6eb4aca6a7f2f60f473580576d86686ed6a6ebec.patch: (boo#1164569 CVE-2019-19204) oniguruma: heap-based buffer over-read in function fetch_interval_quantifier in regparse.c - Added aa0188eaedc056dca8374ac03d0177429b495515.patch: (boo#1164550 CVE-2019-19203) oniguruma: heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c - Added 4097828d7cc87589864fecf452f2cd46c5f37180.patch: (boo#1150130 CVE-2019-16163) oniguruma: stack Exhaustion in regcomp.c because of recursion in regparse.c. - Added cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0.patch: (boo#1177179 CVE-2020-26159) oniguruma: Buffer overflow in concat_opt_exact_str could result in DoS - Added 0f7f61ed1b7b697e283e37bd2d731d0bd57adb55.patch: (boo#1142847 CVE-2019-13224) oniguruma: use-after-free in onig_new_deluxe() in regext.c ++++ patterns-microos: - updating the cockpit network plug-in dependencies (bsc#1202479) - 5.3.6 ++++ selinux-policy: - Move SUSE directory from manual page section to html docu ++++ timezone: - Update to reflect new Chile DST change, bsc#1202310 * bsc1202310.patch ------------------------------------------------------------------ ------------------ 2022-8-25 - Aug 25 2022 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - Follow up fix to 10.0.4 (bsc#1202706) - While the source code was updated to support SLE Micro the spec file was not updated for the new locations of the cache and the certs. Update the spec file to be consistent with the code implementation. ++++ kernel-default: - blacklist.conf: Blacklist 5f41fdaea63d - commit 63ae0ad - ext4: add new helper interface ext4_try_to_trim_range() (bsc#1202783). - commit dc835b8 - block: only mark bio as tracked if it really is tracked (bsc#1202782). - commit 7abc7a3 - block: fix rq-qos breakage from skipping rq_qos_done_bio() (bsc#1202781). - commit 5d80bdd - block: Fix wrong offset in bio_truncate() (bsc#1202780). - commit c0f694e - block: Fix fsync always failed if once failed (bsc#1202779). - commit f5086dc - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716). - commit e87146c - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715). - commit 84aa1b1 - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (bsc#1202778). - commit f5a554b - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873). - commit cee5b60 - ocfs2: fix a deadlock when commit trans (bsc#1202776). - commit a5aedb3 - jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1202775). - commit 28e460c - blacklist.conf: Blacklist d41b60359ffb - commit edba519 - filemap: Handle sibling entries in filemap_get_read_batch() (bsc#1202774). - commit 9c6d1b4 - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - commit 279cc3f - udf: Fix crash after seekdir (bsc#1194592). - commit 6ef60fc - ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). - commit 75eb2be - ext4: add reserved GDT blocks check (bsc#1202712). - commit 838aa12 - ext4: fix super block checksum incorrect after mount (bsc#1202773). - commit 613c9ba - ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (bsc#1202771). - commit 047da7e - ext4: fix bug_on in ext4_writepages (bsc#1200872). - commit ce23454 - ext4: mark group as trimmed only if it was fully scanned (bsc#1202770). - commit b2f9c26 - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - commit fdc3142 - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711). - commit 2d0922d - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - commit 9fdbd44 - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - commit f11e4d9 - ext4: fix use-after-free in ext4_search_dir (bsc#1202710). - commit 42b5ddf - ext4: fix symlink file size not match to file content (bsc#1200868). - commit 7082685 - ext4: fix fallocate to use file_modified to update permissions consistently (bsc#1202769). Refresh ext4-fix-race-condition-between-ext4_write-and-ext4_.patch - commit f4c0654 - ext4: fix fs corruption when tring to remove a non-empty directory with IO error (bsc#1202768). - commit eba8ff9 - ext4: fix error handling in ext4_fc_record_modified_inode() (bsc#1202767). - commit c4c9f59 - tracing: Add ustring operation to filtering string pointers (git-fixes). - commit aa3d4b0 - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - commit 5104a0b - ext4: modify the logic of ext4_mb_new_blocks_simple (bsc#1202766). - commit 0a7e7a5 - trace/timerlat: Add migrate-disabled field to the timerlat header (git-fixes). - commit 967569f - trace/osnoise: Add migrate-disabled field to the osnoise header (git-fixes). - commit 72b3729 - tpm: fix reference counting for struct tpm_chip (CVE-2022-2977 bsc#1202672). - commit 1a35f98 - ext4: prevent used blocks from being allocated during fast commit replay (bsc#1202765). - commit 62f3764 - ext4: don't use the orphan list when migrating an inode (bsc#1197756). - commit d6830f3 - ext4: fix null-ptr-deref in '__ext4_journal_ensure_credits' (bsc#1202764). - commit 4c705fb - ext4: initialize err_blk before calling __ext4_get_inode_loc (bsc#1202763). - commit 12cb4fe - ext4: fix a possible ABBA deadlock due to busy PA (bsc#1202762). - commit 82f3f5b - ext4: make sure to reset inode lockdep class when quota enabling fails (bsc#1202761). - commit 187abff - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - commit d6d02d9 - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - commit 507809a - ext4: fast commit may miss tracking unwritten range during ftruncate (bsc#1202759). - commit 4941736 - ext4: use ext4_ext_remove_space() for fast commit replay delete range (bsc#1202758). - commit 5de593d - ext4: fix fast commit may miss tracking range for FALLOC_FL_ZERO_RANGE (bsc#1202757). - commit 05b0f97 - Update references to mention CVE-2022-2938: patches.suse/psi-Fix-uaf-issue-when-psi-trigger-is-destroyed-whil.patch (CVE-2022-2938 bsc#1202623). - commit 58b2b90 - supported.conf: mark lib/objagg supported as dependency of mlxsw - commit 0d78453 - x86/speculation: Disable RRSBA behavior (bsc#1201455 CVE-2022-28693). - Refresh patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch. - commit 916d5d1 ++++ osinfo-db: - Add support for openSUSE Leap 15.5, SLES 15.5, and SLE Micro 5.3 add-opensuse-leap-15.5-support.patch add-sle15sp5-support.patch add-slem5.3-support.patch ++++ patterns-microos: - added libudisks2-0_lvm2 and _btrfs (jsc#SMO-154, jsc#SMO-161) - 5.3.5 ------------------------------------------------------------------ ------------------ 2022-8-24 - Aug 24 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - Add kdump-nfs-directory.patch and kdump-close.patch required by patches below. - Add kdump-refactor.patch and kdump-suse.patch to support SUSE kdump config management in cockpit. ++++ kernel-default: - xfs: fix perag reference leak on iteration race with growfs (git-fixes). - commit fc22ca3 - x86/sgx: Set active memcg prior to shmem allocation (bsc#1199515 CVE-2021-33135). - commit 7552707 - Refresh patches.suse/nvme-auth-align-to-pre-upstream-FFDHE-implementation.patch. - commit 8ff61f9 - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - commit 1cf844d - net_sched: cls_route: remove from list when handle is 0 (CVE-2022-2588 bsc#1202096). - commit a6b8223 - Update patch reference for pipe fix (CVE-2022-2959 bsc#1202681) - commit a95d764 - Revert "x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV" (bsc#1190497). - commit ed5d2dc - x86/Hyper-V: Add SEV negotiate protocol support in Isolation VM (bsc#1190497). - commit a4c420a - nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636). - commit a4e7029 ++++ multipath-tools: - Update to version 0.9.0+55+suse.33d8854: * Avoid linking to libreadline to avoid licensing issue (bsc#1202616) ++++ mozilla-nss: - update to NSS 3.79.1 (bsc#1202645) * bmo#1366464 - compare signature and signatureAlgorithm fields in legacy certificate verifier. * bmo#1771498 - Uninitialized value in cert_ComputeCertType. * bmo#1759794 - protect SFTKSlot needLogin with slotLock. * bmo#1760998 - avoid data race on primary password change. * bmo#1330271 - check for null template in sec_asn1{d,e}_push_state. ++++ libvirt: - spec: Include aarch64 in the list of architectures that 'Require' dmidecode bsc#1202608 - spec: Suppress error messages about nonexistent or unreadable files from grep ------------------------------------------------------------------ ------------------ 2022-8-23 - Aug 23 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - netfilter: nf_queue: do not allow packet truncation below transport header offset (bsc#1201940 CVE-2022-36946). - commit 3d5dd8d - x86/sev: Define the Linux-specific guest termination reasons (bsc#1190497). - commit 3fc5505 - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395). - commit a66ab60 - powerpc/xive: Fix refcount leak in xive_get_max_prio (fate#322438 git-fixess). - commit 8fc0a92 - powerpc: Enable execve syscall exit tracepoint (bsc#1065729). - commit 3ad5660 - blacklist.conf: Add c26d4c5d4f0d powerpc/kvm: Remove obsolete and unneeded select - commit a450e76 - KVM: PPC: Book3s HV: Remove unused function kvmppc_bad_interrupt (bsc#1194869). - KVM: PPC: Book3S HV: Remove kvmhv_p9_[set,restore]_lpcr declarations (bsc#1194869). - KVM: PPC: Book3S HV: fix incorrect NULL check on list iterator (bsc#1194869). - KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init (bsc#1194869). - commit fad23fe - KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395). - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395). - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395). - commit a66766c - blacklist.conf: pure cleanup, no code change - commit e6e83f0 - xfs: use invalidate_lock to check the state of mmap_lock (git-fixes). - commit ae198f6 - supported.conf: mark mlxsw modules supported (jsc#SLE-23766) - commit c490bf8 - blacklist.conf: cleanup with a risk of regressions - commit c2bd63f ++++ freetype2: - Added patches: * CVE-2022-27404.patch + fixes bsc#1198830, CVE-2022-27404: Buffer Overflow * CVE-2022-27405.patch + fixes bsc#1198832, CVE-2022-27405: Segmentation Fault * CVE-2022-27406.patch + fixes bsc#1198823, CVE-2022-27406: Segmentation violation ++++ libgcrypt: - FIPS: gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] * Add libgcrypt-out-of-core-handler.patch ++++ libvirt: - Fix downstream patches to adhere to upstream coding standards and pass 'make syntax-check' ------------------------------------------------------------------ ------------------ 2022-8-22 - Aug 22 2022 ------------------- ------------------------------------------------------------------ ++++ curl: - Security fix: [bsc#1202593, CVE-2022-35252] * Control codes in cookie denial of service * Add curl-CVE-2022-35252.patch ++++ transactional-update: - Version 4.0.1 - create_dirs_from_rpmdb: Just warn if no default SELinux context found [gh#openSUSE/transactional-update#88], [bsc#1188215] - create_dirs_from_rpmdb: Don't update the rpmdb cookie on failure [gh#openSUSE/transactional-update#88] - Handle directories owned by multiple packages [gh#openSUSE/transactional-update#90], [bsc#1188215] ++++ glibc: - x86-shared-non-temporal-threshold.patch: Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) ++++ kernel-default: - net: dsa: seville: register the mdiobus under devres (git-fixes). - commit 5ef3360 - net: dsa: ocelot: seville: utilize of_mdiobus_register (git-fixes). - commit 9185efa - net: mscc: ocelot: don't dereference NULL pointers with shared tc filters (git-fixes). - commit c98d515 - net: marvell: prestera: fix incorrect structure access (git-fixes). - commit 9ea3b2b - net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering (git-fixes). - commit ee01535 - net: dsa: mv88e6xxx: error handling for serdes_power functions (git-fixes). - commit 782dad0 - vrf: don't run conntrack on vrf with !dflt qdisc (git-fixes). - commit 33928ef - net: dsa: mv88e6xxx: fix "don't use PHY_DETECT on internal PHY's" (git-fixes). - Refresh patches.suse/net-dsa-mv88e6xxx-Unforce-speed-duplex-in-mac_link_d.patch. - commit ab3f5a5 - blacklist.conf: update blacklist - commit 7f6807d - Update patches.suse/PCI-Add-support-for-ACPI-_RST-reset-method.patch (jsc#SLE-19359 jsc#SLE-24572) - commit 6765137 - net: dsa: b53: Add SPI ID table (git-fixes). - commit ccf6538 - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes). - commit afd7296 - net: mscc: ocelot: set up traps for PTP packets (git-fixes). - commit acf9d1f - net: mscc: ocelot: create a function that replaces an existing VCAP filter (git-fixes). - commit ec00bd5 - net: ptp: add a definition for the UDP port for IEEE 1588 general messages (git-fixes). - commit 35ce0e7 - net: dsa: qca8k: fix MTU calculation (git-fixes). - commit bce505c - blacklist.conf: update blacklist - commit 61c1944 - net: stmmac: fix off-by-one error in sanity check (git-fixes). - commit 09fc6c2 - blacklist.conf: update blacklist - commit 9f34c2e - ext4: Fix check for block being out of directory size (bsc#1198577 CVE-2022-1184). - commit a54fb25 - ext4: make sure ext4_append() always allocates new block (bsc#1198577 CVE-2022-1184). - commit 1a13c4d - ext4: check if directory block is within i_size (bsc#1198577 CVE-2022-1184). - commit 226e379 - i2c: imx: Make sure to unregister adapter on remove() (git-fixes). - kbuild: fix the modules order between drivers and libs (git-fixes). - ata: libata-eh: Add missing command name (git-fixes). - mmc: meson-gx: Fix an error handling path in meson_mmc_probe() (git-fixes). - mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes). - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes). - commit 64ae33d ------------------------------------------------------------------ ------------------ 2022-8-21 - Aug 21 2022 ------------------- ------------------------------------------------------------------ ++++ gcc12: - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ------------------------------------------------------------------ ------------------ 2022-8-20 - Aug 20 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - xfs: use setattr_copy to set vfs inode attributes (git-fixes). - commit 6835ddd - xfs: terminate perag iteration reliably on agcount (git-fixes). - commit f2327cf - xfs: rename the next_agno perag iteration variable (git-fixes). - commit dc975df - xfs: fold perag loop iteration logic into helper function (git-fixes). - commit d6c5eb4 - xfs: prevent UAF in xfs_log_item_in_current_chkpt (git-fixes). - commit 083e5a4 - xfs: only bother with sync_filesystem during readonly remount (git-fixes). - commit fce9137 - xfs: reorder iunlink remove operation in xfs_ifree (git-fixes). - commit 725e89d - xfs: fix soft lockup via spinning in filestream ag selection loop (git-fixes). - commit aaf842c - xfs: revert "xfs: actually bump warning counts when we send warnings" (git-fixes). - commit 5fc6378 - xfs: prevent a UAF when log IO errors race with unmount (git-fixes). - commit d15470c - xfs: fix use-after-free in xattr node block inactivation (git-fixes). - commit bc104ad - xfs: check sb_meta_uuid for dabuf buffer recovery (git-fixes). - commit 92ffd3b - xfs: remove incorrect ASSERT in xfs_rename (git-fixes). - commit 233c708 - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes). - commit bd04c03 - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes). - commit b0a0ff8 - xfs: Fix the free logic of state in xfs_attr_node_hasname (git-fixes). - commit dd3f833 - ALSA: hda/conexant: add a new hda codec SN6140 (git-fixes). - commit a5b7f1f - ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU (git-fixes). - commit 46ab003 - ALSA: info: Fix llseek return value when using callback (git-fixes). - ASoC: codec: tlv320aic32x4: fix mono playback via I2S (git-fixes). - ASoC: tas2770: Fix handling of mute/unmute (git-fixes). - ASoC: tas2770: Drop conflicting set_bias_level power setting (git-fixes). - ASoC: tas2770: Allow mono streams (git-fixes). - ASoC: tas2770: Set correct FSYNC polarity (git-fixes). - ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes). - drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes). - drm/amd/display: Check correct bounds for stream encoder instances for DCN303 (git-fixes). - drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes). - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes). - drm/i915/gt: Skip TLB invalidations once wedged (git-fixes). - commit 3db046b ------------------------------------------------------------------ ------------------ 2022-8-19 - Aug 19 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - fs: move S_ISGID stripping into the vfs_*() helpers (bsc#1198702 CVE-2021-4037). - commit 96040b9 - fs: Add missing umask strip in vfs_tmpfile (bsc#1198702 CVE-2021-4037). - commit b188cb2 - fs: add mode_strip_sgid() helper (bsc#1198702 CVE-2021-4037). - commit d40a52d - net: openvswitch: fix parsing of nw_proto for IPv6 fragments (git-fixes). - net: openvswitch: fix misuse of the cached connection on tuple changes (git-fixes). - net: openvswitch: fix leak of nested actions (git-fixes). - net: openvswitch: don't send internal clone attribute to the userspace (git-fixes). - openvswitch: Fixed nd target mask field in the flow dump (git-fixes). - openvswitch: always update flow key after nat (git-fixes). - openvswitch: Fix setting ipv6 fields causing hw csum failure (git-fixes). - commit 75a6dfb - platform/x86: pmc_atom: Match all Lex BayTrail boards with critclk_systems DMI table (git-fixes). - proc: fix dentry/inode overinstantiating under /proc/${pid}/net (git-fixes). - commit e0a1b98 - selinux: Add boundary check in put_entry() (git-fixes). - selinux: fix memleak in security_read_state_kernel() (git-fixes). - selinux: fix bad cleanup on error in hashtab_duplicate() (git-fixes). - selinux: use correct type for context length (git-fixes). - selinux: check return value of sel_make_avc_files (git-fixes). - selinux: access superblock_security_struct in LSM blob way (git-fixes). - selinux: fix misuse of mutex_is_locked() (git-fixes). - selinux: fix double free of cond_list on error paths (git-fixes). - commit 8fa4586 - arm64: set UXN on swapper page tables (git-fixes). - commit e839a65 - Update patch reference for i2c ISMT fix (CVE-2022-2873 bsc#1202558) - commit c5ea54e - vmxnet3: do not reschedule napi for rx processing (bsc#1200431). - vmxnet3: Implement ethtool's get_channels command (bsc#1200431). - vmxnet3: Record queue number to incoming packets (bsc#1200431). - vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431). - vmxnet3: update to version 7 (bsc#1200431). - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431). - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431). - vmxnet3: add command to set ring buffer sizes (bsc#1200431). - vmxnet3: add support for out of order rx completion (bsc#1200431). - vmxnet3: add support for large passthrough BAR register (bsc#1200431). - vmxnet3: add support for capability registers (bsc#1200431). - vmxnet3: prepare for version 7 changes (bsc#1200431). - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431). - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431). - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431). - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431). - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431). - commit 0f8542d ++++ python-lxml: - add CVE-2022-2309.patch (bsc#1201253, CVE-2022-2309) ------------------------------------------------------------------ ------------------ 2022-8-18 - Aug 18 2022 ------------------- ------------------------------------------------------------------ ++++ combustion: - Update to version 1.0+git2: * Let selinux-microos-relabel decide whether a relabel is necessary (bsc#1202437) ++++ kernel-default: - ext4: fix race when reusing xattr blocks (bsc#1198971). - commit f900445 - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). - commit 68125c2 - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971). - commit e8e6da3 - mbcache: add functions to delete entry if unused (bsc#1198971). - commit 7e476f0 - mbcache: don't reclaim used entries (bsc#1198971). - commit 351abf2 - Update config files (bsc#1201361 bsc#1192968 https://github.com/rear/rear/issues/2554). ppc64: NVRAM=y - commit b0c6309 - ntb_hw_amd: Add NTB PCI ID for new gen CPU (bsc#1202113). - commit 3ed0fd5 - scsi: hisi_sas: Use autosuspend for the host controller (bsc#1202471). - scsi: hisi_sas: Keep controller active between ISR of phyup and the event being processed (bsc#1202471). - commit 7a72909 - iommu/vt-d: Make DMAR_UNITS_SUPPORTED default 1024 (bsc#1200301). - iommu/vt-d: Remove global g_iommus array (bsc#1200301). - iommu/vt-d: Remove unnecessary check in intel_iommu_add() (bsc#1200301). - iommu/vt-d: Refactor iommu information of each domain (bsc#1200301). - iommu/vt-d: Use IDA interface to manage iommu sequence id (bsc#1200301). - iommu/vt-d: Acquiring lock in domain ID allocation helpers (bsc#1200301). - iommu/vt-d: Remove intel_iommu::domains (bsc#1200301). - commit a61eebd - firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes). - commit 95d811d - dpaa2-eth: fix ethtool statistics (git-fixes). - commit 24955ec - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes). - commit 0a8f29d - tracing: Fix sleeping while atomic in kdb ftdump (git-fixes). - commit 1af097c - media: driver/nxp/imx-jpeg: fix a unexpected return value problem (git-fixes). - commit c60449d - crypto: sun8i-ss - fix error codes in allocate_flows() (git-fixes). - commit e939e5a - drm/vc4: change vc4_dma_range_matches from a global to static (git-fixes). - net: phy: smsc: Disable Energy Detect Power-Down in interrupt mode (git-fixes). - commit 06c0471 - tty: vt: initialize unicode screen buffer (git-fixes). - tty: 8250: Add support for Brainboxes PX cards (git-fixes). - usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup (git-fixes). - usb: dwc3: core: Deprecate GCTL.CORESOFTRESET (git-fixes). - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes). - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes). - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes). - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes). - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes). - spi: tegra20-slink: fix UAF in tegra_slink_remove() (git-fixes). - usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling (git-fixes). - usbnet: smsc95xx: Avoid link settings race on interrupt reception (git-fixes). - usbnet: smsc95xx: Don't clear read-only PHY interrupt (git-fixes). - commit 61affc0 - serial: mvebu-uart: uart2 error bits clearing (git-fixes). - mt76: mt7921: fix aggregation subframes setting to HE max (git-fixes). - PM: hibernate: defer device probing when resuming from hibernation (git-fixes). - pwm: lpc18xx: Fix period handling (git-fixes). - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes). - soc: qcom: Make QCOM_RPMPD depend on PM (git-fixes). - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes). - serial: 8250: Add proper clock handling for OxSemi PCIe devices (git-fixes). - serial: 8250: Export ICR access helpers for internal use (git-fixes). - serial: 8250: Fold EndRun device support into OxSemi Tornado code (git-fixes). - pwm: lpc18xx-sct: Simplify driver by not using pwm_[gs]et_chip_data() (git-fixes). - pwm: lpc18xx-sct: Reduce number of devm memory allocations (git-fixes). - serial: 8250_pci: Replace dev_*() by pci_*() macros (git-fixes). - serial: 8250_pci: Refactor the loop in pci_ite887x_init() (git-fixes). - commit 74f881a - HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes). - HID: hid-input: add Surface Go battery quirk (git-fixes). - HID: wacom: Don't register pad_input for touch switch (git-fixes). - HID: wacom: Only report rotation for art pen (git-fixes). - iio: accel: bma400: Reordering of header files (git-fixes). - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes). - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes). - intel_th: pci: Add Meteor Lake-P support (git-fixes). - hwmon: (sht15) Fix wrong assumptions in device remove callback (git-fixes). - hwmon: (dell-smm) Add Dell XPS 13 7390 to fan control whitelist (git-fixes). - media: hevc: Embedded indexes in RPS (git-fixes). - media: imx-jpeg: use NV12M to represent non contiguous NV12 (git-fixes). - media: hantro: postproc: Fix motion vector space size (git-fixes). - mac80211: fix a memory leak where sta_info is not freed (git-fixes). - drivers/iio: Remove all strcpy() uses (git-fixes). - media: imx-jpeg: Add pm-runtime support for imx-jpeg (git-fixes). - commit a9b45e9 - drm/vc4: hdmi: Disable audio if dmas property is present but empty (git-fixes). - Refresh patches.suse/drm-vc4-hdmi-Add-debugfs-prefix.patch. - commit f1454ba - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes). - drm/msm/dpu: Fix for non-visible planes (git-fixes). - drm/mediatek: Keep dsi as LP00 before dcs cmds transfer (git-fixes). - drm/mediatek: Separate poweron/poweroff from enable/disable and define new funcs (git-fixes). - drm/mediatek: Modify dsi funcs to atomic operations (git-fixes). - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes). - firmware: tegra: Fix error check return value of debugfs_create_file() (git-fixes). - firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (git-fixes). - dt-bindings: iio: accel: Add DT binding doc for ADXL355 (git-fixes). - commit 1505831 - drm/bridge: tc358767: Fix (e)DP bridge endpoint parsing in dedicated function (git-fixes). - Refresh patches.suse/drm-bridge-tc358767-Make-sure-Refclk-clock-are-enabl.patch. - commit 57c5267 - drm/bridge: tc358767: Move (e)DP bridge endpoint parsing into dedicated function (git-fixes). - Refresh patches.suse/drm-bridge-tc358767-Make-sure-Refclk-clock-are-enabl.patch. - commit 554f4ee - drm/vc4: drv: Adopt the dma configuration from the HVS or V3D component (git-fixes). - drm/amdgpu: Remove one duplicated ef removal (git-fixes). - drm/msm: Fix dirtyfb refcounting (git-fixes). - commit a92dd0e - crypto: ccp - During shutdown, check SEV data pointer before using (git-fixes). - crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak (git-fixes). - crypto: sun8i-ss - do not allocate memory when handling hash requests (git-fixes). - drm/msm: Avoid dirtyfb stalls on video mode displays (v2) (git-fixes). - drm/mediatek: Allow commands to be sent during video mode (git-fixes). - commit d28b47b - ARM: dts: BCM5301X: Add DT for Meraki MR26 (git-fixes). - arm64: dts: qcom: ipq8074: fix NAND node name (git-fixes). - arm64: tegra: Mark BPMP channels as no-memory-wc (git-fixes). - arm64: dts: allwinner: a64: orangepi-win: Fix LED node name (git-fixes). - arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes). - arm64: Do not forget syscall when starting a new thread (git-fixes). - arm64: tegra: Update Tegra234 BPMP channel addresses (git-fixes). - arm64: tegra: Fixup SYSRAM references (git-fixes). - commit ab1e66e - ARM: dts: qcom: sdx55: Fix the IRQ trigger type for UART (git-fixes). - ARM: dts: imx6ul: fix qspi node compatible (git-fixes). - ARM: dts: imx6ul: fix lcdif node compatible (git-fixes). - ARM: dts: imx6ul: fix csi node compatible (git-fixes). - ARM: dts: imx6ul: fix keypad compatible (git-fixes). - ARM: dts: imx6ul: change operating-points to uint32-matrix (git-fixes). - ARM: dts: imx6ul: add missing properties for sram (git-fixes). - ARM: shmobile: rcar-gen2: Increase refcount for new reference (git-fixes). - ARM: OMAP2+: pdata-quirks: Fix refcount leak bug (git-fixes). - ARM: OMAP2+: display: Fix refcount leak bug (git-fixes). - commit c6d6958 - ACPI: VIOT: Fix ACS setup (git-fixes). - ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes). - ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes). - ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk (git-fixes). - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes). - ARM: findbit: fix overflowing offset (git-fixes). - ACPI: APEI: explicit init of HEST and GHES in apci_init() (git-fixes). - commit b65bd26 ++++ systemd: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) ------------------------------------------------------------------ ------------------ 2022-8-17 - Aug 17 2022 ------------------- ------------------------------------------------------------------ ++++ conmon: - update to 2.1.3: * Port conmon to FreeBSD * Stop using g_unix_signal_add() to avoid threads * Rename CLI optionlog-size-global-max to log-global-size-max ++++ kernel-default: - tracing/histograms: Fix memory leak problem (git-fixes). - commit 8c95b1f - tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (git-fixes). - commit 0f2d911 - drm/udl: Sync pending URBs at the end of suspend (bsc#1195917). - drm/udl: Don't re-initialize stuff at retrying the URB list allocation (bsc#1195917). - drm/udl: Fix inconsistent urbs.count value during udl_free_urb_list() (bsc#1195917). - drm/udl: Fix potential URB leaks (bsc#1195917). - drm/udl: Drop unneeded alignment (bsc#1195917). - drm/udl: Add parameter to set number of URBs (bsc#1195917). - drm/udl: Increase the default URB list size to 20 (bsc#1195917). - drm/udl: Suppress error print for -EPROTO at URB completion (bsc#1195917). - Revert "drm/udl: Kill pending URBs at suspend and disconnect" (bsc#1195917). - drm/udl: Enable damage clipping (bsc#1195917). - commit 8fe003b - Update udl patches to the version that have been queued to subsystem tree - commit d27d36e - drm/udl: Replace BUG_ON() with WARN_ON() (bsc#1195917). - commit 5d9cedf - drm/udl: Kill pending URBs at suspend and disconnect (bsc#1195917). - commit 3d58e44 - drm/udl: Sync pending URBs at suspend / disconnect (bsc#1195917). - commit 816522a - drm/udl: Replace semaphore with a simple wait queue (bsc#1195917). - commit 8a222ee ++++ samba: - Fix Use after free when iterating smbd_server_connection->connections after tree disconnect failure; (bso#15128); (bsc#1200102). ++++ tar: - bsc1200657.patch was previously incomplete leading to deadlocks * bsc#1202436 * bsc1200657.patch updated ------------------------------------------------------------------ ------------------ 2022-8-16 - Aug 16 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447). - commit 7795ade - Move upstreamed exfat patches into sorted section - commit 2ce62ac - rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385) We do the move only on 15.5+. - commit 9c7ade3 - rpm/kernel-binary.spec.in: simplify find for usrmerged The type test and print line are the same for both cases. The usrmerged case only ignores more, so refactor it to make it more obvious. - commit 583c9be - s390/qeth: cache link_info for ethtool (bsc#1202262 LTC#199322). - commit 2095e05 ++++ systemd: - Update 1009-Drop-or-soften-some-of-the-deprecation-warnings.patch (jsc#PED-944) To decrease log level of messages about use of KillMode=none from warning to debug. SAP still uses this deprecated option and the warnings emitted by PID1 confuse both SAP customers and support. ------------------------------------------------------------------ ------------------ 2022-8-15 - Aug 15 2022 ------------------- ------------------------------------------------------------------ ++++ gdk-pixbuf: - avoid bashism in baselibs postscript (bsc#1195391) ++++ kernel-default: - locking/lockdep: Fix lockdep_init_map_*() confusion (git-fixes). - commit 4749d0c - Update patch-mainline tags to correct to v6.0-rc1 - commit b57acde - perf bench futex: Fix memory leak of perf_cpu_map__new() (git-fixes). - commit 26470c4 - lib/raid6/test: fix multiple definition linking error (git-fixes). - commit 1efe1e2 - Move upstreamed NVMe patches into sorted section - commit 0685dbd - Correct non-existing v5.20-rc1 to v6.0-rc1 in patch-mainline tags - commit b9e2284 ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#609 - fix Bengali font issue: switch from MuktiNarrow.ttf to Mukti.ttf (bsc#1202083, bsc#1197977) - 16.57.25 ------------------------------------------------------------------ ------------------ 2022-8-14 - Aug 14 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - docs: i2c: i2c-sysfs: fix hyperlinks (git-fixes). - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes). - commit 48f9a86 ------------------------------------------------------------------ ------------------ 2022-8-13 - Aug 13 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() (CVE-2022-36879 bsc#1201948). - commit d743f1f - ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes). - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes). - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes). - commit 7941190 - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes). - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes). - drm/shmem-helper: Add missing vunmap on error (git-fixes). - dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding (git-fixes). - commit 7b49d25 ------------------------------------------------------------------ ------------------ 2022-8-12 - Aug 12 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - nvme-auth: align to pre-upstream FFDHE implementation (bsc#1202265). - commit a304667 - Refresh patches.suse/0007-nvme-auth-Diffie-Hellman-key-exchange-support.patch. - commit c07e572 - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1202131) Now iwlwifi queries *-72.ucode, but again, this is non-existing version. Correct to the existing *-71.ucode - commit af3987b - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes). - iommu/exynos: Handle failed IOMMU device registration properly (git-fixes). - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes). - iommu/amd: Enable swiotlb in all cases (git-fixes). - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes). - iommu/mediatek: Fix NULL pointer dereference when printing dev_name (git-fixes). - iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (git-fixes). - iommu/mediatek: Remove clk_disable in mtk_iommu_remove (git-fixes). - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes). - iommu/mediatek: Fix 2 HW sharing pgtable issue (git-fixes). - iommu/dart: Add missing module owner to ops structure (git-fixes). - iommu/dart: check return value after calling platform_get_resource() (git-fixes). - iommu/vt-d: Drop stop marker messages (git-fixes). - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes). - iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes). - iommu/iova: Improve 32-bit free space estimate (git-fixes). - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes). - iommu/tegra-smmu: Fix missing put_device() call in tegra_smmu_find (git-fixes). - iommu/amd: Fix I/O page table memory leak (git-fixes). - iommu/amd: Recover from event log overflow (git-fixes). - iommu: Fix potential use-after-free during probe (git-fixes). - iommu/amd: Clarify AMD IOMMUv2 initialization messages (git-fixes). - commit 0fff527 - net/packet: fix slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368 bsc#1202346). - commit 90c61ba - Update patch reference for v4l2 fix (bsc#1202347 CVE-2022-20369) - commit 9ce184e - devlink: Fix use-after-free after a failed reload (git-fixes). - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes). - vsock: Fix memory leak in vsock_connect() (git-fixes). - Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" (git-fixes). - can: mcp251x: Fix race condition on receive interrupt (git-fixes). - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes). - can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() (git-fixes). - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes). - geneve: fix TOS inheriting for ipv4 (git-fixes). - Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes). - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes). - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). - net: phy: Warn about incorrect mdio_bus_phy_resume() state (git-fixes). - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes). - Input: exc3000 - fix return value check of wait_for_completion_timeout (git-fixes). - Bluetooth: hci_bcm: Add DT compatible for CYW55572 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007 (git-fixes). - Bluetooth: hci_bcm: Add BCM4349B1 variant (git-fixes). - Bluetooth: btusb: Add support of IMC Networks PID 0x3568 (git-fixes). - ACPI: video: Force backlight native for some TongFang devices (git-fixes). - commit ad545fa - Add cherry-picked ACPI fix to Alt-commit - commit e374c80 ++++ gcc12: - Update to gcc-12 branch head, 6b7d570a5001bb79e34c0d1626a, git372 * includes release candidate for GCC 12.2 ++++ icu: - Backport icu-CVE-2020-21913.patch: backport commit 727505bdd from upstream, use LocalMemory for cmd to prevent use after free (bsc#1193951 CVE-2020-21913). ------------------------------------------------------------------ ------------------ 2022-8-11 - Aug 11 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit-tukit: - Drop .git from tar by request from Jiří Šrain. ++++ kernel-default: - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes). - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes). - iommu/arm-smmu-v3-sva: Fix mm use-after-free (git-fixes). - commit f591dd8 - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq -kabi (git fixes (sched/fair)). - commit 1d64061 - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes). - commit 09d5d99 - iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (git-fixes). - commit 4e97f34 - nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() (bnc#1189999 (Scheduler functional and performance backports)). - sched/core: Always flush pending blk_plug (bnc#1189999 (Scheduler functional and performance backports)). - commit 1bfd5f9 - iwlwifi: fw: init SAR GEO table only if data is present (bsc#1202131). - commit a69e4a6 - iwlwifi: mvm: Don't fail if PPAG isn't supported (bsc#1202131). - iwlwifi: bump FW API to 72 for AX devices (bsc#1202131). - iwlwifi: acpi: move ppag code from mvm to fw/acpi (bsc#1202131). - iwlwifi: dbg: check trigger data before access (bsc#1202131). - iwlwifi: dbg: in sync mode don't call schedule (bsc#1202131). - iwlwifi: use 4k queue size for Bz A-step (bsc#1202131). - iwlwifi: yoyo: dump IMR DRAM only for HW and FW error (bsc#1202131). - iwlwifi: mvm: add support for IMR based on platform (bsc#1202131). - commit 80fbd62 - iwlwifi: yoyo: disable IMR DRAM region if IMR is disabled (bsc#1202131). - iwlwifi: mvm: remove cipher scheme support (bsc#1202131). - iwlwifi: Configure FW debug preset via module param (bsc#1202131). - iwlwifi: mvm: add a flag to reduce power command (bsc#1202131). - iwlwifi: bump FW API to 71 for AX devices (bsc#1202131). - iwlwifi: dbg_ini: Split memcpy() to avoid multi-field write (bsc#1202131). - iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy (bsc#1202131). - iwlwifi: Fix syntax errors in comments (bsc#1202131). - iwlwifi: dvm: use struct_size over open coded arithmetic (bsc#1202131). - iwlwifi/fw: use struct_size over open coded arithmetic (bsc#1202131). - commit d9db47d - iwlwifi: Make use of the helper macro LIST_HEAD() (bsc#1202131). - iwlwifi: mvm: fix off by one in iwl_mvm_stat_iterator_all_macs() (bsc#1202131). - iwlwifi: yoyo: send hcmd to fw after dump collection completes (bsc#1202131). - iwlwifi: mvm: update BAID allocation command again (bsc#1202131). - iwlwifi: api: remove ttl field from TX command (bsc#1202131). - iwlwifi: support new queue allocation command (bsc#1202131). - iwlwifi: yoyo: support dump policy for the dump size (bsc#1202131). - iwlwifi: pcie: iwlwifi: fix device id 7F70 struct (bsc#1202131). - iwlwifi: tlc: Add logs in rs_fw_rate_init func to print TLC configuration (bsc#1202131). - iwlwifi: mvm: remove iwl_mvm_disable_txq() flags argument (bsc#1202131). - commit c590c1a - iwlwifi: remove command ID argument from queue allocation (bsc#1202131). - iwlwifi: make iwl_txq_dyn_alloc_dma() return the txq (bsc#1202131). - iwlwifi: fix small doc mistake for iwl_fw_ini_addr_val (bsc#1202131). - iwlwifi: mvm: add additional info for boot info failures (bsc#1202131). - iwlwifi: mvm: always remove the session protection after association (bsc#1202131). - iwlwifi: mvm: make iwl_mvm_reconfig_scd() static (bsc#1202131). - iwlwifi: mvm: refactor setting PPE thresholds in STA_HE_CTXT_CMD (bsc#1202131). - iwlwifi: mvm: Disable WiFi bands selectively with BIOS (bsc#1202131). - iwlwifi: mvm: add additional info for boot info failures (bsc#1202131). - iwlwifi: mvm: don't send BAID removal to the FW during hw_restart (bsc#1202131). - commit 315bdf8 - iwlwifi: don't dump_stack() when we get an unexpected interrupt (bsc#1202131). - iwlwifi: mvm: rfi: handle deactivation notification (bsc#1202131). - iwlwifi: mvm: Consider P2P GO operation during scan (bsc#1202131). - iwlwifi: bump FW API to 70 for AX devices (bsc#1202131). - iwlwifi: mvm: Unify the scan iteration functions (bsc#1202131). - iwlwifi: debugfs: remove useless double condition (bsc#1202131). - iwlwifi: remove unused macros (bsc#1202131). - iwlwifi: eeprom: clean up macros (bsc#1202131). - iwlwifi: drv: load tlv debug data earlier (bsc#1202131). - commit 96514f8 - iwlwifi: pcie: Adapt rx queue write pointer for Bz family (bsc#1202131). - iwlwifi: pcie: adjust to Bz completion descriptor (bsc#1202131). - iwlwifi: mvm: Passively scan non PSC channels only when requested so (bsc#1202131). - iwlwifi: scan: Modify return value of a function (bsc#1202131). - iwlwifi: nvm: Correct HE capability (bsc#1202131). - iwlwifi: make some functions friendly to sparse (bsc#1202131). - iwlwifi: avoid variable shadowing (bsc#1202131). - iwlwifi: remove unused DC2DC_CONFIG_CMD definitions (bsc#1202131). - iwlwifi: move symbols into a separate namespace (bsc#1202131). - commit f716768 - iwlwifi: fw: make dump_start callback void (bsc#1202131). - iwlwifi: pcie: make sure iwl_rx_packet_payload_len() will not underflow (bsc#1202131). - iwlwifi: mvm: use debug print instead of WARN_ON() (bsc#1202131). - iwlwifi: add support for BZ-U and BZ-L HW (bsc#1202131). - iwlwifi: mvm: add support for CT-KILL notification version 2 (bsc#1202131). - iwlwifi: mvm: support v3 of station HE context command (bsc#1202131). - iwlwifi: yoyo: add IMR DRAM dump support (bsc#1202131). - iwlwifi: pcie: add support for MS devices (bsc#1202131). - iwlwifi: advertise support for HE - DCM BPSK RX/TX (bsc#1202131). - commit b310d63 - iwlwifi: yoyo: fix DBGI_SRAM ini dump header (bsc#1202131). - Refresh patches.suse/iwlwifi-yoyo-remove-DBGI_SRAM-address-reset-writing.patch. - commit 8a08a81 - iwlwifi: mvm: only enable HE DCM if we also support TX (bsc#1202131). - iwlwifi: dbg: add infra for tracking free buffer size (bsc#1202131). - iwlwifi: mvm: starting from 22000 we have 32 Rx AMPDU sessions (bsc#1202131). - iwlwifi: mvm: support new BAID allocation command (bsc#1202131). - iwlwifi: mvm: refactor iwl_mvm_sta_rx_agg() (bsc#1202131). - iwlwifi: cfg: add support for 1K BA queue (bsc#1202131). - iwlwifi: avoid void pointer arithmetic (bsc#1202131). - iwlwifi: fix various more -Wcast-qual warnings (bsc#1202131). - iwlwifi: propagate (const) type qualifier (bsc#1202131). - commit b5909b9 - iwlwifi: de-const properly where needed (bsc#1202131). - iwlwifi: make iwl_fw_lookup_cmd_ver() take a cmd_id (bsc#1202131). - iwlwifi: mvm: fw: clean up hcmd struct creation (bsc#1202131). - iwlwifi: prefer WIDE_ID() over iwl_cmd_id() (bsc#1202131). - iwlwifi: mvm: allow enabling UHB TAS in the USA via ACPI setting (bsc#1202131). - iwlwifi: mvm: offload channel switch timing to FW (bsc#1202131). - ieee80211: add EHT 1K aggregation definitions (bsc#1202131). - cfg80211/mac80211: assume CHECKSUM_COMPLETE includes SNAP (bsc#1202131). - mac80211: introduce channel switch disconnect function (bsc#1202131). - commit 145a7cd - iwlwifi: yoyo: fix issue with new DBGI_SRAM region read (bsc#1202131). - Refresh patches.suse/iwlwifi-yoyo-remove-DBGI_SRAM-address-reset-writing.patch. - commit 347cb47 - iwlwifi: fw: fix some scan kernel-doc (bsc#1202131). - iwlwifi: mvm: remove card state notification code (bsc#1202131). - iwlwifi: mvm: drop too short packets silently (bsc#1202131). - iwlwifi: mvm: support Bz TX checksum offload (bsc#1202131). - iwlwifi: mvm: add US/CA to TAS block list if OEM isn't allowed (bsc#1202131). - iwlwifi: mvm: correctly set schedule scan profiles (bsc#1202131). - iwlwifi: mvm: correctly set channel flags (bsc#1202131). - iwlwifi: mvm: always store the PPAG table as the latest version (bsc#1202131). - iwlwifi: bump FW API to 69 for AX devices (bsc#1202131). - iwlwifi: yoyo: support TLV-based firmware reset (bsc#1202131). - iwlwifi: mvm: change old-SN drop threshold (bsc#1202131). - iwlwifi: mvm: don't trust hardware queue number (bsc#1202131). - iwlwifi: mvm: handle RX checksum on Bz devices (bsc#1202131). - iwlwifi: mvm: use a define for checksum flags mask (bsc#1202131). - iwlwifi: mvm: isolate offload assist (checksum) calculation (bsc#1202131). - iwlwifi: mvm: add support for OCE scan (bsc#1202131). - commit 435f606 - iwlwifi: fix debug TLV parsing (bsc#1202131). - iwlwifi: dump RCM error tables (bsc#1202131). - iwlwifi: dump both TCM error tables if present (bsc#1202131). - iwlwifi: dump CSR scratch from outer function (bsc#1202131). - iwlwifi: parse error tables from debug TLVs (bsc#1202131). - iwlwifi: recognize missing PNVM data and then log filename (bsc#1202131). - iwlwifi: rs: add support for TLC config command ver 4 (bsc#1202131). - iwlwifi: mvm: rfi: update rfi table (bsc#1202131). - iwlwifi: add support for BNJ HW (bsc#1202131). - iwlwifi: mvm: Add list of OEMs allowed to use TAS (bsc#1202131). - commit bc13b68 - iwlwifi: mvm: support revision 1 of WTAS table (bsc#1202131). - iwlwifi: Read the correct addresses when getting the crf id (bsc#1202131). - iwlwifi: pcie: add jacket bit to device configuration parsing (bsc#1202131). - iwlwifi: fw: remove dead error log code (bsc#1202131). - iwlwifi: do not use __unused as variable name (bsc#1202131). - iwlwifi: iwl-eeprom-parse: mostly dvm only (bsc#1202131). - iwlwifi: mvm: clean up indenting in iwl_mvm_tlc_update_notif() (bsc#1202131). - iwlwifi: mvm: fix a stray tab (bsc#1202131). - iwlwifi: mvm: add dbg_time_point to debugfs (bsc#1202131). - commit 875f8a0 - iwlwifi: mvm: add missing min_size to kernel-doc (bsc#1202131). - ieee80211: change HE nominal packet padding value defines (bsc#1202131). - iwlwifi: mvm: optionally suppress assert log (bsc#1202131). - iwlwifi: add new ax1650 killer device (bsc#1202131). - iwlwifi: fw: correctly detect HW-SMEM region subtype (bsc#1202131). - iwlwifi: implement reset flow for Bz devices (bsc#1202131). - iwlwifi: add new Qu-Hr device (bsc#1202131). - commit d54326e - iwlwifi: support SAR GEO Offset Mapping override via BIOS (bsc#1202131). - Refresh patches.suse/iwlwifi-mvm-don-t-send-SAR-GEO-command-for-3160-devi.patch. - commit 4758d12 - iwlwifi: Fix FW name for gl (bsc#1202131). - iwlwifi: dbg: disable ini debug in 8000 family and below (bsc#1202131). - iwlwifi: pcie: retake ownership after reset (bsc#1202131). - iwlwifi: mvm: always use 4K RB size by default (bsc#1202131). - iwlwifi: mvm/api: define system control command (bsc#1202131). - iwlwifi: bump FW API to 68 for AX devices (bsc#1202131). - iwlwifi: mvm: add some missing command strings (bsc#1202131). - iwlwifi: fw: add support for splitting region type bits (bsc#1202131). - iwlwifi: swap 1650i and 1650s killer struct names (bsc#1202131). - commit e7585e2 - iwlwifi: pcie: support Bz suspend/resume trigger (bsc#1202131). - Refresh patches.suse/iwlwifi-fix-Bz-NMI-behaviour.patch. - commit 0bc6f5d - iwlwifi: acpi: fix wgds rev 3 size (bsc#1202131). - iwlwifi: yoyo: support for DBGC4 for dram (bsc#1202131). - iwlwifi: mvm: update rate scale in moving back to assoc state (bsc#1202131). - iwlwifi: mvm: add support for statistics update version 15 (bsc#1202131). - iwlwifi: mvm: Add support for a new version of scan request command (bsc#1202131). - iwlwifi: mvm: Fix wrong documentation for scan request command (bsc#1202131). - iwlwifi: add missing entries for Gf4 with So and SoF (bsc#1202131). - iwlwifi: mvm: remove session protection upon station removal (bsc#1202131). - iwlwifi: remove unused iwlax210_2ax_cfg_so_hr_a0 structure (bsc#1202131). - iwlwifi: mvm: add support for PHY context command v4 (bsc#1202131). - iwlwifi: fw: api: add link to PHY context command struct v1 (bsc#1202131). - iwlwifi: mvm: support RLC configuration command (bsc#1202131). - iwlwifi: mvm: d3: support v12 wowlan status (bsc#1202131). - iwlwifi: mvm: parse firmware alive message version 6 (bsc#1202131). - iwlwifi: mvm: d3: move GTK rekeys condition (bsc#1202131). - iwlwifi: add support for Bz-Z HW (bsc#1202131). - iwlwifi: support 4-bits in MAC step value (bsc#1202131). - iwlwifi: mvm: fix delBA vs. NSSN queue sync race (bsc#1202131). - iwlwifi: mvm: demote non-compliant kernel-doc header (bsc#1202131). - commit d2ec8a7 - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes). - pinctrl: amd: Don't save/restore interrupt status and wake status bits (git-fixes). - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes). - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes). - Revert "scripts/mod/modpost.c: permit '.cranges' secton for sh64 architecture." (git-fixes). - kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (git-fixes). - commit 797b09e - SUNRPC: Fix READ_PLUS crasher (git-fixes). - dm raid: fix KASAN warning in raid5_add_disks (git-fixes). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - SUNRPC: Fix NFSD's request deferral on RDMA transports (git-fixes). - NFSD: prevent integer overflow on 32 bit systems (git-fixes). - NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes). - NFSD: Clamp WRITE offsets (git-fixes). - NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (git-fixes). - NFSD: Fix ia_size underflow (git-fixes). - nfsd: fix use-after-free due to delegation race (git-fixes). - SUNRPC: Prevent immediate close+reconnect (git-fixes). - commit 24baf4c - md/bitmap: don't set sb values if can't pass sanity check (bsc#1197158). - commit a639749 ++++ zlib: - Fix heap-based buffer over-read or buffer overflow in inflate via large gzip header extra field (bsc#1202175, CVE-2022-37434, CVE-2022-37434-extra-header-1.patch, CVE-2022-37434-extra-header-2.patch). ++++ mdadm: - imsm: support for third Sata controller (bsc#1201297) 0122-imsm-support-for-third-Sata-controller.patch - mdadm: enable Intel Alderlake RSTe configuration (bsc#1201297) 1005-mdadm-enable-Intel-Alderlake-RSTe-configuration.patch ++++ podman: - Update to version 4.2.0: * Features - Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines. - A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod (#12843). - A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins (#14207). - A new command has been added, podman machine info, which displays information about the host and the versions of various machine components. - Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd. - The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context. - The podman play kube command now supports volumes with the BlockDevice and CharDevice types (#13951). - The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto (#7504). - The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation. - Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube (#13464). - The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work. - The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) (#13422). - The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609). - The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod. - The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release! - The podman create and podman run commands now include the -c short option for the --cpu-shares option. - The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773). - The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing. - The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context. - The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231). - The podman machine init command on Windows now fetches an image with packages pre-installed (#14698). - Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697). - The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230). - Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427). - The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up). - Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458). - The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583). - When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v. - The remote Podman client's podman push command now supports the --remove-signatures option (#14558). - The remote Podman client now supports the podman image scp command. - The podman image scp command now supports tagging the transferred image with a new name. - The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595). - The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions. - The podman events command now includes the -f short option for the --filter option. - The podman pull command now includes the -a short option for the --all-tags option. - The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP). - The Podman global option --url now has two aliases: -H and --host. - The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API. - Added the ability to create sigstore signatures in podman push and podman manifest push. - Added an option to read image signing passphrase from a file. * Changes - Paused containers can now be killed with the podman kill command. - The podman system prune command now removes unused networks. - The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman. - If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577). - The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148). - All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless. - The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers. - Init containers created with podman play kube now default to the once type (#14877). - Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048). - The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion. - The libpod/common package has been removed as it's not used anywhere. - The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233). * Bugfixes - Fixed a bug where bind-mounting /dev into a container which used the --init flag would cause the container to fail to start (#14251). - Fixed a bug where the podman image mount command would not pretty-print its output when multiple images were mounted. - Fixed a bug where the podman volume import command would print an unrelated error when attempting to import into a nonexistent volume (#14411). - Fixed a bug where the podman system reset command could race against other Podman commands (#9075). - Fixed a bug where privileged containers were not able to restart if the layout of host devices changed (#13899). - Fixed a bug where the podman cp command would overwrite directories with non-directories and vice versa. A new --overwrite flag to podman cp allows for retaining the old behavior if needed (#14420). - Fixed a bug where the podman machine ssh command would not preserve the exit code from the command run via ssh (#14401). - Fixed a bug where VMs created by podman machine would fail to start when created with more than 3072MB of RAM on Macs with M1 CPUs (#14303). - Fixed a bug where the podman machine init command would fail when run from C:\Windows\System32 on Windows systems (#14416). - Fixed a bug where the podman machine init --now did not respect proxy environment variables (#14640). - Fixed a bug where the podman machine init command would fail if there is no $HOME/.ssh dir (#14572). - Fixed a bug where the podman machine init command would add a connection even if creating the VM failed (#15154). - Fixed a bug where interrupting the podman machine start command could render the VM unable to start. - Fixed a bug where the podman machine list --format command would still print a heading. - Fixed a bug where the podman machine list command did not properly set the Starting field (#14738). - Fixed a bug where the podman machine start command could fail to start QEMU VMs when the machine name started with a number. - Fixed a bug where Podman Machine VMs with proxy variables could not be started more than once (#14636 and #14837). - Fixed a bug where containers created using the Podman API would, when the Podman API service was managed by systemd, be killed when the API service was stopped (BZ 2052697). - Fixed a bug where the podman -h command did not show help output. - Fixed a bug where the podman wait command (and the associated REST API endpoint) could return before a container had fully exited, breaking some tools like the Gitlab Runner. - Fixed a bug where healthchecks generated exec events, instead of health_status events (#13493). - Fixed a bug where the podman pod ps command could return an error when run at the same time as podman pod rm (#14736). - Fixed a bug where the podman systemd df command incorrectly calculated reclaimable storage for volumes (#13516). - Fixed a bug where an exported container checkpoint using a non-default OCI runtime could not be restored. - Fixed a bug where Podman, when used with a recent runc version, could not remove paused containers. - Fixed a bug where the remote Podman client's podman manifest rm command would remove images, not manifests (#14763). - Fixed a bug where Podman did not correctly parse wildcards for device major number in the podman run and podman create commands' --device-cgroup-rule option. - Fixed a bug where the podman play kube command on 32 bit systems where the total memory was calculated incorrectly (#14819). - Fixed a bug where the podman generate kube command could set ports and hostname incorrectly in generated YAML (#13030). - Fixed a bug where the podman system df --format "{{ json . }}" command would not output the Size and Reclaimable fields (#14769). - Fixed a bug where the remote Podman client's podman pull command would display duplicate progress output. - Fixed a bug where the podman system service command could leak memory when a client unexpectedly closed a connection when reading events or logs (#14879). - Fixed a bug where Podman containers could fail to run if the image did not contain an /etc/passwd file (#14966). - Fixed a bug where the remote Podman client's podman push command did not display progress information (#14971). - Fixed a bug where a lock ordering issue could cause podman pod rm to deadlock if it was run at the same time as a command that attempted to lock multiple containers at once (#14929). - Fixed a bug where the podman rm --force command would exit with a non-0 code if the container in question did not exist (#14612). - Fixed a bug where the podman container restore command would fail when attempting to restore a checkpoint for a container with the same name as an image (#15055). - Fixed a bug where the podman manifest push --rm command could remove image, instead of manifest lists (#15033). - Fixed a bug where the podman run --rm command could fail to remove the container if it failed to start (#15049). - Fixed a bug where the podman generate systemd --new command would create incorrect unit files when the container was created with the --sdnotify parameter (#15052). - Fixed a bug where the podman generate systemd --new command would fail when -h was used to create the container (#15124). * API - The Docker-compatible API now supports API version v1.41 (#14204). - Fixed a bug where containers created via the Libpod API had an incorrect umask set (#15036). - Fixed a bug where the remote parameter to the Libpod API's Build endpoint for Images was nonfunctional (#13831). - Fixed a bug where the Libpod List endpoint for Containers did not return the application/json content type header when there were no containers present (#14647). - Fixed a bug where the Compat Stats endpoint for Containers could return incorrect memory limits (#14676). - Fixed a bug where the Compat List and Inspect endpoints for Containers could return incorrect strings for container status. - Fixed a bug where the Compat Create endpoint for Containers did not properly handle disabling healthchecks (#14493). - Fixed a bug where the Compat Create endpoint for Networks did not support the mtu, name, mode, and parent options (#14482). - Fixed a bug where the Compat Create endpoint for Networks did not allow the creation of networks name bridge (#14983). - Fixed a bug where the Compat Inspect endpoint for Networks did not properly set netmasks in the SecondaryIPAddresses and SecondaryIPv6Addresses fields (#14674). - The Libpod Stats endpoint for Pods now supports streaming output via two new parameters, stream and delay (#14674). * Misc - Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server. - The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time. - Podman Machine support for QEMU installations at non-default paths has been improved. - The podman machine ssh command no longer prints spurious warnings every time it is run. - When accessing the WSL prompt on Windows, the rootless user will be preferred. - The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty. - The podman system prune command now no longer prints the Deleted Images header if no images were pruned. - The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573). - Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338) - Updated the containers/image library to v5.22.0 - Updated the containers/storage library to v1.42.0 (fixes bsc#1196751) - Updated the containers/common library to v0.49.1 - Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884). - Fixed an incorrect release note about regexp. - A new MacOS installer (via pkginstaller) is now supported. ------------------------------------------------------------------ ------------------ 2022-8-10 - Aug 10 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit-machines: - Require qemu USB drivers needed by virt-install (bsc#1202166) ++++ kernel-default: - drm/udl: Add reset_resume (bsc#1195917) - commit 3d458d0 - sched: Remove unused function group_first_cpu() (bnc#1189999 (Scheduler functional and performance backports)). - sched/fair: Remove redundant word " *" (bnc#1189999 (Scheduler functional and performance backports)). - sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle (bnc#1189999 (Scheduler functional and performance backports)). Refresh - patches.suse/sched-core-Do-not-requeue-task-on-CPU-excluded-from-cpus_mask.patch - sched: Fix the check of nr_running at queue wakelist (bnc#1189999 (Scheduler functional and performance backports)). - sched: Allow newidle balancing to bail out of load_balance (bnc#1189999 (Scheduler functional and performance backports)). - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (bnc#1189999 (Scheduler functional and performance backports)). - commit aca64fd - Refresh patches.suse/sched-core-Do-not-requeue-task-on-CPU-excluded-from-cpus_mask.patch. - commit 730eeb7 - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - commit 5fb4c16 ++++ mozilla-nspr: - update to version 4.34.1 * add file descriptor sanity checks in the NSPR poll function. ++++ patterns-microos: - add cockpit-storaged (jsc#SMO-116) - add libmbim libmbim-glib4 libqmi-tools libqmi-glib5 (jsc#SMO-50) - add udica (jsc#CSD-121) pam_u2f (jsc#SMO-120) - 5.3.4 ++++ rust-keylime: - Update to version 0.1.0+git.1659977521.0186093: * Fix display of mb measurement file path * Add more helpful error when config file is not found * Fix small comment about implementing TPM ownership * main: die when cannot drop privileges * keylime.conf: add run_as section * Use Rust agent-specific config in Makefile * Fix typo in listen_notifications option in keylime.conf * tpm: Support pre-existing EK * Set swtpm context which is later used for test filtering * Add GitLeaks configuration to ignore RSA key used for testing * Handle whitespace in keylime.conf - Rename keylime.conf.diff to keylime-agent.conf.diff - Drop 0001-main-die-when-cannot-drop-privileges.patch, as is already merged upstream - Add bindgen.patch to add more architectures ------------------------------------------------------------------ ------------------ 2022-8-9 - Aug 9 2022 ------------------- ------------------------------------------------------------------ ++++ gdk-pixbuf: - Update to version 2.42.9: + Fix the check for maximum value of LZW initial code size (boo#1194633 CVE-2021-44648). + Use CMake for dependencies on Windows/MSVC. + Add option for building tests. + Move man pages to reStructuredText. + Disable relocation when built as a static libary on Windows. + Update wrap file for libjpeg-turbo. + Limit the memory size when loading image data. - Add docutils and pkgconfig(gi-docgen) BuildRequires: New dependencies. ++++ kernel-default: - x86/speculation: Add LFENCE to RSB fill sequence (bsc#1201726 CVE-2022-26373). - commit f2aa23b - x86/speculation: Add RSB VM Exit protections (bsc#1201726 CVE-2022-26373). - commit aeafde0 - acpi: Disable APEI error injection if the kernel is locked down (bsc#1023051, CVE-2016-3695). - commit ce97a64 - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729). - commit 947a748 - Move kABI patch to kABI section. - commit a7b7c6a - KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395). - commit 48b4d74 - powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729). - commit 57502cb - tty: n_gsm: fix missing corner cases in gsmld_poll() (git-fixes). - tty: n_gsm: fix flow control handling in tx path (git-fixes). - tty: n_gsm: fix DM command (git-fixes). - tty: n_gsm: fix wrong T1 retry count handling (git-fixes). - tty: n_gsm: fix resource allocation order in gsm_activate_mux() (git-fixes). - tty: n_gsm: fix deadlock and link starvation in outgoing data path (git-fixes). - commit 4b73642 - tty: n_gsm: fix broken virtual tty handling (git-fixes). - Refresh patches.suse/tty-n_gsm-fix-invalid-use-of-MSC-in-advanced-option.patch. - Refresh patches.suse/tty-n_gsm-fix-software-flow-control-handling.patch. - Refresh patches.suse/tty-n_gsm-fix-tty-registration-before-control-channe.patch. - Refresh patches.suse/tty-n_gsm-fix-user-open-not-possible-at-responder-un.patch. - commit c074522 - tty: n_gsm: fix missing mux reset on config change at responder (git-fixes). - Refresh patches.suse/tty-n_gsm-fix-restart-handling-via-CLD-command.patch. - commit a54ea81 - tty: n_gsm: clean up implicit CR bit encoding in address field (git-fixes). - commit 64b8ec0 - tty: n_gsm: clean up dead code in gsm_queue() (git-fixes). - commit d02d442 - n_gsm: remove unused parameters from gsm_error() (git-fixes). - commit 70877a4 - tty: n_gsm: clean up indenting in gsm_queue() (git-fixes). - commit 351f982 - tty: n_gsm: Modify gsmtty driver register method when config requester (git-fixes). - Refresh patches.suse/tty-n_gsm-fix-deadlock-in-gsmtty_open.patch. - Refresh patches.suse/tty-n_gsm-fix-invalid-use-of-MSC-in-advanced-option.patch. - Refresh patches.suse/tty-n_gsm-fix-missing-update-of-modem-controls-after.patch. - Refresh patches.suse/tty-n_gsm-fix-mux-cleanup-after-unregister-tty-devic.patch. - Refresh patches.suse/tty-n_gsm-fix-restart-handling-via-CLD-command.patch. - Refresh patches.suse/tty-n_gsm-fix-software-flow-control-handling.patch. - Refresh patches.suse/tty-n_gsm-fix-tty-registration-before-control-channe.patch. - Refresh patches.suse/tty-n_gsm-fix-user-open-not-possible-at-responder-un.patch. - commit 642a799 - tty: n_gsm: Delete gsm_disconnect when config requester (git-fixes). - Refresh patches.suse/tty-n_gsm-fix-restart-handling-via-CLD-command.patch. - commit 5190326 - tty: n_gsm: Modify cr bit value when config requester (git-fixes). - Refresh patches.suse/tty-n_gsm-Modify-CR-PF-bit-when-config-requester.patch. - commit 0e6806e - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes). - watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource (git-fixes). - tty: serial: fsl_lpuart: correct the count of break characters (git-fixes). - commit e704b35 - remoteproc: sysmon: Wait for SSCTL service to come up (git-fixes). - remoteproc: qcom: pas: Check if coredump is enabled (git-fixes). - remoteproc: qcom: pas: Mark devices as wakeup capable (git-fixes). - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes). - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes). - remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init (git-fixes). - remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init (git-fixes). - rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge (git-fixes). - rpmsg: mtk_rpmsg: Fix circular locking dependency (git-fixes). - rpmsg: char: Add mutex protection for rpmsg_eptdev_open() (git-fixes). - tools/thermal: Fix possible path truncations (git-fixes). - thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes). - serial: 8250_bcm7271: Save/restore RTS in suspend/resume (git-fixes). - serial: 8250_fsl: Don't report FE, PE and OE twice (git-fixes). - tty: n_gsm: fix race condition in gsmld_write() (git-fixes). - tty: n_gsm: fix packet re-transmission without open control channel (git-fixes). - tty: n_gsm: fix non flow control frames during mux flow off (git-fixes). - tty: n_gsm: fix missing timer to handle stalled links (git-fixes). - tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (git-fixes). - tty: n_gsm: fix tty registration before control channel open (git-fixes). - tty: n_gsm: fix user open not possible at responder until initiator open (git-fixes). - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes). - tty: n_gsm: Delete gsmtty open SABM frame when config requester (git-fixes). - tty: n_gsm: Modify CR,PF bit printk info when config requester (git-fixes). - commit d8e88fb ++++ libcontainers-common: - Fix obvious typo in containers.conf ------------------------------------------------------------------ ------------------ 2022-8-8 - Aug 8 2022 ------------------- ------------------------------------------------------------------ ++++ gnutls: - FIPS: Port GnuTLS to use jitterentropy [bsc#1202146, jsc#SLE-24941] * Add new dependency on jitterentropy * Add gnutls-FIPS-jitterentropy.patch ++++ keepalived: - VUL-0: CVE-2021-44225: keepalived: possible privilege escalation due to insufficient control in the D-Bus policy (bsc#1193115) apply upstream patch: * 0001-dbus-fix-policy-to-not-be-overly-broad.patch ++++ kernel-default: - thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR (bsc#1201308). - commit a524606 - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729). - commit a725a56 - powerpc/powernv: wire up rng during setup_arch (bsc#1065729). - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729). - commit 836dbc5 - btrfs: properly flag filesystem with BTRFS_FEATURE_INCOMPAT_BIG_METADATA (git-fixes). - commit ce06a4a - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - commit b67257b - iwlwifi: dbg-tlv: clean up iwl_dbg_tlv_update_drams() (bsc#1202131). - iwlwifi: yoyo: fix DBGC allocation flow (bsc#1202131). - commit 705cc88 - x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes). - proc: fix a dentry lock race between release_task and lookup (git-fixes). - lib/smp_processor_id: fix imbalanced instrumentation_end() call (git-fixes). - kfifo: fix kfifo_to_user() return type (git-fixes). - profiling: fix shift too large makes kernel panic (git-fixes). - video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes). - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes). - net: usb: make USB_RTL8153_ECM non user configurable (git-fixes). - random: remove useless header comment (git-fixes). - commit 7ebdc9d ++++ gcc12: - Remove workaround for obs-service-format_spec_file. ++++ libgcrypt: - FIPS: Port libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf - Add libgcrypt-jitterentropy-3.3.0.patch * Update the internal jitterentropy to version 3.4.0 - Add libgcrypt-jitterentropy-3.4.0.patch ++++ salt: - Add support for gpgautoimport in zypperpkg module - Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744) - Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372) - Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082) - Add support for name, pkgs and diff_attr parameters to upgrade function for zypper and yum (bsc#1198489) - Fix ownership of salt thin directory when using the Salt Bundle - Set default target for pip from VENV_PIP_TARGET environment variable - Normalize package names once with pkg.installed/removed using yum (bsc#1195895) - Save log to logfile with docker.build - Use Salt Bundle in dockermod - Ignore erros on reading license files with dpkg_lowpkg (bsc#1197288) - Added: * fix-ownership-of-salt-thin-directory-when-using-the-.patch * add-support-for-name-pkgs-and-diff_attr-parameters-t.patch * save-log-to-logfile-with-docker.build.patch * add-support-for-gpgautoimport-539.patch * fix-jinja2-contextfuntion-base-on-version-bsc-119874.patch * normalize-package-names-once-with-pkg.installed-remo.patch * use-salt-bundle-in-dockermod.patch * ignore-erros-on-reading-license-files-with-dpkg_lowp.patch * fix-62092-catch-zmq.error.zmqerror-to-set-hwm-for-zm.patch * fix-salt.states.file.managed-for-follow_symlinks-tru.patch * set-default-target-for-pip-from-venv_pip_target-envi.patch ------------------------------------------------------------------ ------------------ 2022-8-7 - Aug 7 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: usb-audio: Add endianness annotations (git-fixes). - commit 9261514 - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga9 14IAP7 (git-fixes). - ALSA: usb-audio: Add quirk for Behringer UMC202HD (git-fixes). - commit d2bf5c3 - scripts/faddr2line: Fix vmlinux detection on arm64 (git-fixes). - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes). - mfd: t7l66xb: Drop platform disable callback (git-fixes). - tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH (git-fixes). - KEYS: asymmetric: enforce SM2 signature use pkey algo (git-fixes). - mtd: spi-nor: fix spi_nor_spimem_setup_op() call in spi_nor_erase_{sector,chip}() (git-fixes). - mtd: rawnand: arasan: Fix clock rate in NV-DDR (git-fixes). - mtd: rawnand: arasan: Update NAND bus clock instead of system clock (git-fixes). - mtd: rawnand: meson: Fix a potential double free issue (git-fixes). - mtd: dataflash: Add SPI ID table (git-fixes). - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes). - mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset (git-fixes). - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes). - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes). - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes). - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes). - commit 34c1728 - Revert "drivers/video/backlight/platform_lcd.c: add support for device tree based probe" (git-fixes). - ASoC: mchp-spdifrx: disable end of block interrupt on failures (git-fixes). - ASoC: imx-card: use snd_pcm_format_t type for asrc_format (git-fixes). - ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format (git-fixes). - ASoC: fsl-asoc-card: force cast the asrc_format type (git-fixes). - ASoC: fsl_asrc: force cast the asrc_format type (git-fixes). - ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes). - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes). - ASoC: mt6359: Fix refcount leak bug (git-fixes). - ASoC: imx-card: Fix DSD/PDM mclk frequency (git-fixes). - ASoC: qcom: Fix missing of_node_put() in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: samsung: change neo1973_audio from a global to static (git-fixes). - ASoC: samsung: change gpiod_speaker_power and rx1950_audio from global to static variables (git-fixes). - ASoC: samsung: h1940_uda1380: include proepr GPIO consumer header (git-fixes). - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes). - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes). - ASoC: imx-audmux: Silence a clang warning (git-fixes). - ASoC: samsung: Fix error handling in aries_audio_probe (git-fixes). - ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe (git-fixes). - ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes). - ALSA: usb-audio: Turn off 'manual mode' on Dell dock (git-fixes). - ALSA: usb-audio: Support jack detection on Dell dock (git-fixes). - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes). - ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC (git-fixes). - Input: gscps2 - check return value of ioremap() in gscps2_probe() (git-fixes). - commit a1ba91a - Move upstreamed patches into sorted section - commit 4e4180d ------------------------------------------------------------------ ------------------ 2022-8-6 - Aug 6 2022 ------------------- ------------------------------------------------------------------ ++++ ModemManager: - Update to version 1.18.10: + Build: Require libqmi 1.30.8. + FCC unlock: Updated SDX55 unlock script to handle the new method introduced in the latest firmware releases. + Modem interface: - Set signal quality to 0% on shutdown. - Set signal quality as recent on init. + MBIM: - Fix task completion when peeking device fails. - Fix several GError double-frees. + mmcli: Don't print signal quality until modem is enabled. + Plugins: foxconn: remove carrier mapping table for T99W175. + Several other minor improvements and fixes. - Changes from version 1.18.8: + A new connection status dispatcher setup is provided, where users can provide custom scripts that will be called on bearer connect/disconnect events. This dispatcher will make the netifd integration in openwrt work much better, as we'll be able to report network-initiated disconnections cleanly to netifd. There are no default connection status dispatcher scripts installed, but it's suggested distributions make sure the following directories exist: - ${sysconfdir}/ModemManager/connection.d/ - ${libdir}/ModemManager/connection.d/ + API: Add missing Simple interface definitions in ModemManager-names.h. + Build: - meson: . fix daemon enums dependencies. . fix port enums includes. . fix 'export_packages' in GIR setup. . fix simtech plugin module name. - systemd: don't run ModemManager in containers. + Core: - serial: ensure the port object is valid after BUFFER_FULL handling. - netlink: . use unaligned netlink attribute length. . only change IFF_UP flag. - bearer: match unknown auth to chap in loose comparisons. - charsets: return error if UTF-8 validation fails. - fcc-unlock: make scripts POSIX shell compatible. - modem-helpers: . consider minimum ID when choosing best profile. . fix reading given in COPS=? responses. - sms: prevent crash if date is out of range. - profile-manager: fix copy-paste error on tags for quarks. + QMI: - Ignore slot status indications until initial status is known. - Return error when loading capabilities if none is found. + MBIM: - Default initial EPS bearer's auth to chap when unknown. - Update default error when network error is out of range. + mmcli: Fix key length when printing list of items. + Plugins: - linktop: new port type hints. - cinterion: add support for PLSx3w modems. - huawei: disable +CPOL based features in Huawei E226. + Several other minor improvements and fixes. ------------------------------------------------------------------ ------------------ 2022-8-5 - Aug 5 2022 ------------------- ------------------------------------------------------------------ ++++ cups: - cups-branch-2.2-commit-3e4dd41459dabc5d18edbe06eb5b81291885204b.diff is 'git show 3e4dd41459dabc5d18edbe06eb5b81291885204b' for https://github.com/apple/cups/commit/3e4dd41459dabc5d18edbe06eb5b81291885204b (except the not needed hunk for patching CHANGES.md which fails) that fixes handling of MaxJobTime 0 (Issue #5438) in the CUPS 2.2 branch bsc#1201511: Stuck print jobs being cancelled immediately, despite MaxJobTime being set to 0 ++++ dracut: - Update to version 055+suse.294.gc5bc4bb5: Missing network-manager module fixes (bsc#1201975): * fix(network-manager): avoid calling unavailable dracut-logger functions * fix(network-manager): skip non-directories in /sys/class/net * fix(network-manager): disable tty output if the console is not usable * fix(network-manager): show output on console only with rd.debug enabled * fix(network-manager): write DHCP filename option to dhcpopts file * fix(network-manager): ensure safe content of /tmp/dhclient."$ifname".dhcpopts * fix(network-manager): include nm-daemon-helper binary * fix(network-manager): don't pull in systemd-udev-settle * fix(network-manager): support teaming under NM+systemd * fix(network-manager): pull in network.target in nm-initrd.service ++++ hwinfo: - merge gh#openSUSE/hwinfo#115 - improve treatment of NVME devices (bsc#1200975) - fix compiler warnings - 21.83 ++++ kernel-default: - iwlwifi: pcie: fix SW error MSI-X mapping (bsc#1202131). - iwlwifi: yoyo: Avoid using dram data if allocation failed (bsc#1202131). - iwlwifi: remove deprecated broadcast filtering feature (bsc#1202131). - iwlwifi: fix iwl_legacy_rate_to_fw_idx (bsc#1202131). - iwlwifi: mvm: fix condition which checks the version of rate_n_flags (bsc#1202131). - commit b5f1223 - iwlwifi: rename GEO_TX_POWER_LIMIT to PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1202131). - Refresh patches.suse/iwlwifi-don-t-pass-actual-WGDS-revision-number-in-ta.patch. - commit 2aa0188 - iwlwifi: fix LED dependencies (bsc#1202131). - iwlwifi: Fix missing error code in iwl_pci_probe() (bsc#1202131). - iwlwifi: pcie: fix constant-conversion warning (bsc#1202131). - iwlwifi: bump FW API to 67 for AX devices (bsc#1202131). - iwlwifi: mvm: extend session protection on association (bsc#1202131). - iwlwifi: rename CHANNEL_SWITCH_NOA_NOTIF to CHANNEL_SWITCH_START_NOTIF (bsc#1202131). - iwlwifi: mvm: remove session protection on disassoc (bsc#1202131). - iwlwifi: mvm: fix WGDS table print in iwl_mvm_chub_update_mcc() (bsc#1202131). - iwlwifi: mvm: d3: use internal data representation (bsc#1202131). - iwlwifi: mvm: update RFI TLV (bsc#1202131). - iwlwifi: mvm: don't get address of mvm->fwrt just to dereference as a pointer (bsc#1202131). - iwlwifi: mvm: read 6E enablement flags from DSM and pass to FW (bsc#1202131). - iwlwifi: yoyo: support for ROM usniffer (bsc#1202131). - iwlwifi: dump host monitor data when NIC doesn't init (bsc#1202131). - iwlwifi: pcie: simplify iwl_pci_find_dev_info() (bsc#1202131). - commit 65c3ddc - iwlwifi: ACPI: support revision 3 WGDS tables (bsc#1202131). - Refresh patches.suse/iwlwifi-don-t-pass-actual-WGDS-revision-number-in-ta.patch. - commit 1f7d7e3 - iwlwifi: pcie: update sw error interrupt for BZ family (bsc#1202131). - iwlwifi: add new pci SoF with JF (bsc#1202131). - iwlwifi: mvm: Use all Rx chains for roaming scan (bsc#1202131). - iwlwifi: pcie: remove two duplicate PNJ device entries (bsc#1202131). - iwlwifi: pcie: refactor dev_info lookup (bsc#1202131). - commit 4955e78 - iwlwifi: add new device id 7F70 (bsc#1202131). - Refresh patches.suse/iwlwifi-pcie-add-killer-devices-to-the-driver.patch. - commit a871c28 - iwlwifi: pcie: remove duplicate entry (bsc#1202131). - iwlwifi: pcie: fix killer name matching for AX200 (bsc#1202131). - iwlwifi: pnvm: print out the version properly (bsc#1202131). - iwlwifi: dbg: treat non active regions as unsupported regions (bsc#1202131). - iwlwifi: mvm: Read acpi dsm to get channel activation bitmap (bsc#1202131). - iwlwifi: mvm: improve log when processing CSA (bsc#1202131). - iwlwifi: mvm: set BT-coex high priority for 802.1X/4-way-HS (bsc#1202131). - iwlwifi: dbg: treat dbgc allocation failure when tlv is missing (bsc#1202131). - iwlwifi: mvm: set inactivity timeouts also for PS-poll (bsc#1202131). - commit dd87451 - iwlwifi: pcie: try to grab NIC access early (bsc#1202131). - iwlwifi: mvm: reduce WARN_ON() in TX status path (bsc#1202131). - iwlwifi: allow rate-limited error messages (bsc#1202131). - iwlwifi: mvm: remove session protection after auth/assoc (bsc#1202131). - iwlwifi: remove redundant iwl_finish_nic_init() argument (bsc#1202131). - iwlwifi: mvm: Add RTS and CTS flags to iwl_tx_cmd_flags (bsc#1202131). - iwlwifi: mvm: remove csi from iwl_mvm_pass_packet_to_mac80211() (bsc#1202131). - iwlwifi: mvm: Support new rate_n_flags for REPLY_RX_MPDU_CMD and RX_NO_DATA_NOTIF (bsc#1202131). - iwlwifi: mvm: Support new TX_RSP and COMPRESSED_BA_RES versions (bsc#1202131). - iwlwifi: mvm: Support new version of BEACON_TEMPLATE_CMD (bsc#1202131). - commit 67d2e71 - iwlwifi: mvm: Add support for new rate_n_flags in tx_cmd (bsc#1202131). - Refresh patches.suse/iwlwifi-mvm-don-t-crash-on-invalid-rate-w-o-STA.patch. - commit 4f57116 - iwlwifi: BZ Family SW reset support (bsc#1202131). - iwlwifi: BZ Family BUS_MASTER_DISABLE_REQ code duplication (bsc#1202131). - iwlwifi: yoyo: fw debug config from context info and preset (bsc#1202131). - iwlwifi: mvm: Support new version of ranging response notification (bsc#1202131). - iwlwifi: mvm: Support version 3 of tlc_update_notif (bsc#1202131). - iwlwifi: mvm: convert old rate & flags to the new format (bsc#1202131). - iwlwifi: mvm: add definitions for new rate & flags (bsc#1202131). - iwlwifi: mvm: update definitions due to new rate & flags (bsc#1202131). - iwlwifi: mvm: scrub key material in firmware dumps (bsc#1202131). - commit db3dcd7 - iwlwifi: parse debug exclude data from firmware file (bsc#1202131). - iwlwifi: fw dump: add infrastructure for dump scrubbing (bsc#1202131). - iwlwifi: mvm: correct sta-state logic for TDLS (bsc#1202131). - iwlwifi: api: fix struct iwl_wowlan_status_v7 kernel-doc (bsc#1202131). - iwlwifi: fix fw/img.c license statement (bsc#1202131). - iwlwifi: remove contact information (bsc#1202131). - iwlwifi: remove MODULE_AUTHOR() statements (bsc#1202131). - iwlwifi: api: remove unused RX status bits (bsc#1202131). - iwlwifi: add some missing kernel-doc in struct iwl_fw (bsc#1202131). - iwlwifi: mvm: Remove antenna c references (bsc#1202131). - iwlwifi: mvm: add support for 160Mhz in ranging measurements (bsc#1202131). - iwlwifi: add vendor specific capabilities for some RFs (bsc#1202131). - iwlwifi: mvm: add lmac/umac PC info in case of error (bsc#1202131). - iwlwifi: mvm: fix ieee80211_get_he_iftype_cap() iftype (bsc#1202131). - iwlwifi: Start scratch debug register for Bz family (bsc#1202131). - iwlwifi: Add support for more BZ HWs (bsc#1202131). - iwlwifi: Add support for getting rf id with blank otp (bsc#1202131). - wireless: Remove redundant 'flush_workqueue()' calls (bsc#1202131). - commit c24f8b7 - openvswitch: fix OOB access in reserve_sfa_size() (CVE-2022-2639 bsc#1202154). - commit 5c51c64 - usb: cdns3: Don't use priv_dev uninitialized in cdns3_gadget_ep_enable() (git-fixes). - commit 1102903 - platform/olpc: Fix uninitialized data in debugfs write (git-fixes). - platform/chrome: cros_ec: Always expose last resume result (git-fixes). - selftests: kvm: set rax before vmcall (git-fixes). - USB: Follow-up to SPDX GPL-2.0+ identifiers addition - remove now useless comments (git-fixes). - USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes). - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes). - usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() (git-fixes). - USB: serial: fix tty-port initialized comments (git-fixes). - usb: dwc3: qcom: fix missing optional irq warnings (git-fixes). - usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() (git-fixes). - usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). - usb: dwc3: gadget: fix high speed multiplier setting (git-fixes). - usb: dwc3: gadget: refactor dwc3_repare_one_trb (git-fixes). - usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes). - usb: xhci: tegra: Fix error check (git-fixes). - usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init() (git-fixes). - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). - soundwire: qcom: Check device status before reading devid (git-fixes). - soundwire: bus_type: fix remove and shutdown support (git-fixes). - commit da104a3 - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes). - mmc: block: Add single read for 4k sector cards (git-fixes). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes). - PCI: tegra194: Fix link up retry sequence (git-fixes). - PCI: tegra194: Fix Root Port interrupt handling (git-fixes). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes). - PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains() (git-fixes). - PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" exists (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - PCI: dwc: Set INCREASE_REGION_SIZE flag based on limit address (git-fixes). - PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes). - PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes). - PCI/AER: Iterate over error counters instead of error strings (git-fixes). - PCI/portdrv: Don't disable AER reporting in get_port_device_capability() (git-fixes). - PCI: endpoint: Don't stop controller when unbinding endpoint function (git-fixes). - phy: stm32: fix error return in stm32_usbphyc_phy_init (git-fixes). - commit f77f01b - memstick/ms_block: Fix a memory leak (git-fixes). - memstick/ms_block: Fix some incorrect memory allocation (git-fixes). - mmc: renesas_sdhi: Get the reset handle early in the probe (git-fixes). - mmc: mxcmmc: Silence a clang warning (git-fixes). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes). - dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction semantics (git-fixes). - dmaengine: imx-dma: Cast of_device_get_match_data() with (uintptr_t) (git-fixes). - dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources (git-fixes). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes). - HID: amd_sfh: Handle condition of "no sensors" (git-fixes). - HID: amd_sfh: Add NULL check for hid device (git-fixes). - HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() (git-fixes). - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes). - dt-bindings: usb: mtk-xhci: Allow wakeup interrupt-names to be optional (git-fixes). - driver core: fix potential deadlock in __driver_attach (git-fixes). - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes). - iio: fix iio_format_avail_range() printing for none IIO_VAL_INT (git-fixes). - interconnect: imx: fix max_node_id (git-fixes). - eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write() (git-fixes). - iio: temp: maxim_thermocouple: Fix alignment for DMA safety (git-fixes). - iio: temp: ltc2983: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes). - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes). - iio: imu: fxos8700: Fix alignment for DMA safety (git-fixes). - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes). - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes). - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes). - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). - iio: dac: ad5770r: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5766: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). - iio: common: ssp: Fix alignment for DMA safety (git-fixes). - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads131e08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc108s102: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). - iio: adc: max1241: Fix alignment for DMA safety (git-fixes). - iio: adc: max1118: Fix alignment for DMA safety (git-fixes). - iio: adc: max11100: Fix alignment for DMA safety (git-fixes). - iio: adc: max1027: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2496: Fix alignment for DMA safety (git-fixes). - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7923: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7292: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3300: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). - iio: accel: bma220: Fix alignment for DMA safety (git-fixes). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes). - iio: accel: bma400: Fix the scale min and max macro values (git-fixes). - intel_th: msu: Fix vmalloced buffers (git-fixes). - intel_th: msu-sink: Potential dereference of null pointer (git-fixes). - intel_th: Fix a resource leak in an error handling path (git-fixes). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes). - commit 14d844c - dmaengine: sf-pdma: Add multithread support for a DMA channel (git-fixes). - dmaengine: stm32-mdma: Remove dead code in stm32_mdma_irq_handler() (git-fixes). - clk: qcom: gcc-msm8939: Fix weird field spacing in ftbl_gcc_camss_cci_clk (git-fixes). - clk: qcom: clk-rcg2: Make sure to not write d=0 to the NMD register (git-fixes). - clk: qcom: clk-rcg2: Fail Duty-Cycle configuration if MND divider is not enabled (git-fixes). - clk: qcom: camcc-sm8250: Fix topology around titan_top power domain (git-fixes). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes). - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes). - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). - clk: qcom: gcc-msm8939: Point MM peripherals to system_mm_noc clock (git-fixes). - clk: qcom: gcc-msm8939: Add missing system_mm_noc_bfdcd_clk_src (git-fixes). - clk: qcom: gcc-msm8939: Fix bimc_ddr_clk_src rcgr base address (git-fixes). - clk: qcom: gcc-msm8939: Add missing SYSTEM_MM_NOC_BFDCD_CLK_SRC (git-fixes). - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes). - clk: qcom: camcc-sm8250: Fix halt on boot by reducing driver's init level (git-fixes). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). - clk: mediatek: reset: Fix written reset bit offset (git-fixes). - commit 138fb4a ++++ shim: - Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120) ++++ suseconnect-ng: - Update to version 0.0.9~git5.75890b6: * Don't run keepalive on reboot * Use system-wide proxy settings (bsc#1200994) * Add customer information about keepalive calls * Add timer for SUSEConnect --keepalive (bsc#1196076) * Add --keepalive to manpage * Added support for the System-Token header * Add Keepalive command line option * Print nested zypper errors (bsc#1200803) * Fix migration json error with SMT (bsc#1198625) * Add option to run local scc tests * Switch to jenkins-hosted credentials * Fix "VCS stamping" problem * Add missing import * Remove redundant code + add comment ------------------------------------------------------------------ ------------------ 2022-8-4 - Aug 4 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit-tukit: - Update to version 0.0.3~git14.ff11a9a: * Add support for dict-format snapshots List * Fix URIError: malformed URI sequence * fix filemane+duplications * initial version of czech translation * added/corrected de.po for german - Remove old cockpit-tukit.obsinfo file ++++ kernel-default: - fix race between exit_itimers() and /proc/pid/timers (git-fixes). - commit 62d2eea - posix-cpu-timers: Cleanup CPU timers before freeing them during exec (CVE-2022-2585 bsc#1202094). - commit 2decf97 - supported.conf: added drivers/net/ethernet/marvell/octeontx2/nic/otx2_ptp and changed all octeontx2 modules as supported (jsc#SLE-24682) - commit 8caae84 - kabi/severities: octeontx2 driver (jsc#SLE-24682) - commit e0be4cf - octeontx2-af: cn10k: RPM hardware timestamp configuration (jsc#SLE-24682). - Refresh patches.suse/octeontx2-af-cn10k-Do-not-enable-RPM-loopback-for-LP.patch. - commit c25b3fb - can: pch_can: pch_can_error(): initialize errc before using it (git-fixes). - commit 4644234 - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - media: cedrus: hevc: Add check for invalid timestamp (git-fixes). - media: cedrus: h265: Fix flag name (git-fixes). - media: [PATCH] pci: atomisp_cmd: fix three missing checks on list iterator (git-fixes). - media: tw686x: Fix memory leak in tw686x_video_init (git-fixes). - media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set (git-fixes). - media: hdpvr: fix error value returns in hdpvr_read (git-fixes). - media: tw686x: Register the irq at the end of probe (git-fixes). - media: atmel: atmel-sama7g5-isc: fix warning in configs without OF (git-fixes). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes). - i2c: cadence: Support PEC for SMBus block read (git-fixes). - i2c: Fix a potential use after free (git-fixes). - i2c: mxs: Silence a clang warning (git-fixes). - i2c: npcm: Capitalize the one-line comment (git-fixes). - i2c: npcm: Correct slave role behavior (git-fixes). - net: rose: fix netdev reference changes (git-fixes). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes). - wifi: rtw88: check the return value of alloc_workqueue() (git-fixes). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes). - wifi: p54: add missing parentheses in p54_flush() (git-fixes). - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes). - mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node() (git-fixes). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes). - mt76: mt7921: enlarge maximum VHT MPDU length to 11454 (git-fixes). - mt76: mt7615: do not update pm stats in case of error (git-fixes). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes). - wifi: mac80211: limit A-MSDU subframes for client too (git-fixes). - wifi: rtw89: 8852a: rfk: fix div 0 exception (git-fixes). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes). - virtio-net: fix the race between refill work and close (git-fixes). - net: macsec: fix potential resource leak in macsec_add_rxsa() and macsec_add_txsa() (git-fixes). - commit 559b103 - Remove doubly applied amdgpu patches - commit c58b33f - drm/amd/display: Revert "drm/amd/display: turn DPMS off on connector unplug" (git-fixes). - commit 2a4df70 - drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes). - drm/nouveau: Don't pm_runtime_put_sync(), only pm_runtime_put_autosuspend() (git-fixes). - drm/nouveau/acpi: Don't print error when we get -EINPROGRESS from pm_runtime (git-fixes). - drm/nouveau/kms: Fix failure path for creating DP connectors (git-fixes). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes). - drm/msm/mdp5: Fix global state lock backoff (git-fixes). - drm/msm/hdmi: drop empty 'none' regulator lists (git-fixes). - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes). - drm/mediatek: dpi: Remove output format of YUV (git-fixes). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes). - drm: bridge: sii8620: fix possible off-by-one (git-fixes). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes). - drm/rockchip: vop: Don't crash for invalid duplicate_state() (git-fixes). - drm/amd/amd_shared.h: Add missing doc for PP_GFX_DCS_MASK (git-fixes). - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes). - Revert "drm/i915: Hold reference to intel_context over life of i915_request" (git-fixes). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes). - i2c: npcm: Remove own slave addresses 2:10 (git-fixes). - commit c8ad99e - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). - drm/vc4: hdmi: Reset HDMI MISC_CONTROL register (git-fixes). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes). - drm/vc4: dsi: Fix dsi0 interrupt support (git-fixes). - drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type (git-fixes). - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). - drm/vc4: dsi: Correct DSI divider calculations (git-fixes). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes). - drm/vc4: plane: Remove subpixel positioning check (git-fixes). - drm/doc: Fix comment typo (git-fixes). - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes). - drm: adv7511: override i2c address of cec before accessing it (git-fixes). - drm/bridge: lt9611uxc: Cancel only driver's work (git-fixes). - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes). - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes). - drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid() (git-fixes). - commit 3606800 - can: mcp251xfd: mcp251xfd_dump(): fix comment (git-fixes). - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes). - can: error: specify the values of data[5..7] of CAN error frames (git-fixes). - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes). - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes). - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes). - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes). - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes). - ath11k: Fix incorrect debug_mask mappings (git-fixes). - ath11k: fix netdev open race (git-fixes). - ath10k: do not enforce interrupt trigger type (git-fixes). - can: netlink: allow configuring of fixed data bit rates without need for do_set_data_bittiming callback (git-fixes). - can: Break loopback loop on loopback documentation (git-fixes). - can: netlink: allow configuring of fixed bit rates without need for do_set_bittiming callback (git-fixes). - docs/kernel-parameters: Update descriptions for "mitigations=" param with retbleed (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes). - commit caf4ad9 ++++ u-boot-rpiarm64: Fix out-of-bounds write in sqfs_readdir() may lead to arbitrary code execution CVE-2022-33103 (bsc#1201213) Patch queue updated from https://github.com/openSUSE/u-boot.git sle15-sp4 * Patches added: 0022-fs-squashfs-sqfs_read-Prevent-arbit.patch ------------------------------------------------------------------ ------------------ 2022-8-3 - Aug 3 2022 ------------------- ------------------------------------------------------------------ ++++ lvm2-device-mapper: - lvm reports udev database has incomplete information on devices (bsc#1202011) + bug-1202011_vgchange-monitor-don-t-use-udev-info.patch ++++ jitterentropy: - updated to 3.4.0 * enhancement: add API call jent_set_fips_failure_callback as requested by Daniel Ojalvo * fix: Change the SHA-3 integration: The entropy pool is now a SHA-3 state. It is filled with the time delta containing entropy and auxiliary data that does not contain entropy using a SHA update operation. The auxiliary data is calculated by a SHA-3 hashing of some varying state data. The time delta that contains entropy is measured about the SHA-3 hasing of the auxiliary data. This satisfies FIPS 140-3 IG D.K resolutions 4, 6, and 8. * enhancement: add CMake support by Andrew Hopkins - updated to 3.3.1 * fix: bug fix in initialization logic by Vladis Dronov * fix: use __asm__ instead of asm to suit the C11 standard - added a -devel-static package to be able to link it static. ++++ kernel-default: - x86/speculation: Add LFENCE to RSB fill sequence (bsc#1201726 CVE-2022-26373). - commit e9f7bfc - x86/speculation: Add RSB VM Exit protections (bsc#1201726 CVE-2022-26373). - commit 87cc728 - ipv4: avoid using shared IP generator for connected sockets (CVE-2020-36516 bsc#1196616). - ipv4: tcp: send zero IPID in SYNACK messages (CVE-2020-36516 bsc#1196616). - commit 1c066c9 - selftests: timers: clocksource-switch: fix passing errors from child (git-fixes). - selftests: timers: valid-adjtimex: build fix for newer toolchains (git-fixes). - Documentation: siphash: Fix typo in the name of offsetofend macro (git-fixes). - Documentation: update watch_queue.rst references (git-fixes). - docs: zh_CN: fix a broken reference (git-fixes). - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes). - crypto: hisilicon/sec - fix auth key size error (git-fixes). - crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of (git-fixes). - crypto: hisilicon/hpre - don't use GFP_KERNEL to alloc mem during softirq (git-fixes). - crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq (git-fixes). - crypto: hisilicon/sec - don't sleep when in softirq (git-fixes). - crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs() (git-fixes). - selftests/seccomp: Fix compile warning when CC=clang (git-fixes). - Documentation: dm writecache: Render status list as list (git-fixes). - thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes). - Documentation: PM: Drop pme_interrupt reference (git-fixes). - PM: domains: Ensure genpd_debugfs_dir exists before remove (git-fixes). - Documentation: ACPI: EINJ: Fix obsolete example (git-fixes). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes). - ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes). - ACPI: processor/idle: Annotate more functions to live in cpuidle section (git-fixes). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - hwmon: (drivetemp) Add module alias (git-fixes). - spi: Fix simplification of devm_spi_register_controller (git-fixes). - spi: dt-bindings: zynqmp-qspi: add missing 'required' (git-fixes). - spi: dt-bindings: cadence: add missing 'required' (git-fixes). - spi: spi-altera-dfl: Fix an error handling path (git-fixes). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes). - regulator: qcom_smd: Fix pm8916_pldo range (git-fixes). - dt-bindings: arm: qcom: fix MSM8994 boards compatibles (git-fixes). - dt-bindings: arm: qcom: fix MSM8916 MTP compatibles (git-fixes). - arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment (git-fixes). - arm64: dts: qcom: sm8250: add missing PCIe PHY clock-cells (git-fixes). - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node (git-fixes). - ARM: dts: qcom: pm8841: add required thermal-sensor-cells (git-fixes). - ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg (git-fixes). - ARM: dts: imx7d-colibri-emmc: add cpu1 supply (git-fixes). - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes). - arm64: dts: mt7622: fix BPI-R64 WPS button (git-fixes). - arm64: dts: mt8192: Fix idle-states entry-method (git-fixes). - arm64: dts: mt8192: Fix idle-states nodes naming scheme (git-fixes). - dt-bindings: gpio: zynq: Add missing compatible strings (git-fixes). - ARM: dts: ast2600-evb-a1: fix board compatible (git-fixes). - ARM: dts: ast2600-evb: fix board compatible (git-fixes). - ARM: dts: ast2500-evb: fix board compatible (git-fixes). - arm64: dts: renesas: Fix thermal-sensors on single-zone sensors (git-fixes). - arm64: dts: renesas: beacon: Fix regulator node names (git-fixes). - soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register (git-fixes). - soc: qcom: ocmem: Fix refcount leak in of_get_ocmem (git-fixes). - soc: fsl: guts: machine variable might be unset (git-fixes). - soc: amlogic: Fix refcount leak in meson-secure-pwrc.c (git-fixes). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes). - soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values (git-fixes). - ARM: bcm: Fix refcount leak in bcm_kona_smc_init (git-fixes). - cpufreq: zynq: Fix refcount leak in zynq_get_revision (git-fixes). - ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init (git-fixes). - ARM: OMAP2+: Fix refcount leak in omapdss_init_of (git-fixes). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes). - arm64: kasan: Revert "arm64: mte: reset the page tag in page->flags" (git-fixes). - Documentation: fix sctp_wmem in ip-sysctl.rst (git-fixes). - commit 3f28928 - kabi/severities: add hisilicon hns3 symbols - commit 684e0cd - kabi/severities: add Qlogic qed symbols - commit cb6e740 - net: hns3: clean residual vf config after disable sriov (git-fixes). - commit 3154aec - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes). - commit 1199c9d - ice: fix 'scheduling while atomic' on aux critical err interrupt (git-fixes). - commit e93e238 - net: bcmgenet: Use stronger register read/writes to assure ordering (git-fixes). - commit 329c205 - net: stmmac: clean up impossible condition (git-fixes). - commit ab39c12 - qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes). - commit 4ff6c29 - net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes). - commit af05743 - net: dsa: mv88e6xxx: Enable port policy support on 6097 (git-fixes). - commit c7e4e5e - net: mscc: ocelot: fix incorrect balancing with down LAG ports (git-fixes). - commit ec8da82 - bnx2x: Invalidate fastpath HSI version for VFs (git-fixes). - commit 71c2b0b - bnx2x: Utilize firmware 7.13.21.0 (git-fixes). - commit dfd1200 ++++ libcontainers-common: - Resync containers.conf / storage.conf with Fedora - Create /etc/containers/registries.conf.d and add 000-shortnames.conf to it. ++++ lvm2: - lvm reports udev database has incomplete information on devices (bsc#1202011) + bug-1202011_vgchange-monitor-don-t-use-udev-info.patch ++++ tiff: - CVE-2022-34266 [bsc#1201971] and [bsc#1201723]: Rename tiff-CVE-2022-0561.patch to tiff-CVE-2022-0561,CVE-2022-34266.patch This CVE is actually a duplicate. ++++ python-M2Crypto: - update CVE-2020-25657-Bleichenbacher-attack.patch to actually contain the fix rather than just being empty (CVE-2020-25657, bsc#1178829) ------------------------------------------------------------------ ------------------ 2022-8-2 - Aug 2 2022 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Update audit-secondary.spec: create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519). ++++ combustion: - Update to version 1.0+git1: * Use /lib/dracut/hooks instead of the usr-merged location (bsc#1201957) ++++ dracut: - Update to version 055+suse.283.ge98ece25: * fix(network-manager): check for nm-initrd-generator in both /usr/{libexec,lib} (bsc#1201975) * fix(network-legacy): add auto timeout to wicked DHCP test (bsc#1198709) ++++ transactional-update: - Version 4.0.0 - Last minute interface change: Changed "List" method of Snapshot D-Bus interface to return a map of properties instead of a comma separated list of strings; this will allow retrieving the snapshot properties even if they contain a comma in their value [boo#1202147] - Remove "Snapshot.hpp" as a public API for now - all public functionality is part of SnapshotManager.hpp - Add header file documentation for SnapshotManager.hpp - Add method to delete snapshot [gh#openSUSE/transactional-update#52] - Allow setting description of snapshot [gh#openSUSE/transactional-update#55] - create_dirs_from_rpmdb: set SELinux file context of missing directories [gh#openSUSE/transactional-update#84], [bsc#1197242] - Fix broken logrotate due to typo in config file [gh#openSUSE/transactional-update#87] - create_dirs_from_rpmdb: Fix handling return code of create_dirs() [gh#openSUSE/transactional-update#86] - Fix broken "shell" prompt after selfupdate - Add documented D-Bus interface definition files - Add tukit_sm_get_current and tukit_sm_get_default to C interface - Fixed typos ++++ gnutls: - Security fix: [bsc#1202020, CVE-2022-2509] * Fixed double free during verification of pkcs7 signatures * Add gnutls-CVE-2022-2509.patch ++++ ignition: - ignition-enable-network.sh: Use /lib/dracut/hooks directly instead of the usr-merged location which isn't available everywhere (bsc#1201957) ++++ kernel-default: - Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - commit 9816878 - kabi/severities: add microchip dsa drivers - commit d613b6c - sched/core: Do not requeue task on CPU excluded from cpus_mask (bnc#1199356). - commit f226af5 - net: dsa: hellcreek: Add missing PTP via UDP rules (git-fixes). - commit eacb01d - net: dsa: hellcreek: Allow PTP P2P measurements on blocked ports (git-fixes). - commit 8fa1360 - net: dsa: hellcreek: Add STP forwarding rule (git-fixes). - commit 0417527 - net: dsa: hellcreek: Fix insertion of static FDB entries (git-fixes). - commit 3269aa1 - dsa: mv88e6xxx: fix debug print for SPEED_UNFORCED (git-fixes). - commit eb53b1f - net: dsa: mv88e6xxx: Unforce speed & duplex in mac_link_down() (git-fixes). - commit b56ecf7 - net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports (git-fixes). - commit bcf713a - net: dsa: mv88e6xxx: Link in pcs_get_state() if AN is bypassed (git-fixes). - commit b95b3f1 - net: dsa: mv88e6xxx: Fix inband AN for 2500base-x on 88E6393X family (git-fixes). - commit a40e5b6 - net: dsa: mv88e6xxx: Add fix for erratum 5.2 of 88E6393X family (git-fixes). - commit 855c403 - net: dsa: mv88e6xxx: Save power by disabling SerDes trasmitter and receiver (git-fixes). - commit 2dc0b5b - net: dsa: mv88e6xxx: Drop unnecessary check in mv88e6393x_serdes_erratum_4_6() (git-fixes). - commit b660473 - net: dsa: mv88e6xxx: Fix application of erratum 4.8 for 88E6393X (git-fixes). - commit 7942c9d - net: dsa: microchip: implement multi-bridge support (git-fixes). - commit 1695da6 - net: mscc: ocelot: don't downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes). - commit 5d0a92e - Update metadata references - commit 17e29ab ------------------------------------------------------------------ ------------------ 2022-8-1 - Aug 1 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/sev: Save the negotiated GHCB version (bsc#1190497). - commit 7d296c5 - Updated commit IDs from a rebased upstream branch: - patches.suse/powerpc-pseries-mobility-set-NMI-watchdog-factor-dur.patch. - patches.suse/powerpc-watchdog-introduce-a-NMI-watchdog-s-factor.patch. - patches.suse/watchdog-export-lockup_detector_reconfigure.patch. - commit 34c0e2f - sched/deadline: Fix BUG_ON condition for deboosted tasks (git-fixes) - commit 15bee70 - sched/uclamp: Fix iowait boost escaping uclamp restriction (git-fixes) - commit dacac6f - sched/uclamp: Fix rq->uclamp_max not set on first enqueue (git-fixes) - commit 44d8adc - net: asix: fix "can't send until first packet is send" issue (git-fixes). - commit 1f6d39d - net: usb: ax88179_178a needs FLAG_SEND_ZLP (git-fixes). - commit 9ae4b3e - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes). - commit 6eee3c8 - drm/udl: Restore display mode on resume (bsc#1195917) - commit ab3f8b8 - EDAC/ghes: Set the DIMM label unconditionally (bsc#1201768). - commit f44b61a ++++ tiff: - security update: * CVE-2022-34526 [bsc#1202026] + tiff-CVE-2022-34526.patch ++++ osinfo-db: - update to 20220727 - drop: add-opensuse-leap-15.4-support.patch add-sle15sp4-support.patch add-slem5.1-support.patch add-slem5.2-support.patch opensuse-autoyast-desktop.patch: all upstream ++++ rsync: - Security fix: [bsc#1201840, CVE-2022-29154] * arbitrary file write vulnerability via do_server_recv function * Added patch rsync-rsync-CVE-2022-29154.patch ++++ udica: - Initial packaging of version 0.2.6-5 ------------------------------------------------------------------ ------------------ 2022-7-31 - Jul 31 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - lkdtm: Disable return thunks in rodata.c (bsc#1190497). - commit 1a67e46 - x86/retbleed: Add fine grained Kconfig knobs (bsc#1190497). - commit 95439df - ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow (git-fixes). - commit d7e1c73 ------------------------------------------------------------------ ------------------ 2022-7-30 - Jul 30 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - commit 935d297 - kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - Refresh patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch. - commit 154606a - watchqueue: make sure to serialize 'wqueue->defunct' properly (git-fixes). - Refresh patches.suse/watch_queue-Fix-missing-rcu-annotation.patch. - commit 0e9524c - nouveau/svm: Fix to migrate all requested pages (git-fixes). - watch_queue: Fix missing locking in add_watch_to_object() (git-fixes). - watch-queue: remove spurious double semicolon (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). - xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit (git-fixes). - xhci: dbc: create and remove dbc structure in dbgtty driver (git-fixes). - xhci: dbc: refactor xhci_dbc_init() (git-fixes). - mtd: rawnand: gpmi: validate controller clock rate (git-fixes). - pinctrl: armada-37xx: Convert to use dev_err_probe() (git-fixes). - pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource() (git-fixes). - pinctrl: armada-37xx: Use temporary variable for struct device (git-fixes). - commit 7883bd5 - drm/amd/display: Ignore First MST Sideband Message Return Error (git-fixes). - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (git-fixes). - bitfield.h: Fix "type of reg too small for mask" test (git-fixes). - Bluetooth: SCO: Fix sco_send_frame returning skb->len (git-fixes). - Bluetooth: Fix passing NULL to PTR_ERR (git-fixes). - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (git-fixes). - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (git-fixes). - Bluetooth: Add bt_skb_sendmmsg helper (git-fixes). - Bluetooth: Add bt_skb_sendmsg helper (git-fixes). - commit 68b3804 - Revert selftest patches that have been reverted in stable-5.15.y - commit a911337 ------------------------------------------------------------------ ------------------ 2022-7-29 - Jul 29 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: megaraid: Clear READ queue map's nr_queues (git-fixes). - commit 55821eb - nvme: consider also host_iface when checking ip options (bsc#1199670). - commit 230f363 - tty: n_gsm: fix invalid gsmtty_write_room() result (git-fixes). - tty: n_gsm: fix mux activation issues in gsm_config() (git-fixes). - tty: n_gsm: fix buffer over-read in gsm_dlci_data() (git-fixes). - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (git-fixes). - tty: n_gsm: fix software flow control handling (git-fixes). - tty: n_gsm: fix invalid use of MSC in advanced option (git-fixes). - commit 7c30f9f - tty: n_gsm: fix missing update of modem controls after DLCI open (git-fixes). - commit 421f4e7 - tty: n_gsm: fix incorrect UA handling (git-fixes). - tty: n_gsm: fix reset fifo race condition (git-fixes). - tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (git-fixes). - tty: n_gsm: fix wrong signal octets encoding in MSC (git-fixes). - tty: n_gsm: fix wrong command frame length field encoding (git-fixes). - tty: n_gsm: fix wrong command retry handling (git-fixes). - tty: n_gsm: fix missing explicit ldisc flush (git-fixes). - tty: n_gsm: fix wrong DLCI release order (git-fixes). - tty: n_gsm: fix insufficient txframe size (git-fixes). - commit 98e80d0 - tty: n_gsm: fix malformed counter for out of frame data (git-fixes). - tty: n_gsm: fix frame reception handling (git-fixes). - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (git-fixes). - tty: n_gsm: fix mux cleanup after unregister tty device (git-fixes). - tty: n_gsm: fix decoupled mux resource (git-fixes). - tty: n_gsm: fix restart handling via CLD command (git-fixes). - tty: n_gsm: fix encoding of command/response bit (git-fixes). - tty: n_gsm: Save dlci address open status when config requester (git-fixes). - tty: n_gsm: Modify CR,PF bit when config requester (git-fixes). - commit 12973e3 - scripts/gdb: change kernel config dumping method (git-fixes). - samples/landlock: Format with clang-format (git-fixes). - samples/landlock: Add clang-format exceptions (git-fixes). - samples/landlock: Fix path_list memory leak (git-fixes). - scripts/dtc: Call pkg-config POSIXly correct (git-fixes). - optee: add error checks in optee_ffa_do_call_with_arg() (git-fixes). - scripts: sphinx-pre-install: Fix ctex support on Debian (git-fixes). - scripts: sphinx-pre-install: add required ctex dependency (git-fixes). - commit c823894 - tee: tee_get_drvdata(): fix description of return value (git-fixes). - tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (git-fixes). - tuntap: add sanity checks about msg_controllen in sendmsg (git-fixes). - uaccess: fix type mismatch warnings from access_ok() (git-fixes). - tests: fix idmapped mount_setattr test (git-fixes). - seccomp: Invalidate seccomp mode to catch death failures (git-fixes). - tee: optee: do not check memref size on return from Secure World (git-fixes). - tools include UAPI: Sync sound/asound.h copy with the kernel sources (git-fixes). - tools/testing/scatterlist: add missing defines (git-fixes). - tools/nolibc: fix incorrect truncation of exit code (git-fixes). - tools/nolibc: i386: fix initial stack alignment (git-fixes). - tools/nolibc: x86-64: Fix startup code bug (git-fixes). - tun: avoid double free in tun_free_netdev (git-fixes). - commit 00b109c - watch_queue: Fix missing rcu annotation (git-fixes). - udmabuf: add back sanity check (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - zonefs: Fix management of open zones (git-fixes). - zonefs: Clear inode information flags on inode creation (git-fixes). - XArray: Update the LRU list in xas_split() (git-fixes). - vsock/virtio: enable VQs early on probe (git-fixes). - vsock/virtio: read the negotiated features before using VQs (git-fixes). - vsock/virtio: initialize vdev->priv before using VQs (git-fixes). - ucounts: Fix systemd LimitNPROC with private users regression (git-fixes). - ucounts: Handle wrapping in is_ucounts_overlimit (git-fixes). - ucounts: Base set_cred_ucounts changes on the real user (git-fixes). - vsock: remove vsock from connected table when connect is interrupted by a signal (git-fixes). - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (git-fixes). - ucounts: Fix rlimit max values check (git-fixes). - zonefs: add MODULE_ALIAS_FS (git-fixes). - ucounts: In set_cred_ucounts assume new->ucounts is non-NULL (git-fixes). - commit 4dc2af2 - exfat: Drop superfluous new line for error messages (bsc#1201725). - exfat: Downgrade ENAMETOOLONG error message to debug messages (bsc#1201725). - exfat: Expand exfat_err() and co directly to pr_*() macro (bsc#1201725). - exfat: Define NLS_NAME_* as bit flags explicitly (bsc#1201725). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1201725). - commit d002ca3 - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - commit 6c401ae - Drop qla2xxx patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958) Upstream fixed the problem by reverting the offending commit. Delete: - patches.suse/scsi-qla2xxx-Fix-disk-failure-to-rediscover.patch - commit ae1d1a3 - selftests/seccomp: Don't call read() on TTY from background pgrp (git-fixes). - selftests: net: udpgro_fwd.sh: explicitly checking the available ping feature (git-fixes). - commit 41741a6 - testing: nvdimm: asm/mce.h is not needed in nfit.c (git-fixes). - testing: nvdimm: iomap: make __nfit_test_ioremap a macro (git-fixes). - kvm: selftests: do not use bitfields larger than 32-bits for PTEs (git-fixes). - KVM: selftests: Silence compiler warning in the kvm_page_table_test (git-fixes). - testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set (git-fixes). - userfaultfd/selftests: fix hugetlb area allocations (git-fixes). - KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE (git-fixes). - commit b3cbd1a - selftests: forwarding: fix error message in learning_test (git-fixes). - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (git-fixes). - selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (git-fixes). - selftests: mptcp: more stable diag tests (git-fixes). - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (git-fixes). - selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (git-fixes). - kselftest/cgroup: fix test_stress.sh to use OUTPUT dir (git-fixes). - selftests/resctrl: Fix null pointer dereference on open failed (git-fixes). - selftests: vm: Makefile: rename TARGETS to VMTARGETS (git-fixes). - selftests: add ping test with ping_group_range tuned (git-fixes). - selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (git-fixes). - selftests/net: so_txtime: usage(): fix documentation of default clock (git-fixes). - selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (git-fixes). - selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (git-fixes). - selftest/vm: verify remap destination address in mremap_test (git-fixes). - selftest/vm: verify mmap addr in mremap_test (git-fixes). - selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets (git-fixes). - selftests: test_vxlan_under_vrf: Fix broken test case (git-fixes). - selftests: mptcp: add csum mib check for mptcp_connect (git-fixes). - selftests/net: timestamping: Fix bind_phc check (git-fixes). - selftests, x86: fix how check_cc.sh is being invoked (git-fixes). - selftests/rseq: Change type of rseq_offset to ptrdiff_t (git-fixes). - selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (git-fixes). - selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (git-fixes). - selftests/rseq: Fix: work-around asm goto compiler bugs (git-fixes). - selftests/rseq: Remove arm/mips asm goto compiler work-around (git-fixes). - selftests/rseq: Fix warnings about #if checks of undefined tokens (git-fixes). - selftests/rseq: Fix ppc32 offsets by using long rather than off_t (git-fixes). - selftests/rseq: Fix ppc32 missing instruction selection "u" and "x" for load/store (git-fixes). - selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (git-fixes). - selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (git-fixes). - selftests/rseq: Introduce thread pointer getters (git-fixes). - selftests/rseq: Introduce rseq_get_abi() helper (git-fixes). - selftests/rseq: Remove volatile from __rseq_abi (git-fixes). - selftests/rseq: Remove useless assignment to cpu variable (git-fixes). - selftests/rseq: introduce own copy of rseq uapi header (git-fixes). - selftests/sgx: Treat CC as one argument (git-fixes). - selftests/x86: Add validity check and allow field splitting (git-fixes). - selftests: vm: fix clang build error multiple output files (git-fixes). - selftests: pmtu.sh: Kill nettest processes launched in subshell (git-fixes). - selftests: pmtu.sh: Kill tcpdump processes launched by subshell (git-fixes). - kselftest/vm: fix tests build with old libc (git-fixes). - selftests: mlxsw: resource_scale: Fix return value (git-fixes). - selftests: mlxsw: tc_police_scale: Make test more robust (git-fixes). - selftests/memfd: clean up mapping in mfd_fail_write (git-fixes). - selftest/vm: fix map_fixed_noreplace test failure (git-fixes). - selftests: mptcp: fix diag instability (git-fixes). - selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT (git-fixes). - selftests/seccomp: Fix seccomp failure by adding missing headers (git-fixes). - selftests/exec: Add non-regular to TEST_GEN_PROGS (git-fixes). - selftests: netfilter: disable rp_filter on router (git-fixes). - selftests: netfilter: fix exit value for nft_concat_range (git-fixes). - selftests: fixup build warnings in pidfd / clone3 tests (git-fixes). - selftests: nft_concat_range: add test for reload with no element add/del (git-fixes). - kselftest: Fix vdso_test_abi return status (git-fixes). - selftests: skip mincore.check_file_mmap when fs lacks needed support (git-fixes). - selftests: openat2: Skip testcases that fail with EOPNOTSUPP (git-fixes). - selftests: openat2: Add missing dependency in Makefile (git-fixes). - selftests: openat2: Print also errno in failure messages (git-fixes). - selftests: futex: Use variable MAKE instead of make (git-fixes). - selftests/exec: Remove pipe from TEST_GEN_FILES (git-fixes). - selftests/zram: Adapt the situation that /dev/zram0 is being used (git-fixes). - selftests/zram01.sh: Fix compression ratio calculation (git-fixes). - selftests/zram: Skip max_comp_streams interface on newer kernel (git-fixes). - kselftest: signal all child processes (git-fixes). - selftests: rtc: Increase test timeout so that all tests run (git-fixes). - selftests: mptcp: fix ipv6 routing setup (git-fixes). - selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting (git-fixes). - selftests/powerpc: Add a test of sigreturning to the kernel (git-fixes). - selftests/powerpc/spectre_v2: Return skip code when miss_percent is high (git-fixes). - selftests/rseq: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests: harness: avoid false negatives if test has no ASSERTs (git-fixes). - selftests/ftrace: make kprobe profile testcase description unique (git-fixes). - selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST (git-fixes). - selftests: cgroup: Test open-time cgroup namespace usage for migration checks (git-fixes). - selftests: cgroup: Test open-time credential usage for migration checks (git-fixes). - selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 (git-fixes). - selftests: net: using ping6 for IPv6 in udpgro_fwd.sh (git-fixes). - selftests: net: Fix a typo in udpgro_fwd.sh (git-fixes). - selftests/net: udpgso_bench_tx: fix dst ip argument (git-fixes). - selftest/net/forwarding: declare NETIFS p9 p10 (git-fixes). - selftests: Fix IPv6 address bind tests (git-fixes). - selftests: Fix raw socket bind tests with VRF (git-fixes). - selftests: Add duplicate config only for MD5 VRF tests (git-fixes). - selftests: icmp_redirect: pass xfail=0 to log_test() (git-fixes). - selftests: net: Correct ping6 expected rc from 2 to 1 (git-fixes). - selftests/fib_tests: Rework fib_rp_filter_test() (git-fixes). - selftests: net: Correct case name (git-fixes). - selftests: netfilter: add a vrf+conntrack testcase (git-fixes). - selftests: gpio: fix gpio compiling error (git-fixes). - selftests: net: tls: remove unused variable and code (git-fixes). - selftests/vm/transhuge-stress: fix ram size thinko (git-fixes). - selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv() (git-fixes). - selftests/memfd: remove unused variable (git-fixes). - commit 48061db - 9p: Fix refcounting during full path walks for fid lookups (git-fixes). - 9p: fix fid refcount leak in v9fs_vfs_get_link (git-fixes). - 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (git-fixes). - commit ecbaea5 - blacklist.conf: Add ALSA entries that can't be applied to SLE15-SP4 kernels Those are to be cleared once when more ALSA core stuff is backported - commit b982d6c - macsec: always read MACSEC_SA_ATTR_PN as a u64 (git-fixes). - macsec: limit replay window size with XPN (git-fixes). - macsec: fix error message in macsec_add_rxsa and _txsa (git-fixes). - macsec: fix NULL deref in macsec_add_rxsa (git-fixes). - commit 4b9d2ad ++++ shim: - Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282) ------------------------------------------------------------------ ------------------ 2022-7-28 - Jul 28 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - Update suse-microos-branding.patch for new /etc/os-release ID. - Add storage-btrfs.patch to enable BTRFS use in cockpit-storage. ++++ docker: - Allow to install container-selinux instead of apparmor-parser. ++++ kernel-default: - exfat: use updated exfat_chain directly during renaming (git-fixes). - commit 6b8d95e - nilfs2: fix incorrect masking of permission flags for symlinks (git-fixes). - usbnet: Run unregister_netdev() before unbind() again (git-fixes). - nilfs2: fix lockdep warnings during disk space reclamation (git-fixes). - nilfs2: fix lockdep warnings in page operations for btree nodes (git-fixes). - minix: fix bug when opening a file with O_DIRECT (git-fixes). - locking/lockdep: Iterate lock_classes directly when reading lockdep files (git-fixes). - locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes). - loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). - smsc95xx: Ignore -ENODEV errors when device is unplugged (git-fixes). - net: usb: Correct reset handling of smsc95xx (git-fixes). - loop: Use pr_warn_once() for loop_control_remove() warning (git-fixes). - net: usb: Correct PHY handling of smsc95xx (git-fixes). - commit 3017f33 - selftests/landlock: Add tests for unknown access rights (git-fixes). - commit a355ad8 - fix race between exit_itimers() and /proc/pid/timers (git-fixes). - iov_iter: fix build issue due to possible type mis-match (git-fixes). - iov_iter: Fix iter_xarray_get_pages{,_alloc}() (git-fixes). - landlock: Fix same-layer rule unions (git-fixes). - landlock: Create find_rule() from unmask_layers() (git-fixes). - landlock: Reduce the maximum number of layers to 16 (git-fixes). - landlock: Define access_mask_t to enforce a consistent access mask size (git-fixes). - selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (git-fixes). - landlock: Change landlock_restrict_self(2) check ordering (git-fixes). - landlock: Change landlock_add_rule(2) argument check ordering (git-fixes). - selftests/landlock: Add tests for O_PATH (git-fixes). - selftests/landlock: Fully test file rename with "remove" access (git-fixes). - selftests/landlock: Extend access right tests to directories (git-fixes). - selftests/landlock: Extend tests for minimal valid attribute size (git-fixes). - selftests/landlock: Make tests build with old libc (git-fixes). - landlock: Fix landlock_add_rule(2) documentation (git-fixes). - selftests/landlock: Format with clang-format (git-fixes). - selftests/landlock: Normalize array assignment (git-fixes). - selftests/landlock: Add clang-format exceptions (git-fixes). - landlock: Format with clang-format (git-fixes). - landlock: Add clang-format exceptions (git-fixes). - l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu (git-fixes). - landlock: Use square brackets around "landlock-ruleset" (git-fixes). - lockdep: Correct lock_classes index mapping (git-fixes). - irqchip/sifive-plic: Add missing thead,c900-plic match string (git-fixes). - inet_diag: fix kernel-infoleak for UDP sockets (git-fixes). - commit 6710d1e - asm-generic: remove a broken and needless ifdef conditional (git-fixes). - Documentation: fix udp_wmem_min in ip-sysctl.rst (git-fixes). - Documentation: add description for net.sctp.ecn_enable (git-fixes). - Documentation: add description for net.sctp.intl_enable (git-fixes). - Documentation: add description for net.sctp.reconf_enable (git-fixes). - dma-debug: make things less spammy under memory pressure (git-fixes). - export: fix string handling of namespace in EXPORT_SYMBOL_NS (git-fixes). - fat: add ratelimit to fat*_ent_bread() (git-fixes). - dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (git-fixes). - Documentation: add description for net.core.gro_normal_batch (git-fixes). - Documentation: move watch_queue to core-api (git-fixes). - exfat: fix referencing wrong parent directory information after renaming (git-fixes). - arm_pmu: Validate single/group leader events (git-fixes). - configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes). - exfat: fix i_blocks for files truncated over 4 GiB (git-fixes). - exfat: reuse exfat_inode_info variable instead of calling EXFAT_I() (git-fixes). - device property: Check fwnode->secondary when finding properties (git-fixes). - erofs: fix deadlock when shrink erofs slab (git-fixes). - commit 1ff4d9a - patches.suse/msft-hv-2570-hv_netvsc-Add-support-for-XDP_REDIRECT.patch: (bsc#1199364). - commit fbec9a8 - nvme-auth: retry command if DNR bit is not set (bsc#1201675). - commit 0beb6ec - nvme: kabi fixes for in-band authentication (bsc#1199086). - commit 26c80ba - Update config files. - commit 1003620 ------------------------------------------------------------------ ------------------ 2022-7-27 - Jul 27 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - cifs: fix reconnect on smb3 mount types (bsc#1201427). - commit d696086 - Update patches.suse/netfilter-nf_tables-disallow-non-stateful-expression.patch references (add CVE-2022-32250). - commit 801027d - net/sched: cls_u32: fix netns refcount changes in u32_change() (CVE-2022-29581 bsc#1199665). - commit 6f81977 - blacklist.conf: This is a cleanup, not fixing any bug - commit 6f050ff - tee: fix put order in teedev_close_context() (git-fixes). - commit 1650ec3 - blacklist.conf: duplicate - commit 1c70642 - random: fix typo in comments (git-fixes). - commit 6de6114 - blacklist.conf: breaks kABI for a cleanup - commit 678666e - random: document add_hwgenerator_randomness() with other input functions (git-fixes). - commit 0fb6e8a - Bluetooth: btusb: Add the new support IDs for WCN6855 (git-fixxes). - Refresh patches.suse/Bluetooth-btusb-Add-one-more-Bluetooth-part-for-WCN6.patch. - commit 91ad5ba - supported.conf: mark drivers/nvme/common as supported (jsc#SLE-20183) - commit 2fed93a - Refresh nvme in-band authentication patches (bsc#1199086) - nvme: implement In-Band authentication (jsc#SLE-20183). - Refresh patches.suse/0007-nvme-auth-Diffie-Hellman-key-exchange-support.patch. - Refresh patches.suse/0008-nvmet-parse-fabrics-commands-on-io-queues.patch. - nvmet: implement basic In-Band Authentication (jsc#SLE-20183). - Refresh patches.suse/0010-nvmet-auth-Diffie-Hellman-key-exchange-support.patch. - nvmet-auth: expire authentication sessions (jsc#SLE-20183). - Delete patches.suse/nvme-auth-fixup-crash-at-boot.patch. - Delete patches.suse/nvme-fix-visibility-of-dev_attr_dhchap_ctrl_secret-s.patch. - commit 90c9163 - Refresh patches.suse/0001-crypto-add-crypto_has_shash.patch. - Refresh patches.suse/0002-crypto-add-crypto_has_kpp.patch. - Refresh patches.suse/0003-lib-base64-RFC4648-compliant-base64-encoding.patch. - Refresh patches.suse/0004-nvme-add-definitions-for-NVMe-In-Band-authentication.patch. - Refresh patches.suse/0005-nvme-fabrics-decode-authentication-required-connect-.patch. - commit 7d9a006 ++++ mozilla-nss: - Update nss-fips-approved-crypto-non-ec.patch to unapprove the rest of the DSA ciphers, keeping signature verification only (bsc#1201298). - Update nss-fips-constructor-self-tests.patch to fix compiler warning. ++++ selinux-policy: - fix_networkmanager.patch: Allow NetworkManager_dispatcher_tlp_t and NetworkManager_dispatcher_custom_t to access nscd socket (bsc#1201741) ------------------------------------------------------------------ ------------------ 2022-7-26 - Jul 26 2022 ------------------- ------------------------------------------------------------------ ++++ bash-completion: - Add patch fix-curl-help-completion-bsc1200791.patch (bsc#1200791) * List all options for `curl --` ++++ glibc: - memcmp-power10.patch: powerpc: Optimized memcmp for power10 (jsc#PED-987) ++++ kernel-default: - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - commit 4c3e250 - page_alloc: fix invalid watemark check on a negative value (git fixes (mm/pgalloc)). - commit 11d19f6 - VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - commit 91f9b43 - VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - commit 0e13b0d ++++ gcc12: - Add Provides of libstdc++6-pp-gccN to libstdc++6-pp. [bsc#1201848] ++++ harfbuzz: - Add harfbuzz-CVE-2022-33068.patch: sbix: limit glyph extents (boo#1200900 CVE-2022-33068). ++++ ceph: - Update to 16.2.9-538-g9de83fa4064: + (bsc#1201604) cephfs-shell: move source to separate subdirectory ++++ lshw: - Update to version B.02.19.2+git.20220628 (jsc#526): * make version check optional ++++ selinux-policy: - Add fix_cloudform.patch to fix cloud-init runcmd issue with snapper (bnc#1201015) ------------------------------------------------------------------ ------------------ 2022-7-25 - Jul 25 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: add commit 7acae6183cf3 I blacklisted the wrong commit: instead of adding 7acae6183cf3, I added the commit that introduced the bug fixed by it (which isn't present in SLE15-SP4). - commit 8ec5489 - net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower offload (git-fixes). - commit 5dd0ec2 - net: bcmgenet: skip invalid partial checksums (git-fixes). - commit af8e915 - ice: Fix race condition during interface enslave (git-fixes). - commit 873e269 - net: bcmgenet: Don't claim WOL when its not available (git-fixes). - commit a981d90 - net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr (git-fixes). - commit 4aa2b33 - net: ethernet: lpc_eth: Handle error for clk_enable (git-fixes). - commit b08b10f - net: ethernet: ti: cpts: Handle error for clk_enable (git-fixes). - commit 549b785 - ice: Fix error with handling of bonding MTU (git-fixes). - commit 03f6b8d - ice: stop disabling VFs due to PF error responses (git-fixes). - commit 13b5865 - ethernet: Fix error handling in xemaclite_of_probe (git-fixes). - commit 1b69809 - net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate() (git-fixes). - commit 8344b36 - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers (git-fixes). - commit 2faff78 ++++ policycoreutils: - Add recommends for ausearch binary (bsc#1201043) ++++ shim: - Revoked the change in shim.spec for "use common SBAT values (boo#1193282)" - we need to build openSUSE Tumbleweed's shim on Leap 15.4 because Factory is unstable for building out a stable shim binary for signing. (bsc#1198458) - But the rpm-config-suse package in Leap 15.4 is direct copied from SLE 15.4 because closing-the-leap-gap. So sbat_distro_* variables are SLE version, not for openSUSE. (bsc#1198458) ++++ u-boot-rpiarm64: Fix heap overflow in squashfs filesystem implementation CVE-2022-33967 (bsc#1201745) Patch queue updated from https://github.com/openSUSE/u-boot.git sle15-sp4 * Patches added: 0021-fs-squashfs-Use-kcalloc-when-releva.patch Fix stack buffer overflow vulnerability in i2c md command CVE-2022-34835 (bsc#1201214) Patch queue updated from https://github.com/openSUSE/u-boot.git sle15-sp4 * Patches added: 0020-i2c-fix-stack-buffer-overflow-vulne.patch update_git: Set index lenght of git diffs to 10. ------------------------------------------------------------------ ------------------ 2022-7-23 - Jul 23 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes). - i2c: mlxcpld: Fix register setting for 400KHz frequency (git-fixes). - gpio: gpio-xilinx: Fix integer overflow (git-fixes). - gpio: pca953x: use the correct register address when regcache sync during init (git-fixes). - gpio: pca953x: use the correct range when do regmap sync (git-fixes). - gpio: pca953x: only use single read/write for No AI mode (git-fixes). - drm/imx/dcss: Add missing of_node_put() in fail path (git-fixes). - drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (git-fixes). - commit 7a76772 ------------------------------------------------------------------ ------------------ 2022-7-22 - Jul 22 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update kabi files: import symvers from MU 5.14.21-150400.24.11 - commit 5ac1ff2 - r8152: fix a WOL issue (git-fixes). - docs: net: dsa: re-explain what port_fdb_dump actually does (git-fixes). - docs: net: dsa: delete port_mdb_dump (git-fixes). - docs: net: dsa: remove port_vlan_dump (git-fixes). - docs: net: dsa: document port_fast_age (git-fixes). - docs: net: dsa: document port_setup and port_teardown (git-fixes). - docs: net: dsa: document the teardown method (git-fixes). - docs: net: dsa: document change_tag_protocol (git-fixes). - docs: net: dsa: add more info about the other arguments to get_tag_protocol (git-fixes). - docs: net: dsa: rename tag_protocol to get_tag_protocol (git-fixes). - docs: net: dsa: document the shutdown behavior (git-fixes). - docs: net: dsa: update probing documentation (git-fixes). - Revert "e1000e: Fix possible HW unit hang after an s0ix exit" (git-fixes). - e1000e: Enable GPT clock before sending message to CSME (git-fixes). - USB: serial: ftdi_sio: add Belimo device ids (git-fixes). - serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes). - tty: serial: samsung_tty: set dma burst_size to 1 (git-fixes). - drm/i915/gt: Serialize GRDOM access between multiple engine resets (git-fixes). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes). - pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux() (git-fixes). - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (git-fixes). - ASoC: madera: Fix event generation for rate controls (git-fixes). - ASoC: madera: Fix event generation for OUT1 demux (git-fixes). - ASoC: cs47l15: Fix event generation for low power mux control (git-fixes). - ASoC: dapm: Initialise kcontrol data for mux/demux controls (git-fixes). - ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error (git-fixes). - ASoC: wm5110: Fix DRE control (git-fixes). - ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem (git-fixes). - ASoC: wcd938x: Fix event generation for some controls (git-fixes). - ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe (git-fixes). - ASoC: rt7*-sdw: harden jack_detect_handler (git-fixes). - soc: ixp4xx/npe: Fix unused match warning (git-fixes). - cpufreq: pmac32-cpufreq: Fix refcount leak bug (git-fixes). - NFC: nxp-nci: don't print header length mismatch on i2c error (git-fixes). - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes). - virtio_mmio: Restore guest page size on resume (git-fixes). - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - cpufreq: mediatek: Unregister platform device on exit (git-fixes). - cpufreq: mediatek: Use module_init and add module_exit (git-fixes). - drm/i915/dg2: Add Wa_22011100796 (git-fixes). - drm/i915: Require the vm mutex for i915_vma_bind() (git-fixes). - drm/i915/uc: correctly track uc_fw init failure (git-fixes). - commit 4bd213d - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (git-fixes). - ARM: 9213/1: Print message about disabled Spectre workarounds only once (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - ASoC: rt711: fix calibrate mutex initialization (git-fixes). - ASoC: Intel: sof_sdw: handle errors on card registration (git-fixes). - ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (git-fixes). - ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove (git-fixes). - ASoC: ops: Fix off by one in range control validation (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (git-fixes). - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (git-fixes). - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 (git-fixes). - commit 65713d7 - Move upstreamed be2net patch into sorted section - commit c55a187 - Drop doubly applied arm64 dts patch Delete patches.suse/arm64-dts-broadcom-bcm4908-Fix-timer-node-for-BCM4906-SoC.patch - commit efd9176 ++++ libtirpc: -exclude ipv6 addresses in client protocol 2 code (bsc#1200800) - update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch ------------------------------------------------------------------ ------------------ 2022-7-21 - Jul 21 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - KABI: cgroup: Restore KABI of css_set (bsc#1201610). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610). - commit fa420fb - net: macb: Fix lost RX packet wakeup race in NAPI receive (git-fixes). - commit eb2677a - net: ipa: add an interconnect dependency (git-fixes). - commit 94e475f - net: stmmac: fix return value of __setup handler (git-fixes). - commit 3c858ea - net: sxgbe: fix return value of __setup handler (git-fixes). - commit 723d359 - net: sparx5: Fix add vlan when invalid operation (git-fixes). - commit 1d88b17 - net: chelsio: cxgb3: check the return value of pci_find_capability() (git-fixes). - commit 74c8cc9 - net: mv643xx_eth: process retval from of_get_mac_address (git-fixes). - commit 810f895 - net: ll_temac: check the return value of devm_kmalloc() (git-fixes). - commit 093ee20 - net: dsa: lan9303: add VLAN IDs to master device (git-fixes). - commit 13c2302 - Revert "net: ethernet: bgmac: Use devm_platform_ioremap_resource_byname" (git-fixes). - commit 411126e - dpaa2-eth: Initialize mutex used in one step timestamping path (git-fixes). - commit b952b7a - net: ieee802154: ca8210: Fix lifs/sifs periods (git-fixes). - commit 7bd7001 - blacklist.conf: add ARCnet drivers - commit 1614d85 - Sort patches from bsc#1201323 - commit 4165437 - Refresh patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch. - commit c3b4451 - lockdown: Fix kexec lockdown bypass with ima policy (CVE-2022-21505 bsc#1201458). - commit 5f6e1e5 ++++ gcc12: - Update to gcc-12 branch head, 4f15d2234608e82159d030dadb1, git287 * includes build fixes when building against glibc 2.33. ++++ openssl-1_1: - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] * Add patches: - openssl-1_1-ossl-sli-000-fix-build-error.patch - openssl-1_1-ossl-sli-001-fix-faults-preventing-make-update.patch - openssl-1_1-ossl-sli-002-ran-make-update.patch - openssl-1_1-ossl-sli-003-add-sli.patch - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] * Add openssl-1_1-Zeroization.patch ++++ libsodium: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) ++++ sqlite3: - update to 3.39.2: * Fix a performance regression in the query planner associated with rearranging the order of FROM clause terms in the presences of a LEFT JOIN. * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and 1345947, forum post 3607259d3c, and other minor problems discovered by internal testing. [boo#1201783] ------------------------------------------------------------------ ------------------ 2022-7-20 - Jul 20 2022 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - Update to version 10.0.5 (bsc#1201612) - Handle exception when trying to deregister a system form the server ++++ glibc: - disable-check-consistency.patch: i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ++++ kernel-default: - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - commit e2263d4 - scsi: make sure that request queue queiesce and unquiesce balanced (bsc#1201651). Refresh: - patches.kabi/blk-mq-fix-kabi-support-concurrent-queue-quiesce-unquiesce.patch - patches.kabi/kABI-fix-adding-field-to-scsi_device.patch - patches.suse/scsi-core-sd-Add-silence_suspend-flag-to-suppress-some-PM-messages.patch - scsi: avoid to quiesce sdev->request_queue two times (bsc#1201651). - dm: don't stop request queue after the dm device is suspended (bsc#1201651). - commit 4dedd62 - kabi/severities: add intel ice - commit 77a60f8 - Delete patches.suse/xhci-turn-off-port-power-in-shutdown.patch (bsc#1201691) This patch leads to a failure to power off. https://bugzilla.kernel.org/show_bug.cgi?id=216243 - commit f2d59c9 - i2c: smbus: Check for parent device before dereference (git-fixes). - net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - commit c96154e ++++ pcre2: - Added pcre2-bsc1199235-CVE-2022-1587.patch * CVE-2022-1587 / bsc#1199235 * Fix out-of-bounds read due to bug in recursions * Sourced from: - https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0 ++++ systemd: - Import commit 7b70d88264a588fdba36c6e7655d1feea2b0e0a0 (merge of v249.12) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/4949659dd6ce81845e13034504fe06b85a02f08b...7b70d88264a588fdba36c6e7655d1feea2b0e0a0 - Import commit 4949659dd6ce81845e13034504fe06b85a02f08b 0f096f16ba tmpfiles: check the directory we were supposed to create, not its parent 82c3793e43 stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call 2191a9ae95 logind: don't delay login for root even if systemd-user-sessions.service is not activated yet (bsc#1195059) ++++ zypper: - lr: Allow shortening the Name column if table is wider than the terminal (bsc#1201638) - Don't accepts install/remove modifier without argument (bsc#1201576) - zypper-download: Set correct ExitInfoCode when failing to resolve argument. - zypper-download: Handle unresolvable arguments as error. This commit changes zypper-download such that it behaves more consistent to zypper-install when an argument can't be resolved. - version 1.14.55 ------------------------------------------------------------------ ------------------ 2022-7-19 - Jul 19 2022 ------------------- ------------------------------------------------------------------ ++++ glibc: - static-tls-surplus.patch: Remove tunables (bsc#1201560) ++++ kernel-default: - net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN (git-fixes). - commit c4e0776 - net: dsa: lan9303: fix reset on probe (git-fixes). - commit 33805f1 - ice: Avoid RTNL lock when re-creating auxiliary device (git-fixes). - commit c168b96 - net: mscc: ocelot: fix mutex lock error during ethtool stats read (git-fixes). - commit ceff3da - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - commit c46c86b - net: amd-xgbe: disable interrupts during pci removal (git-fixes). - commit c2f5c50 - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (git-fixes). - commit 1ebdd4d - net: dsa: lantiq_gswip: don't use devres for mdiobus (git-fixes). - commit 93f4a90 - net: dsa: mt7530: fix kernel bug in mdiobus_free() when unbinding (git-fixes). - commit 76cc859 - ethtool: Fix get module eeprom fallback (bsc#1201323). - commit f5666fa - nvme: wait until quiesce is done (bsc#1201651). - blk-mq: add one API for waiting until quiesce is done (bsc#1201651). - commit d28bf38 - arm64: cpufeature: add HWCAP for FEAT_RPRES (git-fixes) Refresh patches.suse/0019-arm64-Use-the-clearbhb-instruction-in-mitigations.patch - commit cbc315a - arm64: cpufeature: add HWCAP for FEAT_AFP (git-fixes) - commit b3a2425 - blk-mq: fix kabi support concurrent queue quiesce unquiesce (bsc#1201651). - commit def3ab7 - net: dsa: felix: don't use devres for mdiobus (git-fixes). - commit a03978a - net: dsa: bcm_sf2: don't use devres for mdiobus (git-fixes). - commit 682abc6 - net: dsa: ar9331: register the mdiobus under devres (git-fixes). - commit 6f8e329 - net: dsa: mv88e6xxx: don't use devres for mdiobus (git-fixes). - commit 61ee304 - gve: Recording rx queue before sending to napi (git-fixes). - commit 6edbff0 - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - commit 2479d47 - net: sparx5: Fix get_stat64 crash in tcpdump (git-fixes). - commit ea855e1 - net: stmmac: ensure PTP time register reads are consistent (git-fixes). - commit 993d341 - net: macsec: Verify that send_sci is on when setting Tx sci explicitly (git-fixes). - commit 3b02b3e - net: macsec: Fix offload support for NETDEV_UNREGISTER event (git-fixes). - commit d048544 - net: stmmac: dump gmac4 DMA registers correctly (git-fixes). - commit 741baff - blk-mq: support concurrent queue quiesce/unquiesce (bsc#1201651). - nvme: loop: clear NVME_CTRL_ADMIN_Q_STOPPED after admin queue is reallocated (bsc#1201651). - nvme: paring quiesce/unquiesce (bsc#1201651). - nvme: prepare for pairing quiescing and unquiescing (bsc#1201651). - nvme: apply nvme API to quiesce/unquiesce admin queue (bsc#1201651). - nvme: add APIs for stopping/starting admin queue (bsc#1201651). - commit 6f75240 - net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY (git-fixes). - commit c68ab05 - be2net: Fix buffer overflow in be_get_module_eeprom (bsc#1201323). - commit 46a7cc8 - net: stmmac: properly handle with runtime pm in stmmac_dvr_remove() (git-fixes). - commit 904137a - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - commit fe79137 - Input: i8042 - Apply probe defer to more ASUS ZenBook models (bsc#1190256). - commit cf06848 - net: ieee802154: mcr20a: Fix lifs/sifs periods (git-fixes). - commit 92bd067 - net: ieee802154: hwsim: Ensure proper channel selection at probe time (git-fixes). - commit 7ae5bdc - tun: fix bonding active backup with arp monitoring (git-fixes). - commit cf865a3 - Update patch references for fbcon fixes (CVE-2021-33655 bsc#1201635) - commit eb3d075 ++++ libzypp: - Add PoolItem::statusReinit to reset the status it's initial state in the ResPool (might help bsc#1199895) This may either be 'KEEP_STATE bySOLVER' or 'LOCKED byUSER' if the PoolItem matched a hard lock defined in /etc/zypp/locks. - Fix building with GCC 13 on i586 (fixes #407, fixes #396) - Be prepared to receive exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and dependend code. This commit removes the MediaNetwork tech preview and all related code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloader and second: since the Provide API is going to completely replace the current media backend it would be extra work to ensure that changes on the Downloader do not break MediaNetwork. - version 17.31.0 (22) ------------------------------------------------------------------ ------------------ 2022-7-18 - Jul 18 2022 ------------------- ------------------------------------------------------------------ ++++ gpg2: - Security fix [CVE-2022-34903, bsc#1201225] - Vulnerable to status injection - Added patch gnupg-CVE-2022-34903.patch ++++ kernel-default: - supported.conf: rvu_mbox as supported (jsc#SLE-24682) - commit f21578a - blacklist.conf: Add memcg/rstat optimizations 11192d9c124d fd25a9e0e23b 5b3be698a872 - commit 932b7ef - blacklist.conf: Add 26d5badbccdd signal: Implement force_fatal_sig - commit 1fe0fd9 - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - commit e2af2db - kABI workaround for snd-soc-rt5682-* (git-fixes). - kabi/severities: ignore dropped symbol rt5682_headset_detect - commit 5e19e6d - net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected speed request (git-fixes). - commit 59356c4 - net: amd-xgbe: ensure to reset the tx_timer_active flag (git-fixes). - commit 3831453 - net: amd-xgbe: Fix skb data length underflow (git-fixes). - commit 50d3988 - net: stmmac: skip only stmmac_ptp_register when resume from suspend (git-fixes). - commit b59b0a9 - blacklist: added commit e1a4541ec0b9 - commit 7d0447e - net: stmmac: configure PTP clock source prior to PTP initialization (git-fixes). - commit 6cefa9d - libceph: fix potential use-after-free on linger ping and resends (bsc#1201596). - ceph: fix up non-directory creation in SGID directories (bsc#1201595). - commit 8aa4851 - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - commit d65aa35 - net: sfp: ignore disabled SFP node (git-fixes). - commit 5b8ce08 - octeontx2-pf: Forward error codes to VF (git-fixes). - commit 562327e - octeontx2-af: cn10k: Do not enable RPM loopback for LPC interfaces (git-fixes). - commit b549cad - octeontx2-af: Do not fixup all VF action entries (git-fixes). - commit dd1aa95 - net: stmmac: dwmac-visconti: Fix clock configuration for RMII mode (git-fixes). - commit e3e3f07 - net: stmmac: dwmac-visconti: Fix bit definitions for ETHER_CLK_SEL (git-fixes). - commit 1470b40 - net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (git-fixes). - commit f842d14 - net/fsl: xgmac_mdio: Add workaround for erratum A-009885 (git-fixes). - commit 6cf1273 - net: mscc: ocelot: fix using match before it is set (git-fixes). - commit 78b3f03 - net: cpsw: avoid alignment faults by taking NET_IP_ALIGN into account (git-fixes). - commit cfa26bb - net: axienet: increase default TX ring size to 128 (git-fixes). - commit d910ea1 - net: axienet: fix for TX busy handling (git-fixes). - commit 99e0d80 - net: axienet: fix number of TX ring slots for available check (git-fixes). - commit 0c7e435 - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201593). - fuse: make sure reclaim doesn't write the inode (bsc#1201592). - commit 938aae2 - net: axienet: Fix TX ring slot available check (git-fixes). - commit c151ff3 - net: axienet: limit minimum TX ring size (git-fixes). - commit 13afdcb - net: axienet: add missing memory barriers (git-fixes). - commit d466816 - net: axienet: Wait for PhyRstCmplt after core reset (git-fixes). - commit 7c11a1f - net: axienet: increase reset timeout (git-fixes). - commit 5cd6041 - net: sfp: fix high power modules without diagnostic monitoring (git-fixes). - commit 8a29229 - net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config() (git-fixes). - commit 7d643fb - bcmgenet: add WOL IRQ check (git-fixes). - commit d56437b - net: ipa: prevent concurrent replenish (git-fixes). - commit 63abe4d - net: ipa: use a bitmap for endpoint replenish_enabled (git-fixes). - commit 4d71717 - net: ipa: fix atomic update in ipa_endpoint_replenish() (git-fixes). - commit f58c0c8 - fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes). - commit 2af3cae - rocker: fix a sleeping in atomic bug (git-fixes). - commit 75f1355 - kABI workaround for phy_device changes (git-fixes). - commit 91e246e - mm: swap: get rid of livelock in swapin readahead (git fixes (mm/swap)). - mm: don't try to NUMA-migrate COW pages that have other uses (git fixes (mm/numa)). - mm/large system hash: avoid possible NULL deref in alloc_large_system_hash (git fixes (mm/pgalloc)). - mm/vmalloc: make sure to dump unpurged areas in /proc/vmallocinfo (git fixes (mm/vmalloc)). - mm/vmalloc: repair warn_alloc()s in __vmalloc_area_node() (git fixes (mm/vmalloc)). - kasan: fix tag for large allocations when using CONFIG_SLAB (git fixes (mm/kasan)). - mm/vmalloc: fix numa spreading for large hash tables (git fixes (mm/vmalloc)). - mm/secretmem: avoid letting secretmem_users drop to zero (git fixes (mm/secretmem)). - memcg: page_alloc: skip bulk allocator for __GFP_ACCOUNT (git fixes (mm/pgalloc)). - commit 4d0f0a6 - Update patch metadata and move to sorted section patches.suse/mm-page_alloc-Do-not-prefetch-buddies-during-bulk-free.patch. patches.suse/mm-page_alloc-Drain-the-requested-list-first-during-bulk-free.patch. patches.suse/mm-page_alloc-Fetch-the-correct-pcp-buddy-during-bulk-free.patch. patches.suse/mm-page_alloc-Free-pages-in-a-single-pass-during-bulk-free.patch. patches.suse/mm-page_alloc-Limit-number-of-high-order-pages-on-PCP-during-bulk-free.patch. patches.suse/mm-page_alloc-Simplify-how-many-pages-are-selected-per-pcp-list-during-bulk-free.patch. patches.suse/mm-page_alloc-Track-range-of-active-PCP-lists-during-bulk-free.patch. - commit 14b9fbe - usbnet: fix memory leak in error case (git-fixes). - commit 7372d17 - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes) - commit 9119799 - rpm/modules.fips: add ecdsa_generic (jsc#SLE-21132,bsc#1201258). - commit 0d8f996 - arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA transfer (git-fixes) - commit 3250248 - crypto: testmgr - allow ecdsa-nist in FIPS mode (jsc#SLE-21132,bsc#1201258). - commit d8e5343 - blacklist.conf: ffc95a46: CONFIG_SLAB not set in config - commit d12fa0c - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) - commit 3919bf9 - usb: typec: add missing uevent when partner support PD (git-fixes). - usb: dwc3: gadget: Fix event pending check (git-fixes). - vt: fix memory overlapping when deleting chars in the buffer (git-fixes). - wifi: mac80211_hwsim: set virtio device ready in probe() (git-fixes). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes). - sysctl: Fix data-races in proc_dou8vec_minmax() (git-fixes). - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). - sysctl: Fix data races in proc_doulongvec_minmax() (git-fixes). - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). - video: of_display_timing.h: include errno.h (git-fixes). - commit 2f456a6 - serial: 8250: Fix PM usage_count for console handover (git-fixes). - serial: stm32: Clear prev values before setting RTS delays (git-fixes). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes). - spi: amd: Limit max transfer and message size (git-fixes). - reset: Fix devm bulk optional exclusive control getter (git-fixes). - sysctl: Fix data races in proc_douintvec() (git-fixes). - sysctl: Fix data races in proc_dointvec() (git-fixes). - Revert "serial: sc16is7xx: Clear RS485 bits in the shutdown" (git-fixes). - serial: sc16is7xx: Clear RS485 bits in the shutdown (git-fixes). - commit f48404b - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes). - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes). - r8169: fix accessing unset transport header (git-fixes). - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes). - net: phy: Don't trigger state machine while in suspend (git-fixes). - mt76: mt7921: get rid of mt7921_mac_set_beacon_filter (git-fixes). - commit 8948cad - kABI workaround for rtsx_usb (git-fixes). - commit ea7f901 - ima: Fix potential memory leak in ima_init_crypto() (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (git-fixes). - ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes). - ida: don't use BUG_ON() for debugging (git-fixes). - misc: rtsx_usb: use separate command and response buffers (git-fixes). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes). - i2c: cadence: Unregister the clk notifier in error path (git-fixes). - i2c: piix4: Fix a memory leak in the EFCH MMIO support (git-fixes). - memregion: Fix memregion_free() fallback definition (git-fixes). - Input: cpcap-pwrbutton - handle errors from platform_get_irq() (git-fixes). - commit 41d4678 - efi/x86: use naked RET on mixed mode call wrapper (git-fixes). - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (git-fixes). - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). - fbcon: Prevent that screen size is smaller than font size (git-fixes). - fbcon: Disallow setting font bigger than screen size (git-fixes). - fbdev: fbmem: Fix logo center image dx issue (git-fixes). - hwmon: (occ) Prevent power cap command overwriting poll response (git-fixes). - dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible (git-fixes). - hwmon: (occ) Remove sequence numbering and checksum calculation (git-fixes). - dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC (git-fixes). - commit 5a5128b - drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines (git-fixes). - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes). - drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist() (git-fixes). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes). - dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (git-fixes). - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes). - dmaengine: qcom: bam_dma: fix runtime PM underflow (git-fixes). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). - drm/amdgpu: To flush tlb for MMHUB of RAVEN series (git-fixes). - drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw (git-fixes). - drm/amd/vcn: fix an error msg on vcn 3.0 (git-fixes). - drm/i915: Fix a race between vma / object destruction and unbinding (git-fixes). - drm/mediatek: Detect CMDQ execution timeout (git-fixes). - drm/mediatek: Remove the pointer of struct cmdq_client (git-fixes). - drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb (git-fixes). - drm/amd/display: Set min dcfclk if pipe count is 0 (git-fixes). - commit d7feb0b - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (git-fixes). - can: m_can: m_can_chip_config(): actually enable internal timestamping (git-fixes). - can: grcan: grcan_probe(): remove extra of_node_get() (git-fixes). - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). - Revert "can: xilinx_can: Limit CANFD brp to 2" (git-fixes). - can: bcm: use call_rcu() instead of costly synchronize_rcu() (git-fixes). - batman-adv: Use netif_rx() (git-fixes). - commit ee36772 - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes). - ASoC: tas2764: Fix amp gain register offset & default (git-fixes). - ASoC: tas2764: Correct playback volume range (git-fixes). - ASoC: tas2764: Fix and extend FSYNC polarity handling (git-fixes). - ASoC: tas2764: Add post reset delays (git-fixes). - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). - ASoC: Remove unused hw_write_t type (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (git-fixes). - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (git-fixes). - commit 46eda4a - arm64: Add HWCAP for self-synchronising virtual counter (git-fixes) - commit e9387c5 - ASoC: rt5682: Fix deadlock on resume (git-fixes). - Refresh patches.suse/ASoC-rt5682-do-not-block-workqueue-if-card-is-unboun.patch. - commit b58000f - ASoC: rt5682: Re-detect the combo jack after resuming (git-fixes). - Refresh patches.suse/ASoC-rt5682-do-not-block-workqueue-if-card-is-unboun.patch. - commit e602e5e - arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (git-fixes). - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes). - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (git-fixes). - arm64: dts: rockchip: Assign RK3399 VDU clock rate (git-fixes). - ASoC: rt711: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: rt5682: fix an incorrect NULL check on list iterator (git-fixes). - ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend (git-fixes). - ASoC: rt5682: move clk related code to rt5682_i2c_probe (git-fixes). - commit 9f44c25 - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (git-fixes). - ARM: dts: at91: sama5d2: Fix typo in i2s1 node (git-fixes). - ACPI: video: Fix acpi_video_handles_brightness_key_presses() (git-fixes). - ARM: 9210/1: Mark the FDT_FIXED sections as shareable (git-fixes). - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (git-fixes). - ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (git-fixes). - commit 72aed94 - Move upstreamed netfilter and tty patches to sorted section - commit 9d5e117 - x86/bugs: Remove apostrophe typo (bsc#1190497). - commit 0e5e638 - Sort in RETbleed backport into the sorted section Now that it is upstream... - Refresh patches.suse/KVM-VMX-Convert-launched-argument-to-flags.patch. - Refresh patches.suse/KVM-VMX-Fix-IBRS-handling-after-vmexit.patch. - Refresh patches.suse/KVM-VMX-Flatten-__vmx_vcpu_run.patch. - Refresh patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch. - Refresh patches.suse/KVM-VMX-Prevent-guest-RSB-poisoning-attacks-with-eIBRS.patch. - Refresh patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch. - Refresh patches.suse/objtool-Add-entry-UNRET-validation.patch. - Refresh patches.suse/objtool-Re-add-UNWIND_HINT_-SAVE_RESTORE.patch. - Refresh patches.suse/objtool-Treat-.text.__x86.-as-noinstr.patch. - Refresh patches.suse/objtool-Update-Retpoline-validation.patch. - Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch. - Refresh patches.suse/x86-Undo-return-thunk-damage.patch. - Refresh patches.suse/x86-Use-return-thunk-in-asm-code.patch. - Refresh patches.suse/x86-bpf-Use-alternative-RET-encoding.patch. - Refresh patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch. - Refresh patches.suse/x86-bugs-Add-Cannon-lake-to-RETBleed-affected-CPU-list.patch. - Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch. - Refresh patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch. - Refresh patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch. - Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch. - Refresh patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch. - Refresh patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch. - Refresh patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch. - Refresh patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch. - Refresh patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch. - Refresh patches.suse/x86-common-Stamp-out-the-stepping-madness.patch. - Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch. - Refresh patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch. - Refresh patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch. - Refresh patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch. - Refresh patches.suse/x86-ftrace-Use-alternative-RET-encoding.patch. - Refresh patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch. - Refresh patches.suse/x86-kvm-vmx-Make-noinstr-clean.patch. - Refresh patches.suse/x86-objtool-Create-.return_sites.patch. - Refresh patches.suse/x86-retpoline-Cleanup-some-ifdefery.patch. - Refresh patches.suse/x86-retpoline-Swizzle-retpoline-thunk.patch. - Refresh patches.suse/x86-retpoline-Use-mfunction-return.patch. - Refresh patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch. - Refresh patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch. - Refresh patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch. - Refresh patches.suse/x86-speculation-Fix-RSB-filling-with-CONFIG_RETPOLINE-n.patch. - Refresh patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch. - Refresh patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch. - Refresh patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch. - Refresh patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch. - Refresh patches.suse/x86-static_call-Use-alternative-RET-encoding.patch. - Refresh patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch. - Refresh patches.suse/x86-xen-Rename-SYS-entry-points.patch. - commit cc67fa3 ++++ kernel-firmware: - Fix missing aliases for qlogic (bsc#1200889); update other aliases as well from the latest SLE15-SP4 kernels ++++ libqmi: - update to 1.30.8: * dms: new 'Foxconn FCC authentication v2' request/response. ++++ libslirp: - Update to version 4.7.0+44 (current git master): * Fix vmstate regression * msvc: use char* for pointer arithmetic * Align outgoing packets * Bump incoming packet alignment to 8 bytes * msvc: fix some gcc-specific pragma warnings * msvc: enable vmstate code on !gnuc * vmstate: only enable when building under GNU C * ncsitest: Fix build with msvc * Avoid running git-version-gen when building with MS VC * windows: export symbols * win32: replace strcasecmp with g_ascii_strcasecmp * Drop spurious inline * Avoid returning void * Fix arithmetic on void * * Avoid using ##__VA_ARGS__ gcc extension * Fix bitfields order for MSVC * Separate out SLIRP_PACKED to SLIRP_PACKED_BEGIN/END * Do not use ssize_t on Windows * Do not include unistd.h on windows, it does not have it * Accept build-aux/git-version-gen failing to run * container_of: avoid using __extension__ * ncsi: Add Mellanox Get Mac Address handler * slirp: Add out-of-band ethernet address * ncsi: Add OEM command handler * ncsi: Add basic test for Get Version ID response * ncsi: Use response header for payload length * ncsi: Pass command header to response handlers * src/slirp.h: Bump the minimum Windows version to Windows 7 * ncsi: Add Get Version ID command * ncsi: Pass Slirp structure to response handlers * slirp: Add manufacturer's ID * Add support for Haiku to meson.build * meson: add extra warnings * win32: declare some local functions as static * Include and for AF_INET6 and inet_pton * Release v4.7.0 * bump ABI version and age * slirp: invoke client callback before creating timers * pingtest: port to timer_new_opaque * introduce timer_new_opaque callback * introduce slirp_timer_new wrapper * icmp6: make ndp_send_ra static * Add sanitizers CI runs * socket: Handle ECONNABORTED from recv * bootp: fix g_str_has_prefix warning/critical * slirp: Don't duplicate packet in tcp_reass * Rename insque/remque -> slirp_[ins|rem]que * mbuf: Use SLIRP_DEBUG to enable mbuf debugging instead of DEBUG * Replace inet_ntoa() with safer inet_ntop() * Add VMS_END marker * bootp: add support for UEFI HTTP boot * IPv6 DNS proxying support * Add missing scope_id in caching * Drop fixed TODO * socket: Move closesocket(so->s_aux) to sofree * socket: Check so_type instead of so_tcpcb for Unix-to-inet translation * socket: Add s_aux field to struct socket for storing auxilliary socket * socket: Initialize so_type in socreate * socket: Allocate Unix-to-TCP hostfwd port from OS by binding to port 0 * Allow to disable internal DHCP server * slirp_pollfds_fill: Explain why dividing so_snd.sb_datalen by two * CI: run integration tests with slirp4netns * socket: Check address family for Unix-to-inet accept translation * socket: Add debug args for tcpx_listen (inet and Unix sockets) * socket: Restore original definition of fhost * socket: Move include to socket.h * Support Unix sockets in hostfwd * resolv: fix IPv6 resolution on Darwin * Use the exact sockaddr size in getnameinfo call * Initialize sin6_scope_id to zero * slirp_socketpair_with_oob: Connect pair through 127.0.0.1 * resolv: fix memory leak when using libresolv * pingtest: Add a trivial ping test * icmp: Support falling back on trying a SOCK_RAW socket ------------------------------------------------------------------ ------------------ 2022-7-17 - Jul 17 2022 ------------------- ------------------------------------------------------------------ ++++ docker: - Change to using systemd-sysusers ------------------------------------------------------------------ ------------------ 2022-7-16 - Jul 16 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - kABI: fix adding field to ufs_hba (git-fixes). - kABI: fix adding field to scsi_device (git-fixes). - scsi: iscsi: Exclude zero from the endpoint ID range (git-fixes). - scsi: scsi_debug: Fix zone transition to full condition (git-fixes). - scsi: sd: Fix potential NULL pointer dereference (git-fixes). - drbd: fix potential silent data corruption (git-fixes). - scsi: ufs: core: scsi_get_lba() error fix (git-fixes). - scsi: ufs: Fix runtime PM messages never-ending cycle (git-fixes). - scsi: core: sd: Add silence_suspend flag to suppress some PM messages (git-fixes). - scsi: ufs: Fix a deadlock in the error handler (git-fixes). - scsi: ufs: Remove dead code (git-fixes). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: scsi_debug: Fix type in min_t to avoid stack OOB (git-fixes). - scsi: scsi_debug: Don't call kcalloc() if size arg is zero (git-fixes). - scsi: sd: Fix sd_do_mode_sense() buffer length handling (git-fixes). - scsi: lpfc: Fix mailbox command failure during driver initialization (git-fixes). - commit fb67102 - perf/amd/ibs: Advertise zen4_ibs_extensions as pmu capability attribute (jsc#SLE-24578). - commit 9992992 - perf/amd/ibs: Add support for L3 miss filtering (jsc#SLE-24578). - commit 3de312d - perf/amd/ibs: Use ->is_visible callback for dynamic attributes (jsc#SLE-24578). - commit 1a42a36 - perf/amd/ibs: Cascade pmu init functions' return value (jsc#SLE-24578). - commit 82fef3c ------------------------------------------------------------------ ------------------ 2022-7-15 - Jul 15 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/ibt,xen: Sprinkle the ENDBR (bsc#1201471). - Refresh patches.suse/objtool-Update-Retpoline-validation.patch. - commit cf7f7e0 - x86/entry: Remove skip_r11rcx (bsc#1201524). - Refresh patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch. - commit 64980c7 - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). - commit bf00db7 - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - crypto: qat - set CIPHER capability for DH895XCC (git-fixes). - commit 3585cf1 ++++ ldb: - Add ldb-memory-bug-15096-4.15-ldbonly.patch to backport all changes for ldb-2.4.4. + CVE-2022-32746: samba: ldb: Use-after-free occurring in database audit logging module; (bso#15009); (bsc#1201490). ++++ ncurses: - Add patch ncurses-bnc1198627.patch * Fix bsc#1198627: CVE-2022-29458: ncurses: segfaulting OOB read ++++ sqlite3: - update to 3.39.1: * Fix an incorrect result from a query that uses a view that contains a compound SELECT in which only one arm contains a RIGHT JOIN and where the view is not the first FROM clause term of the query that contains the view * Fix a long-standing problem with ALTER TABLE RENAME that can only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set to a very small value. * Fix a long-standing problem in FTS3 that can only arise when compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time option. * Fix the initial-prefix optimization for the REGEXP extension so that it works correctly even if the prefix contains characters that require a 3-byte UTF8 encoding. * Enhance the sqlite_stmt virtual table so that it buffers all of its output. ++++ permissions: - Update to version 20201225: * postfix: add postlog setgid for maildrop binary (bsc#1201385) ++++ qemu: - Fix: bsc#1198038, CVE-2022-0216 - Fix: bsc#1201367, CVE-2022-35414 * Patches added: scsi-lsi53c895a-fix-use-after-free-in-ls.patch softmmu-Always-initialize-xlat-in-addres.patch ++++ rpm-config-SUSE: - add SBAT values (boo#1193282) ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#606 - fix %if-nesting typo - 16.57.24 - merge gh#openSUSE/installation-images#605 - limit LeapMicro building - 16.57.23 - merge gh#openSUSE/installation-images#602 - Leap Micro support (jsc#SMO-126) - Add LeapMicro to _multibuild (jsc#SMO-126) - Leap Micro support jsc#SMO-126 - 16.57.22 ------------------------------------------------------------------ ------------------ 2022-7-14 - Jul 14 2022 ------------------- ------------------------------------------------------------------ ++++ container-selinux: - Update to version 2.188.0: * Allow confined containers to mount overlay filesystems Fixed bsc#1201348 ++++ kernel-default: - rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer Dwarves 1.22 or newer is required to build kernels with BTF information embedded in modules. - commit ee19e9d - kabi/severities: add stmmac network driver local symbols - commit 832dcf3 - ppp: ensure minimum packet size in ppp_write() (git-fixes). - commit 1871bcf - veth: Do not record rx queue hint in veth_xmit (git-fixes). - commit 4e81b53 - net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops (git-fixes). - commit 89745b1 - net: stmmac: Add platform level debug register dump feature (git-fixes). - commit 1f1e295 - fsl/fman: Fix missing put_device() call in fman_port_probe (git-fixes). - commit 1ea5bd4 - net: lantiq_xrx200: fix statistics of received bytes (git-fixes). - commit 21661cb - net: ag71xx: Fix a potential double free in error handling paths (git-fixes). - commit bdd4068 - net: stmmac: dwmac-visconti: Fix value of ETHER_CLK_SEL_FREQ_SEL_2P5M (git-fixes). - commit 100c8d7 - net: stmmac: ptp: fix potentially overflowing expression (git-fixes). - commit c8a3960 - veth: ensure skb entering GRO are not cloned (git-fixes). - commit de7c3ec - net: ks8851: Check for error irq (git-fixes). - commit c6aa897 - drivers: net: smc911x: Check for error irq (git-fixes). - commit 76302d7 - fjes: Check for error irq (git-fixes). - commit 3518c05 - net: marvell: prestera: fix incorrect return of port_find (git-fixes). - commit caea254 - net: systemport: Add global locking for descriptor lifecycle (git-fixes). - commit ca205ab - net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup (git-fixes). - commit d928a50 - net: stmmac: fix tc flower deletion for VLAN priority Rx steering (git-fixes). - commit c13727a - netdevsim: don't overwrite read only ethtool parms (git-fixes). - commit e49332e - nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes). - commit 14806b1 - net: mvpp2: fix XDP rx queues registering (git-fixes). - commit 785d73e - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (git-fixes). - commit e300fac - net/qla3xxx: fix an error code in ql_adapter_up() (git-fixes). - commit 1aeafc7 - qede: validate non LSO skb length (git-fixes). - commit a6a6f45 - net: altera: set a couple error code in probe() (git-fixes). - commit 4b6f9c2 - net: bcm4908: Handle dma_set_coherent_mask error codes (git-fixes). - commit 57e402c - net: annotate data-races on txq->xmit_lock_owner (git-fixes). - commit 823f883 - octeontx2-af: Fix a memleak bug in rvu_mbox_init() (git-fixes). - commit ab94872 - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (git-fixes). - commit eb079a6 - natsemi: xtensa: fix section mismatch warnings (git-fixes). - commit dbb5264 - dpaa2-eth: destroy workqueue at the end of remove function (git-fixes). - commit 1aeeaf7 - net: marvell: mvpp2: Fix the computation of shared CPUs (git-fixes). - commit f25bb21 - Remove Half duplex mode speed capabilities (git-fixes). - commit 92878dd - net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header support (git-fixes). - commit de8c06a - net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls (git-fixes). - commit a6567bd - net: phylink: Force retrigger in case of latched link-fail indicator (git-fixes). - commit 6d547bd - net: phylink: Force link down and retrigger resolve on interface change (git-fixes). - commit 4e89e84 - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() (bsc#1198829 CVE-2022-1462). - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462). - commit decd358 ++++ yaml-cpp: - Version 0.6.3 changed ABI without changing SONAME. Re-add symbol from the old ABI to prevent ABI breakage and crash of applications compiled with 0.6.1 (bsc#1200624, bsc#1178332, bsc#1178331, bsc#1160171, yaml-cpp-abi-breakage.patch). ++++ samba: - CVE-2022-32746: samba: Use-after-free occurring in database audit logging; (bso#15009); (bso#15096); (bsc#1201490). - CVE-2022-32745: samba: ldb: AD users can crash the server process with an LDAP add or modify request; (bso#15008); (bso#15096); (bsc#1201492). - CVE-2022-2031: samba, ldb: AD users can bypass certain restrictions associated with changing passwords; (bso#15047); (bsc#1201495); - CVE-2022-32742:SMB1 code does not correct verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085); (bsc#1201496). - CVE-2022-32744: samba, ldb: AD users can forge password change requests for any user; (bso#15074); (bso#15047); (bsc#1201493). ++++ selinux-policy: - Update to version 20220714. Refreshed: * fix_init.patch * fix_systemd_watch.patch ------------------------------------------------------------------ ------------------ 2022-7-13 - Jul 13 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - octeontx2-af: Fix some memory leaks in the error handling path of 'cgx_lmac_init()' (git-fixes). - commit 771ed28 - octeontx2-af: Add a 'rvu_free_bitmap()' function (gix-fixes). - commit bc0ad1c - gpio: tegra186: Add IRQ per bank for Tegra241 (jsc#SLE-24571) - commit 6cf809d - gpio: tegra186: Add support for Tegra241 (jsc#SLE-24571) - commit f025bf7 - dt-bindings: gpio: Add Tegra241 support (jsc#SLE-24571) - commit f8d4262 - spi: tegra210-quad: combined sequence mode (jsc#SLE-24570) - commit e187f9a - spi: tegra210-quad: add new chips to compatible (jsc#SLE-24570) - commit f0be9d3 - spi: tegra210-quad: add acpi support (jsc#SLE-24570) - commit 55e4b0b - spi: tegra210-quad: use devm call for cdata memory (jsc#SLE-24570) - commit 45eae59 - spi: tegra210-quad: use device_reset method (jsc#SLE-24570) - commit 3f5e1a3 - spi: Add Tegra234 QUAD SPI compatible (jsc#SLE-24570) - commit 58f5e5f - i2c: tegra: use i2c_timings for bus clock freq (jsc#SLE-24569) - commit 47fa6c7 - i2c: tegra: Add the ACPI support (jsc#SLE-24569) - commit d323c6e - i2c: tegra: Add SMBus block read function (jsc#SLE-24569) - commit 3dd00f6 - i2c: smbus: Use device_*() functions instead of of_*() (jsc#SLE-24569) - commit 3c0a341 - docs: firmware-guide: ACPI: Add named interrupt doc (jsc#SLE-24569) - commit 6cd5dd2 - device property: Add fwnode_irq_get_byname (jsc#SLE-24569) - commit cd979cf - net: dsa: xrs700x: be compatible with masters which unregister on shutdown (git-fixes). - commit 067f613 - net: dsa: microchip: ksz8863: be compatible with masters which unregister on shutdown (git-fixes). - commit 8df6c27 - net: dsa: hellcreek: be compatible with masters which unregister on shutdown (git-fixes). - commit b13c76a - net: dsa: be compatible with masters which unregister on shutdown (git-fixes). - commit 185c5a1 - can: rcar_canfd: add __maybe_unused annotation to silence warning (git-fixes). - commit 3436390 - net: dpaa_eth: remove dead select in menuconfig FSL_DPAA_ETH (git-fixes). - commit 5dea61c - crypto: octeontx2 - fix missing unlock (jsc#SLE-24682). - hwrng: cavium - fix NULL but dereferenced coccicheck error (jsc#SLE-24682). - crypto: octeontx2 - add synchronization between mailbox accesses (jsc#SLE-24682). - crypto: octeontx2 - increase CPT HW instruction queue length (jsc#SLE-24682). - crypto: octeontx2 - CN10K CPT to RNM workaround (jsc#SLE-24682). - crypto: octeontx2 - select CONFIG_NET_DEVLINK (jsc#SLE-24682). - arm64: Add cavium_erratum_23154_cpus missing sentinel (jsc#SLE-24682). - irqchip/gic-v3: Workaround Marvell erratum 38545 when reading IAR (jsc#SLE-24682). - crypto: octeontx2 - Avoid stack variable overflow (jsc#SLE-24682). - crypto: octeontx2 - out of bounds access in otx2_cpt_dl_custom_egrp_delete() (jsc#SLE-24682). - crypto: octeontx2 - Use swap() instead of swap_engines() (jsc#SLE-24682). - crypto: octeontx2 - parameters for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - add apis for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - use swap() to make code cleaner (jsc#SLE-24682). - commit e64c29a ++++ multipath-tools: - Update to version 0.9.0+39+suse.51a2ab1: Upstream bug fixes: * libmultipath: fix find_multipaths_timeout for unknown hardware (boo#1201483) * multipath-tools: fix "multipath -ll" for Native NVME Multipath devices (boo#1201483) - Update to version 0.9.0+33+suse.fdc6686 * multipath.conf: add support for "protocol" subsection in "overrides" section to set certain config options by protocol. * Removed the previously deprecated options getuid_callout, config_dir, multipath_dir, pg_timeout * hwable fixes and additions * multipath.conf(5): add disclaimer about vendor support * libmultipath, kpartx: fix callers of dm_get_next_target() * Change built-in defaults for NVMe: group by prio, and immediate failback * Allow compilation with -D_FORTIFY_SOURCE=3 ++++ mozilla-nss: - Update nss-fips-constructor-self-tests.patch to add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - Update nss-fips-approved-crypto-non-ec.patch to mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - Update nss-fips-approved-crypto-non-ec.patch to remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Remove nss-fips-tls-allow-md5-prf.patch, since we no longer need the workaround in FIPS mode (bsc#1200325). - Remove nss-fips-tests-skip.patch. This is no longer needed since we removed the code to short-circuit broken hashes and moved to using the SLI. ++++ ceph: - Update to 16.2.9-536-g41a9f9a5573: + (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR + (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979) + (bsc#1196046) mgr/cephadm: try to get FQDN for configuration files ++++ selinux-policy: - Update fix_systemd.patch to add cap sys_admin and kernel_dgram_send for systemd_gpt_generator_t (bsc#1200911) ------------------------------------------------------------------ ------------------ 2022-7-12 - Jul 12 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - marvell: octeontx2: build error: unknown type name 'u64' (jsc#SLE-24682). - commit ca6af39 - crypto: hisilicon/qm - modify the uacce mode check (bsc#1201391). - commit 755232f - octeontx2-pf: devlink params support to set mcam entry count (jsc#SLE-24682). - Refresh patches.suse/devlink-Make-devlink_register-to-be-void.patch. - commit 255954c - octeontx2-pf: cn10k: Config DWRR weight based on MTU (jsc#SLE-24682). - Refresh patches.suse/octeontx2-pf-cleanup-transmit-link-deriving-logic.patch. - commit c99a251 - octeontx2-vf: Add support for adaptive interrupt coalescing (jsc#SLE-24682). - octeontx2-pf: replace bitmap_weight with bitmap_empty where appropriate (jsc#SLE-24682). - octeontx2-af: fix error code in is_valid_offset() (jsc#SLE-24682). - octeontx2-pf: Add support for adaptive interrupt coalescing (jsc#SLE-24682). - octeontx2-pf: Remove unnecessary synchronize_irq() before free_irq() (jsc#SLE-24682). - octeontx2-af: debugfs: fix error return of allocations (jsc#SLE-24682). - octeontx2-af: initialize action variable (jsc#SLE-24682). - octeontx2-af: cn10k: add workaround for ptp errata (jsc#SLE-24682). - octeontx2-pf: cn10k: add support for new ptp timestamp format (jsc#SLE-24682). - octeontx2-af: fix array bound error (jsc#SLE-24682). - octeontx2-pf: Add TC feature for VFs (jsc#SLE-24682). - octeontx2-pf: PFC config support with DCBx (jsc#SLE-24682). - octeontx2-af: Flow control resource management (jsc#SLE-24682). - octeontx2-af: Priority flow control configuration support (jsc#SLE-24682). - octeontx2-af: Don't enable Pause frames by default (jsc#SLE-24682). - octeontx2-af: Add KPU changes to parse NGIO as separate layer (jsc#SLE-24682). - octeontx2-af: Increase link credit restore polling timeout (jsc#SLE-24682). - octeontx2-pf: cn10k: Ensure valid pointers are freed to aura (jsc#SLE-24682). - octeontx2-af: cn10k: Use appropriate register for LMAC enable (jsc#SLE-24682). - octeontx2-af: Retry until RVU block reset complete (jsc#SLE-24682). - octeontx2-af: Fix LBK backpressure id count (jsc#SLE-24682). - octeontx2-af: Fix interrupt name strings (jsc#SLE-24682). - octeontx2-nicvf: Free VF PTP resources (jsc#SLE-24682). - octeontx2-af: Increment ptp refcount before use (jsc#SLE-24682). - octeontx2-af: debugfs: don't corrupt user memory (jsc#SLE-24682). - octeontx2-pf: select CONFIG_NET_DEVLINK (jsc#SLE-24682). - octeontx2-af: use swap() to make code cleaner (jsc#SLE-24682). - octeontx2-af: debugfs: Add channel and channel mask (jsc#SLE-24682). - octeontx2-af: cn10k: debugfs for dumping LMTST map table (jsc#SLE-24682). - octeontx2-af: debugfs: Minor changes (jsc#SLE-24682). - octeontx2-af: Increase number of reserved entries in KPU (jsc#SLE-24682). - octeontx2-nic: fix mixed module build (jsc#SLE-24682). - octeontx2-af: Add support to flush full CPT CTX cache (jsc#SLE-24682). - octeontx2-af: Perform cpt lf teardown in non FLR path (jsc#SLE-24682). - octeontx2-af: Enable CPT HW interrupts (jsc#SLE-24682). - octeontx2-pf: Simplify the receive buffer size calculation (jsc#SLE-24682). - octeontx2-af: Remove redundant initialization of variable pin (jsc#SLE-24682). - octeontx2-pf: Add XDP support to netdev PF (jsc#SLE-24682). - octeontx2-af: Adjust LA pointer for cpt parse header (jsc#SLE-24682). - octeontx2-nicvf: Add PTP hardware clock support to NIX VF (jsc#SLE-24682). - octeontx2-pf: Use hardware register for CQE count (jsc#SLE-24682). - octeontx2-af: Add external ptp input clock (jsc#SLE-24682). - octeontx2-af: Use ptp input clock info from firmware data (jsc#SLE-24682). - octeontx2-af: Reset PTP config in FLR handler (jsc#SLE-24682). - octeontx2: Move devlink registration to be last devlink command (jsc#SLE-24682). - octeontx2-af: Optimize KPU1 processing for variable-length headers (jsc#SLE-24682). - octeontx2-af: Limit KPU parsing for GTPU packets (jsc#SLE-24682). - octeontx2-af: verify CQ context updates (jsc#SLE-24682). - octeontx2-af: Remove redundant initialization of variable blkaddr (jsc#SLE-24682). - octeontx2-af: Fix uninitialized variable val (jsc#SLE-24682). - octeontx2-af: Hardware configuration for inline IPsec (jsc#SLE-24682). - octeontx2-pf: CN10K: Hide RPM stats over ethtool (jsc#SLE-24682). - octeontx2-pf: cn10K: Reserve LMTST lines per core (jsc#SLE-24682). - octeontx2-af: Use NDC TX for transmit packet data (jsc#SLE-24682). - octeontx2-pf: Add vlan-etype to ntuple filters (jsc#SLE-24682). - octeontx2-af: Fix inconsistent license text (jsc#SLE-24682). - octeontx2-pf: Fix inconsistent license text (jsc#SLE-24682). - octeontx2-af: cn10K: support for sched lmtst and other features (jsc#SLE-24682). - octeontx2-af: Add mbox to retrieve bandwidth profile free count (jsc#SLE-24682). - octeontx2-af: Remove channel verification while installing MCAM rules (jsc#SLE-24682). - octeontx2-af: Add PTP device id for CN10K and 95O silcons (jsc#SLE-24682). - octeontx2-af: Add free rsrc count mbox msg (jsc#SLE-24682). - octeontx2-af: Add SDP interface support (jsc#SLE-24682). - octeontx2-af: nix and lbk in loop mode in 98xx (jsc#SLE-24682). - octeontx2-af: Allow to configure flow tag LSB byte as RSS adder (jsc#SLE-24682). - octeontx2-af: enable tx shaping feature for 96xx C0 (jsc#SLE-24682). - octeontx2-af: Wait for TX link idle for credits change (jsc#SLE-24682). - octeontx2-af: Change the order of queue work and interrupt disable (jsc#SLE-24682). - octeontx2-af: cn10k: Set cache lines for NPA batch alloc (jsc#SLE-24682). - octeontx2-af: Use DMA_ATTR_FORCE_CONTIGUOUS attribute in DMA alloc (jsc#SLE-24682). - octeontx2-pf: Don't mask out supported link modes (jsc#SLE-24682). - octeontx2-af: Handle return value in block reset (jsc#SLE-24682). - octeontx2-pf: Add check for non zero mcam flows (jsc#SLE-24682). - octeontx2-af: remove redudant second error check on variable err (jsc#SLE-24682). - octeontx2-pf: Allow VLAN priority also in ntuple filters (jsc#SLE-24682). - octeontx2-af: configure npc for cn10k to allow packets from cpt (jsc#SLE-24682). - octeontx2-af: cn10K: Get NPC counters value (jsc#SLE-24682). - octeontx2-af: Allocate low priority entries for PF (jsc#SLE-24682). - octeontx2-pf: Unify flow management variables (jsc#SLE-24682). - octeontx2-pf: Sort the allocated MCAM entry indices (jsc#SLE-24682). - octeontx2-pf: Ntuple filters support for VF netdev (jsc#SLE-24682). - octeontx2-pf: Enable NETIF_F_RXALL support for VF driver (jsc#SLE-24682). - octeontx2-af: Add debug messages for failures (jsc#SLE-24682). - octeontx2-af: add proper return codes for AF mailbox handlers (jsc#SLE-24682). - octeontx2-af: Modify install flow error codes (jsc#SLE-24682). - octeontx2-af: Fix spelling mistake "Makesure" -> "Make sure" (jsc#SLE-24682). - octeontx2-af: cn10k: DWRR MTU configuration (jsc#SLE-24682). - octeontx2-af: Enhance mailbox trace entry (jsc#SLE-24682). - commit 7af5fda ++++ python-M2Crypto: - Add CVE-2020-25657-Bleichenbacher-attack.patch (CVE-2020-25657, bsc#1178829), which mitigates the Bleichenbacher timing attacks in the RSA decryption API. - Add python-M2Crypto.keyring to verify GPG signature of tarball. ++++ rpm: - Support Ed25519 signatures [jsc#SLE-24714] * new patch: ed25519.diff ++++ rust-keylime: - Update to version 0.1.0+git.1657303637.5b9072a: * keys_handler: Use scopes to drop mutexes before await * Enable usage of Rust IMA emulator in E2E tests. * ima_emulator: Support PCR hash algorithms other than SHA-1 * ima_entry: add IMA entry parser ported from Python Keylime * algorithms: Add conversion between our hash algorithms and OpenSSL's * Remove unused functions revocation_ip_get and revocation_port_get. Change String to &str. * Adjust function usage comments to account for new parameters. * Load config file less at startup in src/common.rs * GNUmakefile: Make target dependencies explicit * permissions: Set supplementary groups when dropping privileges * main: Use more descriptive message for missing files error * Show path when fail to load the certificate * tpm: Add serialization functions for structures in quotes - Requires tpm2.0-abrmd dependency, as the kernel resource manager could be not enough - Downgrade /var/run/keylime permissions - Set "run_as" parameter to "keylime:tss" - Create the keylime user via systemd - Fix keylime service home directory - Add 0001-main-die-when-cannot-drop-privileges.patch to avoid the execution as root when the run_as user is missing in the system ------------------------------------------------------------------ ------------------ 2022-7-11 - Jul 11 2022 ------------------- ------------------------------------------------------------------ ++++ hwdata: - update to 0.361: + Updated pci, usb and vendor ids. ++++ kernel-default: - kABI: fix removal of iscsi_destroy_conn (bsc#1198410). - kABI: fix change of iscsi_host_remove() arguments (bsc#1198410). - scsi: iscsi: Fix session removal on shutdown (bsc#1198410). - scsi: qedi: Use QEDI_MODE_NORMAL for error handling (bsc#1198410). - scsi: iscsi: Add helper to remove a session from the kernel (bsc#1198410). - scsi: iscsi: Clean up bound endpoints during shutdown (bsc#1198410). - scsi: iscsi: Allow iscsi_if_stop_conn() to be called from kernel (bsc#1198410). - scsi: iscsi: Fix HW conn removal use after free (bsc#1198410). - scsi: libiscsi: Teardown iscsi_cls_conn gracefully (bsc#1198410). - scsi: iscsi: Add helper functions to manage iscsi_cls_conn (bsc#1198410). - commit 3d68d7d - don't call utsname() after ->nsproxy is NULL (bsc#1201196). - commit 9689c47 ++++ permissions: - Update to version 20201225: * apptainer: fix starter-suid location (bsc#1198720) ++++ selinux-policy: - postfix: Label PID files and some helpers correctly (bsc#1197242) ++++ systemd-presets-branding-SMO: - enable NetworiManager by default (jsc#SMO-84) ------------------------------------------------------------------ ------------------ 2022-7-8 - Jul 8 2022 ------------------- ------------------------------------------------------------------ ++++ gnutls: - FIPS: * Modify gnutls-FIPS-force-self-test.patch [bsc#1198979] - gnutls_fips140_run_self_tests now properly releases fips_context ++++ kernel-default: - x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit d1e1c13 - x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 3be5cfd - x86/bugs: Add Cannon lake to RETBleed affected CPU list (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 739eddd - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - commit e1e83aa - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - commit c771c51 ++++ ldb: - Update to version 2.4.3 + Fix build problems, waf produces incorrect names for python extensions; (bso#15071); ++++ systemd: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network (bsc#1201276) This configuration files put in these directories are read by both udevd and systemd-networkd. ++++ samba: - Update to 4.15.8 * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); ------------------------------------------------------------------ ------------------ 2022-7-7 - Jul 7 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - cpufreq: intel_pstate: Add Ice Lake server to out-of-band IDs (bsc#1201228). - commit e9e6c6d - mm/slub: add missing TID updates on slab deactivation (git-fixes). - commit 2839b22 ++++ libselinux: - Fixed initrd check in selinux-ready (bnc#1186127) ------------------------------------------------------------------ ------------------ 2022-7-6 - Jul 6 2022 ------------------- ------------------------------------------------------------------ ++++ combustion: - Switch to use the git repo with obs_scm - Update to version 1.0+git0: * Add Makefile for make install support * Start sysroot-usr.mount as well * Replace invalid use of ln_r in module-setup.sh ++++ open-iscsi: - Modify SPEC file so systemd unit files are mode 644 (not 755) (bsc#1200570) ++++ kernel-default: - Update patch reference for rose fix (CVE-2022-2318 bsc#1201251) - commit 6740ddf - xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses() (bsc#1200763, CVE-2022-33743, XSA-405). - commit 3452cb8 - xen/netfront: force data bouncing when backend is untrusted (bsc#1200762, CVE-2022-33741, XSA-403). - commit 8573a2a - xen/netfront: fix leaking data in shared pages (bsc#1200762, CVE-2022-33740, XSA-403). - commit d781d02 - xen/blkfront: force data bouncing when backend is untrusted (bsc#1200762, CVE-2022-33742, XSA-403). - commit e887a75 - xen/blkfront: fix leaking data in shared pages (bsc#1200762, CVE-2022-26365, XSA-403). - commit 5f3a98c ++++ tiff: - security update * CVE-2022-2056 [bsc#1201176] * CVE-2022-2057 [bsc#1201175] * CVE-2022-2058 [bsc#1201174] + tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch ++++ nfsidmap: - 0001-Removed-some-unused-and-set-but-not-used-warnings.patch 0002-Handle-NULL-names-better.patch 0003-Strip-newlines-out-of-IDMAP_LOG-messages.patch 0004-onf_parse_line-Ignore-whitespace-at-the-beginning-of.patch 0005-nss.c-wrong-check-of-return-value.patch 0006-Fixed-a-memory-leak-nss_name_to_gid.patch Various bugfixes and improvemes from upstream In particular, 0001 fixes a crash that can happen when a 'static' mapping is configured. (bnc#1200901) ++++ permissions: - Update to version 20201225: * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) ------------------------------------------------------------------ ------------------ 2022-7-5 - Jul 5 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - KVM: VMX: Wake vCPU when delivering posted IRQ even if vCPU == this vCPU (git-fixes). - Refresh patches.suse/KVM-nVMX-Ensure-vCPU-honors-event-request-if-posting.patch. - commit cc9c0cb - kabi/severities: allow dropping a few invalid exported symbols (bsc#1201218) - commit fb35701 - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (bsc#1201218). - tick/nohz: unexport __init-annotated tick_nohz_full_setup() (bsc#1201218). - clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() (bsc#1201218). - xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (bsc#1201218). - net: ipv6: unexport __init-annotated seg6_hmac_init() (bsc#1201218). - net: xfrm: unexport __init-annotated xfrm4_protocol_init() (bsc#1201218). - net: mdio: unexport __init-annotated mdio_bus_init() (bsc#1201218). - commit f8aa8f6 - netfilter: nf_tables: stricter validation of element data (CVE-2022-34918 bsc#1201171). - commit 6821024 - usbnet: fix memory allocation in helpers (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (git-fixes). - xhci: turn off port power in shutdown (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio_net: fix wrong buf address calculation when using xdp (git-fixes). - commit bb6cd2d - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - net: phy: ax88772a: fix lost pause advertisement configuration (git-fixes). - NFC: nxp-nci: Don't issue a zero length i2c_master_read() (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - net: usb: asix: do not force pause frames support (git-fixes). - platform/x86: panasonic-laptop: filter out duplicate volume up/down/mute keypresses (git-fixes). - platform/x86: panasonic-laptop: don't report duplicate brightness key-presses (git-fixes). - platform/x86: panasonic-laptop: revert "Resolve hotkey double trigger bug" (git-fixes). - platform/x86: panasonic-laptop: sort includes alphabetically (git-fixes). - platform/x86: panasonic-laptop: de-obfuscate button codes (git-fixes). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - modpost: fix section mismatch check for exported init/exit sections (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - USB: gadget: Fix double-free bug in raw_gadget driver (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: pl2303: add support for more HXN (G) types (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: gadget: Fix non-unique driver names in raw-gadget driver (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (git-fixes). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - mmc: mediatek: wait dma stop bit reset to 0 (git-fixes). - rtw88: rtw8821c: enable rfe 6 devices (git-fixes). - rtw88: 8821c: support RFE type4 wifi NIC (git-fixes). - commit a292641 - hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (git-fixes). - Revert "drm/amdgpu/display: set vblank_disable_immediate for DC" (git-fixes). - drm/fourcc: fix integer type usage in uapi header (git-fixes). - drm/i915/gem: add missing else (git-fixes). - epic100: fix use after free on rmmod (git-fixes). - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: adc: stm32: fix maximum clock rate for stm32mp15x (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (git-fixes). - iio:humidity:hts221: rearrange iio trigger get and register (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio:accel:mxc4005: rearrange iio trigger get and register (git-fixes). - iio:accel:kxcjk-1013: rearrange iio trigger get and register (git-fixes). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: afe: rescale: Fix boolean logic bug (git-fixes). - iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (git-fixes). - iio: adc: stm32: Fix ADCs iteration in irq handler (git-fixes). - iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio: magnetometer: yas530: Fix memchr_inv() misuse (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: mma8452: fix probe fail when device tree compatible is used (git-fixes). - dt-bindings: usb: ehci: Increase the number of PHYs (git-fixes). - dt-bindings: usb: ohci: Increase the number of PHYs (git-fixes). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - drm/msm/dp: force link training for display resolution change (git-fixes). - commit 29490b2 - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/msm: use for_each_sgtable_sg to iterate over scatterlist (git-fixes). - drm/msm: Switch ordering of runpm put vs devfreq_idle (git-fixes). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm/i915: Implement w/a 22010492432 for adl-s (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - drm/amd/display: Don't reinitialize DMCUB on s0ix resume (git-fixes). - drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (git-fixes). - commit 3a6b863 - arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (git-fixes). - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct I2C3 pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct I2C1 pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct vbus pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct eqos pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct vbus pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct gpio-led pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct the uart2 pinctl value (git-fixes). - arm64: dts: imx8mp-evk: correct mmc pad settings (git-fixes). - ARM: mxs_defconfig: Enable the framebuffer (git-fixes). - ARM: at91: fix soc detection for SAM9X60 SiPs (git-fixes). - ARM: dts: at91: sama5d2_icp: fix eeprom compatibles (git-fixes). - ARM: dts: at91: sam9x60ek: fix eeprom compatible and size (git-fixes). - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (git-fixes). - ARM: at91: pm: use proper compatible for sama5d2's rtc (git-fixes). - ACPI: video: Change how we determine if brightness key-presses are handled (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - ARM: exynos: Fix refcount leak in exynos_map_pmu (git-fixes). - ARM: dts: bcm2711-rpi-400: Fix GPIO line names (git-fixes). - arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (git-fixes). - ARM: cns3xxx: Fix refcount leak in cns3xxx_init (git-fixes). - ARM: Fix refcount leak in axxia_boot_secondary (git-fixes). - ARM: dts: imx6qdl: correct PU regulator ramp delay (git-fixes). - ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - commit b2f3ec0 ++++ libzypp: - Fix building with GCC 12.x release (#396) - version 17.30.3 (22) ++++ zypper: - Fix building with GCC 13 (fixes #448) - Put signing key supplying repository name in quotes. - version 1.14.54 ------------------------------------------------------------------ ------------------ 2022-7-4 - Jul 4 2022 ------------------- ------------------------------------------------------------------ ++++ gtk3: - Add compatible dependency "python3-gobject-Gdk if python3-gobject" to the typelib package for SLE and Leap (boo#1200614). ++++ kernel-default: - nvme: add verbose error logging (bsc#1200567). Update config files. - commit d728b74 - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - commit 19236f6 - net: marvell: mvpp2: increase MTU limit when XDP enabled (git-fixes). - commit 0a53cad - mlxsw: spectrum: Protect driver from buggy firmware (git-fixes). - commit 5106bcc - nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes). - commit 5bca6f6 - net: marvell: prestera: fix double free issue on err path (git-fixes). - commit 7d71374 - net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove (git-fixes). - commit fd69472 - net: stmmac: Fix signed/unsigned wreckage (git-fixes). - commit ab42270 - net: mvmdio: fix compilation warning (git-fixes). - commit 717e02c - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). Refresh: - patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - commit aaa97b5 - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - commit eeb9031 - supported.conf: mark marvell octeontx2 crypto driver as supported (jsc#SLE-24682) Mark rvu_cptpf.ko and rvu_cptvf.ko as supported. - commit 2c9f726 ++++ Mesa: - change default driver from 'iris' back to 'i965' for Intel Gen8-11 hardware; that way we also use the same driver used by X and Mesa (boo#1200965); related bugs: boo#1197045, boo#1197046 ------------------------------------------------------------------ ------------------ 2022-7-3 - Jul 3 2022 ------------------- ------------------------------------------------------------------ ++++ openssl-1_1: - Encrypt the sixteen bytes that were unencrypted in some circumstances on 32-bit x86 platforms. * [bsc#1201099, CVE-2022-2097] * added openssl-CVE-2022-2097.patch ------------------------------------------------------------------ ------------------ 2022-7-2 - Jul 2 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 1657f57 - x86/common: Stamp out the stepping madness (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit c4753d1 - KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 2b985b5 - x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 4bed1b0 - KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 316fcc5 - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 15924a8 - KVM: VMX: Convert launched argument to flags (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit f8dcdb9 - objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit ef884f6 - KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 1e826ce - virtio-net: fix for skb_over_panic inside big mode (git-fixes). - commit 0257357 - virtio-net: realign page_to_skb() after merges (git-fixes). - commit 265619f - x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit e07908e - natsemi: sonic: stop calling netdev_boot_setup_check (git-fixes). - commit 46bf69a - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 7195e40 - x86/speculation: Fix SPEC_CTRL write on SMT state change (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 9038814 - x86/speculation: Fix firmware entry SPEC_CTRL handling (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit ca2994e - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 82031ef - x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 5cc7992 - objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 3cfb55f ------------------------------------------------------------------ ------------------ 2022-7-1 - Jul 1 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/bugs: Do IBPB fallback check only once (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 1651453 - x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 85c8e14 - x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit cb8daf6 - objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 7436f55 - intel_idle: Disable IBRS during long idle (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit b411908 - x86/bugs: Report Intel retbleed vulnerability (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit f9a629c - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit dbabe9a - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit b629108 - x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit ff2e369 - x86/entry: Add kernel IBRS implementation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 479ab24 - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit c15babd - x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 280d4c4 - x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit aa29b09 - x86/bugs: Report AMD retbleed vulnerability (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 367584b - x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 208357a - objtool: Fix sibling call detection in alternatives (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 184b12c - objtool: Treat .text.__x86.* as noinstr (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit b887ffb - x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit d70c3f9 - x86/sev: Avoid using __x86_return_thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 9650a8e - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit a3c8329 - x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 24c6cbf - x86/bpf: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit b4bf5a2 - x86/ftrace: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 34b9619 - sched: Fix balance_push() vs __sched_setscheduler() (git-fixes) - commit e34e055 - sched/fair: Revise comment about lb decision matrix (git-fixes) - commit 2b109b3 - sched/psi: report zeroes for CPU full at the system level (git-fixes) - commit 05c0f03 - x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 5ad644e - x86,static_call: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit e70fd02 - static_call,x86: Robustify trampoline patching (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 6790036 - x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit f10b243 - x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 9f6f194 - x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 8a7359d - x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 5926e03 - x86/retpoline: Swizzle retpoline thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 3c3e714 - x86/retpoline: Cleanup some #ifdefery (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit eaa3af4 - x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 00af010 - x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 75117a6 ++++ sqlite3: - update to 3.39.0: * Add (long overdue) support for RIGHT and FULL OUTER JOIN * Add new binary comparison operators IS NOT DISTINCT FROM and IS DISTINCT FROM that are equivalent to IS and IS NOT, respective, for compatibility with PostgreSQL and SQL standards * Add a new return code (value "3") from the sqlite3_vtab_distinct() interface that indicates a query that has both DISTINCT and ORDER BY clauses * Added the sqlite3_db_name() interface * The unix os interface resolves all symbolic links in database filenames to create a canonical name for the database before the file is opened * Defer materializing views until the materialization is actually needed, thus avoiding unnecessary work if the materialization turns out to never be used * The HAVING clause of a SELECT statement is now allowed on any aggregate query, even queries that do not have a GROUP BY clause * Many microoptimizations collectively reduce CPU cycles by about 2.3%. - drop sqlite-src-3380100-atof1.patch, included upstream - add sqlite-src-3390000-func7-pg-181.patch to skip float precision related test failures on 32 bit ++++ podman: - Fix build on Leap Use libexec macro to set correct, per-distribution specific, directory. ++++ qemu: - Fix usb ehci boot failure (bsc#1192115) * Patches added: hw-usb-hcd-ehci-fix-writeback-order.patch ------------------------------------------------------------------ ------------------ 2022-6-30 - Jun 30 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/mce: Drop copyin special case for #MC (bsc#1201050 CVE-2021-26341). - Refresh patches.suse/x86-prepare-asm-files-for-straight-line-speculation.patch. - commit 4126374 - net: stmmac: socfpga: add runtime suspend/resume callback for stratix10 platform (git-fixes). - commit 5966058 - net: ethernet: lantiq_etop: fix build errors/warnings (git-fixes). - commit 3631ac9 - net: ipa: disable HOLB drop when updating timer (git-fixes). - commit a355c1a - net: ipa: HOLB register sometimes must be written twice (git-fixes). - commit 1a1e1cc - net/ipa: ipa_resource: Fix wrong for loop range (git-fixes). - commit a4a273a - blacklist.conf: update - commit b3146ae - blacklist.conf: update blacklist - commit 441d7b5 - net: stmmac: fix gcc-10 -Wrestrict warning (git-fixes). - commit 2891b6b - crypto: x86/poly1305 - Fixup SLS (bsc#1201050 CVE-2021-26341). - commit fa7ee3f - x86: Add straight-line-speculation mitigation (bsc#1201050 CVE-2021-26341). - Update config files. - Refresh patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch. - commit ab9af62 - x86/alternative: Relax text_poke_bp() constraint (bsc#1201050 CVE-2021-26341). - commit fc16607 - objtool: Add straight-line-speculation validation (bsc#1201050 CVE-2021-26341). - commit 97a5faf - x86: Prepare inline-asm for straight-line-speculation (bsc#1201050 CVE-2021-26341). - commit 8812996 - x86: Prepare asm files for straight-line-speculation (bsc#1201050 CVE-2021-26341). - commit 4b86385 - x86/lib/atomic64_386_32: Rename things (bsc#1201050 CVE-2021-26341). - commit 38ceb5a - x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds (bsc#1201050 CVE-2021-26341). - commit 28ad1d2 ------------------------------------------------------------------ ------------------ 2022-6-29 - Jun 29 2022 ------------------- ------------------------------------------------------------------ ++++ conmon: - Update to version 2.1.2: * add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 boo#1200285) * journald: print tag and name if both are specified * drop some logs to debug level ++++ docker: - Backport to fix a crash-on-start issue with dockerd. bsc#1200022 + 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch ++++ gnutls: - FIPS: * Add gnutls_ECDSA_signing.patch [bsc#1190698] - Check minimum keylength for symmetric key generation - Only allows ECDSA signature with valid set of hashes (SHA2 and SHA3) * Add gnutls-FIPS-force-self-test.patch [bsc#1198979] - Provides interface for running library self tests on-demand - Upstream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1598 ++++ libguestfs: - bsc#1201064 - Libguestfs: Buffer overflow in get_keys leads to DOS - CVE-2022-2211 CVE-2022-2211-options-fix-buffer-overflow-in-get_keys.patch CVE-2022-2211-docs-guestfs-security-document.patch ++++ kernel-default: - kABI fix of sysctl_run_estimation (git-fixes). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - commit 19d4bd1 - sctp: handle kABI change in struct sctp_endpoint (CVE-2022-20154 bsc#1200599). - commit 68ce62e - sctp: use call_rcu to free endpoint (CVE-2022-20154 bsc#1200599). - commit 7c734e0 - Update metadata references - commit 41b198a ++++ gcc12: - Update to gcc-12 branch head, 7811663964aa7e31c3939b859bb, git215 * includes libgomp mold linker detection fix * includes nvptx offload compiler build fix * includes s390x tsan executable stack fix ------------------------------------------------------------------ ------------------ 2022-6-28 - Jun 28 2022 ------------------- ------------------------------------------------------------------ ++++ glibc: - static-tls-surplus.patch: rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) ++++ shim: - Update to 15.6 (bsc#1198458) - shim-15.6.tar.bz2 is downloaded from bsc#1198458#c76 which is from upstream grub2.cve_2021_3695.ms keybase channel. - For building 15.6~rc1 aarch64 image (d6eb9c6 Modernize aarch64), objcopy needs to support efi-app-aarch64 target. So we need the following patches in bintuils: - binutils-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch b69c9d41e8 AArch64: Add support for AArch64 EFI (efi-*-aarch64). - binutils-Re-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch 32384aa396 Re: AArch64: Add support for AArch64 EFI (efi-*-aarch64) - binutils-Re-Add-support-for-AArch64-EFI-efi-aarch64.patch d91c67e873 Re: Add support for AArch64 EFI (efi-*-aarch64) - Patches (git log --oneline --reverse 15.5~..77144e5a4) 448f096 MokManager: removed Locate graphic output protocol fail error message (bsc#1193315, bsc#1198458) a2da05f shim: implement SBAT verification for the shim_lock protocol bda03b8 post-process-pe: Fix a missing return code check af18810 CI: don't cancel testing when one fails ba580f9 CI: remove EOL Fedoras from github actions bfeb4b3 Remove aarch64 build tests before f35 38cc646 CI: Add f36 and centos9 CI build tests. b5185cb post-process-pe: Fix format string warnings on 32-bit platforms 31094e5 tests: also look for system headers in multi-arch directories 4df989a mock-variables.c: fix gcc warning 6aac595 test-str.c: fix gcc warnings with FORTIFY_SOURCE enabled 2670c6a Allow MokListTrusted to be enabled by default 5c44aaf Add code of conduct d6eb9c6 Modernize aarch64 9af50c1 Use ASCII as fallback if Unicode Box Drawing characters fail de87985 make: don't treat cert.S specially 803dc5c shim: use SHIM_DEVEL_VERBOSE when built in devel mode 6402f1f SBAT matching: Break out of the inner sbat loop if we find the entry. bb4b60e Add verify_image acfd48f Abstract out image reading 35d7378 Load additional certs from a signed binary 8ce2832 post-process-pe: there is no 's' argument. 465663e Add some missing PE image flag definitions 226fee2 PE Loader: support and require NX df96f48 Add MokPolicy variable and MOK_POLICY_REQUIRE_NX b104fc4 post-process-pe: set EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT f81a7cc SBAT revocation management abe41ab make: unbreak scan-build again for gnu-efi 610a1ac sbat.h: minor reformatting for legibility f28833f peimage.h: make our signature macros force the type 5d789ca Always initialize data/datasize before calling read_image() a50d364 sbat policy: make our policy change actions symbolic 5868789 load_certs: trust dir->Read() slightly less. a78673b mok.c: fix a trivial dead assignment 759f061 Fix preserve_sbat_uefi_variable() logic aa61fdf Give the Coverity scanner some more GCC blinders... 0214cd9 load_cert_file(): don't defererence NULL 1eca363 mok import: handle OOM case 75449bc sbat: Make nth_sbat_field() honor the size limit c0bcd04 shim-15.6~rc1 77144e5 SBAT Policy latest should be a one-shot - 15.5 release note https://github.com/rhboot/shim/releases Broken ia32 relocs and an unimportant submodule change. by @vathpela in #357 mok: allocate MOK config table as BootServicesData by @lcp in #361 Don't call QueryVariableInfo() on EFI 1.10 machines by @vathpela in #364 Relax the check for import_mok_state() by @lcp in #372 SBAT.md: trivial changes by @hallyn in #389 shim: another attempt to fix load options handling by @chrisccoulson in #379 Add tests for our load options parsing. by @vathpela in #390 arm/aa64: fix the size of .rela* sections by @lcp in #383 mok: fix potential buffer overrun in import_mok_state by @jyong2 in #365 mok: relax the maximum variable size check by @lcp in #369 Don't unhook ExitBootServices when EBS protection is disabled by @sforshee in #378 fallback: find_boot_option() needs to return the index for the boot entry in optnum by @jsetje in #396 httpboot: Ignore case when checking HTTP headers by @frozencemetery in #403 Fallback allocation errors by @vathpela in #402 shim: avoid BOOTx64.EFI in message on other architectures by @xypron in #406 str: remove duplicate parameter check by @xypron in #408 fallback: add compile option FALLBACK_NONINTERACTIVE by @xnox in #359 Test mok mirror by @vathpela in #394 Modify sbat.md to help with readability. by @eshiman in #398 csv: detect end of csv file correctly by @xypron in #404 Specify that the .sbat section is ASCII not UTF-8 by @daxtens in #413 tests: add "include-fixed" GCC directory to include directories by @diabonas in #415 pe: simplify generate_hash() by @xypron in #411 Don't make shim abort when TPM log event fails (RHBZ #2002265) by @rmetrich in #414 Fallback to default loader if parsed one does not exist by @julian-klode in #393 fallback: Fix for BootOrder crash when index returned by find_boot_option() is not in current BootOrder list by @rmetrich in #422 Better console checks by @vathpela in #416 docs: update SBAT UEFI variable name by @nicholasbishop in #421 Don't parse load options if invoked from removable media path by @julian-klode in #399 fallback: fix fallback not passing arguments of the first boot option by @martinezjavier in #433 shim: Don't stop forever at "Secure Boot not enabled" notification by @rmetrich in #438 Shim 15.5 coverity by @vathpela in #439 Allocate mokvar table in runtime memory. by @vathpela in #447 Remove post-process-pe on 'make clean' by @vathpela in #448 pe: missing perror argument by @xypron in #443 - 15.6-rc1 release note https://github.com/rhboot/shim/releases MokManager: removed Locate graphic output protocol fail error message by @joeyli in #441 shim: implement SBAT verification for the shim_lock protocol by @chrisccoulson in #456 post-process-pe: Fix a missing return code check by @vathpela in #462 Update github actions matrix to be more useful by @frozencemetery in #469 Add f36 and centos9 CI builds by @vathpela in #470 post-process-pe: Fix format string warnings on 32-bit platforms by @steve-mcintyre in #464 tests: also look for system headers in multi-arch directories by @steve-mcintyre in #466 tests: fix gcc warnings by @akodanev in #463 Allow MokListTrusted to be enabled by default by @esnowberg in #455 Add code of conduct by @frozencemetery in #427 Re-add ARM AArch64 support by @vathpela in #468 Use ASCII as fallback if Unicode Box Drawing characters fail by @vathpela in #428 make: don't treat cert.S specially by @vathpela in #475 shim: use SHIM_DEVEL_VERBOSE when built in devel mode by @vathpela in #474 Break out of the inner sbat loop if we find the entry. by @vathpela in #476 Support loading additional certificates by @esnowberg in #446 Add support for NX (W^X) mitigations. by @vathpela in #459 Misc fixups from scan-build. by @vathpela in #477 Fix preserve_sbat_uefi_variable() logic by @jsetje in #478 - 15.6 release note https://github.com/rhboot/shim/releases MokManager: removed Locate graphic output protocol fail error message by @joeyli in #441 shim: implement SBAT verification for the shim_lock protocol by @chrisccoulson in #456 post-process-pe: Fix a missing return code check by @vathpela in #462 Update github actions matrix to be more useful by @frozencemetery in #469 Add f36 and centos9 CI builds by @vathpela in #470 post-process-pe: Fix format string warnings on 32-bit platforms by @steve-mcintyre in #464 tests: also look for system headers in multi-arch directories by @steve-mcintyre in #466 tests: fix gcc warnings by @akodanev in #463 Allow MokListTrusted to be enabled by default by @esnowberg in #455 Add code of conduct by @frozencemetery in #427 Re-add ARM AArch64 support by @vathpela in #468 Use ASCII as fallback if Unicode Box Drawing characters fail by @vathpela in #428 make: don't treat cert.S specially by @vathpela in #475 shim: use SHIM_DEVEL_VERBOSE when built in devel mode by @vathpela in #474 Break out of the inner sbat loop if we find the entry. by @vathpela in #476 Support loading additional certificates by @esnowberg in #446 Add support for NX (W^X) mitigations. by @vathpela in #459 Misc fixups from scan-build. by @vathpela in #477 Fix preserve_sbat_uefi_variable() logic by @jsetje in #478 SBAT Policy latest should be a one-shot by @jsetje in #481 pe: Fix a buffer overflow when SizeOfRawData > VirtualSize by @chriscoulson pe: Perform image verification earlier when loading grub by @chriscoulson Update advertised sbat generation number for shim by @jsetje Update SBAT generation requirements for 05/24/22 by @jsetje Also avoid CVE-2022-28737 in verify_image() by @vathpela - Drop upstreamed patch: - shim-bsc1184454-allocate-mok-config-table-BS.patch - Allocate MOK config table as BootServicesData to avoid the error message from linux kernel - 4068fd42c8 15.5-rc1~70 - shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch - Handle ignore_db and user_insecure_mode correctly - 822d07ad4f07 15.5-rc1~73 - shim-bsc1185621-relax-max-var-sz-check.patch - Relax the maximum variable size check for u-boot - 3f327f546c219634b2 15.5-rc1~49 - shim-bsc1185261-relax-import_mok_state-check.patch - Relax the check for import_mok_state() when Secure Boot is off - 9f973e4e95b113 15.5-rc1~67 - shim-bsc1185232-relax-loadoptions-length-check.patch - Relax the check for the LoadOptions length - ada7ff69bd8a95 15.5-rc1~52 - shim-fix-aa64-relsz.patch - Fix the size of rela* sections for AArch64 - 34e3ef205c5d65 15.5-rc1~51 - shim-bsc1187260-fix-efi-1.10-machines.patch - Don't call QueryVariableInfo() on EFI 1.10 machines - 493bd940e5 15.5-rc1~69 - shim-bsc1185232-fix-config-table-copying.patch - Avoid buffer overflow when copying the MOK config table - 7501b6bb44 15.5-rc1~50 - shim-bsc1187696-avoid-deleting-rt-variables.patch - Avoid deleting the mirrored RT variables - b1fead0f7c9 15.5-rc1~37 - Add "rm -f *.o" after building MokManager/fallback in shim.spec to make sure all object files gets rebuilt - reference: https://github.com/rhboot/shim/pull/461 - The following fix-CVE-2022-28737-v6 patches against bsc#1198458 are included in shim-15.6.tar.bz2 - shim-bsc1198458-pe-Fix-a-buffer-overflow-when-SizeOfRawData-VirtualS.patch pe: Fix a buffer overflow when SizeOfRawData VirtualSize - shim-bsc1198458-pe-Perform-image-verification-earlier-when-loading-g.patch pe: Perform image verification earlier when loading grub - shim-bsc1198458-Update-advertised-sbat-generation-number-for-shim.patch Update advertised sbat generation number for shim - shim-bsc1198458-Update-SBAT-generation-requirements-for-05-24-22.patch Update SBAT generation requirements for 05/24/22 - shim-bsc1198458-Also-avoid-CVE-2022-28737-in-verify_image.patch Also avoid CVE-2022-28737 in verify_image() - 0006-shim-15.6-rc2.patch - 0007-sbat-add-the-parsed-SBAT-variable-entries-to-the-deb.patch sbat: add the parsed SBAT variable entries to the debug log - 0008-bump-version-to-shim-15.6.patch - Add mokutil command to post script for setting sbat policy to latest mode when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created. (bsc#1198458) - Add shim-bsc1198101-opensuse-cert-prompt.patch back to openSUSE shim to show the prompt to ask whether the user trusts openSUSE certificate or not (bsc#1198101) - Updated vendor dbx binary and script (bsc#1198458) - Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment. - Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin file which includes all .der for testing environment. ++++ toolbox: - Prefer podman as container runtime (unrelated part of [bnc#1200976]) ------------------------------------------------------------------ ------------------ 2022-6-27 - Jun 27 2022 ------------------- ------------------------------------------------------------------ ++++ curl: - Security fix: [bsc#1200734, CVE-2022-32205] * Set-Cookie denial of service * Add curl-CVE-2022-32205.patch - Security fix: [bsc#1200735, CVE-2022-32206] * HTTP compression denial of service * Add curl-CVE-2022-32206.patch - Security fix: [bsc#1200736, CVE-2022-32207] * Unpreserved file permissions * Add curl-CVE-2022-32207.patch - Security fix: [bsc#1200737, CVE-2022-32208] * FTP-KRB bad message verification * Add curl-CVE-2022-32208.patch ------------------------------------------------------------------ ------------------ 2022-6-24 - Jun 24 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Bring back /sbin/netconfig as build option since the netconfig in SLE is not ready for usrmerge. ++++ kernel-default: - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (git-fixes). - commit 675eea8 ++++ util-linux: - agetty: Resolve tty name even if stdin is specified (bsc#1197178, util-linux-agetty-resolve-tty-if-stdin-is-specified.patch). - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731, util-linux-libmount-moving-mount-point-sub-mounts.patch, util-linux-libmount-fix-and-improve-utab-on-ms_move.patch). ++++ selinux-policy: - Add fix_userdomain.patch to dontaudit UDP rpc ports (bsc#1193984) - Update to version 20220624. Refreshed: * fix_init.patch * fix_kernel_sysctl.patch * fix_logging.patch * fix_networkmanager.patch * fix_unprivuser.patch Dropped fix_hadoop.patch, not necessary anymore * Updated fix_locallogin.patch to allow accesses for nss-systemd (bsc#1199630) ++++ util-linux-systemd: - agetty: Resolve tty name even if stdin is specified (bsc#1197178, util-linux-agetty-resolve-tty-if-stdin-is-specified.patch). - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731, util-linux-libmount-moving-mount-point-sub-mounts.patch, util-linux-libmount-fix-and-improve-utab-on-ms_move.patch). ------------------------------------------------------------------ ------------------ 2022-6-23 - Jun 23 2022 ------------------- ------------------------------------------------------------------ ++++ hwinfo: - merge gh#openSUSE/hwinfo#113 - Keep NVMe's namespace output consistency when nvme_core.multipath=1 (bsc#1199948) - 21.82 ++++ kernel-default: - ACPI: bus: Avoid using CPPC if not supported by firmware (bsc#1199793). - commit 0f5670f - Move upstreamed ALSA fix into sorted section - commit cd31297 - ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: x86: intel_hdmi_audio: use pm_runtime_resume_and_get() (git-fixes). - ALSA: x86: intel_hdmi_audio: enable pm_runtime and set autosuspend delay (git-fixes). - ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg (git-fixes). - ALSA: hda: intel-dspcfg: use SOF for UpExtreme and UpExtreme11 boards (git-fixes). - ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: usb-audio: US16x08: Move overflow check before array access (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes). - commit a36edad - fs: fix fd table size alignment properly (bsc#1200882). - commit 48b3814 - blacklist.conf: duplicate - commit e8e07db - blacklist.conf: duplicate - commit a10f356 - blacklist.conf: Blacklist e730558adffb, 14362a254179 - commit bc46cf4 - usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes). - commit 46146be - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - commit 6ea4f30 - usb: dwc3: Issue core soft reset before enabling run/stop (git-fixes). - commit 173bfb0 - usb: dwc3: gadget: Wait for ep0 xfers to complete during dequeue (git-fixes). - commit ab00b5f - usb: dwc3: gadget: move cmd_endtransfer to extra function (git-fixes). - commit 73ded12 - usb: dwc3: gadget: ep_queue simplify isoc start condition (git-fixes). - commit 83b219d - usb: dwc3: gadget: Give some time to schedule isoc (git-fixes). - commit 81bd06f - usb: dwc3: gadget: Skip reading GEVNTSIZn (git-fixes). - commit bb0777f - usb: dwc3: gadget: Ignore Update Transfer cmd params (git-fixes). - commit 557f443 - usb: dwc3: gadget: Skip checking Update Transfer status (git-fixes). - commit 69042fa - usb: dwc3: gadget: Change to dev_dbg() when queuing to inactive gadget/ep (git-fixes). - commit 26397b0 - usb: dwc3: Decouple USB 2.0 L1 & L2 events (git-fixes). - commit 597896d - blacklist.conf: add sdsi duplicates - commit 96b040c - mei: me: add raptor lake point S DID (git-fixes). - usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (git-fixes). - usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - drm/amd/display: Cap OLED brightness per max frame-average luminance (git-fixes). - platform/x86: gigabyte-wmi: Add support for B450M DS3H-CF (git-fixes). - platform/x86: gigabyte-wmi: Add Z690M AORUS ELITE AX DDR4 support (git-fixes). - gpio: dwapb: Don't print error on -EPROBE_DEFER (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: cs42l51: Correct minimum value for SX volume control (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - drm/amdkfd: add pinned BOs to kfd_bo_list (git-fixes). - drm/amdkfd: Use mmget_not_zero in MMU notifier (git-fixes). - drm/amd/display: Read Golden Settings Table from VBIOS (git-fixes). - net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - Input: soc_button_array - also add Lenovo Yoga Tablet2 1051F to dmi_use_low_level_irq (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - arm64: dts: imx8mn-beacon: Enable RTS-CTS on UART3 (git-fixes). - arm64: dts: imx8mm-beacon: Enable RTS-CTS on UART3 (git-fixes). - Revert "drm/amd/display: Fix DCN3 B0 DP Alt Mapping" (git-fixes). - commit 1ef7ff5 ++++ python-psutil: - Add patch mem-used-bsc1181475.patch (bsc#1181475) * Adopt change of used memory calculation from upstream of procps ------------------------------------------------------------------ ------------------ 2022-6-22 - Jun 22 2022 ------------------- ------------------------------------------------------------------ ++++ container-selinux: - Update to version 2.187.0: * Allow container domains to use /dev/zero - Changes from 2.186.0: * Create policy for a container_device_t * Allow containers to shutdown & setopt userdomain:sockets - Changes from 2.183.0: * Allow containers to inherit all socket classes from container runtimes. - Changes from 2.182.0: * Allow containers to inherit all socket classes - Changes from 2.181.0: * Allow socket activated domains for tcp sockets from init_t and userdomains. ++++ kernel-default: - blacklist.conf: blacklist block patches (bsc#1200569) - Delete patches.suse/blk-mq-cancel-blk-mq-dispatch-work-in-both-blk_clean.patch. - Delete patches.suse/block-avoid-to-quiesce-queue-in-elevator_init_mq.patch. - commit 9f66f8e - dax: fix cache flush on PMD-mapped pages (bsc#1200830). - commit e2c2768 - iomap: iomap_write_failed fix (bsc#1200829). - commit b09bb9e - jfs: fix divide error in dbNextAG (bsc#1200828). - commit 1d88c02 - fs: fd tables have to be multiples of BITS_PER_LONG (bsc#1200827). - commit 49a67ad - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - commit 60be30f - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (git-fixes). - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - dm verity: set DM_TARGET_IMMUTABLE feature flag (git-fixes). - dm integrity: fix error code in dm_integrity_ctr() (git-fixes). - iocost: don't reset the inuse weight of under-weighted debtors (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - n64cart: convert bi_disk to bi_bdev->bd_disk fix build (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes). - dm: fix use-after-free in dm_cleanup_zoned_dev() (git-fixes). - bcache: fixup multiple threads crash (git-fixes). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - bcache: fix use-after-free problem in bcache_device_free() (git-fixes). - commit 4b94325 - blk-mq: don't touch ->tagset in blk_mq_get_sq_hctx (bsc#1200824). - commit 67cf915 - kabi/severities: add exception for bcache symboles Nobody do their development based on bcache kernel module, it is unnecessary to add bcache symbles into kabi list. Add bcache as exception as we already did in previous products. - commit 3d2c794 - init: Initialize noop_backing_dev_info early (bsc#1200822). - commit 42f2c82 - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - commit 9659a5c - ext4: make variable "count" signed (bsc#1200820). - commit 046a2c3 - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - commit 623bb84 - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - commit a8ac9df - fsnotify: fix wrong lockdep annotations (bsc#1200815). - commit 1d18602 - Update tags for: patches.suse/bfq-Allow-current-waker-to-defend-against-a-tentativ.patch. patches.suse/bfq-Avoid-false-marking-of-bic-as-stably-merged.patch. patches.suse/bfq-Avoid-merging-queues-with-different-parents.patch. patches.suse/bfq-Drop-pointless-unlock-lock-pair.patch. patches.suse/bfq-Get-rid-of-__bio_blkcg-usage.patch. patches.suse/bfq-Make-sure-bfqg-for-which-we-are-queueing-request.patch. patches.suse/bfq-Relax-waker-detection-for-shared-queues.patch. patches.suse/bfq-Remove-pointless-bfq_init_rq-calls.patch. patches.suse/bfq-Split-shared-queues-on-move-between-cgroups.patch. patches.suse/bfq-Track-whether-bfq_group-is-still-online.patch. patches.suse/bfq-Update-cgroup-information-before-merging-bio.patch. - commit a5768bd - writeback: Avoid skipping inode writeback (bsc#1200813). - commit db91e0b - bfq: Fix warning in bfqq_request_over_limit() (bsc#1200812). - commit f0ad25f - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - commit aa31b78 - ext4: fix bug_on in __es_tree_search (bsc#1200809). - commit 6a97568 - ext4: reject the 'commit' option on ext2 filesystems (bsc#1200808). - commit f561c32 - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - commit 7239104 - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - commit 14ca9be - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). Refresh: patches.suse/vfs-add-super_operations-get_inode_dev - commit b200248 - platform/x86/intel/sdsi: Fix bug in multi packet reads (jsc#SLE-18901). - platform/x86/intel/sdsi: Poll on ready bit for writes (jsc#SLE-18901). - platform/x86/intel/sdsi: Handle leaky bucket (jsc#SLE-18901). - commit f67e41c - rpm/check-for-config-changes: ignore GCC12/CC_NO_ARRAY_BOUNDS Upstream commit f0be87c42cbd (gcc-12: disable '-Warray-bounds' universally for now) added two new compiler-dependent configs: * CC_NO_ARRAY_BOUNDS * GCC12_NO_ARRAY_BOUNDS Ignore them -- they are unset by dummy tools (they depend on gcc version == 12), but set as needed during real compilation. - commit a14607c ++++ procps: - Add the patches * procps-3.3.17-library-bsc1181475.patch * procps-3.3.17-top-bsc1181475.patch which are backports of current newlib tree to solve bug bsc#1181475 * 'free' command reports misleading "used" value ++++ openssh: - Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish: Make ssh connections update their dbus environment (bsc#1179465). ++++ patterns-microos: - added conditionally cockpit-networkmanager to cockpit pattern - removed wicked from base pattern (jsc#SMO-84) - 5.3.3 ++++ podman: - Update to version 4.1.1: * The output of the podman load command now mirrors that of docker load. * Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0. * A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so. * Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable. * Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers. * The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries. * The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources. * The podman play kube command will now set default resource limits when the provided YAML does not include them. * The podman play kube command now supports a new option, --annotation, to add annotations to created containers. * The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile. * The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer. * The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them. * The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images. * The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network. * The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information. * The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers. * The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter. * The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format. * The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security. * The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for. * The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create. * The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961). * The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file. * The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}. * The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined. * The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization. * Fix CVE-2022-27191 / bsc#1197284 - Drop obsolete patches: * 0001-Adjust-buildah-to-opencontainers-selinux-v1.10.1.patch * 0001-Relabel-relabel-links-instead-of-their-targets.patch * 0002-specgen-do-not-set-OOMScoreAdj-by-default.patch * 0004-fix-Container.cGroupPath-skip-empty-line-to-avoid-fa.patch ++++ policycoreutils: - Handle missing translations properly in chcat. Added chcat_handle_missing_translations.patch (bsc#1200752) ++++ rust-keylime: - Update to version 0.1.0+git.1655384301.b834667: * Update fmf plans to run test with IMA policy * .github/dependabot.yml: prevent updates that require manifest change - Add logrotate configuration for the agent service - Requires libtss2-tcti-device0 to interact with the real device - Drop legacy Python subpackage and feature - Move conflicts into the Python version ++++ toolbox: - Update to version 2.3+git20220622.32785f7: * Only set --userns=keep-id when running rootless ++++ virt-manager: - bsc#1200691 - SLES 15 SP4 GMC --os-variant tag shouldn't be mandatory on s390x (see also bsc#1200422) revert-363fca41-virt-install-Require-osinfo-for-non-x86-HVM-case-too.patch ------------------------------------------------------------------ ------------------ 2022-6-21 - Jun 21 2022 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ++++ kernel-default: - Move to sorted section - patches.suse/sched-numa-Initialise-numa_migrate_retry.patch - patches.suse/sched-numa-Do-not-swap-tasks-between-nodes-when-spare-capacity-is-available.patch - patches.suse/sched-numa-Apply-imbalance-limitations-consistently.patch - patches.suse/sched-numa-Adjust-imb_numa_nr-to-a-better-approximation-of-memory-channels.patch - patches.suse/sched-fair-Consider-CPU-affinity-when-allowing-NUMA-imbalance-in-find_idlest_group.patch - commit 2813cbe - Refresh patches.suse/sched-fair-Adjust-the-allowed-NUMA-imbalance-when-SD_NUMA-spans-multiple-LLCs.patch. - Refresh patches.suse/sched-fair-Improve-consistency-of-allowed-NUMA-balance-calculations.patch. Update metadata and move to sorted section. - commit e9e3368 - sched/fair: Consider CPU affinity when allowing NUMA imbalance in find_idlest_group() (bnc#1193431). - sched/numa: Adjust imb_numa_nr to a better approximation of memory channels (bnc#1193431). - sched/numa: Apply imbalance limitations consistently (bnc#1193431). - sched/numa: Do not swap tasks between nodes when spare capacity is available (bnc#1193431). - sched/numa: Initialise numa_migrate_retry (bnc#1193431). - commit 14a7772 - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (CVE-2022-1679 bsc#1199487). - commit c0e7a92 - blacklist.conf: Add 6a2d90ba027a ptrace: Reimplement PTRACE_KILL by always sending SIGKILL - commit 0702138 - ALSA: hda: Fix discovery of i915 graphics PCI device (bsc#1200611). - commit 6d6ec08 - net: bnxt_ptp: fix compilation error (bsc#1199736). - bnxt_en: Do not destroy health reporters during reset (bsc#1199736). - bnxt_en: Eliminate unintended link toggle during FW reset (bsc#1199736). - commit 46960ba - powerpc/perf: Fix the threshold compare group constraint for power10 (bsc#1194869). - commit af9d58f - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - commit b447248 - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - commit 7bb387a - pNFS: Avoid a live lock condition in pnfs_update_layout() (git-fixes). - pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - SUNRPC: Trap RDMA segment overflows (git-fixes). - md: fix double free of io_acct_set bioset (git-fixes). - md: Don't set mddev private to NULL in raid0 pers->free (git-fixes). - NFSv4.1 mark qualified async operations as MOVEABLE tasks (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFS: Don't report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Don't report ENOSPC write errors twice (git-fixes). - NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - nfsd: destroy percpu stats counters after reply cache shutdown (git-fixes). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - raid5: introduce MD_BROKEN (git-fixes). - commit cd7dbfe ++++ patterns-microos: - added cockpit-tukit to the pattern (jsc#SMO-22) - 5.3.2 ++++ policycoreutils: - Build and package translations for python-utils (boo#1200752). ------------------------------------------------------------------ ------------------ 2022-6-20 - Jun 20 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit-tukit: - Update to version 0.0.3~git9.94caf26: * switch _service to stable branch * Add translation template * Update translations ++++ jeos-firstboot: - Don't require wicked nor NetworkManager. Both are optional - Update to version 1.2.0.4: * Rewrite license code ++++ kernel-default: - Update config files. - commit 0f2966b - powerpc: Don't select HAVE_IRQ_EXIT_ON_IRQ_STACK (bsc#1194869). - Update config files. - commit 5211de3 - Refresh patches.suse/powerpc-rtas-Allow-ibm-platform-dump-RTAS-call-with-.patch - commit ed464d4 - Delete patches.suse/locking-rwsem-Make-handoff-bit-handling-more-consist.patch (bnc#1200420) The patch in question can miss wakeups on heavily contended inode i_mmap_rwsem locks. In extreme cases, this can prevent acquisition of the i_mmap_rwsem belonging to libc resulting in a system-wide lockup. The issue has been brought upstream but for the moment, revert the patch. - commit a0c3c4b - faddr2line: Fix overlapping text section failures, the sequel (git-fixes). - irqchip/realtek-rtl: Fix refcount leak in map_interrupts (git-fixes). - irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (git-fixes). - irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (git-fixes). - irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (git-fixes). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - mei: hbm: drop capability response on early shutdown (git-fixes). - comedi: vmk80xx: fix expression for tx buffer size (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - i2c: npcm7xx: Add check for platform_driver_register (git-fixes). - arm64: ftrace: consistently handle PLTs (git-fixes). - arm64: ftrace: fix branch range checks (git-fixes). - misc: atmel-ssc: Fix IRQ check in ssc_probe (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - tty: n_gsm: Debug output allocation must use GFP_ATOMIC (git-fixes). - usb: cdnsp: Fixed setting last_trb incorrectly (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack and handling (git-fixes). - commit cd97b2f ++++ samba: - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556). ++++ tar: - Fix race condition while creating intermediate subdirectories, bsc#1200657 * bsc1200657.patch ------------------------------------------------------------------ ------------------ 2022-6-17 - Jun 17 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.38.2: + Fix race condition with pppd that caused failures when activating PPPoE connections. + Unbreak DHCPv6 over PPP. + Don't ignore IPv6 DNS servers received from PPP. + Fix crash while checking WEP capability of Wi-Fi interfaces. + Ensure DHCP is restarted every time the link goes up. + Fix struct alignment issues seen on some architectures. + Various other bugfixes and improvements. ++++ gtk3: - Add dependency "python3x-gobject-Gdk if python3x-gobject" to the typelib package (boo#1200614). ++++ open-iscsi: - For Tumbleweed, moved logrotate files from user-specific directory /etc/logrotate.d to vendor-specific /usr/etc/logrotate.d (for Stefan Schubert ) ++++ kernel-default: - Update patches.suse/random-fix-crash-on-multiple-early-calls-to-add_boot.patch (bsc#1184924). - commit f04e090 - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - commit bf45498 - kabi/severities: Exclude ppc kvm - commit 56c89d8 - exec: Force single empty string when argv is empty (bsc#1200571). - commit 256509d - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - commit d37f671 - net/smc: fixes for converting from "struct smc_cdc_tx_pend **" to "struct smc_wr_tx_pend_priv *" (git-fixes). - net/smc: postpone sk_refcnt increment in connect() (git-fixes). - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (git-fixes). - net/smc: sync err code when tcp connection was refused (git-fixes). - net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() (git-fixes). - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server (git-fixes). - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client (git-fixes). - net/smc: fix connection leak (git-fixes). - net/smc: Use a mutex for locking "struct smc_pnettable" (git-fixes). - net/smc: Transitional solution for clcsock race issue (git-fixes). - net/smc: Reset conn->lgr when link group registration fails (git-fixes). - net/smc: remove redundant re-assignment of pointer link (git-fixes). - net/smc: Avoid warning of possible recursive locking (git-fixes). - net/smc: Transfer remaining wait queue entries during fallback (git-fixes). - commit 813daf3 - s390/perf: obtain sie_block from the right address (bsc#1200315 LTC#198473). - commit 6a3a347 - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - commit f4bd443 - Update patch reference for HID fix (CVE-2022-20132 bsc#1200619) - commit cfdbccf ++++ openssl-1_1: - Added openssl-1_1-Fix-file-operations-in-c_rehash.patch * bsc#1200550 * CVE-2022-2068 * Fixed more shell code injection issues in c_rehash ++++ libvirt: - qemu: Don't assume that /usr/libexec/qemu-kvm exists c890c496-qemu-cleanup-virQEMUCapsFindBinaryForArch.patch, 0a301b19-qemu-dont-assume-qemukvm.patch, fb7016a7-qemu-dissolve-virQEMUCapsFindBinaryForArch.patch bsc#1158430, boo#1196087 ------------------------------------------------------------------ ------------------ 2022-6-16 - Jun 16 2022 ------------------- ------------------------------------------------------------------ ++++ pcre2: - Added pcre2-10.39-bsc1199232-unicode-property-matching.patch * bsc#1199232 * CVE-2022-1586 * Fixes unicode property matching issue ++++ salt: - Fix PAM auth issue due missing check for PAM_ACCT_MGM return value (CVE-2022-22967) (bsc#1200566) - Added: * fix-for-cve-2022-22967-bsc-1200566.patch ------------------------------------------------------------------ ------------------ 2022-6-15 - Jun 15 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#SLE-18130). - commit 29350fd - powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: rename min_common_depth to primary_domain_index (bsc#1200465 ltc#197256 jsc#SLE-18130). - commit bd72f4c - kabi: return type change of secure_ipv_port_ephemeral() (CVE-2022-1012 bsc#1199482). - commit 7655c4d - Move upstreamed x86 patches into sorted section - commit 0044b5f - tcp: drop the hash_32() part from the index calculation (CVE-2022-1012 bsc#1199482). - tcp: increase source port perturb table to 2^16 (CVE-2022-1012 bsc#1199482). - tcp: dynamically allocate the perturb table used by source ports (CVE-2022-1012 bsc#1199482). - tcp: add small random increments to the source port (CVE-2022-1012 bsc#1199482). - tcp: resalt the secret every 10 seconds (CVE-2022-1012 bsc#1199482). Refresh patches.kabi/kabi-return-type-change-of-secure_ipv-46-_port_ephem.patch - tcp: use different parts of the port_offset for index and offset (CVE-2022-1012 bsc#1199482). - secure_seq: use the 64 bits of the siphash for port offset calculation (CVE-2022-1012 bsc#1199482). - commit dbe5a40 - Add references to IBM bugs - patches.suse/s390-dasd-fix-data-corruption-for-ESE-devices (bsc#1200205 LTC#198456). - patches.suse/s390-dasd-prevent-double-format-of-tracks-for-ESE-devices (bsc#1200205 LTC#198456). - patches.suse/s390-dasd-Fix-read-for-ESE-with-blksize-4k (bsc#1200211 LTC#198457). - patches.suse/s390-dasd-Fix-read-inconsistency-for-ESE-DASD-devices (bsc#1200211 LTC#198457). - commit aad3794 - soundwire: qcom: adjust autoenumeration timeout (git-fixes). - thunderbolt: Use different lane for second DisplayPort tunnel (git-fixes). - usb: dwc2: gadget: don't reset gadget's driver->bus (git-fixes). - USB: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - USB: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - tty: n_gsm: Fix packet data hex dump output (git-fixes). - sysrq: do not omit current cpu when showing backtrace of all active CPUs (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() (git-fixes). - drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() (git-fixes). - staging: rtl8712: fix a potential memory leak in r871xu_drv_init() (git-fixes). - rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - rtc: ftrtc010: Use platform_get_irq() to get the interrupt (git-fixes). - tty: n_gsm: Don't ignore write return value in gsmld_output() (git-fixes). - pvpanic: Fix typos in the comments (git-fixes). - commit 27a1b2a - drm/amdgpu: update VCN codec support for Yellow Carp (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate (git-fixes). - extcon: Modify extcon device to be created after driver data is set (git-fixes). - iio: st_sensors: Add a local lock for protecting odr (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - commit ca740b6 - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - char: xillybus: fix a refcount leak in cleanup_dev() (git-fixes). - drm/amd/pm: Fix missing thermal throttler status (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/amd/display: Check if modulo is 0 before dividing (git-fixes). - dmaengine: idxd: add missing callback function to support DMA_INTERRUPT (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - dmaengine: idxd: set DMA_INTERRUPT cap bit (git-fixes). - commit feae0af ++++ libcontainers-common: - Use $() again in %post, but with a space for POSIX compliance ++++ libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag. - version 17.30.2 (22) ++++ logrotate: - Security fix: (bsc#1192449) related to (bsc#1191281, CVE-2021-3864) * enforce stricter parsing to avoid CVE-2021-3864 * Added patch logrotate-enforce-stricter-parsing.patch * Added patch logrotate-enforce-stricter-parsing-extra-tests.patch ++++ rust-keylime: - Drop CFSSL port from the keylime.xml firewalld rules ++++ zypper: - Basic JobReport for "cmdout/monitor". - versioncmp: if verbose, also print the edition 'parts' which are compared. - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally (fixes #433) - Honor the NO_COLOR environment variable when auto-detecting whether to use color (fixes #432) - Define table columns which should be sorted natural [case insensitive] (fixes #391, closes #396, fixes #424) - lr/ls: Use highlight color on name and alias as well. - version 1.14.53 ------------------------------------------------------------------ ------------------ 2022-6-14 - Jun 14 2022 ------------------- ------------------------------------------------------------------ ++++ jeos-firstboot: - Update to version 1.2.0.3: * Don't ask for licence confirmation if not needed * Deduplicate wifi list ++++ kernel-default: - kernel-binary.spec: check s390x vmlinux location As a side effect of mainline commit edd4a8667355 ("s390/boot: get rid of startup archive"), vmlinux on s390x moved from "compressed" subdirectory directly into arch/s390/boot. As the specfile is shared among branches, check both locations and let objcopy use one that exists. - commit cd15543 - Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442) - commit 93b1375 - blacklist.conf: duplicate - commit 04d3753 - blacklist.conf: duplicate - commit 40c85e4 - blacklist.conf: duplicate - commit 87d9efa - blacklist.conf: duplicate - commit f6df653 - ice: kabi protect ice_pf (bsc#1200502). - commit d6775e6 - RDMA/irdma: Set protocol based on PF rdma_mode flag (bsc#1200502). - Refresh patches.suse/RDMA-irdma-Fix-Passthrough-mode-in-VM.patch. - commit d0321f4 - net/ice: Remove unused enum (bsc#1200502). - net/ice: Fix boolean assignment (bsc#1200502). - net/ice: Add support for enable_iwarp and enable_roce devlink param (bsc#1200502). - devlink: Add 'enable_iwarp' generic device param (bsc#1200502). - commit 220523b ++++ libcontainers-common: - Add missing Requires(post): sed, fixes boo#1200524 - Make %post compatible with dash ++++ openldap2: - bsc#1198341 - Prevent memory reuse which may lead to instability * 0243-Change-malloc-to-use-calloc-to-prevent-memory-reuse-.patch ++++ nfs-utils: - 0024-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch Ensure sysctl setting work (bsc#1199856) ++++ rust-keylime: - Update to version 0.1.0+git.1655143451.7c4121e: * Add dependabot for automatic dependency updates * config: remove unused options * persist AK, NK and mTLS certificate to disk * Update tokio minimum version * Adjust CI test name according to keylime-tests PR#125 * Make wiremock an optional dependency * Drop unused dependency flate2 * Drop unused dependency rustc-serialize * Update clap dependency to 3.1.18 * add support for "hash_ek" UUID creation * tpm: add and use EKResult struct as return value for create_ek(..) * replace custom marshall functions with the offical one * update to tss-esapi 7.1.0 * quotes_handler: Rewind measured boot log file * Add test /functional/measured-boot-swtpm-sanity to Packit CI plan * OpenSSL on deb family is now libssl-dev ------------------------------------------------------------------ ------------------ 2022-6-13 - Jun 13 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - commit 5d68630 - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - commit 9445fd3 - Fix the build of f2fs driver (bsc#1200475) Refreshed patches: patches.suse/f2fs-Convert-to-using-invalidate_lock.patch patches.suse/f2fs-fix-to-unmap-pages-from-userspace-process-in-pu.patch - commit 7021d3f - drm/ast: Create threshold values for AST2600 (bsc#1190786) - commit 27f7842 ------------------------------------------------------------------ ------------------ 2022-6-12 - Jun 12 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - commit 553fd9c ------------------------------------------------------------------ ------------------ 2022-6-11 - Jun 11 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021 (git-fixes). - commit e30715d - cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid (git-fixes). - commit bd23b70 ------------------------------------------------------------------ ------------------ 2022-6-10 - Jun 10 2022 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.279.g3b3c36b2: * fix(bluetooth): accept compressed firmwares in inst_multiple (bsc#1200236) * fix(network-legacy): support rd.net.timeout.dhcp (bsc#1200360) * fix(convertfs): ignore commented lines in fstab (bsc#1200251) * fix(integrity): do not display any error if there is no IMA certificate (bsc#1187654) ++++ librsvg: - Update to version 2.52.9: + Fix regressions when computing element geometries. ++++ kernel-default: - floppy: disable FDRAWCMD by default (bsc#1198866 CVE-2022-1836). - Update config files. - commit 74f61f9 - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - net: phy: dp83867: retrigger SGMII AN when link change (git-fixes). - vdpasim: allow to enable a vq repeatedly (git-fixes). - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (git-fixes). - list: fix a data-race around ep->rdllist (git-fixes). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - kselftest/arm64: bti: force static linking (git-fixes). - list: test: Add a test for list_is_head() (git-fixes). - list: introduce list_is_head() helper and re-use it in list.h (git-fixes). - commit 1cdee61 ++++ virglrenderer: - security update * Fix OOB in read_transfer_data() (CVE-2022-0135 bsc#1195389) Add virglrenderer-CVE-2022-0135.patch ------------------------------------------------------------------ ------------------ 2022-6-9 - Jun 9 2022 ------------------- ------------------------------------------------------------------ ++++ glibc: - strncpy-power9-vsx.patch: powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334, BZ #29197) ++++ kernel-default: - USB: new quirk for Dell Gen 2 devices (git-fixes). - USB: serial: option: add Quectel BG95 modem (git-fixes). - xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes). - soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc (git-fixes). - of: overlay: do not break notify on NOTIFY_{OK|STOP} (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - net: phy: micrel: Allow probing without .driver_data (git-fixes). - rtl818x: Prevent using not initialized queues (git-fixes). - rtw88: 8821c: fix debugfs rssi value (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - spi: rockchip: fix missing error on unsupported SPI_CS_HIGH (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - regulator: mt6315: Enforce regulator-compatible, not name (git-fixes). - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (git-fixes). - of: Support more than one crash kernel regions for kexec -s (git-fixes). - net: phy: mscc-miim: reject clause 45 register accesses (git-fixes). - spi: rockchip: Preset cs-high and clk polarity in setup progress (git-fixes). - spi: rockchip: Stop spi slave dma receiver when cs inactive (git-fixes). - net: phy: meson-gxl: improve link-up behavior (git-fixes). - commit 88ae7b9 - mt76: fix encap offload ethernet type check (git-fixes). - mt76: mt7921: accept rx frames with non-standard VHT MCS10-11 (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - media: rkvdec: Stop overclocking the decoder (git-fixes). - media: cec-adap.c: fix is_configuring state (git-fixes). - media: imon: reorganize serialization (git-fixes). - media: ccs-core.c: fix failure to call clk_disable_unprepare (git-fixes). - media: hantro: HEVC: unconditionnaly set pps_{cb/cr}_qp_offset values (git-fixes). - media: rga: fix possible memory leak in rga_probe (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - media: i2c: max9286: fix kernel oops when removing module (git-fixes). - mmc: core: Allows to override the timeout value for ioctl() path (git-fixes). - drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - media: i2c: max9286: Use "maxim,gpio-poc" property (git-fixes). - media: i2c: max9286: Use dev_err_probe() helper (git-fixes). - media: staging: media: rkvdec: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - commit 8e2405a - drm/amdgpu: add beige goby PCI ID (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (git-fixes). - Input: gpio-keys - cancel delayed work only in case of GPIO (git-fixes). - crypto: ccree - use fine grained DMA mapping dir (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for ICL+ (git-fixes). - drm/amd/pm: update smartshift powerboost calc for smu13 (git-fixes). - drm/amd/pm: update smartshift powerboost calc for smu12 (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/dp: reset DP controller before transmit phy test pattern (git-fixes). - drm/nouveau/subdev/bus: Ratelimit logging for fault errors (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/amdgpu/sdma: Fix incorrect calculations of the wptr of the doorbells (git-fixes). - drm/amd/display: Disabling Z10 on DCN31 (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - drm/vmwgfx: validate the screen formats (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - mac80211: minstrel_ht: fix where rate stats are stored (fixes debugfs output) (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - ipmi: Fix pr_fmt to avoid compilation issues (git-fixes). - ipmi:ssif: Check for NULL msg when handling events and messages (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - drm/msm/dp: Modify prototype of encoder based API (git-fixes). - commit 759c11f - ASoC: rt1015p: remove dependency on GPIOLIB (git-fixes). - can: mcp251xfd: silence clang's -Wunaligned-access warning (git-fixes). - cfg80211: declare MODULE_FIRMWARE for regulatory.db (git-fixes). - ath10k: skip ath10k_halt during suspend for driver state RESTARTING (git-fixes). - ath11k: disable spectral scan during spectral deinit (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - char: tpm: cr50_i2c: Suppress duplicated error message in .remove() (git-fixes). - binfmt_flat: do not stop relocating GOT entries prematurely on riscv (git-fixes). - commit 65ef7e3 - ARM: pxa: maybe fix gpio lookup tables (git-fixes). - ARM: OMAP1: clock: Fix UART rate reporting algorithm (git-fixes). - arm64: dts: qcom: sdm845-xiaomi-beryllium: fix typo in panel's vddio-supply property (git-fixes). - arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count (git-fixes). - arm64: dts: qcom: msm8994: Fix the cont_splash_mem address (git-fixes). - ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (git-fixes). - ARM: dts: BCM5301X: Update pin controller node name (git-fixes). - ARM: dts: s5pv210: align DMA channels with dtschema (git-fixes). - ARM: dts: socfpga: align interrupt controller node name with dtschema (git-fixes). - ARM: dts: ox820: align interrupt controller node name with dtschema (git-fixes). - ARM: hisi: Add missing of_node_put after of_find_compatible_node (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: samsung: Fix refcount leak in aries_audio_probe (git-fixes). - ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: dapm: Don't fold register value changes into notifications (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408 (git-fixes). - ASoC: rsnd: care return value from rsnd_node_fixed_index() (git-fixes). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_status_clear() (git-fixes). - ALSA: usb-audio: Move generic implicit fb quirk entries into quirks.c (git-fixes). - ALSA: usb-audio: Add quirk bits for enabling/disabling generic implicit fb (git-fixes). - ACPI: CPPC: Assume no transition latency if no PCCT (git-fixes). - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (git-fixes). - ACPICA: Avoid cache flush inside virtual machines (git-fixes). - ASoC: samsung: Use dev_err_probe() helper (git-fixes). - ASoC: fsl: Use dev_err_probe() helper (git-fixes). - ARM: dts: BCM5301X: update CRU block description (git-fixes). - commit 4c6b283 - KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (git-fixes). - commit ebda4af - KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak (git-fixes). - commit 30785a5 - KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault (git-fixes). - commit ffb6036 - KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (git-fixes). - commit 97f34c5 - KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 (git-fixes). - commit 8240744 - KVM: x86/mmu: Passing up the error state of mmu_alloc_shadow_roots() (git-fixes). - commit d2a88e6 - KVM: x86: Pend KVM_REQ_APICV_UPDATE during vCPU creation to fix a race (git-fixes). - commit 62ba92c - KVM: SVM: drop unnecessary code in svm_hv_vmcb_dirty_nested_enlightenments() (git-fixes). - commit 704e7a8 - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - commit 6f6c8f1 - KVM: x86: Update vCPU's runtime CPUID on write to MSR_IA32_XSS (git-fixes). - commit 06d4784 - KVM: x86: Fix emulation in writing cr8 (git-fixes). - commit 06b317c - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - commit 87cd4ea - Revert "svm: Add warning message for AVIC IPI invalid target" (git-fixes). - commit b359f55 - KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs (git-fixes). - commit 25027bb - KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW (git-fixes). - commit 2ca6eb1 - KVM: SVM: Fix kvm_cache_regs.h inclusions for is_guest_mode() (git-fixes). - commit 28f6136 - KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP MMU (git-fixes). - commit 4e37bee - KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests (git-fixes). - commit 42762d5 - KVM: x86/mmu: Fix write-protection of PTs mapped by the TDP MMU (git-fixes). - commit 3c3b22d - KVM: SVM: hyper-v: Enable Enlightened MSR-Bitmap support for real (git-fixes). - commit 0a53b34 - KVM: x86: hyper-v: Fix the maximum number of sparse banks for XMM fast TLB flush hypercalls (git-fixes). - commit 0a9f2a5 - KVM: x86/mmu: Update number of zapped pages even if page list is stable (git-fixes). - commit e80aea5 - KEYS: asymmetric: enforce that sig algo matches key algo (git-fixes). - Refresh patches.suse/KEYS-asymmetric-properly-validate-hash_algo-and-enco.patch. - commit 432a795 - KEYS: trusted: tpm2: Fix migratable logic (git-fixes). - commit 1953e79 - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1193629). - commit 380000e - cifs: skip trailing separators of prefix paths (bsc#1193629). - commit de52c39 - cifs: update internal module number (bsc#1193629). - commit e08e204 - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1193629). - commit c456b31 - cifs: do not build smb1ops if legacy support is disabled (bsc#1193629). - commit 4993b7e - cifs: fix potential deadlock in direct reclaim (bsc#1193629). - commit b8254d9 - cifs: when extending a file with falloc we should make files not-sparse (bsc#1193629). - commit 52ba2a3 - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1193629). - commit 8ad5d4a - cifs: fix potential double free during failed mount (bsc#1193629). - commit 2c8b5b6 - cifs: avoid parallel session setups on same channel (bsc#1193629). - commit 6398a2b - cifs: use new enum for ses_status (bsc#1193629). - commit 217b1ee - cifs: do not use tcpStatus after negotiate completes (bsc#1193629). - commit e666d73 - smb3: add mount parm nosparse (bsc#1193629). - commit 124b02e - smb3: don't set rc when used and unneeded in query_info_compound (bsc#1193629). - commit 7bd568d - smb3: check for null tcon (bsc#1193629). - commit 7a9d23a - cifs: fix minor compile warning (bsc#1193629). - commit d783113 - Add various fsctl structs (bsc#1193629). - commit 113fafc - smb3: add trace point for oplock not found (bsc#1193629). - commit ca9c908 - cifs: return the more nuanced writeback error on close() (bsc#1193629). - commit 82811a7 - smb3: add trace point for lease not found issue (bsc#1193629). - commit dbdf8ba - cifs: smbd: fix typo in comment (bsc#1193629). - commit aa02f35 - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1193629). - commit 4ab153f - cifs: check for smb1 in open_cached_dir() (bsc#1193629). - commit e68ac2c - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1193629). - commit e6babcb - cifs: print TIDs as hex (bsc#1193629). - commit ce753c2 - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1193629). - commit 562c8f3 - cifs: don't call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1193629). - commit 3e90ad5 - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1193629). - commit 3af7051 - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1193629). - commit e69077c - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1193629). - commit 775b640 - cifs: use correct lock type in cifs_reconnect() (bsc#1193629). - commit 282d7da - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1193629). - commit 4763651 - cifs: Use kzalloc instead of kmalloc/memset (bsc#1193629). - commit fc6ae9a - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1193629). - commit 1257221 - cifs: potential buffer overflow in handling symlinks (bsc#1193629). - commit 3cd13e9 - cifs: Split the smb3_add_credits tracepoint (bsc#1193629). - commit 316f9e5 - cifs: release cached dentries only if mount is complete (bsc#1193629). - commit 42278b8 - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1193629). - commit b05a349 - cifs: update internal module number (bsc#1193629). - commit e161349 - cifs: force new session setup and tcon for dfs (bsc#1193629). - commit 2775e37 - cifs: remove check of list iterator against head past the loop body (bsc#1193629). - commit 98d57dc - cifs: fix potential race with cifsd thread (bsc#1193629). - commit a547515 - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1193629). [ ematsumiya: remove ksmbd parts ] - commit 1f36337 - smb3: cleanup and clarify status of tree connections (bsc#1193629). - commit 4be78fe - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1193629). - commit c6b74e0 - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1193629). - commit f23838d - [smb3] move more common protocol header definitions to smbfs_common (bsc#1193629). - commit d36ebbe - cifs: fix incorrect use of list iterator after the loop (bsc#1193629). - commit b55a09d - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1193629). - commit 00f232e - cifs: convert the path to utf16 in smb2_query_info_compound (bsc#1193629). - commit 9a48bbc - cifs: writeback fix (bsc#1193629). - commit 408ba7b - cifs: use a different reconnect helper for non-cifsd threads (bsc#1193629). - commit 613da4d - cifs: we do not need a spinlock around the tree access during umount (bsc#1193629). - commit 81f5390 - Adjust cifssb maximum read size (bsc#1193629). - commit 8697188 - cifs: fix handlecache and multiuser (bsc#1193629). - commit 1baccc5 - smb3: fix incorrect session setup check for multiuser mounts (bsc#1193629). - commit 96a8bc3 - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1193629). - commit 746d619 - cifs: modefromsids must add an ACE for authenticated users (bsc#1193629). - commit 3e1f855 - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1193629). - commit 96cdf4f - cifs: do not use uninitialized data in the owner/group sid (bsc#1193629). - commit 64c2706 - cifs: fix set of group SID via NTSD xattrs (bsc#1193629). - commit fad6ecf - smb3: fix snapshot mount option (bsc#1193629). - commit 5a0e7c7 - cifs: mark sessions for reconnection in helper function (bsc#1193629). - commit d739035 - cifs: call helper functions for marking channels for reconnect (bsc#1193629). - commit 4bc92b0 - cifs: call cifs_reconnect when a connection is marked (bsc#1193629). - commit b48b128 - [smb3] improve error message when mount options conflict with posix (bsc#1193629). - commit 30c8e8b - cifs: fix workstation_name for multiuser mounts (bsc#1193629). - commit a396f87 - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1193629). - commit f64d988 - Fix a warning about a malformed kernel doc comment in cifs (bsc#1193629). - commit 3b5b4f5 - cifs: update internal module number (bsc#1193629). - commit f3a1db7 - smb3: send NTLMSSP version information (bsc#1193629). - commit 7ef0d69 ++++ python3-core: - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the command injection in the mailcap module. - Rename support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch to unify the patch with other packages. - Add bpo-46623-skip-zlib-s390x.patch skipping two failing tests on s390x. ++++ ceph: - Update to 16.2.9-158-gd93952c7eea: + cmake: check for python(\d)\.(\d+) when building boost + make-dist: patch boost source to support python 3.10 ++++ python3: - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the command injection in the mailcap module. - Rename support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch to unify the patch with other packages. - Add bpo-46623-skip-zlib-s390x.patch skipping two failing tests on s390x. ++++ python-gobject: - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs the actual pycairo underneath (boo#1179584). ++++ runc: - Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. (Includes a fix for bsc#1200088.) * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. * runc static binaries are now linked against libseccomp v2.5.4. - Remove upstreamed patches: - bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch ++++ u-boot-rpiarm64: Fix IP deframentation vulnerabilities CVE-2022-30790, CVE-2022-30552 (bsc#1200363, bsc#1200364) Patch queue updated from https://github.com/openSUSE/u-boot.git sle15-sp4 * Patches added: 0019-net-Check-for-the-minimum-IP-fragme.patch ++++ vim: - Deleted patches: * restrict-shell-commands.patch * source-check-sandbox.patch * vim-8.0.1568-CVE-2021-3778.patch * vim-8.0.1568-CVE-2021-3796.patch * vim-8.0.1568-CVE-2021-3872.patch * vim-8.0.1568-CVE-2021-3927.patch * vim-8.0.1568-CVE-2021-3928.patch * vim-8.0.1568-CVE-2021-3984.patch * vim-8.0.1568-CVE-2021-4019.patch * vim-8.0.1568-CVE-2021-4193.patch * vim-8.0.1568-CVE-2021-46059.patch * vim-8.0.1568-CVE-2022-0319.patch * vim-8.0.1568-CVE-2022-0351.patch * vim-8.0.1568-CVE-2022-0361.patch * vim-8.0.1568-CVE-2022-0413.patch * vim-8.0.1568-globalvimrc.patch - Added patches: * vim-8.1.0297-dump3.patch * vim-8.2.2411-globalvimrc.patch * disable-unreliable-tests-arch.patch - Updated patches: * disable-unreliable-tests.patch * vim-7.3-filetype_changes.patch * vim-7.3-filetype_ftl.patch * vim-7.3-filetype_spec.patch * vim-7.3-gvimrc_fontset.patch * vim-7.3-help_tags.patch * vim-7.3-mktemp_tutor.patch * vim-7.3-name_vimrc.patch * vim-7.3-sh_is_bash.patch * vim-7.3-use_awk.patch * vim-7.4-disable_lang_no.patch * vim-7.4-filetype_apparmor.patch * vim-7.4-filetype_mine.patch * vim-7.4-highlight_fstab.patch * vim-8.0-ttytype-test.patch * vim-8.0.1568-defaults.patch * vim73-no-static-libpython.patch - Updated to version 8.2 with patch level 5038, fixes the following problems * Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow * Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow * Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use After Free * Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open() in src/ex_docmd.c * Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to Out-of-bounds Read * Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to Out-of-bounds Read * Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free * Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in init_ccline() in ex_getln.c * Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in Conda vim prior to 8.2. * Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow in skip_range * Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in append_command * Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in function cmdline_erase_chars * Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in function vim_regexec_string * Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in find_pattern_in_path * Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim * Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior to 8.2 * Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior to 8.2 * Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a .swp file to the editor's primary group, which allows local users to obtain sensitive information * Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to Out-of-bounds Read * Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow in vim prior to 8.2 * Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in vim prior to 8.2 * Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset * Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow * Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in cindent.c * Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior to 8.2. * Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write * Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read ------------------------------------------------------------------ ------------------ 2022-6-8 - Jun 8 2022 ------------------- ------------------------------------------------------------------ ++++ ModemManager: - Enable QRTR support * Add BR pkgconfig(qrtr-glib) ++++ gpg2: - gnupg-detect_FIPS_mode.patch: use AES as default cipher instead of 3DES if we are in FIPS mode. (bsc#1196125) ++++ kernel-default: - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1193629). - commit 7adf859 - cifs: update tcpStatus during negotiate and sess setup (bsc#1193629). - commit 3f08633 - cifs: make status checks in version independent callers (bsc#1193629). - commit 4cd34c9 - cifs: remove repeated state change in dfs tree connect (bsc#1193629). - commit 8253840 - cifs: fix the cifs_reconnect path for DFS (bsc#1193629). - commit 87c9542 - cifs: remove unused variable ses_selected (bsc#1193629). - commit 6eecd97 - cifs: protect all accesses to chan_* with chan_lock (bsc#1193629). - commit aafaacc - cifs: fix the connection state transitions with multichannel (bsc#1193629). - commit 4d0aa0b - cifs: check reconnects for channels of active tcons too (bsc#1193629). - commit fbe1e74 - cifs: serialize all mount attempts (bsc#1193629). - commit 59797f7 - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1193629). - commit 6676166 - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1193629). - commit da4fb6c - cifs: clean up an inconsistent indenting (bsc#1193629). - commit d52e4e3 - cifs: free ntlmsspblob allocated in negotiate (bsc#1193629). - commit d5d4763 - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1193629). - commit 11e89d8 - cifs: move superblock magic defitions to magic.h (bsc#1193629). - commit 9fcbd8d - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1193629). - commit 7b20a4b - cifs: avoid race during socket reconnect between send and recv (bsc#1193629). - commit 946730f - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1193629). - commit 95b368d - cifs: fix hang on cifs_get_next_mid() (bsc#1193629). - commit 851fea7 - cifs: take cifs_tcp_ses_lock for status checks (bsc#1193629). - commit 2ab24a2 - cifs: reconnect only the connection and not smb session where possible (bsc#1193629). - commit 833b4c0 - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1193629). - commit d359030 - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1193629). - commit 2bb2f0d - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1193629). - commit cb5bbe6 - cifs: track individual channel status using chans_need_reconnect (bsc#1193629). - commit 4a6c95e - cifs: remove redundant assignment to pointer p (bsc#1193629). - commit 6785bb0 - ftrace: Clean up hash direct_functions on register failures (git-fixes). - commit b73ad5c - blacklist.conf: aa748949b4e6 ("tracing/timerlat: Notify IRQ new max latency only if stop tracing is set") Not really a bug. It fixes a performance issue in tracing/timerlat. It also needs a preparatory patch. - commit d176655 - blacklist.conf: Add 78ed93d72ded signal: Deliver SIGTRAP on perf event asynchronously if blocked - commit 076f1f3 - KVM: x86: Drop guest CPUID check for host initiated writes to MSR_IA32_PERF_CAPABILITIES (git-fixes). - commit ae69371 - KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse IPI req (git-fixes). - commit cb739a2 - KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall (git-fixes). - commit 7b6e6c7 - KVM: nVMX: Ensure vCPU honors event request if posting nested IRQ fails (git-fixes). - commit 1658257 - KVM: x86: Exit to userspace if emulation prepared a completion callback (git-fixes). - commit c752451 - KVM: x86: Handle 32-bit wrap of EIP for EMULTYPE_SKIP with flat code seg (git-fixes). - commit d782140 - KVM: x86: don't print when fail to read/write pv eoi memory (git-fixes). - commit ddd0369 - KVM: X86: Ensure that dirty PDPTRs are loaded (git-fixes). - commit d9d53c0 - KVM: VMX: Read Posted Interrupt "control" exactly once per loop iteration (git-fixes). - commit a3af640 - KVM: VMX: Don't unblock vCPU w/ Posted IRQ if IRQs are disabled in guest (git-fixes). - commit 30f5bba - Add CVE reference to patches.suse/fanotify-Fix-stale-file-descriptor-in-copy_event_to_.patch (bsc#1195187 CVE-2022-1998). - commit f941d8c - KVM: x86: Register Processor Trace interrupt hook iff PT enabled in guest (git-fixes). - commit 566d574 - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - commit eadab0f - Refresh patches.suse/drm-vmwgfx-Fix-fencing-on-SVGAv3.patch. Alt-commit - commit 595b07f - blacklist.conf: d4da1f27396f drm/dp: Fix off-by-one in register cache size - commit 6523c09 - blacklist.conf: 4adc33f36d80 drm/edid: Split deep color modes between RGB and YUV444 - commit ac837ed - mmc: block: Fix CQE recovery reset success (git-fixes). - commit d3053f5 ++++ libcontainers-common: - Add missing comma to previous change ++++ systemd: - Import commit 17d488c53ad150de59f7d842e870e0c3d141d8ff 6b3bb1161c core/device: device_coldplug(): don't set DEVICE_DEAD 1e4058a0bc core/device: do not downgrade device state if it is already enumerated f1d33c466e core/device: ignore DEVICE_FOUND_UDEV bit on switching root (bsc#1137373 bsc#1181658 bsc#1194708 bsc#1195157 bsc#1197570) fdaad2ff3a core/device: drop unnecessary condition ------------------------------------------------------------------ ------------------ 2022-6-7 - Jun 7 2022 ------------------- ------------------------------------------------------------------ ++++ containerd: - Update to containerd v1.6.6 to fix CVE-2022-31030 and meet the requirements of Docker v20.10.17-ce. bsc#1200145 - Remove upstreamed patches: - bsc1200145-Limit-the-response-size-of-ExecSync.patch ++++ docker: - Update to Docker 20.10.17-ce. See upstream changelog online at . bsc#1200145 - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch ++++ kernel-default: - arm64: supported.conf: mark PHY_FSL_IMX8MQ_USB as supported (bsc#1199909) - commit d332656 - add mainline tag for a pci-hyperv change - commit 6d39b2d - swiotlb: max mapping size takes min align mask into account (bsc#1197303). - commit dfe7233 - pipe: Fix missing lock in pipe_resize_ring() (git-fixes). - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - HID: multitouch: add quirks to enable Lenovo X12 trackpoint (git-fixes). - drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - nfc: pn533: Fix buggy cleanup order (git-fixes). - commit 0f1be88 - netfilter: nf_tables: sanitize nft_set_desc_concat_parse() (CVE-2022-1972 bsc#1200019). - commit fb312f5 - netfilter: nf_tables: disallow non-stateful expression in sets earlier (CVE-2022-1966 bsc#1200015). - commit 382d5dc ++++ mozilla-nss: - Remove upstreamed patches: * nss-fips-version-indicators.patch * nss-fips-tests-pin-paypalee-cert.patch - update to NSS 3.79 - bmo#205717 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - bmo#1766907 - Update mercurial in clang-format docker image. - bmo#1454072 - Use of uninitialized pointer in lg_init after alloc fail. - bmo#1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - bmo#1753315 - Add SECMOD_LockedModuleHasRemovableSlots. - bmo#1387919 - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - bmo#1765753 - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - bmo#1765753 - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - bmo#1764788 - Correct invalid record inner and outer content type alerts. - bmo#1757075 - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - bmo#1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle. - bmo#1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - bmo#1769302 - NSS 3.79 should depend on NSPR 4.34 - update to NSS 3.78.1 * bmo#1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple - update to NSS 3.78 bmo#1755264 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. bmo#1294978 - Reworked overlong record size checks and added TLS1.3 specific boundaries. bmo#1763120 - Add ECH Grease Support to tstclnt bmo#1765003 - Add a strict variant of moz::pkix::CheckCertHostname. bmo#1166338 - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. bmo#1760813 - Make SEC_PKCS12EnableCipher succeed bmo#1762489 - Update zlib in NSS to 1.2.12. - update to NSS 3.77 * Bug 1762244 - resolve mpitests build failure on Windows. * bmo#1761779 - Fix link to TLS page on wireshark wiki * bmo#1754890 - Add two D-TRUST 2020 root certificates. * bmo#1751298 - Add Telia Root CA v2 root certificate. * bmo#1751305 - Remove expired explicitly distrusted certificates from certdata.txt. * bmo#1005084 - support specific RSA-PSS parameters in mozilla::pkix * bmo#1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. * bmo#1756271 - Remove token member from NSSSlot struct. * bmo#1602379 - Provide secure variants of mpp_pprime and mpp_make_prime. * bmo#1757279 - Support UTF-8 library path in the module spec string. * bmo#1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. * bmo#1760827 - Add a CI Target for gcc-11. * bmo#1760828 - Change to makefiles for gcc-4.8. * bmo#1741688 - Update googletest to 1.11.0 * bmo#1759525 - Add SetTls13GreaseEchSize to experimental API. * bmo#1755264 - TLS 1.3 Illegal legacy_version handling/alerts. * bmo#1755904 - Fix calculation of ECH HRR Transcript. * bmo#1758741 - Allow ld path to be set as environment variable. * bmo#1760653 - Ensure we don't read uninitialized memory in ssl gtests. * bmo#1758478 - Fix DataBuffer Move Assignment. * bmo#1552254 - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 * bmo#1755092 - rework signature verification in mozilla::pkix - Require nss-util in nss.pc and subsequently remove -lnssutil3 - update to NSS 3.76.1 NSS 3.76.1 * bmo#1756271 - Remove token member from NSSSlot struct. NSS 3.76 * bmo#1755555 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. * bmo#1370866 - Check return value of PK11Slot_GetNSSToken. * bmo#1747957 - Use Wycheproof JSON for RSASSA-PSS * bmo#1679803 - Add SHA256 fingerprint comments to old certdata.txt entries. * bmo#1753505 - Avoid truncating files in nss-release-helper.py. * bmo#1751157 - Throw illegal_parameter alert for illegal extensions in handshake message. - Add nss-util pkgconfig and config files (copied from RH/Fedora) - update to NSS 3.75 * bmo#1749030 - This patch adds gcc-9 and gcc-10 to the CI. * bmo#1749794 - Make DottedOIDToCode.py compatible with python3. * bmo#1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing. * bmo#1748386 - Remove redundant key type check. * bmo#1749869 - Update ABI expectations to match ECH changes. * bmo#1748386 - Enable CKM_CHACHA20. * bmo#1747327 - check return on NSS_NoDB_Init and NSS_Shutdown. * bmo#1747310 - real move assignment operator. * bmo#1748245 - Run ECDSA test vectors from bltest as part of the CI tests. * bmo#1743302 - Add ECDSA test vectors to the bltest command line tool. * bmo#1747772 - Allow to build using clang's integrated assembler. * bmo#1321398 - Allow to override python for the build. * bmo#1747317 - test HKDF output rather than input. * bmo#1747316 - Use ASSERT macros to end failed tests early. * bmo#1747310 - move assignment operator for DataBuffer. * bmo#1712879 - Add test cases for ECH compression and unexpected extensions in SH. * bmo#1725938 - Update tests for ECH-13. * bmo#1725938 - Tidy up error handling. * bmo#1728281 - Add tests for ECH HRR Changes. * bmo#1728281 - Server only sends GREASE HRR extension if enabled by preference. * bmo#1725938 - Update generation of the Associated Data for ECH-13. * bmo#1712879 - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. * bmo#1712879 - Allow for compressed, non-contiguous, extensions. * bmo#1712879 - Scramble the PSK extension in CHOuter. * bmo#1712647 - Split custom extension handling for ECH. * bmo#1728281 - Add ECH-13 HRR Handling. * bmo#1677181 - Client side ECH padding. * bmo#1725938 - Stricter ClientHelloInner Decompression. * bmo#1725938 - Remove ECH_inner extension, use new enum format. * bmo#1725938 - Update the version number for ECH-13 and adjust the ECHConfig size. - update to NSS 3.74 * bmo#966856 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses * bmo#1553612 - Ensure clients offer consistent ciphersuites after HRR * bmo#1721426 - NSS does not properly restrict server keys based on policy * bmo#1733003 - Set nssckbi version number to 2.54 * bmo#1735407 - Replace Google Trust Services LLC (GTS) R4 root certificate * bmo#1735407 - Replace Google Trust Services LLC (GTS) R3 root certificate * bmo#1735407 - Replace Google Trust Services LLC (GTS) R2 root certificate * bmo#1735407 - Replace Google Trust Services LLC (GTS) R1 root certificate * bmo#1735407 - Replace GlobalSign ECC Root CA R4 * bmo#1733560 - Remove Expired Root Certificates - DST Root CA X3 * bmo#1740807 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates * bmo#1741930 - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate * bmo#1740095 - Add iTrusChina ECC root certificate * bmo#1740095 - Add iTrusChina RSA root certificate * bmo#1738805 - Add ISRG Root X2 root certificate * bmo#1733012 - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate * bmo#1738028 - Avoid a clang 13 unused variable warning in opt build * bmo#1735028 - Check for missing signedData field * bmo#1737470 - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) - update to NSS 3.73.1: * Add SHA-2 support to mozilla::pkix's OSCP implementation - update to NSS 3.73 * bmo#1735028 - check for missing signedData field. * bmo#1737470 - Ensure DER encoded signatures are within size limits. * bmo#1729550 - NSS needs FiPS 140-3 version indicators. * bmo#1692132 - pkix_CacheCert_Lookup doesn't return cached certs * bmo#1738600 - sunset Coverity from NSS MFSA 2021-51 (bsc#1193170) * CVE-2021-43527 (bmo#1737470) Memory corruption via DER-encoded DSA and RSA-PSS signatures - update to NSS 3.72 * Remove newline at the end of coreconf.dep * bmo#1731911 - Fix nsinstall parallel failure. * bmo#1729930 - Increase KDF cache size to mitigate perf regression in about:logins - update to NSS 3.71 * bmo#1717716 - Set nssckbi version number to 2.52. * bmo#1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py * bmo#1373716 - Import of PKCS#12 files with Camellia encryption is not supported * bmo#1717707 - Add HARICA Client ECC Root CA 2021. * bmo#1717707 - Add HARICA Client RSA Root CA 2021. * bmo#1717707 - Add HARICA TLS ECC Root CA 2021. * bmo#1717707 - Add HARICA TLS RSA Root CA 2021. * bmo#1728394 - Add TunTrust Root CA certificate to NSS. - update to NSS 3.70 * bmo#1726022 - Update test case to verify fix. * bmo#1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max * bmo#1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback * bmo#1681975 - Avoid using a lookup table in nssb64d. * bmo#1724629 - Use HW accelerated SHA2 on AArch64 Big Endian. * bmo#1714579 - Change default value of enableHelloDowngradeCheck to true. * bmo#1726022 - Cache additional PBE entries. * bmo#1709750 - Read HPKE vectors from official JSON. - Update to NSS 3.69.1 * bmo#1722613 (Backout) - Disable DTLS 1.0 and 1.1 by default * bmo#1720226 (Backout) - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69 * bmo#1722613 - Disable DTLS 1.0 and 1.1 by default (backed out again) * bmo#1720226 - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) * bmo#1720235 - SSL handling of signature algorithms ignores environmental invalid algorithms. * bmo#1721476 - sqlite 3.34 changed it's open semantics, causing nss failures. (removed obsolete nss-btrfs-sqlite.patch) * bmo#1720230 - Gtest update changed the gtest reports, losing gtest details in all.sh reports. * bmo#1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode * bmo#1720232 - SQLite calls could timeout in starvation situations. * bmo#1720225 - Coverity/cpp scanner errors found in nss 3.67 * bmo#1709817 - Import the NSS documentation from MDN in nss/doc. * bmo#1720227 - NSS using a tempdir to measure sql performance not active - add nss-fips-stricter-dh.patch - updated existing patches with latest SLE ++++ logrotate: - Fix "logrotate emits unintended warning: keyword size not properly separated, found 0x3d" (bsc#1200278, bsc#1200802): * Added patch logrotate-dont_warn_on_size=_syntax.patch ++++ nvme-cli: - fabrics: Already connected uses a different error code (bsc#1199994) * add 0001-fabrics-Already-connected-uses-a-different-error-cod.patch - fabrics: skip connect if the transport types don't match (bsc#1199949 bsc#1199994) * add 0002-fabrics-skip-connect-if-the-transport-types-don-t-ma.patch - nvme-print: Show ANA state only for one namespace (bsc#1200044 bsc#1199956 bsc#1199990) * add 0003-nvme-print-Show-paths-from-the-first-namespace-only.patch * add 0004-nvme-print-Show-ANA-state-only-for-one-namespace.patch - fabrics: Honor config file for connect-all (bsc#1199504) * add 0005-fabrics-Honor-config-file-for-connect-all.patch ++++ patterns-microos: - include TPM in the base pattern (jsc#SMO-79) - 5.3.1 ------------------------------------------------------------------ ------------------ 2022-6-6 - Jun 6 2022 ------------------- ------------------------------------------------------------------ ++++ containerd: [ This patch was only released in SLES and Leap. ] - Backport patch to fix GHSA-5ffw-gxpp-mxpf CVE-2022-31030. bsc#1200145 + bsc1200145-Limit-the-response-size-of-ExecSync.patch - Update to containerd v1.5.12. Upstream release notes: ++++ kernel-default: - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - Update config files to disable mistakenly enabled CONFIG_JBD2_DEBUG - commit 906d455 - net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is unavailable (git-fixes). - net/smc: use memcpy instead of snprintf to avoid out of bounds read (git-fixes). - net/smc: Remove unused function declaration (git-fixes). - commit 3a30c09 - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: Fix read inconsistency for ESE DASD devices (git-fixes). - s390/dasd: Fix read for ESE with blksize < 4k (git-fixes). - s390/dasd: prevent double format of tracks for ESE devices (git-fixes). - s390/dasd: fix data corruption for ESE devices (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - s390/smp: sort out physical vs virtual pointers usage (git-fixes). - s390/extable: fix exception table sorting (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/entry: fix duplicate tracking of irq nesting level (git-fixes). - s390/kexec_file: fix error handling when applying relocations (git-fixes). - s390/kexec: fix memory leak of ipl report buffer (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - commit ef964f8 - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - modpost: fix removing numeric suffixes (git-fixes). - commit 05f3a6d ++++ libcontainers-common: - Add registry.suse.com as agreed on oSC22 Let's advertise usage of BCI images in general ------------------------------------------------------------------ ------------------ 2022-6-5 - Jun 5 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: hisi_sas: Fix rescan after deleting a disk (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: core: Query VPD size before getting full page (git-fixes). - scsi: mpt3sas: Use cached ATA Information VPD page (git-fixes). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - commit 208fb5c - Added a commit for SCSI fixes - commit 73de13f - drbd: remove assign_p_sizes_qlim (git-fixes). - commit 457053c ------------------------------------------------------------------ ------------------ 2022-6-4 - Jun 4 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: usb-audio: Cancel pending work at closing a MIDI substream (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control (git-fixes). - commit 1ee546e - USB: serial: pl2303: fix type detection for odd device (git-fixes). - usb: dwc3: gadget: Move null pinter check to proper place (git-fixes). - usb: isp1760: Fix out-of-bounds array access (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - USB: storage: karma: fix rio_karma_init return (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: n_tty: Restore EOF push handling behavior (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - virtio: pci: Fix an error handling path in vp_modern_probe() (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - commit 516f89a - selftests: firmware: Fix the request_firmware_into_buf() test for XZ format (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - soundwire: intel: prevent pm_runtime resume prior to system suspend (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: sh-sci: Don't allow CS5-6 (git-fixes). - serial: txx9: Don't allow CS5-6 (git-fixes). - serial: rda-uart: Don't allow CS5-6 (git-fixes). - serial: digicolor-usart: Don't allow CS5-6 (git-fixes). - serial: cpm_uart: Fix build error without CONFIG_SERIAL_CPM_CONSOLE (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: pch: don't overwrite xmit->buf[0] by x_char (git-fixes). - serial: sifive: Report actual baud base rather than fixed 115200 (git-fixes). - serial: 8250: pxa: Remove unneeded (git-fixes). - serial: 8250: core: Remove unneeded (git-fixes). - serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - commit dd65e3b - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - regulator: mt6315-regulator: fix invalid allowed mode (git-fixes). - dt-bindings: PCI: xilinx-cpm: Fix reg property order (git-fixes). - platform: finally disallow IRQ0 in platform_get_irq() and its ilk (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - extcon: ptn5150: Add queue work sync before driver release (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - dt-bindings: phy: uniphier-usb3hs: Fix incorrect clock-names and reset-names (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - misc: fastrpc: fix an incorrect NULL check on list iterator (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - memory: fsl_ifc: populate child nodes of buses and mfd devices (git-fixes). - commit a50adf8 - driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction (git-fixes). - driver core: fix deadlock in __device_attach (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - Documentation: dd: Use ReST lists for return values of driver_deferred_probe_check_state() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (git-fixes). - commit 903d077 ------------------------------------------------------------------ ------------------ 2022-6-3 - Jun 3 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (fate#322438 git-fixes). - commit e2ebad5 - tracing: Fix return value of trace_pid_write() (git-fixes). - commit 5a94726 - tracing: Fix potential double free in create_var_ref() (git-fixes). - commit eaa2d28 - blacklist.conf: 499f12168aeb ("tracing: Have event format check not flag %p* on __get_dynamic_array()") The commit introduces similar improvement as commit c6ced22997ad ("tracing: Update print fmt check to handle new __get_sockaddr() macro") which we do not carry. Let's blacklist it for now. - commit 416300c - Move upstreamed fsl patch into sorted section - commit 4204d7b - dt-bindings: gpio: altera: correct interrupt-cells (git-fixes). - ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks (git-fixes). - net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (git-fixes). - i2c: ismt: prevent memory corruption in ismt_access() (git-fixes). - rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (git-fixes). - commit 7548c25 ++++ libnvme: - Reduce log noise and export error codes (bsc#1199994 bsc#1199503) * add 0001-fabrics-Lower-log-level-in-__nvmf_add_ctrl.patch * add 0002-fabrics-Remove-double-connection-error-logging.patch * add 0003-fabrics-Introduce-connection-connect-error-mapping.patch - Apply configuration from JSON file (bsc#1199503) * add 0004-libnvme-Export-nvme_ctrl_get_config.patch * add 0005-tree-Factor-lookup-code-for-controller.patch * add 0006-fabrics-Consider-config-from-file-when-adding-new-co.patch ++++ qemu: - Improve the output of update_git.sh, by including the list of repos to which we have downstream patches. - Fix bsc#1197084 and bsc#1199924 * Patches added: hostmem-default-the-amount-of-prealloc-t.patch pci-fix-overflow-in-snprintf-string-form.patch ++++ toolbox: - Update to version 2.3+git20220603.bbeda2e: * Allow to choose runtime and try to retain the user's groups * (Try to) Avoid problems when packages touching bind mounts are upgraded * Try to make sure that (some) foreign distro images (kind of) work as toolboxes * Do not stop a toolbox with something running inside * Exit if neither podman or docker are usable * Support passing just the name of the container to create and enter command * Fix cleanup logic and make toolbox start a little less verbose * Always pull when creating a new toolbox * Add a "more sandboxing" mode ------------------------------------------------------------------ ------------------ 2022-6-2 - Jun 2 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - arm64: Update config files. (bsc#1199909) Add pfuze100 regulator as module - commit e01be53 - drm/vc4: hdmi: Add debugfs prefix (bsc#1199163). - commit 4dc809b - powerpc/xive: Fix refcount leak in xive_spapr_init (fate#322438 git-fixes). - commit 852fb13 - Cover the missing device_registered() check in the previous NFC fix patch (CVE-2022-1974 bsc#1200144) - Refresh patches.suse/NFC-SUSE-specific-brutal-fix-for-runtime-PM.patch. - Refresh patches.suse/nfc-replace-improper-check-device_is_registered-in-n.patch. - commit be7ffc0 - Update patch reference for NFC fix (CVE-2022-1975 bsc#1200143) - commit c69687e - nfc: replace improper check device_is_registered() in netlink related functions (CVE-2022-1974 bsc#1200144). - Refresh patches.suse/NFC-NULL-out-the-dev-rfkill-to-prevent-UAF.patch. - commit 3255346 - Fix 0010-drm-msm-dpu-fix-error-check-return-value-of-irq_of_p.patch Fixed the incorrect return value added by this patch. Error message is below. * int-conversion in ../drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c in dpu_kms_init ../drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c: In function 'dpu_kms_init': ../drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c:1127:10: warning: return makes pointer from integer without a cast [-Wint-conversion] - commit 2b62fe6 - rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (git-fixes). - commit 240d3e0 - power: supply: axp288_fuel_gauge: Drop BIOS version check from "T3 MRD" DMI quirk (git-fixes). - commit 61ba8ea - power: supply: axp288_fuel_gauge: Fix battery reporting on the One Mix 1 (git-fixes). - commit 4dbbac8 - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - rtc: mxc: Silence a clang warning (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (git-fixes). - rpmsg: virtio: Fix possible double free in rpmsg_probe() (git-fixes). - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (git-fixes). - remoteproc: imx_rproc: Ignore create mem entry for resource table (git-fixes). - drm/msm/dp: fix event thread stuck in wait_event after kthread_stop() (git-fixes). - drm/msm: add missing include to msm_drv.c (git-fixes). - commit 1351672 - tools arch x86: Add Intel SDSi provisiong tool (jsc#SLE-18938). - platform/x86: Add Intel Software Defined Silicon driver (jsc#SLE-18938). - Update config files (set INTEL_SDSI=m). - supported.conf: add intel_sdsi - commit 5d516f9 ++++ mozilla-nss: - Mozilla NSS 3.68.4 (bsc#1200027) * Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) ++++ openssl-1_1: - Added openssl-update_expired_certificates.patch * Openssl failed tests because of expired certificates. * bsc#1185637 * Sourced from https://github.com/openssl/openssl/pull/18446/commits ++++ ceph: - Update to ceph-16.2.9-58-ge2e5cb80063: + (bsc#1200064, pr#480) Remove last vestiges of docker.io image paths ++++ libvirt: - qemu: Support memory allocation threads ba7f9812-conf-intro-mem-alloc-threads.patch, a30dac15-qemu-detect-prealloc-threads.patch, 75a4e016-qemu-validate-prealloc-threads.patch, b8d6ecc7-qemu-generate-prealloc-threads.patch bsc#1197084 ++++ supportutils: - Added a listing to /dev/mapper/. #129 ------------------------------------------------------------------ ------------------ 2022-6-1 - Jun 1 2022 ------------------- ------------------------------------------------------------------ ++++ hwdata: - Update to version 0.360 (bsc#1200110): + Updated pci, usb and vendor ids. ++++ kernel-default: - mm/page_alloc: always attempt to allocate at least one page during bulk allocation (git fixes (mm/pgalloc)). - commit b7805bd - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - commit ae4d644 - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045). - commit 113346a - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - commit 7d2b57d - KVM: x86: avoid calling x86 emulator without a decoded instruction (CVE-2022-1852 bsc#1199875). - commit aff0e2d - KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID (CVE-2022-1789 bsc#1199674). - commit 2d985ed - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - commit 8873758 - i2c: rcar: fix PM ref counts in probe error paths (git-fixes). - i2c: npcm: Handle spurious interrupts (git-fixes). - i2c: npcm: Correct register access width (git-fixes). - i2c: npcm: Fix timeout calculation (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - commit 713cdfa ++++ sg3_utils: - Update to version 1.47+5.d13bc56: * rescan-scsi-bus.sh: add timeout parameter (bsc#1199248) ------------------------------------------------------------------ ------------------ 2022-5-31 - May 31 2022 ------------------- ------------------------------------------------------------------ ++++ grub2: - Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) * 0001-video-Remove-trailing-whitespaces.patch * 0002-loader-efi-chainloader-Simplify-the-loader-state.patch * 0003-commands-boot-Add-API-to-pass-context-to-loader.patch - Fix CVE-2022-28736 (bsc#1198496) * 0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch - Fix CVE-2022-28735 (bsc#1198495) * 0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch * 0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch * 0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch * 0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch - Fix CVE-2021-3695 (bsc#1191184) * 0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch - Fix CVE-2021-3696 (bsc#1191185) * 0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch * 0011-video-readers-png-Sanity-check-some-huffman-codes.patch * 0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch * 0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch * 0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch - Fix CVE-2021-3697 (bsc#1191186) * 0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch * 0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch - Fix CVE-2022-28733 (bsc#1198460) * 0017-net-ip-Do-IP-fragment-maths-safely.patch * 0018-net-netbuff-Block-overly-large-netbuff-allocs.patch * 0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch * 0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch * 0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch * 0022-net-tftp-Avoid-a-trivial-UAF.patch * 0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch - Fix CVE-2022-28734 (bsc#1198493) * 0024-net-http-Fix-OOB-write-for-split-http-headers.patch - Fix CVE-2022-28734 (bsc#1198493) * 0025-net-http-Error-out-on-headers-with-LF-without-CR.patch * 0026-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch * 0027-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch * 0028-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch * 0029-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch * 0030-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch * 0031-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch * 0032-Use-grub_loader_set_ex-for-secureboot-chainloader.patch - Update SBAT security contact (boo#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused by 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch, when the root LV is completely in the boot LUN (bsc#1197948) * 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch ++++ kernel-default: - Delete patches.suse/random-fix-crash-on-multiple-early-calls-to-add_bootloader_randomness.patch. Remove this out-of-tree patch. Upstream has fixed the issue differently. - commit dbaf4c1 - revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438). - commit 3e4f734 - KVM: x86: nSVM: skip eax alignment check for non-SVM instructions (git-fixes). - commit 780b40c - Input: synaptics - enable InterTouch on ThinkPad T14/P14s Gen 1 AMD (git-fixes). - commit 801b48d - Move upstreamed patches into sorted section - commit 36fc456 - Move upstreamed patches into sorted section - commit 92f23de - blacklist.conf: remove the document fix patch that has been backported - commit 94cafe2 - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - commit d77ad83 - KVM: VMX: Set failure code in prepare_vmcs02() (git-fixes). - commit eda282d - KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register (git-fixes). - commit 08bb9f1 - KVM: x86/mmu: Remove spurious TLB flushes in TDP MMU zap collapsible path (git-fixes). - commit 14f3189 - blacklist.conf: Append 'drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems' - commit 63487a6 - KVM: x86/mmu: Use yield-safe TDP MMU root iter in MMU notifier unmapping (git-fixes). - commit d241db8 - blacklist.conf: Append 'drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses' - commit 7d292af - btrfs: Avoid live-lock in search_ioctl() on hardware with sub-page (git-fixes) - commit f5c6c88 - blacklist.conf: Append 'drm/i915: Check EDID for HDR static metadata when choosing blc' - commit 1e4bda7 - KVM: nVMX: Emulate guest TLB flush on nested VM-Enter with new vpid12 (git-fixes). - commit d9a79ed - blacklist.conf: Append 'drm/i915: Fix race in __i915_vma_remove_closed' - commit 6b9663e - blacklist.conf: Append 'drm/amd/display: Fix memory leak in dcn21_clock_source_create' - commit 6b379f0 - blacklist.conf: Append 'drm/amdkfd: Fix GWS queue count' - commit c194bfe - KVM: nVMX: Abide to KVM_REQ_TLB_FLUSH_GUEST request on nested vmentry/vmexit (git-fixes). - commit 1516756 - blacklist.conf: Append 'drm/amdgpu/smu10: fix SoC/fclk units in auto mode' - commit 6e963ac - arm64: Add support for user sub-page fault probing (git-fixes) Update patch and enable CONFIG_ARCH_HAS_SUBPAGE_FAULTS=y on aarch64 - commit 89d500c - blacklist.conf: Append 'drm/vmwgfx: Disable command buffers on svga3 without gbobjects' - commit bf4ec77 - blacklist.conf: Append 'drm/vmwgfx: Initialize drm_mode_fb_cmd2' - commit 8d00ddf - KVM: nVMX: Flush current VPID (L1 vs. L2) for KVM_REQ_TLB_FLUSH_GUEST (git-fixes). - commit f91c8b4 - mm: Add fault_in_subpage_writeable() to probe at sub-page granularity (git-fixes) - commit 0e4c9cb - KVM: x86/mmu: Pass parameter flush as false in kvm_tdp_mmu_zap_collapsible_sptes() (git-fixes). - commit 6eef8ef - KVM: x86/mmu: Skip tlb flush if it has been done in zap_gfn_range() (git-fixes). - commit d1f24d4 - drm/msm/disp/dpu1: set mdp clk to the maximum frequency in opp table (bsc#1190768) - commit 6e3b46b - drm/msm/dp: tear down main link at unplug handle immediately (bsc#1190768) - commit e399f83 - drm/msm/dp: stop event kernel thread when DP unbind (bsc#1190768) - commit ff84c19 - drm/msm/dpu: fix error check return value of irq_of_parse_and_map() (bsc#1190768) - commit 7e0c8c4 - drm/msm: remove unused plane_property field from msm_drm_private (bsc#1190768) - commit e9be256 - drm/msm: properly add and remove internal bridges (bsc#1190768) - commit 5c122fe - drm/mediatek: Add vblank register/unregister callback functions (bsc#1190768) - commit ab7ec76 - KVM: x86/mmu: Fix TLB flush range when handling disconnected pt (git-fixes). - commit 42fd30b - stm: ltdc: fix two incorrect NULL checks on list iterator (bsc#1190786) - commit 9331eed - drm: bridge: icn6211: Fix HFP_HSW_HBP_HI and HFP_MIN handling (bsc#1190786) - commit ad47bc7 - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (bsc#1190786) - commit 9c50bd8 - KVM: x86: Assume a 64-bit hypercall for guests with protected state (git-fixes). - commit 46850e9 - KVM: x86: Fix uninitialized eoi_exit_bitmap usage in vcpu_load_eoi_exitmap() (git-fixes). - commit ea06bd8 - KVM: x86: SVM: don't set VMLOAD/VMSAVE intercepts on vCPU reset (git-fixes). - commit d06006c - KVM: x86/mmu: Complete prefetch for trailing SPTEs for direct, legacy MMU (git-fixes). - commit e82d899 - KVM: x86: Do not mark all registers as avail/dirty during RESET/INIT (git-fixes). - commit deab733 - KVM: X86: Synchronize the shadow pagetable before link it (git-fixes). - commit d4b3446 - KVM: X86: Fix missed remote tlb flush in rmap_write_protect() (git-fixes). - commit 7edc84d - KVM: x86: nSVM: test eax for 4K alignment for GP errata workaround (git-fixes). - commit f6a065f - KVM: x86: nSVM: restore the L1 host state prior to resuming nested guest on SMM exit (git-fixes). - commit 44bc62d - kvm: fix wrong exception emulation in check_rdtsc (git-fixes). - commit 1c5ae50 - KVM: VMX: Remove defunct "nr_active_uret_msrs" field (git-fixes). - commit 1a24800 - KVM: x86: Mark all registers as avail/dirty at vCPU creation (git-fixes). - commit 1f6eceb - KVM: SVM: Emulate #INIT in response to triple fault shutdown (git-fixes). - commit 676f374 - KVM: VMX: Refresh list of user return MSRs after setting guest CPUID (git-fixes). - commit 61c5fcd - KVM: VMX: Skip pointless MSR bitmap update when setting EFER (git-fixes). - commit e1674de - KVM: nVMX: Do not clear CR3 load/store exiting bits if L1 wants 'em (git-fixes). - commit 1cee451 - KVM: VMX: Fold ept_update_paging_mode_cr0() back into vmx_set_cr0() (git-fixes). - commit f10ca89 - KVM: VMX: Invert handling of CR0.WP for EPT without unrestricted guest (git-fixes). - commit f9e5a47 - KVM: x86: Don't force set BSP bit when local APIC is managed by userspace (git-fixes). - commit 7c46a7f - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - commit 611cd52 - lockdown: kABI workaround for lockdown_reason changes (bsc#1199426 CVE-2022-21499). - commit 972b043 ++++ libselinux: - Added restorecon_pin_file.patch. Fixes issus when running fixfiles/restorecon ------------------------------------------------------------------ ------------------ 2022-5-30 - May 30 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - init: call time_init() before rand_initialize() (git-fixes). - Fix double fget() in vhost_net_set_backend() (git-fixes). - commit 4401121 - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - commit abc77e7 - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - commit 397eb16 - gen_init_cpio: fix short read file handling (bsc#1193289). - initramfs: Check timestamp to prevent broken cpio archive (bsc#1193289). - commit b52895d - KVM: x86/speculation: Disable Fill buffer clear within guests (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/speculation/srbds: Update SRBDS mitigation selection (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/speculation: Add a common function for MD_CLEAR mitigation update (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - Documentation: Add documentation for Processor MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - commit 426a83d - hide appended member supports_dynamic_smps_6ghz (git-fixes). - commit f872210 - gup: Turn fault_in_pages_{readable,writeable} into fault_in_{readable,writeable} (git-fixes). - commit 413bfcd - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - commit 9697600 - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - commit 3121010 - lockdown: also lock down previous kgdb use (bsc#1199426 CVE-2022-21499). - commit 251570d - dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - commit 2fd937f ++++ openssl-1_1: - Security fix: [bsc#1199166, CVE-2022-1292] * Added: openssl-CVE-2022-1292.patch * properly sanitise shell metacharacters in c_rehash script. ++++ libzypp: - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh. - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived. (bsc#1199042) - singletrans: no dry-run commit if doing just download-only. - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER (fixes #388) - version 17.30.1 (22) ++++ mdadm: - resource RAID failed during cluster patch, Mdadm gets floating point error (bsc#1197158) 1004-mdadm-super1-restore-commit-45a87c2f31335-to-fix-clu.patch ------------------------------------------------------------------ ------------------ 2022-5-29 - May 29 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes). - pinctrl: renesas: r8a779a0: Fix GPIO function on I2C-capable pins (git-fixes). - pinctrl: tegra: tegra194: drop unused pin groups (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: mediatek: mt8195: enable driver on mtk platforms (git-fixes). - commit 00278c6 ++++ libmbim: - update to 1.26.4: * meson: force building doc on normal builds, not only during install. * meson: fix 'export_packages' in GIR setup. * compat: deprecate the MbimLteAttachStatus type. * net-port-manager: use unaligned netlink attribute length. * include MBIM proxy control service in docs. * codegen: add section doc for each service. * utils: add missing short description in section. * compat: add missing MbimLteAttachStatus doc. * device: add missing mbim_device_list_links() doc. * device: fix MbimDevice 'device-in-session' property doc. * version: add missing MBIM_CHECK_VERSION() documentation. * device: fix wrong reference to QmiDevice * Several other minor improvements and fixes. ++++ mozilla-nspr: - update to version 4.34 * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. ------------------------------------------------------------------ ------------------ 2022-5-28 - May 28 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - crypto: cryptd - Protect per-CPU resource by disabling BH (git-fixes). - crypto: sun8i-ss - handle zero sized sg (git-fixes). - crypto: sun8i-ss - rework handling of IV (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: marvell/cesa - ECB does not IV (git-fixes). - crypto: x86 - eliminate anonymous module_init & module_exit (git-fixes). - commit e9656ce - hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (git-fixes). - mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: imx: scu: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - clk: imx: Add check for kcalloc (git-fixes). - clk: tegra: Add missing reset deassertion (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: microchip: Fix potential race in interrupt handling (git-fixes). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3 (git-fixes). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - commit f5e4e29 - Watchdog: sp5100_tco: Enable Family 17h+ CPUs (bsc#1199260). - Watchdog: sp5100_tco: Add initialization using EFCH MMIO (bsc#1199260). - Watchdog: sp5100_tco: Refactor MMIO base address initialization (bsc#1199260). - Watchdog: sp5100_tco: Move timer initialization into function (bsc#1199260). - watchdog: sp5100_tco: Add support for get_timeleft (bsc#1199260). - commit 5a67b91 ------------------------------------------------------------------ ------------------ 2022-5-27 - May 27 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ARM: ftrace: avoid redundant loads or clobbering IP (git-fixes). - atomics: Fix atomic64_{read_acquire,set_release} fallbacks (git-fixes). - atm: eni: Add check for dma_map_single (git-fixes). - ARM: dts: qcom: sdx55: fix IPA interconnect definitions (git-fixes). - commit 1131a46 - Update patch reference for libata fix (bsc#1118212). - commit 6d39ca9 - platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls (git-fixes). - platform/chrome: cros_ec: fix error handling in cros_ec_register() (git-fixes). - soc: qcom: llcc: Add MODULE_DEVICE_TABLE() (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: bcm: Check for NULL return of devm_kzalloc() (git-fixes). - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - wilc1000: fix crash observed in AP mode with cfg80211_register_netdevice() (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - usb: gadget: fix race when gadget driver register via ioctl (git-fixes). - nl80211: fix locking in nl80211_set_tx_bitrate_mask() (git-fixes). - nl80211: validate S1G channel width (git-fixes). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: sun6i: Fix time overflow handling (git-fixes). - rtc: pcf2127: fix bug when reading alarm registers (git-fixes). - rtc: fix use-after-free on device removal (git-fixes). - vhost_vdpa: don't setup irq offloading when irq_num < 0 (git-fixes). - commit 4e4f201 - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_ffa: Remove incorrect assignment of driver_data (git-fixes). - firmware: arm_ffa: Fix uuid parameter to ffa_partition_probe (git-fixes). - memory: samsung: exynos5422-dmc: Avoid some over memory allocation (git-fixes). - dt-bindings: arm: bcm: fix BCM53012 and BCM53016 SoC strings (git-fixes). - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - gma500: fix an incorrect NULL check on list iterator (git-fixes). - dt-bindings: display: sitronix, st7735r: Fix backlight in example (git-fixes). - mt76: do not attempt to reorder received 802.3 packets without agg session (git-fixes). - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (git-fixes). - NFC: NULL out the dev->rfkill to prevent UAF (git-fixes). - dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - Input: add bounds checking to input_set_capability() (git-fixes). - i2c: piix4: Enable EFCH MMIO for Family 17h+ (git-fixes). - i2c: piix4: Add EFCH MMIO support for SMBus port select (git-fixes). - i2c: piix4: Add EFCH MMIO support to SMBus base address detect (git-fixes). - i2c: piix4: Add EFCH MMIO support to region request and release (git-fixes). - i2c: piix4: Move SMBus port selection into function (git-fixes). - i2c: piix4: Move SMBus controller base address detect into function (git-fixes). - i2c: piix4: Move port I/O region request/release code into functions (git-fixes). - i2c: piix4: Replace hardcoded memory map size with a #define (git-fixes). - kernel/resource: Introduce request_mem_region_muxed() (git-fixes). - commit a0726ce - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/dp: do not stop transmitting phy test pattern during DP phy compliance test (git-fixes). - drm/msm/dp: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - commit 8d4668b - drm/mediatek: dpi: Use mt8183 output formats for mt8192 (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/amd/display: DCN3.1: don't mark as kernel-doc (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - commit 9404954 - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/vc4: txp: Don't set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm: sti: don't use kernel-doc markers (git-fixes). - drm/vc4: hvs: Fix frame count register readout (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm: bridge: icn6211: Fix register layout (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm/edid: fix invalid EDID extension block filtering (git-fixes). - commit 57ac012 - ARM: dts: aspeed: Add secure boot controller node (git-fixes). - Refresh patches.suse/ARM-dts-aspeed-Add-video-engine-to-g6.patch. - commit 7366c1a - drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - drivers/base/node.c: fix compaction sysfs file leak (git-fixes). - ARM: omap1: ams-delta: remove camera leftovers (git-fixes). - arm: mediatek: select arch timer for mt7629 (git-fixes). - arm64: dts: mt8192: Fix nor_flash status disable typo (git-fixes). - arm64: dts: marvell: espressobin-ultra: enable front USB3 port (git-fixes). - arm64: dts: marvell: espressobin-ultra: fix SPI-NOR config (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes). - ARM: dts: imx6dl-colibri: Fix I2C pinmuxing (git-fixes). - ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks (git-fixes). - arm64: dts: qcom: qrb5165-rb5: Fix can-clock node name (git-fixes). - arm64: dts: qcom: ipq8074: fix the sleep clock frequency (git-fixes). - arm64: dts: qcom: sm8250: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: sdm845: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: msm8996: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: msm8916-huawei-g7: Clarify installation instructions (git-fixes). - arm64: dts: qcom: pmr735a: stop depending on thermal_zones label (git-fixes). - arm64: dts: qcom: pm8350c: stop depending on thermal_zones label (git-fixes). - arm64: dts: qcom: msm8996: remove snps,dw-pcie compatibles (git-fixes). - arm64: dts: qcom: sdm845: remove snps,dw-pcie compatibles (git-fixes). - arm64: dts: qcom: sdm845-db845c: add wifi variant property (git-fixes). - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes). - arm64: dts: ti: k3-am64-mcu: remove incorrect UART base clock rates (git-fixes). - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes). - arm64: tegra: Add missing DFLL reset on Tegra210 (git-fixes). - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes). - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes). - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes). - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes). - ARM: dts: stm32: Fix PHY post-reset delay on Avenger96 (git-fixes). - ARM: dts: s5pv210: Correct interrupt name for bluetooth in Aries (git-fixes). - ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe (git-fixes). - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm: bridge: it66121: Fix the register page length (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - Bluetooth: use hdev lock for accept_list and reject_list in conn req (git-fixes). - Bluetooth: use hdev lock in activate_scan for hci_is_adv_monitoring (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - ath11k: Don't check arvif->is_started before sending management frames (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - ath11k: acquire ab->base_lock in unassign when finding the peer by addr (git-fixes). - can: xilinx_can: mark bit timing constants as const (git-fixes). - docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes). - drm/i915/dmc: Add MMIO range restrictions (git-fixes). - arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (git-fixes). - ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (git-fixes). - commit 31708da ++++ systemd: - fix parsing error in s390 udev rules conversion script (bsc#1198732) ++++ u-boot-rpiarm64: Fix vulnerability in NFS, CVE-2022-30767 (bsc#1199623) Patch queue updated from https://github.com/openSUSE/u-boot.git sle15-sp4 * Patches added: 0018-net-nfs-Fix-CVE-2022-30767-old-CVE-.patch ------------------------------------------------------------------ ------------------ 2022-5-26 - May 26 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - kernel-binary.spec: Support radio selection for debuginfo. To disable debuginfo on 5.18 kernel a radio selection needs to be switched to a different selection. This requires disabling the currently active option and selecting NONE as debuginfo type. - commit 43b5dd3 - perf: Fix sys_perf_event_open() race against self (bsc#1199507,CVE-2022-1729). - commit 25fb716 ------------------------------------------------------------------ ------------------ 2022-5-25 - May 25 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - supported.conf: mark pfuze100 regulator as supported (bsc#1199909) - commit 4c36b1c - ext4: avoid cycles in directory h-tree (bsc#1198577 CVE-2022-1184). - commit b38a01b - ext4: verify dir block before splitting it (bsc#1198577 CVE-2022-1184). - commit bca7951 - net: phy: correct spelling error of media in documentation (git-fixes). - commit f65b389 - media: rkvdec: h264: Fix bit depth wrap in pps packet (git-fixes). - media: rkvdec: h264: Fix dpb_valid implementation (git-fixes). - media: i2c: ov5648: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: hantro: HEVC: Fix tile info buffer value computation (git-fixes). - media: atmel: atmel-sama5d2-isc: fix wrong mask in YUYV format check (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: i2c: rdacm2x: properly set subdev entity function (git-fixes). - media: atmel: atmel-isc: Fix PM disable depth imbalance in atmel_isc_probe (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: hantro: Empty encoder capture buffers by default (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - ACPI: property: Release subnode properties with data nodes (git-fixes). - thermal: devfreq_cooling: use local ops instead of global ops (git-fixes). - thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe (git-fixes). - thermal/core: Fix memory leak in __thermal_cooling_device_register() (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - thermal/drivers/bcm2711: Don't clamp temperature at zero (git-fixes). - PM: domains: Fix initialization of genpd's next_wakeup (git-fixes). - HID: amd_sfh: Modify the hid name (git-fixes). - HID: amd_sfh: Modify the bus name (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: qcom-qspi: Add minItems to interconnect-names (git-fixes). - regulator: scmi: Fix refcount leak in scmi_regulator_probe (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - regulator: da9121: Fix uninit-value in da9121_assign_chip_model() (git-fixes). - regulator: qcom_smd: Fix up PM8950 regulator configuration (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - mtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe() (git-fixes). - mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe() (git-fixes). - mtd: rawnand: denali: Use managed device resources (git-fixes). - mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - hwmon: (pmbus) Check PEC support before reading other registers (git-fixes). - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - arm64: stackleak: fix current_top_of_stack() (git-fixes). - random: wire up fops->splice_{read,write}_iter() (git-fixes). - scripts/faddr2line: Fix overlapping text section failures (git-fixes). - commit 6d8fda5 - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - commit c3331af ++++ libqmi: - Enable QRTR support ++++ installation-images-LeapMicro: - rename the SLE Micro -release package (bsc#1199911) - 16.57.21 ------------------------------------------------------------------ ------------------ 2022-5-24 - May 24 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Fold NetworkManager-wifi back into the main package: The dep chain is not really different and it causes too many problems for users having that split. Not worth the pain (boo#1199710, boo#1199706). - As a consequence, also drop the recommends fro the main package to -wifi. ++++ python-kiwi: - Remove mailmap so email is not updated for old changelog entries in IBS Signed-off-by: David Cassany ++++ kernel-default: - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - commit 6d101b3 - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - commit b108057 - Add cherry-picked IDs to x86 platform drivers - commit e43dfb1 - arm64: fix types in copy_highpage() (git-fixes). - tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (git-fixes). - platform/x86: intel-hid: fix _DSM function index handling (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-scu-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - commit 5e96a09 ++++ patterns-microos: - bump version to 5.3.0 ++++ qemu: - Get rid of downstream patches breaking s390 modules. Replace them with the upstream proposed and Acked (but never committed) solution (bsc#1199015) * Patches added: modules-generates-per-target-modinfo.patch modules-introduces-module_kconfig-direct.patch * Patches dropped: Fix-the-module-building-problem-for-s390.patch modules-quick-fix-a-fundamental-error-in.patch ++++ rust-keylime: - Update to version 0.1.0+git.1653314004.ceda2ec: * Skip serialization of optional fields * Make support for legacy python revocation actions optional * main: Do not try to load CA cert if mTLS is disabled * CI: Add packit to run end-to-end tests * GNUmakefile: Install shim.py * Add service for secure mount * secure_mount: Do not try to give ownership to root * secure_mount: Rewrite check_mount() * main: Ignore original ownership when unzipping files * Drop privileges to run as normal user and group * main: Mount secure mount before dropping the privileges * main: Open files that require privilege at the beginning * quotes_handler: Fix measured boot list encoding * Fix typo in config_get() * Add option to disable mTLS * Update actix-web to 4, remove tokio 0.2 dependencies * crypto: Add helper function to convert public key to PEM string * Add ansasaki as maintainer ++++ toolbox: - bump the container version to 5.3 ------------------------------------------------------------------ ------------------ 2022-5-23 - May 23 2022 ------------------- ------------------------------------------------------------------ ++++ bash-completion: - Add patch bsc1199724-modules.patch (bsc#1199724) * Enable upstream commit to list ko.zst modules as well ++++ python-kiwi: - Bump version up to v9.24.36 This version includes fixes for: * Preserve LABEL setting (#2108) Preserve the LABEL= setting when the grub config file is re-generated. the GRUB_ENABLE_LINUX_LABEL setting does not exists upstream and not in any SUSE distribution. Set the grub setting such that LABEL is preserved on SUSE distros. (bsc#1197616) * Add ensure_empty_tmpdirs option for OCI containers (bsc#1197783) Since #1759 was merged, the contents of /run/ and /tmp/ are excluded from built images. This causes problems for some containers, notably Ceph when deployed in a Rook/k8s environment, which needs to have certain directories present inside /run/. This commit adds the ability to return to the previous behaviour and *not* empty those temporary directories, if you specify . Fixes: https://github.com/OSInside/kiwi/issues/2093 Signed-off-by: Tim Serong * Set /.snapshots subvolume to mode 0700 (bsc#1194992) Avoid that users other than root can enter or even change the content. This is what snapper does as well. ++++ kernel-default: - io_uring: kill extra checks in io_write() (bsc#1198968 CVE-2022-1508). - Revert "iov_iter: track truncated size" (bsc#1198968 CVE-2022-1508). - io_uring: use iov_iter state save/restore helpers (bsc#1198968 CVE-2022-1508). - iov_iter: add helper to save iov_iter state (bsc#1198968 CVE-2022-1508). - io_uring: reexpand under-reexpanded iters (bsc#1198968 CVE-2022-1508). - iov_iter: track truncated size (bsc#1198968 CVE-2022-1508). - commit edd86da - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (git-fixes). - i40e: i40e_main: fix a missing check on list iterator (git-fixes). - ice: fix PTP stale Tx timestamps cleanup (git-fixes). - ice: clear stale Tx queue settings before configuring (git-fixes). - ionic: fix missing pci_release_regions() on error in ionic_probe() (git-fixes). - net: sfc: fix memory leak due to ptp channel (git-fixes). - commit ed6f157 - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - commit 55b24a6 - Update patch reference for crypto fix (bsc#1197601) - commit 0c89071 - Add dtb-starfive - commit 85335b1 - Update patch references for ax25 fixes (CVE-2022-1204 bsc#1198025) - commit c6e9ba8 - Update kabi files from the GMC submitted kernel. - commit b4bebf4 - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - commit c85ed92 - blacklist.conf: riscv architecture not supported. - commit 89f6518 - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - commit fafa813 ++++ ceph: - Update to 16.2.9.50-g7d9f12156fb: + (jsc#SES-2515) High-availability NFS export + (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname + (bsc#1196785) cephadm: avoid crashing on expected non-zero exit + (bsc#1187748) When an RBD is mapped, it is attempted to be deployed as an OSD. ++++ osinfo-db: - Update to database version 20220516 osinfo-db-20220516.tar.xz ++++ podman: - Backport upstream commit be5abf03ababc ("fix: Container.cGroupPath() skip empty line to avoid false error logging") for fixing "Error parsing cgroup: expected 3 fields but got 1" (see bsc#1199790, as it applies to Factory/Tumbleweed too) * 0004-fix-Container.cGroupPath-skip-empty-line-to-avoid-fa.patch ++++ qemu: - Fix bsc#1198712, CVE-2022-26354 - Fix bsc#1198711, CVE-2022-26353 * Patches added: vhost-vsock-detach-the-virqueue-element-.patch virtio-net-fix-map-leaking-on-error-duri.patch - Fix bsc#1198037, CVE-2021-4207 - Fix bsc#1198035, CVE-2021-4206 * Patches added: display-qxl-render-fix-race-condition-in.patch ui-cursor-fix-integer-overflow-in-cursor.patch - Backport a GCC 12 aarch64 build fix (bsc#1199625) * Patches added: block-qdict-Fix-Werror-maybe-uninitializ.patch ++++ runc: - Backport to fix issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. bsc#1192051 bsc#1199565 + bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch ++++ systemd-presets-common-SUSE: - enable ignition-delete-config by default (bsc#1199524) ++++ virt-manager: - Change dependency on package xorriso to Requires from Recommends virt-manager.spec ------------------------------------------------------------------ ------------------ 2022-5-22 - May 22 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/tsx: Use MSR_TSX_CTRL to clear CPUID bits (bsc#1190497). - commit 4a1b622 - Input: ili210x - fix reset timing (git-fixes). - commit 36d87dd ------------------------------------------------------------------ ------------------ 2022-5-21 - May 21 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - arm64: mte: Ensure the cleared tags are visible before setting the PTE (git-fixes). - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (git-fixes). - commit 11e974a - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - commit f88b8c8 ++++ libqrtr-glib: - Initial package version 1.2.2 ------------------------------------------------------------------ ------------------ 2022-5-20 - May 20 2022 ------------------- ------------------------------------------------------------------ ++++ cups: - cups-2.2.7-CVE-2022-26691.patch fixes CVE-2022-26691 cups: authentication bypass and code execution (bsc#1199474) ++++ kernel-default: - bfq: Allow current waker to defend against a tentative one (bsc#1195915). - commit e1ca6b5 - bfq: Relax waker detection for shared queues (bsc#1184318). - commit 4c2bfe4 - ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (git-fixes). - ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (git-fixes). - pinctrl: mediatek: mt8365: fix IES control pins (git-fixes). - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - Revert "can: m_can: pci: use custom bit timings for Elkhart Lake" (git-fixes). - ARM: dts: aspeed: Add video engine to g6 (git-fixes). - ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (git-fixes). - ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (git-fixes). - commit 96fd919 ++++ mozilla-nss: - Update nss-fips-constructor-self-tests.patch to scan LD_LIBRARY_PATH for external libraries to be checksummed. ++++ selinux-policy: - Update to version 20220520 to pass stricter 3.4 toolchain checks - Update to version 20220428. Refreshed: * fix_apache.patch * fix_hadoop.patch * fix_init.patch * fix_iptables.patch * fix_kernel_sysctl.patch * fix_networkmanager.patch * fix_systemd.patch * fix_systemd_watch.patch * fix_unprivuser.patch * fix_usermanage.patch * fix_wine.patch ------------------------------------------------------------------ ------------------ 2022-5-19 - May 19 2022 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - Update to version 10.0.4 (bsc#1199668) - Store the update server certs in the /etc path instead of /usr to accomodate read only setup of SLE-Micro ++++ cockpit-tukit: - Update to version 0.0.3~git6.03c747e: * Hide snapshot item extension part * Change help URL to official docs * Mention node_modules.sums in spec sources * Use compression for source archive ++++ gtk3: - Update to version 3.24.34: + Include legacy hicolor icons. + Fix the build with gcc 12. + X11: Trap errors when getting output properties. + Wayland: Ignore empty preedit updates. This fixes a problem with textview scrolling. + Updated translations. ++++ kernel-default: - kABI: Fix kABI after CVE-2022-0171 backport (bsc#1199509, CVE-2022-0171). - commit 62ff370 - KVM: SEV: add cache flush to solve SEV cache incoherency issues (CVE-2022-0171 bsc#1199509). - KVM: SVM: Flush when freeing encrypted pages even on SME_COHERENT CPUs (CVE-2022-0171 bsc#1199509). - KVM: SVM: Simplify and harden helper to flush SEV guest page(s) (CVE-2022-0171 bsc#1199509). - commit 156e44b - ath11k: set correct NL80211_FEATURE_DYNAMIC_SMPS for WCN6855 (git-fixes). - commit b348fc5 - ping: remove pr_err from ping_lookup (bsc#1195826). - commit bf5e056 - patches.suse/ping-fix-the-dif-and-sdif-check-in-ping_lookup.patch: (bsc#1195826). - commit e08cccf - KVM: x86: SVM: fix avic spec based definitions again (bsc#1193823 jsc#SLE-24549). - commit 74e3031 - KVM: x86: SVM: move avic definitions from AMD's spec to svm.h (bsc#1193823 jsc#SLE-24549). - Refresh patches.suse/kvm-svm-allow-avic-support-on-system-w-physical-apic-id-255. - commit 697f911 - pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes). - ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: usb-audio: Don't get sample rate for MCT Trigger 5 USB-to-HDMI (git-fixes). - commit 36ccd50 ++++ logrotate: - Security fix: (bsc#1199652, CVE-2022-1348) * insecure permissions for state file creation * Added patch logrotate-CVE-2022-1348.patch * Added patch logrotate-CVE-2022-1348-follow-up.patch ++++ salt: - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Added: * make-sure-saltcacheloader-use-correct-fileclient-519.patch ++++ selinux-policy: - Add fix_dnsmasq.patch to fix problems with virtualization on Microos (bsc#1199518) ------------------------------------------------------------------ ------------------ 2022-5-18 - May 18 2022 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - Add patch git-46-78b2a0b29381c16bec6b2a8fc7eabaa9925782d7.patch * The wrapper rootsh is not a restricted shell (bsc#1199492) ++++ ignition: - Update to version 2.14.0: * NEWS: update v2.14.0 * docs/operator-notes: add section on provisioning secrets * Dockerfile.validate: build with Fedora 36 * internal/resource: fix gs:// fetches in GCE without a service account * docs/operator-notes: document supported S3 URL formats * internal/resource: fix S3 access point object ARNs * exec/util: fix infinite loop in Depth() if -root is relative * Add ignition-delete-config.service and ignition-rmcfg symlink * providers/virtualbox: support deleting Ignition configs * providers/virtualbox: add comment referencing VirtualBox source * providers/virtualbox: add define for GUEST_PROP_FN_GET_PROP * providers/virtualbox: add helper to set up hypervisor connection * providers/vmware: support deleting Ignition configs * main: add ignition-rmcfg multicall binary * go.mod: add github.com/beevik/etree * providers/vmware: switch to internal copy of OVF parser * internal/resource: fix bucket field in error message * internal/resource: derive AWS region hint from ARN partition field * internal/resource: simplify test * internal/resource: fix minor nits * provider/azure: try to fetch userdata from IMDS * providers/vmware: convert OVF tests to testify * providers/vmware: drop vmw-ovflib docs * providers/vmware: add verbatim copy of vmw-ovflib * providers/vmware: add constants for guestinfo and OVF property names * providers/virtualbox: fix reading properties with flags * internal/resource: support S3 access point URLs - Update fixes CVE from [bsc#1199524]; this introduces a new service "ignition-delete-config.service" - Add ignition-rmcfg-suse.conf dropin to adapt to SUSE environment - Use fixed paths in spec file for hardcoded installation paths ++++ kernel-default: - floppy: use a statically allocated error counter (bsc#1199063 CVE-2022-1652). - commit 4b74f1a - rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046) - commit 014dc39 - firmware_loader: use kernel credentials when reading firmware (git-fixes). - fsl_lpuart: Don't enable interrupts too early (git-fixes). - USB: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - USB: serial: option: add Fibocom MA510 modem (git-fixes). - USB: serial: option: add Fibocom L610 modem (git-fixes). - USB: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: gadget: uvc: allow for application to cleanly shutdown (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map (git-fixes). - virtio: fix virtio transitional ids (git-fixes). - ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes). - virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing (git-fixes). - vhost/vsock: fix incorrect used length reported to the guest (git-fixes). - usb: gadget: uvc: rename function to be more consistent (git-fixes). - commit fe9e2eb - x86/cpufeatures: Re-enable ENQCMD (jsc#SLE-24350). - commit 5e2f529 - x86/traps: Demand-populate PASID MSR via #GP (jsc#SLE-24350). - commit 4781c47 - sched/pasid: Add a kABI workaround (jsc#SLE-24350). - commit dbf1a79 - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - commit 6ed0188 - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - commit 4978658 - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - commit adcbd88 - netfilter: conntrack: move synack init code to helper (bsc#1199035). - commit dbb9a48 - sched: Define and initialize a flag to identify valid PASID in the task (jsc#SLE-24350). - commit d568a79 - drm/amd/display: Fix OLED brightness control on eDP (git-fixes). - Refresh patches.suse/drm-amd-display-For-vblank_disable_immediate-check-P.patch. - commit 4d8e6ac - amd/display: set backlight only if required (git-fixes). - drm/amdgpu/display: add support for multiple backlights (git-fixes). - commit 5048ab0 - Revert "PCI: aardvark: Rewrite IRQ code to chained IRQ handler" (git-fixes). - drm/vmwgfx: Fix fencing on SVGAv3 (git-fixes). - commit 9dd5801 ++++ regionServiceClientConfigAzure: - Update to version 2.0.0 (bsc#1199668) + Move the certs to /usr from /var to accomodate ro filesystem of SLE-Micro + Fix source url in spec file ++++ regionServiceClientConfigEC2: - Update to version 4.0.0 (bsc#1199668) + Move cert location to usr form var to accomodate ro filesystem of SLE-Micro + Fix source location in spec file ++++ regionServiceClientConfigGCE: - Update to version 4.0.0 (bsc#1199668) + Move the cert location to /usr for compatibility with ro setup of SLE-Micro + Fix url in spec file to pint to the proper location of the source ------------------------------------------------------------------ ------------------ 2022-5-17 - May 17 2022 ------------------- ------------------------------------------------------------------ ++++ cifs-utils: - Update to version 6.15 * CVE-2022-27239: mount.cifs: fix length check for ip option parsing Previous check was true whatever the length of the input string was, leading to a buffer overflow in the subsequent strcpy call (bsc#1197216). * mount.cifs: fix verbose messages on option parsing (bsc#1198976, CVE-2022-29869) ++++ transactional-update: - Version 4.0.0~rc4 - Fix building with GCC 12 - Fix stack overflow with very long commands / ids [bsc#1196149] - Use separate mount namespace for chroot, allowing overwriting the bind mounts from the update environment - this could have lead to data loss of the bind mount previously - Fix C error and exception handling for snapshots ++++ kernel-default: - x86/fpu: Clear PASID when copying fpstate (jsc#SLE-24350). - commit eb47ef3 - iommu/sva: Assign a PASID to mm on PASID allocation and free it on mm exit (jsc#SLE-24350). - commit e8fad46 - blacklist.conf: Add c923a8e7edb0 ucounts: Move RLIMIT_NPROC handling after set_user - commit 142ab90 - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - Refresh patches.suse/sched-Fix-yet-more-sched_fork-races.patch. - commit 0267df3 - supported.conf: Support TPM TIS SPI driver (jsc#SLE-24093) - commit 592ff0f - blacklist.conf: Add e7f7c99ba911 signal: In get_signal test for signal_group_exit every time through the loop - commit 4c1d7db - kernel/fork: Initialize mm's PASID (jsc#SLE-24350). - commit bc001ee - iommu/ioasid: Introduce a helper to check for valid PASIDs (jsc#SLE-24350). - commit 8324e83 - mm: Change CONFIG option for mm->pasid field (jsc#SLE-24350). - Refresh patches.suse/0003-kabi-Add-placeholders-to-a-couple-of-important-struc.patch. - commit bfc2f16 - ceph: fix setting of xattrs on async created inodes (bsc#1199611). - commit 8d5da3b - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (CVE-2022-1734 bsc#1199605). - commit cf1c6a1 - iommu/sva: Rename CONFIG_IOMMU_SVA_LIB to CONFIG_IOMMU_SVA (jsc#SLE-24350). - commit 07baf00 - nfs: fix broken handling of the softreval mount option (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - Revert "SUNRPC: Ensure gss-proxy connects on setup" (git-fixes). - commit ff62e52 - Add duplicated commit id for drm amdgpu patch - commit 5990a24 - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - Refresh patches.kabi/NFS-pass-cred-explicitly-for-access-tests.patch. - commit b92e1de ++++ gcc12: - Update to gcc-12 branch head, 325d82b08696da17fb26bd2e1b6b, git78 ++++ wpa_supplicant: - Enable WPA3-Enterprise (SuiteB-192) support. ------------------------------------------------------------------ ------------------ 2022-5-16 - May 16 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.38.0: + Add support for route type "throw". + Fix bug setting priority for IP addresses. + Static IPv6 addresses from "ipv6.addresses" are now preferred over addresses from DHCPv6, which are preferred over addresses from autoconf. This affects IPv6 source address selection, if the rules from RFC 6724, section 5 don't give a exhaustive match. + Static IPv6 addresses from "ipv6.addresses" are now interpreted with first address being preferred. Their order got inverted. This is now consistent with IPv4. + Wi-Fi hotspots will use a (stable) random channel number unless one is chosen manually. + Don't use unsupported SAE/WPA3 mode for AP mode. + NetworkManager will no longer advertise frequencies as supported when they're disallowed in configured regulatory domain. + Attempt to connect to WEP-encrypted Wi-Fi network will now fail gracefully with a recent version of wpa_supplicant when built without WEP support. As long as wpa_supplicant supports WEP, NetworkManager will continue to work. + Disable WPA3 transition mode for wifi.key-mgmt=wpa-psk if the NIC does not support PMF. This is known to cause problems in some setups. It is still possible to explicitly configure wifi.key-mgmt=sae for WPA3. + Add new dummy crypto backend "null" that does nothing. NetworkManager uses the crypto library when handling certificates for 802.1x profiles. + Veth devices with name "eth*" are now managed by default via the udev rule. This is to support managing the network in LXD containers. + The hostname received from DHCP is now shortened to the first dot (or to 64 characters, whatever comes first) if it's too long. + As the insecure WEP encryption for Wi-Fi network is phased out, nmcli now discourages its use when activating or modifying a profile. + Fix connectivity checks in case the check endpoint address resolves to multiple addresses. + Workaround libcurl blocking NetworkManager while resolving DNS names. + nmcli: indicate missing Wi-Fi hardware when showing rfkill setting. + nmcli: add connection migrate command to move a profile to a specified settings plugin. This allows to convert profiles in the deprecated ifcfg-rh format to keyfile. + Set "src" attribute for routes from DHCPv4 to the leased address. This helps with source address selection. + Various bugfixes and internal improvements. + Updated translations. - Recommend NetworkNanager-wifi from the main package: after the split, there is currently nothing pulling in NM-wifi. Preferably this would happen based on wifi chips prsence, but that is not yet done (boo#1199550). ++++ glibc: - selinux-deprecated.patch: Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - systemtap-altmacro.patch: i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718, BZ #28771) ++++ kernel-default: - blacklist.conf: prerequisites not met - commit 8a4463e - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - commit 32ee880 - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - commit 01f31f9 - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - commit 05db5c9 - Update patch reference for mmc fix (CVE-2022-20008 bsc#1199564). - commit 411e099 - drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems (bsc#1190786) - commit e5b4705 - drm/i915: Fix race in __i915_vma_remove_closed (bsc#1190497) - commit 2ceb3f5 - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - usb: typec: tcpci_mt6360: Update for BMC PHY setting (git-fixes). - usb: typec: tcpci: Don't skip cleanup in .remove() on error (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - drm/vc4: hdmi: Fix build error for implicit function declaration (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/vmwgfx: Disable command buffers on svga3 without gbobjects (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - procfs: prevent unprivileged processes accessing fdinfo dir (git-fixes). - arm64: vdso: fix makefile dependency on vdso.so (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - Revert "drm/amd/pm: keep the BACO feature enabled for suspend" (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - commit d82c829 ++++ samba: - Revert NIS support removal; (bsc#1199247); ------------------------------------------------------------------ ------------------ 2022-5-13 - May 13 2022 ------------------- ------------------------------------------------------------------ ++++ open-iscsi: - Set initiatorname in %post (at end of install), for cases where root is read-only at startup time (bsc#1198457) ++++ kernel-default: - bpftool: Remove inclusion of utilities.mak from Makefiles (git-fixes). - bpftool: Fix memory leak in prog_dump() (git-fixes). - libbpf: Free up resources used by inner map definition (git-fixes). - bpf, selftests: Fix racing issue in btf_skc_cls_ingress test (git-fixes). - commit 13701d7 - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (CVE-2022-30594 bsc#1199505 bsc#1198413). - commit 6dae5ac - bpf: Avoid races in __bpf_prog_run() for 32bit arches (git-fixes). - bpftool: Remove useless #include to from map_perf_ring.c (git-fixes). - bpftool: Remove unused includes to (git-fixes). - tools: bpftool: Complete metrics list in "bpftool prog profile" doc (git-fixes). - tools: bpftool: Document and add bash completion for -L, - B options (git-fixes). - tools: bpftool: Update and synchronise option list in doc and help msg (git-fixes). - selftests/bpf: Remove unused variable in tc_tunnel prog (git-fixes). - commit 4f4442f - Add patch reference to seccomp fix (CVE-2022-30594 bsc#1199505 bsc#1198413) Also shorten the patch file name to standard size - commit d6179dc - PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (git-fixes). - Refresh patches.suse/PCI-pci-bridge-emul-Correctly-set-PCIe-capabilities.patch. - commit 3d56076 - rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (git-fixes). - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - net: phy: Fix race condition on link status change (git-fixes). - net: phy: micrel: Pass .probe for KS8737 (git-fixes). - net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (git-fixes). - PCI: aardvark: Update comment about link going down after link-up (git-fixes). - PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (git-fixes). - PCI: aardvark: Don't mask irq when mapping (git-fixes). - PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (git-fixes). - PCI: aardvark: Use separate INTA interrupt for emulated root bridge (git-fixes). - PCI: aardvark: Fix support for PME requester on emulated bridge (git-fixes). - PCI: aardvark: Add support for PME interrupts (git-fixes). - PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (git-fixes). - PCI: aardvark: Add support for ERR interrupt on emulated bridge (git-fixes). - PCI: aardvark: Enable MSI-X support (git-fixes). - PCI: aardvark: Fix setting MSI address (git-fixes). - PCI: aardvark: Add support for masking MSI interrupts (git-fixes). - PCI: aardvark: Refactor unmasking summary MSI interrupt (git-fixes). - PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (git-fixes). - PCI: aardvark: Make msi_domain_info structure a static driver structure (git-fixes). - PCI: aardvark: Make MSI irq_chip structures static driver structures (git-fixes). - PCI: aardvark: Rewrite IRQ code to chained IRQ handler (git-fixes). - PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (git-fixes). - mmc: rtsx: add 74 Clocks in power on flow (git-fixes). - PCI: aardvark: Disable common PHY when unbinding driver (git-fixes). - PCI: aardvark: Disable link training when unbinding driver (git-fixes). - PCI: aardvark: Assert PERST# when unbinding driver (git-fixes). - PCI: aardvark: Fix memory leak in driver unbind (git-fixes). - PCI: aardvark: Mask all interrupts when unbinding driver (git-fixes). - PCI: aardvark: Disable bus mastering when unbinding driver (git-fixes). - PCI: aardvark: Comment actions in driver remove method (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: pci-bridge-emul: Add definitions for missing capabilities registers (git-fixes). - PCI: pci-bridge-emul: Add description for class_revision field (git-fixes). - commit a0fb1d1 - mac80211: Reset MBSSID parameters upon connection (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - batman-adv: Don't skb_split skbuffs with frag_list (git-fixes). - dim: initialize all struct fields (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: meson: Fix event generation for AUI CODEC mux (git-fixes). - ASoC: meson: Fix event generation for AUI ACODEC mux (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (git-fixes). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (git-fixes). - drm/amdgpu: do not use passthrough mode in Xen dom0 (git-fixes). - drm/amdgpu: Ensure HDA function is suspended before ASIC reset (git-fixes). - drm/amdgpu: don't set s3 and s0ix at the same time (git-fixes). - drm/amdgpu: explicitly check for s0ix when evicting resources (git-fixes). - drm/amdgpu: unify BO evicting method in amdgpu_ttm (git-fixes). - commit 0517047 ++++ fribidi: - Add fribidi-CVE-2022-25308.patch: fix a stack overflow (boo#1196147 CVE-2022-25308). - Add fribidi-CVE-2022-25309.patch: protect against garbage in the CapRTL encoder (boo#1196148 CVE-2022-25309). - Add fribidi-CVE-2022-25310.patch: fix a SEGV in fribidi_remove_bidi_marks (boo#1196150 CVE-2022-25310). ++++ libyajl: - add libyajl-CVE-2022-24795.patch (CVE-2022-24795, bsc#1198405) ++++ qemu: - Backport SeaBIOS patches for fixing bsc#1199018 * Patches added: pci-let-firmware-reserve-IO-for-pcie-pci.patch pci-reserve-resources-for-pcie-pci-bridg.patch ------------------------------------------------------------------ ------------------ 2022-5-12 - May 12 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init & module_exit (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: hisi_sas: Remove unused variable and check in hisi_sas_send_ata_reset_each_phy() (git-fixes). - commit f9f5496 - Refresh patches.suse/0002-drm-vmwgfx-Remove-unused-compile-options.patch. Alt-commit - commit f3160fb - rxrpc: fix some null-ptr-deref bugs in server_key.c (CVE-2022-1671 bsc#1199439). - commit 8d79cf2 - Refresh patches.suse/drm-i915-ttm-ensure-we-unmap-when-purging.patch. Alt-commit - commit c56900a - virt: acrn: fix a memory leak in acrn_dev_ioctl() (CVE-2022-1651 bsc#1199433). - commit bca15e5 - RDMA/irdma: Fix possible crash due to NULL netdev in notifier (git-fixes). - commit bcb4116 - EDAC/synopsys: Read the error count from the correct register (bsc#1190497). - commit f04841f ++++ runc: - Add ExcludeArch for s390 (not s390x) since we've never supported it. ------------------------------------------------------------------ ------------------ 2022-5-11 - May 11 2022 ------------------- ------------------------------------------------------------------ ++++ hwdata: - Update to version 0.359: + Updated pci, usb and vendor ids. ++++ kernel-default: - io_uring: fix race between timeout flush and removal (bsc#1198811 CVE-2022-29582). - io_uring: Fix undefined-behaviour in io_issue_sqe (bsc#1199011). - io-wq: make worker creation resilient against signals (bsc#1199011). - io-wq: get rid of FIXED worker flag (bsc#1199011). - io-wq: only exit on fatal signals (bsc#1199011). - io-wq: split bounded and unbounded work into separate lists (bsc#1199011). Update patches.suse/io-wq-serialize-hash-clear-with-wakeup.patch (bsc#1199011). - io-wq: wqe and worker locks no longer need to be IRQ safe (bsc#1199011). Update patches.suse/io-wq-fix-queue-stalling-race.patch patches.suse/io-wq-fix-race-between-adding-work-and-activating-a-.patch patches.suse/io-wq-fix-wakeup-race-when-adding-new-work.patch patches.suse/io-wq-serialize-hash-clear-with-wakeup.patch (bsc#1199011). - io-wq: provide a way to limit max number of workers (bsc#1199011). - io-wq: move nr_running and worker_refs out of wqe->lock protection (bsc#1199011). Update patches.suse/io-wq-fix-race-between-adding-work-and-activating-a-.patch (bsc#1199011). - io_uring: remove IRQ aspect of io_ring_ctx completion lock (bsc#1199011). Update patches.suse/io_uring-fix-race-between-poll-completion-and-cancel.patch (bsc#1199011). - io_uring: run regular file completions from task_work (bsc#1199011). - io_uring: run linked timeouts from task_work (bsc#1199011). - io_uring: run timeouts from task_work (bsc#1199011). - io_uring: remove file batch-get optimisation (bsc#1199011). - io_uring: clean up tctx_task_work() (bsc#1199011). - io_uring: inline io_poll_remove_waitqs (bsc#1199011). - io_uring: remove extra argument for overflow flush (bsc#1199011). - io_uring: inline struct io_comp_state (bsc#1199011). - io_uring: use inflight_entry instead of compl.list (bsc#1199011). - io_uring: remove redundant args from cache_free (bsc#1199011). Update patches.suse/io_uring-allow-conditional-reschedule-for-intensive-.patch (bsc#1199011). - io_uring: cache __io_free_req()'d requests (bsc#1199011). - io_uring: move io_fallback_req_func() (bsc#1199011). - io_uring: optimise putting task struct (bsc#1199011). - io_uring: drop exec checks from io_req_task_submit (bsc#1199011). - io_uring: kill unused IO_IOPOLL_BATCH (bsc#1199011). - io_uring: improve ctx hang handling (bsc#1199011). - io_uring: deduplicate open iopoll check (bsc#1199011). Update patches.suse/io_uring-add-splice_fd_in-checks.patch (bsc#1199011). - io_uring: inline io_free_req_deferred (bsc#1199011). - io_uring: move io_rsrc_node_alloc() definition (bsc#1199011). - io_uring: move io_put_task() definition (bsc#1199011). - io_uring: extract a helper for ctx quiesce (bsc#1199011). - io_uring: optimise io_cqring_wait() hot path (bsc#1199011). - io_uring: add more locking annotations for submit (bsc#1199011). - io_uring: don't halt iopoll too early (bsc#1199011). - io_uring: refactor io_alloc_req (bsc#1199011). - io_uring: remove unnecessary PF_EXITING check (bsc#1199011). - io_uring: clean io-wq callbacks (bsc#1199011). - io_uring: avoid touching inode in rw prep (bsc#1199011). - io_uring: rename io_file_supports_async() (bsc#1199011). Update patches.suse/io_uring-allow-retry-for-O_NONBLOCK-if-async-is-supp.patch (bsc#1199011). - io_uring: inline fixed part of io_file_get() (bsc#1199011). - io_uring: use kvmalloc for fixed files (bsc#1199011). - io_uring: be smarter about waking multiple CQ ring waiters (bsc#1199011). - commit 9c1030b - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - commit 99a0106 - mlx5: kabi protect lag_mp (git-fixes). - commit 69118a5 - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes). - RDMA/irdma: Reduce iWARP QP destroy time (git-fixes). - RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (git-fixes). - net/mlx5: Fix matching on inner TTC (jsc#SLE-19253). - net/mlx5: Avoid double clear or set of sync reset requested (git-fixes). - net/mlx5: Fix deadlock in sync reset flow (git-fixes). - net/mlx5e: Fix trust state reset in reload (git-fixes). - net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (git-fixes). - net/mlx5e: Lag, Don't skip fib events on current dst (git-fixes). - net/mlx5e: Lag, Fix fib_info pointer assignment (git-fixes). - net/mlx5e: Lag, Fix use-after-free in fib event handler (git-fixes). - net/mlx5e: Fix the calling of update_buffer_lossy() API (git-fixes). - net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (git-fixes). - net/mlx5e: Fix wrong source vport matching on tunnel rule (jsc#SLE-19253). - bnxt_en: Fix unnecessary dropping of RX packets (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (git-fixes). - hinic: fix bug of wq out of bound access (git-fixes). - ixgbe: ensure IPsec VF<->PF compatibility (git-fixes). - ice: fix use-after-free when deinitializing mailbox snapshot (git-fixes). - ice: Protect vf_state check by cfg_lock in ice_vc_process_vf_msg() (jsc#SLE-18375). - ice: Fix incorrect locking in ice_vc_process_vf_msg() (jsc#SLE-18375). - net: hns3: add return value for mailbox handling in PF (bsc#1190336). - net: hns3: add validity check for message data length (git-fixes). - net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (git-fixes). - net: hns3: align the debugfs output to the left (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (git-fixes). - igc: Fix suspending when PTM is active (jsc#SLE-18377). - igc: Fix BUG: scheduling while atomic (git-fixes). - igc: Fix infinite loop in release_swfw_sync (git-fixes). - ice: fix crash in switchdev mode (jsc#SLE-18375). - ice: allow creating VFs for !CONFIG_NET_SWITCHDEV (jsc#SLE-18375). - RDMA/hfi1: Fix use-after-free bug for mm struct (git-fixes). - IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition (git-fixes). - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes). - RDMA/mlx5: Add a missing update of cache->last_add (git-fixes). - RDMA/mlx5: Don't remove cache MRs when a delay is needed (git-fixes). - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes). - RDMA/irdma: Prevent some integer underflows (git-fixes). - IB/hfi1: Allow larger MTU without AIP (git-fixes). - RDMA/irdma: Remove incorrect masking of PD (git-fixes). - RDMA/irdma: Fix Passthrough mode in VM (git-fixes). - RDMA/irdma: Fix netdev notifications for vlan's (git-fixes). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (git-fixes). - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes). - RDMA/rxe: Check the last packet by RXE_END_MASK (git-fixes). - RDMA/core: Set MR type in ib_reg_user_mr (git-fixes). - commit e0ed03e - Update patches.suse/NFSv4-nfs_atomic_open-can-race-when-looking-up-a-non.patch (bsc#1195612 CVE-2022-24448 git-fixes). - commit b03bb3a - kABI: i2c: smbus: restore of_ alert variant (jsc#SLE-24569). kABI fix for "i2c: smbus: Use device_*() functions instead of of_*()" - commit d0b5048 - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - commit b5efaae - kABI: ivtv: restore caps member (git-fixes). - commit 8aa5382 - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - commit 4b98fe7 - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - commit 6ac6205 - blacklist.conf: cleanup designed to break kABI - commit ca96b43 - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - commit bdb5025 - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - Refresh patches.suse/media-davinci-vpif-fix-unbalanced-runtime-PM-enable.patch. - commit 05ac27d - media: videobuf2: Fix the size printk format (git-fixes). - commit c3df4b9 - PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.") (bsc#1199405). - PCI: vmd: Assign VMD IRQ domain before enumeration (bsc#1199405). - commit 93b2923 ++++ kernel-firmware: - Update to version 20220509 (git commit b19cbdca78ab): * mediatek: Update mt8183 SCP firmware * ice: Update package to 1.3.28.0 * i915: Add DMC v2.06 for DG2 * rtl_bt: Update RTL8852A BT USB firmware to 0xDBB7_C1D9 * amdgpu: update psp_13_0_8 firmware * amdgpu: update gc_10_3_7_rlc firmware * amdgpu: update dcn_3_1_6_dmcub firmware * ath11k: QCA6390 hw2.0: update to WLAN.HST.1.0.1-05266-QCAHSTSWPLZ_V2_TO_X86-1 * qcom: add firmware files for Adreno a420 & related generations * qcom: add firmware files for Adreno a330 * qcom: add firmware files for Adreno a220 * i915: Add GuC v70.1.2 for DG2 * rtw89: 8852c: add new firmware v0.27.20.0 for RTL8852C * Mellanox: Add lc_ini_bundle for xx.2010.1006 * Mellanox: xx.2010.1502: Distribute non-xz-compressed lc_ini_bundle * ath10k: QCA9984 hw1.0: update board-2.bin * ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00156 * ath10k: QCA9888 hw2.0: update board-2.bin * ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00156 * ath10k: QCA6174 hw3.0: update board-2.bin * ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00288-QCARMSWPZ-1 * ath10k: QCA4019 hw1.0: update board-2.bin * ath10k: QCA99X0 hw2.0: add board-2.bin * ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.7 * ath11k: WCN6750 hw1.0: add to WLAN.MSL.1.0.1-00887-QCAMSLSWPLZ-1 * ath11k: WCN6750 hw1.0: add board-2.bin * ath11k: QCN9074 hw1.0: add to WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1 * ath11k: QCN9074 hw1.0: add board-2.bin * ath11k: QCA6390 hw2.0: update board-2.bin * ath11k: IPQ8074 hw2.0: update to WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1 * ath11k: IPQ8074 hw2.0: update board-2.bin * ath11k: IPQ6018 hw1.0: update to WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1 * ath11k: IPQ6018 hw1.0: update board-2.bin * Mellanox: Add new mlxsw_spectrum firmware xx.2010.1502 * amdgpu: update yellow carp DMCUB firmware * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * linux-firmware: update firmware for MT7922 WiFi device * mediatek: Add mt8195 SCP firmware * qcom: apq8096: add modem firmware * qcom: apq8096: add aDSP firmware * rtl_bt: Add firmware and config files for RTL8852C * i915: Add GuC v70.1.1 for all platforms - Update aliases ++++ multipath-tools: - Update to version 0.8.9+90+suse.71a70fb: * support overriding -D_FORTIFY_SOURCE in OPTFLAGS * add -U_FORTIFY_SOURCE to optflags to avoid compilation errors on old distros ++++ mozilla-nss: - Run test suite at build time, and make it pass (bsc#1198486). Based on work by Marcus Meissner. - Add nss-fips-tests-skip.patch to skip algorithms that are hard disabled in FIPS mode. - Add nss-fips-tests-pin-paypalee-cert.patch to prevent expired PayPalEE cert from failing the tests. - Add nss-fips-tests-enable-fips.patch, which enables FIPS during test certificate creation and disables the library checksum validation during same. - Update nss-fips-constructor-self-tests.patch to allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. ++++ pcre: - Added pcre-8.45-bsc1199232-unicode-property-matching.patch * bsc#1199232 * CVE-2022-1586 * Fixes unicode property matching issue ++++ runc: - Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. CVE-2022-29162 bsc#1199460 * A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and CVE-2022-29162. bsc#1199460 * `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. ++++ samba: - Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time; (bsc#1199362); ------------------------------------------------------------------ ------------------ 2022-5-10 - May 10 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: Update with patches added to perf userspace package - commit 53e42ae - perf/core: Fix perf_mmap fail when CONFIG_PERF_USE_VMALLOC enabled (git fixes). - perf/core: Fix perf_cgroup_switch() (git fixes). - perf/core: Don't pass task around when ctx sched in (git-fixes). - perf/x86/intel: Update the FRONTEND MSR mask on Sapphire Rapids (git fixes). - riscv: Fix fill_callchain return value (git fixes). - perf/x86/intel/pt: Fix address filter config for 32-bit kernel (git fixes). - perf/core: Fix address filter parser for multiple filters (git fixes). - perf: Fix list corruption in perf_cgroup_switch() (git fixes). - perf/x86/intel/pt: Fix crash with stop filters in single-range mode (git fixes). - perf: Copy perf_event_attr::sig_data on modification (git fixes). - perf/core: Fix cgroup event list management (git fixes). - commit b000f7c - EDAC/amd64: Add new register offset support and related changes (jsc#SLE-19026). - commit 7cc0f4f - EDAC/amd64: Set memory type per DIMM (jsc#SLE-19026). - commit c9b5d42 - rfkill: make new event layout opt-in (git-fixes). - memblock: fix memblock_phys_alloc() section mismatch error (git-fixes). - commit d7f018a - kABI workaround for pci quirks (git-fixes). - commit 0375f50 - PCI/switchtec: Add Gen4 automotive device IDs (git-fixes). - PCI: Work around Intel I210 ROM BAR overlap defect (git-fixes). - commit 46181b6 - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - commit e981ed9 - sched: Teach the forced-newidle balancer about CPU affinity (git-fixes) - commit 79ac66a - sched/core: Fix forceidle balancing (git-fixes) - commit f2b329d - sched/rt: Plug rt_mutex_setprio() vs push_rt_task() race (git-fixes) - commit a094ea3 - sched/cpuacct: Fix charge percpu cpuusage (git-fixes) - commit 82932b7 - sched/sugov: Ignore 'busy' filter when rq is capped by (git-fixes) - commit e583c29 - sched/core: Export pelt_thermal_tp (git-fixes) - commit 74c8b44 - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - commit fbf6ec4 - sched/membarrier: Fix membarrier-rseq fence command missing (git-fixes) - commit c72ea8a - psi: fix "defined but not used" warnings when (git-fixes) - commit 0e31231 - sched/pelt: Relax the sync of util_sum with util_avg (git-fixes) - commit 8f64d02 - sched/rt: Try to restart rt period timer when rt runtime (git-fixes) - commit 778665f - sched/cpuacct: Fix user/system in shown cpuacct.usage* (git-fixes) - commit 898fead - cputime, cpuacct: Include guest time in user time in (git-fixes) - commit 713d40a - sched/scs: Reset task stack state in bringup_cpu() (git-fixes) - commit 8d26b54 - sched/core: Mitigate race (git-fixes) - commit 8899862 - genirq: Synchronize interrupt thread startup (git-fixes) - commit ac80f16 - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - commit a7563af - PCI: Add ACS quirk for Pericom PI7C9X2G switches (bsc#1199390). - Refresh patches.suse/PCI-Add-MSI-masking-quirk-for-Nvidia-ION-AHCI.patch. - commit 972d035 - timekeeping: Mark NMI safe time accessors as notrace (git-fixes) - commit 51fb8ef - timers: Fix warning condition in __run_timers() (git-fixes) - commit 9c2fbb7 - usb: dwc3: core: Fix tx/rx threshold settings (git-fixes). - commit 8e2b11d - mt76: mt7921e: fix possible probe failure after reboot (bsc#1198835). - commit 22aa9c2 - Revert "btrfs: props: change how empty value is interpreted" (bsc#1195224) - commit 49db222 - platform/surface: aggregator: Fix initialization order when compiling as builtin module (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-P (git-fixes). - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - xhci: Enable runtime PM on second Alderlake controller (git-fixes). - USB: quirks: add STRING quirk for VCOM device (git-fixes). - USB: quirks: add a Realtek card reader (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). - ARM: dts: at91: fix pinctrl phandles (git-fixes). - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes). - ASoC: Intel: soc-acpi: correct device endpoints for max98373 (git-fixes). - commit fd76029 - btrfs: qgroup: fix deadlock between rescan worker and remove qgroup (bsc#1199295). - btrfs: fix deadlock between quota disable and qgroup rescan worker (bsc#1199295). - commit 0d6264b ++++ multipath-tools: - Update to version 0.8.9+87+suse.a1eb122: * add ability to autodetect support for -D_FORTIFY_SOURCE=3 ++++ libarchive: - Fix CVE-2022-26280 out-of-bounds read via the component zipx_lzma_alone_init (CVE-2022-26280, bsc#1197634) * fix-CVE-2022-26280.patch ++++ gcc12: - Enable PRU architecture for AM335x platforms ++++ libtirpc: - fix memory leak in params.r_addr assignement (bsc#1198752) - add 0001-fix-parms.r_addr-memory-leak.patch ------------------------------------------------------------------ ------------------ 2022-5-9 - May 9 2022 ------------------- ------------------------------------------------------------------ ++++ checkpolicy: - Update to version 3.4 * warn on bogus IP address or netmask in nodecon statement * allow wildcard permissions in constraints * mention class name on invalid permission ++++ firewalld: - Fix regression introduced in previous patch (an api change to a function also needed backporting) (bsc#1198814) * feature-upstream-new-check-config-1.patch * feature-upstream-new-check-config-2.patch ++++ gnutls: - FIPS: Make sure zeroization is performed in all API functions * Add gnutls-zeroization-API-functions.patch [bsc#1191021] * Upsream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1573 - FIPS: Add missing requirements for the SLI [bsc#1190698] * Remove 3DES from FIPS approved algorithms: - gnutls-Remove-3DES-from-FIPS-approved-algos.patch - Upstream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1570 * DRBG service (gnutls_rnd) should be considered approved: - gnutls-Add-missing-FIPS-service-indicator-transitions.patch - gnutls-Add-missing-FIPS-service-indicator-transitions-tests.patch - gnutls-pkcs12-tighten-algorithm-checks-under-FIPS.patch - Upstream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1569 ++++ open-iscsi: - Update to latest upstream, including: * Added 'distclean' to Makefile targets * Ensure Makefile '.PHONY' targets set up correctly * fix an iscsid logout bug generating a false error and cleanup logout error messages ++++ kernel-default: - usb: phy: generic: Get the vbus supply (git-fixes). - usb: dwc3: gadget: Return proper request status (git-fixes). - usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - usb: core: Don't hold the device lock while sleeping in do_proc_control() (git-fixes). - usb: dwc3: Try usb-role-switch first in dwc3_drd_init (git-fixes). - commit d2780c0 - smsc911x: allow using IRQ0 (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - platform/x86: asus-wmi: Fix driver not binding when fan curve control probe fails (git-fixes). - reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes). - commit 41345c7 - phy: amlogic: fix error path in phy_g12a_usb3_pcie_probe() (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - platform/x86: asus-wmi: Potential buffer overflow in asus_wmi_evaluate_method_buf() (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl: samsung: fix missing GPIOLIB on ARM64 Exynos config (git-fixes). - pinctrl: stm32: Do not call stm32_gpio_get() for edge triggered IRQs in EOI (git-fixes). - pinctrl: mediatek: moore: Fix build error (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - commit 9d4b763 - NFC: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - net: phy: marvell10g: fix return value on error (git-fixes). - mtd: rawnand: qcom: fix memory corruption that causes panic (git-fixes). - net: atlantic: Avoid out-of-bounds indexing (git-fixes). - commit fe2e8be - mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (git-fixes). - mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (git-fixes). - mmc: core: Set HS clock speed before sending HS CMD13 (git-fixes). - iio: imu: inv_icm42600: Fix I2C init possible nack (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - memory: renesas-rpc-if: Fix HF/OSPI data transfer in Manual Mode (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - commit a6c239d - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: visconti: Fix fwnode of GPIO IRQ (git-fixes). - gpio: mvebu: drop pwm base assignment (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - hwmon: (pmbus) disable PEC if not enabled (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio:imu:bmi160: disable regulator in error path (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - commit 50f4170 - drm/msm/dp: remove fail safe mode related code (git-fixes). - patches.suse/cpufreq-fix-memory-leak-in-sun50i_cpufreq_nvmem_prob.patch: (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/disp: check the return value of kzalloc() (git-fixes). - dma-mapping: remove bogus test for pfn_valid from dma_map_resource (git-fixes). - commit b82dad2 - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - can: grcan: only use the NAPI poll budget for RX (git-fixes). - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Make omap3 gpt12 quirk handling SoC specific (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - commit 83b9c18 - ASoC: soc-ops: fix error handling (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes). - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes). - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes). - ARM: dts: Fix mmc order for omap3-gta04 (git-fixes). - ARM: dts: dra7: Fix suspend warning for vpe powerdomain (git-fixes). - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes). - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes). - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO pin labeling for CON1 (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12B boards (git-fixes). - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes). - Revert "ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40" (git-fixes). - ACPI: processor: idle: Avoid falling back to C3 type C-states (git-fixes). - arm64: dts: imx: Fix imx8*-var-som touchscreen property sizes (git-fixes). - ARM: vexpress/spc: Avoid negative array index when !SMP (git-fixes). - ARM: dts: socfpga: change qspi to "intel,socfpga-qspi" (git-fixes). - commit 3579a34 - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - commit d8dc579 - IB/mlx5: Expose NDR speed through MAD (bsc#1196930). - commit 7688043 - series.conf: cleanup - Move submitted patch to "sorted" section patches.suse/0001-SUNRPC-change-locking-for-xs_swap_enable-disable.patch - commit 56d34ef - Correct a typo in the patch reference for hisilicon fix (bsc#1198240) - commit 358b264 - dmaengine: ptdma: handle the cases based on DMA is complete (jsc#SLE-21315). - dmaengine: ptdma: fix concurrency issue with multiple dma transfer (jsc#SLE-21315). - commit 8fc1419 - Revert "SUNRPC: attempt AF_LOCAL connect on setup" (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - NFSv4: Don't invalidate inode attributes on delegation return (git-fixes). - SUNRPC release the transport of a relocated task with an assigned transport (git-fixes). - commit 98bffb1 ++++ multipath-tools: - Update to version 0.8.9+85+suse.a9da21c: * This is a pre-release of multipath-tools 0.9.0 * multipath.conf: add "protocol" subsection in "overrides" section This allows to set "dev_loss_tmo", "fast_io_fail_tmo", and "eh_deadline" on a per-protocol basis rather than per storage * multipath.conf: drop support for deprecated options: getuid_callout, pg_timeout, config_dir, multipath_dir * multipathd: don't switch to DAEMON_IDLE during startup (bsc#1199346, bsc#1197570) * multipathd: avoid delays during uevent processing (bsc#1199347) * Fixes for minor issues reported by coverity * Fix for memory leak with uid_attrs * Fix possibility to redefine -D_FORTIFY_SOURCE macro. * Updates for built in hardware db ++++ libselinux: - Update to version 3.4: * Use PCRE2 by default * Make selinux_log() and is_context_customizable() thread-safe * Prevent leakeing file descriptors * Correctly hash specfiles larger than 4G - Refreshed skip_cycles.patch ++++ libsemanage: - Update to version 3.4 * Optionally rebuild policy when modules are changed externally * Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() * Allow spaces in user/group names ++++ libsepol: - Update to version 3.4 * Add 'ioctl_skip_cloexec' policy capability * Add sepol_av_perm_to_string * Add policy utilities * Support IPv4/IPv6 address embedding * Hardened/added many validations * Add support for file types in writing out policy.conf * Allow optional file type in genfscon rules ++++ udisks2: - CVE-2021-3802: fix insecure defaults in user-accessible mount helpers (bsc#1190606) + add 0001-mount-options-Always-use-errors-remount-ro-for-ext-f.patch ++++ policycoreutils: - Update to version 3.4 * fixfiles: Use parallel relabeling - Refreshed patches * get_os_version.patch * run_init.pamd.patch ++++ libselinux-bindings: - Update to version 3.4: * Use PCRE2 by default * Make selinux_log() and is_context_customizable() thread-safe * Prevent leakeing file descriptors * Correctly hash specfiles larger than 4G - Refreshed skip_cycles.patch ++++ python-semanage: - Update to version 3.4 * Optionally rebuild policy when modules are changed externally * Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() * Allow spaces in user/group names ++++ restorecond: - Update to version 3.4 * Support parallel relabeling ------------------------------------------------------------------ ------------------ 2022-5-8 - May 8 2022 ------------------- ------------------------------------------------------------------ ++++ sqlite3: - update to 3.38.5: * Fix a blunder in the CLI of the 3.38.4 release - includes changes from 3.38.4: * fix a byte-code problem in the Bloom filter pull-down optimization added by release 3.38.0 in which an error in the byte code causes the byte code engine to enter an infinite loop when the pull-down optimization encounters a NULL key ------------------------------------------------------------------ ------------------ 2022-5-6 - May 6 2022 ------------------- ------------------------------------------------------------------ ++++ open-iscsi: - Updated to latest upstream version, tagged 2.1.7. Changes included: * updated/fixed test script * updated build system * several bug fixes, including one for bsc#1199264 ++++ kernel-default: - cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit e7a2e2d - cifs: prevent bad output lengths in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit 3a95308 - powerpc/vdso: Fix incorrect CFI in gettimeofday.S (bsc#1199173 ltc#197388). - powerpc/vdso: Remove cvdso_call_time macro (bsc#1199173 ltc#197388). - commit da8812a - drm/connector: Fix typo in output format (bsc#1190786) - commit b29d4f3 - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - commit 5d4e32c ++++ gcc12: - Update to GCC 12.1 release, 1ea978e3066ac565a1ec28a96a4d61, git27 ++++ openldap2: - bsc#1199240 - CVE-2022-29155 - Resolve sql injection in back-sql * 0242-ITS-9815-slapd-sql-escape-filter-values.patch ++++ tiff: - security update * CVE-2022-0561 [bsc#1195964] + tiff-CVE-2022-0561.patch * CVE-2022-0562 [bsc#1195965] + tiff-CVE-2022-0562.patch * CVE-2022-0865 [bsc#1197066] + tiff-CVE-2022-0865.patch * CVE-2022-0909 [bsc#1197072] + tiff-CVE-2022-0909.patch * CVE-2022-0924 [bsc#1197073] + tiff-CVE-2022-0924.patch * CVE-2022-0908 [bsc#1197074] + tiff-CVE-2022-0908.patch - security update * CVE-2022-1056 [bsc#1197631] * CVE-2022-0891 [bsc#1197068] + tiff-CVE-2022-1056,CVE-2022-0891.patch ++++ yast2: - Avoid build failures when packager is not available (related to bsc#1196674) - 4.4.50 ------------------------------------------------------------------ ------------------ 2022-5-5 - May 5 2022 ------------------- ------------------------------------------------------------------ ++++ conmon: - Update to version 2.1.0 * logging: buffer partial messages to journald * exit: close all fds >= 3 * fix: cgroup: Free memory_cgroup_file_path if open fails. Call g_free instead of free. - Update to version 2.0.32 * Fix: Avoid mainfd_std{in,out} sharing the same file descriptor. * exit_command: Fix: unset subreaper attribute before running exit command - Update to version 2.0.31 * logging: new mode -l passthrough * ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald * conmon: Fix: free userdata files before exec cleanup ++++ curl: - Securiy fix: [bsc#1199223, CVE-2022-27781] * CERTINFO never-ending busy-loop * Add curl-CVE-2022-27781.patch - Securiy fix: [bsc#1199224, CVE-2022-27782] * TLS and SSH connection too eager reuse * Add curl-CVE-2022-27782.patch ++++ gzip: - Add support to zstd in zgrep, fixes bsc#1198922 * xz_lzma.patch -> xz_lzma_zstd.patch ++++ kernel-default: - iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (bsc#1198826). - commit 4d2a151 - Update patches.suse/sched-topology-Skip-updating-masks-for-non-online-nodes.patch (bsc#1189999 (Scheduler functional and performance backports) stable-5.14.4 bsc#1197446 ltc#183000). - commit 65227e4 - Update patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes bsc#1197446 ltc#183000). - commit 0d949cf - blacklist.conf: Append 'drm/vmwgfx: Remove the dedicated memory accounting' - commit a8ed0eb - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1190786) - commit 43899b4 - drm/amdkfd: Fix GWS queue count (bsc#1190786) - commit 1accf3c - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (bsc#1190497) - commit 07b3f3d - drm/i915: Check EDID for HDR static metadata when choosing blc (bsc#1190497) - commit f637f05 - drm/sun4i: Remove obsolete references to PHYS_OFFSET (bsc#1190786) - commit bd1333e - drm/edid: fix CEA extension byte #3 parsing (bsc#1190786) - commit 9bc8018 - drm/msm/dp: do not initialize phy until plugin interrupt received (bsc#1190497) - commit 48859f6 - drm/dp: Fix OOB read when handling Post Cursor2 register (bsc#1190786) - commit 69a0208 - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1190497) - commit 50f9562 - drm/bridge: sn65dsi83: Fix an error handling path in (bsc#1190786) - commit b91046a - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1190497) - commit 141dc64 - Update patches.suse/ovl-fix-missing-negative-dentry-check-in-ovl_rename.patch (stable-5.14.12 CVE-2021-20321 bsc#1191647). - commit babea76 ++++ pcre2: - do not enable jit-sealloc [bsc#1182864] [bsc#1199208] - enable jit for s390x [bsc#1199196] ++++ libqmi: - Update to 1.30.6 * meson: fix 'export_packages' in GIR setup. * net-port-manager: use unaligned netlink attribute length. - Drop the unneeded rpmlintrc file ++++ mokutil: - Add the following patches against bsc#1198458 mokutil-enable-setting-fallback-verbosity-and-norebo.patch mokutil-SBAT-revocation-update-support.patch ------------------------------------------------------------------ ------------------ 2022-5-4 - May 4 2022 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.271.g70f710e4: * fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970) * fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461) * fix(dracut-install): copy files preserving ownership attributes (bsc#1197967) * fix(crypt): remove quotes from cryptsetupopts (bsc#1197635) * fix(lvm): restore setting LVM_MD_PV_ACTIVATED (bsc#1195604) * fix(iscsi): remove unneeded iscsi NOP-disable code (bsc#1196267) * fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508) * fix(bluetooth): make hostonly configuration files optional (bsc#1195047) ++++ kdump: - kdumptool calibrate: add more margin to reservation calculations (bsc#1196728) - remount target filesystem r/w for fadump (bsc1197125) - stop reloading FADump on CPU hot-add event (jsc#IBM-768) - mkdumprd: add option to run dracut in debug mode ++++ kernel-default: - ixgbevf: add disable link state (bsc#1196426 CVE-2021-33061). - ixgbe: add improvement for MDD response functionality (bsc#1196426 CVE-2021-33061). - ixgbe: add the ability for the PF to disable VF link state (bsc#1196426 CVE-2021-33061). - ixgbevf: Rename MSGTYPE to SUCCESS and FAILURE (bsc#1196426 CVE-2021-33061). - commit 2fd39fc - objtool: Fix code relocs vs weak symbols (git-fixes). - commit 81c18f2 - objtool: Fix type of reloc::addend (git-fixes). - commit 5275283 - arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (git-fixes) - commit 5ffcf97 - ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC (git-fixes) - commit a2d2d45 - arm64: dts: imx8mn: Fix SAI nodes (git-fixes) - commit a8720fd - arm64: dts: imx8qm: Correct SCU clock controller's compatible (git-fixes) - commit 3e3920e - arm64: dts: imx8mm-venice: fix spi2 pin configuration (git-fixes) - commit 0cca427 - arm64: Ensure execute-only permissions are not allowed without EPAN (git-fixes) - commit b2af869 - arm64: Mark start_backtrace() notrace and NOKPROBE_SYMBOL (git-fixes) - commit 246426c - powerpc/fadump: opt out from freeing pages on cma activation failure (bsc#1195099 ltc#196102). - mm/cma: provide option to opt out from exposing pages on activation failure (bsc#1195099 ltc#196102). - commit 31f1720 - blacklist.conf: misattributed - commit 756ddb2 - blacklist.conf: misattributed - commit be08eef ++++ salt: - Fixes for Python 3.10 - Added: * fixes-for-python-3.10-502.patch ------------------------------------------------------------------ ------------------ 2022-5-3 - May 3 2022 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 4.0.0~rc3 - Add Snapshot interface - Reworked signal handling: All public signals are sent from the main thread now, keeping the same sender for everything - Implement D-Bus call "Execute" for Transactions - Implement interface for listing Snapshots - Implement Reboot interface - Fix bug when using --continue on old snapshots - Fix hypothetical integer overflow in snapshot list [bsc#1196826] - Fix wrong sort order in status command [gh#openSUSE/transactional-update#80] ++++ kernel-default: - maple: fix wrong return value of maple_bus_init() (git-fixes). - commit d0d35dc - blacklist.conf: build fix selecting option we also switch on anyway - commit 6f69579 - staging: most: dim2: use device release method (git-fixes). - commit d4c20d1 - staging: most: dim2: use if statements instead of ?: expressions (git-fixes). - commit 1ea304e - staging: most: dim2: force fcnt=3 on Renesas GEN3 (git-fixes). - commit 969c772 - blacklist.conf: kABI - commit 8e45e34 - blacklist.conf: kABI - commit 5d5e0d0 - blacklist.conf: sysfs API changed - commit c5b9546 - staging: vc04_services: shut up out-of-range warning (git-fixes). - commit 9d74580 - staging: vchiq: Move vchiq char driver to its own file (git-fixes). - commit 7bbf632 - staging: vchiq: Move certain declarations to vchiq_arm.h (git-fixes). - commit 08ac3f2 - staging: vchiq: Refactor vchiq cdev code (git-fixes). - commit 9db9b52 - bnx2x: fix napi API usage sequence (bsc#1198217). - commit fc7abbc - iova: Export alloc_iova_fast() and free_iova_fast() (bsc#1199124). - commit 281942e - blacklist.conf: Append 'drm/panel: Select DRM_DP_HELPER for DRM_PANEL_EDP' - commit b961f67 - blacklist.conf: Append 'drm/i915: Drop all references to DRM IRQ midlayer' - commit 3e918db - fbcon: Avoid 'cap' set but not used warning (bsc#1190786) - commit 6f2bdc4 - drm/vmwgfx: Remove unused compile options (bsc#1190786) - commit f42c964 ++++ Mesa: - _constraints: * raised requirements to 9 GB disk space and added aarch64 architecture (bsc#1199040) ++++ selinux-policy: - Modified fix_init.patch to allow init to setup contrained environment for accountsservice. This needs a better, more general solution (bsc#1197610) ++++ yast2: - Show what product is being installed (bsc#1196674) - 4.4.49 ------------------------------------------------------------------ ------------------ 2022-5-2 - May 2 2022 ------------------- ------------------------------------------------------------------ ++++ ca-certificates-mozilla: - Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 ++++ kernel-default: - x86/cpu: Load microcode during restore_processor_state() (bsc#1190497). - commit 46f9e01 - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - commit 7e012e8 - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - Revert "ibmvnic: Add ethtool private flag for driver-defined queue limits" (bsc#1121726 ltc#174633 git-fixes). - commit 31a517e - usb: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - commit f661d38 - usb: cdns3: Fix issue for clear halt endpoint (git-fixes). - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (git-fixes). - commit 43d19fc - USB: Fix xhci event ring dequeue pointer ERDP update issue (git-fixes). - commit 15f3b27 - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - commit b6b3f56 - usb: xhci: tegra:Fix PM usage reference leak of tegra_xusb_unpowergate_partitions (git-fixes). - commit f643026 - video: fbdev: udlfb: properly check endpoint type (bsc#1190497) - commit f2e5e0c - Revert "fbcon: Disable accelerated scrolling" (bsc#1190786) - commit 4f27b8d ++++ nftables: - add 0001-cache-check-for-NULL-chain-in-cache_init.patch: this fixes rare crashes that could occur e.g. in firewalld (bsc#1197606). ++++ openssl-1_1: - FIPS: Added signature verification test to bsc1185319-FIPS-KAT-for-ECDSA.patch ++++ libxml2: - Update to 2.9.14: * Security: + [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer + Fix potential double-free in xmlXPtrStringRangeFunction + Fix memory leak in xmlFindCharEncodingHandler + Normalize XPath strings in-place + Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() + Fix leak of xmlElementContent * Bug fixes: + Fix parsing of subtracted regex character classes + Fix recursion check in xinclude.c + Reset last error in xmlCleanupGlobals + Fix certain combinations of regex range quantifiers + Fix range quantifier on subregex * Improvements: + Fix recovery from invalid HTML start tags * Build system, portability: + Define LFS macros before including system headers + Initialize XPath floating-point globals + configure: check for icu DEFS + configure.ac: produce tar.xz only (GNOME policy) + CMakeLists.txt: Fix LIBXML_VERSION_NUMBER + Fix build with older Python versions + Fix --without-valid build ++++ libxml2-python: - Update to 2.9.14: * Security: + [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer + Fix potential double-free in xmlXPtrStringRangeFunction + Fix memory leak in xmlFindCharEncodingHandler + Normalize XPath strings in-place + Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() + Fix leak of xmlElementContent * Bug fixes: + Fix parsing of subtracted regex character classes + Fix recursion check in xinclude.c + Reset last error in xmlCleanupGlobals + Fix certain combinations of regex range quantifiers + Fix range quantifier on subregex * Improvements: + Fix recovery from invalid HTML start tags * Build system, portability: + Define LFS macros before including system headers + Initialize XPath floating-point globals + configure: check for icu DEFS + configure.ac: produce tar.xz only (GNOME policy) + CMakeLists.txt: Fix LIBXML_VERSION_NUMBER + Fix build with older Python versions + Fix --without-valid build ++++ selinux-policy: - Add systemd_domain_dyntrans_type.patch to allow systemd to dyntransition. This happens in certain boot conditions (bsc#1182500) - Changed fix_unconfineduser.patch to not transition into ldconfig_t from unconfined_t (bsc#1197169) ------------------------------------------------------------------ ------------------ 2022-5-1 - May 1 2022 ------------------- ------------------------------------------------------------------ ++++ ovmf: - Respin amd-sev and amd-sev-es features After more testing, we found that not all descriptors can support both amd-sev with amd-sev-es. So we removed all amd-sev and amd-sev-es feature tags but only keep them in ovmf-x86_64-2m.json and 60-ovmf-x86_64.json. (bsc#1198246#c75) ------------------------------------------------------------------ ------------------ 2022-4-29 - Apr 29 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add php8-fpm-mr876.patch so that php8 php-fpm can read its config (boo#1186267#c11) - parser: add conflict with apparmor-utils < 3.0 to avoid aa-status file conflict on upgrade (boo#1198958) - utils: add missing dependency on apparmor-parser (boo#1198958#c4) ++++ cockpit-tukit: - Initial package with version 0.0.3~git0.d4aa7e9: * Switch to ExecuteAndReboot * Add no-reboot actions to snapshot menus * Add some "write" actions * Disable actions during updates checking * Add updates error to status * Add _service file comment * Add OBS service definition * Fix license and files in spec * Switch cockpit-devel lib to last stable * Add missing global variables ++++ curl: - Security fix: [bsc#1198608, CVE-2022-27774] * Credential leak on redirect * Add curl-CVE-2022-27774-2.patch + openssl: don't leak the SRP credentials in redirects either + this is a follow up patch after the initial patch. ++++ docker: - Add patch to update golang.org/x/crypto for CVE-2021-43565 and CVE-2022-27191. bsc#1193930 bsc#1197284 * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch ++++ e2fsprogs: - libext2fs-add-sanity-check-to-extent-manipulation.patch: libext2fs: add sanity check to extent manipulation (bsc#1198446 CVE-2022-1304) ++++ librsvg: - Update to version 2.52.8: + Catch circular references when rendering patterns. ++++ glib2: - Update to version 2.70.5: Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555 ++++ kernel-default: - Update patches.suse/net-x25-Fix-null-ptr-deref-caused-by-x25_disconnect.patch references (add CVE-2022-1516 bsc#1199012). - commit defb183 - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Avoid false marking of bic as stably merged (bsc#1197926). - commit 7175383 - Update config files (bsc#1199024). arm LIBNVDIMM y->m ppc64le ND_BLK ->m - commit 8d0e602 ++++ libapparmor: - add php8-fpm-mr876.patch so that php8 php-fpm can read its config (boo#1186267#c11) - parser: add conflict with apparmor-utils < 3.0 to avoid aa-status file conflict on upgrade (boo#1198958) - utils: add missing dependency on apparmor-parser (boo#1198958#c4) ++++ gcc12: - Bump to 621650f64fb6679c457c33abf27c925f28bddc62, git9 * GCC 12.1 release candidate ++++ systemd: - Call pam_loginuid when creating user@.service (bsc#1198507) It's a backport of upstream commit 1000522a60ceade446773c67031b47a566d4a70d. ++++ liburing2: - avoid requiring kernel-default (bsc#1193522) ++++ samba: - Add missing samba-client requirement to samba-winbind package; (bsc#1198255); ------------------------------------------------------------------ ------------------ 2022-4-28 - Apr 28 2022 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.252.g4988b0bf: * fix(resume): do not add this module if there is no suitable swap (bsc#1198095) * feat(resume): improve sanity check by verifying volatile swap (bsc#1198095) * feat(resume): sanity check (bsc#1197192) ++++ kernel-default: - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - commit 4ed546a - Restore kabi after Revert "NFSv4: Handle the special Linux file open access mode" (git-fixes). - commit d756a21 - SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - Revert "NFSv4: Handle the special Linux file open access mode" (git-fixes). - commit 84eb02f - Refresh patches.suse/nfsd-Fix-a-write-performance-regression.patch. Add correct git-commit - commit cd70e53 ++++ gcc12: - Bump to f27848a5dc4d3b16cd4112bddcb59e0916eba623, git192706. - Switch ppc64le to the IEEE long double ABI by default in Factory. - Separate ppc64le from ppc/ppc64 specific configury. - Add _multibuild to gather all .spec files and reduce the number of .changes files to one, autogenerated by change_spec. - Drop %ringdisabled handling. - Ada bootstrap now requires at least GCC 5, use GCC 7 on SLES 12 instead of GCC 4.8. ++++ sqlite3: - update to 3.38.3: * Fix a case of the query planner be overly aggressive with optimizing automatic-index and Bloom-filter construction, using inappropriate ON clause terms to restrict the size of the automatic-index or Bloom filter, and resulting in missing rows in the output. * Other minor patches. See the timeline for details. ------------------------------------------------------------------ ------------------ 2022-4-27 - Apr 27 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - Enhance zgrep-profile-mr870.diff to also allow/support zstd (boo#1198922). ++++ kernel-default: - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - commit 7a0d7a4 - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - commit 3134a62 - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - commit de1e36e - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - commit e3d62d0 - scsi: block: PM fix blk_post_runtime_resume() args (bsc#1198802). - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: libsas: Keep host active while processing events (bsc#1198802). - scsi: libsas: Defer works of new phys during suspend (bsc#1198802). - scsi: libsas: Refactor sas_queue_deferred_work() (bsc#1198802). - scsi: libsas: Add flag SAS_HA_RESUMING (bsc#1198802). - scsi: libsas: Resume host while sending SMP I/Os (bsc#1198802). - scsi: hisi_sas: Add more logs for runtime suspend/resume (bsc#1198802). - scsi: libsas: Insert PORTE_BROADCAST_RCVD event for resuming host (bsc#1198802). - scsi: mvsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802). - scsi: hisi_sas: Fix some issues related to asd_sas_port->phy_list (bsc#1198802). - scsi: libsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802). - scsi: block: pm: Always set request queue runtime active in blk_post_runtime_resume() (bsc#1198802). - scsi: libsas: Don't always drain event workqueue for HA resume (bsc#1198802). - scsi: hisi_sas: Wait for phyup in hisi_sas_control_phy() (bsc#1198802). - scsi: hisi_sas: Initialise devices in .slave_alloc callback (bsc#1198802). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - commit 8be5c1e ++++ libapparmor: - Enhance zgrep-profile-mr870.diff to also allow/support zstd (boo#1198922). ++++ libeconf: - Update to version 0.4.6+git20220427.3016f4e: * econftool: * * Parsing error: Reporting file and line nr. * * --delimeters=spaces Taking all kind of spaces for delimiter * libeconf: Fixed bsc#1198165: Parsing files correctly which have space characters AND none space characters as delimiters. ++++ gcc12: - Drop no longer necessary gcc12-d-workaround.patch ++++ perl-Bootloader: - merge gh#openSUSE/perl-bootloader#139 - fix sysconfig parsing (bsc#1198828) - 0.939 ++++ samba: - Update to 4.15.7 * Share and server swapped in smbget password prompt; (bso#14831); * Durable handles won't reconnect if the leased file is written to; (bso#15022); * rmdir silently fails if directory contains unreadable files and hide unreadable is yes; (bso#15023); * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle; (bso#15038); * vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback; (bso#14957); * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; (bso#15035); * PAM Kerberos authentication incorrectly fails with a clock skew error; (bso#15046); * username map - samba erroneously applies unix group memberships to user account entries; (bso#15041); * NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES in SMBC_server_internal; (bso#14983); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Crash of winbind on RODC; (bso#14641); * uncached logon on RODC always fails once; (bso#14865); * KVNO off by 100000; (bso#14951); * LDAP simple binds should honour "old password allowed period"; (bso#15001); * wbinfo -a doesn't work reliable with upn names; (bso#15003); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027); * Regression: create krb5 conf = yes doesn't work with a single KDC; (bso#15016); - Add provides to samba-client-libs package to fix upgrades from previous versions; (bsc#1197995); ------------------------------------------------------------------ ------------------ 2022-4-26 - Apr 26 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: cleanup only - commit 41987a6 ++++ permissions: - Update to version 20201225: * backport of apptainer whitelisting (bsc#1196145, bsc#1198720) ------------------------------------------------------------------ ------------------ 2022-4-25 - Apr 25 2022 ------------------- ------------------------------------------------------------------ ++++ glibc: - Add s390-add-z16-name.diff for bsc#1198751. ++++ kernel-default: - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - commit 364f54b - Update patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch (bsc#1196018 CVE-2022-28748). added CVE number - commit 8cafecb - random: check for signal_pending() outside of need_resched() check (git-fixes). - Refresh patches.suse/0001-char-random-wire-up-userspace-interface-to-SP800-90B.patch. - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - commit 50fb6ca ++++ python-contextvars: - Add the package to SUSE Linux Enterprise 15 (jsc#SLE-24404) ++++ python-immutables: - Add the package to SUSE Linux Enterprise 15 (jsc#SLE-24404) ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#588 - support leap port of armv7hl (bsc#1198302) - 16.57.20 ++++ yast2-trans: - Update to version 84.87.20220422.7945491fb3: * Translated using Weblate (Russian) * Translated using Weblate (Korean) * New POT for text domain 'storage'. * Translated using Weblate (Russian) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) ------------------------------------------------------------------ ------------------ 2022-4-24 - Apr 24 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - commit f70a9a5 ------------------------------------------------------------------ ------------------ 2022-4-23 - Apr 23 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - io_uring: terminate manual loop iterator loop correctly for non-vecs (git-fixes). - io_uring: add a schedule point in io_add_buffers() (git-fixes). - commit 52b6651 - ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: add mapping for MSI MAG X570S Torpedo MAX (git-fixes). - commit df91c32 - arm64: mm: fix p?d_leaf() (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: rk817: Use devm_clk_get() in rk817_platform_probe (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - ASoC: topology: Correct error handling in soc_tplg_dapm_widget_create() (git-fixes). - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ALSA: hda/i915: Fix one too many pci_dev_put() (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - sound/oss/dmasound: fix 'dmasound_setup' defined but not used (git-fixes). - commit 9d80194 ------------------------------------------------------------------ ------------------ 2022-4-22 - Apr 22 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit-podman: - Remove translate-toolkit which is not available in SLE ++++ curl: - Security fix: [bsc#1198766, CVE-2022-27776] * Auth/cookie leak on redirect * Add curl-CVE-2022-27776.patch - Security fix: [bsc#1198723, CVE-2022-27775] * Bad local IPv6 connection reuse * Add curl-CVE-2022-27775.patch - Security fix: [bsc#1198608, CVE-2022-27774] * Credential leak on redirect * Add curl-CVE-2022-27774.patch * Disable test 1568, which is broken by upstream patch. - Add curl-CVE-2022-27774-disabletest-1568.patch - Security fix: [bsc#1198614, CVE-2022-22576] * OAUTH2 bearer bypass in connection re-use * Add curl-CVE-2022-22576.patch ++++ kernel-default: - netfilter: nf_tables: initialize registers in nft_do_chain() (CVE-2022-1016 bsc#1197227). - commit f4b3822 - netfilter: nf_tables: validate registers coming from userspace (CVE-2022-1015 bsc#1197227). - commit 0aabb62 - mm: vmalloc: introduce array allocation functions (bsc#1198110). - commit dbcab11 - mm: use vmalloc_array and vcalloc for array allocations (bsc#1198110). - commit 4993f07 - use jobs not processors in the constraints jobs is the number of vcpus available to the build, while processors is the total processor count of the machine the VM is running on. - commit a6e141d - KVM: use __vcalloc for very large allocations (bsc#1198110). - commit 525fc7a - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - commit 4ca374b - net: netvsc: remove break after return (git-fixes). - commit 60b2404 - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - commit 8963c13 - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - commit 56f520a - net: mana: Reuse XDP dropped page (bsc#1195651). - commit 5137284 - net: mana: Add counter for XDP_TX (bsc#1195651). - commit 6a2ff8f - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - commit 25e80a8 - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - commit abeccbd - hv_balloon: rate-limit "Unhandled message" warning (git-fixes). - commit f0e08f0 - drivers: hv: log when enabling crash_kexec_post_notifiers (git-fixes). - commit 136ee4c - hv_utils: Add comment about max VMbus packet size in VSS driver (git-fixes). - commit 6b202b9 - Drivers: hv: Compare cpumasks and not their weights in init_vp_index() (git-fixes). - commit 30aeb52 - Drivers: hv: Rename 'alloced' to 'allocated' (git-fixes). - commit 566f23a - Drivers: hv: vmbus: Use struct_size() helper in kmalloc() (git-fixes). - commit 92b3ee9 - bpf: selftests: adapt bpf_iter_task_vma to get_inode_dev() (bsc#927455 bsc#1198585). - commit 4b86303 - drm/i915/display/psr: Unset enable_psr2_sel_fetch if other checks in intel_psr2_config_valid() fails (git-fixes). - dmaengine: idxd: skip clearing device context when device is read-only (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: dw-edma: Fix unaligned 64bit access (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dmaengine: idxd: fix device cleanup on disable (git-fixes). - doc/ip-sysctl: add bc_forwarding (git-fixes). - can: isotp: stop timeout monitoring when no first frame was sent (git-fixes). - e1000e: Fix possible overflow in LTR decoding (git-fixes). - commit 194abd1 ++++ libtirpc: - check for nullpointer in check_address (bsc#1198176) update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch ++++ openssh: - Add openssh-do-not-send-empty-message.patch: Prevent empty messages from being sent. This avoids a superfluous new line (bsc#1192439). ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#590 - use parse-zdev.sh from s390-tools for device activation (bsc#1198326) - 16.57.19 ------------------------------------------------------------------ ------------------ 2022-4-21 - Apr 21 2022 ------------------- ------------------------------------------------------------------ ++++ grub2: - Fix Power10 LPAR error "The partition fails to activate as partition went into invalid state" (bsc#1198714) * 0001-powerpc-do-CAS-in-a-more-compatible-way.patch ++++ branding-openSUSE: - Skip *.tr files in /etc/bootsplash/themes/openSUSE/bootloader ++++ kernel-default: - Revert "iavf: Fix deadlock occurrence during resetting VF interface" (jsc#SLE-18385). - veth: Ensure eth header is in skb's linear part (git-fixes). - uapi/linux/stddef.h: Add include guards (jsc#SLE-18978). - qede: confirm skb is allocated before using (git-fixes). - ice: clear cmd_type_offset_bsz for TX rings (jsc#SLE-18375). - ice: xsk: fix VSI state check in ice_xsk_wakeup() (git-fixes). - ice: synchronize_rcu() when terminating rings (git-fixes). - net: sfc: fix using uninitialized xdp tx_queue (git-fixes). - sfc: Do not free an empty page_ring (git-fixes). - bnxt_en: Prevent XDP redirect from running when stopping TX queue (git-fixes). - bnxt_en: reserve space inside receive page for skb_shared_info (git-fixes). - bnxt_en: Synchronize tx when xdp redirects happen on same ring (git-fixes). - qed: fix ethtool register dump (jsc#SLE-19001). - ice: Clear default forwarding VSI during VSI release (git-fixes). - skbuff: fix coalescing for page_pool fragment recycling (bsc#1190336). - net: sfc: add missing xdp queue reinitialization (git-fixes). - RDMA/rxe: Fix ref error in rxe_av.c (jsc#SLE-19249). - Revert "RDMA/core: Fix ib_qp_usecnt_dec() called when error" (jsc#SLE-19249). - RDMA/rxe: Change variable and function argument to proper type (jsc#SLE-19249). - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (git-fixes). - ionic: catch transition back to RUNNING with fw_generation 0 (git-fixes). - commit f0e50a2 - KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (bsc#1193823). - commit 5a9f922 - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660). - commit c813453 - nl80211: correctly check NL80211_ATTR_REG_ALPHA2 size (git-fixes). - spi: cadence-quadspi: fix protocol setup for non-1-1-X operations (git-fixes). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - net: axienet: setup mdio unconditionally (git-fixes). - soc: qcom: aoss: Fix missing put_device call in qmp_get (git-fixes). - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (git-fixes). - soc: qcom: aoss: Expose send for generic usecase (git-fixes). - ACPI: processor idle: Allow playing dead in C3 state (git-fixes). - commit 7969c20 - drm/amdgpu: Enable gfxoff quirk on MacBook Pro (git-fixes). - drm/amd/display: don't ignore alpha property on pre-multiplied mode (git-fixes). - arm64: alternatives: mark patch_alternative() as `noinstr` (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: Revert FEC check in validation (git-fixes). - drm/amd/display: Enable power gating before init_pipes (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdgpu/vcn: improve vcn dpg stop procedure (git-fixes). - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amd/display: Update VTEM Infopacket definition (git-fixes). - drm/amd/display: FEC check in timing validation (git-fixes). - drm/amd/display: fix audio format not updated after edid updated (git-fixes). - drm/amd/display: Fix p-state allow debug index on dcn31 (git-fixes). - drm/amdgpu: conduct a proper cleanup of PDB bo (git-fixes). - drm/amd: Add USBC connector ID (git-fixes). - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - drm/amd/display: Add pstate verification and recovery for DCN31 (git-fixes). - commit e33589b ++++ openssl-1_1: - FIPS: add bsc1185319-FIPS-KAT-for-ECDSA.patch * Known answer test for ECDSA * bsc#1185319 - FIPS: add bsc1198207-FIPS-add-hash_hmac-drbg-kat.patch * Enable tests for Deterministic Random Bit Generator * bsc#1198207 - Bypass a regression test that fails in FIPS mode. * [openssl-1_1-shortcut-test_afalg_aes_cbc.patch] ++++ python-gobject: - Update to version 3.42.1: + Do not error out for unknown scopes. + gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4. + gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4. + Implement DynamicImporter.find_spec() to silence deprecation warning. + Some test/CI fixes. ++++ suse-build-key: - still ship the old ptf key (was not added to documentation by mistake). (bsc#1198504) ------------------------------------------------------------------ ------------------ 2022-4-20 - Apr 20 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - bfq: Do not let waker requests skip proper accounting (bsc#1184318). Refresh: patches.suse/bfq-Drop-pointless-unlock-lock-pair.patch patches.suse/bfq-Remove-pointless-bfq_init_rq-calls.patch - commit 4b6502a - Update patches.suse/powerpc-pseries-Fix-use-after-free-in-remove_phb_dyn.patch (bsc#1065729 bsc#1198660 ltc#197803). - commit 5963e52 - intel_idle: add core C6 optimization for SPR (bsc#1198602). - commit d6fb753 - intel_idle: add 'preferred_cstates' module argument (bsc#1198602). - commit 0bc7d2b - intel_idle: add SPR support (bsc#1198602). - commit 2bc31de - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: cadence-quadspi: fix incorrect supports_op() return value (git-fixes). - spi: spi-mtk-nor: initialize spi controller after resume (git-fixes). - commit aa5ea63 - Move upstreamed scsi lpfc patches into sorted section - commit 115220a ++++ policycoreutils: - Fix file list: package ru/man8/sepolgen.8 only in the devel package (was in devel and main). ++++ raspberrypi-firmware-dt: - Switch back to platform driver until upstream gain support for VEC clock in clk-raspberrypi driver. Add following patch to fix immediate issue described in bsc#1198061. Revert-dt-Move-VEC-clock-to-clk-raspberrypi.patch ++++ suseconnect-ng: - Update to version 0.0.8~git2.368ea44: * go1.18 compatibility: BuildRequires:git ------------------------------------------------------------------ ------------------ 2022-4-19 - Apr 19 2022 ------------------- ------------------------------------------------------------------ ++++ hwdata: - Update to version 0.358 (bsc#1196332): + Updated pci, usb and vendor ids. ++++ kernel-default: - Move upstreamed patches into sorted section - commit e93d073 - SCSI: iscsi: fix iscsi_endpoint changes (bsc#1197685). - SCSI: iscsi: fix iscsi_cls_conn changes (bsc#1197685). - scsi: qedi: Fix failed disconnect handling (bsc#1197685). - scsi: iscsi: Fix NOP handling during conn recovery (bsc#1197685). - scsi: iscsi: Fix unbound endpoint error handling (bsc#1197685). - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart (bsc#1197685). - scsi: iscsi: Fix endpoint reuse regression (bsc#1197685). - scsi: iscsi: Release endpoint ID when its freed (bsc#1197685). - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (bsc#1197685). - scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1197685). - commit d5cdaca - Sorted using series_sort.py Since sequence_patch required it. - commit 6bf7976 - drm/msm/a6xx: Fix missing ARRAY_SIZE() check (git-fixes). - commit 15c93ee - gpu: host1x: Fix a memory leak in 'host1x_remove()' (git-fixes). - commit e524b28 - Refresh patches.suse/drm-amd-Check-if-ASPM-is-enabled-from-PCIe-subsystem.patch. Alt-commit - commit 624f694 - mm/vmalloc: fix comments about vmap_area struct (git-fixes). - commit fe97565 - Refresh patches.suse/drm-amd-pm-correct-the-sequence-of-sending-gpu-reset.patch. Alt-commit - commit b60107a - Refresh patches.suse/drm-amd-pm-fix-hwmon-node-of-power1_label-create-iss.patch. Alt-commit - commit b1b4026 - Refresh patches.suse/drm-amd-avoid-suspend-on-dGPUs-w-s2idle-support-when.patch. Alt-commit - commit 37b6b68 - Refresh patches.suse/drm-amd-display-dc-calcs-dce_calcs-Fix-a-memleak-in-.patch. Alt-commit - commit 47a3604 - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes). - commit 7e940eb - drm/amd: Check if ASPM is enabled from PCIe subsystem (git-fixes). - commit 2931008 - drm/amdkfd: remove unused function (git-fixes). - commit dc0eb04 - Refresh patches.suse/drm-amd-display-Set-optimize_pwr_state-for-DCN31.patch. Alt-commit - commit 8cb9616 - Refresh patches.suse/drm-amd-display-Send-s0i2_rdy-in-stream_count-0-opti.patch. Alt-commit - commit fba46ba - drm/tegra: Add back arm_iommu_detach_device() (git-fixes). - commit b76c062 - Refresh patches.suse/drm-amd-display-Set-exit_optimized_pwr_state-for-DCN.patch. Alt-commit - commit df22983 - Refresh patches.suse/drm-vc4-kms-Wait-for-the-commit-before-increasing-ou.patch. Alt-commit - commit 0448552 - Refresh patches.suse/drm-i915-fb-Fix-rounding-error-in-subsampled-plane-s.patch. Alt-commit - commit 7fc481a - Refresh patches.suse/drm-i915-hdmi-Turn-DP-TMDS-output-buffers-back-on-in.patch. Alt-commit - commit 2f0d2ce - Update patches.suse/RDMA-rtrs-clt-Fix-possible-double-free-in-error-case.patch (bsc#1198515 CVE-2022-29156). Added CVE reference. - commit 97b74da - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - memory: renesas-rpc-if: fix platform-device leak in error path (git-fixes). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes). - dma-direct: avoid redundant memory sync for swiotlb (git-fixes). - memory: mtk-smi: Add error handle for smi_probe (git-fixes). - commit 42f88a5 ++++ gcc12: - Bump to b85abacd902813daec5e44b97f275eb88caaf715, git192607. ++++ libglvnd: - provide/obsolete Mesa-libGLESv1_CM1 and Mesa-libGLESv2-2 packages (bsc#1196576) ++++ ceph: - Update to 16.2.7-969-g6195a460d89 + (jsc#SES-2515) High-availability NFS export ++++ systemd: - Import commit 2bc0b2c447319a9156e7c5a18fe971f946554a6b 6256b14446 test: adapt install_pam() for openSUSE 3ea5b7e295 test: add test checking tmpfiles conf file precedence e63e641ee8 test tmpfiles: add a test for 'w+' b531758614 tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) ea98492c53 cryptsetup: fall back to traditional unlocking if any TPM2 operation fails - Move coredumpctl completion files into systemd-coredump sub-package. ++++ qemu: - enable aio=io_uring on all kvm architectures (bsc#1197699) ++++ yast2-trans: - Update to version 84.87.20220419.0c85b52778: * New POT for text domain 'migration_sle'. * New POT for text domain 'hana-update'. * New POT for text domain 'firstboot'. * New POT for text domain 'control'. * New POT for text domain 'cc-control'. * Fixed control.xml translations * Fixed control.xml translations * Fixed control.xml translations * Translated using Weblate (Finnish) ------------------------------------------------------------------ ------------------ 2022-4-18 - Apr 18 2022 ------------------- ------------------------------------------------------------------ ++++ yast2-trans: - Update to version 84.87.20220415.000649bca9: * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Slovak) * Translated using Weblate (Russian) * Fixed messages extracted from XML files * Fixed messages extracted from XML files * Translated using Weblate (Slovak) * Fixed messages extracted from XML files * Fixed messages extracted from XML files * Fixed messages extracted from XML files * Fixed translations * Fixed translations * Fixed messages extracted from XML files * Fixed firstboot translations * New POT for text domain 'iscsi-client'. * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'firstboot'. ------------------------------------------------------------------ ------------------ 2022-4-16 - Apr 16 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - update zgrep-profile-mr870.diff to allow executing 'expr' (boo#1198531) ++++ libapparmor: - update zgrep-profile-mr870.diff to allow executing 'expr' (boo#1198531) ------------------------------------------------------------------ ------------------ 2022-4-15 - Apr 15 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - commit 1c4d1b6 - drm/msm/dp: add fail safe mode outside of event_mutex context (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/msm: Fix range size vs end confusion (git-fixes). - drm/msm: Add missing put_task_struct() in debugfs path (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - macvlan: Fix leaking skb in source mode with nodst option (git-fixes). - net: mdio: don't defer probe forever if PHY IRQ provider is missing (git-fixes). - commit 5f385f4 - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - commit 7a30bc1 - ALSA: core: Add snd_card_free_on_error() helper (git-fixes). - commit 001f843 - ALSA: hda/realtek: add quirk for Lenovo Thinkpad X12 speakers (git-fixes). - ALSA: pcm: Test for "silence" field in struct "pcm_format_data" (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: hda: intel-dsp-config: update AlderLake PCI IDs (git-fixes). - sound/oss/dmasound: fix build when drivers are mixed =y/=m (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: hda/i915 - skip acomp init if no matching display (git-fixes). - commit e05cfa3 ------------------------------------------------------------------ ------------------ 2022-4-14 - Apr 14 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Modify NetworkManager.spec: Split into a few small subpackages (bsc#1198128). ++++ cloud-regionsrv-client: - Update to version 10.0.3 (bsc#1198389) - Descend into the extension tree even if top level module is recommended - Cache license state for AHB support to detect type switch - Properly clean suse.com credentials when switching from SCC to update infrastructure - New log message to indicate base product registration success ++++ containerd: - Update to containerd v1.5.11 to fix CVE-2022-24769. bsc#1197517 ++++ docker: - Update to Docker 20.10.14-ce. See upstream changelog online at . bsc#1197517 CVE-2022-24769 ++++ jeos-firstboot: - Update to version 1.2.0: * Make use of SPDX identifiers * Read dialog output into a variable directly * Drop broken error handling for dialog * Fix dialog asking about wicked network reconfiguration * Start nmtui in jeos-firstboot if no active connection could be detected * Load network modules dynamically * Only list applicable modules in jeos-config * Convert network configuration to a module * Fix size of the "No root password set" dialog ++++ kernel-default: - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() (git-fixes). - staging: wfx: fix an error handling in wfx_init_common() (git-fixes). - staging: vchiq_core: handle NULL result of find_service_by_handle (git-fixes). - staging: vchiq_arm: Avoid NULL ptr deref in vchiq_dump_platform_instances (git-fixes). - virtio_console: eliminate anonymous module_init & module_exit (git-fixes). - phy: amlogic: meson8b-usb2: fix shared reset control use (git-fixes). - phy: amlogic: meson8b-usb2: Use dev_err_probe() (git-fixes). - phy: amlogic: phy-meson-gxl-usb2: fix shared reset controller use (git-fixes). - habanalabs: fix possible memory leak in MMU DR fini (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm (git-fixes). - usb: dwc3: pci: Set the swnode from inside dwc3_pci_quirks() (git-fixes). - usb: ehci: add pci device support for Aspeed platforms (git-fixes). - usb: cdnsp: fix cdnsp_decode_trb function to properly handle ret value (git-fixes). - usb: gadget: tegra-xudc: Fix control endpoint's definitions (git-fixes). - usb: gadget: tegra-xudc: Do not program SPARAM (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - PCI: endpoint: Fix misused goto label (git-fixes). - PCI: endpoint: Fix alignment fault error in copy tests (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - init/main.c: return 1 from handled __setup() functions (git-fixes). - mt76: fix monitor mode crash with sdio driver (git-fixes). - mt76: mt7615: Fix assigning negative values to unsigned variable (git-fixes). - mt76: mt7915: fix injected MPDU transmission to not use HW A-MSDU (git-fixes). - iwlwifi: mvm: move only to an enabled channel (git-fixes). - iwlwifi: mvm: Correctly set fragmented EBS (git-fixes). - mt76: dma: initialize skip_unmap in mt76_dma_rx_fill (git-fixes). - mt76: mt7921: fix crash when startup fails (git-fixes). - commit c050331 - arm64: Add part number for Arm Cortex-A78AE (git-fixes). - drm/amdkfd: Create file descriptor after client is added to smi_clients list (git-fixes). - drm/amdgpu/vcn: Fix the register setting for vcn1 (git-fixes). - dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error" (git-fixes). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: ti: Preserve node in ti_dt_clocks_register() (git-fixes). - clk: rockchip: drop CLK_SET_RATE_PARENT from dclk_vop* on rk3568 (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - drm/msm/dsi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/bridge: Add missing pm_runtime_put_sync (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdkfd: Don't take process mutex for svm ioctls (git-fixes). - drm/amd/display: Use PSR version selected during set_psr_caps (git-fixes). - drm/amd/display: Fix memory leak (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd/display: Add signal type check when verify stream backends same (git-fixes). - drm: Add orientation quirk for GPD Win Max (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - ath11k: mhi: use mhi_sync_power_up() (git-fixes). - ath11k: pci: fix crash on suspend if board file is not found (git-fixes). - ath11k: fix kernel panic during unload/load ath11k modules (git-fixes). - can: etas_es58x: es58x_fd_rx_event_msg(): initialize rx_event_msg before calling es58x_check_msg_len() (git-fixes). - can: isotp: set default value for N_As to 50 micro seconds (git-fixes). - Bluetooth: use memset avoid memory leaks (git-fixes). - Bluetooth: Fix not checking for valid hdev on bt_dev_{info,warn,err,dbg} (git-fixes). - cfg80211: don't add non transmitted BSS to 6GHz scanned channels (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - commit b3a4420 ++++ multipath-tools: - Update to version 0.8.9+42+suse.45974f11: * Logging improvements * Fix busy loop with delayed_reconfigure (bsc#1199342) * multipathd: use remove_map_callback for delayed reconfigure * multipathd: Don't keep starting TUR threads, if they always hang. (bsc#1199345) * Fix handling of path addition in read-only arrays on NVMe * Updates of built-in hardware database - Update to upstream 0.8.9 * libmultipath: only warn once about unsupported dev_loss_tmo * Otherwise code-identical to 0.8.8+64 ++++ libgcrypt: - FIPS: extend the service indicator [bsc#1190700] * introduced a pk indicator function * adapted the approved and non approved ciphersuites * Add libgcrypt_indicators_changes.patch * Add libgcrypt-indicate-shake.patch ++++ openldap2: - bsc#1191157 - Correct version specification in ppolicy to allow submission to SP3 for TLS1.3 ------------------------------------------------------------------ ------------------ 2022-4-13 - Apr 13 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon which now will spawn new additional services on demand. We need to modify the existing smbd/winbind profiles and additionally add a new set of profiles to cater for the new functionality; (bnc#1198309); ++++ hwinfo: - merge gh#openSUSE/hwinfo#112 - fix bug in determining serial console device name (bsc#1198043) - 21.81 ++++ kernel-default: - PCI: hv: Remove unused hv_set_msi_entry_from_desc() (bsc#1198228). - commit b61cd71 - hv_netvsc: Add check for kvmalloc_array (git-fixes). - commit cf67f52 - drm/vc4: hdmi: Fix HPD GPIO detection (git-fixes). - commit ee70023 - x86/platform/uv: Log gap hole end size (bsc#1198417). - commit 8618bf4 - drm/amdgpu: Drop inline from amdgpu_ras_eeprom_max_record_count (git-fixes). - commit 7eb114d - x86/platform/uv: Update TSC sync state for UV5 (bsc#1198417). - commit 3d0fd26 - x86/platform/uv: Update NMI Handler for UV5 (bsc#1198417). - commit 76ba15c - powerpc/numa: Handle partially initialized numa nodes (bsc#1197658). - commit 061e1c6 - media: rockchip/rga: do proper error checking in probe (git-fixes). - commit e57e042 ++++ kexec-tools: - kexec-tools-print-error-if-kexec_file_load-fails.patch: print error if kexec_file_load fails (bsc#1197176). ++++ libapparmor: - Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon which now will spawn new additional services on demand. We need to modify the existing smbd/winbind profiles and additionally add a new set of profiles to cater for the new functionality; (bnc#1198309); ++++ mozilla-nss: - Add nss-fips-pbkdf-kat-compliance.patch (bsc#1192079). This makes the PBKDF known answer test compliant with NIST SP800-132. ++++ libpsl: - fix [bsc#1197771] - FTBFS: libpsl won't compile on SP4 - added patches https://github.com/rockdaboot/libpsl/commit/f364cea73e351ce62e0b337fd1fbc21e70b52d56 + libpsl-fix-test-data.patch ++++ rust-keylime: - Update to version 0.1.0+git.1649449492.59856c2: * errors_handler: Add handler for 404 error * errors_handler: Add tests for error handlers * main: Add handler for actix request parsing errors * main: Add default handlers for each scope * main: Use actix middleware to log requests * common: Change status code type from u32 to u16 * common: Use trait ToString for status on JsonWrapper::error * quotes_handler: Add used measured boot path to warning message * common: Rename JsonWrapper::new as JsonWrapper::success * Generalize error JSON wrapping * main: Use scopes to organize API * Use JSON wrapper on error responses * quotes_handler: Simplify integrity quote structures * quotes_handler: Improve query parameters parsing * quotes_handler: Add missing log messages * keys_handler: Add API to verify derived key * keys_handler: Remove workaround for missing JSON Content-Type * keys_handler: Fix test for 256-bits keys * Use shared JSON wrapper for HTTP responses * ima: Avoid using unwrap() or panic!() * Apply changes suggested by cargo fmt and cargo clippy * ima: Read IMA measurement list begining at n-th entry. * ima: Get ima_ml_entry from HTTP request * version_handler: Introduce /version REST endpoint (#313) * main: Do not error if payload_script is not found * Remove revocation actions naming restriction * Revert API version to 2.0 * Set working directory via KEYLIME_DIR env variable ++++ suseconnect-ng: - Update to version 0.0.8~git0.16545bf: * Allow reloading CA certs pool (bsc#1195220) ++++ wicked: - version 0.6.69 - redfish: decode smbios and setup host interface Add initial support to decode the SMBIOS Management Controller Host Interface (Type 42) structure and expose it as wicked `firmware:redfish` configuration to setup a Host Network Interface (to the BMC) using the `Redfish over IP` protocol allowing access to the Redfish Service (via redfish-localhost in /etc/hosts) used to manage the computer system. Tech Preview (jsc#SLE-17762). - buffer: fix size_t length downcast to uint, add guards to init functions - wireless: fix to not expect colons in 64byte long wpa-psk hex hash string - xml-schema: reference counting fix to not crash at exit on schema errors - compat-suse: match sysctl.d /etc vs. /run read order with systemd-sysctl, remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5. - compat-suse: fix reading of sysctl addr_gen_mode to wrong variable - auto6: fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429) - removed obsolete patch included in the master sources (bsc#1194392) [- 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch] ------------------------------------------------------------------ ------------------ 2022-4-12 - Apr 12 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update patches.suse/x86-pm-save-the-msr-validity-status-at-context-setup.patch (bsc#1198400). - Update patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch (bsc#1198400). - commit bd2ea09 - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - commit 93194fb - ipc/sem: do not sleep with a spin lock held (bsc#1198412). - commit 3ba588c - blacklist.conf: Add 460a79e18842 mm/memcontrol: return 1 from cgroup.memory __setup() handler - commit 8e485bf - mm: memcg: synchronize objcg lists with a dedicated spinlock (bsc#1198402). - commit fdeab39 - ucounts: Enforce RLIMIT_NPROC not RLIMIT_NPROC+1 (bsc#1194191). - commit ade0b01 - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes). - commit f7beadf - Update patch references of drm fixes (CVE-2022-1280 bsc#1197914) - commit 3e03d02 - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (bsc#1198330 CVE-2022-28893). - commit d2a1b78 - nfsd: Replace use of rwsem with errseq_t (bsc#1196960). - commit b9035c0 - powerpc/mce: Modify the real address error logging messages (jsc#SLE-18194). - selftests/powerpc: Add test for real address error handling (jsc#SLE-18194). - powerpc/pseries: Parse control memory access error (jsc#SLE-18194). - commit 5eae731 - vsprintf: Fix potential unaligned access (bsc#1198379). - commit 91a2f17 ++++ podman: - Require catatonit >= 0.1.7 for pause functionality needed by pods ++++ salt: - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533) - Prevent data pollution between actions proceesed at the same time (bsc#1197637) - Added: * fix-regression-with-depending-client.ssh-on-psutil-b.patch * prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch ++++ shim: - use common SBAT values (boo#1193282) ------------------------------------------------------------------ ------------------ 2022-4-11 - Apr 11 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - Add samba_deny_net_admin.patch to add new rule to deny noisy setsockopt calls from systemd; (bnc#1196850). ++++ audit-secondary: - Drop buildrequire on C++ compiler. - Modernize specfile constructs. ++++ catatonit: - Update to catatont v0.1.7 - This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). ++++ kernel-default: - perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (bsc#1197304). - commit 7f08b1b - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - scsi: mpt3sas: Fix incorrect 4GB boundary check (git-fixes). - scsi: scsi_transport_fc: Fix FPIN Link Integrity statistics counters (git-fixes). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: qedi: Fix ABBA deadlock in qedi_process_tmf_resp() and qedi_process_cmd_cleanup_resp() (git-fixes). - scsi: elx: efct: Don't use GFP_KERNEL under spin lock (git-fixes). - commit 1cd7361 - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (bsc#1198228). - Drivers: hv: balloon: Disable balloon and hot-add accordingly (bsc#1198228). - Drivers: hv: balloon: Support status report for larger page sizes (bsc#1198228). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (bsc#1198228). - PCI: hv: Propagate coherence from VMbus device to PCI device (bsc#1198228). - Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (bsc#1198228). - Drivers: hv: vmbus: Fix initialization of device object in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests (bsc#1183682). - PCI: hv: Avoid the retarget interrupt hypercall in irq_unmask() on ARM64 (bsc#1198228). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - commit 0c3a755 - additional reference for arm64 erratum 1418040 (bsc#1198228). - commit 7a1dfd5 - irqchip/gic, gic-v3: Prevent GSI to SGI translations (git-fixes). - irqchip/gic-v3: Fix GICR_CTLR.RWP polling (git-fixes). - irqchip/gic-v4: Wait for GICR_VPENDBASER.Dirty to clear before descheduling (git-fixes). - commit 53121f2 ++++ kernel-firmware: - Update to version 20220411 (git commit f219d616f42b): * mediatek: Add mt8192 SCP firmware * linux-firmware: Update AMD cpu microcode (CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, CVE-2021-26312, CVE-2021-26350, bsc#1199459) * nvidia: add GA102/GA103/GA104/GA106/GA107 signed firmware * brcm: rename Rock960 NVRAM to AP6356S and link devices to it * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * amdgpu: update green sardine VCN firmware * amdgpu: update renoir VCN firmware * amdgpu: update navi14 VCN firmware * amdgpu: update navi12 VCN firmware * amdgpu: update navi10 VCN firmware * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * rtw88: 8821c: Update normal firmware to v24.11.00 * ice: Add wireless edge file for Intel E800 series driver * ice: update ice DDP comms package to 1.3.31.0 * amdgpu: update PSP 13.0.8 firmware * amdgpu: update GC 10.3.7 firmware * rtl_bt: Add firmware and config files for RTL8852B - Update aliases ++++ libapparmor: - Add samba_deny_net_admin.patch to add new rule to deny noisy setsockopt calls from systemd; (bnc#1196850). ++++ audit: - Modernize specfile constructs. ++++ samba: - Add missing samba-libs requirement to samba-winbind package; (bsc#1198255); ++++ yast2-trans: - Update to version 84.87.20220410.9099c51b0c: * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * New POT for text domain 'users'. * Translated using Weblate (Ukrainian) * Translated using Weblate (German) * Translated using Weblate (Slovak) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'packager'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'base'. ------------------------------------------------------------------ ------------------ 2022-4-10 - Apr 10 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add profile for zgrep and xzgrep to prevent CVE-2022-1271 (zgrep-profile-mr870.diff) ++++ kernel-default: - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - USB: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: simple: add Nokia phone driver (git-fixes). - usb: typec: tipd: Forward plug orientation to typec subsystem (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit (git-fixes). - video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf() (git-fixes). - video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() (git-fixes). - video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: w100fb: Reset global state (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - commit c8b4e90 - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: core: add dma_map_dev for __spi_unmap_msg() (git-fixes). - regulator: atc260x: Fix missing active_discharge_on setting (git-fixes). - udmabuf: validate ubuf->pagecount (git-fixes). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - regulator: rpi-panel: Handle I2C errors/timing to the Atmel (git-fixes). - spi: Fix invalid sgs value (git-fixes). - commit 63be40f - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - staging: mt7621-dts: fix pinctrl-0 items to be size-1 items on ethernet (git-fixes). - staging: mt7621-dts: fix pinctrl properties for ethernet (git-fixes). - staging: mt7621-dts: fix formatting (git-fixes). - pinctrl: microchip-sgpio: lock RMW access (git-fixes). - PCI: fu740: Force 2.5GT/s for initial device probe (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - pinctrl: npcm: Fix broken references to chip->parent_device (git-fixes). - pinctrl: microchip sgpio: use reset driver (git-fixes). - commit 553891e - mmc: renesas_sdhi: don't overwrite TAP settings when HS400 tuning is complete (git-fixes). - mmc: core: Fixup support for writeback-cache for eMMC and SD (git-fixes). - mmc: block: Check for errors after write on SPI (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning" (git-fixes). - mei: avoid iterator usage outside of list_for_each_entry (git-fixes). - mei: me: add Alder Lake N device id (git-fixes). - mei: me: disable driver on the ign firmware (git-fixes). - mgag200 fix memmapsl configuration in GCTL6 register (git-fixes). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - commit c5b9dfd - media: atomisp: fix bad usage at error handling logic (git-fixes). - media: i2c: ov5648: Fix lockdep error (git-fixes). - media: gpio-ir-tx: fix transmit with long spaces on Orange Pi PC (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: imx-jpeg: fix a bug of accessing array out of bounds (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - media: atomisp: fix dummy_ptr check to avoid duplicate active_bo (git-fixes). - media: atomisp_gmin_platform: Add DMI quirk to not turn AXP ELDO2 regulator off on some boards (git-fixes). - media: iommu/mediatek: Add device_link between the consumer and the larb devices (git-fixes). - media: iommu/mediatek: Return ENODEV if the device is NULL (git-fixes). - commit ae662c1 - mailbox: imx: fix wakeup failure from freeze mode (git-fixes). - media: iommu/mediatek-v1: Free the existed fwspec if the master dev already has (git-fixes). - media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers (git-fixes). - media: ir_toy: free before error exiting (git-fixes). - media: atmel: atmel-isc-base: report frame sizes as full supported range (git-fixes). - media: staging: media: zoran: fix various V4L2 compliance errors (git-fixes). - media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com (git-fixes). - media: staging: media: zoran: move videodev alloc (git-fixes). - mac80211: Remove a couple of obsolete TODO (git-fixes). - commit 5f7ed73 - i2c: bcm2835: Fix the error handling in 'bcm2835_i2c_probe()' (git-fixes). - LSM: general protection fault in legacy_parse_param (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - irqchip/nvic: Release nvic_base upon failure (git-fixes). - irqchip/qcom-pdc: Fix broken locking (git-fixes). - Input: zinitix - do not report shadow fingers (git-fixes). - HID: Add support for open wheel and no attachment to T300 (git-fixes). - i2c: bcm2835: Use platform_get_irq() to get the interrupt (git-fixes). - hwrng: cavium - Check health status while reading random data (git-fixes). - commit fda3c99 - drm/nouveau/pmu: Add missing callbacks for Tegra devices (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu: don't use BACO for reset in S3 (git-fixes). - drm/imx: dw_hdmi-imx: Fix bailout in error cases of probe (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/imx: imx-ldb: Check for null pointer after calling kmemdup (git-fixes). - Revert "gpio: Revert regression in sysfs-gpio (gpiolib.c)" (git-fixes). - gpio: Revert regression in sysfs-gpio (gpiolib.c) (git-fixes). - HID: logitech-dj: add new lightspeed receiver id (git-fixes). - commit 77645db - drm/i915: Treat SAGV block time 0 as SAGV disabled (git-fixes). - commit 3fa84f4 - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/simpledrm: Add "panel orientation" property on non-upright mounted LCD panels (git-fixes). - drm/syncobj: flatten dma_fence_chains on transfer (git-fixes). - drm/nouveau/backlight: Just set all backlight types as RAW (git-fixes). - drm/meson: split out encoder from meson_dw_hdmi (git-fixes). - drm/meson: Make use of the helper function devm_platform_ioremap_resourcexxx() (git-fixes). - commit 8beb689 - Documentation: update stable tree link (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - crypto: hisilicon/sec - not need to enable sm4 extra mode at HW V3 (git-fixes). - crypto: xts - Add softdep on ecb (git-fixes). - crypto: hisilicon/qm - cleanup warning in qm_vf_read_qos (git-fixes). - clocksource/drivers/exynos_mct: Handle DTS with higher number of interrupts (git-fixes). - clocksource/drivers/exynos_mct: Refactor resources allocation (git-fixes). - dmaengine: idxd: check GENCAP config support for gencfg register (git-fixes). - commit 246144e - arm64: patch_text: Fixup last cpu should be master (git-fixes). - arm64: defconfig: build imx-sdma as a module (git-fixes). - ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe (git-fixes). - ASoC: Intel: sof_sdw: fix quirks for 2022 HP Spectre x360 13" (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: amd: vg: fix for pm resume callback sequence (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: madera: Add dependencies on MFD (git-fixes). - ASoC: SOF: Intel: match sdw version on link_slaves_found (git-fixes). - ASoC: mediatek: use of_device_get_match_data() (git-fixes). - commit 2873a81 - ARM: dts: bcm2711: Add the missing L1/L2 cache information (git-fixes). - ARM: dts: bcm2837: Add the missing L1/L2 cache information (git-fixes). - ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 (git-fixes). - ARM: dts: exynos: add missing HDMI supplies on SMDK5420 (git-fixes). - ARM: dts: exynos: add missing HDMI supplies on SMDK5250 (git-fixes). - ARM: tegra: tamonten: Fix I2C3 pad setting (git-fixes). - ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk (git-fixes). - arm64: mm: Drop 'const' from conditional arm64_dma_phys_limit definition (git-fixes). - arm64: Do not defer reserve_crashkernel() for platforms with no DMA memory zones (git-fixes). - arm64: module: remove (NOLOAD) from linker script (git-fixes). - commit 707bb46 - arch/arm64: Fix topology initialization for core scheduling (git-fixes). - ALSA: hda: Avoid unsol event during RPM suspending (git-fixes). - ARM: mmp: Fix failure to remove sram device (git-fixes). - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - Revert "ACPI: Pass the same capabilities to the _OSC regardless of the query flag" (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (git-fixes). - ARM: mstar: Select HAVE_ARM_ARCH_TIMER (git-fixes). - commit 402ae64 ++++ libapparmor: - add profile for zgrep and xzgrep to prevent CVE-2022-1271 (zgrep-profile-mr870.diff) ------------------------------------------------------------------ ------------------ 2022-4-9 - Apr 9 2022 ------------------- ------------------------------------------------------------------ ++++ yaml-cpp: - Fix CVE-2018-20573 The Scanner:EnsureTokensInQueue function in yaml-cpp allows remote attackers to cause DOS via a crafted YAML file (CVE-2018-20573, bsc#1121227) - Fix CVE-2018-20574 The SingleDocParser:HandleFlowMap function in yaml-cpp allows remote attackers to cause DOS via a crafted YAML file (CVE-2018-20574, bsc#1121230) - Fix CVE-2019-6285 The SingleDocParser::HandleFlowSequence function in cpp allows remote attackers to cause DOS via a crafted YAML file (CVE-2019-6285, bsc#1122004) - Fix CVE-2019-6292 An issue was discovered in singledocparser.cpp in yaml-cpp which cause DOS by stack consumption (CVE-2019-6292, bsc#1122021) - Added patch cve-2018-20574.patch ------------------------------------------------------------------ ------------------ 2022-4-8 - Apr 8 2022 ------------------- ------------------------------------------------------------------ ++++ ignition: - Use /bin/sh instead of /usr/bin/sh (for backwards compatibility with SLE Micro 5.1) [bsc#1196679] ++++ kernel-default: - livepatch: Don't block removal of patches that are safe to unload (bsc#1071995). - commit c6239c2 - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - commit 964a11d ++++ libnvme: - Update to version 1.0: * tree: Remove default port setting for TCP and RDMA ports * tree: add 'f_args' argument to pass user data to the filter function * tree: remove 'ctrl_get_ana_state()' * tree: add namespace path iterators * tree: filter out namespaces * tree: update nvme_scan_filter_t usage ++++ nvme-cli: - Update to version 2.0: * fabrics: Create persistent controller using unique subsystem NQN (bsc#1198243) * fabrics: Set KATO for discovery controller when connecting * fabrics: Do no modify default config for discovery controller * fabrics: Set default trsvcid ports for TCP and RDMA (bsc#1195858) * fabrics: Support connect even when no /etc/nvme/hostnqn file exists * nvme: update to nvme_scan_filter_t modifications (bsc#1195938) * plugins/intel: make 'buckets' a json array * plugins: Update WDC capabilities command with new commmands * plugins: Add OCP plugin ++++ release-notes-leap-micro: - Update to version 5.2.20220325: * Initial release of openSUSE Leap Micro 5.2 ------------------------------------------------------------------ ------------------ 2022-4-7 - Apr 7 2022 ------------------- ------------------------------------------------------------------ ++++ gzip: - Fix escaping of malicious filenames (CVE-2022-1271 bsc#1198062) * bsc1198062.patch * bsc1198062-2.patch ++++ kernel-default: - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (bsc#1197386 CVE-2022-0494). - commit b39e97b ++++ xz: - Fix ZDI-CAN-16587 Fix escaping of malicious filenames (ZDI-CAN-16587 bsc#1198062 CVE-2022-1271) * bsc1198062.patch ++++ perl-Bootloader: - merge gh#openSUSE/perl-bootloader#138 - grub2/install: reset error code when passing through recover code (bsc#1198197) - 0.938 ++++ podman: - Add patch to make buildah happy after selinux change: * 0001-Adjust-buildah-to-opencontainers-selinux-v1.10.1.patch - Add patch to fix starting containers on btrfs with SELinux (gh#opencontainers/selinux#172): * 0001-Relabel-relabel-links-instead-of-their-targets.patch - Add patch to fix starting containers as user service with systemd 250 (boo#1197672, gh#containers/podman#13731): * 0002-specgen-do-not-set-OOMScoreAdj-by-default.patch ++++ python-M2Crypto: - Add missing bug references to this changelog. ++++ yast2-trans: - Update to version 84.87.20220406.6a9f225e0e: * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * New POT for text domain 'autoinst'. * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Catalan) * Translated using Weblate (Vietnamese) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Spanish) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Spanish) * Translated using Weblate (Catalan) * New POT for text domain 'network'. * New POT for text domain 'country'. ------------------------------------------------------------------ ------------------ 2022-4-6 - Apr 6 2022 ------------------- ------------------------------------------------------------------ ++++ augeas: - add augeas-sysctl_parsing.patch (bsc#1197443) * backport original patch and rebase ++++ open-iscsi: - Updated to latest upstream, including bug fixes and cleanups. Changes included: * add handling name/value pairs for firmware login (bsc#1196113), including man page update for same * Fix bug where some package parts were installed using DESTDIR twice * general build cleanup (in prep for removing DB files from /etc/iscsi some day soon) Also, now delivering a "package config" file for libopeniscsiusr. ++++ kernel-default: - Split kABI fixup into a separate patch: - block: Fix up kabi after blkcg merge fix (bsc#1198020). - Refresh patches.suse/block-don-t-merge-across-cgroup-boundaries-if-blkcg-.patch. - commit 8147dd9 - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1190497). - commit cc68d33 - xen: fix is_xen_pmu() (git-fixes). - commit bdd8f73 - Revert "xen-netback: Check for hotplug-status existence before watching" (git-fixes). - commit 419da4f - Revert "xen-netback: remove 'hotplug-status' once it has served its purpose" (git-fixes). - commit 76e6147 - xen/blkfront: fix comment for need_copy (git-fixes). - commit fa11d3f - x86/pm: Save the MSR validity status at context setup (bsc#1190497). - commit 825429b - blacklist.conf: misattributed in upstream - commit ea7b484 - mt76: mt7915: use proper aid value in mt7915_mcu_wtbl_generic_tlv in sta mode (git-fixes). - commit 9d44a68 - blacklist.conf: breaks kABI for minor benefit - commit f4b6164 - ray_cs: Check ioremap return value (git-fixes). - commit a31a159 - blacklist.conf: cleanup not a fix, still breaking kABI - commit 4c935c8 - rtw88: Disable PCIe ASPM while doing NAPI poll on 8821CE (git-fixes). - commit 842f7c4 - blacklist.conf: kABI - commit aeb59e1 ++++ libeconf: - Update to version 0.4.5+git20220406.c9658f2: * econftool: * * New call "syntax" for checking the configuration files only. Returns an error string with line number if an error occurs. * * New options "--comment" and "--delimeters" * * Parsing one file only if needed. ++++ gcc12: - On SLE15 and later, use make -Oline to synchronize configure output by lines - Bump to 86242eb1bd03eba82d8e22b01b16925d43bcc539, git192423. Fixes aarch64 bootstrap issue (PR105144). ++++ ldb: - Update to version 2.4.2 + Fix for CVE-2021-3670, ensure that the LDB request has not timed out during filter processing as the LDAP server MaxQueryDuration is otherwise not honoured. ++++ yast2: - Show file conflict checking progress in delayed popup (bsc#1195608) PR: https://github.com/yast/yast-yast2/pull/1250 - 4.4.48 ------------------------------------------------------------------ ------------------ 2022-4-5 - Apr 5 2022 ------------------- ------------------------------------------------------------------ ++++ cups: - SUSE_bsc_1189517.patch is https://github.com/apple/cups/commit/821b3cc956d46b811facd50986acc9f24f0e1c79 which belongs to https://github.com/apple/cups/issues/5288 that fixes bsc#1189517 "cups printservice takes much longer than before with a big number of printers" see in particular https://github.com/apple/cups/issues/5288#issuecomment-921626381 - SUSE_bsc_1195115.patch is https://github.com/apple/cups/commit/ba9d68cc7467a7a47ef219071902b9e9eb6dbc44 which belongs to https://github.com/apple/cups/issues/5538 that fixes bsc#1195115 "CUPS PreserveJobHistory doesn't work with seconds" ++++ dnsmasq: - bsc#1197872, CVE-2022-0934, dnsmasq-CVE-2022-0934.patch: Heap use after free in dhcp6_no_relay ++++ dracut: - Update to version 055+suse.248.g92d06110: * fix(resume): correct call to block_is_netdevice function (bsc#1197737) * chore(suse): remove fipscheck requirement (bsc#1198065) ++++ ignition: - ignition-mount-initrd-fstab.service: - Don't ignore errors in loops - Unmount mount points recursively - a new submount may have appeared - Split umount part into own service file: - ignition-umount-initrd-fstab.service: - Unmounts the additional mounts as soon as they are not required for Ignition any more; the ExecStop operation is running quite late in initrd and may unmount essential mount points flagged with "x-initrd.mount" (e.g. when storing /usr on a separate mount point). In theory this will also affect Ignition itself, but it hasn't been reported as a problem so far. ++++ kernel-default: - net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware (git-fixes). - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes). - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes). - ice: xsk: Fix indexing in ice_tx_xsk_pool() (jsc#SLE-18375). - xsk: Do not write NULL in SW ring at allocation failure (jsc#SLE-18375). - qlcnic: dcb: default to returning -EOPNOTSUPP (git-fixes). - net: hns3: fix phy can not link up when autoneg off and reset (git-fixes). - net: hns3: add NULL pointer check for hns3_set/get_ringparam() (git-fixes). - net: hns3: refine the process when PF set VF VLAN (git-fixes). - net: hns3: add vlan list lock to protect vlan list (git-fixes). - net: hns3: fix port base vlan add fail when concurrent with reset (git-fixes). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (git-fixes). - RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit() (jsc#SLE-19249). - RDMA/core: Fix ib_qp_usecnt_dec() called when error (jsc#SLE-19249). - ice: don't allow to run ice_send_event_to_aux() in atomic ctx (git-fixes). - drivers: net: xgene: Fix regression in CRC stripping (git-fixes). - qed: display VF trust config (git-fixes). - i40e: remove dead stores on XSK hotpath (jsc#SLE-18378). - igb: refactor XDP registration (git-fixes). - igc: avoid kernel warning when changing RX ring parameters (git-fixes). - ixgbe: respect metadata on XSK Rx to skb (git-fixes). - ixgbe: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - igc: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - ice: respect metadata on XSK Rx to skb (git-fixes). - ice: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - i40e: respect metadata on XSK Rx to skb (git-fixes). - i40e: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - ionic: replace set_vf data with union (git-fixes). - ionic: stretch heartbeat detection (git-fixes). - ionic: remove the dbid_inuse bitmap (git-fixes). - ionic: disable napi when ionic_lif_init() fails (git-fixes). - ionic: Cleanups in the Tx hotpath code (git-fixes). - ionic: Prevent filter add/del err msgs when the device is not available (git-fixes). - ionic: Query FW when getting VF info via ndo_get_vf_config (git-fixes). - ionic: Allow flexibility for error reporting on dev commands (git-fixes). - ionic: Correctly print AQ errors if completions aren't received (git-fixes). - ionic: fix up printing of timeout error (git-fixes). - ionic: better handling of RESET event (git-fixes). - ionic: add FW_STOPPING state (git-fixes). - ionic: Don't send reset commands if FW isn't running (git-fixes). - ionic: start watchdog after all is setup (git-fixes). - ionic: fix type complaint in ionic_dev_cmd_clean() (git-fixes). - commit 2f5db63 - btrfs: add missing run of delayed items after unlink during log replay (bsc#1197915). - commit 5766155 - btrfs: fix lost prealloc extents beyond eof after full fsync (bsc#1197915). - commit 4e37660 - cifs: fix bad fids sent over wire (bsc#1197157). - commit b21504e - cifs: do not skip link targets when an I/O fails (bsc#1194625). - commit 7c93536 - drm: use the lookup lock in drm_is_current_master (git-fixes). - drm: add a locked version of drm_is_current_master (git-fixes). - drm: avoid circular locks in drm_mode_getconnector (git-fixes). - commit 425221a - blacklist.conf: Blacklist edb0872f44ec - commit 7354a4a - blacklist.conf: Add reverted/reverting swiotlb change (CVE-2022-0854 bsc#1196823 bsc#1197460) - commit 484de8a - Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE"" (CVE-2022-0854 bsc#1196823). - swiotlb: fix info leak with DMA_FROM_DEVICE (CVE-2022-0854 bsc#1196823). - commit a1cbe57 - platform/x86: asus-wmi: Fix regression when probing for fan curve control (bsc#1198058). - commit 1b61a49 - platform/x86: asus-wmi: Add support for custom fan curves (bsc#1198058). - platform/x86: asus-wmi: Fix "unsigned 'retval' is never less than zero" smatch warning (bsc#1198058). - platform/x86: asus-wmi: Delete impossible condition (bsc#1198058). - asus-wmi: Add support for platform_profile (bsc#1198058). - asus-wmi: Add egpu enable method (bsc#1198058). - asus-wmi: Add dgpu disable method (bsc#1198058). - asus-wmi: Add panel overdrive functionality (bsc#1198058). - commit 90c1643 - SUNRPC: Do not dereference non-socket transports in sysfs - kabi fix (git-fixes). - commit 402bd87 - blacklist.conf: add unwanted commit - commit f1c213e - NFSv4/pNFS: Fix another issue with a list iterator pointing to the head (git-fixes). - NFS: Don't loop forever in nfs_do_recoalesce() (git-fixes). - SUNRPC: Do not dereference non-socket transports in sysfs (git-fixes). - NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error (git-fixes). - SUNRPC don't resend a task on an offlined transport (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Use of mapping_set_error() results in spurious errors (git-fixes). - NFS: NFSv2/v3 clients should never be setting NFS_CAP_XATTR (git-fixes). - nfsd: more robust allocation failure handling in nfsd_file_cache_init (git-fixes). - commit cfe5259 ++++ libcbor: - do not build manual page for 15sp4, it does not succeed [bsc#1197743] - added sources + libcbor.1 ++++ systemd: - Import commit e62acb68de9bccfa272bef98fe5b38effc37528a b70267d883 journald: make use of CLAMP() in cache_space_refresh() 3953e685cb journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) d03a5f79bf fs-util: make sure openat_report_new() initializes return param also on shortcut 05499d5a30 fs-util: fix typos in comments 9f77c8fae1 journal-file: port journal_file_open() to openat_report_new() 4d07c034da fs-util: add openat_report_new() wrapper around openat() 258c04836d meson: build kernel-install man page when necessary 23da9cc83a man: do not install sd-boot man pages when -Dgnu-efi=false is set d452b8738c unit: install the systemd-bless-boot.service only if we have gnu-efi 98f44dc500 boot: don't build bootctl when -Dgnu-efi=false is set (bsc#1198093) 9145684460 build: include status of TPM2 in the feature string show by --version ++++ osinfo-db: - bsc#1197958 - request support for SLE15-SP4 in the osinfo database - Add support for SUSE linux Enterprise Micro 5.2 add-slem5.2-support.patch ------------------------------------------------------------------ ------------------ 2022-4-4 - Apr 4 2022 ------------------- ------------------------------------------------------------------ ++++ ignition: - Don't include non-MarkDown files in documentation ++++ kernel-default: - net: kABI workaround for ax25_dev (CVE-2022-1199 bsc#1198028). - commit d3ec4a7 - ax25: Fix UAF bugs in ax25 timers (CVE-2022-1205 bsc#1198027). - ax25: fix UAF bug in ax25_send_control() (CVE-2022-1205 bsc#1198027). - ax25: Fix NULL pointer dereferences in ax25 timers (CVE-2022-1205 bsc#1198027). - ax25: Fix refcount leaks caused by ax25_cb_del() (CVE-2022-1205 bsc#1198027). - ax25: fix UAF bugs of net_device caused by rebinding operation (CVE-2022-1205 bsc#1198027). - ax25: fix reference count leaks of ax25_dev (CVE-2022-1205 bsc#1198027). - commit 72a596a - Update patch reference for ax25 fixes (CVE-2022-1199 bsc#1198028) - commit 97843ec - ax25: fix NPD bug in ax25_disconnect (CVE-2022-1199 bsc#1198028). - ax25: add refcount in ax25_dev to avoid UAF bugs (CVE-2022-1199 bsc#1198028). - commit e523403 - drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() (CVE-2022-1198 bsc#1198030). - commit bab29a1 - Update patch reference for hamradio fix (CVE-2022-1195 bsc#1198029) - commit 8321418 - hamradio: remove needs_free_netdev to avoid UAF (CVE-2022-1195 bsc#1198029). - hamradio: defer 6pack kfree after unregister_netdev (CVE-2022-1195 bsc#1198029). - commit 68521ee - Update patch references for can fixes (CVE-2022-28390 bsc#1198031 CVE-2022-28389 bsc#1198033 CVE-2022-28388 bsc#1198032) - commit 0fd0cef - iwlwifi: fix use-after-free (bsc#1197762 git-fixes). - commit d5140bb - btrfs: rename btrfs_item_end_nr to btrfs_item_data_end (bsc#1197915). - btrfs: remove the btrfs_item_end() helper (bsc#1197915). - btrfs: drop the _nr from the item helpers (bsc#1197915). - btrfs: introduce item_nr token variant helpers (bsc#1197915). - btrfs: make btrfs_file_extent_inline_item_len take a slot (bsc#1197915). - btrfs: add btrfs_set_item_*_nr() helpers (bsc#1197915). - btrfs: use btrfs_item_size_nr/btrfs_item_offset_nr everywhere (bsc#1197915). - commit ea99a8c - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1197762) Correct the entries that have *-64.ucode instead of *-63.ucode - commit d8b5646 - blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() (bsc#1198034). - commit cad1621 - blacklist.conf: Blacklist 1241ebeca3f94 - commit 003ad35 - blacklist.conf: Blacklist dd21bfa425c0 - commit aec1aaa - blacklist.conf: Blacklist 538f4f022a46 - commit 8edaa91 - mm, thp: fix incorrect unmap behavior for private pages (bsc#1198024). - commit bdfee77 - mm, thp: lock filemap when truncating page cache (bsc#1198023). - commit 382907f - block: limit request dispatch loop duration (bsc#1198022). - commit b262164 - block: Fix the maximum minor value is blk_alloc_ext_minor() (bsc#1198021). - commit 0114530 - block: don't merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - commit 3495d8e - block: don't delete queue kobject before its children (bsc#1198019). - commit 0b8dd0c - block: update io_ticks when io hang (bsc#1197817). - commit f6e696b - blk-cgroup: set blkg iostat after percpu stat aggregation (bsc#1198018). - commit f6b885a - blktrace: fix use after free for struct blk_trace (bsc#1198017). - commit 510769a - block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819). - commit 6b88c11 - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1198016). - commit 801ee75 - block: fix async_depth sysfs interface for mq-deadline (bsc#1198015). - commit 3406ce6 - iocost: Fix divide-by-zero on donation from low hweight cgroup (bsc#1198014). - commit 197d88f - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586). - commit f37b7e0 - block: avoid to quiesce queue in elevator_init_mq (bsc#1198013). - commit 79eb6a9 - block: Check ADMIN before NICE for IOPRIO_CLASS_RT (bsc#1198012). - commit ad01732 - blkcg: Remove extra blkcg_bio_issue_init (bsc#1194585). - commit 512daa8 - block: Hold invalidate_lock in BLKRESETZONE ioctl (bsc#1198010). - commit 4e05a80 - btrfs: remove no longer needed logic for replaying directory deletes (bsc#1197915). - btrfs: only copy dir index keys when logging a directory (bsc#1197915). - commit e38d9fe - blacklist.conf: Blacklist 057178cf518e - commit 0fa088a - block, bfq: fix UAF problem in bfqg_stats_init() (bsc#1194583). - commit ea8f21b - block/mq-deadline: Improve request accounting further (bsc#1198009). - commit 2be2d53 - Add another git-commit tag: patches.suse/blk-cgroup-blk_cgroup_bio_start-should-use-irq-safe-.patch. - commit 7f19cc3 - btrfs: fix missing last dir item offset update when logging directory (bsc#1197915). - commit 01ad534 - btrfs: fix memory leak in __add_inode_ref() (bsc#1197915). - btrfs: fix re-dirty process of tree-log nodes (bsc#1197915). - commit 4b5ab70 - btrfs: remove root argument from check_item_in_log() (bsc#1197915). - btrfs: remove root argument from add_link() (bsc#1197915). - btrfs: remove root argument from btrfs_unlink_inode() (bsc#1197915). - btrfs: remove root argument from drop_one_dir_item() (bsc#1197915). - btrfs: do not pin logs too early during renames (bsc#1197915). - commit 3cfa0bf - Update patch references for a few already backported fixes (CVE-2022-26878 bsc#1197035 bsc#1193983 CVE-2021-4148 bsc#1197366 CVE-2021-45868 CVE-2022-0644 bsc#1196155) - commit 69353e8 - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258 bsc#1196095 git-fixes). - commit 4a7f6a3 - Update patch reference for vdpa fix (CVE-2022-0998 bsc#1197247) - commit 5b2f9f9 - vdpa: clean up get_config_size ret value handling (CVE-2022-0998 bsc#1197247). - commit 0d2ae2e - btrfs: add a BTRFS_FS_ERROR helper (bsc#1197915). - btrfs: change error handling for btrfs_delete_*_in_log (bsc#1197915). - btrfs: change handle_fs_error in recover_log_trees to aborts (bsc#1197915). - commit 0dab437 - btrfs: use single bulk copy operations when logging directories (bsc#1197915). - btrfs: unexport setup_items_for_insert() (bsc#1197915). - btrfs: loop only once over data sizes array when inserting an item batch (bsc#1197915). - btrfs: assert that extent buffers are write locked instead of only locked (bsc#1197915). - commit 1ed0aec - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (bsc#1196806, bsc#1196961). - commit 2771ae3 - add mainline tags for three hyperv patches - commit 5355614 - proc: bootconfig: Add null pointer check (git-fixes). - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes). - watch_queue: Free the page array when watch_queue is dismantled (git-fixes). - ARM: iop32x: offset IRQ numbers by 1 (git-fixes). - crypto: qcom-rng - ensure buffer for generate is completely filled (git-fixes). - ARM: Spectre-BHB: provide empty stub for non-config (git-fixes). - ARM: fix Thumb2 regression with Spectre BHB (git-fixes). - ARM: fix build warning in proc-v7-bugs.c (git-fixes). - ARM: Do not use NOCROSSREFS directive with ld.lld (git-fixes). - ARM: fix co-processor register typo (git-fixes). - proc: fix documentation and description of pagemap (git-fixes). - audit: improve audit queue handling when "audit=1" on cmdline (git-fixes). - audit: ensure userspace is penalized the same as the kernel when under pressure (git-fixes). - arm64: dts: qcom: sm8350: Shorten camera-thermal-bottom name (git-fixes). - arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus (git-fixes). - arm64: dts: ti: j721e-main: Fix 'dtbs_check' in serdes_ln_ctrl node (git-fixes). - arm64: dts: ti: j7200-main: Fix 'dtbs_check' serdes_ln_ctrl node (git-fixes). - arm64: tegra: Adjust length of CCPLEX cluster MMIO region (git-fixes). - arm64: dts: renesas: Fix thermal bindings (git-fixes). - audit: improve robustness of the audit queue handling (git-fixes). - commit 0ded242 ++++ systemd: - spec: make sure /lib exists when installing conf files in /lib/modprobe.d ------------------------------------------------------------------ ------------------ 2022-4-3 - Apr 3 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - modpost: restore the warning message for missing symbol versions (git-fixes). - platform/chrome: cros_ec_typec: Check for EC device (git-fixes). - commit 8440850 ------------------------------------------------------------------ ------------------ 2022-4-2 - Apr 2 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - arm64: dts: ls1046a: Update i2c node dma properties (git-fixes). - arm64: dts: ls1043a: Update i2c dma properties (git-fixes). - ARM: dts: spear1340: Update serial node properties (git-fixes). - ARM: dts: spear13xx: Update SPI dma properties (git-fixes). - ASoC: SOF: Intel: Fix build error without SND_SOC_SOF_PCI_DEV (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - rtc: pl031: fix rtc features null pointer dereference (git-fixes). - rtc: mc146818-lib: fix locking in mc146818_set_time (git-fixes). - commit 6188b50 - Move upstreamed input patch into sorted section - commit a3b7f82 - Move upstreamed ALSA fix into sorted section - commit 051af6b ------------------------------------------------------------------ ------------------ 2022-4-1 - Apr 1 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Install nfs dispatcher script in /usr/lib/NetworkManager, not /etc ++++ kernel-default: - btrfs: stop doing GFP_KERNEL memory allocations in the ref verify tool (bsc#1197915). - btrfs: improve the batch insertion of delayed items (bsc#1197915). - commit 436dc43 - btrfs: keep track of the last logged keys when logging a directory (bsc#1197915). - btrfs: insert items in batches when logging a directory when possible (bsc#1197915). - btrfs: factor out the copying loop of dir items from log_dir_items() (bsc#1197915). - btrfs: remove redundant log root assignment from log_dir_items() (bsc#1197915). - btrfs: remove root argument from btrfs_log_inode() and its callees (bsc#1197915). - commit d461f04 - btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1197915). - btrfs: avoid attempt to drop extents when logging inode for the first time (bsc#1197915). - btrfs: avoid search for logged i_size when logging inode if possible (bsc#1197915). - btrfs: avoid expensive search when truncating inode items from the log (bsc#1197915). - btrfs: add helper to truncate inode items when logging inode (bsc#1197915). - btrfs: avoid expensive search when dropping inode items from log (bsc#1197915). - btrfs: always update the logged transaction when logging new names (bsc#1197915). - btrfs: do not log new dentries when logging that a new name exists (bsc#1197915). - btrfs: remove no longer needed checks for NULL log context (bsc#1197915). - btrfs: check if a log tree exists at inode_logged() (bsc#1197915). - btrfs: unify lookup return value when dir entry is missing (bsc#1197915). - commit 035a406 - powerpc/64s: Don't use DSISR for SLB faults (bsc#1194869). - commit fc040c2 - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). - powerpc/perf: Don't use perf_hw_context for trace IMC PMU (bsc#1156395). - commit cb14232 - btrfs: avoid unnecessarily logging directories that had no changes (bsc#1197915). - btrfs: update comment at log_conflicting_inodes() (bsc#1197915). - btrfs: introduce btrfs_lookup_match_dir (bsc#1197915). - btrfs: remove unneeded return variable in btrfs_lookup_file_extent (bsc#1197915). - btrfs: use btrfs_next_leaf instead of btrfs_next_item when slots > nritems (bsc#1197915). - commit dbc61cd - fsnotify: Don't insert unmergeable events in hashtable (bsc#1197922). - commit 952689a - blacklist.conf: Blacklist dabe729dddca - commit c7ed171 - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195944 bsc#1195478). - commit 47e73fb - btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1197915). - btrfs: add ro compat flags to inodes (bsc#1197915). - btrfs: eliminate some false positives when checking if inode was logged (bsc#1197915). - btrfs: constify and cleanup variables in comparators (bsc#1197915). - commit 24b2386 - ext2: correct max file size computing (bsc#1197820). - commit 327f163 - ext4: avoid trim error on fs with small groups (bsc#1191271). - commit cf203a4 - blacklist.conf: Blacklist 81dedaf10c20 - commit 2c9c489 - mm: Fully initialize invalidate_lock, amend lock class later (bsc#1197921). - commit 5035cbf - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920). - commit 524f075 - mm: fs: fix lru_cache_disabled race in bh_lru (bsc#1197761). - commit ceb1ef5 - fs: handle circular mappings correctly (bsc#1197918). - commit 4d59e0a - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - commit c36bf42 - ext4: destroy ext4_fc_dentry_cachep kmemcache on module removal (bsc#1197917). - commit 273281c - nfsd: Fix a write performance regression (bsc#1197016). - commit 3827cd1 - btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1197915). - btrfs: remove unnecessary list head initialization when syncing log (bsc#1197915). - btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1197915). - commit f007cc7 - printk: disable optimistic spin during panic (bsc#1197894). - commit 70af8b1 - printk: Add panic_in_progress helper (bsc#1197894). - commit cb51b3b - blacklist.conf: printk: cosmetic problem - commit 232518f - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). - commit f47b241 - Revert "module, async: async_synchronize_full() on module init iff async is used" (bsc#1197888). - commit 8d797c5 - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes). - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes). - commit 49909d3 - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - commit 819b0ac - watchdog: rti-wdt: Add missing pm_runtime_disable() in probe function (git-fixes). - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes). - Documentation: Fix duplicate statement about raw_spinlock_t type (git-fixes). - can: mcba_usb: properly check endpoint type (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes). - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: m_can: m_can_tx_handler(): fix use after free of skb (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix return of error value (git-fixes). - can: isotp: restore accidentally removed MSG_PEEK feature (git-fixes). - crypto: arm/aes-neonbs-cbc - Select generic cbc and aes (git-fixes). - commit 18d8ff4 ++++ mozilla-nss: - Mozilla NSS 3.68.3 (bsc#1197903) This release improves the stability of NSS when used in a multi-threaded environment. In particular, it fixes memory safety violations that can occur when PKCS#11 tokens are removed while in use (CVE-2022-1097). We presume that with enough effort these memory safety violations are exploitable. * Remove token member from NSSSlot struct (bmo#1756271). * Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots (bmo#1755555). * Check return value of PK11Slot_GetNSSToken (bmo#1370866). ++++ gcc12: - Add provides/conflicts to glibc crosses since only one GCC version for the same target can be installed at the same time. - Add provides/conflicts to libgccjit ++++ libnvme: - Update to version 1.0-rc8: * types: Add support for get log - MI Command Supported * types: Add new Identify constant * types: Update persistent event entry struct added new fields * types: Add Host Initiated Data Gen Number to telemetry log struct * tree: always allocate config file in nvme_read_config() * tree: rework nvme_scan_subsystem() * tree: make subsystem name mandatory in nvme_scan_ctrl() * tree: move nvme_init_subsystem() into nvme_lookup_subsystem() * tree: do not return error when filtering out subsystems * tree: add debugging messages during scanning * tree: Handle NULL subsysname in nvme_scan_ctrl() * tree: Fix subsystem initialization in nvme_scan_ctrl() * tree: Fix leaking 'name' in nvme_subsystem_lookup_namespace() * tree: Avoid dereferencing nvme_subsystem_t before its check for NULL * tree: Clarify NULL return values from nvme_get_attr() * fabrics: Invoke nvmf_dim() with provided tas argument * fabrics: add 'nvmf_update_config()' * fabrics: Avoid out of bounds string chomping * fabrics: Free old traddr in nvmf_add_ctrl * fabrics: update log level for write failures * fabrics: Streamlining documentation * fabrics: Fix leaking ctrl in nvmf_connect_disc_entry() * fabrics: Add missing break in a switch * ioctl: Remove attribute packed and alignedof for args structs * ioctl: Align arguments indentation with braces * json: fix endless loop scanning for controllers * Remove nvme_init_id_ns * Add lbstm support for create-ns * documentation updates ++++ nfs-utils: - Add 0023-cache.c-removed-a-couple-warning.patch Fix compilation with new glibc (SLE15-SP4) (bsc#1197788) ++++ nvme-cli: - Update to version 2.0-rc8: * fabrics: Add DIM command * fabrics: Introduce force flag to overwrite persistence logic (bsc#1197076) * fabrics: Free non-matching controller during discovery * fabrics: add 'nvme config' command * fabrics: Correctly stringify discovery.conf and config.json paths * nvme-print: Add human readable print for nsattr field * nvme-print: Update Persistent Event log fields * nvme-print: print discovery async event support * nvme-rpmb: Fix spelling for 'Partition' * nvme-copy: add missing field to the command * nvme: add get_mi_cmd_support_effects_log command * nvme: Fixup namespace filtering yet again * nvme: Use type bool for OPT_FLAG * nvme: use filter for 'list-subsys ' (bsc#1195938) * Add lbstm option to create-ns * argconfig: Do not use default value loading by getopt_long_only * argconfig: Rename CFG_NONE to CFG_FLAG * plugins: Use type bool for OPT_FLAG * documenation updates - Drop 'ProtectKernelTunables=true' (bsc#1197076) ++++ pam: - Do not include obsolete libselinux header files flask.h and av_permissions.h. [bsc#1197794, pam-bsc1197794-do-not-include-obsolete-header-files.patch] ++++ permissions: - Update to version 20201225: * squid: adjust pinger path, drop basic_pam_auth (bsc#1197649) ++++ podman: - Update to version 4.0.3: * Security - This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set. * Changes - The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448). - When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510). * Bugfixes - Fixed a bug where devices added to containers by the --device option to podman run and podman create would not be accessible within the container. - Fixed a bug where Podman would refuse to create containers when the working directory in the container was a symlink (#13346). - Fixed a bug where pods would be created with cgroups even if cgroups were disabled in containers.conf (#13411). - Fixed a bug where the podman play kube command would produce confusing errors if invalid YAML with duplicated container named was passed (#13332). - Fixed a bug where the podman machine rm command would not remove the Podman API socket on the host that was associated with the VM. - Fixed a bug where the remote Podman client was unable to properly resize the TTYs of containers on non-Linux OSes. - Fixed a bug where rootless Podman could hang indefinitely when starting containers on systems with IPv6 disabled (#13388). - Fixed a bug where the podman version command could sometimes print excess blank lines as part of its output. - Fixed a bug where the podman generate systemd command would sometimes generate systemd services with names beginning with a hyphen (#13272). - Fixed a bug where locally building the pause image could fail if the current directory contained a .dockerignore file (#13529). - Fixed a bug where root containers in VMs created by podman machine could not bind ports to specific IPs on the host (#13543). - Fixed a bug where the storage utilization percentages displayed by podman system df were incorrect (#13516). - Fixed a bug where the CPU utilization percentages displayed by podman stats were incorrect (#13597). - Fixed a bug where containers created with the --no-healthcheck option would still display healthcheck status in podman inspect (#13578). - Fixed a bug where the podman pod rm command could print a warning about a missing cgroup (#13382). - Fixed a bug where the podman exec command could sometimes print a timed out waiting for file error after the process in the container exited (#13227). - Fixed a bug where virtual machines created by podman machine were not tolerant of changes to the path to the qemu binary on the host (#13394). - Fixed a bug where the remote Podman client's podman build command did not properly handle the context directory if a Containerfile was manually specified using -f (#13293). - Fixed a bug where Podman would not properly detect the use of systemd as PID 1 in a container when the entrypoint was prefixed with /bin/sh -c (#13324). - Fixed a bug where rootless Podman could, on systems that do not use systemd as init, print a warning message about the rootless network namespace (#13703). - Fixed a bug where the default systemd unit file for podman system service did not delegate all cgroup controllers, resulting in podman info queries against the remote API returning incorrect cgroup controllers (#13710). - Fixed a bug where the slirp4netns port forwarder for rootless Podman would only publish the first port of a range (#13643). * API - Fixed a bug where the Compat Create API for containers did not properly handle permissions for tmpfs mounts (#13108). * Misc - The static binary for Linux is now built with CGo disabled to avoid panics due to a Golang bug (#13557). - Updated Buildah to v1.24.3 - Updated the containers/storage library to v1.38.3 - Updated the containers/image library to v5.19.2 - Updated the containers/common library to v0.47.5 ++++ python-evtx: - bsc#1197837 - FTBFS: python-evtx won't compile on SP4 python-evtx.spec ------------------------------------------------------------------ ------------------ 2022-3-31 - Mar 31 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit-wicked: - Version 4.3: * Update a few dependencies to address security concerns (gh#134). * Fix wicked wireless configuration parser (bsc#1196528). ++++ kdump: - pull sources directly from git using obs_scm - fix bsc#1190299, bsc#1186272 - remove patches included in upstream git: kdump-calibrate-include-af_packet.patch, kdump-calibrate-fix-nic-naming.patch, kdump-calibrate.conf-depends-on-kdumptool.patch ++++ kernel-default: - x86/unwind: kABI workaround for unwind_state changes (bsc#1193277). - commit d529509 - s390/kexec: fix return code handling (git-fixes). - commit 7207d12 - s390/setup: avoid reserving memory above identity mapping (git-fixes). - commit 22ee7f5 - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Use irq_set_affinity() (bsc#1197675). - commit 8cd02d8 - blacklist.conf: s390x fix not needed with CONFIG_VMAP_STACK=y - commit df05de4 - net: asix: add proper error handling of usb read errors (git-fixes). - commit cec1c41 - bpf: Disallow negative offset in check_ptr_off_reg (git-fixes). - commit 08f1628 - bpf: Fix PTR_TO_BTF_ID var_off check (git-fixes). - commit ca4a34b - bpf: Add check_func_arg_reg_off function (git-fixes). - commit 5c52201 - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes). - dmaengine: hisi_dma: fix MSI allocate fail when reload hisi_dma (git-fixes). - dmaengine: idxd: restore traffic class defaults after wq reset (git-fixes). - remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region (git-fixes). - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes). - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes). - remoteproc: Fix count check in rproc_coredump_write() (git-fixes). - rpmsg: qcom_smd: Fix redundant channel->registered assignment (git-fixes). - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). - clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes). - clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes). - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). - clk: qcom: ipq8074: fix PCI-E clock oops (git-fixes). - clk: uniphier: Fix fixed-rate initialization (git-fixes). - clk: Initialize orphan req_rate (git-fixes). - clk: Fix clk_hw_get_clk() when dev is NULL (git-fixes). - clk: bcm2835: Remove unused variable (git-fixes). - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes). - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes). - clk: hisilicon: Terminate clk_div_table with sentinel element (git-fixes). - clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes). - clk: actions: Terminate clk_div_table with sentinel element (git-fixes). - clk: imx: off by one in imx_lpcg_parse_clks_from_dt() (git-fixes). - clk: imx7d: Remove audio_mclk_root_clk (git-fixes). - clk: nxp: Remove unused variable (git-fixes). - clk: at91: sama7g5: fix parents of PDMCs' GCLK (git-fixes). - commit 7654d6c ++++ ceph: - Update to v16.2.7-654-gd5a90ff46f0 + (bsc#1196733) remove build directory during %clean ++++ libvirt: - qemu: Improve save operation by increasing pipe size c61d1e9b-virfile-set-pipe-size.patch, 47d6d185-virfile-fix-indent.patch, cd7acb33-virfile-report-error.patch bsc#1196625 ++++ perl: - Stabilize Socket::VERSION comparisons [bnc#1193489] new patch: perl-Stabilize-Socket-VERSION-comparisons.patch ++++ ppp: - bsc#1197799: Add ppp-2.4.7-DES-openssl.patch to fix build on SLE-15-SP3 and SP4. ++++ salt: - Fix salt-ssh opts poisoning (bsc#1197637) - Added: * fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch - Fix multiple security issues (bsc#1197417) * Sign authentication replies to prevent MiTM (CVE-2022-22935) * Sign pillar data to prevent MiTM attacks. (CVE-2022-22934) * Prevent job and fileserver replays (CVE-2022-22936) * Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941) - Added: * fix-multiple-security-issues-bsc-1197417.patch ++++ qemu: - Support the SGX feature (bsc#1197807) * Patches added: doc-Add-the-SGX-numa-description.patch numa-Enable-numa-for-SGX-EPC-sections.patch numa-Support-SGX-numa-in-the-monitor-and.patch ------------------------------------------------------------------ ------------------ 2022-3-30 - Mar 30 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit 5e55cab - net: sched: fix use-after-free in tc_new_tfilter() (CVE-2022-1055 bsc#1197702). - commit 77a7f01 - cpufreq: qcom-cpufreq-nvmem: fix reading of PVS Valid fuse (git-fixes). - dma-debug: fix return value of __setup handlers (git-fixes). - commit 3817fbc - bpf, selftests: Add various ringbuf tests with invalid offset (bsc#1194111 bsc#1194765 CVE-2021-4204 CVE-2022-23222). - commit 7e4daf8 - tracing: Have trace event string test handle zero length strings (git-fixes). - commit d722f48 - ext4: fix ext4_fc_stats trace point (git-fixes). - commit 76c15f8 - blacklist.conf: 2f293651eca3 ("livepatch: Fix build failure on 32 bits processors") 32bit (powerpc) live patching is not supported. - commit 9af010a - bpf, selftests: Update test case for atomic cmpxchg on r0 with pointer (git-fixes). - commit 36b1af6 - bpf, selftests: Add test case for atomic fetch on spilled pointer (git-fixes bsc#1193883 bsc#1194826 CVE-2022-0264). - commit 1e154c0 - selftests/bpf: Some more atomic tests (git-fixes bsc#1193883 bsc#1194826 CVE-2022-0264). - commit 0010236 - bpf: Fix UAF due to race between btf_try_get_module and load_module (git-fixes). - commit 6d1d264 - bpf: Mark PTR_TO_FUNC register initially with zero offset (git-fixes). - commit 3ebe846 ++++ libosinfo: - bsc#1197769 - FTBFS: libosinfo won't compile on SP4 libosinfo.spec ++++ ceph: - Update to v16.2.7-652-gf5dc462fdb5 + (bsc#1194875) [SES7P] include/buffer: include ++++ virt-manager: - bsc#1196806 - [jsc#SLE-18834][virt-install] ERROR SEV launch security requires a Q35 UEFI machine (epic: jsc#SLE-18732) virtman-add-sev-memory-support.patch - Add firmware features to description tooltip when mouse hovers over the selected firmware file. virtman-add-tooltip-to-firmware.patch ------------------------------------------------------------------ ------------------ 2022-3-29 - Mar 29 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - ensure precompiled cache files are newer than (text) profiles - reload profiles in %posttrans instead of %post to ensure both - profiles and -abstractons package are updated before the cache in /var/cache/apparmor/ gets built (boo#1195463 #c20) ++++ python-kiwi: - Bump version: 9.24.16 → 9.24.17 This version includes fixes for: * Fix booting GRUB submenu entries with hybrid images (linux/linuxefi) Variables assigned with "set" are not visible in submenus for some reason. Export $linux and $initrd, so that they also work in submenu entries. Fixes bsc#1192523 ++++ kernel-default: - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - commit 60d6aa2 - Revert "rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926)" This reverts commit beb790e1e013350f13ede349c015d8149c603787. - commit 122bc9d - powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 ltc#196362). - commit be99d79 - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - commit d34af8f - bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg (git-fixes). - commit 851556a - xfs: drop async cache flushes from CIL commits (bsc#1195669). - commit ed76e3d - mmc: rtsx: Fix build errors/warnings for unused variable (git-fixes). - commit ce609f9 - mmc: rtsx: Let MMC core handle runtime PM (git-fixes). - commit 0ff3f87 - net/x25: Fix null-ptr-deref caused by x25_disconnect (git-fixes). - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). - serial: 8250: fix XOFF/XON sending when DMA is used (git-fixes). - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes). - serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_aspeed_vuart: add PORT_ASPEED_VUART port type (git-fixes). - serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes). - phy: phy-brcm-usb: fixup BCM4908 support (git-fixes). - phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure}) (git-fixes). - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes). - VMCI: Fix the description of vmci_check_host_caps() (git-fixes). - pps: clients: gpio: Propagate return value from pps_gpio_probe (git-fixes). - mmc: rtsx: Use pm_runtime_{get,put}() to handle runtime PM (git-fixes). - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes). - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes). - pinctrl: mediatek: paris: Skip custom extra pin config dump for virtual GPIOs (git-fixes). - pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes). - pinctrl: mediatek: paris: Fix "argument" argument type for mtk_pinconf_get() (git-fixes). - pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback (git-fixes). - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes). - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes). - pinctrl: renesas: checker: Fix miscalculation of number of states (git-fixes). - pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel (git-fixes). - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes). - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes). - tpm: use try_get_ops() in tpm-space.c (git-fixes). - tpm: Fix error handling in async work (git-fixes). - commit 643f2cc - driver core: dd: fix return value of __setup handler (git-fixes). - firmware: google: Properly state IOMEM dependency (git-fixes). - firmware: sysfb: fix platform-device leak in error path (git-fixes). - firmware: stratix10-svc: add missing callback parameter on RSU (git-fixes). - iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes). - iio: adc: Add check for devm_request_threaded_irq (git-fixes). - staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes). - iio: mma8452: Fix probe failing when an i2c_device_id is used (git-fixes). - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes). - iio: inkern: make a best effort on offset calculation (git-fixes). - iio: inkern: apply consumer scale when no channel scale is available (git-fixes). - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes). - habanalabs: Add check for pci_enable_device (git-fixes). - misc: sgi-gru: Don't cast parameter in bit operations (git-fixes). - comedi: drivers: ni_routes: Use strcmp() instead of memcmp() (git-fixes). - misc: alcor_pci: Fix an error handling path (git-fixes). - dt-bindings: pinctrl: pinctrl-microchip-sgpio: Fix example (git-fixes). - Bluetooth: btusb: Add another Realtek 8761BU (git-fixes). - Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE (git-fixes). - crypto: qat - disable registration of algorithms (git-fixes). - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes). - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes). - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes). - commit 95c9747 - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes). - commit 20a25b6 ++++ libapparmor: - ensure precompiled cache files are newer than (text) profiles - reload profiles in %posttrans instead of %post to ensure both - profiles and -abstractons package are updated before the cache in /var/cache/apparmor/ gets built (boo#1195463 #c20) ++++ sqlite3: - update to 3.38.2: * Fix a problem with the Bloom filter optimization that might cause an incorrect answer when doing a LEFT JOIN with a WHERE clause constraint that says that one of the columns on the right table of the LEFT JOIN is NULL. * Other minor patches. ++++ libvirt: - CVE-2022-0897: nwfilter: fix crash when counting number of network filters a4947e8f-nwfilter-CVE-2022-0897.patch bsc#1197636 ++++ python-pytz: - update to 2022.1 * matches tzdata 2022a * declare python 3.10 compatibility ++++ qemu: - Backport CVE-2021-3929 (bsc#1193880) * Patches added: hw-nvme-fix-CVE-2021-3929.patch - The patches from upstream cause testsuit failures (bsc#1197150 bsc#1197528) * Patches added: Revert-python-iotests-replace-qmp-with-a.patch Revert-python-machine-add-instance-disam.patch Revert-python-machine-add-sock_dir-prope.patch Revert-python-machine-handle-fast-QEMU-t.patch Revert-python-machine-move-more-variable.patch Revert-python-machine-remove-_remove_mon.patch - Add missing patch from a PTFs (bsc#1194938) * Patches added: scsi-generic-check-for-additional-SG_IO-.patch ++++ raspberrypi-firmware-dt: - With recent Linux kernel gpio-ranges Device Tree property is now required. Add following patches to fix immediate issue described in bsc#1197578. ARM-dts-gpio-ranges-property-is-now-required.patch ARM-dts-Add-GPIO-line-names-for-downstream-RPis.patch We do not update whole package because this will create new issues like the one described in comment#12 in bsc#1193434 and comment#2 in bsc#1196632. Once patches referenced in bsc#1196632 are accepted upstream. _This_ package could be upgraded too. ++++ runc: - Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus "Intel RDT is not supported" error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) ++++ tcl: - Remove the SQLite extension and package it as a subpackage of sqlite3 to have only a single copy and keep it more up to date (bsc#1195773). - Clean up the lib dependencies in tclConfig.sh and tcl.pc. ------------------------------------------------------------------ ------------------ 2022-3-28 - Mar 28 2022 ------------------- ------------------------------------------------------------------ ++++ firewalld: - Provide dummy firewalld-prometheus-config package (bsc#1197042) ++++ kernel-default: - watch_queue: Actually free the watch (CVE-2022-0995 bsc#1197246). - watch_queue: Fix NULL dereference in error cleanup (CVE-2022-0995 bsc#1197246). - commit 9f97636 - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - commit 7ca9b7d - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - commit bdcd5ee - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - commit 8bb5c1f - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit 4ce87ae - drm/i915/ttm: ensure we unmap when purging (git-fixes). - commit 6b15818 - blacklist.conf: f3cb4a2de541 drm/i915/ttm: only fault WILLNEED objects - commit 64673e1 - Refresh patches.suse/drm-i915-dg2-Print-PHY-name-properly-on-calibration-.patch. Alt-commit - commit ee566a7 - Refresh patches.suse/drm-i915-Widen-the-QGV-point-mask.patch. Alt-commit - commit 29d981f - blacklist.conf: 068396bb21c8 drm/i915/ttm: Rework object initialization slightly - commit 404bf29 - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - commit b52421d - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda: Add AlderLake-PS variant PCI ID (git-fixes). - ALSA: hda: Add PCI and HDMI IDs for Intel Raptor Lake (git-fixes). - ALSA: hda: Fix driver index handling at re-binding (git-fixes). - commit a6a01f1 - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit ad07b38 - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes). - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes). - ALSA: pcm: Fix races among concurrent prealloc proc writes (git-fixes). - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (git-fixes). - ALSA: pcm: Fix races among concurrent read/write and buffer changes (git-fixes). - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (git-fixes). - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes). - commit cd09a05 - mailbox: imx: fix crash in resume on i.mx8ulp (git-fixes). - mailbox: tegra-hsp: Flush whole channel (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes). - ALSA: usb-audio: add mapping for new Corsair Virtuoso SE (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes). - watch_queue: Actually free the watch (git-fixes). - watch_queue: Fix NULL dereference in error cleanup (git-fixes). - mailbox: change mailbox-mpfs compatible string (git-fixes). - commit c338df3 ++++ multipath-tools: - If multipath-tools is newly installed, load dm-multipath (bsc#1196898) ++++ gcc12: - Bump to 9f37d31324f89d0b7b2abac988a976d121ae29c6, git192251. ++++ systemd: - spec: enable 'efi' support regardless of whether sd_boot is enabled or not We should support EFI systems even if systemd-boot is not enabled. ++++ lshw: - Update to version B.02.19.2+git.20220310: * Github PR85 Set product name for all netdevs sharing the same PCI number ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#585 - Fix creation of openslp user (bsc#1196331, bsc#1197222) - 16.57.18 ------------------------------------------------------------------ ------------------ 2022-3-27 - Mar 27 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Move upstreamed patches into sorted section - commit 8e8d2c1 - of: unittest: update text of expected warnings (git-fixes). - commit f6fd7da - dt-bindings: usb: hcd: correct usb-device path (git-fixes). - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/i915: Fix PSF GV point mask when SAGV is not possible (git-fixes). - dt-bindings: spi: mxic: The interrupt property is not mandatory (git-fixes). - dt-bindings: mtd: nand-controller: Fix a comment in the examples (git-fixes). - dt-bindings: mtd: nand-controller: Fix the reg property description (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - HID: intel-ish-hid: Use dma_alloc_coherent for firmware update (git-fixes). - dt-bindings: net: xgmac_mdio: Remove unsupported "bus-frequency" (git-fixes). - dt-bindings: memory: mtk-smi: No need mediatek,larb-id for mt8167 (git-fixes). - KEYS: asymmetric: properly validate hash_algo and encoding (git-fixes). - KEYS: trusted: Avoid calling null function trusted_key_exit (git-fixes). - KEYS: trusted: Fix trusted key backends when building as module (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config (git-fixes). - dt-bindings: watchdog: Require samsung,syscon-phandle for Exynos7 (git-fixes). - of/fdt: Don't worry about non-memory region overlap for no-map (git-fixes). - of: base: Improve argument length mismatch error (git-fixes). - of: base: Fix phandle argument length mismatch error message (git-fixes). - of: unittest: 64 bit dma address test requires arch support (git-fixes). - of: unittest: fix warning on PowerPC frame size warning (git-fixes). - commit aae6d8d - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: exynos-lpass: Drop unneeded syscon.h include (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: pl353: Set the nand chip node as the flash node (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - mtd: mchp48l640: Add SPI ID table (git-fixes). - mtd: mchp23k256: Add SPI ID table (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: sbs-charger: Don't cancel work that is not initialized (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix reading MSI interrupt number (git-fixes). - PCI: Avoid broken MSI on SB600 USB devices (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - platform/x86: huawei-wmi: check the return value of device_create_file() (git-fixes). - platform/surface: surface3-wmi: Simplify resource management (git-fixes). - commit 28e1425 - usb: gadget: eliminate anonymous module_init & module_exit (git-fixes). - usb: usbip: eliminate anonymous module_init & module_exit (git-fixes). - USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - USB: serial: pl2303: fix GS type detection (git-fixes). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes). - xhci: fix garbage USBSTS being logged in some cases (git-fixes). - xhci: make xhci_handshake timeout for xhci_reset() adjustable (git-fixes). - USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (git-fixes). - i2c: mux: demux-pinctrl: do not deactivate a master that is not active (git-fixes). - i2c: meson: Fix wrong speed use from probe (git-fixes). - i2c: xiic: Make bus names unique (git-fixes). - commit 3442073 ------------------------------------------------------------------ ------------------ 2022-3-26 - Mar 26 2022 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Fix buildrequire for openldap2-devel - audit doesn't require the (outdated) C++ binding, but the C headers that happen to be pulled in by buildrequiring the C++ devel package ++++ gnutls: - FIPS: Mark AES-GCM as approved in the TLS context [bsc#1194907] * Add gnutls-FIPS-Mark-HKDF-and-AES-GCM-as-approved-when-used-in-TLS.patch * Upstream issue: https://gitlab.com/gnutls/gnutls/issues/1311 ++++ gstreamer-plugins-base: - Add 5a074a11f90e3d70b24bf0c535ab0480fad9e701.patch: playsink: Complete reconfiguration on pad release. - Use ldconfig_scriptlets macro for post(un) handling. ++++ kernel-default: - kABI: Fix kABI after "x86/mm/cpa: Generalize __set_memory_enc_pgtable()" (jsc#SLE-19924). - commit e24bb1c - x86/mm/cpa: Generalize __set_memory_enc_pgtable() (jsc#SLE-19924). - x86/coco: Add API to handle encryption mask (jsc#SLE-19924). - x86/coco: Explicitly declare type of confidential computing platform (jsc#SLE-19924). - x86/cc: Move arch/x86/{kernel/cc_platform.c => coco/core.c} (jsc#SLE-19924). - commit 250ae25 ------------------------------------------------------------------ ------------------ 2022-3-25 - Mar 25 2022 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Fix unhandled ECONNREFUSED with LDAP environments (bsc#1196645) * add libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch - Fix hang in audisp-remote with disk_low_action=suspend (bsc#1196517) * add audisp-remote-fix-hang-with-disk_low_action-suspend-.patch ++++ cni-plugin-dnsname: - Update to version 1.3.1: * Don't use LDFLAGS: made `dnsname` unable to build in some packaging systems (not ours). ++++ ignition: - Add ignition-touch-selinux-autorelabel.conf: Trigger SELinux autorelabel after Ignition runs; Ignition would support SELinux itself, however this is a compile time option, so it can't be used here. - Filter commented lines in ignition-mount-initrd-fstab.service ++++ kernel-default: - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501). - dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501). - mm_zone: add function to check if managed dma zone exists (bsc#1197501). - commit 5d0120a - Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads" (bsc#1197243). - commit 34f056c - Move upstreamed patches into sorted section Also resort series - commit f444242 - Drop HID multitouch fix patch (bsc#1197243) Delete patches.suse/HID-multitouch-fix-Dell-Precision-7550-and-7750-butt.patch. Replaced with another revert patch. - commit b38132c - lib: bitmap: fix many kernel-doc warnings (git-fixes). - mt76: mt7921: fix mt7921_queues_acq implementation (git-fixes). - mac80211: fix potential double free on mesh join (git-fixes). - wcn36xx: Differentiate wcn3660 from wcn3620 (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: yoyo: remove DBGI_SRAM address reset writing (git-fixes). - iwlwifi: mvm: align locking in D3 test debugfs (git-fixes). - vxcan: enable local echo for sent CAN frames (git-fixes). - mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update (git-fixes). - mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update (git-fixes). - mt76: mt7615: fix a leftover race in runtime-pm (git-fixes). - mt76: mt7921: fix a leftover race in runtime-pm (git-fixes). - mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv (git-fixes). - mt76: connac: fix sta_rec_wtbl tag len (git-fixes). - TOMOYO: fix __setup handlers return values (git-fixes). - commit 4c9613e - drm/i915/display: Fix HPD short pulse handling for eDP (git-fixes). - drm/i915/gem: add missing boundary check in vm_access (git-fixes). - drm/msm/dsi: Use "ref" fw clock instead of global name for VCO parent (git-fixes). - drm/msm/dp: always add fail-safe mode into connector mode list (git-fixes). - drm/msm/dp: stop link training after link training 2 failed (git-fixes). - drm/msm/dp: populate connector of struct dp_panel (git-fixes). - drm/msm/dpu: fix dp audio condition (git-fixes). - iwlwifi: mvm: don't iterate unadded vifs when handling FW SMPS req (git-fixes). - iwlwifi: mvm: Don't call iwl_mvm_sta_from_mac80211() with NULL sta (git-fixes). - commit 246c690 - drm/msm/dpu: add DSPP blocks teardown (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm/amd/display: Remove vupdate_int_entry definition (git-fixes). - drm/bridge: anx7625: Fix overflow issue on reading EDID (git-fixes). - drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with FBINFO_VIRTFB (git-fixes). - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes). - drm/amd/pm: enable pm sysfs write for one VF mode (git-fixes). - commit 6c4107e - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amdgpu: suppress the warning about enum value 'AMD_IP_BLOCK_TYPE_NUM' (git-fixes). - drm/amdgpu: don't do resets on APUs which don't support it (git-fixes). - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes). - drm/edid: Don't clear formats if using deep color (git-fixes). - drm/selftests/test-drm_dp_mst_helper: Fix memory leak in sideband_msg_req_encode_decode (git-fixes). - drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() (git-fixes). - drm: bridge: fix unmet dependency on DRM_KMS_HELPER for DRM_PANEL_BRIDGE (git-fixes). - commit 6f749c2 - drm/panfrost: Check for error num after setting mask (git-fixes). - drm/doc: overview before functions for drm_writeback.c (git-fixes). - drm/v3d/v3d_drv: Check for error num after setting mask (git-fixes). - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes). - docs: sysctl/kernel: add missing bit to panic_print (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - commit 66bcea3 - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - can: isotp: support MSG_TRUNC flag when reading from socket (git-fixes). - can: isotp: return -EADDRNOTAVAIL when reading from unbound socket (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - brcmfmac: pcie: Declare missing firmware files in pcie.c (git-fixes). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - commit 5a1e763 - bitfield: add explicit inclusions to the example (git-fixes). - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - Revert "ath: add support for special 0x0 regulatory domain" (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - Bluetooth: btusb: Whitespace fixes for btusb_setup_csr() (git-fixes). - Bluetooth: btintel: Fix WBS setting for Intel legacy ROM products (git-fixes). - commit 5117e32 ++++ zlib: - CVE-2018-25032: Fix memory corruption on deflate, bsc#1197459 * bsc1197459.patch ++++ libzypp: - ZConfig: Update solver settings if target changes (bsc#1196368) - version 17.30.0 (22) ++++ qemu: - Kill downstream patches around bifmt handling that makes cumbersome to run multi-arch containers, and switch to the upstream behavior, which is well documented and valid on all other distros. This is possible thanks to Linux kernel commit 2347961b11d4 and QEMU commit 6e1c0d7b951e19c53 (so it can only work on Leap/SLE 15.4 and higher). (bsc#1197298) * Patches dropped: qemu-binfmt-conf.sh-allow-overriding-SUS.patch qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch - Fix update_git.sh wiping all the package file of the local checkout while cloning the git repository on demand (in case they don't exist and the user as to do so). ------------------------------------------------------------------ ------------------ 2022-3-24 - Mar 24 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on /proc/{pid}/fd for samba-bgqd (bnc#1196850). - Add update-usr-sbin-smbd.diff to add new rule to allow reading of openssl.cnf (bnc#1195463). ++++ bash: - Do use old legacy PreReq to get bash installed before bash-sh but do not require bash-sh by bash (bsc#1197448) ++++ chrony: - Fix config file handling in the spec file and remove "ntsdumpdir" from default config, because augeas-lenses cannot parse it during installation of SLE Micro on SLE-15-SP3 (bsc#1194220). ++++ combustion: - Bump version to 0.3 - Use the Wiki page as URL (boo#1195383) - Don't touch /sysroot/etc/ after creating a new snapshot, it ends up in the old snapshot's overlay ++++ gtk3: - Update to version 3.24.33+12: + icons: add legacy icons (boo#1197480). + Updated translations. ++++ kernel-default: - Update HyperV Jira references (jsc#SLE-24072, jsc#SLE-17855) - commit f9a043f - pinctrl: samsung: drop pin banks references on error paths (git-fixes). - memory: emif: check the pointer temp in get_device_details() (git-fixes). - memory: emif: Add check for setup_interrupts (git-fixes). - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). - soc: qcom: ocmem: Fix missing put_device() call in of_get_ocmem (git-fixes). - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes). - soc: mediatek: pm-domains: Add wakeup capacity support in power domain (git-fixes). - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes). - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes). - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes). - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes). - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes). - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - mmc: davinci_mmc: Handle error for clk_enable (git-fixes). - mmc: sdhci_am654: Fix the driver data of AM64 SoC (git-fixes). - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes). - net: phy: mscc: Add MODULE_FIRMWARE macros (git-fixes). - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes). - commit 640a02e - media: ov5640: Fix set format, v4l2_mbus_pixelcode not updated (git-fixes). - media: v4l2-core: Initialize h264 scaling matrix (git-fixes). - media: cedrus: h264: Fix neighbour info buffer size (git-fixes). - media: cedrus: H265: Fix neighbour info buffer size (git-fixes). - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes). - media: em28xx: initialize refcount before kref_get (git-fixes). - media: doc: pixfmt-rgb: Fix V4L2_PIX_FMT_BGR24 format description (git-fixes). - media: vidtv: Check for null return of vzalloc (git-fixes). - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes). - commit 4ef6549 - media: Revert "media: em28xx: add missing em28xx_close_extension" (git-fixes). - media: venus: hfi_cmds: List HDR10 property as unsupported for v1 and v3 (git-fixes). - media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats() (git-fixes). - media: video/hdmi: handle short reads of hdmi info frame (git-fixes). - media: mexon-ge2d: fixup frames size in registers (git-fixes). - media: aspeed: Correct value for h-total-pixels (git-fixes). - media: ov5648: Don't pack controls struct (git-fixes). - media: v4l: Avoid unaligned access warnings when printing 4cc modifiers (git-fixes). - media: ov6650: Fix crop rectangle affected by set format (git-fixes). - media: ov6650: Add try support to selection API operations (git-fixes). - commit b4a8bfb - supported.conf: Mark a few SM* chiper modules as supported (bsc#1197287) Mark supported for the modules: sm2_generic, sm3_generic, sm4_generic arm64-specific: sha3-ce, sha512-ce, sm3-ce, sm4-ce - commit e6b9e81 - media: ov6650: Fix set format try processing path (git-fixes). - media: hantro: Fix overfill bottom register field name (git-fixes). - media: doc: pixfmt-yuv: Fix V4L2-PIX-FMT-Y10P format (git-fixes). - media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes). - media: atmel: atmel-sama7g5-isc: fix ispck leftover (git-fixes). - media: bttv: fix WARNING regression on tunerless devices (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). - media: mtk-vcodec: potential dereference of null pointer (git-fixes). - commit 04703ec - firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes). - media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls (git-fixes). - media: staging: media: imx: imx7-mipi-csis: Make subdev name unique (git-fixes). - media: camss: vfe-170: fix "VFE halt timeout" error (git-fixes). - media: camss: csid-170: set the right HALT_CMD when disabled (git-fixes). - media: camss: csid-170: remove stray comment (git-fixes). - media: camss: csid-170: don't enable unused irqs (git-fixes). - media: camss: csid-170: fix non-10bit formats (git-fixes). - media: staging: media: zoran: fix usage of vb2_dma_contig_set_max_seg_size (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - commit ab62902 - firmware: ti_sci: Fix compilation failure when CONFIG_TI_SCI_PROTOCOL is not defined (git-fixes). - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes). - ASoC: amd: Fix reference to PCM buffer address (git-fixes). - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes). - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes). - ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe (git-fixes). - ASoC: SOF: Intel: enable DMI L1 for playback streams (git-fixes). - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes). - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes). - efi: fix return value of __setup handlers (git-fixes). - commit 8a84a24 - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). - ASoC: SOF: topology: remove redundant code (git-fixes). - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes). - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). - ASoC: rk817: Fix missing clk_disable_unprepare() in rk817_platform_probe (git-fixes). - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). - ASoC: rockchip: i2s: Fix missing clk_disable_unprepare() in rockchip_i2s_probe (git-fixes). - ASoC: atmel: Fix error handling in snd_proto_probe (git-fixes). - ASoC: fsi: Add check for clk_enable (git-fixes). - commit 549be6b - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes). - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes). - ASoC: simple-card-utils: Set sysclk on all components (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes). - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes). - commit 25d68ae - arm64: dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly (git-fixes). - ASoC: topology: Allow TLV control to be either read or write (git-fixes). - ASoC: codecs: Check for error pointer after calling devm_regmap_init_mmio (git-fixes). - ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM (git-fixes). - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes). - ASoC: codecs: wcd934x: fix kcontrol max values (git-fixes). - ASoC: codecs: wc938x: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: va-macro: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: rx-macro: fix accessing compander for aux (git-fixes). - commit 8cdd72e - arm64: dts: broadcom: Fix sata nodename (git-fixes). - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes). - arm64: dts: broadcom: bcm4908: use proper TWD binding (git-fixes). - arm64: dts: qcom: sm8250: Fix MSI IRQ for PCIe1 and PCIe2 (git-fixes). - arm64: dts: qcom: sm8350: Correct TCS configuration for apps rsc (git-fixes). - arm64: dts: qcom: sm8150: Correct TCS configuration for apps rsc (git-fixes). - arm64: dts: qcom: sm8250: fix PCIe bindings to follow schema (git-fixes). - arm64: dts: qcom: sdm845: fix microphone bias properties and values (git-fixes). - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes). - arm64: dts: ti: k3-am64: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-j7200: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-j721e: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-am65: Fix gic-v3 compatible regs (git-fixes). - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes). - ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15 (git-fixes). - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes). - arm64: dts: renesas: ulcb-kf: fix wrong comment (git-fixes). - ARM: dts: sun8i: v3s: Move the csi1 block to follow address order (git-fixes). - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes). - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes). - ARM: configs: multi_v5_defconfig: re-enable DRM_PANEL and FB_xxx (git-fixes). - ARM: configs: multi_v5_defconfig: re-enable CONFIG_V4L_PLATFORM_DRIVERS (git-fixes). - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes). - ALSA: spi: Add check for clk_enable() (git-fixes). - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes). - arm64: fix clang warning about TRAMP_VALIAS (git-fixes). - alx: acquire mutex for alx_reinit in alx_change_mtu (git-fixes). - commit 4b012b4 ++++ libapparmor: - Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on /proc/{pid}/fd for samba-bgqd (bnc#1196850). - Add update-usr-sbin-smbd.diff to add new rule to allow reading of openssl.cnf (bnc#1195463). ++++ ceph: - Update to 16.2.7-650-gd083eaa3886 + (pr#469) cephadm: update image paths to registry.suse.com + (pr#468) cephadm: use snmp-notifier image from registry.suse.de + (pr#467) cephadm: infer the default container image during pull + (pr#465) mgr/cephadm: try to get FQDN for inventory address + Sync _constaints file for IBS and OBS ++++ nfs-utils: - Add 0021-mount.nfs-insert-sloppy-at-beginning-of-the-options.patch Add 0022-mount.nfs-Fix-the-sloppy-option-processing.patch Ensure "sloppy" is added correctly for newer kernels. Particularly required for kernels since 5.6 (so SLE15-SP4), and safe for all kernels. (boo#1197297) ++++ qemu: - Improve test reliability * Patches added: Fix-the-module-building-problem-for-s390.patch tests-qemu-iotests-040-Skip-TestCommitWi.patch tests-qemu-iotests-testrunner-Quote-case.patch ++++ suse-build-key: - No longer install 1024bit keys by default. (bsc#1197293) - SLE11 key moved to documentation - old PTF (pre March 2022) moved to documentation only ++++ suseconnect-ng: - Update to version 0.0.7~git0.3ef988e: * Fix product tree traversal (bsc#1197398) * Revert "Remove self from LD_PRELOAD (bsc#1196326)" * Remove self from LD_PRELOAD (bsc#1196326) ------------------------------------------------------------------ ------------------ 2022-3-23 - Mar 23 2022 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - add audit-userspace-517-compat.patch ++++ combustion: - Disable ignition-mount.service's ExecStop instead of stopping the unit (boo#1197309) ++++ kernel-default: - Update patches.suse/quota-check-block-number-when-reading-the-block-in-q.patch (stable-5.14.19 bsc#1197366 CVE-2021-45868). - commit a567e14 ++++ gcc12: - Bump to e8cd3edc0fc6c02a732dcecf519c22d835e5f422, git192197. ++++ openldap2: - bsc#1191157 - allow specification of max/min TLS version with TLS1.3 * 0239-ITS-9422-Update-for-TLS-v1.3.patch * 0240-ITS-9518-add-LDAP_OPT_X_TLS_PROTOCOL_MAX-option.patch * 0241-TLS-set-protocol-version.patch - bsc#1197004 - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. ++++ spice: - Add patch to let spice build with gstreamer 1.20.x (https://gitlab.freedesktop.org/spice/spice/-/merge_requests/207) * fix-build-with-gstreamer-1.20.patch ++++ systemd: - spec: cope with %{_modprobedir} being /lib/modprobe.d on SLE ++++ qemu: - Fix virtiofs crashing with glibc >= 2.35, due to rseq syscall (bsc#1196924) * Patches added: tools-virtiofsd-Add-rseq-syscall-to-the-.patch ------------------------------------------------------------------ ------------------ 2022-3-22 - Mar 22 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.36.4: + The internal DHCPv4 client now discards NAKs packets coming from servers different from the one that sent the offer. + Fix activation of PPPoE connections with "pppoe.parent" unset. + Fix potential libnm crash when the client object initialization gets canceled. + Other various fixes and improvements. ++++ container-selinux: - Add udica templates to the package ++++ distribution-logos-openSUSE: - Initial Leap Micro 5.2 branding ++++ branding-openSUSE: - Bump to 15.4 ++++ kernel-default: - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit 15a1bad - fuse: handle kABI change in struct fuse_args (bsc#1197343 CVE-2022-1011). - fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 CVE-2022-1011). - commit 879fc92 - iavf: Fix hang during reboot/shutdown (jsc#SLE-18385). - net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() (git-fixes). - iavf: Fix double free in iavf_reset_task (jsc#SLE-18385). - ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() (jsc#SLE-18375). - net/mlx5e: Lag, Only handle events from highest priority multipath entry (git-fixes). - net/mlx5: Fix a race on command flush flow (git-fixes). - net/mlx5: Fix size field in bufferx_reg struct (git-fixes). - ice: Fix curr_link_speed advertised speed (git-fixes). - ice: Don't use GFP_KERNEL in atomic context (git-fixes). - qed: return status of qed_iov_get_link (git-fixes). - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (git-fixes). - RDMA/cma: Do not change route.addr.src_addr outside state checks (git-fixes). - RDMA/ib_srp: Fix a deadlock (git-fixes). - RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close (git-fixes). - RDMA/rtrs-clt: Fix possible double free in error case (git-fixes). - IB/qib: Fix duplicate sysfs directory name (git-fixes). - commit b4c6170 - media: omap3isp: Use struct_group() for memcpy() region (git-fixes). - spi: Fix Tegra QSPI example (git-fixes). - spi: spi-zynqmp-gqspi: Handle error for dma_set_mask (git-fixes). - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes). - spi: tegra210-quad: Fix missin IRQ check in tegra_qspi_probe (git-fixes). - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes). - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes). - hwrng: nomadik - Change clk_disable to clk_disable_unprepare (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - thermal: int340x: Increase bitmap size (git-fixes). - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes). - PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove() (git-fixes). - PM: suspend: fix return value of __setup handler (git-fixes). - PM: hibernate: fix __setup handler error handling (git-fixes). - commit c705616 - hwmon: (pmbus) Add Vin unit off handling (git-fixes). - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes). - hwmon: (pmbus) Add mutex to regulator ops (git-fixes). - crypto: ccree - Fix use after free in cc_cipher_exit() (git-fixes). - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes). - crypto: cavium/nitrox - don't cast parameter in bit operations (git-fixes). - crypto: vmx - add missing dependencies (git-fixes). - crypto: engine - check if BH is disabled during completion (git-fixes). - crypto: gemini - call finalize with bh disabled (git-fixes). - crypto: amlogic - call finalize with bh disabled (git-fixes). - commit 7b5cd0c - crypto: hisilicon/sec - fix the aead software fallback for engine (bsc#1198240). - crypto: sun8i-ce - call finalize with bh disabled (git-fixes). - crypto: sun8i-ss - call finalize with bh disabled (git-fixes). - crypto: hisilicon/sec - fix the aead software fallback for engine (git-fixes). - crypto: ccree - don't attempt 0 len DMA mappings (git-fixes). - crypto: rockchip - ECB does not need IV (git-fixes). - crypto: qat - don't cast parameter in bit operations (git-fixes). - crypto: octeontx2 - remove CONFIG_DM_CRYPT check (git-fixes). - crypto: mxs-dcp - Fix scatterlist processing (git-fixes). - crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes). - crypto: rsa-pkcs1pad - restore signature length check (git-fixes). - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes). - crypto: rsa-pkcs1pad - only allow with rsa (git-fixes). - crypto: sun8i-ss - really disable hash on A80 (git-fixes). - cpuidle: intel_idle: Update intel_idle() kerneldoc comment (git-fixes). - ACPI: docs: enumeration: Amend PWM enumeration ASL example (git-fixes). - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes). - ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes). - ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes). - ACPI: APEI: fix return value of __setup handlers (git-fixes). - clocksource: acpi_pm: fix return value of __setup handler (git-fixes). - ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes). - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes). - clocksource/drivers/timer-microchip-pit64b: Use notrace (git-fixes). - clocksource/drivers/timer-ti-dm: Fix regression from errata i940 fix (git-fixes). - arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes). - arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes). - arm64: prevent instrumentation of bp hardening callbacks (git-fixes). - commit 7a54f7c - Refresh patches.suse/bpf-Add-MEM_RDONLY-for-helper-args-that-are-pointers.patch Add info about context deviation from upstream. - commit f8cba97 - Refresh patches.suse/bpf-Replace-PTR_TO_XXX_OR_NULL-with-PTR_TO_XXX-PTR_M.patch Add info about context deviation from upstream. - commit 1d085d3 - Refresh patches.suse/bpf-Replace-RET_XXX_OR_NULL-with-RET_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit e44090b - Refresh patches.suse/bpf-Replace-ARG_XXX_OR_NULL-with-ARG_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit da99102 - Refresh patches.suse/bpf-Introduce-composable-reg-ret-and-arg-types.patch Add info on context deviation from upstream. - commit aa0e1a6 - Refresh patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch Add info about context deviation from upstream. - commit 2d1de22 - bpf: Fix crash due to out of bounds access into reg2btf_ids (git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - commit 8bc21d0 - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: Remove an incorrect revalidation in nfs4_update_changeattr_locked() (git-fixes). - NFS: Ensure the server has an up to date ctime before renaming (git-fixes). - commit 87a7953 ++++ libgcrypt: - FIPS: Implement a service indicator for asymmetric ciphers [bsc#1190700] * Mark RSA public key encryption and private key decryption with padding (e.g. OAEP, PKCS) as non-approved since RSA-OAEP lacks peer key assurance validation requirements per SP800-56Brev2. * Mark ECC as approved only for NIST curves P-224, P-256, P-384 and P-521 with check for common NIST names and aliases. * Mark DSA, ELG, EDDSA, ECDSA and ECDH as non-approved. * Add libgcrypt-FIPS-SLI-pk.patch * Rebase libgcrypt-FIPS-service-indicators.patch - Run the regression tests also in FIPS mode. * Disable tests for non-FIPS approved algos. * Rebase: libgcrypt-FIPS-verify-unsupported-KDF-test.patch ++++ nvme-cli: - Fix install conflict caused by new bash completion script location (bsc#1197365). ++++ qemu: - Avoid warnings caused by a GCC 12 bug, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98503 (bsc#1197018) * Patches added: hw-i386-amd_iommu-Fix-maybe-uninitialize.patch Silence-GCC-12-spurious-warnings.patch Ignore-spurious-GCC-12-warning.patch ------------------------------------------------------------------ ------------------ 2022-3-21 - Mar 21 2022 ------------------- ------------------------------------------------------------------ ++++ combustion: - Be more --quiet with systemctl ++++ kernel-default: - watch_queue: Make comment about setting ->defunct more accurate (CVE-2022-0995 bsc#1197246). - watch_queue: Fix lack of barrier/sync/lock between post and read (CVE-2022-0995 bsc#1197246). - watch_queue: Free the alloc bitmap when the watch_queue is torn down (CVE-2022-0995 bsc#1197246). - watch_queue: Fix the alloc bitmap size to reflect notes allocated (CVE-2022-0995 bsc#1197246). - watch_queue: Use the bitmap API when applicable (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to always request a pow-of-2 pipe ring size (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to release page in ->release() (CVE-2022-0995 bsc#1197246). - watch_queue, pipe: Free watchqueue state after clearing pipe ring (CVE-2022-0995 bsc#1197246). - watch_queue: Fix filter limit check (CVE-2022-0995 bsc#1197246). - commit 223dbc3 - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - commit e84694f - macros.kernel-source: Fix conditional expansion. Fixes: bb95fef3cf19 ("rpm: Use bash for %() expansion (jsc#SLE-18234).") - commit 7e857f7 - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259). - commit c0ccfb9 - blacklist.conf: Remove blacklist entries that are included in the tree via -stable These are preventing an update of SLE 15 SP4 RT due to a commit trigger. blacklisted: fb8c3a3c52400512fc8b3b61150057b888c30b0d Applied by: patches.suse/ath5k-fix-building-with-LEDS-m.patch blacklisted: 435b08ec0094ac1e128afe6cfd0d9311a8c617a7 Applied by: patches.suse/bpf-test-cgroup-Use-sk_-alloc-free-for-test-cases.patch blacklisted: 27730c8cd60d1574d8337276e7a9d7d2ca92e0d1 Applied by: patches.suse/perf-script-Fix-PERF_SAMPLE_WEIGHT_STRUCT-support.patch - commit 1f2accf - Update config files (bsc#1195926 bsc#1175667). VIRTIO_PCI=m -> VIRTIO_PCI=y - commit 899511b ++++ libsolv: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code [bsc#1196514] - support parsing of Debian's Multi-Arch indicator - bump version to 0.7.22 ++++ libzypp: - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - version 17.29.7 (22) ++++ makedumpfile: - makedumpfile-sadump-kaslr-fix-kaslr_offset-calculation.patch: sadump, kaslr: fix failure of calculating kaslr_offset (bsc#1196736). ++++ systemd-presets-branding-SMO: - disable the AppArmor systemd service (bsc#1197368) ------------------------------------------------------------------ ------------------ 2022-3-20 - Mar 20 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update patches.suse/mm-khugepaged-skip-huge-page-collapse-for-special-fi.patch (stable-5.14.16 bsc#1193983 CVE-2021-4148). - commit 6200b3c - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes). - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes). - drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes). - nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes). - iwlwifi: don't advertise TWT support (git-fixes). - mac80211: refuse aggregations sessions before authorized (git-fixes). - atm: firestream: check the return value of ioremap() in fs_init() (git-fixes). - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes). - ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE (git-fixes). - ARM: dts: rockchip: fix a typo on rk3288 crypto-controller (git-fixes). - ARM: dts: rockchip: reorder rk322x hmdi clocks (git-fixes). - arm64: dts: rockchip: reorder rk3399 hdmi clocks (git-fixes). - arm64: dts: rockchip: align pl330 node name with dtschema (git-fixes). - arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity (git-fixes). - arm64: dts: rockchip: fix rk3399-puma-haikou USB OTG mode (git-fixes). - arm64: dts: agilex: use the compatible "intel,socfpga-agilex-hsotg" (git-fixes). - commit 8f6b7bc ------------------------------------------------------------------ ------------------ 2022-3-19 - Mar 19 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - rpm: Use bash for %() expansion (jsc#SLE-18234). Since 15.4 alternatives for /bin/sh are provided by packages -sh. While the interpreter for the build script can be selected the interpreter for %() cannot. The kernel spec files use bashisms in %(). While this could technically be fixed there is more serious underlying problem: neither bash nor any of the alternatives are 100% POSIX compliant nor bug-free. It is not my intent to maintain bug compatibility with any number of shells for shell scripts embedded in the kernel spec file. The spec file syntax is not documented so embedding the shell script in it causes some unspecified transformation to be applied to it. That means that ultimately any changes must be tested by building the kernel, n times if n shells are supported. To reduce maintenance effort require that bash is used for kernel build always. - commit bb95fef - powerpc/bpf: Update ldimm64 instructions during extra pass (bsc#1194869). - commit 45a01a1 - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes). - drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes). - commit e115c05 - HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243). - commit 976f997 ------------------------------------------------------------------ ------------------ 2022-3-18 - Mar 18 2022 ------------------- ------------------------------------------------------------------ ++++ bcm43xx-firmware: - Add required firmware file for Bluetooth module found on RPi Zero 2W (bsc#1197286) ++++ cloud-regionsrv-client: - Update to version 10.0.2 + Fix name of logfile in error message + Fix variable scoping to properly detect registration error + Cleanup any artifacts on registration failure + Fix latent bug with /etc/hosts population + Do not throw error when attemting to unregister a system that is not registered + Skip extension registration if the extension is recommended by the baseproduct as it gets automatically installed - Update to version 10.0.1 (bsc#1197113) + Provide status feedback on registration, success or failure + Log warning message if data provider is configured but no data can be retrieved - Update -addon-azure to 1.0.3 follow up fix for (bsc#1195414, bsc#1195564) + The repo enablement timer cannot depend on guestregister.service ++++ cockpit: - re-add suse-microos-branding.patch from GitHub - add hide-docs.patch (bsc#1197003) ++++ container-selinux: - Update to version 2.180.0 * Allow container domains to read/write kvm_device_t * Update kublet mappings to inlcude /usr/local/* * Allow container domains to use container runtime tcp and udp sockets * Alow containers to use unix_stream_sockets leaked from container runtimes * Allow userdomains to execute conmon_exec_t and use it as an entrypoint * Allow conmon_exec_t as an entrypoint * Add container_use_devices boolean to allow containers to use any device * Add explicit range transition for conmon * Add missing dbus class declaration into container_runtime_run() * Remove lockdown allow rules * Remove k3s fcontexts * Allow container domains to be used by user roles - Changed source url to allow for download via source service ++++ gdk-pixbuf: - Update to version 2.42.8 (boo#1201826): + Clear the pixbuf's memory buffer to avoid returning uninitialized memory. + Turn GdkPixbufModule functions into typed callbacks. + tiff: Use non-deprecated C99 integer types. + gif: Check for overflow when compositing or clearing frames. + Change png/jpeg/tiff build options from boolean to feature. + jpeg: Do not rely on UB around setjmp/longjmp. + Build fixes. + Documentation fixes. + Security fixes: CVE-2021-46829. + Updated translations. - Stop passing options to meson that just follow upstream default, just rely on upstream providing sane defaults, apart from where we want to deviate. ++++ gnutls: - FIPS: Additional PBKDF2 requirements for KAT [bsc#1184669] * The IG 10.3.A and SP800-132 require some minimum parameters for the salt length, password length and iteration count. These parameters should be also used in the KAT. * Add gnutls-FIPS-PBKDF2-KAT-requirements.patch * Upstream: https://gitlab.com/gnutls/gnutls/merge_requests/1561 - Enable to run the regression tests also in FIPS mode. ++++ gstreamer: - Update to version 1.20.1: + deinterlace: various bug fixes for yadif, greedy and scalerbob methods + gtk video sink: Fix rotation not being applied when paused + gst-play-1.0: Fix trick-mode handling in keyboard shortcut + jpegdec: fix RGB conversion handling + matroskademux: improved ProRes video handling + matroskamux: Handle multiview-mode/flags/pixel-aspect-ratio caps fields correctly when checking caps equality on input caps changes + videoaggregator fixes (negative rate handling, current position rounding) + soup http plugin: Lookup libsoup dylib files on Apple platforms; fix Cerbero static build on Android and iOS + Support build against libfreeaptx in openaptx plugin + Fix linking issues on Illumos distros + GstPlay: Fix new error + warning parsing API (was unusuable before) + mpegtsmux: VBR muxing fixes + nvdecoder: Various fixes for 4:4:4 and high-bitdepth decoding + Support build against libfreeaptx in openaptx plugin + webrtc: Various fixes to the webrtc-sendrecv python example + macOS: support a relocatable `GStreamer.framework` on macOS + macOS: fix applemedia plugin failing to load on ARM64 macOS + windows: ship wavpack library + gst-python: Fix build with Python 3.11 + various bug fixes, memory leak fixes, and other stability and reliability improvements + plugin loader: show the reason when spawning of gst-plugin-scanner fails + registry, plugin loading: fix dynamic relocation if GST_PLUGIN_SUBDIR (libdir) is not a single subdirectory; improve GST_PLUGIN_SUBDIR handling + context: fix transfer annotation on gst_context_writable_structure() for bindings + baseparse: Don't truncate the duration to milliseconds in gst_base_parse_convert_default() + bufferpool: Deactivate pool and get rid of references to other objects from dispose instead of finalize ++++ gstreamer-plugins-base: - Update to version 1.20.1: + typefindfunctions: Fix WebVTT format detection for very short files + gldisplay: Reorder GST_GL_WINDOW check for egl-device + rtpbasepayload: Copy all buffer metadata instead of just GstMetas for the input meta buffer + codec-utils: Avoid out-of-bounds error + navigation: Fix Since markers for mouse scroll events + videoaggregator: Fix for unhandled negative rate + videoaggregator: Use floor() to calculate current position + video-color: Fix for missing clipping in PQ EOTF function + gst-play-1.0: Fix trick-mode handling in keyboard shortcut + audiovisualizer: shader: Fix out of bound write ++++ kernel-default: - kprobes: Add kretprobe_find_ret_addr() for searching return address (bsc#1193277). - commit 23e8a22 - kprobes: treewide: Make it harder to refer kretprobe_trampoline directly (bsc#1193277). - commit a812a07 - arm64: PCI: Support root bridge preparation for Hyper-V (bsc#1197291). - arm64: PCI: Restructure pcibios_root_bridge_prepare() (bsc#1197291). - commit 060e164 - fuse: fix fileattr op failure (bsc#1197292). - commit f14130a ++++ util-linux: - Extend cache in uuid_generate_time_generic() (bsc#1194642#c51, util-linux-libuuid-extend-cache.patch). ++++ openldap2: - jsc#PM-3288 - restore CLDAP functionality in CLI tools ++++ libnvme: - Update to version 1.0-rc7: * linux: fixup log page offset in nvme_get_log_page() * tree: Add support for default trsvcid for all controllers (bsc#1195858) * tree: fixup coredump during nvme discover ++++ openssl-1_1: - FIPS: Additional PBKDF2 requirements for KAT [bsc#1197280] * The IG 10.3.A and SP800-132 require some minimum parameters for the salt length, password length and iteration count. These parameters should be also used in the KAT. * Add openssl-1_1-FIPS-PBKDF2-KAT-requirements.patch ++++ libxml2: - Build python bindings in a 2nd run, using multibuild: otherwise, libxml2 requires pkgconfig(libxml-2.0) to build, causing issues to bootstrap. ++++ mdadm: - skip RAID assembly if DM_UDEV_DISABLE_OTHER_RULES_FLAG (bsc#1196054) * Add 0121-udev-md-raid-assembly.rules-skip-if-DM_UDEV_DISABLE_.patch ++++ nvme-cli: - Update to version 2.0-rc7: * netapp-nvme: fix smdevices segfault in json output (bsc#1195937) * fabrics: keep the backward compatibility * nvme: Do not slash escape strings in JSON output (bsc#1195937) * nvme: Print full device path * nvme-print: Make JSON keys consistent with nvme-cli 1.x * nvme-print: print generic device in list command * fabrics: check for discovery controller instead of subsystem NQN (bsc#1197061) * connect: Set errno to zero on nvmf_add_ctrl() success * documenation updates - Set path to systemctl via newly introduced config option - Update 0100-harden_nvmf-connect@.service.patch due to upstream file rename - Moved bash completion script to /usr/share/bash-completion/completions/nvme ++++ libxml2-python: - Build python bindings in a 2nd run, using multibuild: otherwise, libxml2 requires pkgconfig(libxml-2.0) to build, causing issues to bootstrap. ++++ util-linux-systemd: - Extend cache in uuid_generate_time_generic() (bsc#1194642#c51, util-linux-libuuid-extend-cache.patch). ------------------------------------------------------------------ ------------------ 2022-3-17 - Mar 17 2022 ------------------- ------------------------------------------------------------------ ++++ grep: - Make profiling deterministic (bsc#1040589, SLE-24115) ++++ kernel-default: - Update patch reference for vpda fix (CVE-2022-0998 bsc#1197247) - commit 39fa540 - vdpa: clean up get_config_size ret value handling (CVE-2022-0998 bsc#1197247). - commit c787e8b - Update patch reference for USB gadget fix (CVE-2022-27223 bsc#1197245) - commit 251a2e6 - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - commit 6dcb47f - aio: Fix incorrect usage of eventfd_signal_allowed() (git-fixes). - commit c768141 - arm64: dts: qcom: sm8350: Correct UFS symbol clocks (git-fixes). - gpio: Return EPROBE_DEFER if gc->to_irq is NULL (git-fixes). - spi: rockchip: terminate dma transmission when slave abort (git-fixes). - spi: rockchip: Fix error in getting num-cs property (git-fixes). - usb: dwc3: pci: add support for the Intel Raptor Lake-S (git-fixes). - drm/amdgpu: bypass tiling flag check in virtual display case (v2) (git-fixes). - PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken (git-fixes). - hwmon: (pmbus) Clear pmbus fault/warning bits after read (git-fixes). - arm64: dts: qcom: sm8350: Describe GCC dependency clocks (git-fixes). - commit 0ad5f72 ++++ gcc12: - Bump to c43cb355f25dd22133d15819bd6ec03d3d3939fd, git192094. ++++ timezone: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not -03-26* * zdump -v now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ------------------------------------------------------------------ ------------------ 2022-3-16 - Mar 16 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Do not requires dhcp-client, NM is using its internal client by default for a long time now. - Convert iproute2 and iputils requires to recommends, they should not be hard requires. ++++ firewalld: - Add patch which fixes the zone configuration (bsc#1191837) * 0001-chore-fw_zone-call-permanent-config-checks-at-runtim.patch ++++ jeos-firstboot: - Update to version 1.1.1.1: * Quick'n'dirty NetworkManager support - Switch git URL to https - Require NetworkManager or wicked ++++ kernel-default: - rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942). When dependency cycles are encountered package dependencies may not be fulfilled during zypper transaction at the time scriptlets are run. This is a problem for kernel scriptlets provided by suse-module-tools when migrating to a SLE release that provides these scriptlets only as part of LTSS. The suse-module-tools that provides kernel scriptlets may be removed early causing migration to fail. - commit ab8dd2d - sr9700: sanity check for packet length (bsc#1196836 CVE-2022-26966). - commit 56eea34 - rpm/*.spec.in: remove backtick usage - commit 87ca1fb - Update kabi files. Update to reflect the changes from bpf CVE fixes. - commit 993b084 - x86/module: Fix the paravirt vs alternative order (bsc#1190497). - commit 646c90c - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - commit f0d0e90 - nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme: fix a possible use-after-free in controller reset during load (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: fix memory leak when freeing a queue (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (bsc#1193787 bsc#1197146 bsc#1193554). - blk-mq: don't free tags if the tag_set is used by other device in queue initialztion (bsc#1193787 bsc#1197146 bsc#1193554). - commit 4ccb78c - series: Resort entries The series is not sorted which makes qdoit unhappy. Sort it. - commit ce701de ++++ sqlite3: - Remove obsolete configure flags - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ++++ systemd: - Import commit 5b022ce3dbad3189b7ce1e7b0f018b18ac6e583c (merge of v249.11) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/23b6a8633186a2b5b2487621c81ec7e7bb068db1...5b022ce3dbad3189b7ce1e7b0f018b18ac6e583c - Import commit 23b6a8633186a2b5b2487621c81ec7e7bb068db1 f19292f18d udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) 3349f636dc man: tweak description of auto/noauto (bsc#1191502) ++++ pam: - Between allocating the variable "ai" and free'ing them, there are two "return NO" were we don't free this variable. This patch inserts freaddrinfo() calls before the "return NO;"s. [bsc#1197024, pam-bsc1197024-free-addrinfo-before-return.patch] ++++ podman: - Update to version 4.0.2: * Bump to v4.0.2 * Update release notes for v4.0.2 * Revert "use GetRuntimeDir() from c/common" * Revert "Option --url and --connection should imply --remote." * Option --url and --connection should imply --remote. * Bump to v4.0.2-dev * Bump to v4.0.1 * Update release notes for v4.0.1 * Fix a potential flake in volume plugins tests * Propagate $CONTAINERS_CONF to conmon * tests: Remove inaccurate comment * System tests: show one-line config overview * provide better error on invalid flag * use GetRuntimeDir() from c/common * kube: honor --build=false and make --build=true by default * system tests: cleanup networks on teardown * Remove the runtime lock * Don't log errors on removing volumes inuse, if container --volumes-from * kube: honor mount propagation mode * Load ip_tables modules at boot * Cirrus: Disable F34 aka prior-fedora testing * Cirrus: Update VM Images for 4.0 release * Bump to v4.0.1-dev * Bump to v4.0.0 * Release notes for v4.0.0 final * Fix lint * Fix manifest 4.0 Endpoints Branch forced 4.0 only endpoints * Introduce podman machine init --root=t|f and podman machine set --root=t|f * Initial implementation of mac forwarding using a privileged docker sock claim helper * ignition: propagate proxy settings from a host into a vm * Update to podman4 copr stream * Unify ls --filter docs for networks and pods * e2e: merge after/since image-filter tests * podman network: add documentation for netavark * create: Fix key=value annotation in the flag output * enable netavark specific tests * Fix checkpoint/restore pod tests * Make sure building with relative paths work correctly. * Add 409 response to swagger godoc * Fix images since/after tests * Changes of docker descriptions * Temporarily pull machine images from side repo * Cirrus: TODO: netavark/aardvark release branches * Cirrus: Expand netavark testing to include rootless * Cirrus: Minor - limit release task applicability * Cirrus: Add [CI:BUILD] magic that only builds * CI: fix nightly builds * Cirrus: Log netavark/aardvark binary build info. * Cirrus: Add netavark/aardvark system test task * Cirrus: Also download aardvark-dns binary * Cirrus: Add e2e task w/ upstream netavark * Revert minimum API change * netavark e2e tests * Bump to v4.0.0-dev * Bump to v4.0.0-RC5 * Update release notes for v4.0.0-RC5 * Modify /etc/resolv.conf when connecting/disconnecting * Do not set the network config dir to cni plugin dir * Show API doc for several versions * [NO NEW TEST NEEDED] Add schema for ImageCreate 200 response. * fix: Multiplication of durations * move rootless netns slirp4netns process to systemd user.slice * compat: endpoint /build must set header content type as application/json in reponse * Cleanup: remove obsolete/misleading bug workaround * tests: retrofit healthcheck system tests * healthcheck, libpod: Read healthcheck event output from os pipe * Fix: Do not print error when parsing journald log fails * Bump github.com/buger/goterm from 1.0.1 to 1.0.4 * append podman dns search domain * Podman pod create --share-parent vs --share=cgroup * System tests: revert emergency skip of checkpoint tests * Add version guard to libpod API endpoints * [v4.0] Bump c/common to v0.47.4 * idmap should be able to be specified along with other options * Vendor in containers/buildah v1.24.1 * Bump to v4.0.0-dev * Bump to v4.0.0-RC4 * Disable failing E2E test * Revert "Move each search dns to its own line" * Move each search dns to its own line * Update release notes for v4.0.0-RC4 * Document `schema` values in the `--url` flag * podman image scp syntax correction * system prune: remove all networks * Only change network fields if they were actually changed by the user * docs: clarify rootless net stats * Fix size to match Docker selection * libpod: enforce noexec,nosuid,nodev for /dev/shm * Clarify remote client means Mac and Windows * libpod: report slirp4netns network stats * Add notes to "--oom-kill-disable" not supported on cgroups V2 * Fix use of infra image to clarify default * Adapt podman images ls filters docs to be aligned with prune filters docs * ignition, machine: delegate cpu,io cgroup controllers to machine's default users * pkg/bindings/images.Build(): slashify "dockerfile" values, too * Remove mention of IPv6 portfwd from release notes * Bump to v4.0.0-dev * Bump to v4.0.0-RC3 * Update release notes for v4.0.0-RC3 * Fix Cirrus destination branch * volume: add support for non-volatile upperdir,workdir for overlay volumes * github: label issues based on os fix regex * github: label issues based on os * Cirrus: Fix get_ci_vm.sh initial setup * System tests: emergency skip of checkpoint tests * network create: allow multiple subnets * Update troubleshooting.md * Fix sort ordering of filters * Unify podman prune filter description: volumes, networks, system * Bump Buildah to v1.24.0 * rootless: drop permission check for devices * switch podman image scp from depending on machinectl to just os/exec * Bump github.com/containers/image/v5 from 5.18.0 to 5.19.0 * Bump github.com/containers/storage from 1.38.0 to 1.38.1 * change location of where make outputs podman binary on osx * Github workflow: Fix parsing of GraphQL response JSON * Github-workflow: Fix YAML syntax * Update godoc, swagger using wrong struct * Makefile: install targets independent of build * [CI:DOCS] Fix typos and improve language * CI: enable rootless-remote system tests * pkg/specgen/generate/security: fix error message * Github workflow: Send e-mail on job error * Github workflow: Update Cirrus-cron GraphQL query * remote build: set rootless oci isolation correctly * [CI:DOCS] Fix typos and improve language * Fix handling of duplicate matches on id expansion * Show correct default values or show none * exec: retry rm -rf on ENOTEMPTY and EBUSY * container create: do not check for network dns support * libpod: fix leaking fd * libpod: fix connection leak * [CI:DOCS] fix typo subpordinate * Fix filter description and unify filters docs for containers/images prune * Remove unused param and clean API handlers * Restore machine start logic that was hanging * Bump to v4.0.0-dev * Bump to v4.0.0-RC2 * Final release notes for v4.0.0-rc2 * Run codespell on code * Update release notes for Podman v4.0.0 * Fix #2 for compat commit handling of --changes * Fix nil pointer dereference for configmap optional * Make error message matching in 030-run.bats less fragile * Don't explicitly check for crun|runc in package information * Don't segfault if an image layer has no creation timestamp * compat: remove hardcoded index from load images output report * compat: images/load must be able to load tar with multiple images * System tests: fix for new systemd on rawhide * Remove rootless_networking option from containers.conf * vendor c/psgo@v1.7.2 (fixes CVE-2022-1227 / bsc#1182428) * Engine.Remote from containers.conf * vendor: bump c/common and other vendors * rootless: report correctly the error * Implement API forwarding for podman machine on Windows * Implement env parsing on Windows * Handle changes in docker compat mode * Show package version when running on alpine * Handlers for `generate systemd` with custom dependencies * APIv2 tests: followup to recent log test * Add IndexConfigs to compat /info endpoint * Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0 * apiv2 test: add regression test for #12904 * SECURITY.md: fix the project name * rename --cni-config-dir to --network-config-dir * compat attach: fix write on closed channel * upgrade all dependencies * Revert "Cirrus: Temporarily disable OSX Cross task" * Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0 * bump go module to version 4 * [NO NEW TESTS NEEDED] add builddeps to copr template * CI: rootless user: also create in some root tests * [WIP] Tests for podman image scp (the sudo form) * Revamp Libpod state strings for Docker compat * Cirrus: Temporarily disable OSX Cross task * update c/common to latest * Use PODMAN_USERNS environment variable when running as a service * Unify the method of parsing filters in cmd * fix default branch links * [CI:DOCS] fix default branch links * [CI:DOCS] Unprivileged native overlayfs is now supported * [CI:DOCS] Fix typo in --env * Recursively copy cert files. * Refactor manifest list operations * Add rpkg template for COPR autobuild * Fix cgroup mode handling in api server * Standardize on capatalized Cgroups * test/system: podman run update /etc/hosts * Remove two GetImages functions from API * Use fully-qualified device name in CDI test * Use new CDI API * troubleshooting links to main branch * Podman Build use absolute filepath * Prohibit --uid/gid map and --pod for container create/run * podman container rm: remove pod * Manual fixes for PR #12642: * podman build enable --all-platforms and --unsetenv * use events_logfile_path from containers.conf for events log. * Podman Pod Create --sysctl support * Wait for podman stop to complete * libpod: fix check for systemd session * libpod: refine check for empty pod cgroup * fix buildah-bud test diff * upgrade test: check that network backend is cni * use netns package from c/common * update buildah to latest and use new network stack * podman image scp: implement --quiet * use libnetwork from c/common * Add --noout option to prevent the output of ids * remote events: convert TimeNano properly * Bump github.com/BurntSushi/toml from 0.4.1 to 1.0.0 * vendor latest c/common * add additional fields to podman machine ls --json * buildah bud tests: skip failing tests * Fix permission on secrets directory * Add podman rm --depend * fix host.containers.internal entry for macvlan networks * It takes some time to start a VM * Pretty Print output of podman machine ls --format json * Use the InfraImage defined in containers.conf * Cirrus: Freshen VM images * Revert "Cirrus: Temp. ignore gitlab task failures" * pkg: use PROXY_VARS from c/common * ignition: add support from setting SSL_CERT_FILE * ignition: propogate HTTP proxy variables from host to remote * System tests: fix RHEL8 gating tests * vendor c/common * Remove dead RuntimeOption functions * Update docker cli message for case where user creates directory * Don't add env if optional and not found * Fix type-o in podman.wxs * [CI:DOCS] fixes indentation of example pod yaml * Prevent double decoding of storage options * Emergency system-test fixes * add OCI Runtime name to errors * fix healthcheck timeouts and ut8 coercion * Don't rename pod if container has the same name * Set volume NeedsCopyUp to false iff data was copied up * Fix CI * correct typo words in docs * Change Tests to ignore missing containers when removing --all * test/e2e/pod_initcontainers: fix a flake * test/e2e/run: don't use date +%N on Alpine * Support all volume mounts for rootless containers * Fix wrong 'podman search --format' placeholder * Fix Container List API call to return mount info * fix misleading comment regarding default value of cpu period [NO NEW TESTS NEEDED] * add --ip6 flag to podman create/run * legacy events: also set exitCode * Don't initialize the global RNG with GinkgoRandomSeed() in e2e tests * Avoid collisions on RemoteSocket paths * Refactor remote socket path determination in tests * fix doc * test/system: podman run image with filesystem permission * test/system: podman run with log-opt option * Update swagger documentation * Make it possible to select the volume driver * Check the mount type for future compatibility * Implement virtfs volumes for podman machine * [CI:DOCS] Add example of cpus to init command * prefix imageId with sha256: in containers list test for compat API ImageId * Pod Security Option support * ignition: add certs from current user into the machine while init * docs: sort swagger operations alpabetically * .service file removal on failure * Introduce Windows WSL implementation of podman machine * podman image scp never enter podman user NS * Allow users to add host user accounts to /etc/passwd * container creation: don't apply reserved annotations from image * [CI:DOCS] clarify `io.podman.annotations.seccomp` * Error out early if system does not support pre-copy checkpointing * Update go-criu to v5.3.0 * [CI:DOCS] docs: document rootless userns mappings * Switch to a new installer approach using a path manipulation helper * e2e: Add dev/shm checkpoint/restore test * Enable checkpoint/restore for /dev/shm * Update github.com/checkpoint-restore/checkpointctl * Always run passwd management code when DB value is nil * Warn on use of --kernel-memory * support hosts without /etc/hosts * Podman run --passwd * ci: force scratch build for crun * Use hosts public ip address in rootless containers * compat: image normalization: handle sha256 prefix * specgen: honor userns=auto from containers.conf * [CI:DOCS] Small checkpoint/restore man page fixes * [CI:DOCS] Explicitly mention that checkpointing systemd containers might fail * vendor: update containers/storage * build: fix test for subid 4 * test: add --rm to podman run commands * fix(generate): fix up podman generate kube missing env field bug * legacy events: also set Action="die" * rootless: include the args in the debug message * apiv2 tests: use quay.io/libpod/testimage:20210610 for platform tests * image rm: allow for force-remove infra images * tests: adjust old build test to expect exit code * Test for checkpoint specific inspect fields * Add more checkpoint/restore information to 'inspect' * build: relay exitcode from imagebuildah to registry * Removed .service file for healthchecks * Set machine timezone * MovePauseProcessToScope do not seed everytime * bindings rmi test: clarify behavior * bump cobra to 1.3.0 * .github: revert to the old template * oci: configure the devices cgroup with default devices * kill: fix output * e2e: search flake: skip test on registry.redhat.io * APIv2 tests: fail on syntax/logic errors * Show --external containers even without --all option * apiv2 tests: refactor complicated curls * fix network id handling * Update Windows Install Doc * Fixes #12063 Add docker compatible output after image build. * pause scope: don't use the global math/rand RNG * specgen: check that networks are only set with bridge * container restore/import: store networks from db * play kube add support for multiple networks * support advanced network configuration via cli * Add new networks format to spegecen * fix incorrect swagger doc for network dis/connect * network connect allow ip, ipv6 and mac address * network db: add new strucutre to container create * remove unneeded return value from c.Networks() * network db rewrite: migrate existing settings * network ls: show networks in deterministic order * Bump github.com/docker/docker * pprof flakes: bump timeout to 20 seconds * Add secret list --filter to cli * Cirrus: Temp. ignore gitlab task failures * compat build: adhere to q/quiet * Make XRegistryAuthHeader and XRegistryConfigHeader private * Remove the authfile parameter of MakeXRegistryAuthHeader * Simplify the header decision in pkg/bindings/images.Build a bit * Remove the authfile parameter of MakeXRegistryConfigHeader * Remove no-longer-useful name variables * Consolidate creation of SystemContext with auth.json into a helper * Remove pkg/auth.Header * Call MakeXRegistryAuthHeader instead of Header(..., XRegistryAuthHeader) * Turn headerAuth into MakeXRegistryAuthHeader * Call MakeXRegistryConfigHeader instead of Header(..., XRegistryConfigHeader) * Turn headerConfig into MakeXRegistryConfigHeader * Move the auth file creation to GetCredentials * Consolidate the error handling path in GetCredentials * Only look up HTTP header values once in GetCredentials * Use Header.Values in GetCredentials.has * Beautify GetCredentials.has a bit * Pass a header value directly to parseSingleAuthHeader and parseMultiAuthHeader * Simplify parseSingleAuthHeader * Simplify the interface of parseSingleAuthHeader * Don't return a header name from auth.GetCredentials * Fix normalizeAuthFileKey to use the correct semantics * Rename normalize and a few variables * Add TestHeaderGetCredentialsRoundtrip * Add tests for auth.Header * Improve TestAuthConfigsToAuthFile * Add unit tests for singleAuthHeader * Add unit tests for multiAuthHeader * fix e2e test missing network cleanup * pprof CI flakes: enforce 5 seconds grace period * [NO NEW TESTS NEEDED] rootless: declare TEMP_FAILURE_RETRY before usage (Fixes: #12563) * --hostname should be set when using --pod new:foobar * Cirrus: Use cached swagger binary * inotify: make sure to remove files * System tests: remove rm_pause_image() * specgen: honor empty args for entrypoint * generate systemd: support entrypoint JSON strings * Bump github.com/uber/jaeger-client-go * remove runlabel test for global opts * utils: reintroduce moveToCgroup * autocopr: distro conditionals for containers-common * vendor c/image/v5@main * Update vendor or containers/common moving pkg/cgroups there * volume: apply exact permission of target directory without adding extra 0111 * Cirrus: Remove remnants of nix-based static build * Refactor podman pods to report.Formatter * rootless netns: resolve all path components for resolv.conf * tests: clean up FIXMEs and noise * fix remote run/start flake * e2e: fix pprof flakes * Bump github.com/opencontainers/runc from 1.0.2 to 1.0.3 * vendor c/common@main * Escape trailing slash in install directory location so the closing quote is not escaped * centos 9 stream cannot use %autochangelog * Refactor podman system to report.Formatter [NO NEW TESTS NEEDED] * add spec file for automated copr builds * Add restart-sec option to systemd generate * Fix documentation of (podman image save --compress --uncompressed) * Improve documentation of (podman image save --format) * Add support for configmap volumes to play kube * cmd, push: use the configured compression format * [CI:DOCS] logformatter: fix corner case with links * UPdate vendor of image-spec and containers/storage * vendor: update containers/common * Update doc to explictly mention using ed25519 in ssh keys * Refactor podman image command output * Manual fixes * Same thing, with BeNumerically("==", x) * Use HaveLen(x) instead of Expect(len(y)).To(Equal(x)) * Same thing, for BeNumerically("==", 0) * Use BeEmpty() instead of len(x).To(Equal(0)) * Same as previous, for assertions other than Equal() * e2e tests: a little more minor cleanup * compat API: push: report size of manifest * compat: images/json * Add ashley-cui, lsm5 and floutoc to owners * remove ARTIFACT_DIR and ArtifactPath * Image caches: allow overriding cache dir * Rename CrioRoot as just Root * Fix possible rootless netns cleanup race * [NO NEW TESTS NEEDED] Refactor podman container command output * Hostname in `spec.hostname` should be passed to infra ctr init opt * container, cgroup: detect pid termination * top: parse ps(1) args correctly * podman, push: expose --compression-format * e2e: yet more cleanup of BeTrue/BeFalse * Ensure the generated NodePort values are unique * Allow containerPortsToServicePorts to fail * Don't use the global math/rand RNG for service ports * Move a comment to the relevant place * a few more manual BeTrue cleanups * Convert strings.Contains() to Expect(ContainSubstring) * e2e tests: more cleanup of BeTrue()s * Implement 'podman run --blkio-weight-device' * systemd: replace multi-user with default.target * compat API: allow enforcing short-names resolution to Docker Hub * Fixed the containerfile not found during remote build. * podman-remote: prevent leaking secret into image * podman-remote: copy secret to contextdir is absolute path on host * api: allow build api to accept secrets * Only open save output file with WRONLY * List /etc/containers/certs.d as default for --cert-path * e2e tests: enable golint * fix: parsing of HostConfig.Mounts for container create * Move the chown to after the ADDs * fix: error reporting for archive endpoint * Bindings test: emit GIT_COMMIT, for links in logs * checkpoint do not modify XDG_RUNTIME_DIR * libpod: improve heuristic to detect cgroup * libpod, inspect: export cgroup path * stats: get the memory limit from the spec * compat: Add compatiblity with Docker/Moby API for scenarios where build fails * libpod: leave thread locked on errors * Find and fix empty Expect()s * Unset SocketLabel after system finishes checkpointing * Remove StringInSlice(), part 2 * Remove StringInSlice(), part 1 * e2e test cleanup, continued * Update basic_networking.md * Warn on failing to update container status * oci: ack crun output when container is not there * oci: exit gracefully if container is already dead * Support env variables based on ConfigMaps sent in payload * image lookup: do not match *any* tags * generate systemd: add --start-timeout flag * Oops! Manual edits to broken tests * e2e tests: clean up antihelpful BeTrue()s * Cirrus: Strip out static nix build * Rename pod on generate of container * [CI:DOCS] Update notes on java TZ in man page * Bump github.com/containers/image/v5 from 5.16.1 to 5.17.0 * Fix netavark error handling and teardown issue * swagger: add layers to build api docs * compat: add layer caching compatiblity for non podman clients * Bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0 * Add note about volume with unprivileged container * Add EXPOSE e2e test * Support EXPOSE with port ranges * compat: Add subnet mask behind IP address to match Docker API * [CI:DOCS] Add java TZ note to run manpage * Bump github.com/rootless-containers/rootlesskit from 0.14.5 to 0.14.6 * podman-remote does not support signature-policy * Add tests for restore runtime verification * Use same runtime to restore a container as during checkpointing * Force iptables driver for netavark tests * Make sure netavark output is logged to the syslog * filter: use filepath.Match to maintain consistency with other pattern matching in podman * Semiperiodic cleanup of obsolete Skip()s * [CI:DOCS]upload a translation file * api/handlers: Add checkpoint/restore FileLocks * test: Update error string for --file-locks test * fix duplicated logs command * Bump github.com/docker/docker * Bump k8s.io/api from 0.22.3 to 0.22.4 * Do not store the exit command in container config * Add test for checkpoint/restore with --file-locks * Add --file-locks checkpoint/restore option * Cirrus: Bump Fedora to release 35 * Cirrus: Partially revert catatonit --force install * Revert "Cirrus: Temp. disable prior-fedora testing" * Cirrus: Workaround log_driver=journald setting * Cirrus: Fix bindings test hang b/c logging config mismatch * Cirrus: Timeout bindings test after 30m * Cirrus: Log more things in bindings and unit tests * Minor Makefile fix * rootless netns, one netns per libpod tmp dir * Introduce Address type to be used in secondary IPv4 and IPv6 inspect data structure. * volumes: add new option idmap * remote checkpoint/restore: more fixes * fix CI * fix: take absolute path for dd on apple silicon * System tests: new checkpoint tests * rootless: use catatonit to maintain user+mnt namespace * rootless: drop strerror(errno) calls * rootless: reuse existing open_namespace function * rootless: use auto cleanup functions * utils: use podman-pause-$RANDOM.scope name * hack/bats: deal with new bin helpers * Change error message for compatibility with docker * rename libpod nettypes fields * podman machine start wait for ssh * fix remote checkpoint/restore * Add --unsetenv & --unsetenv-all to remove def environment variables * Set config environment variables early in Podman init * journald logs: keep reading until the journal's end * secret: honor custom target for secrets with run * bindings: reuse context for API requests * podman machine improve port forwarding * Network test: fix podman-remote-rootless corner case * filter: add basic pattern matching for label keys * cirrus: force-install catatonit * infra container: replace pause with catatonit * Revert "add kubernetes pause" * Added test for checkpoint/restore --print-stats * Update man pages for checkpoint/restore --print-stats * Added optional container restore statistics * Added optional container checkpointing statistics * Error logs --follow if events-backend != journald, event-logger=journald * Enable 'podman run --memory-swappiness=0' * Fix network mode in play kube * Always create working directory when using compat API * play kube: don't force-pull infra image * Podman Image SCP transfer patch * --authfile command line argument for image sign command. * Cirrus: Temp. disable prior-fedora testing * Cirrus: Update to Ubuntu 21.10 * Add failing run test for netavark * Add flag to overwrite network backend from config * libpod: create /etc/mtab safely * Add network backend to podman info * Add more netavark tests * select network backend based on config * Fix RUST_LOG envar for netavark * netavark IPAM assignment * netavark network interface * Make networking code reusable * Fix flake in upgrade tests * export adding id-specifier code to setContainerNameForTemplate * VOLUME must be declared after RUN chown command * network reload return error if we cannot reload ports * network reload without ports should not reload ports * Print headers for system connection ls * [CI:DOCS] Add CI check for SEE ALSO in man pages * podman load: support downloading files * Add links to all SEE ALSO sections * pod create: read infra image from containers.conf * rootless: adjust error message * Fix rootless networking with userns and ports * support health checks from image configs * change from run to create in 250-systemd.bats * Exclude already built sources for static build * shm_lock: Handle ENOSPC better in AllocateSemaphore * Fix Zsh completion command documentation * Match .c files in Makefile * Add Static Build download instructions to README * Add links to podman build,run, create see also * Minor test tweaks * pod create: read network mode from config * Bump Catatonit up to v0.1.7 * test connection add * system: Adds support for removing all named destination via --all * pod/container create: resolve conflicts of generated names * podman-generate-kube - remove empty structs from YAML * Add some information about disabling SELinux when using system volumes * Fix swagger definition for the new mac address type * Log Apache access_log-like entries at Info level [NO NEW TESTS NEEDED] * Test to check for presence of 'stats-dump' in exported checkpoints * Add 'stats-dump' file to exported checkpoint * Podman Image SCP rootful to rootless transfer * rename rootless cni ns to rootless netns * mount full XDG_RUNTIME_DIR in rootless cni ns * Bump github.com/checkpoint-restore/go-criu/v5 from 5.1.0 to 5.2.0 * Keep error semantics intact * Fix rootless cni netns cleanup logic * tweak a couple of flag descriptions in help output * Update swagger doc make filed optional * Fix bindings container log test * test: run --cgroups=split in new cgroup * MAC address json unmarshal should allow strings * Make stop message more similar to start * Implement top streaming for containers and pods * Handle HTTP 409 error messages properly for Pod actions * Add tests * Fix swagger definitions * More conforming libpod API and swagger types * More conforming libpod API and swagger types * Better emptiness test for custom JSON serializer * System tests: enhance volume test, add debug prints * add unit test to containers_test * Use correct swagger type in doc-comment * Cirrus: Authorize rootless user self-ssh * Fix libpod API conformance to swagger * Fix help message case for `podman version` * Fix pause usage example * Use systemctl in local system test * Allow label and labels when creating volumes * volumes: be more tolerant and fix infinite loop * Add information on how podman machine is updated * volumes: allow more options for devpts * volumes: do not pass mount opt as formatter string * Bump k8s.io/api from 0.22.2 to 0.22.3 * runtime: change PID existence check * oci: rename sub-cgroup to runtime instead of supervisor * libpod: deduplicate ports in db * Set flags to test 'logs -f' with journald driver * Set Checkpointed state to false after restore * container create: fix --tls-verify parsing * runtime: check for pause pid existence * utils: do not overwrite the err variable * Fix systemd PID1 test * Record the image stream along with the path * cgroups: use SessionBusPrivateNoAutoStartup * vendor: update godbus to v5.0.6 * Slirp4netns with ipv6 set net.ipv6.conf.default.accept_dad=0 * Fix a few problems in 'podman logs --tail' with journald driver * Allow 'container restore' with '--ipc host' * Document to not set K8S envars for CNI * Bump github.com/docker/docker * pod create: remove need for pause image * add kubernetes pause * cirrus: containers: mount directory in /var/tmp to /tmp * overlay root fs: create mount on runtime dir * Update vendor github.com/opencontainers/runtime-tools * If Dockerfile exists in same directory as service, we should not use it. * Fix tests of podman image trust --raw and --json * Tighten the expected output of the "podman image trust show" test * Use INTEGRATION_ROOT instead of current directory * Add support to play kube for --log-opt * [NO NEW TESTS NEEDED] Fix off-by-one index comparision (reported by LGTM) * Fix some typos in documentation and comments (found by codespell) * Replace 'an user' => 'a user' * [CI:DOCS] Fix typo keep_id -> keep-id * Set DOCKER_HOST in the VM * fuse-overlay probably means fuse-overlayfs. * Support template unit files in podman generate systemd * Remove --kernel-memory options * tag: Support tagging manifest list instead of resolving to images * Remove infra ID from DB before removing containers * System tests: confirm that -a and -l clash * systemd: compatible with rootless mode * system tests: CONTAINER_* and --help: cleanup * podman run --memory=0 ... should not set memory limit * Add information on how to discover default log driver * Add test for system connection * Generate Kube should not print default structs * libpod: change mountpoint ownership c.Root when using overlay on top of external rootfs * Change podman connection list to use default field * Allow API to specify size and inode quota * Use exponential backoff when waiting for a journal entry * Pod Rm Infra Improvements * system tests: socket activation: clean up * rootfs-overlay: fix overlaybase path for cleanups * Move CONTAINER_HOST and _CONNECTION to IsRemote Function * We should only be relabeling when on first run * If CONTAINER_HOST env variable is set default podman --remote=true * Set targetPort to the port value in the kube yaml * Do not add TCP to protocol in generated kube yaml * Use CGO_ENABLED=1 when building natively on darwin * Test-hang fix: Wait for ready + timeout on connect. * Checkpoint/Restore test fixes * Don't include ctr.log if not using file logging * Don't use docker/pkg/archive, use containers/storage/pkg/archive * Fix codespell errors * Adjust tests to verify all subcommands show the help message * Fix panic in container create compat api * Don't add image entrypoint to the generate kube yaml * Display help text on empty subcommand by default * podman search: display only name and description by default * codespell code * Add information about .containerignore to podman build man page * CNI: fix network create --ip-range * Kube Gen run as user/group issues * rootlessport: reduce memory usage of the process * No space in kube annotations for bind mounts * Fix CI flake on time of shutdown for API service * Refactor podman search to be more code friendly * Unit files: Use actual installed path for podman * Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5 * cgroups: use cgroup.controllers to read controllers * builder: Add support for builder prune * Remove a volume with --force if container is running * Use SplitN(2) when copying env variables * podman stats: move cgroup validation to server * fix test * Support readonly rootfs contains colon * [CI:DOCS] oci-hooks.5.md: fixup section in header * Enable /debug/pprof API service endpoints * Not all fields in machine list were set properly * faster image inspection * Warn if podman stop timeout expires that sigkill was sent * [CI:DOCS] introduce --replace flag for play kube * [CI:DOCS] Include manifest example usage * Change podman.1 man page to show corret log-level default * Bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1 * Fixes #11668 * libpod: fix race when closing STDIN * Ensure `podman ps --sync` functions * Allow `podman stop` to be run on Stopping containers * Bump github.com/containers/image/v5 from 5.16.0 to 5.16.1 * Bump github.com/docker/docker * It really should be no **NEW** tests needed * README.md: Point to Podman's channels * Add podman-plugins to upstream image * CNI networks: reload networks if needed * bump c/common to latest and c/storage to 1.37.0 * Add --time out for podman * rm -f commands * Cirrus: Fix defunct package metadata breaking cache * Pod Events Logging Fix * [NO TESTS NEEDED] Ignore removed containers * Pod Volumes From Support * Add note about empty fields and null values for API responses * Bump github.com/containers/buildah from 1.23.0 to 1.23.1 * Add podman play kube --no-hosts options * Gating tests: fix permissions error * pkg/specgen: cache image in generator * cirrus: gitlab: download packages * Add guard for BuildOptions.CommonBuildOpts * System tests: tighten 'is' operator * Update README and release notes for v3.4.0 * sdnotify test: accept MAINPID anywhere * machine: silently cleanup dangling sockets before rm if possible * Add expose type map[uint16]string to description * [NO TESTS NEEDED] Fix typo in storage.conf file exists message * Support selinux options with bind mounts play/gen * kube: fix conversion from milliCPU to period/quota * Bump github.com/mattn/go-isatty from 0.0.12 to 0.0.14 * test: use new helper * test: skip test on rootless cgroupsv1 * machine: Info on successfully stopping qemu machine * Allow a value of -1 to set unlimited pids limit * Vendor in latest containers/storage * Storage can remove ErrNotAContainer as well * libpod: container create: init variable: do not deep copy spec * libpod: add GetConfigNoCopy() * libpod: add execSessionNoCopy * libpod: do not call (*container).Spec() * Pod Device-Read-BPS support * Remind user to check connection or use podman machine * Ensure pod ID bucket is properly updated on rename * Fix contributor make targets on Ubuntu and Debian * Implement PR template to assist review & release * libpod: do not call (*container).Config() * [NO TESTS NEEDED] Add port configuration to first regular container * [CI:DOCS] cmd/podman: no dot for short descriptions * move network alias validation to container create * set --cni-config-dir for exit command * always add short container id as net alias * image prune: support removing external containers * System tests: speed up. They've gotten too slow. * Add dockerfile.5 as man link to containerfile man page * Set MSI to be 64-bit only. * fix podman network prune integration test flakes * Cirrus: Add gitlab podman runner test * CNI: network remove do not error for ENOENT * remote build: EvalSymlinks() the context directory * stop: Do nothing if container was never created in runtime * logging: new mode -l passthrough * Allow machine options to be set from containers.conf * Vendor in containers/common v0.46.0 * podman machine: do not join userns * Disable docker and alias to podman in FCOS ignition * added healthcheck to ps command * Fix english on prune prompt * Document missing /images/search query parameters * rootful: do not set XDG_RUNTIME_DIR for cni plugins * Revert "rootful: unset XDG_RUNTIME_DIR" * Add completion for machine list format * Set context dir for play kube build * Makefile: use -ldflags/-gccgoflags depending on the go implemenatiton * Update docs for --platform in podman-build.1 * shell completion: do not show images without tag * podman inspect add State.Health field for docker compat * podman save: enforce signature removal * Add JSON version of the machine list * Add support for :U flag with --mount option * [CI:DOCS] Add link to running ctrimage on enablesysadm * Ignore mount errors except ErrContainerUnknown when cleaningup container * standardize logrus messages to upper case * podman generate kube should not include images command * Fix machine image * sync container state before reading the healthcheck * Also show the (initial) disk size * Show cpus and memory in machine list * Eighty-six eighty-eighty * net types: remove omitempty from required fields * podman save: add `--uncompressed` * Bump CNI to v1.0.1 * vendor c/psgo@v1.7.1 * [CI:DOCS] Add network alias note in man pages * Add a backoff and retries to retrieving exited event * Cross-build release-archives w/ arch in filename * Fix Error, empty output for info: 'VERSION' * Generate kube should'd add podman default environment vars * volume: Add support for overlay on named volumes * Pod Device Support * Support --format tables in ps output * Remove references to kube being development * Add support for retrieving system service --timeout * Add podman image/container inspect man pages * [CI:DOCS] Add link to skopeo delete in podman rmi * vendor c/common@main * remote untag: support digests * Created MapOptions for PodCreate * Bump k8s.io/api from 0.22.1 to 0.22.2 * compat API: /images/json prefix image id with sha256 * podman machine: use gvproxy for host.containers.internal * utils: return error message from StartTransientUnit * utils: raise warning only on cgroupv2 * Add podman machine init --now option * System tests: cleanup, and remove obsolete skips * Add username flag for machine ssh * Remove unused code from libpod * [CI:DOCS] markdown cleanup * Fix up build the docs site * Use a new markdown converter for sphinx * runtime: move pause process to scope * system: move MovePauseProcessToScope to utils * system: always move pause process when running on systemd * system: avoid reading pause pid file * Only add 127.0.0.1 entry to /etc/hosts with --net=none * Add no-trunc support to podman-events * CNI: add ipvlan driver * CNI: network create support macvlan modes * Do not allow network modes to be used as network names * fix inverted condition * Fix /auth compat endpoint * Add Drivers method to the Network Interface * CI: load ipv6 kernel modules for rootless tests * Drop OCICNI dependency * Wire network interface into libpod * cni network configs set ipv6 enables correctly * default network: do not validate the used subnets * network create: validate the input subnet * Set default storage from containers.conf for temporary images * container runlabel remove image tag from name * build.bats: fix copy tests after containers/buildah#3486 * build: mirror --authfile to filesystem if pointing to FD instead of file * Fix example in podman machine init man page * vendor: Bump github.com/containers/buildah from 1.22.3 to 1.23.0 * api: handle nil pointer dereference in rest endpoints * build: take advantage of --platform lists * Document `all` query parameter for /libpod/images/prune * Show variant and codename of the distribution * Use new aarch64 fcos repos * Enhance bindings for IDE hints * Pod Volumes Support * test: enable --cgroup-parent test * libpod: honor --cgroups=split also with pods * tests: enable --cgroups=disabled test for rootless * tests: simplify --cgroups=disabled test * libpod: rootful close binded ports * Search gvproxy with config.FindHelperBinary() * rootfs: Add support for rootfs-overlay and bump to buildah v1.22.1-0.202108 * fix restart always with rootlessport * Cirrus: NM/CNI workaround + Remove prior-Ubuntu * If container exits with 125 podman should exit with 125 * Bump github.com/json-iterator/go from 1.1.11 to 1.1.12 * bump c/common to v0.44.0 * remove rootlessport socket to prevent EADDRINUSE * Add deprecated fields for 1.22+ clients that still expect them * Use default username for podman machine ssh ------------------------------------------------------------------ ------------------ 2022-3-15 - Mar 15 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - make package compatible with OBS version (bsc#1197224): * move branding images to distribution-logos-SLE package * re-add dependency on distribution-logos * remove branding patch and assets (suse-microos-branding.patch, suse-microos-branding.tar.gz); moved to GitHub fork * remove local __python3 macro * apply SLE specific patches only on SLE ++++ glib2-branding-openSUSE: - Update .gschema.override.in: Change default libreoffice startup entry to libreoffice-startcenter.desktop according to the libreoffice update (bsc#1195836, bsc#1196951). ++++ kernel-default: - x86/boot: Fix memremap of setup_indirect structures (bsc#1190497). - commit 231bfb2 - x86/boot: Add setup_indirect support in early_memremap_is_setup_data() (bsc#1190497). - commit 6874f7f - x86/traps: Mark do_int3() NOKPROBE_SYMBOL (bsc#1190497). - commit f088cf6 - esp: Fix possible buffer overflow in ESP transformation (CVE-2022-0886 bsc#1197131). - sock: remove one redundant SKB_FRAG_PAGE_ORDER macro (CVE-2022-0886 bsc#1197131). - commit fa4075e - ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() (CVE-2022-0742 bsc#1197128). - commit b531b26 - aio: fix use-after-free due to missing POLLFREE handling (CVE-2021-39698 bsc#1196956). - aio: keep poll requests on waitqueue until completed (CVE-2021-39698 bsc#1196956). - signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - commit ee17f5c - net/smc: Fix hung_task when removing SMC-R devices (bsc#1197082). - commit 5256139 - Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch. Update number of SETUP_EFI_SECRET_KEY from 7 to 16 to make room for future upstream patches taking numbers from 7 upwards, as discussed with Joey Lee. - commit cd78c9f - kabi/severities: Ignore arch/x86/kvm except for kvm_x86_ops Handle this like in previous SLE kernels. - commit 77e00d5 - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - commit 1da8439 ++++ kernel-firmware: - Update to version 20220309 (git commit cd01f857da28): * iwlwifi: add new FWs from core68-60 release * ath11k: add links for WCN6855 hw2.1 * ath11k: WCN6855 hw2.0: add WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3 * ath11k: WCN6855 hw2.0: add board-2.bin and regdb.bin * ath10k/ath11k: mark notice.txt as "File:" * linux-firmware: add firmware for MT7986 * amdgpu: add firmware for SDMA 5.2.7 IP block * amdgpu: add firmware for PSP 13.0.8 IP block * amdgpu: add firmware for DCN 3.1.6 IP block * amdgpu: add firmware for GC 10.3.7 IP block * rtw89: 8852a: update fw to v0.13.36.0 * iwlwifi: update 9000-family firmwares to core68-60 * amdgpu: update raven2 VCN firmware * amdgpu: update raven VCN firmware * amdgpu: update picasso VCN firmware * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update AMD SEV firmware (CVE-2021-46744, CVE-2021-26339, bsc#1199470, bsc#1199459) * rtw89: 8852a: update fw to v0.13.35.0 ++++ gcc12: - Add a proper barebones cross compiler for hppa (named cross-hppa-gcc12-bootstrap). Doesn't yet drop or rename the icecream variant cross-hppa-gcc12, not does this add a proper glibc-using cross compiler for hppa. ++++ openssl-1_1: - Security Fix: [bsc#1196877, CVE-2022-0778] * Infinite loop in BN_mod_sqrt() reachable when parsing certificates * Add openssl-CVE-2022-0778.patch openssl-CVE-2022-0778-tests.patch - Added openssl-1_1-use-include-directive.patch so that the default /etc/ssl/openssl.cnf file will include any configuration files that other packages might place into /etc/ssl/engines.d/ and /etc/ssl/engdef.d/ This is a fix for bsc#1004463 where scripting was being used to modify the openssl.cnf file. The scripting would fail if either the default openssl.cnf file, or the sample openssl-ibmca configuration file would be changed by upstream. - Updated spec file to create the two new necessary directores for the above patch. [bsc#1194187, bsc#1004463] ++++ ceph: - Update to 16.2.7-640-gceb23c7491b + (bsc#1194875) common: fix FTBFS due to dout & need_dynamic on GCC-12 + (bsc#1196938) cephadm: preserve authorized_keys file during upgrade ++++ qemu: - Proactive fix * Patches added: hw-nvram-at24-return-0xff-if-1-byte-addr.patch ++++ ovmf: - TPM_ENABLE got renamed to TPM2_ENABLE and TPM_CONFIG_ENABLE removed (except on ARM for some reason) (boo#1197104) ++++ samba: - Update to 4.15.6 * Renaming file on DFS root fails with NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169); * Samba does not response STATUS_INVALID_PARAMETER when opening 2 objects with same lease key; (bso#14737); * NT error code is not set when overwriting a file during rename in libsmbclient; (bso#14938); * Fix ldap simple bind with TLS auditing; (bso#14996); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); * Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224); * pam_winbind will not allow gdm login if password about to expire; (bso#8691); * virusfilter_vfs_openat: Not scanned: Directory or special file; (bso#14971); * DFS fix for AIX broken; (bso#13631); * Solaris and AIX acl modules: wrong function arguments; (bso#14974); * Function aixacl_sys_acl_get_file not declared / coredump; (bso#7239); * Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam; (bso#14900); * Fix a use-after-free in SMB1 server; (bso#14989); * smb2_signing_decrypt_pdu() may not decrypt with gnutls_aead_cipher_decrypt() from gnutls before 3.5.2; (bso#14968); * Changing the machine password against an RODC likely destroys the domain join; (bso#14984); * authsam_make_user_info_dc() steals memory from its struct ldb_message *msg argument; (bso#14993); * Use Heimdal 8.0 (pre) rather than an earlier snapshot; (bso#14995); * Samba autorid fails to map AD users if id rangesize fits in the id range only once; (bso#14967); ++++ supportutils: - Spec file adjusted for usr-merge ------------------------------------------------------------------ ------------------ 2022-3-14 - Mar 14 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit-machines: - Hide links pointing to RHEL docs, hide-docs.patch (bsc#1197003) ++++ dracut: - Update to version 055+suse.244.g2f624182: * fix(resume): only exclude this module when swap is netdev (bsc#1194915) ++++ kernel-default: - bpf, selftests: Add test case trying to taint map value pointer (bsc#1196130,CVE-2021-45402). - bpf: Make 32->64 bounds propagation slightly more robust (bsc#1196130,CVE-2021-45402). - bpf: Fix signed bounds propagation after mov32 (bsc#1196130,CVE-2021-45402). - commit 04987fb - kABI: fix rndis_parameters locking (git-fixes). - commit b56edcd - tracing/osnoise: Force quiescent states while tracing (git-fixes). - commit 1b74679 - usb: gadget: rndis: add spinlock for rndis response list (git-fixes). - commit 0d97063 - Refresh patches.suse/x86-kvm-add-guest-support-for-detecting-and-enabling-sev-live-migration-feature - Refresh patches.suse/x86-sev-move-common-memory-encryption-code-to-mem_encrypt-c - Refresh patches.suse/x86-sev-rename-mem_encrypt-c-to-mem_encrypt_amd-c Bring patches.suse/x86-kvm-add-guest-support-for-detecting-and-enabling-sev-live-migration-feature closer to upstream to avoid future conflicts. Update other patches as required by this. - commit 8b29535 - net/mlx5e: SHAMPO, reduce TIR indication (jsc#SLE-19253). - net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (jsc#SLE-19253). - i40e: stop disabling VFs due to PF error responses (jsc#SLE-18378). - iavf: Fix handling of vlan strip virtual channel messages (jsc#SLE-18385). - commit 81cb0af ++++ libarchive: - Fix CVE-2021-36976 use-after-free in copy_string (CVE-2021-36976, bsc#1188572) * fix-CVE-2021-36976.patch - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: CVE-2017-5601, bsc#1022528, bsc#1189528 ++++ openldap2: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression reporting is bsc#1197004 causing SSSD to have faults. ++++ pcre2: - version update to 10.39 * Fix incorrect detection of alternatives in first character search in JIT * Update to Unicode 14.0.0 - 0001-Fixed-atomic-group-backtracking-bug.patch released for 15:Update due to bsc#1187937 is already upstreamed https://bugzilla.suse.com/show_bug.cgi?id=1187937#c7 ++++ sssd: - Fix shell command injection in sssctl via the logs-fetch and cache-expire subcommands; (CVE-2021-3621); (bsc#1189492); Add 0002-TOOLS-replace-system-with-execvp-to-avoid-execution-.patch ++++ libzypp: - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - version 17.29.6 (22) ++++ python-iniconfig: - Include in SLE-15 (bsc#1195916, bsc#1196696, jsc#PM-3356, jsc#SLE-23972) ++++ python-py: - Update in SLE-15 (bsc#1195916, bsc#1196696, jsc#PM-3356, jsc#SLE-23972) - Drop CVE-2020-29651.patch, issue fixed upstream in 1.10.0 ++++ yast2-trans: - Update to version 84.87.20220313.3dfcfc0d1f: * Translated using Weblate (Hindi) * Translated using Weblate (Polish) * New POT for text domain 'base'. * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * New POT for text domain 'packager'. * New POT for text domain 'autoinst'. * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Indonesian) ------------------------------------------------------------------ ------------------ 2022-3-13 - Mar 13 2022 ------------------- ------------------------------------------------------------------ ++++ lvm2-device-mapper: - lvm2 should use 'external_device_info_source="udev"' by default (bsc#1179691) + change lvm.conf item external_device_info_source from none to udev + bug-1179691_config-set-external_device_info_source-none.patch ++++ lvm2: - lvm2 should use 'external_device_info_source="udev"' by default (bsc#1179691) + change lvm.conf item external_device_info_source from none to udev + bug-1179691_config-set-external_device_info_source-none.patch ++++ sqlite3: - update to 3.38.1: * Fix problems with the new Bloom filter optimization that might cause some obscure queries to get an incorrect answer. * Fix the localtime modifier of the date and time functions so that it preserves fractional seconds. * Fix the sqlite_offset SQL function so that it works correctly even in corner cases such as when the argument is a virtual column or the column of a view. * Fix row value IN operator constraints on virtual tables so that they work correctly even if the virtual table implementation relies on bytecode to filter rows that do not satisfy the constraint. * Other minor fixes to assert() statements, test cases, and documentation. See the source code timeline for details. - add upstream patch to run atof1 tests only on x86_64 sqlite-src-3380100-atof1.patch ------------------------------------------------------------------ ------------------ 2022-3-12 - Mar 12 2022 ------------------- ------------------------------------------------------------------ ++++ librsvg: - Update to version 2.52.7: + Backport a fix for the regression that was introduced in the last release: Output filled text as text for PDF; fixes regression due to outputting all text as paths. ++++ kernel-default: - x86/MCE/AMD: Allow thresholding interface updates after init (bsc#1190497). - commit 8e490b2 - mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes). - drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes). - slip: fix macro redefine warning (git-fixes). - commit 7dc768d ++++ libvirt: - qemu: Fixes and improvements for SEV(-ES) guests d248e3dc-virsh-domsetlaunchsecstate-report-error.patch, 07ddb4c6-qemuDomainSetLaunchSecurityState-check-params.patch, 29605313-qemuDomainSetLaunchSecurityState-nocache.patch, 82be0ffe-conf-validate-serial-port-model.patch, aab943a6-support-firmware-debug.patch, 7714034e-qemu-debug-console-tests.patch, 3ef9b51b-qemu-fix-pflash-formatting.patch, 5adfb347-qemu-honor-user-nvram-path.patch, 08101bde-qemu-inline-nvram-path-code.patch, 24adb6c7-qemu-dont-regen-nvram-path.patch, 392292cd-tests-dont-use-autogen-nvram-path.patch, 32b9d8b0-qemu-support-fw-descriptor-mode.patch, 823a62ec-qemu-fix-undefine-crash.patch bsc#1196806 ------------------------------------------------------------------ ------------------ 2022-3-11 - Mar 11 2022 ------------------- ------------------------------------------------------------------ ++++ grub2: - Fix grub-install error when efi system partition is created as mdadm software raid1 device (bsc#1179981) (bsc#1195204) * 0001-install-fix-software-raid1-on-esp.patch ++++ kernel-default: - x86/cpu: Add Xeon Icelake-D to list of CPUs that support PPIN (bsc#1190497). - commit 8f9c7a1 - bpf, selftests: Add test case trying to taint map value pointer (bsc#1196130,CVE-2021-45402). - bpf: Make 32->64 bounds propagation slightly more robust (bsc#1196130,CVE-2021-45402). - bpf: Fix signed bounds propagation after mov32 (bsc#1196130,CVE-2021-45402). - commit a54f4ff - Update patch reference for virtio BT fix (CVE-2022-26878 bsc#1197035) - commit a9d561c - net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes). - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes). - NFC: port100: fix use-after-free in port100_send_complete (git-fixes). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes). - isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() (git-fixes). - mISDN: Fix memory leak in dsp_pipeline_build() (git-fixes). - net: phy: meson-gxl: fix interrupt handling in forced mode (git-fixes). - staging: rtl8723bs: Fix access-point mode deadlock (git-fixes). - staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes). - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes). - ARM: dts: aspeed: Fix AST2600 quad spi group (git-fixes). - arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias (git-fixes). - ARM: boot: dts: bcm2711: Fix HVS register range (git-fixes). - gpio: ts4900: Do not set DAT and OE together (git-fixes). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes). - commit 1341b7c ++++ libnvme: - Update to version 1.0-rc6: * tree: add nvme_ctrl_get_ana_state() (bsc#1195938) * tree: link paths to namespaces in nvme_subsystem_scan_namespace() (bsc#1195938) * ioctl.h: ns list bug fix (wrong cns value) * types.h: Key Value Command Set Identifier added (NVME_CSI_KV) * types: fix status code type bug (wrong masking) ++++ protobuf: - Fix incorrect parsing of nullchar in the proto symbol, CVE-2021-22570, bsc#1195258 * Add protobuf-CVE-2021-22570.patch ++++ libvirt-dbus: - Update to version 1.4.1: * Release of libvirt-dbus 1.4.1 * tests: allow running our tests against installed libvirt-dbus * tests: report proper error if `abs_top_builddir` is not defined * gitlab: use --fatal-meson-warnings in builds * meson: add git_werror option and only set if -Dwerror is not set * meson: honour meson warning_level setting * gitlab: adapt to use meson for libvirt-glib build * ci: refresh containers for CentOS-8 PowerTools repo rename * gitlab: replace "libvirt-" prefix with "ci-" in dockerfiles * gitlab: refresh containers with lcitool for fully minimized base * Dropped patches: libvirt-dbus-systemd.diff - Add source service file - Change system-user-libvirt-dbus subpackage to noarch - Require libvirt group in system-user-libvirt-dbus subpackage bsc#1196968 ++++ mdevctl: - spec: Add /etc/mdevctl.d/scripts.d directory to %files ++++ nvme-cli: - Update to version 2.0-rc6: * nvme: print out ANA state for 'list-subsys' (bsc#1195938) * nvme: Explicit initialize all command line options (bsc#1195945) * nvme: Explicit initialize passthru command line options * nvme: list_ns bug fix (csi option enable) * nvme: nvme write bug fix (no parse for option) * documenation updates ++++ permissions: - Update to version 20201225: * whitelist ksysguard network helper (bsc#1151190) ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#582 - include all of s390-tools in initrd (bsc#1195914, bsc#1196923) - 16.57.17 ++++ yast2: - Extend the Package module to force using PackageSystem or PackageAI without having the mode into account. - AutoYaST: properly detect whether firewalld, bind and yast2-dns-server packages are installed when cloning a system (bsc#1196963). - 4.4.47 ------------------------------------------------------------------ ------------------ 2022-3-10 - Mar 10 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit-machines: - Require virt-install and qemu display drivers needed to start new VMs (bsc#1196971) ++++ dracut: - Update to version 055+suse.242.g76ae5ce4: * fix(multipath): align multipathd.service type with upstream (bsc#1196958) * fix(systemd-sysusers): use split systemd sysuser configs (bsc#1196223) ++++ grub2: - Fix riscv64 build error * 0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch - Fix error in grub-install when linux root device is on lvm thin volume (bsc#1192622) (bsc#1191974) * 0001-grub-install-bailout-root-device-probing.patch ++++ kernel-default: - x86/kprobes: Fixup return address in generic trampoline handler (bsc#1193277). - commit b18f008 - tracing: Show kretprobe unknown indicator only for kretprobe_trampoline (bsc#1193277). - commit 6463ef3 - x86/unwind: Recover kretprobe trampoline entry (bsc#1193277). - commit 764dcf8 - x86/kprobes: Push a fake return address at kretprobe_trampoline (bsc#1193277). - commit 530a7dd - kprobes: Enable stacktrace from pt_regs in kretprobe handler (bsc#1193277). - commit 9d51706 - arm: kprobes: Make space for instruction pointer on stack (bsc#1193277). - commit 9a408f3 - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1190497). - commit 309553d - x86/ptrace: Fix xfpregs_set()'s incorrect xmm clearing (bsc#1190497). - commit be27a82 - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396, CVE-2022-23042). - commit 095b89a - xen/gnttab: fix gnttab_end_foreign_access() without page specified (bsc#1196488, XSA-396, CVE-2022-23041). - commit 20b7983 - xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit d56d4c6 - xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit b08fc02 - xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - commit 4198f6f - xen/gntalloc: don't use gnttab_query_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23039). - commit 2239263 - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23038). - commit 95b1b12 - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23037). - commit aabdf93 - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23036). - commit d12d408 - xen/grant-table: add gnttab_try_end_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038). - commit 4da4210 - EDAC/altera: Fix deferred probing (bsc#1190497). - commit 054e83a - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (bsc#1196488, XSA-396, CVE-2022-23040). - commit 93f9570 - iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (bsc#1196894). - commit 8aad886 - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - commit 174a64f - drm/vc4: hdmi: Make sure the device is powered with CEC (git-fixes). - drm/vc4: hdmi: Split the CEC disable / enable functions in two (git-fixes). - commit 771d37d - Add cherry-picked IDs to DRM patches - commit cf6526e - s390/cio: verify the driver availability for path_event call (bsc#1195927 LTC#196420). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195376 LTC#196087). - s390/hypfs: include z/VM guests with access control group set (bsc#1195639 LTC#196353). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195082 LTC#196087). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195082 LTC#196087). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194966 LTC#196029). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193244 LTC#195546). - s390/uv: de-duplicate checks for Protected Host Virtualization (bsc#1191740 LTC#194817). - s390/boot: disable Secure Execution in dump mode (bsc#1191740 LTC#194817). - s390/boot: move uv function declarations to boot/uv.h (bsc#1191740 LTC#194817). - commit 4d8f983 - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - commit 3e3ceb8 - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit 11235e2 - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - commit 1ed63ba - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - commit 73d560e - arm64: Do not include __READ_ONCE() block in assembly files (git-fixes). - HID: vivaldi: fix sysfs attributes leak (git-fixes). - HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (git-fixes). - arm64: kasan: fix include error in MTE functions (git-fixes). - commit 5be8bf8 ++++ rdma-core: - Update spec file from upstream - install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639) - fix build support for riscv - Added cmake-Make-modprobe.d-path-configurable.patch - Backport from upstream to allow modprobe files to be installed in a configurable directory ++++ openssl-1_1: - FIPS: add openssl-1_1-fips-bsc1190652_release_num_in_version_string.patch * bsc#1190652 - Provide a service to output module name/identifier and version ++++ mdevctl: - Update to version v1.1.0 (jsc#SLE-18449): * use imported std::env for CARGO_PKG_VERSION in build.rs directly * fix build.rs to allow specify exact path or name of the rst2man * Don't call unnecessary to_string() * Report a useful error when /etc/mdevctl.d doesn't exist * Handle FS permissions problems for defined devices * Fix needless borrow warning from clippy * tests: read stdin in callout test scripts * Report root error when a callout can't be executed * Don't emit warning for files in /etc/mdevctl.d/scripts.d * env: add function to get base scripts directory ++++ osinfo-db: - bsc#1196965 - openSUSE Tumbleweed unattended installation with libvirt fails opensuse-autoyast-desktop.patch ++++ ovmf: - Update to edk2-stable202202 - Features (https://github.com/tianocore/edk2/releases): OvmfPkg Add new target for Cloud Hypervisor Add TDVF to OvmfPkg Add new APIs to UefiCpuPkg/UefiCpuLib Add AMD Secure Nested Paging Support Add SSDT PCI generator in DynamicTablesPkg Support ACPI 6.4 PPTT changes Add FdtHwInfoParser library Add DynamicPlatRepo library Make package and platform builds reproducible across source format changes Add Uncrustify CI Plugin Apply uncrustify changes to all package C and H files - Patches (git log --oneline --reverse edk2-stable202111~..edk2-stable202202): bb1bba3d77 NetworkPkg: Fix invalid pointer for DNS response token on error ef9a059cdb EmulatorPkg/Win/Host: Update CC_FLAGS 69877614fd .pytool/Plugin/EccCheck: Remove RevertCode() 854462bd34 .pytool/Plugin/EccCheck: Remove temp directory on exception 3019f1bbab .pytool/Plugin/EccCheck: Add performance optimizations 99f84ff473 .pytools/Plugin/LicenseCheck: Use temp directory for git diff output 76a1ce4d5f .azurepipelines/templates: Update max pipeline job time to 2 hours 365dced2c3 ArmPkg: Update YAML to ignore specific ECC files/errors 1939fc9569 ArmPlatformPkg: Update YAML to ignore specific ECC files/errors c97fee87f0 ArmVirtPkg: Update YAML to ignore specific ECC files/errors d5744ecba8 CryptoPkg: Update YAML to ignore specific ECC files/errors d7d30e8f21 EmulatorPkg: Update YAML to ignore specific ECC files/errors 9deb937076 MdeModulePkg: Update YAML to ignore specific ECC files/errors df790cd6b3 MdePkg: Update YAML to ignore specific ECC files/errors 60fa40be45 SecurityPkg: Update YAML to ignore specific ECC files/errors 9944508e85 ShellPkg: Update YAML to ignore specific ECC files/errors c30c40d6c6 StandaloneMmPkg: Update YAML to ignore specific ECC files/errors c057347977 UefiPayloadPkg: Update YAML to ignore specific ECC files/errors f0f3f5aae7 UnitTestFrameworkPkg: Update YAML to ignore specific ECC files/errors dfafa8e453 MdeModulePkg/DxeCorePerformanceLib:Variable Initial a4a582e180 ArmPkg: Change use of EFI_D_* to DEBUG_* 1d2482e1e3 ArmPlatformPkg: Change use of EFI_D_* to DEBUG_* c5b3a56e4f ArmVirtPkg: Change use of EFI_D_* to DEBUG_* a1878955b2 EmbeddedPkg: Change use of EFI_D_* to DEBUG_* 9c7da8d804 EmulatorPkg: Change use of EFI_D_* to DEBUG_* 917e98f3e5 FatPkg: Change use of EFI_D_* to DEBUG_* 87000d7708 MdeModulePkg: Change use of EFI_D_* to DEBUG_* 5f289f3ae3 MdePkg: Change use of EFI_D_* to DEBUG_* c49ca4a29e NetworkPkg: Change use of EFI_D_* to DEBUG_* 47719926e8 OvmfPkg: Change use of EFI_D_* to DEBUG_* ca56749b0e PcAtChipsetPkg: Change use of EFI_D_* to DEBUG_* e905fbb05a SecurityPkg: Change use of EFI_D_* to DEBUG_* 4a1aee13d8 ShellPkg: Change use of EFI_D_* to DEBUG_* 586fda4800 SourceLevelDebugPkg: Change use of EFI_D_* to DEBUG_* 96e1cba5c1 UefiCpuPkg: Change use of EFI_D_* to DEBUG_* 1871d28eaf ArmPkg: Change OPTIONAL keyword usage style 2863ba97ca ArmPlatformPkg: Change OPTIONAL keyword usage style 9607597a74 ArmVirtPkg: Change OPTIONAL keyword usage style c8f46130f8 CryptoPkg: Change OPTIONAL keyword usage style fe2d81892f DynamicTablesPkg: Change OPTIONAL keyword usage style 792433088c EmbeddedPkg: Change OPTIONAL keyword usage style c69fc80c80 EmulatorPkg: Change OPTIONAL keyword usage style 9c721071d3 FmpDevicePkg: Change OPTIONAL keyword usage style e3917e22e7 MdeModulePkg: Change OPTIONAL keyword usage style d0e2f8232a MdePkg: Change OPTIONAL keyword usage style 8874fa199d NetworkPkg: Change OPTIONAL keyword usage style 79d49e162e OvmfPkg: Change OPTIONAL keyword usage style 237295f46d PcAtChipsetPkg: Change OPTIONAL keyword usage style dc8fe5ec95 RedfishPkg: Change OPTIONAL keyword usage style 12710fe93b SecurityPkg: Change OPTIONAL keyword usage style 9b8507cabe ShellPkg: Change OPTIONAL keyword usage style 18908e6131 SignedCapsulePkg: Change OPTIONAL keyword usage style f9c9215b55 SourceLevelDebugPkg: Change OPTIONAL keyword usage style 902e76de19 StandaloneMmPkg: Change OPTIONAL keyword usage style 4ec586b9f6 UefiCpuPkg: Change OPTIONAL keyword usage style e35dd32821 UefiPayloadPkg: Change OPTIONAL keyword usage style 78bc3bdd2a UnitTestFrameworkPkg: Change OPTIONAL keyword usage style ea85f0fe13 ArmVirtPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() e3b855f283 CryptoPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() 4a9d411662 DynamicTablesPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() db52c7f755 MdeModulePkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() 098307e082 MdePkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() ed7f7c9168 NetworkPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() 8e875037bf OvmfPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() deba54761a PcAtChipsetPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() f9f4fb2329 SecurityPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() 7c2a6033c1 UefiCpuPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() 429309e0c6 ArmPkg: Apply uncrustify changes 40b0b23ed3 ArmPlatformPkg: Apply uncrustify changes 2b16a4fb91 ArmVirtPkg: Apply uncrustify changes 7c34237831 CryptoPkg: Apply uncrustify changes 731c67e1d7 DynamicTablesPkg: Apply uncrustify changes e7108d0e96 EmbeddedPkg: Apply uncrustify changes a550d468a6 EmulatorPkg: Apply uncrustify changes bcdcc4160d FatPkg: Apply uncrustify changes 45ce0a67bb FmpDevicePkg: Apply uncrustify changes 111f2228dd IntelFsp2Pkg: Apply uncrustify changes 7c7184e201 IntelFsp2WrapperPkg: Apply uncrustify changes 1436aea4d5 MdeModulePkg: Apply uncrustify changes 2f88bd3a12 MdePkg: Apply uncrustify changes d1050b9dff NetworkPkg: Apply uncrustify changes ac0a286f4d OvmfPkg: Apply uncrustify changes 5220bd211d PcAtChipsetPkg: Apply uncrustify changes 39de741e2d RedfishPkg: Apply uncrustify changes c411b485b6 SecurityPkg: Apply uncrustify changes 47d20b54f9 ShellPkg: Apply uncrustify changes b878648967 SignedCapsulePkg: Apply uncrustify changes c1e126b119 SourceLevelDebugPkg: Apply uncrustify changes 91415a36ae StandaloneMmPkg: Apply uncrustify changes 053e878bfb UefiCpuPkg: Apply uncrustify changes e5efcf8be8 UefiPayloadPkg: Apply uncrustify changes 7c0ad2c338 UnitTestFrameworkPkg: Apply uncrustify changes dc453b5164 .pytool/Plugin/UncrustifyCheck: Add Uncrustify CI plugin 1832eb15aa UefiPayloadPkg/UefiPayloadPkg.fdf: Update DXE Apriori list ca78281c25 UefiPayloadPkg/PayloadEntry: Inherit 4/5-level paging from bootloader b2f7ee2ded UefiPayloadPkg: Increase SystemMemoryUefiRegionSize from 32M to 64M 94e0a7bddb UefiPayloadPkg: Add missing Guid gUefiAcpiBoardInfoGuid 2527723de9 UefiPayloadPkg: Add performance measurement feature ffdde9d719 UefiPayloadPkg: Skip ModuleInfo HOB in Payload 965292135b UefiPayloadPkg/UefiPayloadPkg.dsc:Add BootManagerLib for BootManagerMenuApp 85a678bf76 UefiPayloadPkg: Add integration instruction for coreboot common error 7b28310008 BaseTools: Increase the DevicePath length for support more PCD value. d25b803e51 MdeModulePkg/Bus/Pci/UhciDxe: Fix the UsbHc memory allocate and free issue c82ab4d8c1 BaseTools/VfrCompile: Correct Bit Field Flags for numeric/one of 2ddacfb6b8 OvmfPkg/SecMain: move SEV specific routines in AmdSev.c e2289d19d8 UefiCpuPkg/MpInitLib: move SEV specific routines in AmdSev.c 2fe8edfe55 OvmfPkg/ResetVector: move clearing GHCB in SecMain 3053183d41 OvmfPkg/ResetVector: introduce SEV metadata descriptor for VMM use 707c71a01b OvmfPkg: reserve SNP secrets page cca9cd3dd6 OvmfPkg: reserve CPUID page f2dc28f0b6 OvmfPkg/ResetVector: pre-validate the data pages used in SEC phase 34819f2cac OvmfPkg/ResetVector: use SEV-SNP-validated CPUID values d9822304ce OvmfPkg/MemEncryptSevLib: add MemEncryptSevSnpEnabled() 7c3b2892ea OvmfPkg/SecMain: register GHCB gpa for the SEV-SNP guest d2b998fbdc OvmfPkg/VmgExitLib: use SEV-SNP-validated CPUID values a19b648952 OvmfPkg/PlatformPei: register GHCB gpa for the SEV-SNP guest 19914edc5a OvmfPkg/AmdSevDxe: do not use extended PCI config space ade62c18f4 OvmfPkg/MemEncryptSevLib: add support to validate system RAM d706f8fec2 OvmfPkg/MemEncryptSevLib: add function to check the VMPL0 11b15336f0 OvmfPkg/BaseMemEncryptSevLib: skip the pre-validated system RAM d39f8d88ec OvmfPkg/MemEncryptSevLib: add support to validate > 4GB memory in PEI phase 202fb22be6 OvmfPkg/SecMain: validate the memory used for decompressing Fv 8eb79b5f4f OvmfPkg/PlatformPei: validate the system RAM when SNP is active 26210f9436 MdePkg: Define ConfidentialComputingGuestAttr 504ae26b80 OvmfPkg/PlatformPei: set PcdConfidentialComputingAttr when SEV is active b95908e043 UefiCpuPkg/MpInitLib: use PcdConfidentialComputingAttr to check SEV status f4e3ce5f53 UefiCpuPkg: add PcdGhcbHypervisorFeatures f5a6e1bab5 OvmfPkg/PlatformPei: set the Hypervisor Features PCD 2c354252be MdePkg/GHCB: increase the GHCB protocol max version 9c703bc0f1 UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled d4d7c9ad5f UefiCpuPkg/MpInitLib: use BSP to do extended topology check b928eb44d5 OvmfPkg/MemEncryptSevLib: change the page state in the RMP table b7b8872031 OvmfPkg/MemEncryptSevLib: skip page state change for Mmio address ea3a12d970 OvmfPkg/PlatformPei: mark cpuid and secrets memory reserved in EFI map 67484aed69 OvmfPkg/AmdSev: expose the SNP reserved pages through configuration table 06544455d0 UefiCpuPkg/MpInitLib: Use SEV-SNP AP Creation NAE event to launch APs 0f1d7477c0 OvmfPkg: Remove unused print service driver (PrintDxe) 30631f0a26 MdePkg: Add missing Cache ID (in)valid define 0077c22f6d MdePkg: Remove PPTT ID type structure a50b65ce22 ShellPkg: Update Acpiview PPTT parser to ACPI 6.4 8cf2bdfcfb ShellPkg: Add Cache ID to PPTT parser b2bbe3df54 DynamicTablesPkg: Remove PPTT ID structure from ACPI 6.4 generator e139829dd6 DynamicTablesPkg: Update PPTT generator to ACPI 6.4 e81a81e584 DynamicTablesPkg: Add CacheId to PPTT generator 9afcd48a94 OvmfPkg: Handle Cloud Hypervisor host bridge 2ccefa32a6 OvmfPkg: Create global entry point for SMBIOS parsing d8ef774346 OvmfPkg: Retrieve SMBIOS from Cloud Hypervisor 66bce05f6d OvmfPkg: Generalize AcpiPlatformDxe 7594c5bfe2 OvmfPkg: Install ACPI tables for Cloud Hypervisor f6df289a1c OvmfPkg/OvmfXen: Fix Xen build 2b20a34fd5 OvmfPkg-EmuVariableFvbRuntimeDxe: Support Access To Memory Above 4G d5efc875ef MdePkg: Introduce CcMeasurementProtocol for CC Guest firmware a124cd4ef9 SecurityPkg: Support CcMeasurementProtocol in DxeTpm2MeasureBootLib 8c06c53b58 SecurityPkg: Support CcMeasurementProtocol in DxeTpmMeasurementLib adf070ff56 OvmfPkg/Microvm: add PcdConfidentialComputingGuestAttr 2686468c43 OvmfPkg/Bhyve: add MemEncryptSevLib 61be49e0f7 OvmfPkg/PlatformCI: factor out PlatformBuildLib.py 21ee379407 OvmfPkg/PlatformCI: add QEMU_SKIP 64bccda534 OvmfPkg/PlatformCI: add BhyveBuild.py 04eacd3943 OvmfPkg/PlatformCI: add MicrovmBuild.py 8b8ae609a7 OvmfPkg/PlatformCI: add AmdSevBuild.py 2722856a87 OvmfPkg/PlatformCI: dummy grub.efi for AmdSev 1203eba58e OvmfPkg/PlatformCI: add XenBuild.py 64ef0dd1d3 OvmfPkg/Microvm/fdt: add device tree support 79dcaf7054 OvmfPkg/Microvm/fdt: load fdt from fw_cfg c802f8935c OvmfPkg/Microvm/fdt: add empty fdt 2a68abf6ee OvmfPkg/Microvm/virtio: add virtio-mmio support e07d27e24d OvmfPkg/Microvm: add README 7f1861be2b DynamicTablesPkg: AML Code generation for memory ranges 0e7147fe75 DynamicTablesPkg: AML Code generation to create a named Package() fd5fc4bbb7 DynamicTablesPkg: AML Code generation to create a named ResourceTemplate() b2b8def4e3 DynamicTablesPkg: AML Code generation to add _PRT entries 69ddfee1c3 DynamicTablesPkg: Add AmlAttachNode() ce306e48eb DynamicTablesPkg: Add Pci related objects e35a746cf5 DynamicTablesPkg: SSDT Pci express generator ec37fd9c1f DynamicTablesPkg: Fix multiple objects parsing 557dede8a6 OvmfPkg/PlatformPei: ScanOrAdd64BitE820Ram improvements 759e3c6d21 OvmfPkg/PlatformPei: prefer etc/e820 for memory detection 41d8bb3038 OvmfPkg/PlatformPei: stop using cmos for memory detection 7a6e6ae933 EmulatorPkg: Update lldbefi.py to work with current lldb which uses python3 4d30352445 ArmPkg: Add SMC helper functions c039fa7ff0 ArmPkg: Update SMC calls to use the new ArmCallSmc0/1/2/3 functions 90ad4b3b34 DynamicTablesPkg: Definition for HwInfoParser interface d59c5a20f8 DynamicTablesPkg: FdtHwInfoParser: CM Object descriptor helper 5d8b5d171c DynamicTablesPkg: FdtHwInfoParser: Add FDT utility functions 8d2691c3d5 DynamicTablesPkg: FdtHwInfoParser: Add Boot Arch parser 3ebe1ff5c9 DynamicTablesPkg: FdtHwInfoParser: Generic Timer Parser 51941f7558 DynamicTablesPkg: FdtHwInfoParser: Add Serial port parser e366a41ef0 DynamicTablesPkg: FdtHwInfoParser: Add GICC parser 0fa1217726 DynamicTablesPkg: FdtHwInfoParser: Add GICD parser b04cf355a0 DynamicTablesPkg: FdtHwInfoParser: Add MSI Frame parser d250d408cf DynamicTablesPkg: FdtHwInfoParser: Add ITS parser 7b6c8b30a5 DynamicTablesPkg: FdtHwInfoParser: Add GICR parser 26bf034a59 DynamicTablesPkg: FdtHwInfoParser: Add GIC dispatcher c67bf628c8 DynamicTablesPkg: FdtHwInfoParser: Add PCI config parser deb01dfd7f DynamicTablesPkg: Add FdtHwInfoParser library 9006967c8d DynamicTablesPkg: Handle 16550_WITH_GAS id b2d0ed20fd DynamicTablesPkg: Definition for DynamicPlatRepoLib interface 2e2db65e39 DynamicTablesPkg: DynamicPlatRepo: Add TokenGenerator 740e3bb634 DynamicTablesPkg: DynamicPlatRepo: Add TokenFixer 5fe5b6f94f DynamicTablesPkg: DynamicPlatRepo: Add TokenMapper 38f6d78c3b DynamicTablesPkg: Add DynamicPlatRepo library f14fff5135 StandaloneMmPkg/FvLib: Support large file with EFI_FFS_FILE_HEADER2. 3a72ec71cd OvmfPkg: remove unused TPM options from MicrovmX64.dsc b47575801e OvmfPkg: move tcg configuration to dsc and fdf include files 5711ff4d0b OvmfPkg: drop TPM_CONFIG_ENABLE b819388772 OvmfPkg: create Tcg12ConfigPei.inf 4de8d61bce OvmfPkg: rework TPM configuration e6ea1464a8 OvmfPkg/PlatformPei: Revert "stop using cmos for memory detection" a6c0418651 ArmPkg/SmbiosMiscDxe: Remove duplicate HII string definition 45e3842970 ArmPkg/SmbiosMiscDxe: Get full SMBIOS strings from OemMiscLib b451c69088 ArmPkg/ProcessorSubClassDxe: Get serial and part number from OemMiscLib 8ed8568922 SecurityPkg: Debug code to audit BIOS TPM extend operations 195f011973 SecurityPkg: Reallocate TPM Active PCRs based on platform support ab5ab2f603 SecurityPkg: TPM must go to Idle state on CRB command completion c63a10ecb7 EmbeddedPkg/AcpiLib: Add more helper functions f129b1f06f OvmfPkg/Bhyve: fix tls-enabled build ee1f8262b8 OvmfPkg: Call PlatformInitializeConsole for GPU passthrough case de9e5b7dc7 IntelFsp2WrapperPkg : FSPM/S UPD data address based on Build Type 9ec2cc1f31 IntelFsp2WrapperPkg : Remove EFIAPI from local functions. ae8272ef78 MdeModulePkg/UsbBusDxe: fix NOOPT build error 15c596aeeb OvmfPkg: Bhyve: Delete unused AcpiTables/Ssdt.asl file 6612ff8561 UefiCpuPkg: Extend measurement of microcode patches to TPM e910f076ad BaseTools: Fix the bug of --cmd-len build option 7935be0fbd IntelFsp2Pkg/FspSecCore: ExtendedImageRevision was not printed. c095122d4b MdeModulePkg/PciBusDxe: Enumerator to check for RCiEP before looking for RP d463c56ddd MdeModulePkg: Replace with UFS_UNIT_DESC to fix timeout problem 45920941d9 MdeModulePkg: Refactoring UFS DME request and fix timing problem 13d9e8ec98 MdeModulePkg: Put off UFS HCS.DP checking to fix timing problem 079a58276b OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as reserved 9dd14fc91c MdePkg: Add registers of boot partition feature 14a731096d UnitTestFrameworkPkg: CI YAML: Grant cmockery spell check exception 6062002bd5 MdeModulePkg/PartitionDxe: Add break to handle invalid LBA0 in MBR 7438a85bf1 BaseTools: Fix wrong variable header size c712ce2bb1 OvmfPkg/CloudHv: Add new target for Cloud Hypervisor a2da72b2ca OvmfPkg/CloudHv: Replace legacy 8254 PIT with local APIC timer 6ecdda71fe OvmfPkg/CloudHv: Connect serial console 1552050ce7 OvmfPkg/CloudHv: Remove legacy 8259 PIC support fdcea7ff6f OvmfPkg/CloudHv: Remove Q35 specifics 71082d3d1b OvmfPkg/CloudHv: Reduce dependency on QemuFwCfg 196be601f9 OvmfPkg/CloudHv: Remove video support 7b6cbe0a81 OvmfPkg/CloudHv: Remove USB support e73d1bf96a OvmfPkg/CloudHv: Remove CSM support b66056ef21 OvmfPkg/CloudHv: add Maintainers.txt entry 5302bd81d9 OvmfPkg: Add CloudHvX64 to the CI 59c48c9314 UefiPayloadPkg: Change the user interface name of the Uiapp 5801910013 UefiPayloadPkg: Not use BaseCpuTimerLib by default. 772c5bb8dc FmpDevicePkg/FmpDxe: Update FmpDeviceCheckImageWithStatus() handling 7709988dd8 RedfishPkg/RedfishRestExDxe:Simplify status check 21320ef669 MdeModulePkg/Variable: Make only EFI_VARIABLE_NON_VOLATILE invalid 7e5c603cba MdeModulePkg/SdMmcPciHcDxe: Robust improvements for SD card 1.8V switch ee67067f17 MdeModulePkg: VariableSmmRuntimeDxe: Fix Variable Policy Message Length 5b39832e18 MdePkg: MmCommunication2: Update MM communicate2 function description ce37f45955 ArmPkg: MmCommunicationDxe: MM communicate function argument attributes 541a077bd1 ArmPkg: MmCommunicationDxe: Update MM communicate `CommBuffer**` checks 1aa1ec4574 ArmPkg: MmCommunicationDxe: Update MM communicate `CommSize` check 8cc5590eab ArmPkg: MmCommunicationDxe: Update MM communicate `MessageLength` check 6777e67383 EmbeddedPkg: Fix a build error in FwVol.c in X64 arch a867f3a704 UefiPayloadPkg: Use BaseCpuTimerLib for Universal Payload by default f4b7b473b4 MdeModulePkg/UefiBootManagerLib: Convert BmLoadOption to Variable Policy 76b3d45b75 ShellPkg: Add the missing VariablePolicyHelperLib in ShellPkg.dsc 8542fc5f95 NetworkPkg: Add the missing VariablePolicyHelperLib in NetworkPkg.dsc ae35314e7b Maintainers.txt: Add Sami Mujawar as reviewer for ArmPkg 862ea6e836 OvmfPkg: change qemu default resolution to 1280x800 e95b44c90e ArmVirtPkg: change qemu default resolution to 1280x800 929804b172 OvmfPkg: add PcdVideoResolutionSource 7f25ddbc03 OvmfPkg/QemuVideoDxe: simplify InitializeBochsGraphicsMode 336da55ca8 OvmfPkg/QemuVideoDxe: drop QEMU_VIDEO_BOCHS_MODES->ColorDepth 55c05427b9 OvmfPkg/QemuVideoDxe: factor out QemuVideoBochsAddMode 49a2d8cbf5 OvmfPkg/QemuVideoDxe: parse edid blob, detect display resolution ba79becd55 OvmfPkg/BaseCachingPciExpressLib: Migrate BaseCachingPciExpressLib 103fa647d1 ArmPkg: Replace CoreId and ClusterId with Mpidr in ARM_CORE_INFO struct 742dafd2cc DynamicTablesPkg: Print specifier macro for CM_OBJECT_ID 13136cc311 DynamicTablesPkg: FdtHwInfoParserLib: Parse Pmu info 5751d60821 DynamicTablesPkg: AmlLib: AmlAddPrtEntry() to handle GSI 5816bd3eab DynamicTablesPkg: AcpiSsdtPcieLibArm: Remove link device generation dc1118fa0d ArmVirtPkg: Add cspell exceptions 0dbd356983 ArmVirtPkg/Kvmtool: Add DSDT ACPI table 312ef7a0a4 ArmVirtPkg/Kvmtool: Add Configuration Manager 17a02163bd ArmVirtPkg/Kvmtool: Enable ACPI support 5b3c682d91 ArmVirtPkg/Kvmtool: Enable Acpiview 017564d637 ArmPkg/ArmMmuLib AARCH64: avoid EL0 accessible mappings 45b1612659 DynamicTablesPkg: Add Memory32Fixed function 007a95055b DynamicTablesPkg: Remove redundant cast in AmlCodeGenReturn 33189f0527 DynamicTablesPkg: Add AmlCodeGenMethodRetInteger function a4b7aa362d MdeModulePkg/Bus/Pci/PciBusDxe: Support platform PCI ROM override 6fb09da89f ShellPkg: Fix incorrect PPTT FlagName dereference c09dbc92e9 BaseTools/Conf: Add new macro for customizing dll file reduction. d4ac53aa91 BaseTools: Fix error leg in DscBuildData.py f78b937c95 MdeModulePkg/RuntimeDxe: clear mVirtualMapMaxIndex 96b8b5fd10 MdeModulePkg/UiApp: Fix spelling of 'FRONTPAGE' bd676f080a Maintainers.txt: add missing github IDs to OvmfPkf/Fdt reviewers 1f54eaa725 Maintainers.txt: update email for Leif Lindholm b360b0b589 Maintainers.txt: Update email address c9b7c6e0cc BaseTools: Update CLANG{35,38}_WARNING_OVERRIDES to ignore unused vars 42af706dfb BaseTools: Update brotli submodule 1193aa2dfb MdeModulePkg: update brotli submodule 85589ddbf6 OvmfPkg/VmgExitLib: Fix uninitialized variable warning with XCODE5 c28e376edc OvmfPkg/FvbServicesSmm: use the VmgExitLibNull 8a57673316 ShellPkg: Fix Ping GetTimerPeriod API failure b24306f15d NetworkPkg: Fix incorrect unicode string of the AKM/Cipher Suite - Add amd-sev-es to the following descriptors because James Fehlig tested them (bsc#1196879): 60-ovmf-x86_64.json 60-ovmf-x86_64-2m.json 60-ovmf-x86_64-ms.json 60-ovmf-x86_64-2m-ms.json - Backported patches in ovmf-bsc1196879-sev-fix.patch for fixing SEV: de463163d9 OvmfPkg/AmdSev: reserve snp pages 63c50d3ff2 OvmfPkg/ResetVector: cache the SEV status MSR value in workarea f1d1c337e7 OvmfPkg/BaseMemEncryptLib: use the SEV_STATUS MSR value from workarea ------------------------------------------------------------------ ------------------ 2022-3-9 - Mar 9 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - rpm/*.spec.in: Use https:// urls - commit 77b5f8e - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes bsc#1196746). - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes bsc#1196746). - commit 8ac4c67 - x86/kprobes: Add UNWIND_HINT_FUNC on kretprobe_trampoline() (bsc#1193277). - commit e10650c - objtool: Ignore unwind hints for ignored functions (bsc#1193277). - commit d02af4d - objtool: Add frame-pointer-specific function ignore (bsc#1193277). - commit a01d77e - kprobes: treewide: Cleanup the error messages for kprobes (bsc#1193277). - commit 80cb641 - kprobes: treewide: Remove trampoline_address from kretprobe_trampoline_handler() (bsc#1193277). - commit e002527 - kprobes: treewide: Replace arch_deref_entry_point() with dereference_symbol_descriptor() (bsc#1193277). - commit 08196a4 - ARM: fix build error when BPF_SYSCALL is disabled (bsc#1085308 CVE-2022-23960). - ARM: include unprivileged BPF status in Spectre V2 reporting (bsc#1085308 CVE-2022-23960). - commit 2b85b07 - ARM: Spectre-BHB workaround (bsc#1085308 CVE-2022-23960). - Update config files. - commit 214f301 - ARM: use LOADADDR() to get load address of sections (bsc#1085308 CVE-2022-23960). - ARM: early traps initialisation (bsc#1085308 CVE-2022-23960). - ARM: report Spectre v2 status through sysfs (bsc#1085308 CVE-2022-23960). - commit 20f8a99 - kprobes: treewide: Use 'kprobe_opcode_t *' for the code address in get_optimized_kprobe() (bsc#1193277). - commit dd47f7b - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787). - commit 68439a4 - blacklist.conf: cleanup breaking kABI - commit a79d591 - blacklist.conf: cleanup breaking kABI - commit ec5c72f - blacklist.conf: cleanup breaking kABI - commit c887153 - blacklist.conf: cleanup breaking kABI - commit d93970a - arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Use the clearbhb instruction in mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 52f56e7 - arm64: Mitigate spectre style branch history side channels (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Update config files. - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - commit 1403b73 - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Add percpu vectors for EL1 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add macro for reading symbol addresses from the trampoline (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add vectors that have the bhb mitigation sequences (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow the trampoline text to occupy multiple pages (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the kpti trampoline's kpti sequence optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move trampoline macros out of ifdef'd section (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Don't assume tramp_vectors is the start of the vectors (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move the trampoline data page before the text page (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Free up another register on kpti's tramp_exit path (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the trampoline cleanup optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry.S: Add ventry overflow sanity checks (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 39b0cd1 - arm64: Add Cortex-X2 CPU part definition (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/arm64-Add-Cortex-A510-CPU-part-definition.patch. - commit 1489419 - arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 76b95f9 - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 0161c6c - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8114d57 - x86/speculation: Use generic retpoline by default on AMD (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit e9a2f46 - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8400263 - Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779). - commit a5449ea - Documentation/hw-vuln: Update spectre doc (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit bc2948e - x86/speculation: Add eIBRS + Retpoline options (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 6e19c5a - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 2a3d074 - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - commit e87e53d - PCI: mvebu: Fix support for bus mastering and PCI_COMMAND on emulated bridge (git-fixes). - Refresh patches.suse/PCI-mvebu-Do-not-modify-PCI-IO-type-bits-in-conf_wri.patch. - commit 389addb - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - Input: samsung-keypad - properly state IOMEM dependency (git-fixes). - soc: fsl: guts: Add a missing memory allocation failure check (git-fixes). - soc: fsl: guts: Revert commit 3c0d64e867ed (git-fixes). - PCI: mvebu: Fix device enumeration regression (git-fixes). - Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes). - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes). - mac80211_hwsim: report NOACK frames in tx_status (git-fixes). - regulator: core: fix false positive in regulator_late_cleanup() (git-fixes). - ntb_hw_switchtec: Fix bug with more than 32 partitions (git-fixes). - ntb_hw_switchtec: Fix pff ioread to read into mmio_part_cfg_all (git-fixes). - PCI: mvebu: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge (git-fixes). - PCI: mvebu: Fix configuring secondary bus of PCIe Root Port via emulated bridge (git-fixes). - PCI: mvebu: Setup PCIe controller to Root Complex mode (git-fixes). - commit d5ec48e - HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes). - HID: add mapping for KEY_DICTATE (git-fixes). - drm/amdgpu: fix suspend/resume hang regression (git-fixes). - drm/amdgpu: check vm ready by amdgpu_vm->evicting flag (git-fixes). - dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes). - i2c: bcm2835: Avoid clock stretching timeouts (git-fixes). - ASoC: rt5682: do not block workqueue if card is unbound (git-fixes). - ASoC: rt5668: do not block workqueue if card is unbound (git-fixes). - drm/amd/pm: correct UMD pstate clocks for Dimgrey Cavefish and Beige Goby (git-fixes). - drm/i915: Disable DRRS on IVB/HSW port != A (git-fixes). - drm/amd/display: Update watermark values for DCN301 (git-fixes). - hamradio: fix macro redefine warning (git-fixes). - drm/mediatek: mtk_dsi: Reset the dsi0 hardware (git-fixes). - drm/amd/display: Use adjusted DCN301 watermarks (git-fixes). - drm/i915/display: Move DRRS code its own file (git-fixes). - drm/i915/display: split out dpt out of intel_display.c (git-fixes). - commit 6d1bad6 ++++ net-snmp: - Decouple snmp-mibs from net-snmp version to allow major version upgrade (bsc#1196955). ------------------------------------------------------------------ ------------------ 2022-3-8 - Mar 8 2022 ------------------- ------------------------------------------------------------------ ++++ haproxy: - (bsc#1196408) VUL-0: CVE-2022-0711: haproxy: Denial of service via set-cookie2 header o Apply upstream patch: 0001-BUG-MAJOR-http-htx-prevent-unbounded-loop-in-http_ma.patch ++++ hwdata: - Update to version 0.357 (bsc#1196332): + Updated pci, usb and vendor ids. ++++ kernel-default: - iwlwifi: mvm: don't crash on invalid rate w/o STA (git-fixes). - commit c6f1f37 - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug (bsc#1196869). - commit 20abbb1 - cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning (bsc#1196868). - commit ac61211 - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes). - commit 7ff92d6 - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866). - commit 3757e25 - iwlwifi: pcie: add killer devices to the driver (bsc#1196802). - iwlwifi: add new killer devices to the driver (bsc#1196802). - commit 5e7d8b6 - cpufreq: intel_pstate: Update EPP for AlderLake mobile (bsc#1196848). - cpufreq: intel_pstate: ITMT support for overclocked system (bsc#1196849). - commit 68d5eea - drm: Don't test for IRQ support in VBLANK ioctls (bsc#1195464). - commit 0ef2c9a - lib/iov_iter: initialize "flags" in new pipe_buffer (CVE-2022-0847 bsc#1196584 git-fixes). - commit 9682d38 - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - commit 378df3f ++++ wireless-tools: - Fix URLs (wireless-tools home page has been migrated to github.io) ++++ libnvme: - Update License information. The library is released under LGPL-2.1-or-later and not LGPL-2.1-only. ++++ ceph: - Update to 16.2.7-596-g7d574789716 + Update Prometheus Container image paths (pr #459) + mgr/dashboard: Fix documentation URL (pr #456) + mgr/dashboard: Adapt downstream branded navigation page (pr #454) ++++ systemd: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) The script 'upgrade-from-pre-210.sh' used to initialize the default target during migration from sysvinit to systemd. However it created symlinks to runlevel targets, which are deprecated and might be missing when systemd-sysvcompat package is not installed. If such symlinks are found the script now renames them to point to 'true' systemd target units. - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. In most cases it will do the right thing anyway. - systemd.spec: minor simplification by assuming that %{bootstrap} is always defined. - Make sure to create 'systemd-coredump' system user when systemd-coredump is installed (follow-up for the split of the sysusers config files). ++++ libtirpc: - add option to enforce connection via protocol version 2 first (bsc#1196647) add 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch ++++ libxml2: - Update to version 2.9.13: * Security fixes: + [CVE-2022-23308] Use-after-free of ID and IDREF attributes (boo#1196490); + Several memory leaks and another issues. * Many regressions fixes. * Numerous bug fixes, including, among many others: + xmllint's --maxmem option should work as expected now; + xmllint now returns an error if arguments are missing. * Numerous tests and code and fuzzing fixes and improvements. * Updated documentation. - The full Libxml2 2.9.13 NEWS can be found here: https://download.gnome.org/sources/libxml2/2.9/\ libxml2-2.9.13.news. - Replace version-release macros in all 3 Obsoletes tag with plain 2.9.13 to avoid unwanted behaviors in the future. - Remove dropped upstream AUTHORS file from list of files to be installed in the documentation location with 'cp' command. - Update http://xmlsoft.org URL tag to Libxml2's new web home: https://gitlab.gnome.org/GNOME/libxml2. - Update ftp://xmlsoft.org Source tag to Libxml2's new download host: https://download.gnome.org. - Drop deprecated Python-2-related macro definitions/conditional statement from spec file. - Drop merged upstream patches: libxml2-fix-lxml-corrupted-subtree-structures.patch; libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch. - Drop libxml2.keyring source file as the new download host doesn't offer GPG signatures. - Use ldconfig_scriptlets macro for post(un) handling. ++++ libxml2-python: - Update to version 2.9.13: * Security fixes: + [CVE-2022-23308] Use-after-free of ID and IDREF attributes (boo#1196490); + Several memory leaks and another issues. * Many regressions fixes. * Numerous bug fixes, including, among many others: + xmllint's --maxmem option should work as expected now; + xmllint now returns an error if arguments are missing. * Numerous tests and code and fuzzing fixes and improvements. * Updated documentation. - The full Libxml2 2.9.13 NEWS can be found here: https://download.gnome.org/sources/libxml2/2.9/\ libxml2-2.9.13.news. - Replace version-release macros in all 3 Obsoletes tag with plain 2.9.13 to avoid unwanted behaviors in the future. - Remove dropped upstream AUTHORS file from list of files to be installed in the documentation location with 'cp' command. - Update http://xmlsoft.org URL tag to Libxml2's new web home: https://gitlab.gnome.org/GNOME/libxml2. - Update ftp://xmlsoft.org Source tag to Libxml2's new download host: https://download.gnome.org. - Drop deprecated Python-2-related macro definitions/conditional statement from spec file. - Drop merged upstream patches: libxml2-fix-lxml-corrupted-subtree-structures.patch; libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch. - Drop libxml2.keyring source file as the new download host doesn't offer GPG signatures. - Use ldconfig_scriptlets macro for post(un) handling. ++++ xkeyboard-config: - U_Add-the-new-AZERTY-layout-norm-NF-Z71-300.patch * Backport French standardized AZERTY layout (AFNOR: NF Z71-300) (bsc#1188867) ++++ yast2: - Reverted LD_PRELOAD change (GitHub PR#1236) (bsc#1196326) - 4.4.46 ------------------------------------------------------------------ ------------------ 2022-3-7 - Mar 7 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.36.2: + When the list of plugins is not specified via "main.plugins" in NetworkManager.conf and no build-time default is set with "--with-config-plugins-default" configure argument, now all known plugins found in the plugin directory are loaded (and the built-in "keyfile" plugin is preferred over others). + Preserve external ports during checkpoint rollback. + Fix removal of ovsdb entry when an OVS interface goes away. + Fix DNS configuration for WWAN connections. ++++ kernel-default: - sr9700: sanity check for packet length (bsc#1196836). - commit 93a1690 - tracing: Fix return value of __setup handlers (git-fixes). - commit 70f4989 - tracing/histogram: Fix sorting on old "cpu" value (git-fixes). - commit c9173be - nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION (CVE-2022-26490 bsc#1196830). - commit b6213c4 - nvme-tcp: fix possible use-after-free in transport error_recovery work (git-fixes). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme: fix a possible use-after-free in controller reset during load (git-fixes). - commit e6bcfd5 - Update patch reference for iov security fix (CVE-2022-0847 bsc#1196584) - commit 211dab3 - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes). - e1000e: Correct NVM checksum verification flow (bsc#1191663). - e1000e: Fix possible HW unit hang after an s0ix exit (jsc#SLE-18382). - igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). - igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). - iavf: Fix __IAVF_RESETTING state usage (jsc#SLE-18385). - iavf: Fix missing check for running netdev (git-fixes). - iavf: Fix deadlock in iavf_reset_task (jsc#SLE-18385). - iavf: Fix race in init state (jsc#SLE-18385). - iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS (jsc#SLE-18385). - iavf: Fix init state closure on remove (jsc#SLE-18385). - iavf: Add waiting so the port is initialized in remove (jsc#SLE-18385). - iavf: Rework mutexes for better synchronisation (jsc#SLE-18385 stable-5.14.6). - veth: fix races around rq->rx_notify_masked (git-fixes). - commit 60dae36 - Move upstreamed patches into sorted section - commit 1900045 ++++ gcc12: - drop armv5tel, merge arm and armv6hl - use --with-cpu rather than specifying --with-arch/--with-tune - Bump to 40c1d4a07e5798c01e4364336c9617550744861d, git191925. ++++ qemu: - Build PPC firmwares from sources on non-PPC builds as well (bsc#1193545) - Build RiscV firmwares on non-RiscV builds as well - While there, refactor (and simplify!) the firmware building logic and code * Patches added: Makefile-define-endianess-for-cross-buil.patch Makefile-fix-build-with-binutils-2.38.patch - qemu,kvm,xen: NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) * Patches added: hw-scsi-megasas-check-for-NULL-frame-in-.patch ++++ samba: - Fix mismatched version of libldb2; (bsc#1196788). - Drop obsolete SuSEfirewall2 service files. ++++ yast2-trans: - Update to version 84.87.20220305.ba29422b84: * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Swedish) * Translated using Weblate (Finnish) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Finnish) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Finnish) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * New POT for text domain 'autoinst'. * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Spanish) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Slovak) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (German) ------------------------------------------------------------------ ------------------ 2022-3-6 - Mar 6 2022 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 4.0.0~rc2 - Fix missing prompt in "shell" command [bsc#1196580] - Add output of tukit commands to log file - Fix compilation error with GCC12 [boo#1194876] - Fixed (non-critical) security review comments [boo#1196149] - Fixed selfupdate - Code cleanup ------------------------------------------------------------------ ------------------ 2022-3-5 - Mar 5 2022 ------------------- ------------------------------------------------------------------ ++++ gtk3: - Update to version 3.24.33: + No changes. ++++ open-iscsi: - Update to latest upstream, including test cleanup, minor bug fixes (cosmetic), and fixing iscsi-init (bsc#1195656). ++++ kernel-default: - scsi: smartpqi: Add PCI IDs (bsc#1196627). - commit 7890c4e - thermal: core: Fix TZ_GET_TRIP NULL pointer dereference (git-fixes). - ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes). - ASoC: cs4265: Fix the duplicated control name (git-fixes). - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes). - drm/bridge: ti-sn65dsi86: Properly undo autosuspend (git-fixes). - drm/i915: s/JSP2/ICP2/ PCH (git-fixes). - drm/i915/guc/slpc: Correct the param count for unset param (git-fixes). - pinctrl: sunxi: Use unique lockdep classes for IRQs (git-fixes). - commit 81b566b ++++ expat: - Security fixes: * (CVE-2022-25236, bsc#1196784) [>=2.4.5] Fix to CVE-2022-25236 breaks biboumi, ClairMeta, jxmlease, libwbxml, openleadr-python, rnv, xmltodict - Added expat-CVE-2022-25236-relax-fix.patch ------------------------------------------------------------------ ------------------ 2022-3-4 - Mar 4 2022 ------------------- ------------------------------------------------------------------ ++++ firewalld: - Fix modprobe.d directory for SLE15 SP3 - Always own %_modprobedir (bsc#1196275, jsc#SLE-20639) ++++ grub2: - Support saving grub environment for POWER signed grub images (jsc#SLE-23854) * 0001-Add-grub_envblk_buf-helper-function.patch * 0002-Add-grub_disk_write_tail-helper-function.patch * 0003-grub-install-support-prep-environment-block.patch * 0004-Introduce-prep_load_env-command.patch * 0005-export-environment-at-start-up.patch - Use enviroment variable in early boot config to looking up root device * grub2.spec ++++ gtk3: - Update to version 3.24.32: + GtkCellRendererProgress: Use tabular figures. + GtkFontChooser: - Fix the build with older Pango. - Fix axis name handling. + Theme: Fix border color for tiled windows. + Accessibility: Fix cell accessible leak. + Wayland: - Support new high-contrast setting. - Only update scale when on any outputs. + Updated translations. ++++ ignition: - Remove /var/lib/YaST2/reconfig_system if a config was provided: * ignition-remove-reconfig_system.service - Add support for NetworkManager in dracut: * ignition-enable-network.service, ignition-enable-network.sh ++++ kernel-default: - Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403) Deleted: patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch - commit 4606b8c - batman-adv: Don't expect inter-netns unique iflink indices (git-fixes). - batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes). - batman-adv: Request iflink once in batadv-on-batadv check (git-fixes). - mac80211: treat some SAE auth steps as final (git-fixes). - nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes). - iwlwifi: mvm: check debugfs_dir ptr before use (git-fixes). - mac80211: fix forwarded mesh frames AC & queue selection (git-fixes). - mac80211: fix EAPoL rekey fail in 802.3 rx path (git-fixes). - can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes). - can: etas_es58x: change opened_channel_cnt's type from atomic_t to u8 (git-fixes). - auxdisplay: lcd2s: Use proper API to free the instance of charlcd object (git-fixes). - auxdisplay: lcd2s: Fix memory leak in ->remove() (git-fixes). - auxdisplay: lcd2s: Fix lcd2s_redefine_char() feature (git-fixes). - commit 81727a5 - Update kabi files for intel_pmt_dev_create (bsc#1196591) - commit 40a0e22 ++++ util-linux: - Prevent root owning of /var/lib/libuuid/clock.txt (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch). ++++ bluez: - Install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639) ++++ wireless-tools: - install modprobe.conf files in %_modprobedir (bsc#1196275, jsc#SLE-20639) ++++ openssl-1_1: - Security fix: [bsc#1192820, CVE-2002-20001] * Fix DHEATER: The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE calculation. * Stop recommending the DHE in SSL_DEFAULT_SUSE_CIPHER_LIST * Rebase openssl-DEFAULT_SUSE_cipher.patch ++++ ceph: - Update to 16.2.7-577-g3e3603b5dd1 + Update prometheus-server version ++++ raspberrypi-firmware: - Install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639) ++++ raspberrypi-firmware-config: - Install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639) ++++ rust-keylime: - Add work_dir directory in /var/lib/keylime - Add subpackage rust-keylime-python to execute revocation payload in Python ++++ samba: - Drop obsolete Samba fsrvp v0->v1 state upgrade functionality; (bsc#1080338). ++++ supportutils: - Changes to version 3.1.20 + Added command blkid #114 + Added s390x specific files and output #115 + Fix for invalid argument during updates (bsc#1193204) + Optimized conf_files, conf_files_text and log_cmd functions #118 + Fixed iscsi initiator name (bsc#1195797) + Added rpcinfo -p output #116 + Included /etc/sssd/conf.d configuration files #100 ++++ util-linux-systemd: - Prevent root owning of /var/lib/libuuid/clock.txt (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch). ------------------------------------------------------------------ ------------------ 2022-3-3 - Mar 3 2022 ------------------- ------------------------------------------------------------------ ++++ combustion: - Support the dracut network-manager module ++++ containerd: - Update to containerd v1.4.13 to fix CVE-2022-23648. bsc#1196441 - Remove upstreamed patch: - CVE-2022-23648.patch ++++ kernel-default: - cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723). - commit 6c02e38 - blacklist.conf: Add 51e50fbd3efc psi: fix "no previous prototype" warnings when CONFIG_CGROUPS=n - commit 5389513 - Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985). - commit de17db9 - kABI workaround for fxls8962af iio accel drivers (git-fixes). - commit dfedd1c - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes). - ARM: Fix kgdb breakpoint for Thumb2 (git-fixes). - ntb: intel: fix port config status offset for SPR (git-fixes). - iio: accel: fxls8962af: add padding to regmap for SPI (git-fixes). - USB: serial: option: add Telit LE910R1 compositions (git-fixes). - USB: serial: option: add support for DW5829e (git-fixes). - USB: gadget: validate endpoint index for xilinx udc (git-fixes). - tps6598x: clear int mask on probe failure (git-fixes). - xhci: re-initialize the HC during resume if HCE was set (git-fixes). - ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes). - drm/amd/pm: fix some OEM SKU specific stability issues (git-fixes). - drm/amdgpu: disable MMHUB PG for Picasso (git-fixes). - drm/amd/display: Protect update_bw_bounding_box FPU code (git-fixes). - CDC-NCM: avoid overflow in sanity checking (git-fixes). - USB: zaurus: support another broken Zaurus (git-fixes). - commit b45b17b ++++ util-linux: - Make uuidd lock state file usable and time based UUIDs safe again (bsc#1194642, util-linux-uuidd-fix-lock-state.patch). - Fix "su -s" bash completion (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch). ++++ Mesa: - baselibs.conf: readded mistakenly removed packages * Mesa-libVulkan-devel * Mesa-vulkan-device-select * Mesa-vulkan-overlay ++++ libnvme: - Update to version 1.0-rc5: * ioctl: Set lsp to action in nvme_get_log_persistent_event (bsc#1196121) * tree: Ignore traddr case in nvme_lookup_ctrl() (bsc#1194025) * fabrics: Do not swap bytes for system uuid (bsc#1196565) * documentation updates ++++ nvme-cli: - Update to version 2.0-rc5: * nvme: passthru bugfix(wrong jump, wrong file descriptor) * nvme-cli: Ignore traddr case (bsc#1194025) * nvme: fix segfault in nvme telemetry-log error handling * fabrics: ensure zero kato for non-persistent controllers * documenation updates ++++ sudo: - Add sudo-1.9.9-honor-T_opt.patch * the -T option of sudo does nothing even when 'Defaults user_command_timeouts' is present in the configuration. * [bsc#1193446] * Credit to Jaroslav Jindrak ++++ systemd-rpm-macros: - Bump version to 11 - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275 bsc#1196406) Until SLE15-SP3:QU2, /usr/lib/modprobe.d path was not supported by kmod and since SLE15-SP4 /etc/modprobe.d/README has references to /lib/modprobe.d... ++++ util-linux-systemd: - Make uuidd lock state file usable and time based UUIDs safe again (bsc#1194642, util-linux-uuidd-fix-lock-state.patch). - Fix "su -s" bash completion (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch). ------------------------------------------------------------------ ------------------ 2022-3-2 - Mar 2 2022 ------------------- ------------------------------------------------------------------ ++++ containerd: [ This patch was only released in SLES and Leap. ] - Add patch for CVE-2022-23648. bsc#1196441 + CVE-2022-23648.patch ++++ python-kiwi: - Stick to pytest v6.x.y Signed-off-by: David Cassany - Don't exit the script on deprecated function use (bsc#1196644) The "exit 0" there stops processing of the calling script with a success exit code, which leads to incomplete and broken images. ++++ kernel-default: - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.") - commit 68fa069 - powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038). - commit 5aa7d3e - Refresh sorted patches. - commit 0c5d65a - Refresh patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch. - commit 783700c - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - commit 88ba5ec ++++ kernel-default-base: - Add binfmt_misc (boo#1196373) ++++ gcc12: - Drop unconditional -gccN suffix from libstdc++6-pp packages and instead use the same suffix as for the matching libstdc++6 package it supplements to ease future updates. Add Obsoletes to pre-existing libstdc++6-pp-gcc{9,10,11} packages to allow updates to happen. [bsc#1196107] ++++ systemd: - update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) * change scripts-udev-convert-rules.sh ++++ psmisc: - Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch * Add a fallback if the system call name_to_handle_at() is not supported by the used file system. - Add patch psmisc-22.21-semaphores.patch * Replace the synchronizing over pipes of the sub process for the stat(2) system call with mutex and conditions from pthreads(7) (bsc#1194172) - Add patch psmisc-22.21-statx.patch * Use statx(2) or SYS_statx system call to replace the stat(2) system call and avoid the sub process at all (bsc#1194172) ++++ virt-manager: - bsc#1196202 - virt-install crashes on a time-of-check time-of-use (TOCTOU) race condition Resolved by upgrade to version 4.0.0 (jsc#SLE-18261) virt-manager-4.0.0.tar.gz - Other features and bug fixes (bsc#1027942) virt-install –os-variant/–osinfo is now a hard requirement for most cases Add ‘Enable shared memory’ UI checkbox (Lin Ma) add UI preference to default to UEFI for new VMs (Charles Arnold) Add virtiofs filesystem driver UI option Fill in all –cputune, –cpu, –shmem, –input, and –boot suboptions (Hugues Fafard) virt-* mdev improvements (Shalini Chellathurai Saroja) bhyve improvments (Roman Bogorodskiy) Revive network portgroup UI enable a TPM by default when UEFI is used (Daniel P. Berrangé) Use cpu host-passthrough by default on qemu x86 use virtio-gpu video for most modern distros Default to extra pcie root ports for q35 set discard=unmap by default for sparse disks and block devices We now require xorissofs for –location ISO We now use setuptools rather than just plain distutils - Add virtman-revert-use-of-AyatanaAppIndicator3.patch - Drop the following patches 0e15cd51-virt-manager-enable-MDEV-support.patch 143c6bef-virtinst-fix-error-message-format-string.patch 4d0e3232-virtinst-Fix-TOCTOU-in-domain-enumeration.patch 8bb64ad5-console-Dont-block-console-reconnect-for-non-error.patch 9363e1e6-virt-xml-add-support-for-mediated-devices.patch 965480e8-virt-install-add-mediated-device.patch 9d4002ee-tests-verify-MDEV-support.patch cf93e2db-console-fix-error-with-old-pygobject.patch d3c627f1-volumeupload-Use-1MiB-read-size.patch d9b5090e-Fix-forgetting-password-from-keyring.patch e7222b50-addstorage-Dont-pass-None-to-widget.set_active.patch f87e96d3-hostdev-use-method-get_mdev_uuid.patch fe8722e7-createnet-Remove-some-unnecessary-max_length-annotations.patch virtinst-graphics-add-check-for-qemu-modules-in-spice-graphic.patch virtman-add-firmware-preferences.patch virtman-legacy-bios-support.patch virtman-show-no-firmware-for-xenpv.patch ++++ yast2: - New doc: Invoking External Commands in YaST (in doc/) ------------------------------------------------------------------ ------------------ 2022-3-1 - Mar 1 2022 ------------------- ------------------------------------------------------------------ ++++ grub2: - Remove obsolete openSUSE 12.2 conditionals in spec file - Clean up powerpc certificate handling. ++++ kernel-default: - Update config and supported.conf for intel_vsec (bsc#1196591) intel_pmt driver is renamed to intel_vsec - Update config files - supported.conf - commit 99cb50f - platform/x86/intel: Move intel_pmt from MFD to Auxiliary Bus (bsc#1196591). - driver core: auxiliary bus: Add driver data helpers (bsc#1196591). - PCI: Add #defines for accessing PCIe DVSEC fields (bsc#1196591). - platform/x86: intel_pmt_telemetry: Ignore zero sized entries (bsc#1196591). - platform/x86/intel: pmt: Use y instead of objs in Makefile (bsc#1196591). - commit 731c1ca - platform/x86/intel: Move Intel PMT drivers to new subfolder (bsc#1196591). - Refresh patches.suse/platform-x86-intel_pmc_core-Move-to-intel-sub-direct.patch. - commit e7adc65 - soc: fsl: qe: Check of ioremap return value (git-fixes). - soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes). - soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes). - ARM: dts: Use 32KiHz oscillator on devkit8000 (git-fixes). - ARM: dts: switch timer config to common devkit8000 devicetree (git-fixes). - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes). - firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes). - arm64: dts: juno: Remove GICv2m dma-range (git-fixes). - efivars: Respect "block" flag in efivar_entry_set_safe() (git-fixes). - commit 368c894 ++++ kernel-default-base: - Add quota modules (bsc#1196585) - Add nfs layout modules ++++ Mesa: - autoselect libvulkan_intel package via hardware supplements on Intel GPUs - autoselect libvulkan_radeon package via hardware supplements on AMD GPUs - no longer install libvulkan_lvp package (lavapipe=Software Vulkan driver), libvulkan_broadcom and libvulkan_freedreno packages by default, i.e. no longer have libvulkan_intel/libvulkan_radeon and libvulkan_lvp packages installed at the same time (boo#1180522) - libvulkan_intel/libvulkan_radeon/libvulkan_lvp now require Mesa-vulkan-device-select package, not the other way round! (baselibs.conf also adjusted) ++++ gcc12: - Use proper patch for SLE 15.x. - Bump to 4a1c20df82c9e14478d79fbe1ae9690a36285ac1, git191847. - Add gcc12-d-workaround.patch that fixes issue with gcc11 compiler. - Bump to 673a10aee1aafe0c99bfadc29a7458339bdddb3a, git191845. ++++ openssl-1_1: - FIPS: Reintroduce the FFC and ECC checks in openssl-DH.patch that were removed in the update to 1.1.1l [bsc#1185313] - FIPS: Fix sn_objs and ln_objs in crypto/objects/obj_mac.num * Rebase openssl-DH.patch [bsc#1194327] - Merge openssl-keep_EVP_KDF_functions_version.patch into openssl-1.1.1-evp-kdf.patch - Add function codes for pbkdf2, hkdf, tls and ssh selftests. Rebase patches: * openssl-fips-kdf-hkdf-selftest.patch * openssl-kdf-selftest.patch * openssl-kdf-ssh-selftest.patch * openssl-kdf-tls-selftest.patch ++++ libseccomp: - add python-rpm-macros (bsc#1194758). ++++ osinfo-db: - Update to database version 20220214 osinfo-db-20220214.tar.xz ++++ patterns-microos: - make the salt_minion pattern visible - 5.2.1 ++++ rust-keylime: - Update to version 0.1.0+git.1645537954.2f1447d: * Make zmq an optional dependency * notifications_handler: Introduce /notifications/revocation REST endpoint * revocation: Move out revocation message processing * revocation: Make get_revocation_cert_path() public * Install systemd unit file ++++ suseconnect-ng: - Update to version 0.0.6~git9.33e5847: * Delegate free() calls back to Go (bsc#1195729) * Pass "insecure" to zypper addservice * Workaround system cert reloading after import (bsc#1195220) * Extract setupHTTPClient for easier reuse * Exit with code 64 on connection refused like Ruby ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#581 - always include bash -> sh links (jsc#SLE-18234) - 16.57.16 ------------------------------------------------------------------ ------------------ 2022-2-28 - Feb 28 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - add hide-pcp.patch to hide references to PCP (Performance Co-Pilot) and metric collection (bsc#1195943). The cockpit-pcp package is not included in SLE Micro 5.2 base and these parts require it. ++++ glib2: - Split gtk-docs from -devel package, these are not needed during building projects using glib2 - Use _multibuild as the meson buildprocess is very awkward regarding the documentation - builds single-jobs only and twice (again during %install). This way the rest of distribution waiting for glib2-devel to be available is not blocked by this ++++ kernel-default: - Revert "i40e: Fix reset bw limit when DCB enabled with 1 TC" (git-fixes). - net/mlx5e: Add missing increment of count (jsc#SLE-19253). - net/mlx5e: MPLSoUDP decap, fix check for unsupported matches (git-fixes). - net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes). - net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes). - net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (git-fixes). - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5: Fix possible deadlock on rule deletion (git-fixes). - net/mlx5: Fix tc max supported prio for nic mode (git-fixes). - net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes). - net/mlx5: DR, Fix the threshold that defines when pool sync is initiated (git-fixes). - net/mlx5: DR, Don't allow match on IP w/o matching on full ethertype/ip_version (git-fixes). - net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte (jsc#SLE-19253). - net/mlx5: DR, Cache STE shadow memory (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes). - bnxt_en: Fix devlink fw_activate (jsc#SLE-18978). - bnxt_en: Increase firmware message response DMA wait time (git-fixes). - bnxt_en: Restore the resets_reliable flag in bnxt_open() (jsc#SLE-18978). - bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes). - bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes). - bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes). - bnxt_en: Fix active FEC reporting to ethtool (git-fixes). - ice: initialize local variable 'tlv' (git-fixes). - ice: check the return of ice_ptp_gettimex64 (git-fixes). - ice: fix concurrent reset and removal of VFs (git-fixes). - ice: fix setting l4 port flag when adding filter (jsc#SLE-18375). - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes). - bonding: force carrier update when releasing slave (git-fixes). - bonding: fix data-races around agg_select_timer (git-fixes). - ice: enable parsing IPSEC SPI headers for RSS (git-fixes). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (git-fixes). - nfp: flower: fix ida_idx not being released (git-fixes). - bonding: pair enable_port with slave_arr_updates (git-fixes). - commit 9564d58 - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - commit 0236fcc - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - commit bd2a633 - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - commit 2cd9b58 - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: don't return an error from nvme_configure_metadata (git-fixes). - commit c11b169 - x86/kvmclock: Fix Hyper-V Isolated VM's boot issue when vCPUs > 64 (bsc#1183682). - x86/kvm: Don't waste memory if kvmclock is disabled (bsc#1183682). - Netvsc: Call hv_unmap_memory() in the netvsc_device_remove() (bsc#1183682). - commit fe9b9a8 - Drivers: hv: utils: Make use of the helper macro LIST_HEAD() (git-fixes). - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (git-fixes). - commit 63ae3fa - pinctrl: tigerlake: Revert "Add Alder Lake-M ACPI ID" (git-fixes). - gpio: tegra186: Fix chip_data type confusion (git-fixes). - pinctrl: k210: Fix bias-pull-up (git-fixes). - pinctrl: fix loop in k210_pinconf_get_drive() (git-fixes). - commit cf40913 ++++ kernel-firmware: - Update to version 20220224 (git commit 9cab94f59b23): * Mellanox: Add new mlxsw_spectrum firmware xx.2010.1406 * wfx: update to firmware 3.14 * wfx: add antenna configuration files * wfx: rename silabs/ into wfx/ * linux-firmware: update firmware for mediatek bluetooth chip(MT7921) * linux-firmware: Update firmware patch for Intel Bluetooth 8260 * linux-firmware: Update firmware file for Intel Bluetooth 8265 * linux-firmware: Intel BT 7265: Fix Security Issues (CVE-2021-33139,CVE-2021-33155,INTEL-SA-00604,bsc#1195786) - Update license.txt for wfx - Temporary fix for WHENCE for wfx: wfx-WHENCE-fix.diff ++++ gcc12: - Bump to 37b583b9d7719f663656ce65ac822c11471fb540, git191817. - Bump sover of libgo library. ++++ sssd: - Add 'ldap_ignore_unreadable_references' parameter to skip unreadable objects referenced by 'member' attributte; (bsc#1190775); (gh#SSSD/sssd#4893); Add patch 0001-ldap-ignore-unreadable-references.patch ++++ salt: - Add salt-ssh with Salt Bundle support (venv-salt-minion) (bsc#1182851, bsc#1196432) - Fix issues found around pre_flight_script_args - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) - Fix salt-call event.send with pillar or grains - Update generated documentation to 3004 - Added: * add-salt-ssh-support-with-venv-salt-minion-3004-493.patch * state.orchestrate_single-does-not-pass-pillar-none-4.patch * prevent-shell-injection-via-pre_flight_script_args-4.patch * fix-salt-call-event.send-call-with-grains-and-pillar.patch ++++ yast2-trans: - Update to version 84.87.20220227.6bd7ce0ef2: * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Slovak) ------------------------------------------------------------------ ------------------ 2022-2-27 - Feb 27 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775) - commit d9a821b ------------------------------------------------------------------ ------------------ 2022-2-26 - Feb 26 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/amdgpu: do not enable asic reset for raven2 (git-fixes). - drm/amd/display: For vblank_disable_immediate, check PSR is really used (git-fixes). - drm/edid: Always set RGB444 (git-fixes). - surface: surface3_power: Fix battery readings on batteries without a serial number (git-fixes). - commit c407884 - tty: n_gsm: fix deadlock in gsmtty_open() (git-fixes). - Revert "USB: serial: ch341: add new Product ID for CH341A" (git-fixes). - usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes). - usb: dwc2: drd: fix soft connect when gadget is unconfigured (git-fixes). - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes). - xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). - usb: dwc3: pci: Add "snps,dis_u2_susphy_quirk" for Intel Bay Trail (git-fixes). - clk: jz4725b: fix mmc0 clock gating (git-fixes). - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). - commit f19b8b6 - spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes). - regmap-irq: Update interrupt clear register for proper reset (git-fixes). - thermal: int340x: fix memory leak in int3400_notify() (git-fixes). - sc16is7xx: Fix for incorrect data being transmitted (git-fixes). - tty: n_gsm: fix wrong modem processing in convergence layer type 2 (git-fixes). - tty: n_gsm: fix wrong tty control line for flow control (git-fixes). - tty: n_gsm: fix NULL pointer access due to DLCI release (git-fixes). - tty: n_gsm: fix proper link termination after failed open (git-fixes). - tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes). - commit dbb24c6 - iio: imu: st_lsm6dsx: wait for settling time in st_lsm6dsx_read_oneshot (git-fixes). - iio: Fix error handling for PM (git-fixes). - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes). - iio:imu:adis16480: fix buffering for devices with no burst mode (git-fixes). - iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits (git-fixes). - iio: adc: tsc2046: fix memory corruption by preventing array overflow (git-fixes). - driver core: Free DMA range map when device is released (git-fixes). - staging: fbtft: fb_st7789v: reset display before initialization (git-fixes). - commit d2c23ea ++++ python3-core: - Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). ++++ sqlite3: - update to 3.38.0 * Add the -> and ->> operators for easier processing of JSON * The JSON functions are now built-ins * Enhancements to date and time functions * Rename the printf() SQL function to format() for better compatibility, with alias for backwards compatibility. * Add the sqlite3_error_offset() interface for helping localize an SQL error to a specific character in the input SQL text * Enhance the interface to virtual tables * CLI columnar output modes are enhanced to correctly handle tabs and newlines embedded in text, and add options like "--wrap N", "--wordwrap on", and "--quote" to the columnar output modes. * Query planner enhancements using a Bloom filter to speed up large analytic queries, and a balanced merge tree to evaluate UNION or UNION ALL compound SELECT statements that have an ORDER BY clause. * The ALTER TABLE statement is changed to silently ignores entries in the sqlite_schema table that do not parse when PRAGMA writable_schema=ON ++++ python3: - Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). ------------------------------------------------------------------ ------------------ 2022-2-25 - Feb 25 2022 ------------------- ------------------------------------------------------------------ ++++ elfutils: - Add support for zstd, needed to inspect kernel modules (bsc#1196510) ++++ kernel-default: - Update kabi files. - commit c453b5c - blacklist.conf: 03ee5956781b drm/i915/ttm: only fault WILLNEED objects - commit dbdf3fe - netfilter: nf_tables_offload: incorrect flow offload action array size (bsc#1196299 CVE-2022-25636). - commit f8ec613 - drm/i915/dg2: Print PHY name properly on calibration error (git-fixes). - commit 609b3e3 - drm/i915: Widen the QGV point mask (git-fixes). - commit b495032 ++++ libcap: - Use "or" in the license tag to avoid confusion (bsc#1180073) ++++ libsolv: - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ("requires" is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime - bump version to 0.7.21 ++++ yast2-trans: - Leap 15.4 Beta translations poo#99990 bump to version 84.87.20220224.fc95951c18: * Translated using Weblate (Catalan) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (Dutch) * Translated using Weblate (French) * Translated using Weblate (Catalan) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * New POT for text domain 'registration'. * New POT for text domain 'nis_server'. * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * New POT for text domain 'installation'. * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Ukrainian) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (Spanish) * Translated using Weblate (Ukrainian) * Translated using Weblate (Spanish) * Translated using Weblate (French) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (German) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (German) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (French) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Spanish) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * New POT for text domain 'installation'. * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (French) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (German) * Translated using Weblate (Catalan) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Spanish) * Translated using Weblate (German) * Translated using Weblate (Spanish) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Spanish) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Spanish) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Finnish) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Vietnamese) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (German) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (German) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (German) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * New POT for text domain 'autoinst'. * Translated using Weblate (German) * Translated using Weblate (Chinese (China) (zh_CN)) ------------------------------------------------------------------ ------------------ 2022-2-24 - Feb 24 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.36.0: + The handling of Layer 3 configurations has been substantially reworked. While this is mostly internal change, it results in more robust behavior when addressing information from multiple sources (DHCP, manually configured, VPN) need to be applied simultaneously. Overall performance and memory use have also slightly improved. + Manually configured addresses can no longer expire even if the same addresses are also obtained dynamically. + Code for systemd-based DHCP and DHCPv6 clients has been updated from upstream. + NTP servers obtained via DHCPv6 are now exposed on the DBus API, visible in nmcli and available for use by dispatcher scripts. + 5G NR (New Radio) modems are now supported. + The "rd.znet_ifnames" kernel command line option is now honored on network bootups on an IBM s390 platform. + Wi-Fi P2P support does now work with the IWD backend, in addition to wpa_supplicant backend. + Support for special route types have been added: "prohibit", "blackhole" and "unreachable". + Routes managed by routing daemons are now ignored. This is done to address a performance bottleneck on specialized routers. + Handling of IP addressing and routing information is now slightly more efficient and uses less memory. This is apparent on systems with large amount of IP configuration information. + It is now possible to start NetworkManager without root user privileges. This is experimental doesn't necessarily result in a working daemon. NetworkManager service already drops many of capabilities available to the root user. + WPA3 Wi-FI network security have been improved by enabling new H2E (hash to element) method for generating SAE password element. + It is now possible to select the default Wi-Fi backend (wpa_supplicant or IWD) at build-time. + Replies from broken DHCP servers that send duplicate address or mask options are now handled gracefully. + Bridge support has gained the possibility of turning off MAC ageing. + "configure-and-quit" mode and nm-iface-helper have been removed. + A number of bugs that could cause NetworkManager to crash in rare conditions have been fixed. - Drop pkgconfig(libteam) BuildRequires and stop passing teamdctl=true to meson: No longer build teamdctl support. - Drop patches fixed upstream: + 4685651e7671e064b911a3a05f096908e5ef0580.patch + 471e987add98b36520ece72ee493176fc7bc863c.patch + 6329f1db5ac75ee3b7d2f7ce062e951a598625fe.patch + 634e023e72d4729788a022ea1fae665af28d1b0f.patch + aadf0fb64f491f94b2771058621dc140c562b62b.patch - Drop nm-dhcp-use-valid-lease-on-timeout.patch: Patch was rejected upstream. - Rebase patches with quilt. ++++ kernel-default: - mm/page_alloc: Do not prefetch buddies during bulk free (bnc#1193239,bnc#1193199,bnc#1193329). - commit 40059fa - Move upstreamed SCSI fix into sorted section - commit c28a141 - bpf/selftests: Test PTR_TO_RDONLY_MEM (bsc#1196261 CVE-2022-0500). - bpf: Add MEM_RDONLY for helper args that are pointers to rdonly mem (bsc#1196261 CVE-2022-0500). - bpf: Make per_cpu_ptr return rdonly PTR_TO_MEM (bsc#1196261CVE-2022-0500). - bpf: Convert PTR_TO_MEM_OR_NULL to composable types (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - bpf: Introduce MEM_RDONLY flag (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - Refresh patches.suse/bpf-Fix-out-of-bounds-access-for-ringbuf-helpers.patch. - Refresh patches.suse/bpf-Generally-fix-helper-register-offset-check.patch. - bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - Refresh patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch. - Refresh patches.suse/bpf-Generally-fix-helper-register-offset-check.patch. - bpf: Replace RET_XXX_OR_NULL with RET_XXX | PTR_MAYBE_NULL (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - bpf: Replace ARG_XXX_OR_NULL with ARG_XXX | PTR_MAYBE_NULL (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - bpf: Introduce composable reg, ret and arg types (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - commit 4db4b9b - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - commit 91cec19 - nvme: expose cntrltype and dctype through sysfs (jsc#SLE-23643). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme: send uevent on connection up (jsc#SLE-23643). - nvme: expose cntrltype and dctype through sysfs (jsc#SLE-23643). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme: send uevent on connection up (jsc#SLE-23643). - commit d19ac19 - hwmon: Handle failure to register sensor with thermal zone correctly (git-fixes). - lib/iov_iter: initialize "flags" in new pipe_buffer (git-fixes). - arm64: Correct wrong label in macro __init_el2_gicv3 (git-fixes). - drm/atomic: Don't pollute crtc_state->mode_blob with error pointers (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/amdgpu: skipping SDMA hw_init and hw_fini for S0ix (git-fixes). - HID:Add support for UGTABLET WP5540 (git-fixes). - kconfig: fix failing to generate auto.conf (git-fixes). - kconfig: let 'shell' return enough output for deep path names (git-fixes). - phy: usb: Leave some clocks running during suspend (git-fixes). - soc: aspeed: lpc-ctrl: Block error printing on probe defer cases (git-fixes). - arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610 (git-fixes). - arm64: dts: meson-g12: add ATF BL32 reserved-memory region (git-fixes). - arm64: dts: meson-gx: add ATF BL32 reserved-memory region (git-fixes). - ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of (git-fixes). - ARM: OMAP2+: hwmod: Add of_node_put() before break (git-fixes). - ACPI: PM: Revert "Only mark EC GPE for wakeup on Intel systems" (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - drm/amd/display: fix yellow carp wm clamping (git-fixes). - drm/amd/display: Cap pflip irqs per max otg number (git-fixes). - display/amd: decrease message verbosity about watermarks table failure (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - random: wake up /dev/random writers after zap (git-fixes). - drm/amdgpu: fix logic inversion in check (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - kunit: tool: Import missing importlib.abc (git-fixes). - pinctrl: bcm63xx: fix unmet dependency on REGMAP for GPIO_REGMAP (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RWC NANOTE P8 AY07J 2-in-1 (git-fixes). - drm/nouveau/pmu/gm200-: use alternate falcon reset sequence (git-fixes). - commit 680fa3f ++++ systemd: - Fix a regression caused by the split of the sysusers config files shipped by systemd (bsc#1196322) Calls to %sysusers_create were not updated accordingly. ++++ libzypp: - Hint on ptf<>patch resolver conflicts (bsc#1194848) - version 17.29.5 (22) ++++ pam: - Define _pam_vendordir as "/%{_sysconfdir}/pam.d" The variable is needed by systemd and others. [bsc#1196093, macros.pam] ++++ zypper: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) - version 1.14.52 ------------------------------------------------------------------ ------------------ 2022-2-23 - Feb 23 2022 ------------------- ------------------------------------------------------------------ ++++ avahi: - switch to use _multibuild - delete _avahi_spec-prepare.sh, pre_checkin.sh: obsolete - use https urls ++++ cloud-regionsrv-client: - Update -addon-azure to 1.0.2 (bsc#1196305) + The is-registered() function expects a string of the update server FQDN. The regionsrv-enabler-azure passed an Object of type SMT. Fix the call in regionsrv-enabler-azure. - Update -plugin-azure to 2.0.0 (bsc#1196146) + Lower case the region hint to reduce issues with Azure region name case inconsistencies ++++ kernel-default: - Update patches.suse/powerpc-kexec_file-Add-KEXEC_SIG-support.patch (jsc#SLE-18145 bsc#1192295 bsc#1195993 jsc#SLE-18138). Use the secondary keyring rather than platform keyring for KEXEC_SIG on powerpc. Platform keyring is not available on powerpc. - commit 78a342a - udf: Restore i_lenAlloc when inode expansion fails (bsc#1196079 CVE-2022-0617). - commit 0553b1c - udf: Fix NULL ptr deref when converting from inline format (bsc#1196079 CVE-2022-0617). - commit 1523b04 - bpf: add config to allow loading modules with BTF mismatches (bsc#1194501). - Update config files. - commit d62343d - arch/x86/mm/numa: Do not initialize nodes twice (bsc#1195752 bsc#1196248). - commit a9cb651 - sfc: Use swap() instead of open coding it (bsc#1196306). - ethernet/sfc: remove redundant rc variable (bsc#1196306). - sfc: use swap() to make code cleaner (bsc#1196306). - sfc: last resort fallback for lack of xdp tx queues (bsc#1196306). - sfc: fallback for lack of xdp tx queues (bsc#1196306). - commit dd06e3b - Delete ACPI patch that broke s2idle (bsc#1196213) Deleted: patches.suse/ACPI-EC-Rework-flushing-of-EC-work-while-suspended-t.patch A new kABI compat patch was added instead - Delete ACPI patches that broke s2idle (bsc#1196213) Deleted: patches.suse/ACPI-EC-Rework-flushing-of-EC-work-while-suspended-t.patch patches.suse/ACPI-PM-s2idle-Cancel-wakeup-before-dispatching-EC-G.patch A new kABI compat patch was added instead - commit 99c6bc9 ++++ systemd: - %_pam_vendordir is still wrong on SLE, let's define our own definition for now. ++++ samba: - Fix ntlm authentications with "winbind use default domain = yes"; (bso#13126); (bsc#1173429); (bsc#1196308). ------------------------------------------------------------------ ------------------ 2022-2-22 - Feb 22 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - powerpc/64s/hash: Make hash faults work in NMI context (bsc#1195655 ltc#1195655). - commit 9801a29 - arm64: kvm: keep the field workaround_flags in structure kvm_vcpu_arch (git-fixes). - commit 06289db ++++ libnvme: - Update to version 1.0-rc4: * fabrics: add default port number for NVMe/TCP I/O controllers * linux: Update size when telemetry controller initiated data is unavailable * add cdw13 for set_feature_args structure * Add support for TP8010 * Documentation cleanups ++++ python3-core: - Add patch support-expat-245.patch: * Support Expat >= 2.4.5 ++++ systemd: - Add in quarantine the following patches: 6000-udev-net_id-add-debug-logging-for-construction-of-de.patch 6001-udev-net_id-show-the-correct-identifier-in-the-debug.patch They might help with predictable network device naming issues. They will be moved to the git repo if nothing wrong happens. - Import commit d150ab3db99dea63a546567b3227baf0d85e4265 (merge of v249.10) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/26736aafa1df67d222fe46c54bf74b5c7a44d8a1...d150ab3db99dea63a546567b3227baf0d85e4265 - Import commit 26736aafa1df67d222fe46c54bf74b5c7a44d8a1 8973cb2462 systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23866) ++++ nvme-cli: - Update to version 2.0-rc4: * netapp-nvme: free the nsdescs pointer after use * netapp-nvme: fix ontapdevices segfault in json output * nvme-print: fix 'nvme list -o json' segfault * nvme: get_ns_id command fails on nvme device * wdc: updated products list for telemetry (--type) argument * docs: fix typo in Data Set Management section * Fix ctrlist for attach-ns and detach-ns * netapp-nvme: fix nvme ns desc uuid handling for ontapdevices * wdc: Fix use-after-free access of cbs_data * Fixed regression with 'open namespace exclusive' (bsc#1195945) ++++ python3: - Add patch support-expat-245.patch: * Support Expat >= 2.4.5 ++++ setools: - Add make_networkx_optional.patch to cut down installation requirements - Change python3-networkx from require into recommend ++++ rust-keylime: - Update to version 0.1.0+git.1645023877.811a869: * Make clippy happy. * Add a --help message. * Depend on Rust-TSS-ESAPI 7.0.0 stable * main: Return error on initialization if python shim is missing * common: Add hardcoded config defaults for revocation * main: Add execution permissions to revocation actions * revocation: Log revocation actions output * revocation: Fix get_revocation_cert_path() comment * gitignore: Add filters for some temporary files * revocation: Do not ignore revocation actions from config * revocation: Implement python actions support * tests: Implement proof-of-concept python shim * revocation: Implement lookup_action() function * common: Add revocation actions configurations * revocation: Enforce local action naming restriction * revocation: Remove duplicate logger initialization * crypto: unfiy import_x509 and load_x509 * update Cargo.lock * common: update API version to v2.0 * tpm: drop zlib compression in quotes * run agent webserver with mTLS enabled and add mtls_cert to registrar * crypto: load and generate X509 certificates, mTLS context generation * keylime.conf: add setting for Keylime CA * Bump tss-esapi crate to 7.0.0-beta.1 * Update to fix typo * Use Path and PathBuf consistently to represent paths * Bump versions of some dependencies * quotes_handler: Check quotes in tests * tpm: Remove hard-coded struct sizes with std::mem::size_of * tpm: Let compiler to infer arch-dependent integer types * Use CString as the first argument of libc::chown * keys_handler: Add API to get public key (#284) * crypto: Fix algorithms used for revocation signature (#275) * revocation: Use revocation certificate set by configuration (#300) * common: Add revocation_cert to the global configuration structure * ima_emulator: Fix running hash calculation on resumption * keys_handler: Add test with encrypted payload * main: Use condition variable to wait for payload encryption key * main: Use Option to represent a combined key * main: Redefine KeySet as a vector * keys_handler, main: Move crypto operations to crypto module * keys_handler: Make use of type safe payload deserialization * Remove unused imports * Remove duplicate CODEOWNERS file * Remove panic when running rev action * move global configuration into a single struct * Add codeowners ------------------------------------------------------------------ ------------------ 2022-2-21 - Feb 21 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Add upstream bug fix patches: + 4685651e7671e064b911a3a05f096908e5ef0580.patch: glib-aux: fix nm_ref_string_equal_str() Fix comparison with a NULL string + 6329f1db5ac75ee3b7d2f7ce062e951a598625fe.patch: libnm/tests: fix maybe-uninitialized warning in "test-setting" + aadf0fb64f491f94b2771058621dc140c562b62b.patch: libnm/tests: fix maybe-uninitialized warning in "test-libnmc-setting" + 471e987add98b36520ece72ee493176fc7bc863c.patch: device: initialize nm_auto variable in _ethtool_features_reset() + 634e023e72d4729788a022ea1fae665af28d1b0f.patch: glib-aux: workaround maybe-uninitialized warning with LTO in nm_uuid_generate_from_string_str() ++++ cyrus-sasl: - CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036) o add upstream patch: 0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch ++++ kbd: - Fix build without %_distconfdir (see bsc#1195679) ++++ kernel-default: - sched: Fix yet more sched_fork() races (git fixes (sched/core)). - sched/fair: Fix fault in reweight_entity (git fixes (sched/core)). - Revert "mm/gup: small refactoring: simplify try_grab_page()" (git fixes (mm/gup)). - commit 6ff1bff - Refresh patches.suse/mm-vmscan-remove-deadlock-due-to-throttling.patch. Update upstream git commit ID. - commit 1f491cb - Update patch reference for USB gadget fix (CVE-2022-25375 bsc#1196235) - commit 1003159 - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu: Extend mutex lock scope in iommu_probe_device() (git-fixes). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - commit 0ec0c5d - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/arm-smmu-qcom: Fix TTBR0 read (git-fixes). - commit dfd4bbb - dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size (git-fixes). - dmaengine: stm32-dmamux: Fix PM disable depth imbalance in stm32_dmamux_probe (git-fixes). - dmaengine: sh: rcar-dmac: Check for error num after setting mask (git-fixes). - dmaengine: ptdma: Fix the error handling path in pt_core_init() (git-fixes). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i2c: qcom-cci: don't put a device tree node before i2c_add_adapter() (git-fixes). - i2c: qcom-cci: don't delete an unregistered adapter (git-fixes). - commit 06371e5 - supported.conf: move kmem and dax_hmem to support list Moved kmem and dax_hmem to support list. (bsc#1195953) - commit fdf232f ++++ expat: - Security fixes: * (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs - Added expat-CVE-2022-25236.patch * (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before 2.4.5 does not check whether a UTF-8 character is valid in a certain context. - Added expat-CVE-2022-25235.patch * (CVE-2022-25313, bsc#1196168) Stack exhaustion in build_model() via uncontrolled recursion - Added expat-CVE-2022-25313.patch - The fix upstream introduced a regression that was later amended in 2.4.6 version + Added expat-CVE-2022-25313-fix-regression.patch * (CVE-2022-25314, bsc#1196169) Integer overflow in copyString - Added expat-CVE-2022-25314.patch * (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames - Added expat-CVE-2022-25315.patch ++++ sg3_utils: - Update to version 1.47+4.82fb156: * rescan_scsi_bus.sh: restore numeric ordering of hosts (bsc#1196244) ++++ sssd: - Fix 32-bit libraries package. Libraries were moved from sssd to sssd-common to fix bsc#1182058 and baselibs.conf was not updated accordingly; (bsc#1196166); ++++ systemd: - Fix build if %_distconfdir is not defined (see bsc#1195679) ++++ swtpm: - Update to version 0.5.3 - swtpm: - Check header size indicator against expected size (CVE-2022-23645 bsc#1196240) - Fix --print-capabilities for 'swtpm chardev' - swtpm_localca: - Test for available issuercert before creating CA - swtpm_cert: - Rename deprecated libtasn1 types - man pages: - Update the doc of the flag to connect to TPM via UnixIO socket ++++ systemd-presets-branding-SMO: - enable transactional-update-cleanup.timer (required by transactional-update 4.0.0) ++++ toolbox: - adjusted the patch to the toolbox container in registry ------------------------------------------------------------------ ------------------ 2022-2-20 - Feb 20 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-firmware: - Update to version 20220218 (git commit c53073d4e148): * rtl_bt: Update RTL8852A BT USB firmware to 0xDFB7_6D7A * rtl_bt: Update RTL8822C BT USB firmware to 0x19B7_6D7D * rtl_bt: Update RTL8822C BT UART firmware to 0x15B7_6D7D * amdgpu: Update yellow carp firmware from 21.50 * amdgpu: Update vega20 firmware from 21.50 * amdgpu: Update vega12 firmware from 21.50 * amdgpu: Update vega10 firmware from 21.50 * amdgpu: Update vangogh firmware from 21.50 * amdgpu: Update renoir firmware from 21.50 * amdgpu: Update raven2 firmware from 21.50 * amdgpu: Update raven firmware from 21.50 * amdgpu: Update picasso firmware from 21.50 * amdgpu: Update beige goby firmware from 21.50 * amdgpu: Update dimgrey cavefish firmware from 21.50 * amdgpu: Update navy flounder firmware from 21.50 * amdgpu: Update sienna cichlid firmware from 21.50 * amdgpu: Update navi14 firmware from 21.50 * amdgpu: Update navi12 firmware from 21.50 * amdgpu: Update navi10 firmware from 21.50 * amdgpu: Update cyan skillfish2 firmware from 21.50 * amdgpu: Update green sardine firmware from 21.50 * amdgpu: Update arcturus firmware from 21.50 * amdgpu: Add aldebaran firmware from 21.50 * LICENSE.amdgpu: update copyright date * linux-firmware: Update AMD cpu microcode * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: Amphion: Add VPU firmwares for NXP i.MX8Q SoCs * i915: Add DMC firmware v2.16 for ADL-P * linux-firmware: mediatek: Update MT8173 VPU firmware to v1.1.7 - Add entry for amphion - Update spec template - Update aliases ------------------------------------------------------------------ ------------------ 2022-2-19 - Feb 19 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: gpmi: don't leak PM reference in error path (git-fixes). - mtd: phram: Prevent divide by zero bug in phram_setup() (git-fixes). - mtd: parsers: qcom: Fix missing free for pparts in cleanup (git-fixes). - mtd: parsers: qcom: Fix kernel panic on skipped partition (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - mtd: rawnand: ingenic: Fix missing put_device in ingenic_ecc_get (git-fixes). - commit 0bb3bde - ASoC: intel: skylake: Set max DMA segment size (git-fixes). - ASoC: SOF: hda: Set max DMA segment size (git-fixes). - ALSA: hda: Set max DMA segment size (git-fixes). - ASoC: qcom: Actually clear DMA interrupt register for HDMI (git-fixes). - ASoC: tas2770: Insert post reset delay (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_xr_sx() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ALSA: hda/realtek: Add quirk for Legion Y9000X 2019 (git-fixes). - ALSA: usb-audio: revert to IMPLICIT_FB_FIXED_DEV for M-Audio FastTrack Ultra (git-fixes). - commit 5c27957 - Move upstreamed sound fixes into sorted section - commit 651a728 ------------------------------------------------------------------ ------------------ 2022-2-18 - Feb 18 2022 ------------------- ------------------------------------------------------------------ ++++ ModemManager: - Update to version 1.18.6: + The ModemManager.service file for systemd integration provided in the sources is updated as follows: ++ 'CAP_NET_ADMIN' is now required in the 'CapabilityBoundingSet' field. ++ 'AF_NETLINK' and 'AF_QIPCRTR' are now required in the 'RestrictAddressFamilies' field. + The LEGACY and PARANOID filter types that were allowed options in the '--filter-policy' option in the ModemManager daemon were deprecated in version 1.16.0 and have now been completely removed, along with the vid:pid blacklist of devices and the vid:pid greylist of RS232<->USB adapters. + The ModemManager daemon can run now in a 'quick suspend/resume' mode, in which no explicit data disconnection is triggered on suspend, and no explicit device re-probing from scratch is launched on resume. Instead, the daemon will try to refresh the state of all interfaces upon suspend, e.g. to see if the module keeps registered to the same operator, to see if it is still connected, and so on. + core: added support for the new 'WWAN' subsystem in Linux kernel 5.13, enabling PCIe-only modules. + core: The charset conversion methods rework, including the avoiding of the iconv() + qmi: the logic managing allowed/preferred modes was fixed for multimode devices like the MC7304, making sure the acquisition order preference always had the same items. + serial: when modem is connected with AT+PPP, ignore forced disconnections, so that we don't take ownership of the PPP port before pppd has released it. + foxconn: added support for the T99W175 (SDX55) module, including built-in FCC unlock procedure. + foxconn: added new MBIM QDU firmware update method. - Move the dbus-1 system.d file to /usr (bsc#1196170) - Use source verification - Update Supplements to new format - Add BRs needed for new tests: * python3-gobject-Gdk * python3-dbus-python ++++ NetworkManager: - Use meson LTO setup as NM makes changes to CFLAGS ++++ distribution-logos-openSUSE: - Fix the obsoleted and provided versions of the old systemd logo branding package ++++ dracut: - Update to version 055+suse.238.gacab0df5: * fix(cpio): correct dev_t -> rmajor/rminor mapping (bsc#1195808) * ci(cpio): add test_archive_dev_maj_min (bsc#1195808) * ci(cpio): add TempWorkDir.create_tmp_mknod helper (bsc#1195808) ++++ kernel-default: - Update patch reference for vfs fix (CVE-2022-0644 bsc#1196155) - commit 97dc820 - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - commit c52c801 - brcmfmac: firmware: Fix crash in brcm_alt_fw_path (bsc#1195501) - commit 21498fa - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915/ttm: tweak priority hint selection (git-fixes). - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (git-fixes). - drm/amd/pm: correct the sequence of sending gpu reset msg (git-fixes). - net: phy: mediatek: remove PHY mode check on MT7531 (git-fixes). - atl1c: fix tx timeout after link flap on Mikrotik 10/25G NIC (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - cfg80211: fix race in netlink owner interface destruction (git-fixes). - iwlwifi: mvm: don't send SAR GEO command for 3160 devices (git-fixes). - iwlwifi: pcie: gen2: fix locking when "HW not ready" (git-fixes). - iwlwifi: pcie: fix locking when "HW not ready" (git-fixes). - mac80211: mlme: check for null after calling kmemdup (git-fixes). - brcmfmac: firmware: Fix crash in brcm_alt_fw_path (git-fixes). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - commit 73136b7 - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - commit 2b4dffe ++++ rdma-core: - Add srp_daemon-Detect-proper-path-to-systemctl.patch to fix path to systemctl (bsc#1195874) ++++ libvirt: - libxl: Fix libvirtd crash on domain restore 454b927d-libxl-fix-dom-restore.patch bsc#1196115 ++++ qemu: - Include vmxcap in the qemu-tools package (is being very useful for debugging bsc#1193364) - The qemu package should require qemu-x86, qemu-arm, etc, as there's no point installing it without _any_ of them. Additionally, right now, the user does not get a working qemu, if recommended packages are disabled (e.g., on MicroOS or SLE Micro). bsc#1196087 - Give clearer instructions on how to modify the package patches from the output of update_git.sh (docs change only, no functional change) - qemu,kvm: potential privilege escalation via virtiofsd (bsc#1195161, CVE-2022-0358) * Patches added: virtiofsd-Drop-membership-of-all-supplem.patch * Patches added: block-backend-Retain-permissions-after-m.patch iotest-065-explicit-compression-type.patch iotest-214-explicit-compression-type.patch iotest-302-use-img_info_log-helper.patch iotest-303-explicit-compression-type.patch iotest-39-use-_qcow2_dump_header.patch iotests-60-more-accurate-set-dirty-bit-i.patch iotests-bash-tests-filter-compression-ty.patch iotests-common.rc-introduce-_qcow2_dump_.patch iotests-declare-lack-of-support-for-comp.patch iotests-drop-qemu_img_verbose-helper.patch iotests-massive-use-_qcow2_dump_header.patch iotests-MRCE-Write-data-to-source.patch iotests.py-filter-out-successful-output-.patch iotests.py-img_info_log-rename-imgopts-a.patch iotests.py-implement-unsupported_imgopts.patch iotests.py-qemu_img-create-support-IMGOP.patch iotests.py-rewrite-default-luks-support-.patch iotests-specify-some-unsupported_imgopts.patch qcow2-simple-case-support-for-downgradin.patch tests-qemu-iotests-Fix-051-for-binaries-.patch ++++ vim: - Minimal fix for Bug 1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2. / vim-8.0.1568-CVE-2022-0413.patch - Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in normal.c / vim-8.0.1568-CVE-2021-3796.patch - Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in win_redr_status() drawscreen.c / vim-8.0.1568-CVE-2021-3872.patch - Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-3927.patch - Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow / vim-8.0.1568-CVE-2021-3928.patch - Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-4019.patch - Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow / vim-8.0.1568-CVE-2021-3984.patch - Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c / vim-8.0.1568-CVE-2021-3778.patch - Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read / vim-8.0.1568-CVE-2021-4193.patch - Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service. / vim-8.0.1568-CVE-2021-46059.patch - Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim prior to 8.2. / vim-8.0.1568-CVE-2022-0319.patch - Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7() / vim-8.0.1568-CVE-2022-0351.patch - Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim prior to 8.2. / vim-8.0.1568-CVE-2022-0361.patch - Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c / vim-8.0.1568-CVE-2022-0413.patch ------------------------------------------------------------------ ------------------ 2022-2-17 - Feb 17 2022 ------------------- ------------------------------------------------------------------ ++++ avahi: - remove avahi-mono* subspecfiles, they are no longer required by anything. this makes the spec file slightly more readable. ++++ dracut: - Update to version 055+suse.234.gbdaf66ff: * fix(tpm2-tss): install SUSE specific files (bsc#1195984) * fix(systemd-sysusers): override systemd-sysusers.service (bsc#1195983) ++++ librsvg: - Update to version 2.52.6: + Fix incorrect text rendering when text has different scales in the X/Y axes. This regressed after librsvg 2.52.5, when Pango had to revert its fix for the same bug. Now librsvg renders all text as paths, and does the scaling itself. Please file a bug if you have evidence that this presents a performance problem for you. ++++ jeos-firstboot: - Update to version 1.1.1.0: * Drop use of /var/log/jeos * Avoid "Terminated console_subproc" message from wait * Skip broken consoles (bsc#1195975) ++++ kernel-default: - Update kabi files. Update after the nvme-fc map_queues callback addition. - commit ba2de57 - Update patch reference for USB gadget fix (CVE-2022-25258 bsc#1196095) - commit 8127da0 - Drop PCI xgene patch that caused a regression for mxl4 (bsc#1195352) Delete patches.suse/PCI-xgene-Fix-IB-window-setup.patch Also update blacklist - commit dd99303 - KVM: arm64: Avoid consuming a stale esr value when SError occur (git-fixes). - commit 87ae6f4 - KVM: arm64: Use shadow SPSR_EL1 when injecting exceptions on !VHE (git-fixes). - commit ca196b7 - KVM: arm64: pkvm: Use the mm_ops indirection for cache maintenance (git-fixes). - commit 799343b - KVM: arm64: Drop unused workaround_flags vcpu field (git-fixes). - KVM: s390: Ensure kvm_arch_no_poll() is read once when blocking vCPU (git-fixes). - commit 13bf810 - nvme-fc: add support for ->map_queues (bsc#1195823). - commit f890a27 - KVM: Ensure local memslot copies operate on up-to-date arch-specific data (git-fixes). - commit f8ddb24 - KVM: Clean up benign vcpu->cpu data races when kicking vCPUs (git-fixes). - commit 155b588 - thermal/drivers/int340x: Improve the tcc offset saving for suspend/resume (git-fixes). - Refresh patches.suse/thermal-drivers-int340x-Fix-RFIM-mailbox-write-comma.patch. - Refresh patches.suse/thermal-drivers-int340x-processor_thermal-Suppot-64-.patch. - commit 13f8316 - mmc: block: fix read single on recovery logic (git-fixes). - tty: n_tty: do not look ahead for EOL character past the end of the buffer (git-fixes). - vt_ioctl: add array_index_nospec to VT_ACTIVATE (git-fixes). - vt_ioctl: fix array_index_nospec in vt_setactivate (git-fixes). - Revert "usb: dwc2: drd: fix soft connect when gadget is unconfigured" (git-fixes). - USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - USB: serial: cp210x: add NCR Retail IO box id (git-fixes). - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: option: add ZTE MF286D modem (git-fixes). - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - usb: dwc2: drd: fix soft connect when gadget is unconfigured (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - USB: gadget: validate interface OS descriptor requests (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - ARM: dts: Fix boot regression on Skomer (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - irqchip/realtek-rtl: Service all pending interrupts (git-fixes). - usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - drm/vc4: Fix deadlock on DSI device attach error (git-fixes). - hwmon: (dell-smm) Speed up setting of fan speed (git-fixes). - commit 8276a70 ++++ systemd: - Always create systemd-network system user, even if systemd-networkd is not installed (bsc#1195559) - Don't rely on %{_distconfdir}, it's broken on SLE (bsc#1195998) ++++ ovmf: - Sort file lists for reproducible build results ++++ selinux-policy: - use %license tag for COPYING file ++++ suse-build-key: - extended expiry of SUSE PTF key, move it to suse_ptf_key_old.asc - added new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - extended expiry of SUSE SLES11 key (bsc#1194845) - added SUSE Contaner signing key in PEM format for use e.g. by cosign. - SUSE security key replaced with 2022 edition (E-Mail usage only). (bsc#1196495) ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#576 - use signed grub.elf on ppc64 (bsc#1196070) - 16.57.15 ++++ yast2: - do not strip surrounding white space in CDATA XML elements (bsc#1195910) - 4.4.45 ------------------------------------------------------------------ ------------------ 2022-2-16 - Feb 16 2022 ------------------- ------------------------------------------------------------------ ++++ avahi: - Replace avahi-0.6.31-systemd-order.patch with avahi-add-resolv-conf-to-inotify.patch: re-read configuration when resolv.conf changes, per discussion on the bug (boo#1194561). ++++ growpart-generator: - Get the parent device with lsblk - Improve the partition number extraction to work with device names containing multiple numbers (bsc#1196101) ++++ kernel-default: - Refresh patches.suse/mm-page_alloc-Fetch-the-correct-pcp-buddy-during-bulk-free.patch. - Refresh patches.suse/mm-page_alloc-Free-pages-in-a-single-pass-during-bulk-free.patch. - Refresh patches.suse/mm-page_alloc-Limit-number-of-high-order-pages-on-PCP-during-bulk-free.patch. - Refresh patches.suse/mm-page_alloc-Simplify-how-many-pages-are-selected-per-pcp-list-during-bulk-free.patch. - Refresh patches.suse/mm-page_alloc-Track-range-of-active-PCP-lists-during-bulk-free.patch. - commit 7ca072e - sched/preempt: Tell about PREEMPT_DYNAMIC on kernel headers (bsc#1194889). - commit 1c083dc - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - commit f1ccb25 - Refresh patches.suse/rpadlpar_io-Add-MODULE_DESCRIPTION-entries-to-kernel.patch - commit 563eb84 - nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc#1195012). - commit 5a50415 - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - commit a0f28e5 - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - commit e4cd5bb - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - commit dff7f20 - powerpc/xive: Export XIVE IPI information for online-only processors (bsc#1194409 ltc#195810). - powerpc/xive: Add a debugfs file to dump EQs (bsc#1194409 ltc#195810). - powerpc/xive: Rename the 'cpus' debugfs file to 'ipis' (bsc#1194409 ltc#195810). - powerpc/xive: Change the debugfs file 'xive' into a directory (bsc#1194409 ltc#195810). - powerpc/xive: Introduce xive_core_debugfs_create() (bsc#1194409 ltc#195810). - powerpc/xive: Introduce an helper to print out interrupt characteristics (bsc#1194409 ltc#195810). - commit d46bad1 - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - commit a185abb - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - qla2xxx: add ->map_queues support for nvme (bsc#1195823). - commit e9e3cbc - selftests: kvm: Remove absent target file (git-fixes). - commit a89d5ba - mm/page_alloc: Limit number of high-order pages on PCP during bulk free (bnc#1193239,bnc#1193199,bnc#1193329). - mm/page_alloc: Free pages in a single pass during bulk free (bnc#1193239,bnc#1193199,bnc#1193329). - mm/page_alloc: Drain the requested list first during bulk free (bnc#1193239,bnc#1193199,bnc#1193329). - mm/page_alloc: Simplify how many pages are selected per pcp list during bulk free (bnc#1193239,bnc#1193199,bnc#1193329). - mm/page_alloc: Track range of active PCP lists during bulk free (bnc#1193239,bnc#1193199,bnc#1193329). - mm/page_alloc: Fetch the correct pcp buddy during bulk free (bnc#1193239,bnc#1193199,bnc#1193329). - commit a445f59 - tracing: Don't inc err_log entry count if entry allocation fails (git-fixes). - commit dea8cf9 - mm/khugepaged: disable READ_ONLY_THP_FOR_FS (bsc#1195774). - commit c4a885b - tracing: Propagate is_signed to expression (git-fixes). - commit 165e9d8 - blacklist.conf: b59f2f2b865c ("tracing: Fix smatch warning for do while check in event_hist_trigger_parse()") Cosmetic only. - commit 903ff8e - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - commit baca8c4 - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes). - commit 6c74ba2 - HID: amd_sfh: Correct the structure field name (git-fixes). - HID: amd_sfh: Add illuminance mask to limit ALS max value (git-fixes). - commit 2931b4d - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484) Let's iron out the reduced initrd optimisation in Tumbleweed. Build full blown dracut initrd with systemd for SLE15 SP4. - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926) Let's iron out the reduced initrd optimisation in Tumbleweed. Build full blown dracut initrd with systemd for SLE15 SP4. - commit ea76821 ++++ multipath-tools: - Update to version 0.8.8+64+suse.f265f7e0: * libmultipath: fix printing native nvme multipath topology (bsc#1196011) * libmultipath: add %L path wildcard for 64-bit hex LUN * libmultipath: support host adapter name lookup for s390x ccw bus ++++ mdadm: - Monitor: print message before quit for no array to monitor (bsc#1183229) 0120-Monitor-print-message-before-quit-for-no-array-to-mo.patch ++++ qemu: -Backport patch from upstream, bsc#1194063 CVE-2021-4158 * Patches added: acpi-validate-hotplug-selector-on-access.patch ++++ sudo: - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) * feature-upstream-restrict-sudo-U-other-l.patch ++++ yast2: - Keep the user defined $Y2STYLE and $XCURSOR_THEME environment variables, allow changing the installer theme via these environment variables (related to jsc#SLE-20547) - 4.4.44 ------------------------------------------------------------------ ------------------ 2022-2-15 - Feb 15 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA window for persistent memory" (bsc#1195995 ltc#196394). - commit e2c5ef4 - f2fs: fix to do sanity check on inode type during garbage collection (CVE-2021-44879 bsc#1195987). - commit 6e1c3da - tipc: improve size validations for received domain records (bsc#1195254, CVE-2022-0435). - commit 8dead82 - brcmfmac: firmware: Fix firmware loading (bsc#1195501) - commit 01c98dd - brcmfmac: firmware: Allow per-board firmware binaries (bsc#1195501) - commit 4c87ae7 - Delete patches.suse/drm-i915-adlp-Remove-require_force_probe-protection.patch (bsc#1196589). We did not have enough time to stablize ADL-P graphics so restore the experimental flag. - Delete patches.suse/drm-i915-adlp-Remove-require_force_probe-protection.patch. We did not have enough time to stablize ADL-P graphics so restore the experimental flag. - commit 0cc030f - yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959 bsc#1195897). - commit 5e032d3 - fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478). - commit 0c858b7 - NFSD: Fix READDIR buffer overflow (git-fixes bsc#1196346). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFS: Don't skip directory entries when doing uncached readdir (git-fixes). - NFS: Don't overfill uncached readdir pages (git-fixes). - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - NFS: Ensure the server has an up to date ctime before hardlinking (git-fixes). - Restore kabi after NFS: pass cred explicitly for access tests (git-fixes). - NFS: don't store 'struct cred *' in struct nfs_access_entry (git-fixes). - NFS: pass cred explicitly for access tests (git-fixes). - nfsd: fix crash on COPY_NOTIFY with special stateid (git-fixes). - Revert "nfsd: skip some unnecessary stats in the v4 case" (git-fixes). - NFSD: Fix verifier returned in stable WRITEs (git-fixes). - NFSD: Fix zero-length NFSv3 WRITEs (git-fixes). - md: Move alloc/free acct bioset in to personality (git-fixes). - NFSD: Fix READDIR buffer overflow (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - nfsd: Fix nsfd startup race (again) (git-fixes). - SUNRPC: use different lock keys for INET6 and LOCAL (git-fixes). - NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes). - NFSv42: Don't fail clone() unless the OP_CLONE operation failed (git-fixes). - commit a149497 - Refresh patches.suse/SUNRPC-lock-against-sock-changing-during-sysfs-read.patch. Add upstream commit - commit f607fe3 ++++ multipath-tools: - Update to version 0.8.8+60+suse.4c5922cb: * multipathd: add suppport for FC Fabric Performance Impact Notifications (FPIN) (bsc#1195506) ++++ libselinux: - Add Requires for exact libselinux1 version for selinux-tools - Simplyfied check for correct boot paramaters in selinux-ready (bsc#1195361) ------------------------------------------------------------------ ------------------ 2022-2-14 - Feb 14 2022 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.230.g3fdde49a: * fix(dasd_rules): correct udev dasd rules parsing (bsc#1195309) * revert(lvm): remove 69-dm-lvm-metad.rules (bsc#1195604) ++++ open-iscsi: - Updated to latest upstream 2.1.6 as 2.1.6-suse, which contains bug fixes and cleanups. See the Changelog for more details. ++++ kernel-default: - Update kabi files. - commit f6a01f9 - usb: gadget: clear related members when goto fail (CVE-2022-24958 bsc#1195905). - usb: gadget: don't release an existing dev->buf (CVE-2022-24958 bsc#1195905). - commit eaa2838 - zsmalloc: replace get_cpu_var with local_lock (bsc#1189998). - zsmalloc: replace per zpage lock with pool->migrate_lock (bsc#1189998). - locking/rwlocks: introduce write_lock_nested (bsc#1189998). - zsmalloc: remove zspage isolation for migration (bsc#1189998). - zsmalloc: move huge compressed obj from page to zspage (bsc#1189998). - zsmalloc: introduce obj_allocated (bsc#1189998). - zsmalloc: decouple class actions from zspage works (bsc#1189998). - zsmalloc: rename zs_stat_type to class_stat_type (bsc#1189998). - zsmalloc: introduce some helper functions (bsc#1189998). - zsmalloc: Stop using slab fields in struct page (bsc#1189998 bsc#1190208). - commit e42cd64 - Move upstreamed i915 and ibmvnic patches into sorted section - commit a7ec0e0 - ALSA: hda/realtek: Fix deadlock by COEF mutex (bsc#1195913). - ALSA: usb-audio: Don't abort resume upon errors (bsc#1195913). - ALSA: memalloc: invalidate SG pages before sync (bsc#1195913). - ALSA: memalloc: Fix dma_need_sync() checks (bsc#1195913). - commit eaeb544 - moxart: fix potential use-after-free on remove path (bsc#1194516 CVE-2022-0487). - commit 4e8eccc - brcmfmac: use separate firmware for 43430 revision 2 (bsc#1195501) - commit 5b616d7 - memcg: do not tweak node in alloc_mem_cgroup_per_node_info (bsc#1195752). - mm: make free_area_init_node aware of memory less nodes (bsc#1195752). - mm, memory_hotplug: reorganize new pgdat initialization (bsc#1195752). - mm, memory_hotplug: drop arch_free_nodedata (bsc#1195752). - mm: handle uninitialized numa nodes gracefully (bsc#1195752). - mm, memory_hotplug: make arch_alloc_nodedata independent on CONFIG_MEMORY_HOTPLUG (bsc#1195752). - commit 8bbe670 - cpuidle: menu: Bias selection of a shallower c-state when CPU idles for IO (bnc#1193353). - commit 3f1a503 - nfsd: don't admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - commit ed38bd2 ++++ libqmi: - update to 1.30.4: * * meson: switch to use the new python module in meson. * * meson: added a new boolean 'man' option in the meson setup to explicitly enable or disable building the man pages. * * meson: removed the option to detect if rmnet is supported. * * meson: multiple updates to use newer meson features like install_dir(), install_mode() or summary(). * * meson: options 'mbim_qmux' and 'qrtr' are enabled by default and must be explicitly disabled if they're not needed, there is no attempt to autodetect whether they can be enabled or not. * qmi-proxy: * * Remove assert when attempting to close ghost device. * qmi-firmware-update: * * Use defaults if FLASH variables not reported, enabling support to flash the new Sierra Wireless EM9190 and EM9191 modules. * Several other minor improvements and fixes. ++++ psmisc: - Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch * Determine the namespace of a process only once to speed up the parsing of fdinfo (bsc#1194172). ++++ rpm-config-SUSE: - Remove definition of _distconfdir, as this should not be defined for SLE-15. Else this will conflict with our non-usr-merged environment and cause problems with transactional-update, openssh and other packages (bsc#1195679) ++++ samba: - Fix samba-ad-dc status warning notification message by disabling systemd notifications in bgqd; (bsc#1195896); (bso#14947). ++++ yast2-trans: - Update to version 84.87.20220211.620fde21a3: * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'storage'. * New POT for text domain 's390'. * New POT for text domain 'dns-server'. * Translated using Weblate (Turkish) * New POT for text domain 'packager'. * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * New POT for text domain 'nfs'. * New POT for text domain 'network'. ------------------------------------------------------------------ ------------------ 2022-2-13 - Feb 13 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - iio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL (git-fixes). - speakup-dectlk: Restore pitch setting (git-fixes). - phy: dphy: Correct clk_pre parameter (git-fixes). - phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable() (git-fixes). - phy: xilinx: zynqmp: Fix bus width setting for SGMII (git-fixes). - phy: ti: Fix missing sentinel for clk_div_table (git-fixes). - phy: broadcom: Kconfig: Fix PHY_BRCM_USB config option (git-fixes). - eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX (git-fixes). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - n_tty: wake up poll(POLLRDNORM) on receiving data (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: raw-gadget: fix handling of dual-direction-capable endpoints (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: dwc3: xilinx: fix uninitialized return value (git-fixes). - commit 1b423e6 - static_call: Fix tools headers (bsc#1194975). - commit e04353c ++++ harfbuzz: - update to 3.4.0: + Perform sanity checks on shaping results is now part of “harfbuzz” library and can be enabled by setting the buffer flag HB_BUFFER_FLAG_VERIFY + Arabic Mark Transient Reordering Algorithm have been updated to revision 6 + ISO 15924 code for mathematical notation, ‘Zmth’, now maps to the OpenType ‘math’ tag + It is now possible to get at once all math kerning values for a given glyph at a given corner + Fix locale_t portability issues on systems the typedef’s it to a void pointer ------------------------------------------------------------------ ------------------ 2022-2-12 - Feb 12 2022 ------------------- ------------------------------------------------------------------ ++++ glib2-branding-openSUSE: - Drop gnome-documents from favorite-apps for both openSUSE and SLED, package is archived upstream. ++++ kernel-default: - arm64: Add Cortex-A510 CPU part definition (git-fixes). - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes). - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes). - ARM: dts: meson: Fix the UART compatible strings (git-fixes). - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes). - arm64: dts: imx8mq: fix lcdif port node (git-fixes). - ARM: dts: imx7ulp: Fix 'assigned-clocks-parents' typo (git-fixes). - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes). - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes). - arm64: dts: meson-sm1-odroid: fix boot loop after reboot (git-fixes). - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO domain for GPIOE_2 (git-fixes). - arm64: dts: meson-sm1-odroid: use correct enable-gpio pin for tf-io regulator (git-fixes). - arm64: dts: meson-g12b-odroid-n2: fix typo 'dio2133' (git-fixes). - ARM: dts: Fix timer regression for beagleboard revision c (git-fixes). - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE (git-fixes). - gpio: sifive: use the correct register to read output values (git-fixes). - gpiolib: Never return internal error codes to user space (git-fixes). - gpio: aggregator: Fix calling into sleeping GPIO controllers (git-fixes). - drm/amd/pm: fix hwmon node of power1_label create issue (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - arm64: Add Cortex-A510 CPU part definition (git-fixes). - commit 1fd20fb ------------------------------------------------------------------ ------------------ 2022-2-11 - Feb 11 2022 ------------------- ------------------------------------------------------------------ ++++ bash: - Port bash-sh package approach back to SLE-15-SP4 (jsc#SLE-18234) ++++ glib2: - Update to version 2.70.4: + Bugs fixed: glgo#GNOME/GLib!2462 “Fix memory leak in gio/gdbusauthmechanismsha1.c” to glib-2-70. + Updated translations. ++++ kernel-default: - kernel-binary: Do not include sourcedir in certificate path. The certs macro runs before build directory is set up so it creates the aggregate of supplied certificates in the source directory. Using this file directly as the certificate in kernel config works but embeds the source directory path in the kernel config. To avoid this symlink the certificate to the build directory and use relative path to refer to it. Also fabricate a certificate in the same location in build directory when none is provided. - commit bb988d4 - BTF: Don't break ABI when debuginfo is disabled (jsc#SLE-18805). This makes re-enabling BTF for modules possible once fix for bsc#1194501 is available. - commit afc52cd - Revert "Update config files: disable DEBUG_INFO_BTF_MODULES (bsc#1194501)." This reverts commit b07bf3e61cc5aa7a5cd1b9b5289bc10db746a416. - commit 6f689d6 - constraints: Also adjust disk requirement for x86 and s390. - commit 9719db0 - constraints: Increase disk space for aarch64 - commit 09c2882 - can: isotp: fix error path in isotp_sendmsg() to unlock wait queue (git-fixes). - can: isotp: fix potential CAN frame reception race in isotp_rcv() (git-fixes). - commit 68e8f68 ++++ gcc12: - Update to trunk head, 165947fecf4d78c7effb0f1ee15e694 (git191602) - Add gcc12-PIE, similar to gcc-PIE but affecting gcc12 [bsc#1195628] ++++ libnvme: - Update to version v1.0-rc3: * Properly create manuals/documentation * Fix memleaks in __nvme_free_ns() and nvme_scan_subsystem() * nvme: get log domain id included in Log Specific Identifier * nvme: Add nulbaf(Number of Unique Capability LBA Formats) field on nvmd_id_ns * ioctl: Add identify ioctl for CNS 09h, 0Ah * nvme: Add Enhanced Controller Meta Data(FID: 0x7D) * nvme: Add Supported Capacity Configuration List log page(LID: 0x11) * tree: do not set dhchap_key to 'none' * tree: restart controller lookup * tree: fixup memory leak in nvme_scan_ctrl() * Rename nvme_path_get_subsystem() * Remove nvme_reset_topology() - Use precompiled documentation instead regenerating it ++++ openssl-1_1: - Pull libopenssl-1_1 when updating openssl-1_1 with the same version. [bsc#1195792] ++++ makedumpfile: - Turn on zstd in Tumbleweed. ++++ nvme-cli: - Update to version v2.0-rc3: * nvme-print: Fix json output for list-subsys * nvme: Allow --verbose flag to increase log level * Added telemetry log fetch support for SN810, SN530 and SN740 series NVMe SSDs through wdc vs-internal-log command * nvmf: Remove --matching from systemd service file (bsc#1195665) * nvme: Fix --force flag inversion (bsc#1195637) * nvme: Add support for data area 4 to get-telemetry-log * nvme: Add Supported Capacity Configuration List log page(LID: 0x11) * nvme: Add Enhanced Controller Meta Data(FID: 0x7D) * nvme-print: Add NVME_FEAT_FID_ENH_CTRL_METADATA to nvme_feature_to_string * nvme-print: remove unused nvme_show_id_ctrl function * nvme: Add nvm-id-ns-lba-format(CNS 0Ah) command from TP4095 * nvme: Add NVM Command Set specific identify namespace command * nvme: Add id-ns-lba-format(CNS 09h) command from TP4095 * nvme: Add nulbaf(Number of Unique Capability LBA Formats) field on nvmd_id_ns - Include precompiled documentation ++++ update-alternatives: - break bash <-> update-alternatives cycle by coolo's rewrite of %post in lua [bsc#1195654] ------------------------------------------------------------------ ------------------ 2022-2-10 - Feb 10 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - update to AppArmor 3.0.4 - various fixes in profiles, abstractions, apparmor_parser and utils (some of them were already included as patches) - add support for mctp address family - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.4 for the full upstream changelog - remove upstream(ed) patches: - aa-notify-more-arch-mr809.diff - ruby-3.1-build-fix.diff - add-samba-bgqd.diff - openssl-engdef-mr818.diff - profiles-python-3.10-mr783.diff - update-samba-abstractions-ldb2.diff - refresh patches: - apparmor-samba-include-permissions-for-shares.diff - ruby-2_0-mkmf-destdir.patch ++++ grub2: - Set grub2-check-default shebang to "#!/bin/bash", as the the code uses many instructions which are undefined for a POSIX sh. (boo#1195794). ++++ kernel-default: - KVM: s390: Return error on SIDA memop on normal guest (bsc#1195516 CVE-2022-0516). - commit 3db2d99 - crypto: api - Move cryptomgr soft dependency into algapi (git-fixes). - commit 9b78867 ++++ libapparmor: - update to AppArmor 3.0.4 - various fixes in profiles, abstractions, apparmor_parser and utils (some of them were already included as patches) - add support for mctp address family - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.4 for the full upstream changelog - remove upstream(ed) patches: - aa-notify-more-arch-mr809.diff - ruby-3.1-build-fix.diff - add-samba-bgqd.diff - openssl-engdef-mr818.diff - profiles-python-3.10-mr783.diff - update-samba-abstractions-ldb2.diff - refresh patches: - apparmor-samba-include-permissions-for-shares.diff - ruby-2_0-mkmf-destdir.patch ++++ libsemanage: - Drop Buildrequires for libustr-devel, not needed anymore ++++ python-semanage: - Drop Buildrequires for libustr-devel, not needed anymore ++++ selinux-policy: - Updated fix_cron.patch. Adjust labeling for at (bsc#1195683) ++++ wpa_supplicant: - Add CVE-2022-23303_0001.patch, CVE-2022-23303_0002.patch, CVE-2022-23303_0003.patch, CVE-2022-23303_0004.patch SAE/EAP-pwd side-channel attack update 2 (CVE-2022-23303, CVE-2022-23304, bsc#1194732, bsc#1194733) ------------------------------------------------------------------ ------------------ 2022-2-9 - Feb 9 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - locking: Remove rt_rwlock_is_contended() (bsc#1190137 bsc#1189998). - net: dev: Change the order of the arguments for the contended condition (bsc#1189998). - net: dev: Always serialize on Qdisc::busylock in __dev_xmit_skb() on PREEMPT_RT (bsc#1189998). - commit 9e29e45 - md/raid5: play nice with PREEMPT_RT (bsc#1189998). - locking: Make owner_on_cpu() into (bsc#1190137 bsc#1189998). - locking/rtmutex: Add rt_mutex_lock_nest_lock() and rt_mutex_lock_killable() (bsc#1190137 bsc#1189998). - locking/rtmutex: Squash self-deadlock check for ww_rt_mutex (bsc#1190137 bsc#1189998). - u64_stats: Disable preemption on 32bit UP+SMP PREEMPT_RT during updates (bsc#1189998). - mm/scatterlist: replace the !preemptible warning in sg_miter_stop() (bsc#1189998). - commit 8887152 - KVM: selftests: Don't skip L2's VMCALL in SMM test for SVM guest (bsc#1194523). - selftests: KVM: sev_migrate_tests: Fix sev_ioctl() (bsc#1194526). - commit 5056d9e - Update kabi files. update for the latest scheduler changes - commit cd3c5e1 - ibmvnic: don't release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - commit 32cdbed - sched/fair: Adjust the allowed NUMA imbalance when SD_NUMA spans multiple LLCs (bsc#1192120). - sched/fair: Improve consistency of allowed NUMA balance calculations (bsc#1192120). - commit 6c87519 - ASoC: codecs: wcd938x: fix return value of mixer put function (git-fixes). - drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15" Apple Retina panels (git-fixes). - drm/amd/display: watermark latencies is not enough on DCN31 (git-fixes). - drm/amd/pm: correct the MGpuFanBoost support for Beige Goby (git-fixes). - e1000e: Separate ADP board type from TGP (git-fixes). - commit 156924b - Revert ASoC mediatek patch Reverted in stable tree as it causes a regression on Chromebooks - commit 037ce32 - NFSv4: Handle case where the lookup of a directory fails (bsc#1195612 CVE-2022-24448). - commit 3f047de ++++ multipath-tools: - Version 0.8.8+57+suse.dfb672fe * kpartx.rules: skip MD devices (bsc#1195644) * libmultipath: hwtable: use ALUA for all LIO targets (bsc#1195649) * multipathd.service: drop ExecStartPre for loading dm-multipath (bsc#1195397) ++++ gcc12: - Put libstdc++6-pp Requires on the shared library and drop to Recoomends. ++++ pango: - Update to version 1.50.4: + Tweak synthetic space size. + itemize: Try harder to avoid NULL fonts. + docs: Some additions. + Pass synthetic slant to harfbuzz. + Make sloped carets work with uneven scales. + Fix serialiation on arm. + Avoid an uninitialized variable warning. + Reinstate previous behavior of pango_attr_list_splice. + Deprecated pango_coverage_ref/unref. + Fix serialization on non-glibc systems. + Fix allow-breaks handling. ++++ sssd: - Remove caches only when performing a package downgrade. The sssd daemon takes care of upgrading the database format when necessary (bsc#1195552) ++++ selinux-policy: - Fix bitlbee runtime directory (bsc#1193230) * add fix_bitlbee.patch ------------------------------------------------------------------ ------------------ 2022-2-8 - Feb 8 2022 ------------------- ------------------------------------------------------------------ ++++ hwdata: - Update to version 0.356: + Updated pci, usb and vendor ids. ++++ kdump: - Exclude i586 from SLE builds. ++++ kernel-default: - cgroup-v1: Require capabilities to set release_agent (bsc#1195543 CVE-2022-0492). - commit 80c2825 - drm/amdkfd: Separate pinned BOs destruction from general routine (bsc#1195287). - commit 906a8df - Update patch reference for HD-audio fix (bsc#1183872) - commit 4c0efd7 - RDMA/mlx4: Don't continue event handler after memory allocation failure (git-fixes). - RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes). - IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes). - IB/cm: Release previously acquired reference counter in the cm_id_priv (git-fixes). - RDMA/siw: Fix refcounting leak in siw_create_qp() (jsc#SLE-19249). - RDMA/ucma: Protect mc during concurrent multicast leaves (git-fixes). - RDMA/cma: Use correct address when leaving multicast group (git-fixes). - IB/hfi1: Fix tstats alloc and dealloc (git-fixes). - IB/hfi1: Fix AIP early init panic (git-fixes). - IB/hfi1: Fix alloc failure with larger txqueuelen (git-fixes). - IB/hfi1: Fix panic with larger ipoib send_queue_size (jsc#SLE-19242). - net/mlx5e: Avoid field-overflowing memcpy() (git-fixes). - net/mlx5e: Use struct_group() for memcpy() region (git-fixes). - net/mlx5e: Avoid implicit modify hdr for decap drop rule (jsc#SLE-19253). - net/mlx5e: IPsec: Fix tunnel mode crypto offload for non TCP/UDP traffic (git-fixes). - net/mlx5e: IPsec: Fix crypto offload for non TCP/UDP encapsulated traffic (git-fixes). - net/mlx5e: Don't treat small ceil values as unlimited in HTB offload (git-fixes). - net/mlx5: E-Switch, Fix uninitialized variable modact (git-fixes). - net/mlx5e: Fix handling of wrong devices during bond netevent (git-fixes). - net/mlx5e: Fix broken SKB allocation in HW-GRO (jsc#SLE-19253). - net/mlx5e: Fix wrong calculation of header index in HW_GRO (jsc#SLE-19253). - net/mlx5: Bridge, Fix devlink deadlock on net namespace deletion (git-fixes). - net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (jsc#SLE-19253). - net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes). - net/mlx5: Use del_timer_sync in fw reset flow of halting poll (git-fixes). - net/mlx5e: Fix module EEPROM query (git-fixes). - net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes). - net/mlx5: Bridge, ensure dev_name is null-terminated (git-fixes). - net/mlx5: Bridge, take rtnl lock in init error handler (git-fixes). - i40e: Fix reset path while removing the driver (git-fixes). - i40e: Fix reset bw limit when DCB enabled with 1 TC (git-fixes). - gve: fix the wrong AdminQ buffer queue index check (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - net: hns3: handle empty unknown interrupt for VF (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - stddef: Introduce DECLARE_FLEX_ARRAY() helper (git-fixes). - commit 8c4be7e - mmc: core: Wait for command setting 'Power Off Notification' bit to complete (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - ima: fix reference leak in asymmetric_verify() (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - commit 588dbf8 ++++ gcc12: - Bump to 943d631abdd7be623cbf2b870d3d0cfef89f5f26, git191519. ++++ openldap2: - jsc#PM-3288 - restore CLDAP functionality in CLI tools ++++ sg3_utils: - Update to version 1.47+3.adb7276: * rescan-scsi-bus.sh: fix garbled output (bsc#1195621) ++++ libvirt: - qemu: fix inactive snapshot revert 76deb656-qemu-fix-snapshot-revert.patch boo#1195690 ++++ libzypp: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. - version 17.29.4 (22) ++++ salt: - Expose missing "ansible" module functions in Salt 3004 (bsc#1195625) - Added: * add-missing-ansible-module-functions-to-whitelist-in.patch ------------------------------------------------------------------ ------------------ 2022-2-7 - Feb 7 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - mptcp: add missing documented NL params (git-fixes). - commit 6ddf1d2 - EDAC/xgene: Fix deferred probing (bsc#1190497). - commit f77b4a3 - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - commit 4a310dd - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - commit 5da0923 - block: Provide blk_mq_sched_get_icq() (bsc#1184318). - commit cbb053e - bfq: Limit waker detection in time (bsc#1184318). - commit ef96b3e - bfq: Limit number of requests consumed by each cgroup (bsc#1184318). - commit d13944f - bfq: Store full bitmap depth in bfq_data (bsc#1184318). - bfq: Track number of allocated requests in bfq_entity (bsc#1184318). - commit 118f855 ++++ harfbuzz: - update to 3.3.2: + Revert splitting of pair positioning values introduced in 3.3.0 as it proved problematic - includes changes from 3.3.1: + Fix heap-use-after-free in harfbuzz-subset introduced in previous release - includes changes from 3.3.0: + Improved documentation, code cleanup + The low 16-bits of face index will be used by hb_face_create() to select a face inside a font collection file format, while the high 16-bits will be used by hb_font_create() to load the named instance + Glyph positions and other font metrics now apply synthetic slant set by hb_font_set_synthetic_slant(), for improved positioning for synthetically slanted fonts + Fixed unintentional locale dependency in hb_variation_to_string() for decimal point representation + When applying pair positioning (kerning) the positioning value is split between the two sides of the pair for improved cursor positioning between such pairs + Introduced new HB_GLYPH_FLAG_UNSAFE_TO_CONCAT, to be used in conjunction with HB_GLYPH_FLAG_UNSAFE_TO_BREAK for optimizing re-shaping during line breaking. Check the documentation for further details + Improved handling of macrolanguages when mapping BCP 47 codes to OpenType tags ++++ polkit: - CVE-2021-4115: fixed a denial of service via file descriptor leak (bsc#1195542) added CVE-2021-4115.patch ++++ libvirt: - libxl: Mark auto-allocated graphics ports to used on reconnect e0241f33-libxl-mark-allocated-graphics-ports.patch - libxl: Release all auto-allocated graphics ports 18ec405a-libxl-release-graphics-ports.patch bsc#1191668 ++++ linux-glibc-devel: - Delete RDMA-mlx5-Add-DCS-offload-support.patch (bsc#1191550) - Update from current 15 SP4 kernel (jsc#SLE-17360) * Refresh linux-stable-version-update.patch + kvm-sev-add-support-for-sev-intra-host-migration (jsc#SLE-19924) + PCI-Add-PCI_EXP_DEVCTL_PAYLOAD_-macros.patch (stable-5.14.19) + ethtool-fix-ethtool-msg-len-calculation-for-pause-st.patch (stable-5.14.19) + uapi-fix-linux-nfc.h-userspace-compilation-errors.patch (git-fixes) + nfc-uapi-use-kernel-size_t-to-fix-user-space-builds.patch (git-fixes) + cifs-remove-pathname-for-file-from-SPDX-header.patch (bsc#1193629) + uapi-Fix-undefined-__always_inline-on-non-glibc-syst.patch (git-fixes) + tty-Partially-revert-the-removal-of-the-Cyclades-pub.patch (git-fixes) + um-virt-pci-fix-uapi-documentation (git-fixes) + net-sched-act_skbmod-Add-SKBMOD_F_ECN-option-support.patch (bsc#1189998) + stddef-Introduce-struct_group-helper-macro.patch (jsc#SLE-18978) + net-smc-add-support-for-user-defined-EIDs (jsc#SLE-18331) + net-smc-add-generic-netlink-support-for-system-EID (jsc#SLE-18331) + net-smc-add-netlink-support-for-SMC-Rv2 (jsc#SLE-18331) + net_sched-refactor-TC-action-init-API.patch (bsc#1189998) + 0001-mm-mempolicy-add-MPOL_PREFERRED_MANY-for-multiple-pr.patch (jsc#SLE-23098) + 0003-mm-mempolicy-wire-up-syscall-set_mempolicy_home_node.patch (jsc#SLE-23098) + devlink-report-maximum-number-of-snapshots-with-regi.patch (jsc#SLE-19253) + x86-arch_prctl-add-controls-for-dynamic-xstate-components.patch (jsc#SLE-18931) + 0005-efi-generate-secret-key-in-EFI-boot-environment.patch (fate#316350) + mptcp-add-missing-documented-NL-params (git-fixes) + stddef-Introduce-DECLARE_FLEX_ARRAY-helper.patch (git-fixes) ++++ samba: - libldb version mismatch in Samba dsdb component; (bsc#1118508); ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#573 - adjust to recent samba re-packaging (bsc#1195627) - 16.57.14 ++++ yast2-trans: - Update to version 84.87.20220206.a953ff83bc: * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * New POT for text domain 'storage'. * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'S390'. * New POT for text domain 's390'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Dutch) * Translated using Weblate (Finnish) * Translated using Weblate (Catalan) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'storage'. * New POT for text domain 'nfs'. * New POT for text domain 'network'. * New POT for text domain 'dns-server'. * Translated using Weblate (Ukrainian) * Translated using Weblate (Slovak) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'printer'. * New POT for text domain 'kdump'. * Translated using Weblate (Catalan) * New POT for text domain 'vpn'. * New POT for text domain 'users'. * New POT for text domain 'update'. * New POT for text domain 'tune'. * New POT for text domain 'tftp-server'. * New POT for text domain 'sysconfig'. * New POT for text domain 'support'. * New POT for text domain 'sudo'. * New POT for text domain 'storage'. * New POT for text domain 'squid'. * New POT for text domain 'sound'. * New POT for text domain 'snapper'. * New POT for text domain 'slp-server'. * New POT for text domain 'services-manager'. * New POT for text domain 'security'. * New POT for text domain 'scanner'. * New POT for text domain 'samba-server'. * New POT for text domain 'samba-client'. * New POT for text domain 's390'. * New POT for text domain 'rmt'. * New POT for text domain 'registration'. * New POT for text domain 'rear'. * New POT for text domain 'proxy'. * New POT for text domain 'printer'. * New POT for text domain 'pam'. * New POT for text domain 'packager'. * New POT for text domain 'online-update-configuration'. * New POT for text domain 'online-update'. * New POT for text domain 'oneclickinstall'. * New POT for text domain 'ntp-client'. * New POT for text domain 'nis_server'. * New POT for text domain 'nis'. * New POT for text domain 'nfs_server'. * New POT for text domain 'nfs'. * New POT for text domain 'network'. * New POT for text domain 'migration'. * New POT for text domain 'mail'. * New POT for text domain 'ldap-client'. * New POT for text domain 'ldap'. * New POT for text domain 'kdump'. * New POT for text domain 'journalctl'. * New POT for text domain 'journal'. * New POT for text domain 'isns'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'instserver'. * New POT for text domain 'installation'. * New POT for text domain 'http-server'. * New POT for text domain 'ftp-server'. * New POT for text domain 'firewall'. * New POT for text domain 'fcoe-client'. * New POT for text domain 'drbd'. * New POT for text domain 'docker'. * New POT for text domain 'dns-server'. * New POT for text domain 'dhcp-server'. * New POT for text domain 'crowbar'. * New POT for text domain 'country'. * New POT for text domain 'control'. * New POT for text domain 'configuration_management'. * New POT for text domain 'cluster'. * New POT for text domain 'cio'. * New POT for text domain 'caasp'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * New POT for text domain 'autoinst'. * New POT for text domain 'authserver'. * New POT for text domain 'auth-client'. * New POT for text domain 'audit-laf'. * New POT for text domain 'apparmor'. * New POT for text domain 'alternatives'. * New POT for text domain 'add-on'. * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Ukrainian) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Dutch) * Translated using Weblate (Ukrainian) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * Translated using Weblate (Ukrainian) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'vpn'. * New POT for text domain 'users'. * New POT for text domain 'update'. * New POT for text domain 'tune'. * New POT for text domain 'tftp-server'. * New POT for text domain 'sysconfig'. * New POT for text domain 'support'. * New POT for text domain 'sudo'. * New POT for text domain 'storage'. * New POT for text domain 'squid'. * New POT for text domain 'sound'. * New POT for text domain 'snapper'. * New POT for text domain 'slp-server'. * New POT for text domain 'services-manager'. * New POT for text domain 'security'. * New POT for text domain 'scanner'. * New POT for text domain 'sap-installation-wizard'. * New POT for text domain 'samba-server'. * New POT for text domain 'samba-client'. * New POT for text domain 's390'. * New POT for text domain 'rmt'. * New POT for text domain 'registration'. * New POT for text domain 'rear'. * New POT for text domain 'proxy'. * New POT for text domain 'printer'. * New POT for text domain 'pam'. * New POT for text domain 'packager'. * New POT for text domain 'online-update-configuration'. * New POT for text domain 'online-update'. * New POT for text domain 'oneclickinstall'. * New POT for text domain 'ntp-client'. * New POT for text domain 'nis_server'. * New POT for text domain 'nis'. * New POT for text domain 'nfs_server'. * New POT for text domain 'nfs'. * New POT for text domain 'network'. * New POT for text domain 'migration'. * New POT for text domain 'mail'. * New POT for text domain 'ldap-client'. * New POT for text domain 'ldap'. * New POT for text domain 'kdump'. * New POT for text domain 'journalctl'. * New POT for text domain 'journal'. * New POT for text domain 'isns'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'instserver'. * New POT for text domain 'installation'. * New POT for text domain 'http-server'. * New POT for text domain 'hana-update'. * New POT for text domain 'hana-ha'. * New POT for text domain 'ftp-server'. * New POT for text domain 'firewall'. * New POT for text domain 'fcoe-client'. * New POT for text domain 'drbd'. * New POT for text domain 'docker'. * New POT for text domain 'dns-server'. * New POT for text domain 'dhcp-server'. * New POT for text domain 'crowbar'. * New POT for text domain 'country'. * New POT for text domain 'control'. * New POT for text domain 'configuration_management'. * New POT for text domain 'cluster'. * New POT for text domain 'cio'. * New POT for text domain 'caasp'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * New POT for text domain 'autoinst'. * New POT for text domain 'authserver'. * New POT for text domain 'auth-client'. * New POT for text domain 'audit-laf'. * New POT for text domain 'apparmor'. * New POT for text domain 'alternatives'. * New POT for text domain 'add-on'. ------------------------------------------------------------------ ------------------ 2022-2-5 - Feb 5 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ASoC: hdmi-codec: Fix OOB memory accesses (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda: realtek: Fix race at concurrent COEF updates (git-fixes). - commit e8caa02 - Input: wm97xx: Simplify resource management (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: codecs: lpass-rx-macro: fix sidetone register offsets (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: simple-card: fix probe failure on platform component (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - ALSA: hda: Skip codec shutdown in case the codec is not registered (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: hda: Fix signedness of sscanf() arguments (git-fixes). - drm/i915/adlp: Fix TypeC PHY-ready status readout (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm/kmb: Fix for build errors with Warray-bounds (git-fixes). - drm/amd: avoid suspend on dGPUs w/ s2idle support when runtime PM enabled (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - commit a59bc15 - Move upstreamed sound fix into sorted section - commit 80571bb - Refresh patches.suse/Input-elan_i2c-Add-deny-list-for-Lenovo-Yoga-Slim-7.patch Fix section mistmatch warning - commit af02a31 - Delete patches.suse/net-sched-disable-nolock-pfifo-fast.patch. (bsc#1187428) This patch was a temporary workaround for bsc#1183405 race condition. As SLE15-SP4 is based on 5.14 kernel which contains the upstream fix for the race condition, disabling lockless implementation of pfifo_fast is not actually needed. - commit dd7ef49 ------------------------------------------------------------------ ------------------ 2022-2-4 - Feb 4 2022 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - Update to version 10.0.0 (bsc#1195414, bsc#1195564) + Refactor removes check_registration() function in utils implementation + Only start the registration service for PAYG images - addon-azure sub-package to version 1.0.1 ++++ gstreamer: - Update to version 1.20.0: + Development in GitLab was switched to a single git repository containing all the modules + GstPlay: new high-level playback library, replaces GstPlayer + WebM Alpha decoding support + Encoding profiles can now be tweaked with additional application-specified element properties + Compositor: multi-threaded video conversion and mixing + RTP header extensions: unified support in RTP depayloader and payloader base classes + SMPTE 2022-1 2-D Forward Error Correction support + Smart encoding (pass through) support for VP8, VP9, H.265 in encodebin and transcodebin + Runtime compatibility support for libsoup2 and libsoup3 (libsoup3 support experimental) + Video decoder subframe support + Video decoder automatic packet-loss, data corruption, and keyframe request handling for RTP / WebRTC / RTSP + mp4 and Matroska muxers now support profile/level/resolution changes for H.264/H.265 input streams (i.e. codec data changing on the fly) + mp4 muxing mode that initially creates a fragmented mp4 which is converted to a regular mp4 on EOS + Audio support for the WebKit Port for Embedded (WPE) web page source element + CUDA based video color space convert and rescale elements and upload/download elements + NVIDIA memory:NVMM support for OpenGL glupload and gldownload elements + Many WebRTC improvements + The new VA-API plugin implementation fleshed out with more decoders and new postproc elements + AppSink API to retrieve events in addition to buffers and buffer lists + AppSrc gained more configuration options for the internal queue (leakiness, limits in buffers and time, getters to read current levels) + Updated Rust bindings and many new Rust plugins + Improved support for custom minimal GStreamer builds + Support build against FFmpeg 5.0 + Linux Stateless CODEC support gained MPEG-2 and VP9 + Windows Direct3D11/DXVA decoder gained AV1 and MPEG-2 support + Lots of new plugins, features, performance improvements and bug fixes - Use ldconfig_scriptlets macro for post(un) handling where possible. - Update Source url. - Update to version 1.18.6: + gstplugin: Fix for UWP build + gst-ptp-helper: Do not disable multicast loopback + concat: fix qos event handling + pluginfeature: Fix object leak + baseparse: fix invalid avg_bitrate after reset + multiqueue: Fix query unref race on flush + gst: Initialize optional event/message fields when parsing + bitwriter: Fix the trailing bits lost when getting its data + multiqueue: never consider a queue that is not waiting + input-selector: Use proper segments when cleaning cached buffers ++++ gstreamer-plugins-base: - Update to version 1.20.0: + Development in GitLab was switched to a single git repository containing all the modules + GstPlay: new high-level playback library, replaces GstPlayer + WebM Alpha decoding support + Encoding profiles can now be tweaked with additional application-specified element properties + Compositor: multi-threaded video conversion and mixing + RTP header extensions: unified support in RTP depayloader and payloader base classes + SMPTE 2022-1 2-D Forward Error Correction support + Smart encoding (pass through) support for VP8, VP9, H.265 in encodebin and transcodebin + Runtime compatibility support for libsoup2 and libsoup3 (libsoup3 support experimental) + Video decoder subframe support + Video decoder automatic packet-loss, data corruption, and keyframe request handling for RTP / WebRTC / RTSP + mp4 and Matroska muxers now support profile/level/resolution changes for H.264/H.265 input streams (i.e. codec data changing on the fly) + mp4 muxing mode that initially creates a fragmented mp4 which is converted to a regular mp4 on EOS + Audio support for the WebKit Port for Embedded (WPE) web page source element + CUDA based video color space convert and rescale elements and upload/download elements + NVIDIA memory:NVMM support for OpenGL glupload and gldownload elements + Many WebRTC improvements + The new VA-API plugin implementation fleshed out with more decoders and new postproc elements + AppSink API to retrieve events in addition to buffers and buffer lists + AppSrc gained more configuration options for the internal queue (leakiness, limits in buffers and time, getters to read current levels) + Updated Rust bindings and many new Rust plugins + Improved support for custom minimal GStreamer builds + Support build against FFmpeg 5.0 + Linux Stateless CODEC support gained MPEG-2 and VP9 + Windows Direct3D11/DXVA decoder gained AV1 and MPEG-2 support + Lots of new plugins, features, performance improvements and bug fixes - Rebase add_wayland_dep_to_tests.patch. - Drop gstreamer-plugins-base-gl-deps.patch: Fixed upstream - Stop using service due to upstreams new mono-repo, just use tarballs for now. - Update to version 1.18.6: + tagdemux: Fix crash when presented with malformed files (security fix) + videoencoder: make sure the buffer is writable before modifying metadata + video-converter: Fix for broken gamma remap with high bitdepth YUV output + sdpmessage: fix mapping single char fmtp params + oggdemux: fix a race in push mode when performing the duration seek + uridecodebin: Fix critical warnings + audio-converter: Fix resampling when there's nothing to output + tcp: fix build on Solaris + uridecodebin3: Nullify current item after all play items are freed. + audio-resampler: Fix segfault when we can't output any frames + urisourcebin: Handle sources with dynamic pads and pads already present + playbin2/3: autoplug/caps: don't expand caps to ANY + uridecodebin3/urisourcebin: Reusability fixes + rtspconnection: Only reset timeout when socket is unused + gstvideoaggregator.c: fix build with gcc 4.8 - Drop service, use source url, upstream changes in git. ++++ kernel-default: - Input: elan_i2c: Add deny list for Lenovo Yoga Slim 7 (bsc#1193064). - Input: synaptics: retry query upon error (bsc#1194086). - commit 54e65d3 - e1000e: Handshake with CSME starts from ADL platforms (git-fixes). - pinctrl: bcm2835: Fix a few error paths (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - pinctrl: sunxi: Fix H616 I2S3 pin data (git-fixes). - commit d1f0342 ++++ openssl-1_1: - FIPS: Fix function and reason error codes [bsc#1182959] * Add openssl-1_1-FIPS-fix-error-reason-codes.patch ++++ procps: - Add patch bsc1195468-23da4f40.patch to fix bsc#1195468 that is ignore SIGURG ++++ python3-core: - Rename 22198.patch into more descriptive remove-sphinx40-warning.patch. ++++ python3: - Rename 22198.patch into more descriptive remove-sphinx40-warning.patch. ------------------------------------------------------------------ ------------------ 2022-2-3 - Feb 3 2022 ------------------- ------------------------------------------------------------------ ++++ jeos-firstboot: - Update to version 1.1.0.3: * Don't make a snapshot if /etc is not part of it * Use mountpoint with -q * Don't attach jeos-firstboot-snapshot.service to the TTY ++++ kernel-default: - selftests: fix check for circular KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (bsc#1194526). - commit c1f5ec0 - This is about really old Lenovo laptop HW/firmware issues It's very likely that this has been fixed in firmware or in acpi subsystem with another patch/blacklist whatsoever. Removing for cleanup reasons: - Delete patches.suse/acpi_thermal_passive_blacklist.patch. - Delete patches.suse/acpi_thinkpad_introduce_acpi_root_table_boot_param.patch. - commit a21f3a8 - selftest: KVM: Add open sev dev helper (bsc#1194526). - commit 995bc50 - KVM: selftests: Re-enable access_tracking_perf_test (bsc#1194526). - commit 6db3f57 - selftests: kvm/x86: Fix the warning in lib/x86_64/processor.c (bsc#1194526). - selftests: KVM: Add /x86_64/sev_migrate_tests to .gitignore (bsc#1194526). - selftests: KVM: Fix check for !POLLIN in demand_paging_test (bsc#1194526). - commit 4af276f - Update kabi files. - Initial import from 2022-02-02 weekly submission (commit 0d67d764121814add0f9e5468b80f3b8c8866bc7) - The kABI Soft Freeze. - Update kabi files. - Initial import from 2022-02-02 weekly submission - the kABI Soft Freeze. - commit 2ba84fd - KVM: SEV: Mark nested locking of kvm->lock (bsc#1194526). - KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure (bsc#1194526). - KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary (bsc#1194526). - KVM: SEV: Return appropriate error codes if SEV-ES scratch setup fails (bsc#1194526). - KVM: SEV: accept signals in sev_lock_two_vms (bsc#1194526). - KVM: SEV: do not take kvm->lock when destroying (bsc#1194526). - commit 908b6a9 ++++ libcontainers-common: - Update storage to 1.38.2 - Update image to 5.19.1 - Update Podman to 3.4.4 - Update common to 0.47.3 ++++ openssl-1_1: - Enable zlib compression support [bsc#1195149] - Remove the openssl-has-RSA_get0_pss_params provides as it is now fixed in the nodejs16 side [bsc#1192489] ++++ sysstat: - Fix possible segfault in read_task_stats() [bsc#1194679] - Add sysstat-fix-segfault-in-read_task_stats.patch ------------------------------------------------------------------ ------------------ 2022-2-2 - Feb 2 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - fanotify: Fix stale file descriptor in copy_event_to_user() (bsc#1195187). - commit c598009 - tcp: Add a stub for sk_defer_free_flush() (bsc#1195400). - commit 66984be - mm: vmscan: remove deadlock due to throttling failing to make progress (bsc#1195357). - commit 6096a6d - KVM: SEV: Prohibit migration of a VM that has mirrors (bsc#1194526). - KVM: SEV: Do COPY_ENC_CONTEXT_FROM with both VMs locked (bsc#1194526). - KVM: SEV: Fix typo in and tweak name of cmd_allowed_from_miror() (bsc#1194526). - KVM: SEV: Drop a redundant setting of sev->asid during initialization (bsc#1194526). - KVM: SEV: Set sev_info.active after initial checks in sev_guest_init() (bsc#1194526). - KVM: SEV: Disallow COPY_ENC_CONTEXT_FROM if target has created vCPUs (bsc#1194526). - commit 806c843 - Update patch reference for radeon regression fix (bsc#1195142) - commit bc75946 - spi: mediatek: Avoid NULL pointer crash in interrupt (git-fixes). - spi: bcm-qspi: check for valid cs before applying chip select (git-fixes). - spi: uniphier: fix reference count leak in uniphier_spi_probe() (git-fixes). - spi: meson-spicc: add IRQ check in meson_spicc_probe (git-fixes). - spi: stm32-qspi: Update spi registering (git-fixes). - irqchip/realtek-rtl: Fix off-by-one in routing (git-fixes). - irqchip/realtek-rtl: Map control data to virq (git-fixes). - tty: Add support for Brainboxes UC cards (git-fixes). - usb: xhci-plat: fix crash when suspend if remote wake enable (git-fixes). - USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes). - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes). - efi: runtime: avoid EFIv2 runtime services on Apple x86 machines (git-fixes). - efi/libstub: arm64: Fix image check alignment at entry (git-fixes). - drm/amd/display: Fix FP start/end for dcn30_internal_validate_bw (git-fixes). - drm/msm/dsi: Fix missing put_device() call in dsi_get_phy (git-fixes). - sch_htb: Fail on unsupported parameters when offload is requested (git-fixes). - can: tcan4x5x: regmap: fix max register value (git-fixes). - phylib: fix potential use-after-free (git-fixes). - net: phy: broadcom: hook up soft_reset for BCM54616S (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (git-fixes). - ARM: 9180/1: Thumb2: align ALT_UP() sections in modules sufficiently (git-fixes). - usr/include/Makefile: add linux/nfc.h to the compile-test coverage (git-fixes). - gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes). - Bluetooth: refactor malicious adv data check (git-fixes). - commit b99299d ++++ multipath-tools: - Version 0.8.8+45+suse.628d603e * fix handling of historical-service-time path selector (bsc#1195425) * fix marking multipath devices as failed prematurely on startup (bsc#1195426) * multipathd.service: remove LimitCORE=infinity directive This should only be enabled for debugging. * multipathd.service: don't load scsi_dh modules (bsc#1195397) This is done via modules-load.d functionality on (open)SUSE - Upstream fixes: * Fix claiming of paths with "find_multipaths strict" * Avoid unnecessary read-only reloads ++++ openssl-1_1: - FIPS: Move the HMAC-SHA2-256 used for integrity test [bsc#1185320] * Add openssl-FIPS-KAT-before-integrity-tests.patch - FIPS: Add missing KAT for HKDF/TLS 1.3/IPSEC IKEv2 [bsc#1192442] * Add openssl-fips-kdf-hkdf-selftest.patch ++++ systemd: - Make more use of %{_unitdir} in files.{systemd,container} ++++ liburing2: - Rename liburing2 to avoid collision with inherited source for prior liburing-devel-0.X API (bsc#1193522) ++++ patterns-microos: - bump version to 5.2.0 - specify branding of systemd presets ------------------------------------------------------------------ ------------------ 2022-2-1 - Feb 1 2022 ------------------- ------------------------------------------------------------------ ++++ lvm2-device-mapper: - udev: create symlinks and watch even in suspended state (bsc#1195231) + bug-1195231-udev-create-symlinks-and-watch-even-in-suspended-sta.patch ++++ kdump: - kdump-calibrate.conf-depends-on-kdumptool.patch: calibrate.conf: Add dependency on kdumptool. - kdump-calibrate-fix-nic-naming.patch: calibrate: Fix network interface naming. - kdump-calibrate-include-af_packet.patch: calibrate: Explicitly include af_packet in the test initrd. - Update to 1.0.2 * Adjust crash kernel reservation at boot time (jsc#SLE-18441). - All remaining patches have been upstreamed: * kdump-fillupdir-fixes.patch * kdump-use-pbl.patch * kdump-calibrate-Ignore-malformed-VMCOREINFO.patch ++++ kernel-default: - tcp: add a missing sk_defer_free_flush() in tcp_splice_read() (bsc#1195400). - commit 90f376b - net: Flush deferred skb free on socket destroy (bsc#1195400). - commit 2e63a82 - net/tls: Fix another skb memory leak when running kTLS traffic (bsc#1195400). - commit 3aa18f4 - net/tls: Fix skb memory leak when running kTLS traffic (bsc#1195400). - commit a9990a3 - tcp: add missing htmldocs for skb->ll_node and sk->defer_list (bsc#1195400). - commit 495cd25 - tcp: do not call tcp_cleanup_rbuf() if we have a backlog (bsc#1195400). - commit d5025e5 - tcp: defer skb freeing after socket lock is released (bsc#1195400). - commit 5ddbe0e - tcp: avoid indirect calls to sock_rfree (bsc#1195400). - commit 6167ff6 - tcp: small optimization in tcp recvmsg() (bsc#1195400). - commit 4db4a08 - rfkill: add kABI padding Patch-mainline: Never, kABI padding References: bsc#1179531 (bsc#1179531). - commit 4badc70 - sched/core: Forced idle accounting (bsc#1189999 (Scheduler functional and performance backports)). - sched: Make schedstats helpers independent of fair sched class (bsc#1189999 (Scheduler functional and performance backports)). - sched: Make struct sched_statistics independent of fair sched class (bsc#1189999 (Scheduler functional and performance backports)). - commit 3157933 - List simpledrm in supported.conf (jsc#SLE-18823) Makes the driver part of the regular kernel-default package. - commit 7522e67 - continue to provide guest OS id on hyperv (bnc#814005, bsc#1189965). - commit 69937ca - platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes). - commit 1957b33 - platform/x86: wmi: introduce helper to convert driver to WMI driver (git-fixes). - commit 0d205fc - platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes). - commit 4e01e3a - platform/x86: wmi: make GUID block packed (git-fixes). - commit d4f4098 - platform/x86: wmi: use guid_t and guid_equal() (git-fixes). - commit ba3700f - platform/x86: wmi: use bool instead of int (git-fixes). - commit fcf29d7 - platform/x86: wmi: use BIT() macro (git-fixes). - commit fefbbd1 - platform/x86: wmi: remove unnecessary checks (git-fixes). - commit bb591a0 - platform/x86: wmi: remove unnecessary casts (git-fixes). - commit 3b81cff - platform/x86: wmi: remove unnecessary argument (git-fixes). - commit 46d5bd4 - Delete patches.suse/bfq-tune-slice-idle.patch: BFQ logic has improved and QA results don't indicate we need this anymore. - commit 0ad80b2 - crypto: HMAC - disallow keys < 112 bits in FIPS mode (jsc#SLE-21132,bsc#1193136). - commit 3e251f8 - crypto: HMAC - add fips_skip support (jsc#SLE-21132,bsc#1193136). - commit d7c3015 - blacklist.conf: Added dups - commit 2333475 - Drop superfluous x86 SME patch The commit already present in another patch - commit f64529e - Update config files: disable DEBUG_INFO_BTF_MODULES (bsc#1194501). - commit b07bf3e - bpf: make module BTF toggleable (bsc#1194501). - commit e268acf - kABI padding for bpf (bsc#1179531). - commit 15e30ef - x86/sme: Explicitly map new EFI memmap table as encrypted (bsc#1190497). - commit 6282a43 - x86/MCE/AMD, EDAC/mce_amd: Support non-uniform MCA bank type enumeration (jsc#SLE-19026). - commit 3f43757 ++++ expat: - Update to latest version 2.4.4 in SLE-15-SP4 [jsc#SLE-21253] ++++ libgcrypt: - FIPS: Disable DSA in FIPS mode [bsc#1195385] * Upstream task: https://dev.gnupg.org/T5710 * Add libgcrypt-FIPS-disable-DSA.patch ++++ lvm2: - udev: create symlinks and watch even in suspended state (bsc#1195231) + bug-1195231-udev-create-symlinks-and-watch-even-in-suspended-sta.patch ++++ libnvme: - Update to version 1.0~2: * Add fabrics config option 'tls' * Logging infrastructure reworked (API break) * Changed argument structs layout (API break) * Changed scan API (API break) * Fixed ctrl_loss_tmo handling concerning values of '-1' * Various build fixes ++++ systemd: - Installation of libnss_mymachines.so depended on %{bootstrap} but it is actually installed when %{with machined} is true. - Call ldconfig when container subpackage is installed since it ships nss-mymachines NSS plug-in module. - Import commit a186eb9f9cc13b65f8380dbcae3080228e8be7e2 1395c74be7 udevadm: cleanup-db: don't delete information for kept db entries (bsc#1194912) bbafc8092a udevadm: cleanup_dir: use dot_or_dot_dot() d16f6d018d tmpfiles: split out config for systemd-resolve 41334be59e meson: minor cleanup 3db0c28462 sysusers: split up systemd.conf - Drop 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch (bsc#1195153) Since v241, the patch isn't useful anymore because resolved is no more able to create /etc/resolv.conf symlink by itself,it runs as 'systemd-resolve' user. The symlink is now handled by a tmpfiles config file which is only installed when systemd-resolved is. The tmpfiles config file has currently a lower priority than the one shipped by netconfig. - Make use of %ldconfig_scriptlets - Merge nss-resolved and nss-mymachines NSS plug-in modules into systemd-network and systemd-container respectively. These modules are plug-in modules hence the shared library packaging policy doesn't apply for them. Moreover they're pretty useless alone without their respective systemd services, Hence let's reduce the number of sub-packages as the list keeps increasing. - Merge libudev-devel into systemd-devel - systemd.spec: explicitely list all files for each main (sub) packages Using glob patterns in %files section to reduce the number of listed files was error-prone as some introduced files could silently be placed in the wrong subpackage. The sections were also hard to read and many files needed to be excluded from the main package making the point of glob pattern usage moot. systemd, udev, systemd-container and systemd-network packages have now their list of files described in a dedicated file. The lists are kept sorted to make them easy to parse. The size of the files, especially the one for the main package, is still reasonable and much easier to read now. During this rework, a couple of cleanups happened: more use of %{_systemd_util_dir}, some files was incorrectly owned by the main package and have been moved to the correct sub-package, etc... Note: the rest of the subpackages might be addressed later but let's find how it goes for now. ++++ libzypp: - Public header files on older distros must use c++11 (bsc#1194597) - Fix exception handling when reading or writing credentials (bsc#1194898) - version 17.29.3 (22) ++++ nvme-cli: - Update to version 2.0~2: * Adapt to logging API changes in libnvme * Adapt to scan API changes in libnvme * Reworked error message handling * Fix 'list-ns' (bsc#1195151) * Add 'gen-tls-key' and 'check-tls-key' * Add Media Unit Status log page support * Cleanups and build fixes - Fix path to systemctl (bsc#1193699) ++++ patterns-microos: - rename pattern microos_sssd_ldap to microos-sssd_ldap (bsc#1192462) ++++ sudo: - Update to 1.9.9 * Sudo can now be built with OpenSSL 3.0 without generating warnings about deprecated OpenSSL APIs. * A digest can now be specified along with the ALL command in the LDAP and SSSD back-ends. Sudo 1.9.0 introduced support for this in the sudoers file but did not include corresponding changes for the other back-ends. * visudo now only warns about an undefined alias or a cycle in an alias once for each alias. * The sudoRole cn was truncated by a single character in warning messages. GitHub issue #115. * The cvtsudoers utility has new --group-file and --passwd-file options to use a custom passwd or group file when the - -match-local option is also used. * The cvtsudoers utility can now filter or match based on a command. * The cvtsudoers utility can now produce output in csv (comma-separated value) format. This can be used to help generate entitlement reports. * Fixed a bug in sudo_logsrvd that could result in the connection being dropped for very long command lines. * Fixed a bug where sudo_logsrvd would not accept a restore point of zero. * Fixed a bug in visudo where the value of the editor setting was not used if it did not match the user’s EDITOR environment variable. This was only a problem if the env_editor setting was not enabled. Bug #1000. * Sudo now builds with the -fcf-protection compiler option and the - z now linker option if supported. * The output of sudoreplay -l now more closely matches the traditional sudo log format. * The sudo_sendlog utility will now use the full contents of the log.json file, if present. This makes it possible to send sudo-format I/O logs that use the newer log.json format to sudo_logsrvd without losing any information. * Fixed compilation of the arc4random_buf() replacement on systems with arc4random() but no arc4random_buf(). Bug #1008. * Sudo now uses its own getentropy() by default on Linux. The GNU libc version of getentropy() will fail on older kernels that don’t support the getrandom() system call. * It is now possible to build sudo with WolfSSL’s OpenSSL compatibility layer by using the --enable-wolfssl configure option. * Fixed a bug related to Daylight Saving Time when parsing timestamps in Generalized Time format. This affected the NOTBEFORE and NOTAFTER options in sudoers. Bug #1006. * Added the -O and -P options to visudo, which can be used to check or set the owner and permissions. This can be used in conjunction with the -c option to check that the sudoers file ownership and permissions are correct. Bug #1007. * It is now possible to set resource limits in the sudoers file itself. The special values default and “user” refer to the default system limit and invoking user limit respectively. The core dump size limit is now set to 0 by default unless overridden by the sudoers file. * The cvtsudoers utility can now merge multiple sudoers sources into a single, combined sudoers file. If there are conflicting entries, cvtsudoers will attempt to resolve them but manual intervention may be required. The merging of sudoers rules is currently fairly simplistic but will be improved in a future release. * Sudo was parsing but not applying the “deref” and “tls_reqcert” ldap.conf settings. This meant the options were effectively ignored which broke dereferencing of aliases in LDAP. Bug #1013. * Clarified in the sudo man page that the security policy may override the user’s PATH environment variable. Bug #1014. * When sudo is run in non-interactive mode (with the -n option), it will now attempt PAM authentication and only exit with an error if user interaction is required. This allows PAM modules that don’t interact with the user to succeed. Previously, sudo would not attempt authentication if the -n option was specified. Bug #956 and GitHub issue #83. * Fixed a regression introduced in version 1.9.1 when sudo is built with the --with-fqdn configure option. The local host name was being resolved before the sudoers file was processed, making it impossible to disable DNS lookups by negating the fqdn sudoers option. Bug #1016. * Added support for negated sudoUser attributes in the LDAP and SSSD sudoers back ends. A matching sudoUser that is negated will cause the sudoRole containing it to be ignored. * Fixed a bug where the stack resource limit could be set to a value smaller than that of the invoking user and not be reset before the command was run. Bug #1016. - sudo no longer ships schema for LDAP. - sudo-feature-negated-LDAP-users.patch dropped, included upstream - refreshed sudo-sudoers.patch ++++ systemd-presets-common-SUSE: - enable vgauthd service for VMWare by default (bsc#1195251) ------------------------------------------------------------------ ------------------ 2022-1-31 - Jan 31 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - change self-signed cert group from cockpit-wsintance to cockpit-ws on upgrade - update to new LTS version from openSUSE:Factory - port remove-pwscore.patch * remove dependency on pwscore (bsc#1182924) * remove password strenth indicator - port branding changes as suse-microos "theme" * remove suse_cockpit_assets.tar.gz * add suse-microos-branding.tar.gz * remove branding_tests.patch * add suse-microos-branding.patch - remove files not needed to build this version anymore * webpack-warnings-are-not-errors.patch * github_package.patch * nodejs_output_helper.bash - remove cockpit.permissions workaround (bsc#1169614) ++++ cockpit-machines: - Remove translate-toolkit which is not available in SLE ++++ python-kiwi: - Ensure backward compatibility on deprecated methods This commit ensures backward compatibility for deprecated config bash script utilities. Fixes bsc#1195229 Signed-off-by: David Cassany - Bump version: 9.24.15 → 9.24.16 This version upgrade includes several fixes: * Fixed regression in compression detection The change from 282529de8f612dee32d54ee868c2365dcd829220 Introduced a bad regression. The assumption was made that the xz tool could be used to detect if a file is compressed or not. However, this requires the file to be locally present. In the scope of the method call is_compressed() and within a remote deployment e.g PXE this is not the case. Therefore the former way to "detect" the compression according to the .xz postfix of the source filename was restored. In addition the function name was changed to is_xz_compressed() because that's what the method can do and not more. This Fixes #2015 Fixes a regression in the scope of bsc#1192975 (#c16) * index.rst: Change title (bsc#1189294#c2) * 'KIWI NG 9: KIWI NG Documentation' -> 'Building Linux System Appliances with KIWI Next Generation (KIWI NG ) * suggested in bsc#1189294#c2 for more clarity * change has been discussed with and approved by main author (Marcus S.) * Care for different snapper template locations snapper recently changed their config template location from etc/ to usr/. This commit handles the two locations and Fixes bsc#1192940 * Do not force dracut into a compression setting So far we called dracut with --xz which forces the initrd to be xz compressed. There are other compression formats used by the distributions and they might differe from xz. The selection for a compression tool is done by a dist configuration in dracut.conf.d which is provided by the distributions as they see fit. For us this means not forcing dracut into a specific compression setting allows to make use of the distro provided setting and also allows to change/override this setting by an overlay file. This Fixes bsc#1192975 ++++ kernel-default: - x86/MCE/AMD: Export smca_get_bank_type symbol (jsc#SLE-19026). - commit 49cf559 - x86/MCE/AMD, EDAC/mce_amd: Add new SMCA bank types (jsc#SLE-19026). - commit a089c33 - EDAC/amd64: Add support for AMD Family 19h Models 10h-1Fh and A0h-AFh (jsc#SLE-19026). - commit 804cac2 - EDAC: Add RDDR5 and LRDDR5 memory types (jsc#SLE-19026). - commit 4ca03fe - scsi: nsp_cs: Check of ioremap return value (git-fixes). - scsi: ufs: ufs-mediatek: Fix error checking in ufs_mtk_init_va09_pwr_ctrl() (git-fixes). - scsi: qedf: Fix potential dereference of NULL pointer (git-fixes). - scsi: Revert "scsi: hisi_sas: Filter out new PHY up events during suspend" (git-fixes). - scsi: ufs: Fix race conditions related to driver data (git-fixes). - scsi: pm8001: Fix kernel-doc warnings (git-fixes). - scsi: core: Show SCMD_LAST in text form (git-fixes). - scsi: pm80xx: Update WARN_ON check in pm8001_mpi_build_cmd() (git-fixes). - commit 5fed070 - Added blacklisted SCSI ufs commit - commit 89e75cd - supported.conf: Mark drivers/perf/arm_dmc620_pmu as supported (jsc#SLE-19041) - commit 48e38f8 - crypto: testmgr - disallow plain ghash in FIPS mode (jsc#SLE-21132,bsc#1194777). - commit a8532d3 - crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode (jsc#SLE-21132,bsc#1194774). - commit 70677c0 - sched/fair: Revert update_pick_idlest() Select group with lowest group_util when idle_cpus are equal (bnc#1193175). - commit 5418435 - intel_idle: enable interrupts before C1 on Xeons (bnc#1155798 (CPU scheduler functional and performance backports)). - commit 78fa711 - filemap: Remove PageHWPoison check from next_uptodate_page() (bnc#1190208 (MM functional and performance backports)). - sched: Trigger warning if ->migration_disabled counter underflows (bnc#1189998 (PREEMPT_RT prerequisite backports)). - sched/fair: Cleanup task_util and capacity type (bnc#1189999 (Scheduler functional and performance backports)). - psi: Fix PSI_MEM_FULL state when tasks are in memstall and doing reclaim (bnc#1189999 (Scheduler functional and performance backports)). - psi: Add a missing SPDX license header (bnc#1189999 (Scheduler functional and performance backports)). - psi: Remove repeated verbose comment (bnc#1189999 (Scheduler functional and performance backports)). - commit edff965 - crypto: api - Allow algs only in specific constructions in FIPS mode (jsc#SLE-21132,bsc#1191256,bsc#1194774,bsc#1194777). - Refresh patches.suse/0001-crypto-implement-downstream-solution-for-disabling-d.patch. - commit 592d0ee - blacklist.conf: Add a7ebf564de32 mm/memcg: relocate mod_objcg_mlstate(), get_obj_stock() and put_obj_stock() - commit 69f3db3 - ALSA: hda: Remove redundant runtime PM calls (git-fixes). - ALSA: hda: intel: More comprehensive PM runtime setup for controller driver (git-fixes). - commit b254574 - kernel-obs-build: include 9p (boo#1195353) To be able to share files between host and the qemu vm of the build script, the 9p and 9p_virtio kernel modules need to be included in the initrd of kernel-obs-build. - commit 0cfe67a - ALSA: hda: Fix UAF of leds class devs at unbinding (bsc#1195349). - commit 166e9b4 - gve: Add tx|rx-coalesce-usec for DQO (bsc#1195276). - gve: Add consumed counts to ethtool stats (bsc#1195276). - gve: Implement suspend/resume/shutdown (bsc#1195276). - gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1195276). - gve: remove memory barrier around seqno (bsc#1195276). - gve: Update gve_free_queue_page_list signature (bsc#1195276). - gve: Move the irq db indexes out of the ntfy block struct (bsc#1195276). - gve: Correct order of processing device options (bsc#1195276). - gve: fix for null pointer dereference (bsc#1195276). - gve: fix unmatched u64_stats_update_end() (bsc#1195276). - gve: Add a jumbo-frame device option (bsc#1195276). - gve: Implement packet continuation for RX (bsc#1195276). - gve: Add RX context (bsc#1195276). - gve: Use kvcalloc() instead of kvzalloc() (bsc#1195276). - commit 0803caf - Update config files. (bsc#1195346) Enable DMABUF_HEAPS[_SYSTEM] configuration options - commit 3090423 - blacklist.conf: misattributed patch - commit 8d2ba5e - blacklist.conf: misattributed patch - commit ec33b0f - net: mcs7830: handle usb read errors properly (git-fixes). - commit 48dab08 - ucount: Make get_ucount a safe get_user replacement (bsc#1195306 CVE-2022-24122). - commit b9063d5 - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - commit 0b42051 - ceph: set pool_ns in new inode layout for async creates (bsc#1195342). - ceph: properly put ceph_string reference after async create attempt (bsc#1195341). - commit cade32d - bpf,x86: Respect X86_FEATURE_RETPOLINE* (bsc#1190497). - commit 3017e7f - bpf,x86: Simplify computing label offsets (bsc#1190497). - commit b5c6689 - x86,bugs: Unconditionally allow spectre_v2=retpoline,amd (bsc#1190497). - commit 8b8edaa - x86/alternative: Add debug prints to apply_retpolines() (bsc#1190497). - commit 76b6079 - x86/alternative: Try inline spectre_v2=retpoline,amd (bsc#1190497). - commit 4e48a24 - x86/alternative: Handle Jcc __x86_indirect_thunk_\reg (bsc#1190497). - commit 8b47d6e - x86/alternative: Implement .retpoline_sites support (bsc#1190497). - commit 758e879 - x86/retpoline: Create a retpoline thunk array (bsc#1190497). - commit f1f201e - x86/retpoline: Move the retpoline thunk declarations to nospec-branch.h (bsc#1190497). - commit 6f7882c - x86/asm: Fixup odd GEN-for-each-reg.h usage (bsc#1190497). - commit 0632c94 - x86/asm: Fix register order (bsc#1190497). - commit f91c48e - x86/retpoline: Remove unused replacement symbols (bsc#1190497). - commit 15d0b39 - objtool,x86: Replace alternatives with .retpoline_sites (bsc#1190497). - commit f215305 - objtool: Shrink struct instruction (bsc#1190497). - commit 633fd59 - objtool: Explicitly avoid self modifying code in .altinstr_replacement (bsc#1190497). - commit b05fae2 - objtool: Classify symbols (bsc#1190497). - commit c28da8d - ibmvnic: remove unused defines (bsc#1195293 ltc#196198). - ibmvnic: Update driver return codes (bsc#1195293 ltc#196198). - commit 7124b18 - kABI padding for generic crypto (bsc#1179531). - commit 42a8077 - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - Drivers: hv: balloon: account for vmbus packet header in max_pkt_size (git-fixes). - x86/hyperv: Properly deal with empty cpumasks in hyperv_flush_tlb_multi() (git-fixes). - commit 55fdcf1 - crypto: seqiv - flag instantiations as FIPS compliant (jsc#SLE-21132,bsc#1194778). - commit a0ea522 - kbuild: remove include/linux/cyclades.h from header file check (git-fixes). - commit 05fdfcd - PCI/sysfs: Find shadow ROM before static attribute initialization (git-fixes). - serial: stm32: fix software flow control transfer (git-fixes). - tty: n_gsm: fix SW flow control encoding/handling (git-fixes). - serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes). - tty: Partially revert the removal of the Cyclades public API (git-fixes). - usb: cdnsp: Fix segmentation fault in cdns_lost_power function (git-fixes). - usb: dwc3: xilinx: Fix error handling when getting USB3 PHY (git-fixes). - usb: dwc3: xilinx: Skip resets and USB3 register settings for USB2.0 mode (git-fixes). - usb: common: ulpi: Fix crash in ulpi_match() (git-fixes). - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes). - ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes). - usb: typec: tcpm: Do not disconnect when receiving VSAFE0V (git-fixes). - usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes). - usb: typec: tcpci: don't touch CC line if it's Vconn source (git-fixes). - usb: roles: fix include/linux/usb/role.h compile issue (git-fixes). - drm/amd/display: reset dcn31 SMU mailbox on failures (git-fixes). - irqchip/gic-v4: Disable redistributors' view of the VPE table at boot time (git-fixes). - commit 9089800 - Move upstreamed patches into sorted section - commit 44bc450 ++++ util-linux: - Implement "X-fstrim.notrim" fstab mount option that skips fstrim for selected device (jsc#SLE-17942, util-linux-fstrim-implement-X-fstrim.notrim.patch). ++++ libcap: - update to 2.63: * restore errno to zero by the time main() is executed * Consistent psx handling (a panic) for syscalls that return thread dependent status Inconsistend behavior noticed by Lorenz Bauer * Add a test case for a deadlock under investigation in golang * Trim some of the #include file use to make the tree compile more efficiently ++++ expat: - update to 2.4.4 (bsc#1195217, bsc#1195054): * Security fixes: - CVE-2022-23852 -- Fix signed integer overflow (undefined behavior) in function XML_GetBuffer that is also called by function XML_Parse internally) for when XML_CONTEXT_BYTES is defined to >0 (which is both common and default). Impact is denial of service or more. - CVE-2022-23990 -- Fix unsigned integer overflow in function doProlog triggered by large content in element type declarations when there is an element declaration handler present (from a prior call to XML_SetElementDeclHandler). Impact is denial of service or more. * Bug fixes: - xmlwf: Fix a memory leak on output file opening error * Other changes: - Version info bumped from 9:3:8 to 9:4:8; see https://verbump.de/ for what these numbers do * Drop unused file valid-xhtml10.png ++++ systemd: - Rename 0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch into 1011-sysv-generator-add-back-support-for-SysV-scripts-for.patch This patch is now SLE specific. ++++ python-lxml: - With the new update to 4.7.1, the old Bugzilla entries are also fixed: - bsc#1118088 (related to CVE-2018-19787) - bsc#1184177 (related to CVE-2021-28957) - Update to 4.7.1 (officially released 2021-12-13) Features added - Chunked Unicode string parsing via parser.feed() now encodes the input data to the native UTF-8 encoding directly, instead of going through Py_UNICODE / wchar_t encoding first, which previously required duplicate recoding in most cases. Bugs fixed - The standard namespace prefixes were mishandled during "C14N2" serialisation on Python 3. See https://mail.python.org/archives/list/lxml@python.org/thread/ 6ZFBHFOVHOS5GFDOAMPCT6HM5HZPWQ4Q/ - lxml.objectify previously accepted non-XML numbers with underscores (like "1_000") as integers or float values in Python 3.6 and later. It now adheres to the number format of the XML spec again. - LP#1939031: Static wheels of lxml now contain the header files of zlib and libiconv (in addition to the already provided headers of libxml2/libxslt/libexslt). Other changes - Wheels include libxml2 2.9.12+ and libxslt 1.1.34 (also on Windows). - Update to 4.7.0 (2021-12-13) - Release retracted due to missing files in lxml/includes/. - UPdate to 4.6.5 (2021-12-12) Bugs fixed - A vulnerability (GHSL-2021-1038) in the HTML cleaner - allowed sneaking script content through SVG images - (bnc#1193752, CVE-2021-43818). - A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed - sneaking script content through CSS imports and other crafted - constructs (CVE-2021-43818). - Update 4.6.4 (2021-11-01) Features added - GH#317: A new property system_url was added to DTD entities. - Patch by Thirdegree. - GH#314: The STATIC_* variables in setup.py can now be passed - via env vars. - Patch by Isaac Jurado. - Update 4.6.3 (2021-03-21) Bugs fixed - A vulnerability (CVE-2021-28957) was discovered in the HTML - Cleaner by Kevin Chung, which allowed JavaScript to pass through. - The cleaner now removes the HTML5 formaction attribute. - Update 4.6.2 (2020-11-26) Bugs fixed - A vulnerability (bnc#1179534, CVE-2020-27783) was discovered in the HTML Cleaner - by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner - now removes more sneaky "style" content. - Update 4.6.1 (2020-10-18) Bugs fixed - A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry, - which allowed JavaScript to pass through. The cleaner now removes - more sneaky "style" content. - Update 4.6.0 (2020-10-17) Features added - GH#310: lxml.html.InputGetter supports __len__() to count the number - of input fields. Patch by Aidan Woolley. - lxml.html.InputGetter has a new .items() method to ease processing - all input fields. - lxml.html.InputGetter.keys() now returns the field names in document - order. - GH-309: The API documentation is now generated using sphinx-apidoc. - Patch by Chris Mayo. Bugs fixed - LP#1869455: C14N 2.0 serialisation failed for unprefixed attributes - when a default namespace was defined. - TreeBuilder.close() raised AssertionError in some error cases where - it should have raised XMLSyntaxError. It now raises a combined - exception to keep up backwards compatibility, while switching to - XMLSyntaxError as an interface. - Update 4.5.2 (2020-07-09) Bugs fixed - Cleaner() now validates that only known configuration options - can be set. - LP#1882606: Cleaner.clean_html() discarded comments and PIs - regardless of the corresponding configuration option, if - remove_unknown_tags was set. - LP#1880251: Instead of globally overwriting the document loader - in libxml2, lxml now sets it per parser run, which improves the - interoperability with other users of libxml2 such as libxmlsec. - LP#1881960: Fix build in CPython 3.10 by using Cython 0.29.21. - The setup options "--with-xml2-config" and "--with-xslt-config" - were accidentally renamed to "--xml2-config" and "--xslt-config" - in 4.5.1 and are now available again. - Update 4.5.1 (2020-05-19) Bugs fixed - LP#1570388: Fix failures when serialising documents larger than - 2GB in some cases. - LP#1865141, GH#298: QName values were not accepted by the - el.iter() method. Patch by xmo-odoo. - LP#1863413, GH#297: The build failed to detect libraries on Linux - that are only configured via pkg-config. Patch by Hugh McMaster. - Update 4.5.0 (2020-01-29) Features added - A new function indent() was added to insert tail whitespace for - pretty-printing an XML tree. Bugs fixed - LP#1857794: Tail text of nodes that get removed from a document using item deletion disappeared silently instead of sticking with the node that was removed. Other changes - MacOS builds are 64-bit-only by default. Set CFLAGS and LDFLAGS explicitly to override it. - Linux/MacOS Binary wheels now use libxml2 2.9.10 and libxslt 1.1.34. - LP#1840234: The package version number is now available as lxml.__version__. - Update 4.4.3 (2020-01-28) Bugs fixed - LP#1844674: itertext() was missing tail text of comments and PIs since 4.4.0. ++++ salt: - Update to version 3004 (jsc#SLE-23675) * See release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html - Don't check for cached pillar errors on state.apply (bsc#1190781) - Fix exception in batch_async caused by a bad function call - Fix inspector module export function (bsc#1097531) - Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357) - Added: * state.apply-don-t-check-for-cached-pillar-errors.patch * wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch * fix-inspector-module-export-function-bsc-1097531-481.patch * drop-serial-from-event.unpack-in-cli.batch_async.patch - Modified: * revert-fixing-a-use-case-when-multiple-inotify-beaco.patch * add-rpm_vercmp-python-library-for-version-comparison.patch * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch * 3003.3-postgresql-json-support-in-pillar-423.patch * fix-exception-in-yumpkg.remove-for-not-installed-pac.patch * add-migrated-state-and-gpg-key-management-functions-.patch * add-custom-suse-capabilities-as-grains.patch * 3003.3-do-not-consider-skipped-targets-as-failed-for.patch * switch-firewalld-state-to-use-change_interface.patch * debian-info_installed-compatibility-50453.patch * refactor-and-improvements-for-transactional-updates-.patch * mock-ip_addrs-in-utils-minions.py-unit-test-443.patch * info_installed-works-without-status-attr-now.patch * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch * enhance-openscap-module-add-xccdf_eval-call-386.patch * implementation-of-held-unheld-functions-for-state-pk.patch * update-target-fix-for-salt-ssh-to-process-targets-li.patch * fix-traceback.print_exc-calls-for-test_pip_state-432.patch * early-feature-support-config.patch * enable-passing-a-unix_socket-for-mysql-returners-bsc.patch * improvements-on-ansiblegate-module-354.patch * support-transactional-systems-microos.patch * x509-fixes-111.patch * fix-issues-with-salt-ssh-s-extra-filerefs.patch * use-adler32-algorithm-to-compute-string-checksums.patch * prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch * run-salt-master-as-dedicated-salt-user.patch * add-environment-variable-to-know-if-yum-is-invoked-f.patch * include-aliases-in-the-fqdns-grains.patch - Removed: * parsing-epoch-out-of-version-provided-during-pkg-rem.patch * add-missing-aarch64-to-rpm-package-architectures-405.patch * better-handling-of-bad-public-keys-from-minions-bsc-.patch * don-t-call-zypper-with-more-than-one-no-refresh.patch * templates-move-the-globals-up-to-the-environment-jin.patch * adding-preliminary-support-for-rocky.-59682-391.patch * do-not-monkey-patch-yaml-bsc-1177474.patch * fix-save-for-iptables-state-module-bsc-1185131-372.patch * fix-a-test-and-some-variable-names-229.patch * add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch * virt-enhancements.patch * fix-aptpkg.normalize_name-when-package-arch-is-all.patch * figure-out-python-interpreter-to-use-inside-containe.patch * do-not-break-master_tops-for-minion-with-version-low.patch * prevent-logging-deadlock-on-salt-api-subprocesses-bs.patch * add-astra-linux-common-edition-to-the-os-family-list.patch ++++ samba: - Update to 4.15.5 * CVE-2021-44141: UNIX extensions in SMB1 disclose whether the outside target of a symlink exists; (bso#14911); (bsc#1193690). * CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module; (bso#14914); (bsc#1194859). * CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks; bso#14950); (bsc#1195048). ++++ util-linux-systemd: - Implement "X-fstrim.notrim" fstab mount option that skips fstrim for selected device (jsc#SLE-17942, util-linux-fstrim-implement-X-fstrim.notrim.patch). ++++ yast2-trans: - Update to version 84.87.20220131.0700dd3449: * Translated using Weblate (Finnish) * Translated using Weblate (Ukrainian) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Ukrainian) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Slovak) * Translated using Weblate (Czech) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * New POT for text domain 'storage'. * New POT for text domain 'security'. * New POT for text domain 'installation'. * New POT for text domain 'base'. * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Slovak) * Translated using Weblate (Ukrainian) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * New POT for text domain 'control'. * New POT for text domain 'autoinst'. * Translated using Weblate (German) * Translated using Weblate (Spanish) ------------------------------------------------------------------ ------------------ 2022-1-30 - Jan 30 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - kABI padding for qat (bsc#1179531). - commit 38dc163 ------------------------------------------------------------------ ------------------ 2022-1-29 - Jan 29 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: mark git-fixes added to perf userspace package - commit adbe3cf - crypto: xts - restrict key lengths to approved values in FIPS mode (jsc#SLE-21132,bsc#1193136). - commit 3c220f6 - ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes). - hwmon: (lm90) Fix sysfs and udev notifications (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes). - hwmon: (lm90) Re-enable interrupts after alert clears (git-fixes). - hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes). - drm/amd/display/dc/calcs/dce_calcs: Fix a memleak in calculate_bandwidth() (git-fixes). - drm/etnaviv: relax submit size limits (git-fixes). - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes). - drm/msm/a6xx: Add missing suspend_count increment (git-fixes). - drm/msm: Fix wrong size calculation (git-fixes). - drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes). - drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes). - Revert "drm/ast: Support 1600x900 with 108MHz PCLK" (git-fixes). - drm/atomic: Add the crtc to affected crtc only if uapi.enable = true (git-fixes). - commit 17cd888 - perf/x86/intel/uncore: Add IMC uncore support for ADL (git-fixes). - perf/x86/intel/uncore: Fix CAS_COUNT_WRITE issue for ICX (git-fixes). - perf/x86/intel: Add a quirk for the calculation of the number of counters on Alder Lake (git-fixes). - perf: Fix perf_event_read_local() time (git-fixes). - perf: Protect perf_guest_cbs with RCU (git-fixes). - commit 6b315d3 - bpf: Remove config check to enable bpf support for branch records (git-fixes). - commit f91c35f - blacklist.conf: blacklist a672b2e36a64 bpf: Fix ringbuf memory type confusion when passing to helpers - commit 3132b8c - bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) (git-fixes). - bpf: Adjust BTF log size limit (git-fixes). - commit c6f8f64 - phonet: refcount leak in pep_sock_accep (bsc#1193867, CVE-2021-45095). - commit f4ec02a - Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6" (bsc#1185377, bsc#1194048). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). - commit d7a3024 ++++ patterns-microos: - remove cockpit-dashboard (jsc#SMO-70) - include cockpit-machines (jsc#SMO-46) ------------------------------------------------------------------ ------------------ 2022-1-28 - Jan 28 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - new version 251.3 * https://cockpit-project.org/blog/cockpit-251.html with additional fixes * Fix "Administrative Access" prompt for "Duo" MFA ++++ cockpit-machines: - Re-add source-offset to _service. ++++ dracut: - Update to version 055+suse.226.g44139dde: * fix(zfcp_rules): remove collect based udev rule creators * fix(dasd_rules): remove collect based udev rule creators * fix(kernel-modules-extra): handle zstd module extension * fix(ifcfg): add SUSE specific write-ifcfg file (bsc#1193518) * fix(dracut-functions): skip iSCSI sessions without initiatorname (bsc#1195011) * fix(dracut-functions.sh): ip route parsing (bsc#1195011) * fix(fips): missing sourcing of dracut-lib * fix(fips): wrong error message * fix(network-legacy): install only existing SUSE specific files (bsc#1194879) * fix(network-legacy): set dhclient as optional (bsc#1194879) * fix(40network): consistent use of "$gw" for gateway (bsc#1192685) * fix(multipathd-configure.service): drop unneeded dependencies * fix(multipath): check if mpathconf is available * fix(multipathd.service): drop dependencies on iscsi and iscsid * fix(multipathd.service): adapt to upstream multipath-tools unit file * fix(multipathd.service): remove dependency on systemd-udev-settle * fix(fips): avoid shellcheck warnings * fix(fips): get _vmname value only if it is needed * fix(fips.sh): respect rd.fips.skipkernel * fix(fips): alignment with the upstream format ++++ kernel-default: - ext4: set csum seed in tmp inode while migrating to extents (bsc#1195275). - commit 8151d53 - Refresh patches.suse/x86-cpufeatures-add-kabi-padding.patch. - commit 7c59b09 - KVM: SEV: initialize regions_list of a mirror VM (bsc#1194526). - KVM: SEV: move mirror status to destination of KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (bsc#1194526). - KVM: SEV: cleanup locking for KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (bsc#1194526). - KVM: SEV: do not use list_replace_init on an empty list (bsc#1194526). - KVM: SEV: expose KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM capability (bsc#1194526). - selftest: KVM: Add intra host migration tests (bsc#1194526). - commit 77a7ab5 - Delete patches.suse/0008-random-move-FIPS-continuous-test-to-output-functions.patch. Obsoleted by Nicolai's FIPS RNG rework. - commit 4892a02 - rpm/modules.fips: remove ansi_cprng (jsc#SLE-21132,bsc#1194773). - commit d8f6d39 - Delete patches.suse/fips-enable-ansi_cprng-in-testmgr (jsc#SLE-21132,bsc#1194773). - commit 9e8a9c1 - drm/vmwgfx: Fix stale file descriptors on failed usercopy (CVE-2022-22942 bsc#1195065). - commit b82dcaa - Delete patches.suse/net-mvpp2-Enable-autoneg-bypass-for-1000BaseX-2500Ba.patch. No longer needed. - commit 7ab8bc0 ++++ openssl-1_1: - Add a provides for openssl-has-RSA_get0_pss_params as required by nodejs16. [bsc#1192489] ++++ suse-module-tools: - Update to version 15.4.12: * Add /etc/modprobe.d/README on SLE/Leap (bsc#1195051) * rpm-script: force-copy kernel to /boot (boo#1194501) ++++ yast2: - ProductFeatures: add boot timeout option (jsc#SLE-22667) - 4.4.43 ------------------------------------------------------------------ ------------------ 2022-1-27 - Jan 27 2022 ------------------- ------------------------------------------------------------------ ++++ fontconfig: - adding bug reference to this changelog [bsc#1172301] ++++ kernel-default: - Delete patches.suse/brcmfmac-Add-clm_blob-firmware-files-to-modinfo.patch. Patch is part of v5.14 base kernel. - commit d3c2d60 - Refresh patches.suse/arch-arm64-mm_context-t-placeholder.patch. Re-enable kABI place holder for SLE15-SP4 - commit 7bf2c52 - dma-buf: cma_heap: Fix mutex locking section (git-fixes). - dma-buf: system_heap: Avoid warning on mid-order allocations (git-fixes). - commit 2944bf7 - drm/amdgpu/display: Only set vblank_disable_immediate when PSR is not enabled (git-fixes). - drm/amd/display: Enable PSR by default on newer DCN (git-fixes). - commit 9be44b2 - x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes). - w1: Misuse of get_user()/put_user() reported by sparse (git-fixes). - usb: dwc2: gadget: initialize max_speed from params (git-fixes). - commit fa8f66b - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes). - usb: uhci: add aspeed ast2600 uhci support (git-fixes). - usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes). - USB: ehci_brcm_hub_control: Improve port index sanitizing (git-fixes). - usb: dwc3: meson-g12a: fix shared reset control use (git-fixes). - serial: core: Keep mctrl register state and cached copy in sync (git-fixes). - serial: pl011: Drop CR register reset on set_termios (git-fixes). - serial: pl010: Drop CR register reset on set_termios (git-fixes). - soc: imx: gpcv2: Synchronously suspend MIX domains (git-fixes). - soc: ti: pruss: fix referenced node in error message (git-fixes). - commit 6ef0377 - rtc: cmos: take rtc_lock while reading from CMOS (git-fixes). - phy: mediatek: Fix missing check in mtk_mipi_tx_probe (git-fixes). - regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes). - regulator: da9121: Prevent current limit change when enabled (git-fixes). - PM: runtime: Add safety net to supplier device release (git-fixes). - rtw88: 8822c: update rx settings to prevent potential hw deadlock (git-fixes). - rsi: Fix out-of-bounds read in rsi_read_pkt() (git-fixes). - rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes). - rtw88: add quirk to disable pci caps on HP 250 G7 Notebook PC (git-fixes). - PM: AVS: qcom-cpr: Use div64_ul instead of do_div (git-fixes). - commit 0642d93 - btrfs: fix lzo_decompress_bio() kmap leakage (bsc#1193852). - Revert "btrfs: compression: drop kmap/kunmap from lzo" (bsc#1193852). - Revert "btrfs: compression: drop kmap/kunmap from zlib" (bsc#1193852). - Revert "btrfs: compression: drop kmap/kunmap from zstd" (bsc#1193852). - Revert "btrfs: compression: drop kmap/kunmap from generic helpers" (bsc#1193852). - btrfs: fix lzo_decompress_bio() kmap leakage (bsc#1193852). - Revert "btrfs: compression: drop kmap/kunmap from lzo" (bsc#1193852). - Revert "btrfs: compression: drop kmap/kunmap from zlib" (bsc#1193852). - Revert "btrfs: compression: drop kmap/kunmap from zstd" (bsc#1193852). - Revert "btrfs: compression: drop kmap/kunmap from generic helpers" (bsc#1193852). - commit c24af5b - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes). - PCI: pciehp: Use down_read/write_nested(reset_lock) to fix lockdep errors (git-fixes). - mmc: mtk-sd: Use readl_poll_timeout instead of open-coded polling (git-fixes). - mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes). - mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes). - net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes). - mt76: mt7615: improve wmm index allocation (git-fixes). - mt76: do not pass the received frame with decryption error (git-fixes). - mt76: mt7615: fix possible deadlock while mt7615_register_ext_phy() (git-fixes). - net: phy: prefer 1000baseT over 1000baseKX (git-fixes). - commit fe2b42c - mmc: sdhci-pci-gli: GL9755: Support for CD/WP inversion on OF platforms (git-fixes). - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes). - mmc: tmio: reinit card irqs in reset routine (git-fixes). - mfd: tps65910: Set PWR_OFF bit during driver probe (git-fixes). - mfd: atmel-flexcom: Use .resume_noirq (git-fixes). - mfd: atmel-flexcom: Remove #ifdef CONFIG_PM_SLEEP (git-fixes). - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: rockchip: rkisp1: use device name for debugfs subdir name (git-fixes). - media: igorplugusb: receiver overflow should be reported (git-fixes). - media: m920x: don't use stack on USB reads (git-fixes). - commit 3a8fd18 - media: atomisp: fix "variable dereferenced before check 'asd'" (git-fixes). - media: cec: fix a deadlock situation (git-fixes). - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: rcar-vin: Update format alignment constraints (git-fixes). - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes). - media: venus: avoid calling core_clk_setrate() concurrently during concurrent video sessions (git-fixes). - media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes). - media: atomisp: handle errors at sh_css_create_isp_params() (git-fixes). - media: atomisp: check before deference asd variable (git-fixes). - media: atomisp-ov2680: Fix ov2680_set_fmt() clobbering the exposure (git-fixes). - commit d62b853 - mac80211: allow non-standard VHT MCS-10/11 (bsc#1192891). - iwlwifi: pcie: make sure prph_info is set when treating wakeup IRQ (git-fixes). - iwlwifi: mvm: fix AUX ROC removal (git-fixes). - iwlwifi: mvm: Fix calculation of frame length (git-fixes). - iwlwifi: remove module loading failure message (git-fixes). - iwlwifi: fix leaks/bad data after failed firmware load (git-fixes). - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes). - media: atomisp: set per-device's default mode (git-fixes). - media: atomisp: fix enum formats logic (git-fixes). - media: atomisp: add NULL check for asd obtained from atomisp_video_pipe (git-fixes). - commit 5c77fd4 - HID: Ignore battery for Elan touchscreen on HP Envy X360 15t-dr100 (git-fixes). - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes). - i2c: mpc: Correct I2C reset procedure (git-fixes). - i2c: i801: Don't silently correct invalid transfer size (git-fixes). - interconnect: qcom: rpm: Prevent integer overflow in rate (git-fixes). - iio: trigger: Fix a scheduling whilst atomic issue seen on tsc2046 (git-fixes). - HSI: core: Fix return freed object in hsi_new_client (git-fixes). - HID: magicmouse: Fix an error handling path in magicmouse_probe() (git-fixes). - iwlwifi: mvm: avoid clearing a just saved session protection id (git-fixes). - iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes). - commit 6ef8153 - drm/i915/display/ehl: Update voltage swing table (git-fixes). - floppy: Add max size check for user space request (git-fixes). - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes). - HID: magicmouse: Report battery level over USB (git-fixes). - HID: apple: Do not reset quirks when the Fn key is not found (git-fixes). - HID: i2c-hid-of: Expose the touchscreen-inverted properties (git-fixes). - HID: quirks: Allow inverting the absolute X/Y values (git-fixes). - drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes). - drm/etnaviv: consider completed fence seqno in hang check (git-fixes). - commit b98cf3a - drm/etnaviv: limit submit sizes (git-fixes). - drm/amd/amdgpu: fix gmc bo pin count leak in SRIOV (git-fixes). - drm/amd/amdgpu: fix psp tmr bo pin count leak in SRIOV (git-fixes). - drm/vmwgfx: Release ttm memory if probe fails (git-fixes). - drm: rcar-du: Fix CRTC timings when CMM is used (git-fixes). - drm/amd/display: add else to avoid double destroy clk_mgr (git-fixes). - drm/amdgpu/display: set vblank_disable_immediate for DC (git-fixes). - drm/amd/display: check top_pipe_to_program pointer (git-fixes). - drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes). - commit 7ac44dd - crypto: qat - make pfvf send message direction agnostic (git-fixes). - Refresh patches.suse/crypto-qat-fix-undetected-PFVF-timeout-in-ACK-loop.patch. - commit 1517ba9 - crypto: hisilicon/hpre - fix memory leak in hpre_curve25519_src_init() (git-fixes). - drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes). - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes). - drm/bridge: dw-hdmi: handle ELD when DRM_BRIDGE_ATTACH_NO_CONNECTOR (git-fixes). - drm/ttm: Put BO in its memory manager's lru list (git-fixes). - drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y (git-fixes). - drm/panel: Delete panel on mipi_dsi_attach() failure (git-fixes). - crypto: qat - remove unnecessary collision prevention step in PFVF (git-fixes). - commit 4a84546 - clk: meson: gxbb: Fix the SDM_EN bit for MPLL0 on GXBB (git-fixes). - backlight: qcom-wled: Respect enabled-strings in set_brightness (git-fixes). - backlight: qcom-wled: Use cpu_to_le16 macro to perform conversion (git-fixes). - batman-adv: allow netlink usage in unprivileged containers (git-fixes). - Bluetooth: vhci: Set HCI_QUIRK_VALID_LE_STATES (git-fixes). - Bluetooth: btintel: Add missing quirks and msft ext for legacy bootloader (git-fixes). - Bluetooth: MGMT: Use hci_dev_test_and_{set,clear}_flag (git-fixes). - Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes). - Bluetooth: refactor set_exp_feature with a feature table (git-fixes). - commit 4823532 - ath11k: Fix napi related hang (git-fixes). - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes). - ath9k_htc: fix NULL pointer dereference at ath9k_htc_tx_get_packet() (git-fixes). - ath9k_htc: fix NULL pointer dereference at ath9k_htc_rxep() (git-fixes). - ath11k: Avoid false DEADLOCK warning reported by lockdep (git-fixes). - ath11k: avoid deadlock by change ieee80211_queue_work for regd_update_work (git-fixes). - ath11k: Avoid NULL ptr access during mgmt tx cleanup (git-fixes). - ath11k: add string type to search board data in board-2.bin for WCN6855 (git-fixes). - ath11k: Fix crash caused by uninitialized TX ring (git-fixes). - commit 94ca4e3 - drm: Add kabi placeholders to commonly used structs (bsc#1179531). - commit 95ca796 - ASoC: mediatek: mt8183: fix device_node leak (git-fixes). - ASoC: mediatek: mt8173: fix device_node leak (git-fixes). - ASoC: mediatek: mt8192-mt6359: fix device_node leak (git-fixes). - ASoC: imx-hdmi: add put_device() after of_find_device_by_node() (git-fixes). - ACPI: CPPC: Check present CPUs for determining _CPC is valid (git-fixes). - ACPI: battery: Add the ThinkPad "Not Charging" quirk (git-fixes). - ACPI / x86: Add not-present quirk for the PCI0.SDHB.BRC1 device on the GPD win (git-fixes). - ACPI / x86: Allow specifying acpi_device_override_status() quirks by path (git-fixes). - ACPI: Change acpi_device_always_present() into acpi_device_override_status() (git-fixes). - ACPI / x86: Drop PWM2 device on Lenovo Yoga Book from always present table (git-fixes). - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes). - ACPICA: Fix wrong interpretation of PCC address (git-fixes). - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes). - ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes). - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes). - ath10k: Fix tx hanging (git-fixes). - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes). - amdgpu/pm: Make sysfs pm attributes as read-only for VFs (git-fixes). - ath11k: qmi: avoid error messages when dma allocation fails (git-fixes). - commit e0f2245 - Update patches.suse/0002-char-random-reinstantiate-DRBGs-once-optimized-sha51.patch (jsc#SLE-21132,bsc#1191259,bsc#1195160). - commit 1ebad47 - net ticp:fix a kernel-infoleak in __tipc_sendmsg() (bsc#1195199 CVE-2022-0382). - net/packet: rx_owner_map depends on pg_vec (bsc#1195184 CVE-2021-22600). - commit 322fbf8 - powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865). - commit 5d7a0a2 - rds: Fix memory leak in __rds_conn_create() (bsc#1194090 CVE-2021-45480). - commit 6d71aca - Update patches.suse/cpufreq-ondemand-set-default-up_threshold-to-30-on-multi-core-systems.patch (bsc#464461,bsc#981838,bsc#1064414,bsc#1144943,bsc#1193200,bsc#1193088). - commit 1420840 - Revert IPMI backports (bsc#1195195) It turned out that the recent backports of IPMI fixes cause a regression on arm64 machine. Deleted: patches.suse/ipmi-Fix-UAF-when-uninstall-ipmi_si-and-ipmi_msghand.patch patches.suse/ipmi-bail-out-if-init_srcu_struct-fails.patch patches.suse/ipmi-fix-initialization-when-workqueue-allocation-fa.patch - commit 435eaf7 ++++ systemd: - Make sure that libopenssl-devel is installed when building resolved. Openssl was implictly pulled in by systemd-experimental subpackage but could be missing if the build of this subpackage was disabled. ++++ sudo: - Add support in the LDAP filter for negated users, patch taken from upstream (jsc#20068) * Adds sudo-feature-negated-LDAP-users.patch ------------------------------------------------------------------ ------------------ 2022-1-26 - Jan 26 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Packaging additions with Autotools replacement: + Add Meson build requirement and replace Automake macros with Meson equivalent ones as autotools will be deprecated in the future. + Options passed to Meson to mimmic our default preferences: systemdsystemunitdir=%{_unitdir}, udev_dir=%{_udevdir}, dbus_conf_dir=%{_dbusconfdir}, iptables=%{_sbindir}/iptables, dnsmasq=%{_sbindir}/dnsmasq, dnssec_trigger=%{_libexecdir}\ /dnssec-trigger-script, dist_version=%{version}, polkit_agent_helper_1=%{_libexecdir}/polkit-1\ /polkit-agent-helper-1, hostname_persist=suse, switchable libaudit=%{libaudit_meson_opt}, iwd=true, pppd=%{_sbindir}\ /pppd, pppd_plugin_dir=%{_pppddir}, nm_cloud_setup=true, bluez5_dun=true, netconfig=%{_sbindir}/netconfig, dhclient=%{_sbindir}/dhclient, docs=true, switchable tests=%{tests_meson_opt}, more_asserts=0, more_logging=false, qt=false, and switchable teamdctl=true (teamctl is about to be deprecated). + Add conditionalized audit pkgconfig module build requirement to allow easier feature testing, and pass 'yes-disabled-by-default' to 'libaudit' Meson option. As an observation: Meson defaults passing 'yes' to this feature. + Add explicit c++_compiler build requirement to avoid build abortion. + Add explicit libselinux pkgconfig module build requirement checked by Meson and was already being pulled in by some other package. + Add polkit-gobject-1 pkgconfig module build requirement checked by Meson and needed for user auth-polkit support. + Add mobile-broadband-provider-info pkgconfig module build requirement checked by Meson and needed for ModemManager1 interface support. + Add sed command to fix server.conf config file location from defaultdocdir/NetworkManager/examples to defaultdocdir/NetworkManager. + Add useful %{_pppddir} and %{_dbusconfdir} macros to spec file, while dropping no longed needed pppddir shell variable definition and 'test -n "$pppddir" || exit 1' construct. + Add "< 1.21" version to libnm-glib-vpn1, libnm-glib4, and libnm-util2 < 1.21 to main package's Obsoletes tags, following packaging good practices to avoid future unwated behavior regarding versioning schemes. + Replace %version macro with hardcoded "0.9.1" version to the devel subpackage's %name-doc Obsoletes tag following packaging good practices to avoid future unwanted behaviors regarding versioning schemes (the doc subpackage was merged with the devel one in the 0.9.0 release). + Pass "%{?no_lang_C}" to %find_lang macro to avoid stripping any English translations (the default language) from main package. - Packaging deletions with Autotools replacement: + Remove data/server.conf from %doc macro in files section as it no longer works with Meson. + Remove "rm" command on server.conf file following sed command addition to fix the right location of the file. + Remove no longer useful conditional build abortion depending whether or not netconfig support was found 'grep "with_netconfig='no'" config.log' since this file isn't generated by Meson. + Remove no longer needed "find" command for GNU Libtool LA files deletion. + Drop no longer needed libtool build requirement as Meson does not use it. + Drop redundant sysconfig-netconfig build requirement as it does not add anything to the build anymore. + Drop comment about suse-release build requirement not being needed anymore, it's been deprecated for almost a decade now. + Drop setBadness for 'dbus-file-unauthorized' in the rpmlintrc: the new dbus file has been whitelisted already (bsc#1194799). ++++ apparmor: - add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221, MR 827) ++++ glib2: - Update to version 2.70.3: + Several important fixes to FD handling in gspawn. + Several important fixes to GDBus message and GVariant parsing of invalid data. + Fix potential data loss due to missing fsync when saving files on btrfs. + Bugs fixed: glgo#GNOME/GLib#2503, glgo#GNOME/GLib#2506, glgo#GNOME/GLib#2557, glgo#GNOME/GLib#2572, glgo#GNOME/GLib#2580, glgo#GNOME/GLib!2394, glgo#GNOME/GLib!2415, glgo#GNOME/GLib!2437, glgo#GNOME/GLib!2444, glgo#GNOME/GLib!2455. + Updated translations. ++++ kernel-default: - supported.conf: mark rtw88 modules as supported (jsc#SLE-22690) - commit 37cc2d0 - mm: drop node from alloc_pages_vma (jsc#SLE-23098). - commit 27520d6 - mm/mempolicy: wire up syscall set_mempolicy_home_node (jsc#SLE-23098). - mm/mempolicy: add set_mempolicy_home_node syscall (jsc#SLE-23098). - mm/mempolicy: use policy_node helper with MPOL_PREFERRED_MANY (jsc#SLE-23098). - mm/mempolicy: unify the create() func for bind/interleave/prefer-many policies (jsc#SLE-23098). - mm/mempolicy: advertise new MPOL_PREFERRED_MANY (jsc#SLE-23098). - mm/hugetlb: add support for mempolicy MPOL_PREFERRED_MANY (jsc#SLE-23098). - mm/memplicy: add page allocation function for MPOL_PREFERRED_MANY policy (jsc#SLE-23098). - mm/mempolicy: add MPOL_PREFERRED_MANY for multiple preferred nodes (jsc#SLE-23098). - commit 41edfce - Update patches.suse/USB-gadget-detect-too-big-endpoint-0-requests.patch (bsc#1193802 CVE-2021-39685). Updated references for CVE that became known after the fix had been applied for other reasons - commit 149a312 - Refresh patches.suse/powerpc-security-mitigation-patching.sh-Support-X-ta.patch. - commit cc4f423 - ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes). - commit ae5a8de ++++ libapparmor: - add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221, MR 827) ++++ systemd: - resolved: disable DNSSEC until the following issue is solved: https://github.com/systemd/systemd/issues/10579 - resolved: disable fallback DNS servers and fail when no DNS server info could be obtained from the links. It's better to let the sysadmin know that something is likely misconfigured rather than silently handing over the DNS queries to Google or Cloudflare. - Replace '%setup+%autopatch' with '%autosetup' ++++ libvirt: - Revert commit 938382b60a since it changes semantics on some public APIs 105dace2-revert-virProcessGetStatInfo.patch ++++ samba: - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); ++++ suseconnect-ng: - Update to version 0.0.6~git0.77933db: * Add man pages * Add note in DIFFERENCES.md about abbreviated flags * Add -l as an alias for --list-extensions * Add --clean as an alias for --cleanup (bsc#1195003) * Suppress expected error log message in TLS test * Add flag to import product repo keys (bsc#1174657) ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#570 - use for build proper schema flavor (jsc#SLE-18820) - 16.57.13 ++++ toolbox: - Allow docker as an alternative to podman in the package Requires. This was supported since 2.2. ++++ u-boot-rpiarm64: Change branch to sle15-sp4. Add support for RPi Zero 2 (jsc#SLE-23131). Patch queue updated from https://github.com/openSUSE/u-boot.git sle15-sp4 * Patches added: 0017-rpi-Add-identifier-for-the-new-RPi-.patch ++++ yast2: - Added Y2Packager::NewRepositorySetup to track new repositories (related to bsc#1194453) - 4.4.42 - Fix PackageAI call to PackagesProposal.GetResolvable. It prevents a crash when cloning a system (bsc#1195137). - 4.4.41 ++++ yast2-schema-micro: - Synced version with default schema (related to jsc#SLE-22069). - 4.4.10 ------------------------------------------------------------------ ------------------ 2022-1-25 - Jan 25 2022 ------------------- ------------------------------------------------------------------ ++++ iputils: - temporarily reintroduce rarpd and rdisc tools to get them into 15sp4 [jsc#SLE-23521] ++++ kernel-default: - net: bonding: fix bond_xmit_broadcast return value error bug (git-fixes). - mlx5: Don't accidentally set RTO_ONLINK before mlx5e_route_lookup_ipv4_get() (git-fixes). - libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() (git-fixes). - RDMA/cxgb4: Set queue pair state when being queried (git-fixes). - RDMA/rxe: Fix a typo in opcode name (git-fixes). - RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes). - RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes). - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes). - RDMA/rxe: Remove the unnecessary variable (git-fixes). - RDMA/uverbs: Remove the unnecessary assignment (git-fixes). - RDMA/hns: Modify the mapping attribute of doorbell to device (git-fixes). - RDMA/rtrs-clt: Fix the initial value of min_latency (git-fixes). - RDMA/cma: Remove open coding of overflow checking for private_data_len (git-fixes). - RDMA/hns: Validate the pkey index (git-fixes). - RDMA/bnxt_re: Scan the whole bitmap when checking if "disabling RCFW with pending cmd-bit" (git-fixes). - Revert "net/mlx5: Add retry mechanism to the command entry index allocation" (git-fixes). - net/mlx5: Set command entry semaphore up once got index free (git-fixes). - net/mlx5e: Sync VXLAN udp ports during uplink representor profile change (git-fixes). - net/mlx5: Fix access to sf_dev_table on allocation failure (git-fixes). - net/mlx5e: Fix matching on modified inner ip_ecn bits (git-fixes). - Revert "net/mlx5e: Block offload of outer header csum for GRE tunnel" (git-fixes). - Revert "net/mlx5e: Block offload of outer header csum for UDP tunnels" (git-fixes). - net/mlx5e: Don't block routes with nexthop objects in SW (git-fixes). - net/mlx5e: Fix wrong usage of fib_info_nh when routes with nexthop objects are used (git-fixes). - net/mlx5e: Fix nullptr on deleting mirroring rule (git-fixes). - net/mlx5e: Fix page DMA map/unmap attributes (git-fixes). - bnxt_en: use firmware provided max timeout for messages (git-fixes). - igc: AF_XDP zero-copy metadata adjust breaks SKBs on XDP_PASS (git-fixes). - commit 450565e - Delete patches.suse/block-genhd-use-atomic_t-for-disk_event-block.patc. (bsc#1192913, bsc#1194850) - commit 62f1042 - mm: vmscan: reduce throttling due to a failure to make progress - fix (git fixes (mm/vmscan)). - mm: vmscan: Reduce throttling due to a failure to make progress (git fixes (mm/vmscan)). - commit 985ae57 - Delete patches.suse/mm-vmscan-Reduce-throttling-due-to-a-failure-to-make-progress.patch. - commit 758b892 - ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713). - ibmvnic: don't spin in tasklet (bsc#1195073 ltc#195713). - ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713). - ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713). - commit 80bb4bf - sched/fair: Mark tg_is_idle() an inline in the !CONFIG_FAIR_GROUP_SCHED case (git fixes (sched/fair)). - commit 3fda91c - bpf, mm: Fix lockdep warning triggered by stack_map_get_build_id_offset() (git fixes (mm/mmap)). - commit 7c2b587 - mm: shmem: don't truncate page if memory failure happens v2 (bsc#1190208 (MM functional and performance backports)). - commit 4233c64 - Revert "mm: shmem: don't truncate page if memory failure happens" (git fixes (mm/shmem)). - commit 91b69dc - nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert (git fixes (mm/gup)). - commit d2119e6 - bpf: Fix out of bounds access for ringbuf helpers (bsc#1194111 bsc#1194765 CVE-2021-4204 CVE-2022-23222). - bpf: Generally fix helper register offset check (bsc#1194111 bsc#1194765 CVE-2021-4204 CVE-2022-23222). - bpf: Generalize check_ctx_reg for reuse with other types (bsc#1194111 bsc#1194765 CVE-2021-4204 CVE-2022-23222). - commit 5803ef2 ++++ systemd: - Don't generate ID_NET_NAME_SLOT for devices behind a PCI bridge (bsc#1192637) If multiple NICs are behind a PCI bridge, each of them will get the same ID_NET_NAME_SLOT value leading to conflicting names. Such names weren't generated before SLE15-SP3. ++++ libvirt: - libxl: Add lock process indicator to saved VM state 31e937fb-libxl-save-lock-indicator.patch bsc#1191668 ++++ wayland: - There is a file conflict in current wayland-devel-32bit and prvevious libwayland-egl-devel-32bit package; therefore add a conflicts to baselibs.conf ++++ yast2: - Use Package module instead of PackageSystem (bsc#1194886). - 4.4.40 ------------------------------------------------------------------ ------------------ 2022-1-24 - Jan 24 2022 ------------------- ------------------------------------------------------------------ ++++ combustion: - Remove /var/lib/YaST2/reconfig_system on successful runs ++++ glibc: - getcwd-erange.patch: getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999, bsc#1194640, BZ #28769) ++++ kernel-default: - clocksource: Reduce the default clocksource_watchdog() retries to 2 (bsc#1192724). - commit ec1b82e - clocksource: Avoid accidental unstable marking of clocksources (bsc#1192724). - commit 8396e64 - x86/tsc: Disable clocksource watchdog for TSC on qualified platorms (bsc#1192724). - commit ad5e1ba - x86/tsc: Add a timer to make sure TSC_adjust is always checked (bsc#1192724). - commit c76fbc3 - Delete "Forgive repeated long-latency watchdog clocksource reads (bsc#1192724)" The patch being deleted was a tentative fix that never made it into upstream Linux. The clocksource instability issue will be addressed with more appropriate fixes. - scripts/git_sort/git_sort.py: Remove a dev branch of the -rcu tree - Delete patches.suse/clocksource-Forgive-repeated-long-latency-watchdog-c.patch. - commit 726d4be - kernel-binary.spec.in: Move 20-kernel-default-extra.conf to the correctr directory (bsc#1195051). - commit c80b5de - scsi: kABI: Add suse_kabi_padding to scsi template structs (bsc#1195056). - commit 7342194 - Refresh patches.suse/0003-kabi-Add-placeholders-to-a-couple-of-important-struc.patch. - commit e169a7b - scsi: storvsc: Fix storvsc_queuecommand() memory leak (git-fixes). - commit a3c4175 - Move upstreamed IMA fix into sorted section - commit 8970684 - psi: Fix uaf issue when psi trigger is destroyed while being polled (git-fixes). - bitops: protect find_first_{,zero}_bit properly (git-fixes). - scripts/dtc: dtx_diff: remove broken example from help text (git-fixes). - Documentation: fix firewire.rst ABI file path error (git-fixes). - commit b4b4dff - selftests/powerpc: Use date instead of EPOCHSECONDS in mitigation-patching.sh (bsc#1194305 ltc#195651). - commit d103181 - Refresh patches.suse/powerpc-security-mitigation-patching.sh-Support-X-ta.patch (bsc#1194305 ltc#195651). - commit 96568cb - powerpc/64s: Mask SRR0 before checking against the masked NIP (bsc#1194869). - commit 2f4f88b ++++ util-linux: - Fix unauthorized umount (CVE-2021-3995, CVE-2021-3996, bsc#1194976, util-linux-libmount-check-fuse-umount-CVE-2021-3995.patch, util-linux-libmount-fix-deleted-suffix-CVE-2021-3996.patch). ++++ gcc12: - Update to trunk head, 978abe918f8c8deed28e92297d3c0cc (git191254) - Fix filenames in the following patches: gcc11-amdgcn-disable-hot-cold-partitioning.patch, gcc41-ppc32-retaddr.patch. ++++ pciutils: - Add pciutils-Add-PCIe-5.0-data-rate-32-GT-s-support.patch Add pciutils-Add-PCIe-6.0-data-rate-64-GT-s-support.patch (bsc#1192862) ++++ selinux-policy: - Update to version 20220124. Refreshed: * fix_hadoop.patch * fix_init.patch * fix_kernel_sysctl.patch * fix_systemd.patch * fix_systemd_watch.patch - Added fix_hypervkvp.patch to fix issues with hyperv labeling (bsc#1193987) ++++ util-linux-systemd: - Fix unauthorized umount (CVE-2021-3995, CVE-2021-3996, bsc#1194976, util-linux-libmount-check-fuse-umount-CVE-2021-3995.patch, util-linux-libmount-fix-deleted-suffix-CVE-2021-3996.patch). ++++ yast2: - Preload libsuseconnect.so if available. On aarch64 installer/YaST sometimes failed to load libsuseconnect.so with "cannot allocate memory in static TLS block" error. Loading the library before others solves the problem until a better solution is found (bsc#1194996). - 4.3.39 ++++ yast2-trans: - Update to version 84.87.20220123.256c7f91b3: * Translated using Weblate (Spanish) * Translated using Weblate (Catalan) * New POT for text domain 'vpn'. * New POT for text domain 'users'. * New POT for text domain 'update'. * New POT for text domain 'tune'. * New POT for text domain 'tftp-server'. * New POT for text domain 'sysconfig'. * New POT for text domain 'support'. * New POT for text domain 'sudo'. * New POT for text domain 'storage'. * New POT for text domain 'squid'. * New POT for text domain 'sound'. * New POT for text domain 'snapper'. * New POT for text domain 'slp-server'. * New POT for text domain 'services-manager'. * New POT for text domain 'security'. * New POT for text domain 'scanner'. * New POT for text domain 'samba-server'. * New POT for text domain 'samba-client'. * New POT for text domain 's390'. * New POT for text domain 'registration'. * New POT for text domain 'rear'. * New POT for text domain 'proxy'. * New POT for text domain 'printer'. * New POT for text domain 'pam'. * New POT for text domain 'packager'. * New POT for text domain 'online-update-configuration'. * New POT for text domain 'online-update'. * New POT for text domain 'oneclickinstall'. * New POT for text domain 'ntp-client'. * New POT for text domain 'nis_server'. * New POT for text domain 'nis'. * New POT for text domain 'nfs_server'. * New POT for text domain 'nfs'. * New POT for text domain 'network'. * New POT for text domain 'migration'. * New POT for text domain 'mail'. * New POT for text domain 'ldap-client'. * New POT for text domain 'ldap'. * New POT for text domain 'kdump'. * New POT for text domain 'journalctl'. * New POT for text domain 'journal'. * New POT for text domain 'isns'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'instserver'. * New POT for text domain 'installation'. * New POT for text domain 'http-server'. * New POT for text domain 'ftp-server'. * New POT for text domain 'firewall'. * New POT for text domain 'fcoe-client'. * New POT for text domain 'drbd'. * New POT for text domain 'docker'. * New POT for text domain 'dns-server'. * New POT for text domain 'dhcp-server'. * New POT for text domain 'crowbar'. * New POT for text domain 'country'. * New POT for text domain 'control'. * New POT for text domain 'configuration_management'. * New POT for text domain 'cluster'. * New POT for text domain 'cio'. * New POT for text domain 'caasp'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * New POT for text domain 'autoinst'. * New POT for text domain 'authserver'. * New POT for text domain 'auth-client'. * New POT for text domain 'audit-laf'. * New POT for text domain 'apparmor'. * New POT for text domain 'alternatives'. * New POT for text domain 'add-on'. * Translated using Weblate (Czech) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'country'. * New POT for text domain 'autoinst'. * New POT for text domain 'add-on'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * New POT for text domain 'vpn'. * New POT for text domain 'users'. * New POT for text domain 'update'. * New POT for text domain 'tune'. * New POT for text domain 'tftp-server'. * New POT for text domain 'sysconfig'. * New POT for text domain 'support'. * New POT for text domain 'sudo'. * New POT for text domain 'storage'. * New POT for text domain 'squid'. * New POT for text domain 'sound'. * New POT for text domain 'snapper'. * New POT for text domain 'slp-server'. * New POT for text domain 'services-manager'. * New POT for text domain 'security'. * New POT for text domain 'scanner'. * New POT for text domain 'samba-server'. * New POT for text domain 'samba-client'. * New POT for text domain 's390'. * New POT for text domain 'registration'. * New POT for text domain 'rear'. * New POT for text domain 'proxy'. * New POT for text domain 'printer'. * New POT for text domain 'pam'. * New POT for text domain 'packager'. * New POT for text domain 'online-update-configuration'. * New POT for text domain 'online-update'. * New POT for text domain 'oneclickinstall'. * New POT for text domain 'ntp-client'. * New POT for text domain 'nis_server'. * New POT for text domain 'nis'. * New POT for text domain 'nfs_server'. * New POT for text domain 'nfs'. * New POT for text domain 'network'. * New POT for text domain 'migration'. * New POT for text domain 'mail'. * New POT for text domain 'ldap-client'. * New POT for text domain 'ldap'. * New POT for text domain 'kdump'. * New POT for text domain 'journalctl'. * New POT for text domain 'journal'. * New POT for text domain 'isns'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'instserver'. * New POT for text domain 'installation'. * New POT for text domain 'http-server'. * New POT for text domain 'ftp-server'. * New POT for text domain 'firewall'. * New POT for text domain 'fcoe-client'. * New POT for text domain 'drbd'. * New POT for text domain 'docker'. * New POT for text domain 'dns-server'. * New POT for text domain 'dhcp-server'. * New POT for text domain 'crowbar'. * New POT for text domain 'country'. * New POT for text domain 'control'. * New POT for text domain 'configuration_management'. * New POT for text domain 'cluster'. * New POT for text domain 'cio'. * New POT for text domain 'caasp'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * New POT for text domain 'autoinst'. * New POT for text domain 'authserver'. * New POT for text domain 'auth-client'. * New POT for text domain 'audit-laf'. * New POT for text domain 'apparmor'. * New POT for text domain 'alternatives'. * New POT for text domain 'add-on'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * product-check.sh: Proper indentation for bc095e9e0d * product-check.sh: Add new check More projects use the same RPMNAME * product-check.sh: Update sample configuration to SLE15 SP4 and Leap 15.4. * Add sap-installation-wizard to DOMAIN_MAP. * New POT for text domain 'wol'. * New POT for text domain 'vpn'. * New POT for text domain 'users'. * New POT for text domain 'update'. * New POT for text domain 'tune'. * New POT for text domain 'sysconfig'. * New POT for text domain 'support'. * New POT for text domain 'sudo'. * New POT for text domain 'storage'. * New POT for text domain 'squid'. * New POT for text domain 'sound'. * New POT for text domain 'snapper'. * New POT for text domain 'slp-server'. * New POT for text domain 'services-manager'. * New POT for text domain 'security'. * New POT for text domain 'scanner'. * New POT for text domain 'samba-server'. * New POT for text domain 'samba-client'. * New POT for text domain 's390'. * New POT for text domain 'rmt'. * New POT for text domain 'relocation-server'. * New POT for text domain 'reipl'. * New POT for text domain 'registration'. * New POT for text domain 'rdp'. * New POT for text domain 'proxy'. * New POT for text domain 'printer'. * New POT for text domain 'pam'. * New POT for text domain 'packager'. * New POT for text domain 'online-update'. * New POT for text domain 'ntp-client'. * New POT for text domain 'nis_server'. * New POT for text domain 'nis'. * New POT for text domain 'nfs_server'. * New POT for text domain 'nfs'. * New POT for text domain 'network'. * New POT for text domain 'multipath'. * New POT for text domain 'migration'. * New POT for text domain 'mail'. * New POT for text domain 'ldap-client'. * New POT for text domain 'ldap'. * New POT for text domain 'kdump'. * New POT for text domain 'journalctl'. * New POT for text domain 'isns'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'iplb'. * New POT for text domain 'instserver'. * New POT for text domain 'installation'. * New POT for text domain 'http-server'. * New POT for text domain 'geo-cluster'. * New POT for text domain 'ftp-server'. * New POT for text domain 'firewall'. * New POT for text domain 'fcoe-client'. * New POT for text domain 'drbd'. * New POT for text domain 'dns-server'. * New POT for text domain 'dhcp-server'. * New POT for text domain 'crowbar'. * New POT for text domain 'country'. * New POT for text domain 'control'. * New POT for text domain 'cluster'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * New POT for text domain 'autoinst'. * New POT for text domain 'auth-client'. * New POT for text domain 'audit-laf'. * New POT for text domain 'apparmor'. * New POT for text domain 'add-on'. * Automatic update of wol. * Automatic update of vpn. * Automatic update of users. * Automatic update of update. * Automatic update of tune. * Automatic update of s390. * Automatic update of sysconfig. * Automatic update of support. * Automatic update of sudo. * Automatic update of storage. * Automatic update of squid. * Automatic update of sound. * Automatic update of snapper. * Automatic update of slp-server. * Automatic update of services-manager. * Automatic update of security. * Automatic update of scanner. * Automatic update of sap-installation-wizard. * Automatic update of samba-server. * Automatic update of samba-client. * Automatic update of rmt. * Automatic update of relocation-server. * Automatic update of reipl. * Automatic update of registration. * Automatic update of rdp. * Automatic update of proxy. * Automatic update of printer. * Automatic update of pam. * Automatic update of packager. * Automatic update of online-update. * Automatic update of ntp-client. * Automatic update of nis_server. * Automatic update of nis. * Automatic update of nfs_server. * Automatic update of nfs. * Automatic update of network. * Automatic update of multipath. * Automatic update of migration. * Automatic update of mail. * Automatic update of ldap-client. * Automatic update of ldap. * Automatic update of kdump. * Automatic update of journalctl. * Automatic update of isns. * Automatic update of iscsi-lio-server. * Automatic update of iscsi-client. * Automatic update of iplb. * Automatic update of instserver. * Automatic update of installation. * Automatic update of http-server. * Automatic update of geo-cluster. * Automatic update of ftp-server. * Automatic update of firewall. * Automatic update of fcoe-client. * Automatic update of drbd. * Automatic update of dns-server. * Automatic update of dhcp-server. * Automatic update of crowbar. * Automatic update of country. * Automatic update of control. * Automatic update of cluster. * Automatic update of bootloader. * Automatic update of base. * Automatic update of autoinst. * Automatic update of auth-client. * Automatic update of audit-laf. * Automatic update of apparmor. * Automatic update of add-on. * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Do not translate yast/y2status * Translated using Weblate (Japanese) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * New POT for text domain 'wol'. * New POT for text domain 'vpn'. * New POT for text domain 'users'. * New POT for text domain 'update'. * New POT for text domain 'tune'. * New POT for text domain 'sysconfig'. * New POT for text domain 'support'. * New POT for text domain 'sudo'. * New POT for text domain 'storage'. * New POT for text domain 'squid'. * New POT for text domain 'sound'. * New POT for text domain 'snapper'. * New POT for text domain 'slp-server'. * New POT for text domain 'services-manager'. * New POT for text domain 'security'. * New POT for text domain 'scanner'. * New POT for text domain 'samba-server'. * New POT for text domain 'samba-client'. * New POT for text domain 's390'. * New POT for text domain 'rmt'. * New POT for text domain 'relocation-server'. * New POT for text domain 'reipl'. * New POT for text domain 'registration'. * New POT for text domain 'rdp'. * New POT for text domain 'proxy'. * New POT for text domain 'printer'. * New POT for text domain 'pam'. * New POT for text domain 'packager'. * New POT for text domain 'online-update'. * New POT for text domain 'ntp-client'. * New POT for text domain 'nis_server'. * New POT for text domain 'nis'. * New POT for text domain 'nfs_server'. * New POT for text domain 'nfs'. * New POT for text domain 'network'. * New POT for text domain 'multipath'. * New POT for text domain 'migration'. * New POT for text domain 'mail'. * New POT for text domain 'ldap-client'. * New POT for text domain 'ldap'. * New POT for text domain 'kdump'. * New POT for text domain 'journalctl'. * New POT for text domain 'isns'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'iplb'. * New POT for text domain 'instserver'. * New POT for text domain 'installation'. * New POT for text domain 'http-server'. * New POT for text domain 'geo-cluster'. * New POT for text domain 'ftp-server'. * New POT for text domain 'firewall'. * New POT for text domain 'fcoe-client'. * New POT for text domain 'drbd'. * New POT for text domain 'dns-server'. * New POT for text domain 'dhcp-server'. * New POT for text domain 'crowbar'. * New POT for text domain 'country'. * New POT for text domain 'control'. * New POT for text domain 'cluster'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * New POT for text domain 'autoinst'. * New POT for text domain 'auth-client'. * New POT for text domain 'audit-laf'. * New POT for text domain 'apparmor'. * New POT for text domain 'add-on'. * Update DOMAIN_MAP * Automatic update of wol. * Automatic update of vpn. * Automatic update of users. * Automatic update of update. * Automatic update of tune. * Automatic update of s390. * Automatic update of sysconfig. * Automatic update of support. * Automatic update of sudo. * Automatic update of storage. * Automatic update of squid. * Automatic update of sound. * Automatic update of snapper. * Automatic update of slp-server. * Automatic update of services-manager. * Automatic update of security. * Automatic update of scanner. * Automatic update of samba-server. * Automatic update of samba-client. * Automatic update of rmt. * Automatic update of relocation-server. * Automatic update of reipl. * Automatic update of registration. * Automatic update of rdp. * Automatic update of qt-pkg. * Automatic update of qt. * Automatic update of proxy. * Automatic update of printer. * Automatic update of pam. * Automatic update of packager. * Automatic update of online-update. * Automatic update of ntp-client. * Automatic update of nis_server. * Automatic update of nis. * Automatic update of nfs_server. * Automatic update of nfs. * Automatic update of network. * Automatic update of ncurses-pkg. * Automatic update of ncurses. * Automatic update of multipath. * Automatic update of migration. * Automatic update of mail. * Automatic update of ldap-client. * Automatic update of ldap. * Automatic update of kdump. * Automatic update of journalctl. * Automatic update of isns. * Automatic update of iscsi-lio-server. * Automatic update of iscsi-client. * Automatic update of iplb. * Automatic update of instserver. * Automatic update of installation. * Automatic update of http-server. * Automatic update of geo-cluster. * Automatic update of ftp-server. * Automatic update of firstboot. * Automatic update of firewall. * Automatic update of fcoe-client. * Automatic update of drbd. * Automatic update of dns-server. * Automatic update of dhcp-server. * Automatic update of crowbar. * Automatic update of country. * Automatic update of control. * Automatic update of cluster. * Automatic update of bootloader. * Automatic update of base. * Automatic update of autoinst. * Automatic update of auth-client. * Automatic update of audit-laf. * Automatic update of apparmor. * Automatic update of add-on. ------------------------------------------------------------------ ------------------ 2022-1-23 - Jan 23 2022 ------------------- ------------------------------------------------------------------ ++++ qemu: - Enable modules for testsuite ------------------------------------------------------------------ ------------------ 2022-1-22 - Jan 22 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - gpio: mpc8xxx: Fix an ignored error return from platform_get_irq() (git-fixes). - gpio: idt3243x: Fix an ignored error return from platform_get_irq() (git-fixes). - commit d403da6 - HID: uhid: Fix worker destroying device without any protection (git-fixes). - HID: vivaldi: fix handling devices not using numbered reports (git-fixes). - rtc: pxa: fix null pointer dereference (git-fixes). - drm/radeon: fix error handling in radeon_driver_open_kms (git-fixes). - drm/amdgpu: don't do resets on APUs which don't support it (git-fixes). - clk: si5341: Fix clock HW provider cleanup (git-fixes). - gpio: idt3243x: Fix IRQ check in idt_gpio_probe (git-fixes). - gpio: mpc8xxx: Fix IRQ check in mpc8xxx_probe (git-fixes). - commit 06c7e48 - ALSA: hda/cs8409: Add new Warlock SKUs to patch_cs8409 (git-fixes). - ALSA: core: Simplify snd_power_ref_and_wait() with the standard macro (git-fixes). - ALSA: core: Fix SSID quirk lookup for subvendor=0 (git-fixes). - ALSA: usb-audio: add mapping for MSI MPG X570S Carbon Max Wifi (git-fixes). - ALSA: hda/realtek: fix speakers and micmute on HP 855 G8 (git-fixes). - commit 8124ea4 - HID: wacom: Avoid using stale array indicies to read contact count (bsc#1194667). - HID: wacom: Ignore the confidence flag when a touch is removed (bsc#1194667). - HID: wacom: Reset expected and received contact counts at the same time (bsc#1194667). - commit 19261e1 ------------------------------------------------------------------ ------------------ 2022-1-21 - Jan 21 2022 ------------------- ------------------------------------------------------------------ ++++ avahi: - Change to systemd-sysusers ++++ kdump: - kdump-calibrate-Ignore-malformed-VMCOREINFO.patch: calibrate: Ignore malformed VMCOREINFO lines (address occasional OBS build failures). - Update to 1.0 * Estimate kdump memory requirements at build time (jsc#SLE-18441). - Remove patches that have been upstreamed: * kdump-0.9.2-mkdumprd-properly-pass-compression-params.patch ++++ kernel-default: - drm/i915: Flush TLBs before releasing backing store (CVE-2022-0330 bsc#1194880). - commit d011369 - vfs: fs_context: fix up param length parsing in legacy_parse_param (CVE-2022-0185 bsc#1194517). - Rename and retag following upstream merge from: patches.suse/vfs-Out-of-bounds-write-of-heap-buffer-in-fs_context-c.patch to patches.suse/vfs-fs_context-fix-up-param-length-parsing-in-legacy.patch - commit e3271e6 - Update patches.suse/sctp-account-stream-padding-length-for-reconf-chunk.patch (stable-5.14.14 bsc#1194985 CVE-2022-0322). Added bsc/CVE reference - commit c9b8efe ++++ systemd: - Move the whole content of /usr/share/doc/packages/systemd in doc subpackage ++++ virglrenderer: - Pick up the full upstream patch for bsc#1194601, so we know from where it comes * No functional change intended ++++ lshw: - Update to version B.02.19.2+git.20211222: * Add Spanish translation * Fix mistakes in Catalan translation ++++ samba: - Update to 4.15.4 * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set "client max protocol" to NT1 before calling the "Reconnecting with SMB1 for workgroup listing" path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * "smbd --build-options" no longer works without an smb.conf file; (bso#14945); ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#563 - do not reset standard file descriptors in inst_setup, linuxrc takes care (bsc#1193910, jsc#SLE-18632) - 16.57.12 - merge gh#openSUSE/installation-images#566 - Add RPi4 arm-trusted-firmware package (bsc#1173489) - 16.57.11 ++++ yast2: - Unify Package, PackageSystem and PackageAI. Now the Package module is the entry point. PackageSystem and PackageAI implement specific logic and they should not be referenced from outside (bsc#1194886). - 4.3.38 - Fix CWM dialog: argument delegation is handled differently in ruby 2.6 and before (bsc#1194984). - 4.4.37 ++++ yast2-schema-micro: - Adapt dependencies for SLE15 SP3 as micro is based on it ------------------------------------------------------------------ ------------------ 2022-1-20 - Jan 20 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Split out NetworkManager-pppoe, needed to configure regular PPPoE connections (Not very common, as most users have PPPoE routers for the DSL connections). ++++ jeos-firstboot: - Update to version 1.1.0.0: * Introduce welcome screen for console switching (boo#1184157, jsc#SLE-18306) * Drop redundant functions in jeos-firstboot-functions * Drop call to snapper setup-quota, kiwi does that meanwhile ++++ kernel-default: - hwmon: (k10temp) Support up to 12 CCDs on AMD Family of processors (bsc#1192644 jsc#SLE-17823). - hwmon: (k10temp) Add support for AMD Family 19h Models 10h-1Fh and A0h-AFh (bsc#1192644 jsc#SLE-17823). - hwmon: (k10temp) Remove unused definitions (bsc#1192644 jsc#SLE-17823). - x86/amd_nb: Add AMD Family 19h Models (10h-1Fh) and (A0h-AFh) PCI IDs (bsc#1192644 jsc#SLE-17823). - commit b55859b - Revert "net: phy: fixed_phy: Fix NULL vs IS_ERR() checking in __fixed_phy_register" (git-fixes). - commit a9c90b6 - mt76: mt7921: fix possible resume failure (git-fixes). - commit adeea28 - media: c8sectpfe: fix double free in configure_channels() (git-fixes). - media: c8sectpfe: remove redundant assignment to pointer tsin (git-fixes). - commit 4ff2399 - Add cherry-picked IDs for media videobuf2 fix - commit e45c889 - iwlwifi: don't pass actual WGDS revision number in table_revision (git-fixes). - commit c270187 - Add cherry-picked ID to HID fix patch - commit 57fe3df - bus: mhi: core: Fix reading wake_capable channel configuration (git-fixes). - bus: mhi: pci_generic: Graceful shutdown on freeze (git-fixes). - commit 36e2acb - vfio/iommu_type1: replace kfree with kvfree (git-fixes). - net: phy: micrel: use kszphy_suspend()/kszphy_resume for irq aware devices (git-fixes). - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes). - net: phy: marvell: add Marvell specific PHY loopback (git-fixes). - lib82596: Fix IRQ check in sni_82596_probe (git-fixes). - 9p: only copy valid iattrs in 9P2000.L setattr implementation (git-fixes). - drm/amd/display: explicitly set is_dsc_supported to false before use (git-fixes). - net: phy: fixed_phy: Fix NULL vs IS_ERR() checking in __fixed_phy_register (git-fixes). - commit 8409861 - kernel-binary.spec: Do not use the default certificate path (bsc#1194943). Using the the default path is broken since Linux 5.17 - commit 68b36f0 - fuse: Pass correct lend value to filemap_write_and_wait_range() (bsc#1194959). - commit ab3cc62 ++++ libzypp: - Fix Legacy include (bsc#1194597) - version 17.29.2 (22) ++++ rp-pppoe: - Switch from net-tools to iproute2. [bsc#1194715] - added patches extracted from 3.15-3.14 + rp-pppoe-dont-ifconfig.patch ++++ rpm: - Revert unwanted /usr/bin/python -> /usr/bin/python2 change we got with the update to 4.14.3 [bsc#1194968] new patch: no-python2.diff ++++ virt-manager: - bsc#1194323 - [jsc#SLE-19237][virt-manager] Detected the wrong win2k22 guest system version from the local install media virtinst-windows-server-detection.patch - Upstream bug fixes (bsc#1027942) 8bb64ad5-console-Dont-block-console-reconnect-for-non-error.patch Drop virtman-init-viewer-on-reboot.patch ------------------------------------------------------------------ ------------------ 2022-1-19 - Jan 19 2022 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - fix (bsc#1194883) - aaa_base: Set net.ipv4.ping_group_range to allow ICMP ping - added patches + git-40-d004657a244d75b372a107c4f6097b42ba1992d5.patch ++++ btrfsprogs: - add python-rpm-macros (bsc#1194748) ++++ glibc: - 0001-powerpc-Optimized-strcpy-for-POWER9.patch, 0002-powerpc-Optimized-stpcpy-for-POWER9.patch, 0003-powerpc-Optimized-rawmemchr-for-POWER9.patch, 0004-powerpc64le-add-optimized-strlen-for-P9.patch, 0005-powerpc-fix-ifunc-implementation-list-for-POWER9-str.patch, 0006-powerpc-Add-optimized-strncpy-for-POWER9.patch, 0007-powerpc-Add-optimized-stpncpy-for-POWER9.patch, 0008-powerpc-Add-optimized-ilogb-for-POWER9.patch, 0009-powerpc-Add-optimized-llogb-for-POWER9.patch, 0010-powerpc-Add-optimized-strlen-for-POWER10.patch, 0011-powerpc64le-Optimized-memmove-for-POWER10.patch, 0012-powerpc64le-Optimize-memcpy-for-POWER10.patch, 0013-powerpc64le-Optimize-memset-for-POWER10.patch, 0014-powerpc64le-Fix-ifunc-selection-for-memset-memmove-b.patch, 0015-powerpc-Add-optimized-rawmemchr-for-POWER10.patch: ppc64le ifunc improvements (bsc#1194785, jsc#SLE-18195) ++++ kernel-default: - mount: warn only once about timestamp range expiration (bsc#1193000). - commit d968bc1 - Update patches.suse/tpm-fix-potential-NULL-pointer-access-in-tpm_del_cha.patch (git-fixes bsc#1193660 ltc#195634). - commit 6be7501 - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - commit 17d77e0 - livepatch: Fix missing unlock on error in klp_enable_patch() (bsc#1071995). - commit 3aafada - livepatch: Fix kobject refcount bug on klp_init_patch_early failure path (bsc#1071995). - commit 14928de - PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU (bsc#1194887). - commit b96f35f - livepatch/kabi: refresh and reenable kABI padding for future arm64 support - commit c5ed388 - Reenabling kABI placeholders for generic fpga stuff - commit b6c6ae1 - Reenabling kABI placeholders for generic crypto stuff - commit e9350d4 - Reenabling kABI placeholders for the QAT crypto driver - commit 1804445 - Refresh patches.suse/0001-kABI-more-hooks-for-PCI-changes.patch. Reenabling kABI placeholders for PCI stuff - commit 6145d27 - Refresh patches.suse/0001-Thunderbolt-kABI-paddings-added.patch. - Refresh patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch. - Delete patches.suse/0001-USB-fix-kABI-padding.patch. Reenabling the kABI placeholders for Type C stuff - commit 297e89c - powerpc/64s: Use EMIT_WARN_ENTRY for SRR debug warnings (bsc#1194869). - powerpc/64s: Mask NIP before checking against SRR0 (bsc#1194869). - Revert "powerpc: Inline setup_kup()" (bsc#1194869). - powerpc/modules: Don't WARN on first module allocation attempt (bsc#1194869). - powerpc/module_64: Fix livepatching for RO modules (bsc#1194869). - powerpc/xive: Change IRQ domain to a tree domain (bsc#1194869). - commit 3b9be9e - net: Prevent HW-GRO and LRO features operate together (bsc#1194628). - commit b3b76f5 - powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC (bsc#1156395). - commit 178d341 - sched,x86: Don't use cluster topology for x86 hybrid CPUs (jsc#SLE-18889,bnc#1194825). - commit a3cf05e - Refresh patches.suse/cpuidle-Poll-for-a-minimum-of-30ns-and-poll-for-a-tick-if-lower-c-states-are-disabled.patch. Forward port for evaluation. - commit 3ec28d7 - S390: Fix mlx5 throughput degradtion (jsc#SLE-22496). - commit 6fe12cf - powerpc/prom_init: Fix improper check of prom_getprop() (bsc#1065729). - commit 07fce74 - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes). - commit 008135a - powerpc/pseries/cpuhp: delete add/remove_by_count code (bsc#1065729). - powerpc/pseries/cpuhp: cache node corrections (bsc#1065729). - commit b26d0d8 - Add cherry-picked IDs for qemu fw_cfg patches - commit 550427b - powerpc/perf: Fix data source encodings for L2.1 and L3.1 accesses (bsc#1065729). - commit c39ded5 - dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (git-fixes). - dmaengine: at_xdmac: Fix lld view setting (git-fixes). - dmaengine: at_xdmac: Fix concurrency over xfers_list (git-fixes). - dmaengine: at_xdmac: Fix race for the tx desc callback (git-fixes). - dmaengine: at_xdmac: Fix concurrency over chan's completed_cookie (git-fixes). - dmaengine: at_xdmac: Print debug message after realeasing the lock (git-fixes). - dmaengine: at_xdmac: Start transfer for cyclic channels in issue_pending (git-fixes). - dmaengine: at_xdmac: Don't start transactions at tx_submit level (git-fixes). - dmaengine: idxd: fix wq settings post wq disable (git-fixes). - dmaengine: uniphier-xdmac: Fix type of address variables (git-fixes). - Documentation: dmaengine: Correctly describe dmatest with channel unset (git-fixes). - virtio_ring: mark ring unused on error (git-fixes). - virtio/virtio_mem: handle a possible NULL as a memcpy parameter (git-fixes). - remoteproc: qcom: pas: Add missing power-domain "mxc" for CDSP (git-fixes). - remoteproc: qcom: pil_info: Don't memcpy_toio more than is provided (git-fixes). - remoteproc: imx_rproc: Fix a resource leak in the remove function (git-fixes). - rpmsg: core: Clean up resources on announce_create failure (git-fixes). - ACPI: APD: Check for NULL pointer after calling devm_ioremap() (git-fixes). - drm/i915: Fix Memory BW formulae for ADL-P (git-fixes). - net: usb: lan78xx: add Allied Telesis AT29M2-AF (git-fixes). - commit ceaa6fc - Update config files (bsc#1194858). CONFIG_INTEL_IDXD_COMPAT=n - commit 86e1929 ++++ kernel-firmware: - Update to version 20220119 (git commit 0c6a7b3bf728): * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: update firmware for mediatek bluetooth chip(MT7921) * linux-firmware: update firmware for MT7921 WiFi device * Mellanox: Add new mlxsw_spectrum firmware xx.2010.1232 * linux-firmware: add marvell CPT firmware images * QCA: Add Bluetooth nvm file for WCN685x * QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00324 * QCA: Update Bluetooth WCN685x 2.0 firmware to 2.0.0-00609 * i915: Add GuC v69.0.3 for all platforms - Add entry for rvu_cptpf ++++ gcc12: - Bump to 0bd247bbbe4cf396173f09eeec37e116e98f8471. - Fix filename in gcc10-amdgcn-llvm-as.patch. - Remove sys/rseq.h from include-fixed ++++ libgcrypt: - FIPS: Service level indicator [bsc#1190700] * Provide an indicator to check wether the service utilizes an approved cryptographic algorithm or not. * Add patches: - libgcrypt-FIPS-service-indicators.patch - libgcrypt-FIPS-verify-unsupported-KDF-test.patch - libgcrypt-FIPS-HMAC-short-keylen.patch ++++ libnvme: - Remove Provide for python package. - Remove explicit tar file name for setup step. ++++ systemd: - Move the systemd-network-generator stuff in udev package This generator can generate .link files and is mainly used in initrd where udev is mandatory. ++++ nvme-cli: - Fix zsh completion package depenedencies. ++++ systemd-rpm-macros: - Bump version to 10 - %sysusers_create_inline was wrongly marked as deprecated - %sysusers_create can be useful in certain cases and won't go away until we'll move to file triggers. So don't mark it as deprecated too ++++ wicked: - fsm: fix device rename via yast (bsc#1194392) Reset worker config instead to reject a NULL/empty config xml node -- introduced in wicked 0.6.67 by commit c2a0385. [+ 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch] ++++ yast2-schema-micro: - initial package to have dedicated limited schema for Micro product (jsc#SLE-18820) - 4.4.9 ------------------------------------------------------------------ ------------------ 2022-1-18 - Jan 18 2022 ------------------- ------------------------------------------------------------------ ++++ afterburn: - Update to version 5.2.0: * providers: log message when SSH key is removed * providers: limit hostname file output value to HOST_NAME_MAX bytes * Consistently un-capitalize log messages * Explicitly log the hostname we write * providers/microsoft: allow unused fields in goal state structs * providers: only log we wrote SSH keys when we actually did - Update to version 5.1.0: * Add PowerVS provider * cli: correctly print version when --version specified * cli: don't report an error when --help or --version is specified * providers/packet: access metadata service over HTTPS * providers/gcp: access GCP metadata service by IP address * minimum supported rust version is now 1.49.0 * Refresh fix-authorized-keys-location.patch ++++ gnutls: - Update to 3.7.3: [bsc#1190698, bsc#1190796] * libgnutls: The allowlisting configuration mode has been added to the system-wide settings. In this mode, all the algorithms are initially marked as insecure or disabled, while the applications can re-enable them either through the [overrides] section of the configuration file or the new API (#1172). * The build infrastructure no longer depends on GNU AutoGen for generating command-line option handling, template file parsing in certtool, and documentation generation (#773, #774). This change also removes run-time or bundled dependency on the libopts library, and requires Python 3.6 or later to regenerate the distribution tarball. Note that this brings in known backward incompatibility in command-line tools, such as long options are now case sensitive, while previously they were treated in a case insensitive manner: for example --RSA is no longer a valid option of certtool. The existing scripts using GnuTLS tools may need adjustment for this change. * libgnutls: The tpm2-tss-engine compatible private blobs can be loaded and used as a gnutls_privkey_t (#594). The code was originally written for the OpenConnect VPN project by David Woodhouse. To generate such blobs, use the tpm2tss-genkey tool from tpm2-tss-engine: https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations or the tpm2_encodeobject tool from unreleased tpm2-tools. * libgnutls: The library now transparently enables Linux KTLS (kernel TLS) when the feature is compiled in with --enable-ktls configuration option (#1113). If the KTLS initialization fails it automatically falls back to the user space implementation. * certtool: The certtool command can now read the Certificate Transparency (RFC 6962) SCT extension (#232). New API functions are also provided to access and manipulate the extension values. * certtool: The certtool command can now generate, manipulate, and evaluate x25519 and x448 public keys, private keys, and certificates. * libgnutls: Disabling a hashing algorithm through "insecure-hash" configuration directive now also disables TLS ciphersuites that use it as a PRF algorithm. * libgnutls: PKCS#12 files are now created with modern algorithms by default (!1499). Previously certtool used PKCS12-3DES-SHA1 for key derivation and HMAC-SHA1 as an integity measure in PKCS#12. Now it uses AES-128-CBC with PBKDF2 and SHA-256 for both key derivation and MAC algorithms, and the default PBKDF2 iteration count has been increased to 600000. * libgnutls: PKCS#12 keys derived using GOST algorithm now uses HMAC_GOSTR3411_2012_512 instead of HMAC_GOSTR3411_2012_256 for integrity, to conform with the latest TC-26 requirements (#1225). * libgnutls: The library now provides a means to report the status of approved cryptographic operations (!1465). To adhere to the FIPS140-3 IG 2.4.C., this complements the existing mechanism to prohibit the use of unapproved algorithms by making the library unusable state. * gnutls-cli: The gnutls-cli command now provides a --list-config option to print the library configuration (!1508). * libgnutls: Fixed possible race condition in gnutls_x509_trust_list_verify_crt2 when a single trust list object is shared among multiple threads (#1277). [GNUTLS-SA-2022-01-17, CVSS: low] * API and ABI modifications: GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_privkey_flags_t GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_certificate_verify_flags gnutls_ecc_curve_set_enabled: Added. gnutls_sign_set_secure: Added. gnutls_sign_set_secure_for_certs: Added. gnutls_digest_set_secure: Added. gnutls_protocol_set_enabled: Added. gnutls_fips140_context_init: New function gnutls_fips140_context_deinit: New function gnutls_fips140_push_context: New function gnutls_fips140_pop_context: New function gnutls_fips140_get_operation_state: New function gnutls_fips140_operation_state_t: New enum gnutls_transport_is_ktls_enabled: New function gnutls_get_library_configuration: New function * Remove patches fixed in the update: - gnutls-FIPS-module-version.patch - gnutls-FIPS-service-indicator.patch - gnutls-FIPS-service-indicator-public-key.patch - gnutls-FIPS-service-indicator-symmetric-key.patch - gnutls-FIPS-RSA-PSS-flags.patch - gnutls-FIPS-RSA-mod-sizes.patch - FIPS: Fix regression tests in fips and non-fips mode [bsc#1194468] * Add gnutls-FIPS-disable-failing-tests.patch * Remove patches: - gnutls-temporarily_disable_broken_guile_reauth_test.patch - gnutls-3.6.0-disable-flaky-dtls_resume-test.patch - disable-psk-file-test.patch ++++ kernel-default: - Delete patches.suse/crypto-qat-fix-undetected-PFVF-timeout-in-ACK-loop.patch. Remove empty patch - commit a3108c7 - powerpc/xive: Add missing null check after calling kmalloc (bsc#1177437 ltc#188522 jsc#SLE-13294 git-fixes). - commit e8dfc9f - Refresh patches.suse/s390-mm-fix-2KB-pgtable-release-race.patch. Correct the acked-by tag to the right position. - commit 88fc17d - s390/mm: fix 2KB pgtable release race (bsc#1188896). - commit 31e123b - nvme: fix visibility of dev_attr_dhchap_ctrl_secret sysfs attribute (bsc#1194839). - commit f70152e - Re-enable kABI placeholder pathces for HD-audio and ASoC - commit c77cdff - ALSA: seq: virmidi: Add a drain operation (bsc#1192354). - ALSA: hda: Add new AlderLake-P variant PCI ID (bsc#1192354). - ALSA: hda: Add AlderLake-N PCI ID (bsc#1192354). - ALSA: hda: use swap() to make code cleaner (bsc#1192354). - ALSA: seq: Set upper limit of processed events (bsc#1192354). - ALSA: usb-audio: Drop CONFIG_PM ifdefs (bsc#1192354). - ALSA: Fix some typo (bsc#1192354). - ALSA: hda/hdmi: Consider ELD is invalid when no SAD is present (bsc#1192354). - ALSA: hda: Do disconnect jacks at codec unbind (bsc#1192354). - commit 3705026 - Update patches.suse/bpf-Fix-kernel-address-leakage-in-atomic-fetch.patch (bsc#1193883 bsc#1194826 CVE-2022-0264). - commit b1fc140 - tracing/osnoise: Properly unhook events if start_per_cpu_kthreads() fails (git-fixes). - commit e3c4174 - tracing/kprobes: 'nmissed' not showed correctly for kretprobe (git-fixes). - commit f960845 - tracing: Add test for user space strings when filtering on string pointers (git-fixes). - commit face3d9 - typeC: Add kABI placeholders (bsc#1183030). - commit 6c5f823 - nvme-auth: fixup crash at boot (jsc#SLE-20183). - commit 8f1ac2e - xfs: fix I_DONTCACHE (git-fixes). - commit 0f76c7a - libertas_tf: Add missing __packed annotations (git-fixes). - commit 84a12f8 - libertas_tf: Use struct_group() for memcpy() region (git-fixes). - commit aa4014c - selftests: KVM: Add test to verify KVM doesn't explode on "bad" I/O (bsc#1194298). - KVM: x86: Don't WARN if userspace mucks with RCX during string I/O exit (bsc#1194298). - commit 12e4caa - blacklist.conf: 3e2a56e6f639 ("tracing: Have syscall trace events use trace_event_buffer_lock_reserve()") Optimization only. - commit 3a0a34b - SUNRPC: Fix sockaddr handling in svcsock_accept_class trace points (git-fixes). - commit 2d4609d - swiotlb: Add CONFIG_HAS_IOMEM check around swiotlb_mem_remap() (bsc#1183682). - commit c991d0b - Move upstreamed hyperv patches into sorted section - commit 12240b4 - Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes). - Input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes). - i3c: master: dw: check return of dw_i3c_master_get_free_pos() (git-fixes). - i3c/master/mipi-i3c-hci: Fix a potentially infinite loop in 'hci_dat_v1_get_index()' (git-fixes). - i3c: fix incorrect address slot lookup on 64-bit (git-fixes). - commit e6ac0a5 - Move upstreamed crypto and arm64 patches into sorted section - commit a4955ac - SUNRPC: Fix sockaddr handling in the svc_xprt_create_error trace point (git-fixes). - commit c1d9cfb - devtmpfs regression fix: reconfigure on each mount (bsc#1193377). - commit 92e66c4 ++++ libblockdev: - Remove unnecessary dependency of libbd_part2 on multipath-tools (bsc#1194771) ++++ gcc12: - Bump to 3c4a54adb2164315d18fd8980c0fc37eb3d22252. - Rebase patches after .cc renaming. ++++ libnvme: - Use osc_scm to manage upstream input source. - Fix Source URL ++++ systemd: - Restore /sbin/udevadm and /bin/systemctl (obsolete) paths (bsc#1194519) ++++ libvirt: - sysconfig files have not been distributed for many months. Add upstream patches that improve documentation and moves service default settings to the associated systemd service file. 3be5ba11-libvirt-guests-install.patch, 16172741-libvirt-guests-manpage.patch, 8eb44616-remove-sysconfig-files.patch - Update to libvirt 8.0.0 - CVE-2021-4147 - bsc#1191511 - jsc#SLE-11435, jsc#SLE-18354 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v8-0-0-2022-01-14 - Dropped patches: 23b51d7b-libxl-disable-death-event.patch, a4e6fba0-libxl-rename-threadinfo-struct.patch, e4f7589a-libxl-shutdown-thread-name.patch, b9a5faea-libxl-handle-death-thread.patch, 5c5df531-libxl-search-domid-in-thread.patch, a7a03324-libxl-protect-logger-access.patch, cbae4eaa-libxl-add-domainGetMessages.patch ++++ nfs-utils: - Add 0020-mountd-Initialize-logging-early.patch If an error or warning message is produced before closeall() is called, mountd gets confused and doesn't work. (bsc#1194661) ++++ nvme-cli: - Use osc_scm to manage upstream input source. - Fix version string. ++++ python-libvirt-python: - Update to 8.0.0 - Add all new APIs and constants in libvirt 8.0.0 - jsc#SLE-11435, jsc#SLE-18354 ++++ samba: - Use pkgconfig(krb5) as dependency for the -devel package: allow OBS to pick the right flavor of krb5-devel (full vs mini). - Do not require the 'krb5' symbol by samba-client-libs: this package has an automatic dependency due to linkage on libgssapi_krb5.so.2. Automatic deps are always better. - Do not require the 'krb5' symbol from samba-libs: samba-libs requires samba-client-libs, which in turn requires krb5 libraries. Samba-libs itself has no need for krb5 (but get it indirectly anyway). ------------------------------------------------------------------ ------------------ 2022-1-17 - Jan 17 2022 ------------------- ------------------------------------------------------------------ ++++ aide: - aide-0.16-cve-2021-45417.patch: Fix a bufferoverflow in base64 functions (bsc#1194735 CVE-2021-45417) ++++ apparmor: - add update-samba-abstractions-ldb2.diff: Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). ++++ avahi: - Reinstate avahi-0.6.31-systemd-order.patch (boo#1194561). This can probably go away if/when gh#lathiat/avahi#118 is fixed. - Drop avahi-0.6.32-suppress-resolv-conf-warning.patch: we should no longer need this given the above patch. - Add several patches from git: 0001-man-fix-reference-to-avahi-autoipd.action-8-in-avahi.patch 0005-avahi-dnsconfd.service-Drop-Also-avahi-daemon.socket.patch 0006-man-add-missing-bshell.1-symlink.patch 0007-Ship-avahi-discover-1-bssh-1-and-bvnc-1-also-for-GTK.patch 0009-fix-bytestring-decoding-for-proper-display.patch 0010-avahi_dns_packet_consume_uint32-fix-potential-undefi.patch - Build manpages with xmltoman. Currently needed for bssh. - Minor spec file clean-up. - Require python-rpm-macros for all builds (boo#1194744 boo#1194745). ++++ cifs-utils: - Update cifs-utils.spec: * Remove unused !BuildIgnore: samba-client BuildRequires: libwbclient-devel - Update to cifs-utils 6.14 * smbinfo is enhanced with capability to display alternate data streams * setcifsacl is improved to optionally reorder ACEs in preferred order * cifs.upcall regression in kerberos mount is fixed * remove cifs-utils-6.13.tar.bz2 * remove cifs-utils-6.13.tar.bz2.asc * add cifs-utils-6.14.tar.bz2 * add cifs-utils-6.14.tar.bz2.asc - Drop upstream fixed patches: * 0001-cifs.upcall-fix-regression-in-kerberos-mount.patch ++++ docker: - Update to Docker 20.10.12-ce. See upstream changelog online at . - Remove CHANGELOG.md. It hasn't been maintained since 2017, and all of the changelogs are currently only available online. ++++ dracut: - Update to version 055+suse.194.gdd41932a: * fix(network-legacy): add wicked as an alternative to arping (bsc#1193670) * fix(network): add wicked as an alternative to arping (bsc#1193670) - Update to version 055+suse.191.g67eb4ea8: * fix(dracut-initramfs-restore.sh): add test for SUSE initrd name (bsc#1194570) * fix(dracut.spec): require util-linux-systemd (bsc#1194162) * fix(network-wicked): multiple path corrections * fix(drm): add privacy screen modules to the initrd (bsc#1193590) ++++ glibc: - clnt-create-unix-overflow.patch: Buffer overflow in sunrpc clnt_create for "unix" (CVE-2022-23219, bsc#1194768, BZ #22542) - svcunix-create-overflow.patch: Buffer overflow in sunrpc svcunix_create (CVE-2022-23218, bsc#1194770, BZ #28768) ++++ gnutls: - FIPS: Provide module identifier and version [bsc#1190796] * Add configurable options to output the module name/identifier (--with-fips140-module-name) and the module version (--with-fips140-module-version). * Add the CLI option list-config that reports the configuration of the library. * Add gnutls-FIPS-module-version.patch ++++ kbd: - Add patch to fix random doubling of font sizes (bsc#1194698): * 0001-libkfont-Initialize-kfont_context-options.patch ++++ kernel-default: - drm/i915: Update memory bandwidth formulae (jsc#SLE-22724). - commit 2ae01ab - drm/i915: Clean-up bonding debug message (jsc#SLE-22724). - commit 26ae0ff - drm/i915: s/ddi_translations/trans/ (jsc#SLE-22724). - commit f572040 - drm/i915/bios: get rid of vbt ddi_port_info (jsc#SLE-22724). - commit 88e2afa - drm/i915/bios: use ddc pin directly from child data (jsc#SLE-22724). - commit 453ff21 - drm/i915/bios: move ddc pin mapping code next to ddc pin sanitize (jsc#SLE-22724). - Refresh patches.suse/drm-i915-Fix-type1-DVI-DP-dual-mode-adapter-heuristi.patch. - commit 1eb8e9c - drm/i915/bios: use alternate aux channel directly from child data (jsc#SLE-22724). - commit ed48aa0 - drm/i915/bios: use dp max link rate directly from child data (jsc#SLE-22724). - commit 34545c4 - drm/i915/bios: use max tmds clock directly from child data (jsc#SLE-22724). - commit ab53297 - drm/i915/bios: use hdmi level shift directly from child data (jsc#SLE-22724). - commit 01b51f5 - powerpc/security/mitigation-patching.sh: Support X taint flag (bsc#1194305 ltc#195651). - commit 18af6bc - tracing/probes: check the return value of kstrndup() for pbuf (git-fixes). - commit 2424e3d - tracing/uprobes: Check the return value of kstrdup() for tu->filename (git-fixes). - commit d142b62 - tracing: Do not let synth_events block other dyn_event systems during create (git-fixes). - commit 7b4ab30 - dt-bindings: display: meson-dw-hdmi: add missing sound-name-prefix property (git-fixes). - workqueue: Fix unbind_workers() VS wq_worker_sleeping() race (git-fixes). - workqueue: Fix unbind_workers() VS wq_worker_running() race (git-fixes). - timekeeping: Really make sure wall_to_monotonic isn't positive (git-fixes). - selinux: fix sleeping function called from invalid context (git-fixes). - preempt/dynamic: Fix setup_preempt_mode() return value (git-fixes). - sock: fix /proc/net/sockstat underflow in sk_clone_lock() (git-fixes). - scripts: update the comments of kallsyms support (git-fixes). - commit 9f1e40d - dt-bindings: display: meson-vpu: Add missing amlogic,canvas property (git-fixes). - dt-bindings: thermal: Fix definition of cooling-maps contribution property (git-fixes). - dt-bindings: net: Reintroduce PHY no lane swap binding (git-fixes). - dt-bindings: media: nxp,imx7-mipi-csi2: Drop bad if/then schema (git-fixes). - dt-bindings: i2c: imx: hardware do not restrict clock-frequency to only 100 and 400 kHz (git-fixes). - dt-bindings: display: xilinx: Fix example with psgtr (git-fixes). - dt-bindings: devfreq: rk3399_dmc: fix clocks in example (git-fixes). - dt-bindings: net: dsa: marvell: fix compatible in example (git-fixes). - dt-bindings: net: dsa: sja1105: update nxp,sja1105.yaml reference (git-fixes). - dt-bindings: pinctrl: mt8195: Use real world values for drive-strength arguments (git-fixes). - commit b68e291 - Documentation/locking/locktypes: Update migrate_disable() bits (git-fixes). - commit ff0f4be - arm64: tegra: Remove non existent Tegra194 reset (git-fixes). - arm64: mte: DC {GVA,GZVA} shouldn't be used when DCZID_EL0.DZP == 1 (git-fixes). - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes). - arm64: errata: Fix exec handling in erratum 1418040 workaround (git-fixes). - dt-bindings: mtd: update mtd-physmap.yaml reference (git-fixes). - dt-bindings: msm: dsi: add missing 7nm bindings (git-fixes). - dt-bindings: iio: accel: bma255: Fix interrupt type (git-fixes). - dt-bindings: phy: Rename Intel Keem Bay USB PHY bindings (git-fixes). - dt-bindings: firmware: update arm,scpi.yaml reference (git-fixes). - commit 7b30d34 - arm64: dts: qcom: ipq6018: Fix gpio-ranges property (git-fixes). - arm64: dts: qcom: c630: Fix soundcard setup (git-fixes). - arm64: dts: qcom: msm8916: fix MMC controller aliases (git-fixes). - arm64: dts: qcom: sc7280: Fix incorrect clock name (git-fixes). - arm64: dts: qcom: msm8996: drop not documented adreno properties (git-fixes). - arm64: dts: marvell: cn9130: enable CP0 GPIO controllers (git-fixes). - arm64: dts: marvell: cn9130: add GPIO and SPI aliases (git-fixes). - arm64: dts: ti: k3-j7200: Correct the d-cache-sets info (git-fixes). - arm64: dts: ti: k3-j721e: Fix the L2 cache sets (git-fixes). - arm64: dts: ti: k3-j7200: Fix the L2 cache sets (git-fixes). - commit 97c18d2 - arm64: dts: ti: k3-am642: Fix the L2 cache sets (git-fixes). - arm64: dts: ti: k3-j721e: correct cache-sets info (git-fixes). - arm64: dts: meson-gxbb-wetek: fix missing GPIO binding (git-fixes). - arm64: dts: meson-gxbb-wetek: fix HDMI in early boot (git-fixes). - arm64: dts: amlogic: Fix SPI NOR flash node name for ODROID N2/N2+ (git-fixes). - arm64: dts: amlogic: meson-g12: Fix GPU operating point table node name (git-fixes). - arm64: dts: renesas: cat875: Add rx/tx delays (git-fixes). - arm64: dts: lx2160a: fix scl-gpios property name (git-fixes). - arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes). - arm64: dts: rockchip: fix poweroff on helios64 (git-fixes). - commit 68a372e - arm64: dts: rockchip: fix audio-supply for Rock Pi 4 (git-fixes). - arm64: dts: rockchip: fix rk3399-leez-p710 vcc3v3-lan supply (git-fixes). - arm64: dts: rockchip: fix rk3308-roc-cc vcc-sd supply (git-fixes). - arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from rk3399-khadas-edge (git-fixes). - arm64: dts: imx8mq: remove interconnect property from lcdif (git-fixes). - arm64: kexec: Fix missing error code 'ret' warning in load_other_segments() (git-fixes). - arm64: ftrace: add missing BTIs (git-fixes). - arm64: uaccess: avoid blocking within critical sections (git-fixes). - arm64: dts: qcom: sdm845-oneplus: remove devinfo-size from ramoops node (git-fixes). - arm64: dts: allwinner: a100: Fix thermal zone node name (git-fixes). - commit 08fa850 - arm64: dts: allwinner: h5: Fix GPU thermal zone node name (git-fixes). - arm64: dts: imx8mm-kontron: Fix reset delays for ethernet PHY (git-fixes). - arm64: dts: ls1012a: Add serial alias for ls1012a-rdb (git-fixes). - arm64: dts: freescale: fix arm,sp805 compatible string (git-fixes). - arm64: dts: hisilicon: fix arm,sp805 compatible string (git-fixes). - arm64: dts: broadcom: bcm4908: Move reboot syscon out of bus (git-fixes). - arm64: dts: qcom: sdm845: Fix qcom,controlled-remotely property (git-fixes). - arm64: dts: qcom: ipq6018: Fix qcom,controlled-remotely property (git-fixes). - arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency (git-fixes). - commit 5e706fb - kunit: fix kernel-doc warnings due to mismatched arg names (git-fixes). - commit 584c0b5 - ARM: dts: omap3-n900: Fix lp5523 for multi color (git-fixes). - ARM: 9159/1: decompressor: Avoid UNPREDICTABLE NOP encoding (git-fixes). - ARM: dts: exynos: Fix BCM4330 Bluetooth reset polarity in I9100 (git-fixes). - arm64: dts: meson-g12b-odroid-n2: add 5v regulator gpio (git-fixes). - arm64: zynqmp: Fix serial compatible string (git-fixes). - arm64: zynqmp: Do not duplicate flash partition label property (git-fixes). - arm64: vdso32: require CROSS_COMPILE_COMPAT for gcc+bfd (git-fixes). - arm64: dts: qcom: sm8350: Rename GENI serial engine DT node (git-fixes). - arm64: dts: qcom: sc7280: Remove pm8350 and pmr735b for sc7280-idp (git-fixes). - commit d164fbf - ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes). - ARM: dts: stm32: fix dtbs_check warning on ili9341 dts binding on stm32f429 disco (git-fixes). - ARM: dts: gemini: NAS4220-B: fis-index-block with 128 KiB sectors (git-fixes). - ARM: dts: gpio-ranges property is now required (git-fixes). - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes). - ARM: 9160/1: NOMMU: Reload __secondary_data after PROCINFO_INITFUNC (git-fixes). - ARM: dts: imx6qdl-wandboard: Fix Ethernet support (git-fixes). - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes). - ARM: socfpga: dts: fix qspi node compatible (git-fixes). - ARM: dts: bcm2711: Fix PCIe interrupts (git-fixes). - commit ef21691 - ARM: dts: BCM5301X: Add interrupt properties to GPIO node (git-fixes). - ARM: dts: BCM5301X: Fix I2C controller interrupt (git-fixes). - ARM: configs: aspeed_g5: Reneable DRM_FBDEV_EMULATION (git-fixes). - ARM: dts: qcom: fix memory and mdio nodes naming for RB3011 (git-fixes). - ARM: dts: omap: fix gpmc,mux-add-data type (git-fixes). - ARM: dts: sunxi: Fix OPPs node name (git-fixes). - ARM: dts: ls1021a-tsn: use generic "jedec,spi-nor" compatible for flash (git-fixes). - ARM: dts: ls1021a: move thermal-zones node out of soc/ (git-fixes). - ARM: dts: ux500: Skomer regulator fixes (git-fixes). - ARM: BCM53016: Specify switch ports for Meraki MR32 (git-fixes). - commit 187b6ed - ARM: dts: NSP: Fix mpcore, mmc node names (git-fixes). - ARM: dts: BCM5301X: Fix MDIO mux binding (git-fixes). - ARM: dts: BCM5301X: Fix nodes names (git-fixes). - ARM: imx_v6_v7_defconfig: enable fb (git-fixes). - ARM: 9110/1: oabi-compat: fix oabi epoll sparse warning (git-fixes). - ARM: dts: vf610-zii-dev-rev-b: Remove #address-cells and [#]size-cells property from at93c46d dt node (git-fixes). - ARM: tegra: Enable CONFIG_CROS_EC (git-fixes). - ARM: tegra: Enable CONFIG_FB (git-fixes). - commit 51d32f8 - Add cherry-picked id for HD-audio HDMI fix (git-fixes) - commit 4f7bd06 - cgroup: Trace event cgroup id fields should be u64 (git-fixes). - commit db15697 - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes). - commit a5918df - selftests: KVM: Explicitly use movq to read xmm registers (git-fixes). - commit 2d50b70 - Delete patches.suse/cdrom-turn-off-autoclose-by-default.patch (bsc#1165047). This is now shipped as modprobe.conf preset in suse-module-tools. - commit 6aca37e - select: Fix indefinitely sleeping task in poll_schedule_timeout() (bsc#1194027). - commit 1695292 - Move upstreamed subsystem patches into sorted section - commit cb7f697 - PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device (git-fixes). - PCI: pci-bridge-emul: Correctly set PCIe capabilities (git-fixes). - PCI: pci-bridge-emul: Fix definitions of reserved bits (git-fixes). - video: vga16fb: Only probe for EGA and VGA 16 color graphic cards (git-fixes). - USB: core: Fix bug in resuming hub's handling of wakeup requests (git-fixes). - USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (git-fixes). - random: fix data race on crng init time (git-fixes). - random: fix data race on crng_node_pool (git-fixes). - staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (git-fixes). - commit 9176445 - PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space (git-fixes). - PCI: pci-bridge-emul: Make expansion ROM Base Address register read-only (git-fixes). - PCI: xgene: Fix IB window setup (git-fixes). - PCI: mvebu: Fix support for DEVCAP2, DEVCTL2 and LNKCTL2 registers on emulated bridge (git-fixes). - PCI: mvebu: Fix support for PCI_EXP_RTSTA on emulated bridge (git-fixes). - PCI: mvebu: Fix support for PCI_EXP_DEVCTL on emulated bridge (git-fixes). - PCI: mvebu: Do not modify PCI IO type bits in conf_write (git-fixes). - PCI: mvebu: Check for errors from pci_bridge_emul_init() call (git-fixes). - PCI: mediatek-gen3: Disable DVFSRC voltage request (git-fixes). - commit d9b2ed2 - PCI: dwc: Do not remap invalid res (git-fixes). - PCI: aardvark: Fix checking for MEM resource type (git-fixes). - PCI: pciehp: Fix infinite loop in IRQ handler upon power fault (git-fixes). - drm/amdkfd: Check for null pointer after calling kmemdup (git-fixes). - drm/sun4i: dw-hdmi: Fix missing put_device() call in sun8i_hdmi_phy_get (git-fixes). - drm/atomic: Check new_crtc_state->active to determine if CRTC needs disable in self refresh mode (git-fixes). - drm/i915/ttm: add unmap_virtual callback (git-fixes). - drm/i915: don't call free_mmap_offset when purging (git-fixes). - mmc: sdhci-pci: Add PCI ID for Intel ADL (git-fixes). - drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (git-fixes). - commit 9f50bf5 - Bluetooth: btusb: Add support for Foxconn QCA 0xe0d0 (git-fixes). - Bluetooth: btusb: Add support for Foxconn MT7922A (git-fixes). - Bluetooth: btusb: Add two more Bluetooth parts for WCN6855 (git-fixes). - Bluetooth: btusb: Add one more Bluetooth part for WCN6855 (git-fixes). - Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE (git-fixes). - Bluetooth: btusb: enable Mediatek to support AOSP extension (git-fixes). - Bluetooth: bfusb: fix division by zero in send path (git-fixes). - commit 9fdbfa4 - Move upstreamed ALSA and coresight patches into sorted section - commit 14619f6 - Bluetooth: btintel: Fix broken LED quirk for legacy ROM devices (bsc#1193124). - Delete patches.suse/Bluetooth-Apply-initial-command-workaround-for-more-.patch. - commit 38b5832 - blacklist.conf: add one ath5k config fix - commit d106a94 - SUNRPC: lock against ->sock changing during sysfs read (bsc#1194324). - SUNRPC: Check if the xprt is connected before handling sysfs reads (bsc#1194324). - commit f48a6d6 ++++ libapparmor: - add update-samba-abstractions-ldb2.diff: Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). ++++ expat: - update to 2.4.3 (bsc#1194251, bsc#1194362, bsc#1194474, bsc#1194476, bsc#1194477, bsc#1194478, bsc#1194479, bsc#1194480): * CVE-2021-45960 -- Fix issues with left shifts by >=29 places resulting in a) realloc acting as free b) realloc allocating too few bytes c) undefined behavior depending on architecture and precise value for XML documents with >=2^27+1 prefixed attributes on a single XML tag a la "" where XML_ParserCreateNS is used to create the parser (which needs argument "-n" when running xmlwf). Impact is denial of service, or more. * CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow on variable m_groupSize in function doProlog leading to realloc acting as free. Impact is denial of service or more. * CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows near memory allocation at multiple places. Mitre assigned a dedicated CVE for each involved internal C function: - CVE-2022-22822 for function addBinding - CVE-2022-22823 for function build_model - CVE-2022-22824 for function defineAttribute - CVE-2022-22825 for function lookup - CVE-2022-22826 for function nextScaffoldPart - CVE-2022-22827 for function storeAtts Impact is denial of service or more. ++++ libpwquality: - Add python-rpm-macros to BuildRequires (boo#1194757). ++++ systemd: - Import commit 7a4e2ba4e01a8dfd305b24c40e156f8d293995a5 (merge of v249.9) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/6c7d6a7100488806bad0a81bbf2bca99be641938...7a4e2ba4e01a8dfd305b24c40e156f8d293995a5 ++++ tiff: - security update: Fix buffer overwrite * CVE-2019-17546[bsc#1154365] + tiff-CVE-2019-17546.patch - security update: Fix heap based buffer overflow in pal2rgb * CVE-2017-17095[bsc#1071031] + tiff-CVE-2017-17095.patch - security update: Fix OOB in _TIFFmemcpy * CVE-2022-22844[bsc#1194539] + tiff-CVE-2022-22844.patch - security update: Fix memory allocation failure in tif_read.c * CVE-2020-35521[bsc#1182808] CVE-2020-35522[bsc#1182809] + tiff-CVE-2020-35521,CVE-2020-35522.patch - security update: Fix DOS via invertImage() * CVE-2020-19131[bsc#1190312] + tiff-CVE-2020-19131.patch - security update: Fix heap-based buffer overflow in TIFF2PDF tool * CVE-2020-35524[bsc#1182812] + tiff-CVE-2020-35524.patch - security update: Fix integer overflow in tif_getimage * CVE-2020-35523 [bsc#1182811] + tiff-CVE-2020-35523.patch ++++ virglrenderer: - security update - added patches fix CVE-2022-0175 [bsc#1194601], VUL-0: CVE-2022-0175: virglrenderer: Missing initialization of res->ptr + virglrenderer-CVE-2022-0175.patch ++++ nvme-cli: - Update Source URL and introduce a variable for the release canditate version string. ++++ perl-Gtk2: - Temporarily disable GtkAboutDialog.t test failing after the last pango update. ++++ qemu: * Patches added: meson-build-all-modules-by-default.patch ++++ runc: - Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) ++++ toolbox: - Update to version 2.3+git20220117.bd53c7c: - Fixes error where if custom image is used toolbox will download the default image before entering an existing container. (#40) ++++ yast2-trans: - Update to version 84.87.20220116.6b981cb0d7: * Translated using Weblate (Ukrainian) * Translated using Weblate (Russian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * New POT for text domain 'autoinst'. * Translated using Weblate (Italian) * Translated using Weblate (Italian) * New POT for text domain 'packager'. * New POT for text domain 'dhcp-server'. * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'storage'. * New POT for text domain 'packager'. * New POT for text domain 'installation'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) ------------------------------------------------------------------ ------------------ 2022-1-16 - Jan 16 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - xfs: only run COW extent recovery when there are no live extents (bsc#1193791). - commit f025202 - xfs: move recovery needed state updates to xfs_log_mount_finish (bsc#1193791). - commit 3ab22f2 - xfs: allow setting and clearing of log incompat feature flags (bsc#1193791). - commit e5ce8a5 - xfs: remove all COW fork extents when remounting readonly (git-fixes). - commit dda180e - xfs: punch out data fork delalloc blocks on COW writeback failure (git-fixes). - commit d8175c4 ++++ python-pyudev: - Update to version 0.22.0+git.1642212208.d5630bf (bsc#1194613): * Remove another flakey test * Remove all traces of tox * Update next Fedora to 35 * Delete a test which is probably flakey for real * Bump recommended development environment to fedora 34 * Use yamllint on all the configuration files * Add annotations to GitHub workflows * No longer use --recursive for isort * Update formatting for new black * Establish a weekly task for future fedora - Remove upstreamed patches: - remove_mock.patch ------------------------------------------------------------------ ------------------ 2022-1-15 - Jan 15 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: hda: ALC287: Add Lenovo IdeaPad Slim 9i 14ITL5 speaker quirk (git-fixes). - ALSA: hda/realtek: Re-order quirk entries for Lenovo (git-fixes). - ALSA: hda/realtek: Add quirk for Legion Y9000X 2020 (git-fixes). - ALSA: hda/tegra: Fix Tegra194 HDA reset failure (git-fixes). - ALSA: hda/realtek: Use ALC285_FIXUP_HP_GPIO_LED on another HP laptop (git-fixes). - ALSA: hda/realtek: Add speaker fixup for some Yoga 15ITL5 devices (git-fixes). - commit 97194d3 - mei: hbm: fix client dma reply status (git-fixes). - misc: lattice-ecp3-config: Fix task hung when firmware load failed (git-fixes). - phy: cadence: Sierra: Fix to get correct parent for mux clocks (git-fixes). - phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes). - iio: adc: ti-adc081c: Partial revert of removal of ACPI IDs (git-fixes). - firmware: qemu_fw_cfg: fix sysfs information leak (git-fixes). - firmware: qemu_fw_cfg: fix kobject leak in probe error path (git-fixes). - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries (git-fixes). - firmware: Update Kconfig help text for Google firmware (git-fixes). - uio: uio_dmem_genirq: Catch the Exception (git-fixes). - char/mwave: Adjust io port register size (git-fixes). - misc: at25: Make driver OF independent again (git-fixes). - ASoC: imx-card: improve the sound quality for low rate (git-fixes). - ASoC: imx-card: Fix mclk calculation issue for akcodec (git-fixes). - ASoC: imx-card: Need special setting for ak4497 on i.MX8MQ (git-fixes). - ASoC: fsl_asrc: refine the check of available clock divider (git-fixes). - dmaengine: pxa/mmp: stop referencing config->slave_id (git-fixes). - commit 0ba81f9 - ASoC: fsl_mqs: fix MODULE_ALIAS (git-fixes). - ASoC: samsung: idma: Check of ioremap return value (git-fixes). - ASoC: mediatek: Check for error clk pointer (git-fixes). - ASoC: Intel: catpt: Test dmaengine_submit() result before moving on (git-fixes). - ASoC: rt5663: Handle device_property_read_u32_array error codes (git-fixes). - ASoC: codecs: wcd938x: add SND_SOC_WCD938_SDW to codec list instead (git-fixes). - ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA (git-fixes). - ASoC: Intel: sof_sdw: fix jack detection on HP Spectre x360 convertible (git-fixes). - ALSA: hda/cs8409: Fix Jack detection after resume (git-fixes). - ALSA: hda/cs8409: Increase delay during jack detection (git-fixes). - commit 501f634 - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows (git-fixes). - ALSA: usb-audio: Drop superfluous '0' in Presonus Studio 1810c's ID (git-fixes). - ALSA: oss: fix compile error when OSS_DEBUG is enabled (git-fixes). - ALSA: hda: Make proper use of timecounter (git-fixes). - ALSA: led: Use restricted type for iface assignment (git-fixes). - ALSA: hda: Fix potential deadlock at codec unbinding (git-fixes). - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - commit 073769b ------------------------------------------------------------------ ------------------ 2022-1-14 - Jan 14 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.34.0: + initrd: wait for both IPv4 and IPv6 with "ip=dhcp,dhcp6" + core: better handle sd-resolved errors when resolving hostnames + nmcli: fix import WireGuard profile with DNS domain and address family disabled + ndisc: send router solicitations before expiry + policy: send earlier the ip configs to the DNS manager + core: support linking with LLD 13 + wireguard: importing wg-quick configuration files with nmcli no longer sets a negative, exclusive "dns-priority". This plays better with common split DNS setups that use systemd-resolved. Adjust the "dns-priority" to your liking after import yourself. + NetworkManager no longer listens for netlink events for traffic control objects (qdiscs and filters). + core: add internal nm-priv-helper service for separating privileges and have a way to drop capabilities from NetworkManager daemon. + bond: add support for setting queue-id of bond port. + dns: support configuring DNS over TLS (DoT) with systemd-resolved. + nmtui: add support for WireGuard profiles. + nmcli: add aliases `nmcli device up|down` beside connect|disconnect. + conscious language: Deprecate 'Device.Slaves' D-Bus property in favor of new 'Device.Ports' property. Depracate 'nm_device_*_get_slaves()' in favor of 'nm_device_get_ports()' in libnm. + nmcli: invoking nmcli command without arguments will now show 'default' instead of null address in route4 or route6 section. - Refresh patches with quilt. - Replace addFilter("suse-branding-unversioned-requires*") from rpmlintrc, with the current branding-requires-unversioned. - Update our Supplements to current standard. - Add the new internal nm-priv-helper.service to pre(un)/post(un) handling. ++++ cloud-regionsrv-client: - Follow up changes to (jsc#PCT-130, bsc#1182026) + Fix executable name for AHB service/timer + Update manpage for BYOS instance registration ++++ cryptsetup: - cryptsetup 2.4.3: * Fix possible attacks against data confidentiality through LUKS2 online reencryption extension crash recovery CVE-2021-4122, boo#1194469 * Add configure option --disable-luks2-reencryption to completely disable LUKS2 reencryption code. * Improve internal metadata validation code for reencryption metadata * Add updated documentation for LUKS2 On-Disk Format Specification version 1.1.0 * Fix support for bitlk (BitLocker compatible) startup key with new metadata entry introduced in Windows 11 * Fix space restriction for LUKS2 reencryption with data shift ++++ grub2: - Power guest secure boot with static keys: GRUB2 signing portion (jsc#SLE-18271) (bsc#1192764) * 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch ++++ kernel-default: - Updated mpi3mr entry in supported.conf (bsc#1194578 jsc#SLE-18121) - commit d76e53a - Move upstreamed thunderbolt patches into sorted section - commit cc9c167 - selftests: KVM: Fix non-x86 compiling (bsc#1194396). - commit f5bdc4a - x86/sev: Move common memory encryption code to mem_encrypt.c (jsc#SLE-19924). - Update config files. - commit 295fcc1 - x86/sev: Rename mem_encrypt.c to mem_encrypt_amd.c (jsc#SLE-19924). - commit e716904 - x86/sev: Use CC_ATTR attribute to generalize string I/O unroll (jsc#SLE-19924). - x86/sev: Remove do_early_exception() forward declarations (jsc#SLE-19924). - x86/head64: Carve out the guest encryption postprocessing into a helper (jsc#SLE-19924). - x86/sev: Get rid of excessive use of defines (jsc#SLE-19924). - x86/sev: Shorten GHCB terminate macro names (jsc#SLE-19924). - commit f844a2b - Delete mistakenly merged bogus file. - commit 3a6a1bf - Update config files to enable NVMe In-band Authentication (jsc#SLE-20183) - commit 1154950 - nvme: add TCP TSAS definitions (jsc#SLE-20183). - {PATCH 11/12] nvmet-auth: expire authentication sessions (jsc#SLE-20183). - nvmet-auth: Diffie-Hellman key exchange support (jsc#SLE-20183). - nvmet: Implement basic In-Band Authentication (jsc#SLE-20183). - nvmet: parse fabrics commands on io queues (jsc#SLE-20183). - nvme-auth: Diffie-Hellman key exchange support (jsc#SLE-20183). - nvme: Implement In-Band authentication (jsc#SLE-20183). - nvme-fabrics: decode 'authentication required' connect error (jsc#SLE-20183). - nvme: add definitions for NVMe In-Band authentication (jsc#SLE-20183). - lib/base64: RFC4648-compliant base64 encoding (jsc#SLE-20183). - crypto: add crypto_has_kpp() (jsc#SLE-20183). - crypto: add crypto_has_shash() (jsc#SLE-20183). - commit 64effa8 - mailbox: hi3660: convert struct comments to kernel-doc notation (git-fixes). - PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity() (git-fixes). - commit 098c83f - nvme: add new discovery log page entry definitions (bsc#1192761). - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761). - commit 769658d - Move upstreamed serial patches into sorted section - commit 3fba525 - nvme: add 'iopolicy' module parameter (bsc#1177599). - nvme-fabrics: print out valid arguments when reading from /dev/nvme-fabrics (bsc#1192761). - nvme: fix use after free when disconnecting a reconnecting ctrl (bsc#1192761). - nvme-multipath: set ana_log_size to 0 after free ana_log_buf (bsc#1192761). - nvmet: register discovery subsystem as 'current' (bsc#1192761). - nvmet: switch check for subsystem type (bsc#1192761). - nvme: display correct subsystem NQN (bsc#1192761). - nvme: Add connect option 'discovery' (bsc#1192761). - nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761). - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761). - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761). - nvmet: make discovery NQN configurable (bsc#1192761). - commit 439c8e7 - btrfs: respect the max size in the header when activating swap file (bsc#1194595). - commit ed07a37 ++++ json-c: - Add patch bsc1171479.patch + fix integer overflow and out-of-bounds write (CVE-2020-12762, bsc#1171479) ++++ libnvme: - Initial package creation for libnvme ++++ systemd: - systemd.spec: drop our own definitions of %_pam_moduledir/%_pam_vendordir macros since they're now defined by pam-devel shipped by SP4. - Rename 1007-Restore-support-for-halt.local.patch into 1007-sysv-restore-support-for-halt.local.patch - Extract bits from 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch which are not specific to the handling of 'Required-Start:' and move them into a new patch 1010-sysv-add-back-support-for-all-virtual-facility-and-f.patch ++++ linux-glibc-devel: - Export the macros necessary for making core-scheduling usable (bsc#1194659) + uapi-linux-prctl-provide-macro-definitions-for-the-PR_SCHED_CORE-type-argument ++++ nvme-cli: - Update to v2.0-rc0 * Depends on libnvme * rename harden_nvmf-connect@.service.patch to 0100-harden_nvmf-connect@.service.patch * drop 0102-nvme-cli-Add-script-to-determine-host-NQN.patch ++++ permissions: - Update to version 20181225: * setuid bit for cockpit session binary (bsc#1169614) ++++ selinux-policy: - Allow colord to use systemd hardenings (bsc#1194631) ++++ system-users: - Buildrequire the updated sysuser-tools which supports busybox-adduser as well ++++ yast2: - Adapted Report.yesno_popup to Ruby 3 (bsc#1193192) - 4.4.36 ------------------------------------------------------------------ ------------------ 2022-1-13 - Jan 13 2022 ------------------- ------------------------------------------------------------------ ++++ afterburn: - Update some dependencies * build(deps): bump nix from 0.17.0 and 0.20.0 to 0.23.1 This fixes the following security issues: https://rustsec.org/advisories/RUSTSEC-2021-0119 * build(deps): bump generic-array from 0.12.3 to 0.12.4 This fixes a security issue: https://rustsec.org/advisories/RUSTSEC-2020-0146 AKA CVE-2020-36465 * build(deps): bump futures-util from 0.3.6 to 0.3.15 This fixes a security issue: https://rustsec.org/advisories/RUSTSEC-2020-0059 AKA CVE-2020-35905 * build(deps): bump rand_core from 0.6.1 to 0.6.3 This fixes a security issue: https://rustsec.org/advisories/RUSTSEC-2021-0023 AKA CVE-2021-27378, bsc#1182432 * build(deps): bump hyper from 0.14.2 to 0.14.11 This fixes two security issues: https://rustsec.org/advisories/RUSTSEC-2021-0078 AKA CVE-2021-32715, bsc#1188173 https://rustsec.org/advisories/RUSTSEC-2021-0079 AKA CVE-2021-32714, bsc#1188174 * build(deps): bump tokio from 1.0.1 to 1.15.0 This fixes two security issues: https://rustsec.org/advisories/RUSTSEC-2021-0124 AKA CVE-2021-45710, bsc#1194119 https://rustsec.org/advisories/RUSTSEC-2021-0072 AKA CVE-2021-38191 - Remove cargo_audit service, as it makes no sense as a service (it doesn't automatically get rerun), it would make more sense during the build process as then it gets rerun if the package or the vulnerability database get changed - switch services from disabled to manual - remove hard coded author for tar_scm service ++++ cyrus-sasl: - postfix: sasl authentication with password fails (bsc#1194265) Add config parameter --with-dblib=gdbm - Avoid converting of /etc/sasldb2 by every update. Convert /etc/sasldb2 only if it is a Berkeley DB ++++ grub2: - Fix wrong default entry when booting snapshot (bsc#1159205) * grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch ++++ kernel-default: - tools headers UAPI: Sync linux/prctl.h with the kernel sources (bsc#1194659). - commit 5606b92 - Disable hyperv_fb in favour of hyperv_drm (jsc#SLE-19733) - commit 19fee0c - net: mana: Add RX fencing (bsc#1193506). - commit e3d6f05 - Drivers: hv: vmbus: Initialize request offers message for Isolation VM (bsc#1183682). - commit 7c5d060 - scsi: storvsc: Fix unsigned comparison to zero (git-fixes). - commit 9e68988 - x86/hyperv: Fix definition of hv_ghcb_pg variable (bsc#1183682). - commit 95638ec - Drivers: hv: Fix definition of hypercall input & output arg variables (git-fixes). - commit 607f280 - net: netvsc: Add Isolation VM support for netvsc driver (bsc#1183682). - commit 6e48a4c - hv_sock: Extract hvs_send_data() helper that takes only header (git-fixes). - commit 460e07f - scsi: storvsc: Add Isolation VM support for storvsc driver (bsc#1183682). - commit e37f664 - hyper-v: Enable swiotlb bounce buffer for Isolation VM (bsc#1183682). - commit 48df245 - net: mana: Add XDP support (bsc#1193506). - commit 5fa8748 - hv_netvsc: Use bitmap_zalloc() when applicable (bsc#1193506). - commit 11f2462 - PCI: hv: Add arm64 Hyper-V vPCI support (jsc#SLE-17855,bsc#1186071). - commit e9d267d - PCI: hv: Make the code arch neutral by adding arch specific interfaces (jsc#SLE-17855,bsc#1186071). - commit 51d1087 - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (git-fixes). - commit e8d71a7 - x86/hyper-v: Add hyperv Isolation VM check in the cc_platform_has() (bsc#1183682). - commit 4fb06cd - swiotlb: Add swiotlb bounce buffer remap function for HV IVM (bsc#1183682). - commit 8e7bfc2 - uapi/linux/prctl: provide macro definitions for the PR_SCHED_CORE type argument (bsc#1194659). - commit d1a1904 - btrfs: fix warning when freeing leaf after subvolume creation failure (bsc#1194656). - btrfs: fix invalid delayed ref after subvolume creation failure (bsc#1194656). - btrfs: fix double free of anon_dev after failure to create subvolume (bsc#1194656). - commit e3b8e6b - KVM: SVM: Fall back to KVM's hardcoded value for EDX at RESET/INIT (bsc#1194650). - commit aaac702 - KVM: SVM: Require exact CPUID.0x1 match when stuffing EDX at INIT (bsc#1194650). - commit d70b6af - KVM: VMX: Set EDX at INIT with CPUID.0x1, Family-Model-Stepping (bsc#1194647). - commit b8eb21e - Refresh patches.suse/Revert-drm-i915-Implement-Wa_1508744258.patch. Alt-commit - commit 7a9c995 - Refresh patches.suse/0445-drm-i915-Revert-guc_id-from-i915_request-tracepoint.patch. Alt-commit - commit 50dc252 - KVM: SVM: Zero out GDTR.base and IDTR.base on INIT (bsc#1194644). - commit 1e7e5ae - Revert "drm/i915/display: Disable audio, DRRS and PSR before planes" (git-fixes). - commit fa3f617 - KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (bsc#1194641). - commit ef61f72 - KVM: x86: Flush the guest's TLB on INIT (bsc#1194639). - commit b025945 - KVM: x86/mmu: Fix use of enums in trace_fast_page_fault (bsc#1194638). - commit 232ac66 - KVM: x86/mmu: Rename cr2_or_gpa to gpa in fast_page_fault (bsc#1194636). - commit 748abc3 - optee: Suppress false positive kmemleak report in optee_handle_rpc() (jsc#SLE-21844). - tee: optee: Fix incorrect page free bug (jsc#SLE-21844). - tee: amdtee: fix an IS_ERR() vs NULL bug (jsc#SLE-21844). - optee: smc_abi.c: add missing #include (jsc#SLE-21844). - commit 818bd23 - net/smc: Clear memory when release and reuse buffer (jsc#SLE-18331). - commit 7a4e5bd - net/smc: Keep smc_close_final rc during active close (git-fixes). - net/smc: Don't call clcsock shutdown twice when smc shutdown (git-fixes). - commit 22f3071 - net/smc: fix kernel panic caused by race of smc_sock (git-fixes). - net/smc: don't send CDC/LLC message if link not ready (git-fixes). - net/smc: fix using of uninitialized completions (git-fixes). - net/smc: Prevent smc_release() from long blocking (git-fixes). - net/smc: fix wrong list_del in smc_lgr_cleanup_early (git-fixes). - net/smc: Fix loop in smc_listen (git-fixes). - net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk() (git-fixes). - net/smc: Ensure the active closing peer first closes clcsock (git-fixes). - net/smc: Clean up local struct sock variables (git-fixes). - net/smc: Make sure the link_id is unique (git-fixes). - commit 8fbf330 - optee: fix kfree NULL pointer (jsc#SLE-21844). - optee: Fix spelling mistake "reclain" -> "reclaim" (jsc#SLE-21844). - firmware: arm_ffa: Remove unused 'compat_version' variable (jsc#SLE-21844). - firmware: arm_ffa: Add support for MEM_LEND (jsc#SLE-21844). - firmware: arm_ffa: Handle compatibility with different firmware versions (jsc#SLE-21844). - optee: add FF-A support (jsc#SLE-21844). - optee: isolate smc abi (jsc#SLE-21844). - optee: refactor driver with internal callbacks (jsc#SLE-21844). - optee: simplify optee_release() (jsc#SLE-21844). - commit 5c29442 - tee: add sec_world_id to struct tee_shm (jsc#SLE-21844). - Refresh patches.suse/tee-handle-lookup-of-shm-with-reference-count-0.patch. - commit 16de057 - tee/optee/shm_pool: fix application of sizeof to pointer (jsc#SLE-21844). - commit a041250 - selftests: KVM: avoid failures due to reserved HyperTransport region (bsc#1194396). - commit dc525da - net/smc: Print function name in smcr_link_down tracepoint (jsc#SLE-18331). - net/smc: Introduce tracepoint for smcr link down (jsc#SLE-18331). - net/smc: Introduce tracepoints for tx and rx msg (jsc#SLE-18331). - net/smc: Introduce tracepoint for fallback (jsc#SLE-18331). - net/smc: stop links when their GID is removed (jsc#SLE-18331). - net/smc: add netlink support for SMC-Rv2 (jsc#SLE-18331). - net/smc: extend LLC layer for SMC-Rv2 (jsc#SLE-18331). - net/smc: add v2 support to the work request layer (jsc#SLE-18331). - net/smc: retrieve v2 gid from IB device (jsc#SLE-18331). - net/smc: add v2 format of CLC decline message (jsc#SLE-18331). - net/smc: add listen processing for SMC-Rv2 (jsc#SLE-18331). - net/smc: add SMC-Rv2 connection establishment (jsc#SLE-18331). - net/smc: prepare for SMC-Rv2 connection (jsc#SLE-18331). - net/smc: save stack space and allocate smc_init_info (jsc#SLE-18331). - net/smc: add generic netlink support for system EID (jsc#SLE-18331). - net/smc: keep static copy of system EID (jsc#SLE-18331). - net/smc: add support for user defined EIDs (jsc#SLE-18331). - net/smc: Allow SMC-D 1MB DMB allocations (jsc#SLE-18331). - commit f31e069 - clk: bm1880: remove kfrees on static allocations (git-fixes). - clk: qcom: gcc-sc7280: Mark gcc_cfg_noc_lpass_clk always enabled (git-fixes). - clk: imx8mn: Fix imx8mn_clko1_sels (git-fixes). - clk: stm32: Fix ltdc's clock turn off by clk_disable_unused() after system enter shell (git-fixes). - clk: Emit a stern warning with writable debugfs enabled (git-fixes). - clk: Gemini: fix struct name in kernel-doc (git-fixes). - clk: imx: pllv1: fix kernel-doc notation for struct clk_pllv1 (git-fixes). - leds: lp55xx: initialise output direction from dts (git-fixes). - usb: gadget: u_audio: Subdevice 0 for capture ctls (git-fixes). - usb: dwc2: do not gate off the hardware if it does not support clock gating (git-fixes). - usb: dwc3: qcom: Fix NULL vs IS_ERR checking in dwc3_qcom_probe (git-fixes). - usb: ftdi-elan: fix memory leak on device disconnect (git-fixes). - serial: stm32: move tx dma terminate DMA to shutdown (git-fixes). - serial: liteuart: fix MODULE_ALIAS (git-fixes). - serial: 8250_bcm7271: Propagate error codes from brcmuart_probe() (git-fixes). - serial: Fix incorrect rs485 polarity on uart open (git-fixes). - serial: amba-pl011: do not request memory region twice (git-fixes). - tty: serial: uartlite: allow 64 bit address (git-fixes). - tty: serial: atmel: Call dma_async_issue_pending() (git-fixes). - tty: serial: atmel: Check return code of dmaengine_submit() (git-fixes). - staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib() (git-fixes). - staging: rtl8192e: return error code from rtllib_softmac_init() (git-fixes). - drivers/firmware: Add missing platform_device_put() in sysfb_create_simplefb (git-fixes). - pinctrl: renesas: rza1: Fix kerneldoc function names (git-fixes). - floppy: Fix hang in watchdog when disk is ejected (git-fixes). - commit 13cce41 ++++ kernel-firmware: - Update to version 20220111 (git commit 13dca280f760): * linux-firmware: update firmware for MT7915 * iwlwifi: add new FWs from core63-136 release * iwlwifi: add new FWs from core66-88 release * iwlwifi: update 9000-family firmwares to core66-88 * linux-firmware: add firmware for MT7916 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * WHENCE: add missing symlink for NanoPi R1 * amdgpu: update yellow carp dmcub firmware * cxgb4: Update firmware to revision 1.26.6.0 - update aliases from 5.16 final ++++ gcc12: - New package, inherits from gcc11 * Enable LSAN and TSAN for s390x target. * Require gcc-d as dependency for proper bootstrap. * Use gcc11-amdgcn-disable-hot-cold-partitioning.patch only conditionally on older SUSE products. * Add --enable-offload-defaulted to configure options. * Include a couple of new header files. * Do not require llvm11 for cross compilers (assembler was fixed in latest LLVM releases), use llvm11 only on SLE 15. * Remove unnecessary gcc10-foffload-default.patch patch. - Take patches inherited from GCC 11. * gcc-add-defaultsspec.diff, add the ability to provide a specs file that is read by default * tls-no-direct.diff, avoid direct %fs references on x86 to not slow down Xen * gcc43-no-unwind-tables.diff, do not produce unwind tables for CRT files * gcc41-ppc32-retaddr.patch, fix expansion of __builtin_return_addr for ppc, just a testcase * gcc44-textdomain.patch, make translation files version specific and adjust textdomain to find them * gcc44-rename-info-files.patch, fix cross-references in info files when renaming them to be version specific * gcc48-libstdc++-api-reference.patch, fix link in the installed libstdc++ html documentation * gcc48-remove-mpfr-2.4.0-requirement.patch, make GCC work with earlier mpfr versions on old products * gcc5-no-return-gcc43-workaround.patch, make build work with host gcc 4.3 * gcc7-remove-Wexpansion-to-defined-from-Wextra.patch, removes new warning from -Wextra * gcc7-avoid-fixinc-error.diff * gcc9-reproducible-builds-buildid-for-checksum.patch * gcc9-reproducible-builds.patch * gcc10-amdgcn-llvm-as.patch ++++ openssl-1_1: - Backport cryptographic improvements from OpenSSL 3 [jsc#SLE-19742] * Optimize RSA on armv8: openssl-1_1-Optimize-RSA-armv8.patch * Optimize AES-XTS mode for aarch64: openssl-1_1-Optimize-AES-XTS-aarch64.patch * Optimize AES-GCM for uarchs with unroll and new instructions: openssl-1_1-Optimize-AES-GCM-uarchs.patch ++++ polkit: - CVE-2021-4034: fixed a local privilege escalation in pkexec (bsc#1194568) added CVE-2021-4034-pkexec-fix.patch ++++ sssd: - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba ++++ systemd: - Import commit 6c7d6a7100488806bad0a81bbf2bca99be641938 (merge of v249.8) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/103742c59ad2d37a54bfb91135d9c7b082ca3576...6c7d6a7100488806bad0a81bbf2bca99be641938 - Rebase 1007-Restore-support-for-halt.local.patch - Import commit 103742c59ad2d37a54bfb91135d9c7b082ca3576 e95df40b09 shared/rm-rf: loop over nested directories instead of instead of recursing (CVE-2021-3997 bsc#1194178) 078e04305d shared/rm_rf: refactor rm_rf() to shorten code a bit 6d560d0aca shared/rm_rf: refactor rm_rf_children_inner() to shorten code a bit 6666ff056c localectl: don't omit keymaps files that are symlinks (bsc#1191826) 30cbebc56f tmpfiles: 'st' may have been used uninitialized 5443654ec0 macro: add new helper RET_NERRNO() 8d90ecc435 rm-rf: optionally fsync() after removing directory tree 591344010d rm-rf: refactor rm_rf_children(), split out body of directory iteration loop 8c7762c4f1 Bump the max number of inodes for /dev to a million (bsc#1192858) dc9476c881 journal: don't remove the flushed flag when journald is stopped 29efc29efd TEST-10: don't attempt to write a byte to the socket 773fb785b6 Bump the max number of inodes for /dev to 128k (bsc#1192858) ++++ perl-Bootloader: - merge gh#openSUSE/perl-bootloader#137 - grub2 install: Support secure boot on powerpc (bsc#1192764 jsc#SLE-18271). - 0.937 ++++ python3-azuremetadata: - Version 5.1.5 (bsc#1194663) + Handle lsblk output format change. The json data now contains "mountpoints" instead of "mountpoint" ++++ samba: - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Add python-rpm-macros to build requirements - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba ++++ virt-manager: - jsc#SLE-20855 KVM: Enable vfio-ccw and vfio-ap in virt-* tools 965480e8-virt-install-add-mediated-device.patch f87e96d3-hostdev-use-method-get_mdev_uuid.patch 9d4002ee-tests-verify-MDEV-support.patch 9363e1e6-virt-xml-add-support-for-mediated-devices.patch 0e15cd51-virt-manager-enable-MDEV-support.patch ------------------------------------------------------------------ ------------------ 2022-1-12 - Jan 12 2022 ------------------- ------------------------------------------------------------------ ++++ avahi: - Move sftp-ssh and ssh services to the doc directory. They allow a host's up/down status to be easily discovered and should not be enabled by default (boo#1179060). ++++ kernel-default: - scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes). - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes). - commit 4c59c88 - Move mpi3mr driver to being fully supported (bsc#1194578) - commit 8f564bb - blacklist.conf: f28439db470c ("tracing: Tag trace_percpu_buffer as a percpu pointer") It fixes a sparse warning only. - commit f67dade - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (git-fixes). - commit 8ff3def - drm: Enable support for simpledrm devices on x86-64 (jsc#SLE-18823) - enable support for simple-framebuffer devices - disabled by default - commit 74f8512 - cgroup: Use open-time cgroup namespace for process migration perm checks (bsc#1194302 CVE-2021-4197). - cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv (bsc#1194302 CVE-2021-4197). - cgroup: Use open-time credentials for process migraton perm checks (bsc#1194302 CVE-2021-4197). - commit 91b620d - firmware/sysfb: Add parameter to enable sysfb support (jsc#SLE-18823) - commit afbe6c6 - s390: add HWCAP_S390_PCI_MIO to ELF hwcaps (jsc#SLE-23099). - s390/disassembler: add instructions (jsc#SLE-18634). - s390: report more CPU capabilities (jsc#SLE-18634). - commit f81382d - fget: clarify and improve __fget_files() implementation (bsc#1193727). - commit 5f0b9f7 - fget: check that the fd still exists after getting a ref to it (bsc#1193727 CVE-2021-4083). - commit 2321692 - tpm: fix NPE on probe for missing device (git-fixes). - tpm: fix potential NULL pointer access in tpm_del_char_device (git-fixes). - tpm_tis: Fix an error handling path in 'tpm_tis_core_init()' (git-fixes). - tpm: add request_locality before write TPM_INT_ENABLE (git-fixes). - spi: uniphier: Fix a bug that doesn't point to private data correctly (git-fixes). - usb: mtu3: fix interval value for intr and isoc (git-fixes). - commit c4bbaa3 - selinux: fix potential memleak in selinux_add_opt() (git-fixes). - spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (git-fixes). - spi: spi-rspi: Drop redeclaring ret variable in qspi_transfer_in() (git-fixes). - spi: hisi-kunpeng: Fix the debugfs directory name incorrect (git-fixes). - regulator: qcom-labibb: OCP interrupts are not a failure while disabled (git-fixes). - regulator: Drop unnecessary struct member (git-fixes). - regmap: Call regmap_debugfs_exit() prior to _init() (git-fixes). - power: reset: mt6397: Check for null res pointer (git-fixes). - power: bq25890: Enable continuous conversion for ADC at charging (git-fixes). - rndis_host: support Hytera digital radios (git-fixes). - commit 8693eaa - mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip() (git-fixes). - mtd: rawnand: ingenic: JZ4740 needs 'oob_first' read page function (git-fixes). - mtd: rawnand: Export nand_read_page_hwecc_oob_first() (git-fixes). - mtd: rawnand: davinci: Rewrite function description (git-fixes). - mtd: rawnand: davinci: Avoid duplicated page read (git-fixes). - mtd: rawnand: davinci: Don't calculate ECC when reading page (git-fixes). - mtd: hyperbus: rpc-if: fix bug in rpcif_hb_remove (git-fixes). - mtd: hyperbus: rpc-if: Check return value of rpcif_sw_init() (git-fixes). - Revert "net: usb: r8152: Add MAC passthrough support for more Lenovo Docks" (git-fixes). - commit d77e38e - pcmcia: fix setting of kthread task states (git-fixes). - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (git-fixes). - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (git-fixes). - commit 291cf9b - kernel/locking: Use a pointer in ww_mutex_trylock() (git-fixes). - lib/logic_iomem: Fix operation on 32-bit (git-fixes). - lib/logic_iomem: Fix 32-bit build (git-fixes). - mmc: meson-mx-sdio: add IRQ check (git-fixes). - mmc: meson-mx-sdhc: add IRQ check (git-fixes). - mfd: intel-lpss: Fix too early PM enablement in the ACPI - >probe() (git-fixes). - mtd: core: provide unique name for nvmem device (git-fixes). - mtd: Fixed breaking list in __mtd_del_partition (git-fixes). - lib/mpi: Add the return value check of kcalloc() (git-fixes). - mISDN: change function names to avoid conflicts (git-fixes). - commit 9a0c88a - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad (git-fixes). - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init (git-fixes). - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc (git-fixes). - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init (git-fixes). - hwmon: (mr75203) fix wrong power-up delay value (git-fixes). - drm/amdgpu: disable runpm if we are the primary adapter (git-fixes). - fbdev: fbmem: add a helper to determine if an aperture is used by a fw fb (git-fixes). - drm/amd/pm: keep the BACO feature enabled for suspend (git-fixes). - drm/amdgpu: fix dropped backing store handling in amdgpu_dma_buf_move_notify (git-fixes). - drm/amd/display: Added power down for DCN10 (git-fixes). - commit 49a64a1 - drm/i915/backlight: extract backlight code to a separate file (git-fixes). - Refresh patches.suse/drm-i915-dp-Perform-30ms-delay-after-source-OUI-writ.patch. - commit de43291 - crypto: x86/aesni - don't require alignment of data (git-fixes). - crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (git-fixes). - docs: automarkup.py: Fix invalid HTML link output and broken URI fragments (git-fixes). - Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (git-fixes). - drm/amd/display: fix B0 TMDS deepcolor no dislay issue (git-fixes). - drm/amdgpu: put SMU into proper state on runpm suspending for BOCO capable platform (git-fixes). - drm/amdgpu: always reset the asic in suspend (v2) (git-fixes). - drm/amd/pm: skip setting gfx cgpg in the s0ix suspend-resume (git-fixes). - drm/amd/pm: Fix xgmi link control on aldebaran (git-fixes). - drm/i915: Add support for panels with VESA backlights with PWM enable/disable (git-fixes). - drm/i915/backlight: mass rename functions to have intel_backlight_ prefix (git-fixes). - commit 941e68f - crypto: omap-aes - Fix broken pm_runtime_and_get() usage (git-fixes). - crypto: octeontx2 - prevent underflow in get_cores_bmap() (git-fixes). - crypto: stm32 - Revert broken pm_runtime_resume_and_get changes (git-fixes). - crypto: stm32/cryp - fix bugs and crash in tests (git-fixes). - crypto: stm32/cryp - fix lrw chaining mode (git-fixes). - crypto: stm32/cryp - fix double pm exit (git-fixes). - crypto: stm32/cryp - check early input data (git-fixes). - crypto: stm32/cryp - fix xts and race condition in crypto_engine requests (git-fixes). - crypto: stm32/cryp - fix CTR counter carry (git-fixes). - crypto: octeontx2 - uninitialized variable in kvf_limits_store() (git-fixes). - commit 1f3d99d - backlight: qcom-wled: Override default length with qcom,enabled-strings (git-fixes). - backlight: qcom-wled: Fix off-by-one maximum with default num_strings (git-fixes). - backlight: qcom-wled: Pass number of elements to read to read_u32_array (git-fixes). - backlight: qcom-wled: Validate enabled string indices in DT (git-fixes). - crypto: qce - fix uaf on qce_skcipher_register_one (git-fixes). - crypto: qce - fix uaf on qce_ahash_register_one (git-fixes). - crypto: qce - fix uaf on qce_aead_register_one (git-fixes). - atlantic: Fix buff_ring OOB in aq_ring_rx_clean (git-fixes). - auxdisplay: charlcd: checking for pointer reference before dereferencing (git-fixes). - commit 85744be - Move upstreamed caam patches into sorted section - commit c0716a1 ++++ sqlite3: - update to 3.37.2: * Fix a bug introduced in version 3.35.0 (2021-03-12) that can cause database corruption if a SAVEPOINT is rolled back while in PRAGMA temp_store=MEMORY mode, and other changes are made, and then the outer transaction commits * Fix a long-standing problem with ON DELETE CASCADE and ON UPDATE CASCADE in which a cache of the bytecode used to implement the cascading change was not being reset following a local DDL change ++++ shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954). ++++ qemu: - It's time to really start requiring -F when using -b in qemu-img for us as well. Users/customers have been warned in the relevant release notes (bsc#1190135) * Patches dropped: Revert-qemu-img-Improve-error-for-rebase.patch Revert-qemu-img-Require-F-with-b-backing.patch ++++ yast2: - Simplify slide show to support future parallel installations (jsc#SLE-20437) - 4.4.35 ------------------------------------------------------------------ ------------------ 2022-1-11 - Jan 11 2022 ------------------- ------------------------------------------------------------------ ++++ grub2: - Power guest secure boot with static keys: GRUB2 signing portion (jsc#SLE-18271) (bsc#1192764) * grub2.spec - Power guest secure boot with static keys: GRUB2 portion (jsc#SLE-18144) (bsc#1192686) * 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch * 0002-ieee1275-claim-more-memory.patch * 0003-ieee1275-request-memory-with-ibm-client-architecture.patch * 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch * 0005-docs-grub-Document-signing-grub-under-UEFI.patch * 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch * 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch * 0008-pgp-factor-out-rsa_pad.patch * 0009-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch * 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch * 0011-libtasn1-import-libtasn1-4.18.0.patch * 0012-libtasn1-disable-code-not-needed-in-grub.patch * 0013-libtasn1-changes-for-grub-compatibility.patch * 0014-libtasn1-compile-into-asn1-module.patch * 0015-test_asn1-test-module-for-libtasn1.patch * 0016-grub-install-support-embedding-x509-certificates.patch * 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch * 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch * 0019-appended-signatures-support-verifying-appended-signa.patch * 0020-appended-signatures-verification-tests.patch * 0021-appended-signatures-documentation.patch * 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch * 0023-x509-allow-Digitial-Signature-plus-other-Key-Usages.patch ++++ kernel-default: - vfs: fs_context: fix up param length parsing in legacy_parse_param (CVE-2022-0185 bsc#1194517). - vfs: Out-of-bounds write of heap buffer in fs_context.c (CVE-2022-0185 bsc#1194517). - commit 4eff35e - Refresh and reenable patches.suse/powerpc-Add-kABI-placeholder-to-struct-pci_controlle.patch. - commit 0662bab - Move upstreamed i915 patch into sorted section - commit ab774ad - Drop a bogus DRM patch that has been already cherry-picked - commit 74d26f7 - thunderbolt: xdomain: Avoid potential stack OOB read (jsc#SLE-19356 jsc#SLE-19358 jsc#SLE-19359). - commit b3e0efa - Update patch references for NFC security fixes (CVE-2021-4202 bsc#1194529) - commit 73f05a8 - RDMA/core: Don't infoleak GRH fields (jsc#SLE-19249). - RDMA/uverbs: Check for null return of kmalloc_array (jsc#SLE-19249). - Revert "RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow" (jsc#SLE-19253). - RDMA/rxe: Prevent double freeing rxe_map_set() (jsc#SLE-19249). - iavf: Fix limit of total number of queues to active queues of VF (jsc#SLE-18385). - i40e: Fix incorrect netdev's real number of RX/TX queues (jsc#SLE-18378). - i40e: Fix for displaying message regarding NVM version (jsc#SLE-18378). - i40e: fix use-after-free in i40e_sync_filters_subtask() (jsc#SLE-18378). - i40e: Fix to not show opcode msg on unsuccessful VF MAC change (jsc#SLE-18378). - sfc: The RX page_ring is optional (git-fixes). - sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc (git-fixes). - net: ena: Fix error handling when calculating max IO queues number (git-fixes). - net: ena: Fix wrong rx request id by resetting device (git-fixes). - net: ena: Fix undefined state when tx request id is out of bounds (git-fixes). - commit 47d0d9d - thunderbolt: Add module parameter for CLx disabling (jsc#SLE-19359). - commit 2edbb7d - thunderbolt: Enable CL0s for Intel Titan Ridge (jsc#SLE-19359). - commit 78214f0 - thunderbolt: Rename Intel TB_VSE_CAP_IECS capability (jsc#SLE-19356 jsc#SLE-19357 jsc#SLE-19358 jsc#SLE-19359). - commit 77795ca - thunderbolt: Implement TMU time disruption for Intel Titan Ridge (jsc#SLE-19359). - commit a599ed6 - thunderbolt: Move usb4_switch_wait_for_bit() to switch.c (jsc#SLE-19356 jsc#SLE-19357 jsc#SLE-19358 jsc#SLE-19359). - commit 654869f - thunderbolt: Add CL0s support for USB4 routers (jsc#SLE-19359). - commit 2d3b539 - thunderbolt: Add TMU uni-directional mode (jsc#SLE-19358 jsc#SLE-19359). - commit 55afa32 - thunderbolt: Check return value of kmemdup() in icm_handle_event() (jsc#SLE-19358). - commit 1d198a8 - thunderbolt: Do not dereference fwnode in struct device (jsc#SLE-19356 jsc#SLE-19357 jsc#SLE-19358 jsc#SLE-19359). - commit 6c6f018 - thunderbolt: Add debug logging of DisplayPort resource allocation (jsc#SLE-19356). - commit c30ad8a - thunderbolt: Do not allow subtracting more NFC credits than configured (jsc#SLE-19359). - commit 6830e6c - thunderbolt: Runtime resume USB4 port when retimers are scanned (jsc#SLE-19359). - commit d68139f - thunderbolt: Runtime PM activate both ends of the device link (jsc#SLE-19356 jsc#SLE-19359). - commit 7b8a05d - iwlwifi: mvm: Use div_s64 instead of do_div in iwl_mvm_ftm_rtt_smoothing() (git-fixes). - drm/amd/display: Fix DPIA outbox timeout after S3/S4/reset (git-fixes). - commit fbf8c6a - wcn36xx: Fix max channels retrieval (git-fixes). - wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma (git-fixes). - wcn36xx: fix RX BD rate mapping for 5GHz legacy rates (git-fixes). - wcn36xx: populate band before determining rate on RX (git-fixes). - commit e2ed707 - software node: fix wrong node passed to find nargs_prop (git-fixes). - thermal/drivers/int340x: Fix RFIM mailbox write commands (git-fixes). - thermal/drivers/imx8mm: Enable ADC when enabling monitor (git-fixes). - thermal/drivers/imx: Implement runtime PM support (git-fixes). - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (git-fixes). - wcn36xx: Put DXE block into reset before freeing memory (git-fixes). - wcn36xx: Release DMA channel descriptor allocations (git-fixes). - wcn36xx: Fix DMA channel enable/disable cycle (git-fixes). - wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (git-fixes). - wcn36xx: ensure pairing of init_scan/finish_scan and start_scan/end_scan (git-fixes). - commit 33d2ad1 - PCI/ACPI: Fix acpi_pci_osc_control_set() kernel-doc comment (git-fixes). - mt76: mt7921: drop offload_flags overwritten (git-fixes). - mwifiex: Fix possible ABBA deadlock (git-fixes). - media: hantro: Fix probe func error path (git-fixes). - media: ov8865: Disable only enabled regulators on error path (git-fixes). - media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes). - media: msi001: fix possible null-ptr-deref in msi001_probe() (git-fixes). - media: dw2102: Fix use after free (git-fixes). - memory: renesas-rpc-if: Return error in case devm_ioremap_resource() fails (git-fixes). - commit 5b0b74d - media: streamzap: remove unnecessary ir_raw_event_reset and handle (git-fixes). - media: si2157: Fix "warm" tuner state detection (git-fixes). - media: cec-pin: fix interrupt en/disable handling (git-fixes). - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (git-fixes). - media: dib8000: Fix a memleak in dib8000_init() (git-fixes). - media: uvcvideo: fix division by zero at stream start (git-fixes). - media: venus: core: Fix a resource leak in the error handling path of 'venus_probe()' (git-fixes). - media: venus: core: Fix a potential NULL pointer dereference in an error handling path (git-fixes). - media: venus: correct low power frequency calculation for encoder (git-fixes). - media: coda: fix CODA960 JPEG encoder buffer overflow (git-fixes). - commit ad9c38c - media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (git-fixes). - media: si470x-i2c: fix possible memory leak in si470x_i2c_probe() (git-fixes). - media: imx-pxp: Initialize the spinlock prior to using it (git-fixes). - media: rcar-csi2: Optimize the selection PHTW register (git-fixes). - media: rcar-csi2: Correct the selection of hsfreqrange (git-fixes). - media: i2c: ov8865: Fix lockdep error (git-fixes). - media: i2c: Re-order runtime pm initialisation (git-fixes). - media: i2c: imx274: fix trivial typo obainted/obtained (git-fixes). - media: i2c: imx274: fix trivial typo expsoure/exposure (git-fixes). - media: i2c: imx274: fix s_frame_interval runtime resume not requested (git-fixes). - commit 2f34e23 - media: dib0700: fix undefined behavior in tuner shutdown (git-fixes). - media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes). - media: stk1160: fix control-message timeouts (git-fixes). - media: s2255: fix control-message timeouts (git-fixes). - media: pvrusb2: fix control-message timeouts (git-fixes). - media: em28xx: fix control-message timeouts (git-fixes). - media: cpia2: fix control-message timeouts (git-fixes). - media: flexcop-usb: fix control-message timeouts (git-fixes). - media: redrat3: fix control-message timeouts (git-fixes). - media: mceusb: fix control-message timeouts (git-fixes). - commit da51464 - media: correct MEDIA_TEST_SUPPORT help text (git-fixes). - media: aspeed: Update signal status immediately to ensure sane hw state (git-fixes). - media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE (git-fixes). - media: em28xx: fix memory leak in em28xx_init_dev (git-fixes). - media: aspeed: fix mode-detect always time out at 2nd run (git-fixes). - media: atomisp: fix uninitialized bug in gmin_get_pmic_id_and_addr() (git-fixes). - media: atomisp: fix ifdefs in sh_css.c (git-fixes). - media: atomisp: fix inverted error check for ia_css_mipi_is_source_port_valid() (git-fixes). - media: atomisp: do not use err var when checking port validity for ISP2400 (git-fixes). - commit 54c82b7 - iwlwifi: mvm: set protected flag only for NDP ranging (git-fixes). - iwlwifi: mvm: perform 6GHz passive scan after suspend (git-fixes). - iwlwifi: mvm: test roc running status bits before removing the sta (git-fixes). - iwlwifi: mvm: fix 32-bit build in FTM (git-fixes). - iwlwifi: fix Bz NMI behaviour (git-fixes). - media: atomisp: fix inverted logic in buffers_needed() (git-fixes). - media: atomisp: fix punit_ddr_dvfs_enable() argument for mrfld_power up case (git-fixes). - media: atomisp: add missing media_device_cleanup() in atomisp_unregister_entities() (git-fixes). - gpu: host1x: Add back arm_iommu_detach_device() (git-fixes). - gpu: host1x: Drop excess kernel-doc entry @key (git-fixes). - commit ddae815 - drm/amd/display: Fix the uninitialized variable in enable_stream_features() (git-fixes). - drm/msm/dpu: fix safe status debugfs file (git-fixes). - drm/msm/dp: displayPort driver need algorithm rational (git-fixes). - drm/vmwgfx: Remove explicit transparent hugepages support (git-fixes). - drm/tegra: vic: Fix DMA API misuse (git-fixes). - drm/tegra: gr2d: Explicitly control module reset (git-fixes). - drm/amd/pm: fix a potential gpu_metrics_table memory leak (git-fixes). - drm/amd/display: Fix out of bounds access on DNC31 stream encoder regs (git-fixes). - drm/amd/display: Fix bug in debugfs crc_win_update entry (git-fixes). - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (git-fixes). - commit dd193ee - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (git-fixes). - drm/bridge: ti-sn65dsi86: Set max register for regmap (git-fixes). - drm/vmwgfx: Fail to initialize on broken configs (git-fixes). - drm/vmwgfx: Remove the deprecated lower mem limit (git-fixes). - drm/amd/display: Fix DPIA outbox timeout after GPU reset (git-fixes). - drm/vboxvideo: fix a NULL vs IS_ERR() check (git-fixes). - drm/dp: Don't read back backlight mode in drm_edp_backlight_enable() (git-fixes). - drm/vc4: crtc: Copy assigned channel to the CRTC (git-fixes). - drm/vc4: Fix non-blocking commit getting stuck forever (git-fixes). - drm/vc4: crtc: Drop feed_txp from state (git-fixes). - commit fd31773 - drm/bridge: analogix_dp: Make PSR-exit block less (git-fixes). - drm/vc4: hdmi: Enable the scrambler on reconnection (git-fixes). - drm/vc4: crtc: Make sure the HDMI controller is powered when disabling (git-fixes). - drm/vc4: hdmi: Rework the pre_crtc_configure error handling (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered up during bind (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered in detect (git-fixes). - drm/vc4: hdmi: Move the HSM clock enable to runtime_pm (git-fixes). - drm/vc4: hdmi: Set a default HSM rate (git-fixes). - drm/rockchip: dsi: Disable PLL clock on bind error (git-fixes). - commit c836251 - Documentation: ACPI: Fix data node reference documentation (git-fixes). - dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled() (git-fixes). - drm/rockchip: dsi: Fix unbalanced clock on probe error (git-fixes). - drm/rockchip: dsi: Reconfigure hardware on resume() (git-fixes). - drm/rockchip: dsi: Hold pm-runtime across bind/unbind (git-fixes). - drm/panel: innolux-p079zca: Delete panel on attach() failure (git-fixes). - drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure (git-fixes). - drm: fix null-ptr-deref in drm_dev_init_release() (git-fixes). - drm/bridge: display-connector: fix an uninitialized pointer in probe() (git-fixes). - Documentation, arch: Remove leftovers from raw device (git-fixes). - commit c33b5df - device property: Fix documentation for FWNODE_GRAPH_DEVICE_DISABLED (git-fixes). - device property: Fix fwnode_graph_devcon_match() fwnode leak (git-fixes). - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (git-fixes). - can: xilinx_can: xcan_probe(): check for error irq (git-fixes). - can: softing: softing_startstop(): fix set but not used variable warning (git-fixes). - can: softing_cs: softingcs_probe(): fix memleak on registration failure (git-fixes). - can: isotp: convert struct tpcon::{idx,len} to unsigned int (git-fixes). - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (git-fixes). - clk: bcm-2835: Remove rounding up the dividers (git-fixes). - clk: bcm-2835: Pick the closest clock rate (git-fixes). - commit ccff551 - Bluetooth: L2CAP: uninitialized variables in l2cap_sock_setsockopt() (git-fixes). - Bluetooth: hci_qca: Fix NULL vs IS_ERR_OR_NULL check in qca_serdev_probe (git-fixes). - Bluetooth: hci_bcm: Check for error irq (git-fixes). - can: mcp251xfd: add missing newline to printed strings (git-fixes). - can: mcp251xfd: mcp251xfd_tef_obj_read(): fix typo in error message (git-fixes). - can: usb_8dev: remove unused member echo_skb from struct usb_8dev_priv (git-fixes). - Bluetooth: hci_qca: Stop IBS timer during BT OFF (git-fixes). - Bluetooth: L2CAP: Fix using wrong mode (git-fixes). - Bluetooth: btmtksdio: fix resume failure (git-fixes). - commit 9c9f45a - ax25: uninitialized variable in ax25_setsockopt() (git-fixes). - ath11k: Fix a NULL pointer dereference in ath11k_mac_op_hw_scan() (git-fixes). - ath11k: Fix deleting uninitialized kernel timer during fragment cache flush (git-fixes). - ath11k: Fix buffer overflow when scanning with extraie (git-fixes). - Bluetooth: stop proccessing malicious adv data (git-fixes). - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (git-fixes). - Bluetooth: virtio_bt: fix memory leak in virtbt_rx_handle() (git-fixes). - Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() (git-fixes). - Bluetooth: btusb: Fix application of sizeof to pointer (git-fixes). - Bluetooth: L2CAP: Fix not initializing sk_peer_pid (git-fixes). - commit 1874423 - ACPI: EC: Rework flushing of EC work while suspended to idle (git-fixes). - ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes (git-fixes). - ath10k: Fix the MTU size on QCA9377 SDIO (git-fixes). - ath11k: Use host CE parameters for CE interrupts configuration (git-fixes). - ath11k: reset RSN/WPA present state for open BSS (git-fixes). - ath11k: clear the keys properly via DISABLE_KEY (git-fixes). - ath11k: Fix ETSI regd with weather radar overlap (git-fixes). - ath11k: Send PPDU_STATS_CFG with proper pdev mask to firmware (git-fixes). - commit daa87ce - Move upstreamed media and wireless patches into sorted section - commit 0e89c6b - Update patches.suse/0001-crypto-implement-downstream-solution-for-disabling-d.patch (jsc#SLE-21132,bsc#1191270,bsc#1193976). - commit 3bec270 ++++ libcontainers-common: - Switch registries.conf to v2 format ++++ ldb: - Modify packaging to allow parallel installation with libldb1 (bsc#1192684): + Private libraries are installed in %{_libdir}/ldb2/ + Modules are installed in %{_libdir}/ldb2/modules ++++ sssd: - Remove libsmbclient-devel BuildRequires in favor of pkgconfig(smbclient) ------------------------------------------------------------------ ------------------ 2022-1-10 - Jan 10 2022 ------------------- ------------------------------------------------------------------ ++++ boost-base: - variant.patch: backport fix allowing perfect forwarding in apply_visitor. Also fix wrong usage of boost::move (bsc#1194522) ++++ chrony: - bsc#1194229: Fix pool package dependencies, so that SLE actually prefers chrony-pool-suse over chrony-pool-empty. ++++ grub2: - Fix no menuentry is found if hibernation on btrfs RAID1 (bsc#1193090) * grub2-systemd-sleep-plugin ++++ kernel-default: - EDAC/i10nm: Release mdev/mbase when failing to detect HBM (bsc#1190497). - commit fd0b06f - Delete patches.suse/sched-fair-Adjust-the-allowed-NUMA-imbalance-when-SD_NUMA-spans-multiple-LLCs.patch. - Delete patches.suse/sched-fair-Use-weight-of-SD_NUMA-domain-in-find_busiest_group.patch. To be updated. - commit d4407e8 - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (bsc#1194272 CVE-2021-4155). - commit a336d8d - Input: zinitix - make sure the IRQ is allocated before it gets enabled (git-fixes). - Revert "drm/amdgpu: stop scheduler when calling hw_fini (v2)" (git-fixes). - i2c: mpc: Avoid out of bounds memory access (git-fixes). - power: reset: ltc2952: Fix use of floating point literals (git-fixes). - power: supply: core: Break capacity loop (git-fixes). - commit a4fc8b8 - x86/kvm: Add kexec support for SEV Live Migration (bsc#1194316). - commit 984f004 - x86/kvm: Add guest support for detecting and enabling SEV Live Migration feature (bsc#1194316). - Refresh patches.suse/0001-kvm-Reintroduce-nopvspin-kernel-parameter.patch. - commit 339e71a - EFI: Introduce the new AMD Memory Encryption GUID (bsc#1194316). - mm: x86: Invoke hypercall when page encryption status is changed (bsc#1194316). - x86/kvm: Add AMD SEV specific Hypercall3 (bsc#1194316). - commit 9fae40a ++++ ceph: - Update to 16.2.7-37-gb3be69440db: + (bsc#1194353) Downstream branding breaks dashboard npm build + (bsc#1188911) OSD marked down causes wrong backfill_toofull ++++ systemd: - Rename 1009-drop-or-soften-deprecation-warnings.patch into 1009-Drop-or-soften-some-of-the-deprecation-warnings.patch ++++ wayland: - obsolete/provide libwayland-egl-devel 18.0.2 also on sle15-sp4 ++++ libzypp: - Fix broken install path for parser compat headers (fixes #372, bsc#1194597) - RepoManager: remember exec errors in exception history (bsc#1193007) - version 17.29.1 (22) ++++ rust-keylime: - Update to version 0.1.0+git.1641587454.1248597: * quotes_handler: send TPM2 event log for measured boot * serialization: move serialization into separate module * try to load AK from disk instead of always creating a new one * update Cargo.lock file * make hash, encryption and signing algorithm configurable * tpm: remove get_sig_scheme(..) function * hash: rename to algorithms and implement tss conversions * cmd_exec: remove cmd_exec module * secure_mount: fix mount of tmpfs for secure directory * common: change default WORK_DIR to /var/lib/keylime * tpm: remove special handling for PCR10 ++++ supportutils: - Changes to version 3.1.19 + Made /proc directory and network names spaces configurable (bsc#1193868) ++++ yast2-trans: - Update to version 84.87.20220109.a8187edd75: * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * New POT for text domain 'installation'. * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Slovak) * New POT for text domain 'storage'. * Translated using Weblate (Arabic) ------------------------------------------------------------------ ------------------ 2022-1-9 - Jan 9 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - tee: handle lookup of shm with reference count 0 (bsc#1193767 CVE-2021-44733). - commit 9b249a9 ------------------------------------------------------------------ ------------------ 2022-1-7 - Jan 7 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - sched/fair: Prevent dead task groups from regaining cfs_rq's (bsc#1192837). - commit 06f21e0 - debugfs: lockdown: Allow reading debugfs files that are not world readable (bsc#1193328 ltc#195566). - commit 57aefb3 - drm/ast: Create the driver for ASPEED proprietory Display-Port (jsc#SLE-19299) - commit 6e5bebf - drm/ast: Enable the supporting of wide screen on AST2600 (jsc#SLE-19299) - commit 20901d9 - rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined. - commit a877782 - Refresh BT workaround patch (bsc#1193124) Fix yet another broken device 8086:0aa7 - commit 97575af - drm/amdgpu: add support for IP discovery gc_info table v2 (git-fixes). - commit ddac46e - ieee802154: atusb: fix uninit value in atusb_set_extended_addr (git-fixes). - mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh (git-fixes). - mac80211: initialize variable have_higher_than_11mbit (git-fixes). - batman-adv: mcast: don't send link-local multicast to mcast routers (git-fixes). - Input: spaceball - fix parsing of movement data packets (git-fixes). - drm/amdgpu: When the VCN(1.0) block is suspended, powergating is explicitly enabled (git-fixes). - platform/x86: apple-gmux: use resource_size() with res (git-fixes). - platform/mellanox: mlxbf-pmc: Fix an IS_ERR() vs NULL bug in mlxbf_pmc_map_counters (git-fixes). - ALSA: hda: intel-sdw-acpi: go through HDAS ACPI at max depth of 2 (git-fixes). - ALSA: hda: intel-sdw-acpi: harden detection of controller (git-fixes). - tomoyo: use hwight16() in tomoyo_domain_quota_is_ok() (git-fixes). - tomoyo: Check exceeded quota early in tomoyo_domain_quota_is_ok() (git-fixes). - commit 9651cf1 ++++ multipath-tools: - Version 0.8.8+13+suse.79c3556f * code-wise identical to 0.8.8+38+suse.2bdd3a14 (previous version number was too high by mistake) ++++ rdma-core: - Update to v38.1 - Major fixes for hns provider ++++ suseconnect-ng: - Update to version 0.0.5~git0.bbb5544: * Switch from rubygem-ffi to fiddle * Cleanup services during migration (bsc#1161891) * Allow non-root users to see usage text * Add option to not fail dup as much * Move APIVersion declaration to file where it is used * Add flag to enable/disable hwinfo test * Add ARM cluster count to hwinfo and fix test * Simplify parsing JSON error response * Add --gpg-auto-import-keys for zypper ref * Rename main.go to logging.go * Fix typo * Remove init() from the connect package * Move CFG variable declaration to config.go * Move AppName const to the file where it is used * Use testing.Helper() in test helpers * Add ppc64le support * Disable UUID test * Add test tools to BuildRequires * Ignore UUID errors * Run basic hwinfo sanity test on build service * Update code comments to match shim behavior. * Remove dependency on systemd * Only run httputil DumpResponse when needed ++++ yast2: - Fixed test failure in Ruby 2.5, caused by the fix for Ruby 3.0 (related to bsc#1193192) - 4.4.34 - Y2Packager::Resolvable: added none? method in order to not crash in case of rubocop automatic change (bsc#1194387) - 4.4.33 ------------------------------------------------------------------ ------------------ 2022-1-6 - Jan 6 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: core: Fix scsi_device_max_queue_depth() (bsc#1194317). - commit 3a8ce65 - Update patches.suse/cpufreq-ondemand-set-default-up_threshold-to-30-on-multi-core-systems.patch (bsc#464461,bsc#981838,bsc#1064414,bsc#1144943,bsc#1193200). - commit 4e8aa41 - x86/sev: Carve out HV call's return value verification (jsc#SLE-19924). - Refresh patches.suse/x86-sev-expose-sev_es_ghcb_hv_call-for-use-by-hyperv. - commit 7220981 ------------------------------------------------------------------ ------------------ 2022-1-5 - Jan 5 2022 ------------------- ------------------------------------------------------------------ ++++ dbus-1: - Remove pointless %%post scriptlet leveraging non-existent systemd env variables FIRST_ARG has been used in our systemd macros, but this has now been gone for years. Thus the true branch of the if has never been executed for years and is only causing warnings when installing dbus. ++++ hwdata: - Update to version 0.355 (bsc#1194338): + Updated pci, usb and vendor ids. ++++ kernel-default: - powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic (bsc#1193901 ltc#194976). - powerpc: handle kdump appropriately with crash_kexec_post_notifiers option (bsc#1193901 ltc#194976). - commit 7a55b80 - Refresh patches.suse/ext4-Support-for-checksumming-from-journal-triggers.patch. - commit 37abf0d - filesystems/locking: fix Malformed table warning (bsc#1194346). - commit d6bb90b - cifs: Fix race between hole punch and page fault (bsc#1194346). - commit b378137 - ceph: Fix race between hole punch and page fault (bsc#1194346). - commit 0d112ab - fuse: Convert to using invalidate_lock (bsc#1194346). - commit 5d819b0 - f2fs: Convert to using invalidate_lock (bsc#1194346). - commit 9764db7 - zonefs: Convert to using invalidate_lock (bsc#1194346). - commit c847453 - xfs: Convert double locking of MMAPLOCK to use VFS helpers (bsc#1194346). - commit ec46016 - xfs: Convert to use invalidate_lock (bsc#1194346). - commit af165b9 - xfs: Refactor xfs_isilocked() (bsc#1194346). - commit d308a96 - ext2: Convert to using invalidate_lock (bsc#1194346). - commit 2e31ef0 - ext4: Convert to use mapping->invalidate_lock (bsc#1194346). - commit 2285a90 - documentation: Sync file_operations members with reality (bsc#1194346). - commit ceb27b8 - powerpc/xmon: Dump XIVE information for online-only processors (bsc#1193482 ltc#195600). - commit 5695527 - thunderbolt: Do not program path HopIDs for USB4 routers (jsc#SLE-19357). - commit 4027086 - ext4: prevent partial update of the extent blocks (bsc#1194163). - ext4: check for inconsistent extents between index and leaf block (bsc#1194163). - ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163). - ext4: Support for checksumming from journal triggers (bsc#1194163). Refresh patches.suse/ext4-correct-the-error-path-of-ext4_write_inline_dat.patch - commit 52d77cb - thunderbolt: Tear down existing tunnels when resuming from hibernate (jsc#SLE-19357). - commit 06feed9 ++++ kernel-firmware: - Update to version 20211229 (git commit 57d6b9507e28): * cnm: add chips&media wave521c firmware. * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * rtw88: 8822c: Update normal firmware to v9.9.11 * QCA: Update Bluetooth WCN685x firmware to 2.1.0-00298 * amdgpu: update green sardine PSP firmware * bnx2x: Add FW 7.13.21.0 * linux-firmware: update frimware for mediatek bluetooth chip (MT7921) * linux-firmware: wilc1000: update WILC1000 firmware to v15.4.1 * rtl_bt: Update RTL8761B BT UART firmware to 0x0CA9_8A6B * rtl_bt: Update RTL8761B BT USB firmware to 0x09A9_8A6B * cxgb4: Update firmware to revision 1.26.4.0 * rtw89: 8852a: update fw to v0.13.33.0 * i915: Add DMC firmware v2.14 for ADL-P * QCA: Add Bluetooth default nvm file for WCN685x ++++ osinfo-db: - Update to database version 20211216 osinfo-db-20211216.tar.xz - Drop add-missing-oracle-linux-versions.patch ------------------------------------------------------------------ ------------------ 2022-1-4 - Jan 4 2022 ------------------- ------------------------------------------------------------------ ++++ glib-networking: - Increase testsuite timeout ++++ kernel-default: - Update patches.suse/netdevsim-Zero-initialize-memory-for-new-map-s-value.patch (bsc#1193927 CVE-2021-4135). Added CVE number. - commit 660e423 - KVM: SEV: unify cgroup cleanup code for svm_vm_migrate_from (jsc#SLE-19924). - KVM: SEV: Add support for SEV-ES intra host migration (jsc#SLE-19924). - KVM: SEV: Add support for SEV intra host migration (jsc#SLE-19924). - KVM: SEV: provide helpers to charge/uncharge misc_cg (jsc#SLE-19924). - KVM: generalize "bugged" VM to "dead" VM (jsc#SLE-19924). - KVM: SEV: Refactor out sev_es_state struct (jsc#SLE-19924). - KVM: x86/mmu: Return old SPTE from mmu_spte_clear_track_bits() (jsc#SLE-19924). - KVM: x86/mmu: Refactor shadow walk in __direct_map() to reduce indentation (jsc#SLE-19924). - KVM: x86: Hoist kvm_dirty_regs check out of sync_regs() (jsc#SLE-19924). - KVM: x86/mmu: Mark VM as bugged if page fault returns RET_PF_INVALID (jsc#SLE-19924). - KVM: x86: Use KVM_BUG/KVM_BUG_ON to handle bugs that are fatal to the VM (jsc#SLE-19924). - KVM: Export kvm_make_all_cpus_request() for use in marking VMs as bugged (jsc#SLE-19924). - KVM: Add infrastructure and macro to mark VM as bugged (jsc#SLE-19924). - commit 4c87f07 - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - commit 37c195c - Refresh patches.suse/igc-Do-not-enable-crosstimestamping-for-i225-V-model.patch. Replaced with upstream commit and put to sorted section. - commit 7a69d48 - net/mlx5e: Fix wrong features assignment in case of error (jsc#SLE-19253). - net/mlx5e: TC, Fix memory leak with rules with internal port (jsc#SLE-19253). - igc: Fix TX timestamp support for non-MSI-X platforms (jsc#SLE-18377). - ionic: Initialize the 'lif->dbid_inuse' bitmap (jsc#SLE-19282). - net/mlx5: Fix some error handling paths in 'mlx5e_tc_add_fdb_flow()' (jsc#SLE-19253). - net/mlx5e: Delete forward rule for ct or sample action (jsc#SLE-19253). - net/mlx5e: Fix ICOSQ recovery flow for XSK (jsc#SLE-19253). - net/mlx5e: Fix interoperability between XSK and ICOSQ recovery flow (jsc#SLE-19253). - net/mlx5e: Fix skb memory leak when TC classifier action offloads are disabled (jsc#SLE-19253). - net/mlx5e: Wrap the tx reporter dump callback to extract the sq (jsc#SLE-19253). - net/mlx5: Fix tc max supported prio for nic mode (jsc#SLE-19253). - net/mlx5: Fix SF health recovery flow (jsc#SLE-19253). - net/mlx5: Fix error print in case of IRQ request failed (jsc#SLE-19253). - net/mlx5: Use first online CPU instead of hard coded CPU (jsc#SLE-19253). - net/mlx5: DR, Fix querying eswitch manager vport for ECPF (jsc#SLE-19253). - net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources (jsc#SLE-19253). - sfc: falcon: Check null pointer of rx_queue->page_ring (git-fixes). - sfc: Check null pointer of rx_queue->page_ring (git-fixes). - bonding: fix ad_actor_system option setting to default (git-fixes). - igb: fix deadlock caused by taking RTNL in RPM resume path (jsc#SLE-18379). - qlcnic: potential dereference null pointer of rx_queue->page_ring (git-fixes). - ice: xsk: fix cleaned_count setting (jsc#SLE-18375). - ice: xsk: allow empty Rx descriptors on XSK ZC data path (jsc#SLE-18375). - ice: xsk: do not clear status_error0 for ntu + nb_buffs descriptor (jsc#SLE-18375). - ice: remove dead store on XSK hotpath (jsc#SLE-18375). - ice: xsk: allocate separate memory for XDP SW ring (jsc#SLE-18375). - ice: xsk: return xsk buffers back to pool when cleaning the ring (jsc#SLE-18375). - commit 23e6d3c ++++ libeconf: - Update to version 0.4.4+git20220104.962774f: * Fixed i586 build (#158) - Update to version 0.4.2+git20220104.5dfd69d: * Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) ++++ sg3_utils: - Update to version 1.47+2.388b767: * rescan-scsi-bus.sh: apply fix for '-r' (boo#1194293) * _service: use openSUSE github repo again (with cherry-picks from upstream) * spec file: suppress commit ID in library version ++++ systemd: - Update systemd-user PAM service again Change the default implementation of pam_setcred() again, previously customized to run the full "auth" PAM stack and only call pam_deny.so which is basically the SUSE default behavior without pam_warn.so. This is considered safer, especially on SLE where a regression was spotted by QA. ++++ suse-module-tools: - Update to version 15.4.11: * cdrom: Disable autoclose by default (boo#1165047). * Make regenerate-initrd-posttrans compatible with Dracut's UEFI mode (unified kernel image) ------------------------------------------------------------------ ------------------ 2022-1-3 - Jan 3 2022 ------------------- ------------------------------------------------------------------ ++++ kdump: - kdump-0.9.2-mkdumprd-properly-pass-compression-params.patch: Fix malformation in passing Dracut compression parameters in mkdumprd (bsc#1193765). - Refresh existing patches. ++++ kernel-default: - scsi: lpfc: Use struct_group to isolate cast to larger object (bsc#1194266). - scsi: lpfc: Use struct_group() to initialize struct lpfc_cgn_info (bsc#1194266). - scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc#1194266). - scsi: lpfc: Add additional debugfs support for CMF (bsc#1194266). - scsi: lpfc: Cap CMF read bytes to MBPI (bsc#1194266). - scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc#1194266). - scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup (bsc#1194266). - scsi: lpfc: Fix NPIV port deletion crash (bsc#1194266). - scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance (bsc#1194266). - scsi: lpfc: Change return code on I/Os received during link bounce (bsc#1194266). - scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV (bsc#1194266). - commit 56f0e4d - Update patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch Update meta data and move the patch into the sorted section. - commit 801abe1 - wireguard: ratelimiter: use kvcalloc() instead of kvzalloc() (git-fixes). - wireguard: receive: drop handshakes if queue lock is contended (git-fixes). - wireguard: receive: use ring buffer for incoming handshakes (git-fixes). - wireguard: device: reset peer src endpoint when netns exits (git-fixes). - wireguard: selftests: actually test for routing loops (git-fixes). - wireguard: selftests: increase default dmesg log size (git-fixes). - wireguard: allowedips: add missing __rcu annotation to satisfy sparse (git-fixes). - scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo() (git-fixes). - scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes). - scsi: qla2xxx: edif: Increase ELS payload (git-fixes). - scsi: qla2xxx: edif: Flush stale events and msgs on session down (git-fixes). - scsi: qla2xxx: edif: Fix app start delay (git-fixes). - scsi: qla2xxx: edif: Fix app start fail (git-fixes). - commit bf283b6 - Input: goodix - try not to touch the reset-pin on x86/ACPI devices (git-fixes). - commit 9c810e6 - Input: goodix - push error logging up into i2c_read and i2c_write helpers (git-fixes). - commit 83b987d - Input: goodix - refactor reset handling (git-fixes). - commit fe6c264 - Input: goodix - add a goodix.h header file (git-fixes). - commit d09187d - Input: goodix - change goodix_i2c_write() len parameter type to int (git-fixes). - commit cf299db - net: usb: pegasus: Do not drop long Ethernet frames (git-fixes). - commit 7669ccb - drm/i915/adlp: Remove require_force_probe protection (jsc#SLE-22725). - commit ed19f50 - media: Revert "media: uvcvideo: Set unique vdev name based in type" (bsc#1193255). - commit ece5395 - hv: utils: add PTP_1588_CLOCK to Kconfig to fix build (git-fixes). - commit f927f33 - i2c: validate user data in compat ioctl (git-fixes). - Input: appletouch - initialize work before device registration (git-fixes). - commit 67ef690 ++++ ovmf: - Modified gdb_uefi.py.in for python3 (bsc#1192126) - change 'long' to 'int' - using print (' instead of print " ++++ systemd-presets-branding-SMO: - enable wicked.service (jsc#SMO-8) ++++ yast2-trans: - Update to version 84.87.20220102.99430aa97b: * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Spanish) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Arabic) * New POT for text domain 'installation'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * New POT for text domain 'security'. * New POT for text domain 'installation'. * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) ------------------------------------------------------------------ ------------------ 2022-1-2 - Jan 2 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - rtw89: 8852a: correct bit definition of dfs_en (bsc#1188303). - rtw89: coex: Update COEX to 5.5.8 (bsc#1188303). - rtw89: coex: Cancel PS leaving while C2H comes (bsc#1188303). - rtw89: coex: Update BT counters while receiving report (bsc#1188303). - rtw89: coex: Define LPS state for BTC using (bsc#1188303). - rtw89: coex: Add MAC API to get BT polluted counter (bsc#1188303). - rtw89: coex: Not to send H2C when WL not ready and count H2C (bsc#1188303). - rtw89: coex: correct C2H header length (bsc#1188303). - rtw89: don't kick off TX DMA if failed to write skb (bsc#1188303). - rtw89: remove cch_by_bw which is not used (bsc#1188303). - rtw89: fix sending wrong rtwsta->mac_id to firmware to fill address CAM (bsc#1188303). - rtw89: fix incorrect channel info during scan (bsc#1188303). - rtw89: update scan_mac_addr during scanning period (bsc#1188303). - rtw89: use inline function instead macro to set H2C and CAM (bsc#1188303). - rtw89: add const in the cast of le32_get_bits() (bsc#1188303). - commit de4e062 ++++ sqlite3: - update to 3.37.1: * Fix a bug introduced by the UPSERT enhancements of version 3.35.0 that can cause incorrect byte-code to be generated for some obscure but valid SQL, possibly resulting in a NULL- pointer dereference. * Fix an OOB read that can occur in FTS5 when reading corrupt database files. * Improved robustness of the --safe option in the CLI. * Other minor fixes to assert() statements and test cases. ------------------------------------------------------------------ ------------------ 2022-1-1 - Jan 1 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Input: i8042 - enable deferred probe quirk for ASUS UM325UA (bsc#1190256). - commit 9eb35f2 - Move upstreamed patches into sorted section - commit d24f83f - uapi: fix linux/nfc.h userspace compilation errors (git-fixes). - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set (git-fixes). - usb: mtu3: set interval of FS intr and isoc endpoint (git-fixes). - usb: mtu3: fix list_head check warning (git-fixes). - usb: mtu3: add memory barrier before set GPD's HWO (git-fixes). - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear (git-fixes). - uapi: Fix undefined __always_inline on non-glibc systems (git-fixes). - spi: change clk_disable_unprepare to clk_unprepare (git-fixes). - tty: n_hdlc: make n_hdlc_tty_wakeup() asynchronous (git-fixes). - USB: serial: option: add Telit FN990 compositions (git-fixes). - USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) (git-fixes). - usb: xhci: Extend support for runtime power management for AMD's Yellow carp (git-fixes). - soc/tegra: fuse: Fix bitwise vs. logical OR warning (git-fixes). - Revert "tty: serial: fsl_lpuart: drop earlycon entry for i.MX8QXP" (git-fixes). - USB: core: Make do_proc_control() and do_proc_bulk() killable (git-fixes). - commit fd73c6a - r8152: sync ocp base (git-fixes). - r8152: fix the force speed doesn't work for RTL8156 (git-fixes). - serial: 8250_fintek: Fix garbled text for console (git-fixes). - soc: imx: Register SoC device only on i.MX boards (git-fixes). - Revert "serial: 8250: Fix reporting real baudrate value in c_ospeed field" (git-fixes). - serial: 8250: Fix reporting real baudrate value in c_ospeed field (git-fixes). - commit a7820da - NFC: st21nfca: Fix memory leak in device probe and remove (git-fixes). - nfc: uapi: use kernel size_t to fix user-space builds (git-fixes). - pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (git-fixes). - pinctrl: bcm2835: Change init order for gpio hogs (git-fixes). - pinctrl: mediatek: fix global-out-of-bounds issue (git-fixes). - platform/x86: intel_pmc_core: fix memleak on registration failure (git-fixes). - platform/x86: amd-pmc: only use callbacks for suspend (git-fixes). - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (git-fixes). - PCI/MSI: Mask MSI-X vectors only on success (git-fixes). - pinctrl: amd: Fix wakeups when IRQ is shared with SCI (git-fixes). - commit c29a200 - mac80211: fix locking in ieee80211_start_ap error path (git-fixes). - mmc: mmci: stm32: clear DLYB_CR after sending tuning command (git-fixes). - mmc: meson-mx-sdhc: Set MANUAL_STOP for multi-block SDIO commands (git-fixes). - mmc: core: Disable card detect during shutdown (git-fixes). - mmc: sdhci-tegra: Fix switch to HS400ES mode (git-fixes). - mac80211: mark TX-during-stop for TX in in_reconfig (git-fixes). - nfc: fix segfault in nfc_genl_dump_devices_done (git-fixes). - memory-hotplug.rst: fix wrong /sys/module/memory_hotplug/parameters/ path (git-fixes). - memory-hotplug.rst: fix two instances of "movablecore" that should be "movable_node" (git-fixes). - commit e3c9499 - kernel/crash_core: suppress unknown crashkernel parameter warning (git-fixes). - Refresh patches.suse/add-product-identifying-information-to-vmcoreinfo.patch. - commit e11041f - libata: if T_LENGTH is zero, dma direction should be DMA_NONE (git-fixes). - mac80211: fix lookup when adding AddBA extension element (git-fixes). - mac80211: validate extended element ID is present (git-fixes). - mac80211: agg-tx: don't schedule_and_wake_txq() under sta->lock (git-fixes). - mac80211: send ADDBA requests using the tid/queue of the aggregation session (git-fixes). - mac80211: fix regression in SSN handling of addba tx (git-fixes). - mac80211: fix rate control for retransmitted frames (git-fixes). - mac80211: track only QoS data frames for admission control (git-fixes). - LSM: Avoid warnings about potentially unused hook variables (git-fixes). - commit 2417651 - hwmon: (lm90) Do not report 'busy' status bit as alarm (git-fixes). - hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes). - hwmon: (lm90) Drop critical attribute support for MAX6654 (git-fixes). - hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations (git-fixes). - hwmon: (lm90) Fix usage of CONFIG2 register in detect function (git-fixes). - Input: elants_i2c - do not check Remark ID on eKTH3900/eKTH5312 (git-fixes). - Input: atmel_mxt_ts - fix double free in mxt_read_info_block (git-fixes). - Input: goodix - add id->model mapping for the "9111" model (git-fixes). - Input: elantech - fix stack out of bound access in elantech_change_report_id() (git-fixes). - Input: iqs626a - prohibit inlining of channel parsing functions (git-fixes). - hamradio: improve the incomplete fix to avoid NPD (git-fixes). - gpio: dln2: Fix interrupts when replugging the device (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi: fix initialization when workqueue allocation fails (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - HID: potential dereference of null pointer (git-fixes). - i2c: rk3x: Handle a spurious start completion interrupt flag (git-fixes). - hamradio: defer ax25 kfree after unregister_netdev (git-fixes). - hwmon: (lm90) Add basic support for TI TMP461 (git-fixes). - hwmon: (lm90) Introduce flag indicating extended temperature support (git-fixes). - commit cda309a - drm/amd/display: Set optimize_pwr_state for DCN31 (git-fixes). - drm/amd/display: Send s0i2_rdy in stream_count == 0 optimization (git-fixes). - drm/mediatek: hdmi: Perform NULL pointer check for mtk_hdmi_conf (git-fixes). - drm/amd/pm: fix a potential gpu_metrics_table memory leak (git-fixes). - drm/amd/display: Set exit_optimized_pwr_state for DCN31 (git-fixes). - drm/amd/pm: fix reading SMU FW version from amdgpu_firmware_info on YC (git-fixes). - drm/amdgpu: don't override default ECO_BITs setting (git-fixes). - firmware: arm_scpi: Fix string overflow in SCPI genpd driver (git-fixes). - firmware: tegra: Fix error application of sizeof() to pointer (git-fixes). - firmware_loader: fix pre-allocated buf built-in firmware use (git-fixes). - commit 791c862 - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE (git-fixes). - commit d8f06f2 - drm/ast: potential dereference of null pointer (git-fixes). - drm: simpledrm: fix wrong unit with pixel clock (git-fixes). - Revert "drm/fb-helper: improve DRM fbdev emulation device names" (git-fixes). - drm/i915/display: Fix an unsigned subtraction which can never be negative (git-fixes). - drm/amdkfd: process_info lock not needed for svm (git-fixes). - drm/amd/display: add connector type check for CRC source set (git-fixes). - drm/amdkfd: fix double free mem structure (git-fixes). - drm/amd/display: Fix for the no Audio bug with Tiled Displays (git-fixes). - commit 3978643 - dmaengine: st_fdma: fix MODULE_ALIAS (git-fixes). - dmaengine: idxd: fix missed completion on abort path (git-fixes). - dmaengine: idxd: fix calling wq quiesce inside spinlock (git-fixes). - drm/amdgpu: check atomic flag to differeniate with legacy path (git-fixes). - drm/msm/dp: Avoid unpowered AUX xfers that caused crashes (git-fixes). - drm/msm/dsi: set default num_data_lanes (git-fixes). - drm/i915: Fix type1 DVI DP dual mode adapter heuristic for modern platforms (git-fixes). - drm/i915/dp: Ensure max link params are always valid (git-fixes). - drm/i915/dp: Ensure sink rate values are always valid (git-fixes). - commit 2ffa66e - ax25: NPD bug when detaching AX25 device (git-fixes). - ASoC: meson: aiu: Move AIU_I2S_MISC hold setting to aiu-fifo-i2s (git-fixes). - bus: sunxi-rsb: Fix shutdown (git-fixes). - cfg80211: Acquire wiphy mutex on regulatory work (git-fixes). - clk: Don't parent clks until the parent is fully registered (git-fixes). - dmaengine: idxd: add halt interrupt support (git-fixes). - bus: ti-sysc: Fix variable set but not used warning for reinit_modules (git-fixes). - cachefiles: Fix oops with cachefiles_cull() due to NULL object (git-fixes). - cachefiles: Fix oops in trace_cachefiles_mark_buried due to NULL object (git-fixes). - commit cd688de - asix: fix wrong return value in asix_check_host_enable() (git-fixes). - asix: fix uninit-value in asix_mdio_read() (git-fixes). - ALSA: hda/realtek: Fix quirk for Clevo NJ51CU (git-fixes). - ASoC: meson: aiu: fifo: Add missing dma_coerce_mask_and_coherent() (git-fixes). - ASoC: tas2770: Fix setting of high sample rates (git-fixes). - ASoC: rt5682: fix the wrong jack type detected (git-fixes). - ASoC: tegra: Restore headphones jack name on Nyan Big (git-fixes). - ASoC: tegra: Add DAPM switches for headphones and mic jack (git-fixes). - ASoC: SOF: Intel: pci-tgl: add new ADL-P variant (git-fixes). - ASoC: SOF: Intel: pci-tgl: add ADL-N support (git-fixes). - commit a7aad6f - ALSA: rawmidi - fix the uninitalized user_pversion (git-fixes). - ALSA: hda/hdmi: Disable silent stream on GLK (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes). - ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6 (git-fixes). - ALSA: jack: Check the return value of kstrdup() (git-fixes). - ALSA: drivers: opl3: Fix incorrect use of vp->state (git-fixes). - ALSA: hda/hdmi: fix HDA codec entry table order for ADL-P (git-fixes). - ALSA: hda: Add Intel DG2 PCI ID and HDMI codec vid (git-fixes). - commit edda50f ------------------------------------------------------------------ ------------------ 2021-12-30 - Dec 30 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - igc: Do not enable crosstimestamping for i225-V models (bsc#1193039). - commit 4b7258e - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - commit 502efc5 - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - Delete patches.suse/ftrace-recordmcount-binutils.patch. - commit e276c5a - fix rpm build warning tumbleweed rpm is adding these warnings to the log: It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl - commit 3ba8941 ++++ libcap: - update to 2.62: * Bug fix for Go package "cap" and launching * Build cleanups * Documentation updates: cap_max_bits has a man page entry * Recognize default securebits as a libcap mode: HYBRID ------------------------------------------------------------------ ------------------ 2021-12-29 - Dec 29 2021 ------------------- ------------------------------------------------------------------ ++++ mozilla-nspr: - update to 4.33: * fixes to build system and export of private symbols ------------------------------------------------------------------ ------------------ 2021-12-28 - Dec 28 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - signal: Skip the altstack update when not needed (bsc#1190497). - commit 0a4e2d9 - bpf: Fix kernel address leakage in atomic fetch (bsc#1193883). - commit ebab46c ------------------------------------------------------------------ ------------------ 2021-12-27 - Dec 27 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - locking/rtmutex: Fix incorrect condition in rtmutex_spin_on_owner() (bsc#1190137 bsc#1189998). - ipc: WARN if trying to remove ipc object which is absent (bsc#1190187). - ipc/ipc_sysctl.c: remove fallback for !CONFIG_PROC_SYSCTL (bsc#1190187). - ipc: check checkpoint_restore_ns_capable() to modify C/R proc files (bsc#1190187). - mm,hugetlb: remove mlock ulimit for SHM_HUGETLB (bsc#1190187). - futex: Fix PREEMPT_RT build (bsc#1190137 bsc#1189998). - futex: Simplify double_lock_hb() (bsc#1190137 bsc#1189998). - futex: Split out wait/wake (bsc#1190137 bsc#1189998). - futex: Split out requeue (bsc#1190137 bsc#1189998). - futex: Rename mark_wake_futex() (bsc#1190137 bsc#1189998). - futex: Rename: match_futex() (bsc#1190137 bsc#1189998). - futex: Rename: hb_waiter_{inc,dec,pending}() (bsc#1190137 bsc#1189998). - futex: Split out PI futex (bsc#1190137 bsc#1189998). - futex: Rename: {get,cmpxchg}_futex_value_locked() (bsc#1190137 bsc#1189998). - futex: Rename hash_futex() (bsc#1190137 bsc#1189998). - futex: Rename __unqueue_futex() (bsc#1190137 bsc#1189998). - futex: Rename: queue_{,un}lock() (bsc#1190137 bsc#1189998). - futex: Rename futex_wait_queue_me() (bsc#1190137 bsc#1189998). - futex: Rename {,__}{,un}queue_me() (bsc#1190137 bsc#1189998). - futex: Split out syscalls (bsc#1190137 bsc#1189998). - futex: Move to kernel/futex/ (bsc#1190137 bsc#1189998). - commit 2cdb038 - cifs: sanitize multiple delimiters in prepath (bsc#1193629). - commit 451f2d6 - cifs: ignore resource_id while getting fscache super cookie (bsc#1193629). - commit eeba60d - cifs: fix ntlmssp auth when there is no key exchange (bsc#1193629). - commit 0175110 - cifs: avoid use of dstaddr as key for fscache client cookie (bsc#1193629). - commit f3d9639 - cifs: add server conn_id to fscache client cookie (bsc#1193629). - commit 107f3d6 - cifs: wait for tcon resource_id before getting fscache super (bsc#1193629). - commit 9ad6391 - cifs: fix missed refcounting of ipc tcon (bsc#1193629). - commit 324a379 - cifs: update internal version number (bsc#1193629). - commit 069cbf3 - smb2: clarify rc initialization in smb2_reconnect (bsc#1193629). - commit 7fb1cf7 - cifs: populate server_hostname for extra channels (bsc#1193629). - commit a78bb02 - cifs: nosharesock should be set on new server (bsc#1193629). - commit f9c0a11 - cifs: introduce cifs_ses_mark_for_reconnect() helper (bsc#1193629). - commit 75cf16a - cifs: protect srv_count with cifs_tcp_ses_lock (bsc#1193629). - commit 7b74cfa - cifs: move debug print out of spinlock (bsc#1193629). - commit 3fe9ee3 - cifs: do not duplicate fscache cookie for secondary channels (bsc#1193629). - commit ec76d5a - cifs: connect individual channel servers to primary channel server (bsc#1193629). - commit c5cace7 - cifs: protect session channel fields with chan_lock (bsc#1193629). - commit fc55a6d - cifs: do not negotiate session if session already exists (bsc#1193629). - commit 61214c8 - smb3: do not setup the fscache_super_cookie until fsinfo initialized (bsc#1193629). - commit ed23408 - cifs: fix potential use-after-free bugs (bsc#1193629, jsc#SLE-20043). - commit 5c08eeb - smb3: add additional null check in SMB311_posix_mkdir (bsc#1193629). - commit ceaffcf - cifs: release lock earlier in dequeue_mid error case (bsc#1193629). - commit c5b3ecb - smb3: add additional null check in SMB2_tcon (bsc#1193629). - commit 4035864 - smb3: add additional null check in SMB2_open (bsc#1193629). - commit 8ea5886 - smb3: add additional null check in SMB2_ioctl (bsc#1193629). - commit a851210 - smb3: remove trivial dfs compile warning (bsc#1193629, jsc#SLE-20043). - commit 890475c - cifs: support nested dfs links over reconnect (bsc#1193629, jsc#SLE-20043). - commit 59d47b4 - cifs: for compound requests, use open handle if possible (bsc#1193629). - commit 02e1bae - cifs: split out dfs code from cifs_reconnect() (bsc#1193629, jsc#SLE-20043). - commit af9cd3d - cifs: convert list_for_each to entry variant (bsc#1193629, jsc#SLE-20043). - commit dce8737 - cifs: introduce new helper for cifs_reconnect() (bsc#1193629, jsc#SLE-20043). - commit 5e2b90c - cifs: fix print of hdr_flags in dfscache_proc_show() (bsc#1193629, jsc#SLE-20043). - commit 449aafc - cifs: send workstation name during ntlmssp session setup (bsc#1193629). - Refresh patches.suse/cifs-fix-memory-leak-of-smb3_fs_context_dup-server_h.patch. - commit 343b351 - cifs: nosharesock should not share socket with future sessions (bsc#1193629). - commit 7e97086 - smb3: add dynamic trace points for socket connection (bsc#1193629). - commit 893bf17 - cifs: Move SMB2_Create definitions to the shared area (bsc#1193629). - commit ecfb219 - cifs: Move more definitions into the shared area (bsc#1193629). - commit 89babe6 - cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (bsc#1193629). - commit 445edea - cifs: Create a new shared file holding smb2 pdu definitions (bsc#1193629). - commit ed5b95d - cifs: add mount parameter tcpnodelay (bsc#1193629). - commit a35b30c - smb3: correct server pointer dereferencing check to be more consistent (bsc#1193629). - commit 528e69d - cifs: Clear modified attribute bit from inode flags (bsc#1193629). - commit 877f02c - cifs: Deal with some warnings from W=1 (bsc#1193629). - commit 48de0a6 - cifs: Deferred close performance improvements (bsc#1193629). - commit 3284ea4 - cifs: fix incorrect kernel doc comments (bsc#1193629). - commit e10f67b - cifs: remove pathname for file from SPDX header (bsc#1193629). - commit eba423d - cifs: move SMB FSCTL definitions to common code (bsc#1193629). - commit 5fa969c - cifs: rename cifs_common to smbfs_common (bsc#1193629). - Add to supported.conf: fs/smbfs_common/cifs_arc4 fs/smbfs_common/cifs_md4 - Update configs to add CONFIG_SMBFS_COMMON=m. - commit ece4318 - cifs: cifs_md4 convert to SPDX identifier (bsc#1193629). - commit d7aa128 - cifs: create a MD4 module and switch cifs.ko to use it (bsc#1193629). - commit 79d9d13 - cifs: fork arc4 and create a separate module for it for cifs and other users (bsc#1193629). - commit ac6203b - cifs: update FSCTL definitions (bsc#1193629). - commit 66c717f - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1190497). - commit c9f5572 ++++ expat: - update to 2.4.2: * Link againgst libm for function "isnan" * Include expat_config.h as early as possible * Autotools: Include files with release archives: - buildconf.sh - fuzz/*.c * Autotools: Sync CMake templates * docs: Document that function XML_GetBuffer may return NULL when asking for a buffer of 0 (zero) bytes size * docs: Fix return value docs for both XML_SetBillionLaughsAttackProtection* functions * Version info bumped from 9:1:8 to 9:2:8 ++++ yast2-trans: - Update to version 84.87.20211227.623da84d84: * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Slovak) * New POT for text domain 'storage'. * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Japanese) * Translated using Weblate (Slovak) * New POT for text domain 'storage'. * New POT for text domain 'base'. ------------------------------------------------------------------ ------------------ 2021-12-23 - Dec 23 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Drop the preempt kernel flavor (jsc#SLE-18857) The extra -preempt flavor is no longer needed when we have PREEMPT_DYNAMIC enabled and the boot-time "preempt=" option available. - commit 9d1770c ++++ pango: - Update to version 1.50.3: + pango-view: Add --serialize-to option for easy bug reporting. + Revert a transformation change that broke metrics for vertical text. + Handle fonts without space glyph (such as icon fonts) better. + Fix some corner cases of line width accounting. + Fix line height with emulated Small Caps. ++++ net-snmp: - Fix LFH violation during v3 user creation (bsc#1181591). Add net-snmp-5.7.3-fix-create-v3-user-outfile.patch ++++ libzypp: - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of iso: URL components (bsc#954813) - Handle armv8l as armv7hl compatible userland. - Introduce zypp-curl a sublibrary for CURL related code. - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set. - Save all signatures associated with a public key in its PublicKeyData. - version 17.29.0 (22) ++++ ovmf: - Removed useless patch files because they are merged to edk2-stable202111 - ovmf-OvmfPkg-OvmfXen-Fix-build-with-QemuKernelLoaderFsDxe.patch - ovmf-OvmfPkg-OvmfXen-add-QemuKernelLoaderFsDxe.patch - ovmf-OvmfPkg-OvmfXen-set-PcdAcpiS3Enable-at-initializatio.patch - Updated URL to the edk2 repo on github - Use downloaded edk2-edk2-stable%{version}.tar.gz instead of the URL for Source0 because the edk2-edk2-stable202111 tarball is broken in tianocore repo which can not pass the "osc service runall download_files" testing. - We ill change it back to the following setting when upstream fixed tarball: Source0: https://github.com/tianocore/edk2/releases/download/edk2-stable%{version}/edk2-edk2-stable%{version}.tar.gz ++++ yast2: - properly pass named arguments in ruby3 (bsc#1193192) - 4.4.32 ++++ zypper: - Singletrans: handle fatal and non-fatal script errors properly. - Add SingleTransReportReceiver. - Immediately write out additional rpm output. - BuildRequires: libzypp-devel >= 17.29.0. Need SingleTransReport and immediate rpm script output reports. - version 1.14.51 ------------------------------------------------------------------ ------------------ 2021-12-22 - Dec 22 2021 ------------------- ------------------------------------------------------------------ ++++ glibc: - Add support for livepatches (jsc#SLE-20049). - Enable livepatching on x86_64. - Generate ipa-clones tarball artifact when livepatching is enabled. ++++ gnutls: - FIPS: Provide a service-level indicator [bsc#1190698] * Add support for a "service indicator" as required in the FIPS140-3 Implementation Guidance in section 2.4.C * Add patches: - gnutls-FIPS-service-indicator.patch - gnutls-FIPS-service-indicator-public-key.patch - gnutls-FIPS-service-indicator-symmetric-key.patch - gnutls-FIPS-RSA-PSS-flags.patch ++++ kernel-default: - build initrd without systemd This reduces the size of the initrd by over 25%, which improves startup time of the virtual machine by 0.5-0.6s on very fast machines, more on slower ones. - commit ef4c569 - arm64: Implement HAVE_PREEMPT_DYNAMIC (jsc#SLE-18857). - arm64: Implement IRQ exit preemption static call for dynamic preemption (jsc#SLE-18857). - sched/preempt: Prepare for supporting !CONFIG_GENERIC_ENTRY (jsc#SLE-18857). - arm64: implement support for static call trampolines (jsc#SLE-18857). - commit 2443f87 - blacklist.conf: ef775a0e36c6 x86/Kconfig: Fix an unused variable error in dell-smm-hwmon - commit 79fbdb8 - static_call: Use non-function types to refer to the trampolines (jsc#SLE-18857). - commit 16af38a - clk: renesas: r8a779a0: Add the DSI clocks (git-fixes). - commit 4144466 - clk: renesas: r8a779a0: Add the DU clock (git-fixes). - commit e4f5038 - bpf: Make sure bpf_disable_instrumentation() is safe vs preemption (git-fixes). - commit 3c01bdb - bpf, x86: Fix "no previous prototype" warning (git-fixes). - commit d18ea1d - arm64: mm: Fix VM_BUG_ON(mm != &init_mm) for trans_pgd (git-fixes). - commit 3d5d99f - PM: sleep: Fix error handling in dpm_prepare() (git-fixes). - commit 1d4147f - HID: holtek: fix mouse probing (git-fixes). - commit e70fdd2 - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (git-fixes). - commit 403e13c ++++ net-snmp: - Fix hrStorage autofs objects timeout problems (bsc#1179699, bsc#1145864). Add net-snmp-5.7.3-host-mib-skip-autofs-entries.patch Add net-snmp-5.7.3-fix-missing-mib-hrStorage-indexes.patch - Fix NSS mounted volumes in hrStorageDescr (bsc#1100146). Add net-snmp-5.7.3-recognize-nss-pools-and-nss-volumes-oes.patch - Fix subagent crash at save_set_var() (bsc#1178021). Add net-snmp-5.7.3-subagent-set-response.patch - Fix subagent data corruption (bsc#1178351, bsc#1179009). Add net-snmp-5.7.3-fix-subagent-data-corruption.patch ++++ permissions: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ++++ qemu: - Fix testsuite failures by not using modules when building tests (and some other, also testsuite related, spec file problems) ++++ rpm: - Backport header check changes so that old rpms get no longer rejected [bsc#1190824] updated patch: headerchk3.diff ------------------------------------------------------------------ ------------------ 2021-12-21 - Dec 21 2021 ------------------- ------------------------------------------------------------------ ++++ dosfstools: - To be able to create filesystems compatible with previous version, add -g command line option to mkfs (boo#1188401, dosfstools-add-g.patch). - BREAKING CHANGES: After fixing of bsc#1172863 in the last update, mkfs started to create different images than before. Applications that depend on exact FAT file format (e. g. embedded systems) may be broken in two ways: * The introduction of the alignment may create smaller images than before, with a different positions of important image elements. It can break existing software that expect images in doststools <= 4.1 style. To work around these problems, use "-a" command line argument. * The new image may contain a different geometry values. Geometry sensitive applications expecting doststools <= 4.1 style images can fails to accept different geometry values. There is no direct work around for this problem. But you can take the old image, use "file -s $IMAGE", check its "sectors/track" and "heads", and use them in the newly introduced "-g" command line argument. ++++ grub2: - Fix CVE-2021-3981 (bsc#1189644) * 0001-grub-mkconfig-restore-umask-for-grub.cfg.patch ++++ gtk3: - Update to version 3.24.31: + input: Fix a crash with touch on GtkScale. + clipboard: Avoid a double-free. + css: Avoid a crash with radial gradients. + GtkFileChooser: Don't leak search results. + GtkTextView: Support css letterspacing. + Wayland: - Reset position when hiding popups. - Ignore globals we did not bind ourselves. - Avoid infinite loops when hiding surfaces. - Avoid clipboard-related lockups. + X11: - Trap errors while doing XRANDR calls. - Support touchpad gestures with XI 2.4. + Updated translations. ++++ kernel-default: - RDMA/hns: Replace kfree() with kvfree() (bsc#1190336). - IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() (git-fixes). - RDMA/hns: Fix RNR retransmission issue for HIP08 (bsc#1190336). - sfc_ef100: potential dereference of null pointer (git-fixes). - ixgbe: set X550 MDIO speed before talking to PHY (jsc#SLE-18384). - ixgbe: Document how to enable NBASE-T support (jsc#SLE-18384). - igc: Fix typo in i225 LTR functions (jsc#SLE-18377). - igbvf: fix double free in `igbvf_probe` (jsc#SLE-18379). - igb: Fix removal of unicast MAC filters of VFs (jsc#SLE-18379). - netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc (git-fixes). - ice: Don't put stale timestamps in the skb (jsc#SLE-18375). - ice: Use div64_u64 instead of div_u64 in adjfine (jsc#SLE-18375). - iavf: do not override the adapter state in the watchdog task (again) (jsc#SLE-18385). - iavf: missing unlocks in iavf_watchdog_task() (jsc#SLE-18385). - flow_offload: return EOPNOTSUPP for the unsupported mpls action type (git-fixes). - net: hns3: fix race condition in debugfs (bsc#1190336). - net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (bsc#1190336). - commit c8da480 - USB: serial: cp210x: fix CP2105 GPIO registration (git-fixes). - commit 21acdf8 - usb: cdnsp: Fix lack of spin_lock_irqsave/spin_lock_restore (git-fixes). - commit 0ecdeb8 - usb: dwc2: fix STM ID/VBUS detection startup delay in dwc2_driver_probe (git-fixes). - commit 706591c - usb: cdnsp: Fix incorrect status for control request (git-fixes). - commit 39c7644 - usb: cdnsp: Fix issue in cdnsp_log_ep trace event (git-fixes). - commit 6a1899d - usb: cdnsp: Fix incorrect calling of cdnsp_died function (git-fixes). - commit 6500212 - usb: gadget: u_ether: fix race in setting MAC address in setup phase (git-fixes). - commit de812df - fscache: Use refcount_t for the cookie refcount instead of atomic_t (bsc#1190277). - fscache: Fix fscache_cookie_put() to not deref after dec (bsc#1190277). - cachefiles: Change %p in format strings to something else (bsc#1190277). - fscache: Change %p in format strings to something else (bsc#1190277). - fscache: Remove the object list procfile (bsc#1190277). - fscache, cachefiles: Remove the histogram stuff (bsc#1190277). - fscache: Procfile to display cookies (bsc#1190277). - fscache: Add a cookie debug ID and use that in traces (bsc#1190277). - commit 7bdee94 ++++ libthai: - Update to version 0.1.29. * Rewritten thbrk test. * More compliance with UAX#14 (Unicode Line Breaking Algorithm) for thbrk. * Fix a typo in TIS-620 character name in tis.h. * Updated word break dictionary. ++++ qemu: - [JIRA] (SLE-20965) Make QEMU guests more failsafe when resizing SCSI passthrough disks * Patches added: scsi-generic-replace-logical-block-count.patch ++++ ovmf: - Update to edk2-stable202111 - Features (https://github.com/tianocore/edk2/releases): Add SSDT CPU topology generator Support ACPI 6.4 in GTDT parser and generator Support ACPI 6.4 in DynamicTables FADT parser Support ACPI 6.4 in Acpiview PCCT parser Support ACPI 6.4 in Acpiview HMAT parser Add support for the microvm machine type (qemu) OVMF/ArmVirt: add support for virtio-mmio 1.0 IntelFsp2Pkg: adopt FSP 2.3 specification UefiCpuPkg VTF0 X64: Build page tables using Linear-Address Translation to a 1-GByte Page Enable wildcard host name matching in HTTPS/TLS implementation Add QuickSort function into BaseLib Add SMM NV variable support in universal UEFI payload Add TDVF to OvmfPkg Make package and platform builds reproducible across source format changes - Patches (git log --oneline --reverse edk2-stable202108~..edk2-stable202111): 7b4a99be8a CryptoPkg: BaseCryptLib fix incorrect param order 82f7e315d6 MdeModulePkg/PeiCore: Remove MigrateSecModulesInFv() 8b15024dc7 Maintainers: Add kraxel as Reviewer to ArmVirtPkg and OvmfPkg 80e67af9af OvmfPkg: introduce a common work area ab77b6031b OvmfPkg/ResetVector: update SEV support to use new work area format b9af5037b2 OvmfPkg/ResetVector: move the GHCB page setup in AmdSev.asm a82bad9730 ArmPkg/GicV3Dxe: Don't signal EOI on arbitrary interrupts 94e465e5cb OvmfPkg/Virtio10: Add virtio-mmio 1.0 defines 08293e43da OvmfPkg/VirtioMmioDeviceLib: Add virtio 1.0 detection. 212a2b9bb8 OvmfPkg/VirtioMmioDeviceLib: virtio 1.0: Fix SetPageSize. 537a724421 OvmfPkg/VirtioMmioDeviceLib: virtio 1.0: Fix SetQueueAddress 6a3e9576b8 OvmfPkg/VirtioMmioDeviceLib: virtio 1.0: Add default QueueNum ae12188cf8 OvmfPkg/VirtioMmioDeviceLib: virtio 1.0: Adapt feature bit handling 77d5fa8024 OvmfPkg/VirtioMmioDeviceLib: enable virtio 1.0 b04453d36b MdeModulePkg/EbcDxe: Mitigate memcpy intrinsics dc995ce906 MdeModulePkg: Add BootDiscoveryPolicyOld variable. 443300be46 MdePkg:Update IndustryStandard/Nvme.h with Nvme amdin controller data 0f11537548 MdeModulePkg:Increase Nvme capacity display cae735f613 ArmPkg: Enable boot discovery policy for ARM package. cb0d24637d OvmfPkg/OvmfXen: set PcdAcpiS3Enable at initialization 28152333bc OvmfPkg/LockBoxLib: use PcdAcpiS3Enable to detect S3 support 52e2dabc0f OvmfPkg/PlatformBootManagerLib: use PcdAcpiS3Enable to detect S3 support 5b5f10d746 OvmfPkg/SmmControl2Dxe: use PcdAcpiS3Enable to detect S3 support 9f3eda177a OvmfPkg/OvmfXen: add QemuKernelLoaderFsDxe f0fe55bca4 UefiPayloadPkg: Fix the build error when enable Core ci for UefiPayloadPkg 5d34cc49d5 UefiCpuPkg/PiSmmCpuDxeSmm: Update mPatchCetSupported set condition cdda3f74a1 UefiPayloadPkg/UefiPayloadEntry: Fix memory corruption 3b3f882288 MdeModulePkg/PiSmmCore: Drop deprecated image profiling commands b170806518 UefiCpuPkg: Clean up save state boundary checks and comments. 12e33dca4c IntelFsp2Pkg: Support Config File and Binary delta comparison 63fddc98e0 UefiPayloadPkg: Create .yaml file in UefiPayloadPkg e3ee8c8dbd .azurepipelines: Add UefiPayloadPkg in gate-build-job.yml and CISetting.py b6bc203375 MdeModulePkg/HiiDatabaseDxe:remove dead code block c5e805ffe1 MdeModulePkg: Fix typo of "memory" in RamDiskDxe debug message 81d71fb86e Maintainers.txt: Update maintainer/reviewer roles in MdeModulePkg edf8bc6d24 SecurityPkg/MemoryOverwriteControl: Add missing argument to DEBUG print 4473834e7d OvmfPkg/OvmfXen: Fix build with QemuKernelLoaderFsDxe a7cf2c5664 RedfishPkg: Fix various typos 851785ea67 UefiPayloadPkg: Include more modules in UefiPayloadPkg. d248516b3a UefiPayloadPkg: Include Network modules in UefiPayloadPkg. 6c7d6d4a5e UefiCpuPkg: ResetVector Tool Support for Python 3 cf7c650592 UefiCpuPkg: ResetVector Tool additional debug prints d96df7e993 UefiPayloadPkg: Fix the bug in dump guid HOB info functions dcd3d63f4f UefiPayloadPkg: Dump hob info from gEdkiiBootManagerMenuFileGuid 610d8073f2 SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from edk2-platforms 4d5f39cd22 SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib ebbc8ab2cd SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms 2906e572c6 SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable and fix style issues f108178c56 SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy a4867dea2a SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms 2fa89c8e11 SecurityPkg/Tcg: Make Tcg2PlatformPei buildable and fix style issues 3b69fcf5f8 SecurityPkg: Add references to header and inf files to SecurityPkg 6c80564b89 MdeModulePkg/Core/Pei: Fix typo in function descriptions 6f501a7c9b MdeModulePkg/Core/Pei: Make migrated PEIM message verbose c19d18136e MdeModulePkg/Core/Pei: Fix pointer size mismatch in EvacuateTempRam() f4e72cf9d6 UefiPayloadPkg: Add script to build UniversalPayload in UefiPayloadPkg bda3546c55 UefiPayloadPkg: Fix the warning when building UefiPayloadPkg with IA32+X64 010753b7e7 UefiCpuPkg: Refactor initialization of CPU features during S3 resume 89f7ed8b29 UefiCpuPkg: Prevent from re-initializing CPU features during S3 resume 60d8bb9f28 UefiCpuPkg: VTF0 Linear-Address Translation to a 1-GByte Page till 512GB ac6388add4 ArmPkg/ProcessorSubClassDxe: Fix the format of ProcessorId e3e47d7963 UefiCpuPkg: SecCoreNative without ResetVector 542cba73d2 SecurityPkg: Add debug log for indicating IBB verified OBB successfully f334c5a41d IntelFsp2WrapperPkg: Make PcdFspModeSelection dynamic 79019c7a42 OvmfPkg: set a default value for the WorkAreaHeader PCD fdeff3fdae EmbeddedPkg: Remove duplicate libfdt.h include f2a7e24e38 EmbeddedPkg: AndroidBootImgBoot error handling updates c0cd26f43c EmbeddedPkg: Install FDT if UpdateDtb is not present 7ea7f9c077 EmbeddedPkg: Add LoadFile2 for linux initrd d60915b751 UefiPayloadPkg: Add Macro to enable or disable some drivers. 46b4606ba2 MdeModulePkg/PciBusDxe: Improve the flow of testing support attributes f57040b038 MdeModulePkg/BootManagerMenuApp: Limit string drawing within one line b0f1b1c5fd MdePkg: Fix DEVICE_SECURITY_EVENT_DATA_HEADER version definition cc5a67269e UefiPayloadPkg: Build a HOB from bootloader ACPI table dc430ccf3f UefiPayloadPkg: Use dummy constructor for PlatformHookLib 4a1899dd79 UefiPayloadPkg: Add ".upld_info" in universal payload 2ea0a0a414 BaseTools: Switch to downloading the ARM compiler from Arm's site 1ce6ceb75b BaseTools: Switch to downloading the AARCH64 compiler from Arm's site c214128a38 BaseTools/GenMake: Use ToolDefinition as fallback option 259c184c8f BaseTools/build: Set MakefileName 445c39f757 BaseTools: Remove Makefile/MakefileName fields c7d5b046d9 BaseTools: Remove hard-coded strings for target and tools_def 442e46d3b6 UefiPayloadPkg: Update maximum logic processor to 256 499c4608b1 OvmfPkg/TPM PPI: Connect default consoles for user interaction b8675deaa8 OvmfPkg: Handle TPM 2 physical presence opcodes much earlier 8ab8fbc016 OvmfPkg: Reference new Tcg2PlatformDxe in the build system for compilation bd298d7593 OvmfPkg: Reference new Tcg2PlatformPei in the build system f86de75862 MdePkg: MmCommunication: Added definition of MM Communication PPI 8b4bb94f64 MdePkg: CI YAML: Added new GUID to ignore duplicate list 9e950cda6a MdeModulePkg: CI YAML: Added new GUID to ignore duplicate list 2273799677 SecurityPkg: Fix SecureBootDefaultKeysDxe failed to start 422e5d2f7f UefiPayloadPkg: Remove asm code and sharing libraries 0875443f7e DynamicTablesPkg: Extract AcpiHelperLib from TableHelperLib 20775950c6 DynamicTablesPkg: Update TableHelperLib.inf 1ad5182500 DynamicTablesPkg: Rename single char input parameter 653113412f DynamicTablesPkg: Add HexFromAscii() to AcpiHelperLib 72ab552554 DynamicTablesPkg: Add AmlGetEisaIdFromString() to AcpiHelperLib 96e006b37e DynamicTablesPkg: Add Configuration Manager Object parser 235ff9fcd1 DynamicTablesPkg: Use %a formatter in AmlDbgPrint 7a8c037e9e DynamicTablesPkg: Update DynamicTablesPkg.ci.yaml 691c5f7762 DynamicTablesPkg: Deprecate Crs specific methods in AmlLib 22873f58c4 DynamicTablesPkg: Rework AmlResourceDataCodegen.c/h 4cc1458dbe IntelFsp2Pkg: Adopt FSP 2.3 specification. c49cb8f30e ArmPkg: SmbiosMiscDxe: Don't populate ExtendedBiosSize when size < 16MB 282122ec5f ArmVirtPkg/TPM: Add a NULL implementation of TpmPlatformHierarchyLib b3685956d2 ArmVirtPkg: Reference new TPM classes in the build system for compilation c806b76865 ArmVirtPkg: Disable the TPM2 platform hierarchy 606340fba3 OvmfPkg/Microvm: copy OvmfPkgX64 files as-is 4932f05a00 OvmfPkg/Microvm: rename output files, fix includes 2a49c19b9e OvmfPkg/Microvm: no smm 60d55c4156 OvmfPkg/Microvm: no secure boot 0569c52b15 OvmfPkg/Microvm: no tpm 06fa1f1931 OvmfPkg/Microvm: no sev 6073bf6cd8 OvmfPkg/Microvm: no csm b9dd64b80e OvmfPkg/Microvm: no emulated scsi 27de86ae41 OvmfPkg/Microvm: use MdePkg/Library/SecPeiDxeTimerLibCpu 76602f45dc OvmfPkg/Microvm: use XenTimerDxe (lapic timer) 6a8e9ad24b OvmfPkg/Microvm: PlatformPei/MemDetect tweaks 8583b57c5c OvmfPkg/Microvm: PlatformPei/Platform memory map tweaks bf02d73e74 OvmfPkg/Microvm: PlatformPei/Platform: add id. 1d3e89f349 OvmfPkg/ResetSystemLib: add driver for microvm 2c467c9be2 OvmfPkg/Microvm: BdsPlatform: PciAcpiInitialization tweak. 8456785986 OvmfPkg/Microvm: use PciHostBridgeLibNull 55f47d2299 OvmfPkg/Microvm: wire up serial console, drop super-io 862e814de4 OvmfPkg/Microvm: add Maintainers.txt entry 06a326caf1 DynamicTablesPkg: Update FADT generator to ACPI 6.4 f09dbf20b9 DynamicTablesPkg: Rename SBSA generic watchdog 942c9bd357 ShellPkg: Update Acpiview GTDT parser to ACPI 6.4 80e67bcb23 ShellPkg: Update Acpiview PCCT parser to ACPI 6.4 b4da6c29f1 ShellPkg: Add Type 5 PCC Subspace Structure parser 5ece2ad36c MdeModulePkg/Core/Dxe: Add lock protection in CoreLocateHandleBuffer() 30400318a2 ShellPkg: Update Acpiview HMAT parser to ACPI spec version 6.4 71c3c9c0c4 DynamicTablesPkg: Remove unnecessary includes 25cf58a163 DynamicTablesPkg: Add missing parameter check bfaf7c8b9e DynamicTablesPkg: Add AddSsdtAcpiHeader() 28b2df475f DynamicTablesPkg: Add AmlRdSetEndTagChecksum() 74addfeab6 DynamicTablesPkg: Add AmlSetRdListCheckSum() 7b2022d39e DynamicTablesPkg: Set EndTag's Checksum if RdList is modified 2dd7dd3952 DynamicTablesPkg: Clear pointer in node creation fcts 37bd08176c DynamicTablesPkg: Update error handling for node creation 6d2777d85f DynamicTablesPkg: Make AmlNodeGetIntegerValue public f995f8672b DynamicTablesPkg: AML Code generation for Register() 9454d1ebcb DynamicTablesPkg: AML Code generation for Resource data EndTag 1e33479b39 DynamicTablesPkg: AML code generation for a Package 12e65fd258 DynamicTablesPkg: Helper function to compute package length ce15936f2f DynamicTablesPkg: AML code generation for a ResourceTemplate de62ccbf4f DynamicTablesPkg: AML code generation for a Method e2d7b4950b DynamicTablesPkg: AML code generation to Return a NameString 3e958e93ce DynamicTablesPkg: AML code generation for a Method returning a NS 018a962d92 DynamicTablesPkg: AML code generation for a _LPI object a5e36ad9bc DynamicTablesPkg: AML code generation to add an _LPI state f17ef10e63 DynamicTablesPkg: Add CM_ARM_LPI_INFO object 769e63999f DynamicTablesPkg: SSDT CPU topology and LPI state generator 19ee56c4b3 UefiPayloadPkg: Add a macro to select the SecurityStubDxe driver. 782d018703 MdePkg: Add ProcessorUpgradeSocketLGA4677 from SMBIOS 3.5.0 ba4ae92234 ShellPkg: Support ProcessorUpgradeSocketLGA4677 from SMBIOS 3.5.0 f22feb0e3b CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in Pkcs7Verify() 4225a464c6 MdePkg/BaseLib: Add QuickSort function on BaseLib 6ed6abd6c1 BaseTools: Change RealPath to AbsPath 978d428ec3 UefiPayloadPkg: Add PCI root bridge info hob support for SBL 43b3840873 MdeModulePkg/Sd: Corrections for Extra.uni files a7fcab7aa3 MdeModulePkg/Core/Dxe: Acquire a lock when iterating gHandleList e40fefafa9 ArmVirtPkg/FdtClintDxe: Move FdtClientDxe to EmbeddedPkg fb759b8b73 MdePkg: Add PcdPciIoTranslation PCD 7d78a86ecf ArmPkg: Use PcdPciIoTranslation PCD from MdePkg 77e9b3a7c6 ArmVirtPkg/FdtPciPcdProducerLib: Relocate PciPcdProducerLib to OvmfPkg d881c6ddf5 ArmVirtPkg/HighMemDxe: Relocate HighMemDxe to OvmfPkg 47bd85e9f9 OvmfPkg/HighMemDxe: Add RISC-V in the supported arch. f8d0501ded ArmVirtPkg/QemuFwCfgLib: Relocate QemuFwCfgLib to OvmfPkg 26aa241d2f OvmfPkg/QemuFwCfgLibMmio: Add RISC-V arch support c6770f4b88 MdePkg: Add PcdPciMmio32(64)Translation PCDs 9a7509e465 ArmVirtPkg/FdtPciHostBridgeLib: Relocate FdtPciHostBridgeLib to OvmfPkg/Fdt b21c6794de OvmfPkg/FdtPciHostBridgeLib: Add RISC-V in the supported arch. e0c23cba5e ArmVirtPkg/VirtioFdtDxe: Relocate VirtioFdtDxe to OvmfPkg/Fdt f2400e06db BaseTools: add edk2-test repo to SetupGit.py 785cfd3305 UefiPayloadPkg: Use SECURITY_STUB_ENABLE to control the SecurityStubDxe 7e43d3e086 ArmPkg/Smbios: Fix max cache size 2 wrong issue f10a112f08 UefiPayloadPkg: Fix the build issue for coreboot 2108698346 StandaloneMmPkg: Support CLANGPDB builds 11a4af85a4 Ovmfpkg: update Ia32 build to use new work area 36b561623a OvmfPkg/AmdSev: update the fdf to use new workarea PCD 91a978ce7e UefiPayloadPkg: Replace MEMROY_ENTRY by MEMORY_ENTRY 6ef5797447 UefiPayloadPkg: Fix ECC reported issues 90246a6d9f UefiPayloadPkg: Fix the build failure for non-universal payload 37a33f02aa UefiCpuPkg: Cpu feature data stored in memory may be migrated 4fdf843c75 DynamicTablesPkg: Fix unitialized variable use 6893865b30 DynamicTablesPkg: Fix void pointer arithmetic 99325a8b65 MdeModulePkg/SortLib: Add QuickSort function on BaseLib 305fd6bee0 UefiCpuPkg/CpuCacheInfoLib: Add QuickSort function on BaseLib 2f286930a8 ShellPkg: Parse I/O APIC and x2APIC structure bd5ec03d87 NetworkPkg/HttpBootDxe: make file extension check case-insensitive 6254037223 ArmPkg: Implement PlatformBootManagerLib for LinuxBoot f079e9b450 OvmfPkg: Copy Main.asm from UefiCpuPkg to OvmfPkg's ResetVector 5a2411784b OvmfPkg: Clear WORK_AREA_GUEST_TYPE in Main.asm c9ec74a198 OvmfPkg: Add IntelTdxMetadata.asm 8b76f23534 OvmfPkg: Enable TDX in ResetVector 87a34ca0cf UefiPayloadPkg: Add a common SmmAccessDxe module e7e8ea27d4 UefiPayloadPkg: Add a common SMM control Runtime DXE module bed990aae6 UefiPayloadPkg: Add bootloader SMM support module 1d66480aa4 UefiPayloadPkg: Add SpiFlashLib 04714cef46 UefiPayloadPkg: Add FlashDeviceLib ae8acce8ae UefiPayloadPkg: Add a common FVB SMM module 242dcfe30f UefiPayloadPkg: Add a SMM dispatch module b80c17b62d UefiPayloadPkg: Add SMM support and SMM variable support 2f6f3329ad FmpDevicePkg/FmpDxe: Use new Variable Lock interface 9a95d11023 IntelFsp2Pkg/SplitFspBin.py: adopt FSP 2.3 specification. bb146ce32d MdePkg Cpuid.h: Define CPUID.(EAX=7,ECX=0):EDX[30] 1bc232aae3 RedfishPkg: Update link to staging/RedfishClientPkg in Readme.md e7663fdd82 UefiPayloadPkg: Remove SystemTableInfo GUID. 91b772ab62 RedfishPkg: Add more information to Readme.md c8594a5311 SecurityPkg/FvReportPei: Remove the ASSERT to allow neither M nor V 939c2355da IntelFsp2Pkg SplitFspBin.py: Correct file name in file header 6f9e83f757 NetworkPkg/HttpDxe: Enable wildcard host name matching for HTTP+TLS. b258f12889 BaseTools/VrfCompile: Fix uninitialized field from unnamed field 0f4cdad25b DynamicTablesPkg: Add missing BaseStackCheckLib instance e13e53cb2f NetworkPkg/NetworkPkg.dsc: Add RngLib mapping for ARM and RISCV64 c1f2287635 SecurityPkg/SecurityPkg.dsc: Add missing RngLib for ARM and RISCV64 b0a03ca4a9 SignedCapsulePkg/SignedCapsulePkg.dsc: Add RngLib mapping 15e635d1b5 UefiCpuPkg/MtrrLib/UnitTest: Fix 32-bit GCC build issues 4050c873b5 MdeModulePkg/Variable/RuntimeDxeUnitTest: Fix 32-bit GCC builds d79df34beb BaseTools: Fix StructurePcd offset error. b5d4a35d90 MdeModulePkg/XhciSched: Fix missing DEBUG arguments 48452993ad MdePkg/Include: Enhance DebugLib to support reproduce builds 5948ec3647 MdePkg: Reproduce builds across source format changes f331310a10 ArmPkg: Reproduce builds across source format changes 77dcd03ecf MdeModulePkg: Reproduce builds across source format changes 45137bca2f NetworkPkg: Reproduce builds across source format changes d939a25d41 SecurityPkg: Reproduce builds across source format changes fd42dcb1fc OvmfPkg: Reproduce builds across source format changes 8c1b1fe634 ShellPkg: Add comment that ItemPtr is set after validation d6e6337cd6 MdePkg: Fix ACPI memory aggregator/device type mismatch c974257821 MdeModulePkg AtaAtapiPassThru: Always do S.M.A.R.T. check if device support aab6bb3d32 MdeModulePkg/DxeCapsuleLibFmp: Capsule on Disk file name capsule a7b35aae13 MdeModulePkg\UfsBlockIoPei: UFS MMIO address size support both 32/64 bits f826b20811 UefiCpuPkg/UefiCpuLib: Add GetCpuFamilyModel and GetCpuSteppingId 8c8867c5da MdeModulePkg/DxeCapsuleLibFmp: Use new Variable Lock interface 22c3b5a865 BaseTools: Add authenticated variable store support a92559671a OvmfPkg/Xen: Fix VS2019 build issues 4c495e5e3d OvmfPkg/Bhyve/PlatformPei: Fix VS2019 X64 NOOPT build issue 466ebdd2e0 MdeModulePkg/FPDT: Lock boot performance table address variable at EndOfDxe 455b0347a7 UefiCpuPkg/PiSmmCpuDxeSmm: Use SMM Interrupt Shadow Stack e1e7306b54 OvmfPkg/Library/ResetSystemLib: Fix Microvm VS2019 NOOPT build issue 4c7ce0d285 MdeModulePkg AtaAtapiPassThru: Skip the potential NULL pointer access bb1bba3d77 NetworkPkg: Fix invalid pointer for DNS response token on error - Removed patches which are merged to mainline: - ovmf-OvmfPkg-OvmfXen-set-PcdAcpiS3Enable-at-initializatio.patch to fix the S3 detection in ovmf-xen - cb0d24637d edk2-stable202111-rc1~220 - ovmf-OvmfPkg-OvmfXen-add-QemuKernelLoaderFsDxe.patch to add QemuKernelLoaderFsDxe to ovmf-xen to load kernel from qemu fw_cfg - 9f3eda177a edk2-stable202111-rc1~216 - ovmf-OvmfPkg-OvmfXen-Fix-build-with-QemuKernelLoaderFsDxe.patch - 4473834e7d edk2-stable202111-rc1~203 - The edk2-stable202111 includes the following patches for bsc#1192126 to fix unlimited reset. (bsc#1192126) 80e67af9af OvmfPkg: introduce a common work area ab77b6031b OvmfPkg/ResetVector: update SEV support to use new work area format b9af5037b2 OvmfPkg/ResetVector: move the GHCB page setup in AmdSev.asm ++++ supermin: - Add initrd_support_ztd-compressed_modules.patch: backport of 4306a131c6cd to add support of zstd compressed kernel modules. ++++ wicked: - version 0.6.68 - sysctl: process sysctl.d directories as in sysctl --system - sysctl: fix sysctl values for loopback device (bsc#1181163, bsc#1178357) - dhcp4: add option to set route pref-src to dhcp IP (bsc#1192353) - cleanup: warnings, time calculations and dhcp fixes (bsc#1188019) - wireless: reconnect on unexpected wpa_supplicant restart (bsc#1183495) - tuntap: avoid sysfs attr read error (bsc#1192311) - ifstatus: fix warning of unexpected interface flag combination (bsc#1192164) ------------------------------------------------------------------ ------------------ 2021-12-20 - Dec 20 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - Modify add-samba-bgqd.diff: Add new rule to fix new "DENIED operation="file_mmap" violation in SLE15-SP4; (bsc#1192336). ++++ cockpit-podman: - Add source-offest to _service to fix build error in Leap. ++++ kernel-default: - add kvmsmall flavor for aarch64 - cherry-picked from master - commit ddd3a02 - ceph: initialize pathlen variable in reconnect_caps_cb (bsc#1193925). - ceph: fix duplicate increment of opened_inodes metric (bsc#1193924). - commit e2145a2 - tracing/uprobe: Fix uprobe_perf_open probes iteration (git-fixes). - commit ed9f636 - x86/fpu/signal: Initialize sw_bytes in save_xstate_epilog() (bsc#1190497). - commit 7191fb9 - Revert "usb: early: convert to readl_poll_timeout_atomic()" (git-fixes). - commit cb61d99 - usb: typec: tcpm: fix tcpm unregister port but leave a pending timer (git-fixes). - commit 5235800 - USB: gadget: bRequestType is a bitfield, not a enum (git-fixes). - commit 7d60d0b - xen/netback: don't queue unlimited number of packages (CVE-2021-28715 XSA-392 bsc#1193442). - commit 3c72c0c - xen/netback: fix rx queue stall detection (CVE-2021-28714 XSA-392 bsc#1193442). - commit caace15 - xen/console: harden hvc_xen against event channel storms (CVE-2021-28713 XSA-391 bsc#1193440). - commit 146b839 - xen/netfront: harden netfront against event channel storms (CVE-2021-28712 XSA-391 bsc#1193440). - commit d10254c - xen/blkfront: harden blkfront against event channel storms (CVE-2021-28711 XSA-391 bsc#1193440). - commit e1ca522 ++++ libapparmor: - Modify add-samba-bgqd.diff: Add new rule to fix new "DENIED operation="file_mmap" violation in SLE15-SP4; (bsc#1192336). ++++ libmbim: - Update to version 1.26.2: + The GUdev optional build/runtime requirement is now fully dropped, it's no longer used. + Implemented new link management operations, exclusively for the cdc_mbim driver for now. These new operations allow creating or deleting VLAN network interfaces in order to run multiplexed data sessions over one single physical network interface. + Added support for the Microsoft-defined SAR service, including the following operations: - MBIM_CID_MS_SAR_CONFIG - MBIM_CID_MS_SAR_TRANSMISSION_STATUS + libmbim-glib: - Logic updated to make sure full packets are written at once, instead of writing them in chunks. - Updated the "LTE attach status" APIs in order to avoid creating unneeded struct types in the interface. The older methods have been deprecated and maintained in the library for compatibility purposes only. + Bugfixes. - Drop pkgconfig(gudev-1.0) BuildRequires: no longer used. ++++ libqmi: - Mention libqmi.keyring - update to 1.30.2: * libqmi-glib: * * Added support for 'hsic', 'bam-dmux' and 'unknown' endpoint types. * * Added support for QMAPv2, QMAPv3 and QMAPv4 data aggregation types. * * Added support for 'NGRAN' access technology identifier. * * New 'qmi_device_add_link_with_flags()' method, in order to give e.g. rmnet specific checksum offload related flags when creating a new link. * qmicli: * * New '--nas-get-preferred-networks' command. * * New '--nas-set-preferred-networks' command. * * New '--uim-get-configuration' command. * * New '--uim-depersonalization' command. * * New '--wms-get-routes' command. * * New '--dpm-open-port' command. * * New '--dpm-close-port' command. * * Updated '--wds-create-profile' with an additional 'apn-type-mask' setting. * * Updated '--wds-modify-profile' with an additional 'apn-type-mask' setting. * * Updated '--link-add' with an additional optional 'flags' setting. * qmi-network: * * New PROFILE configuration setting to allow specifying which WDS profile to use when connecting. * * New IP-TYPE configuration setting to allow selecting the IP type requested * collections: * * basic: added voice call management operations. * * basic: added voice supplementary service related operations. * * basic: added NAS preferred networks related operations. * * basic: added NAS network reject indications. * * basic: added UIM depersonalization related operations. * Several other minor improvements and fixes. - add gpg validation ++++ net-snmp: - Fix output for high memTotalReal RAM values (bsc#1152968). Add net-snmp-5.7.3-ucd-snmp-mib-add-64-bit-mem-obj.patch ++++ suse-module-tools: - Update to version 15.4.10: * same as Factory version 16.0.17 * 60-io-scheduler.rules: add rules for virtual devices (boo#1193759) * 60-io-scheduler.rules: enforce "none" for loop devices (boo#1193759) * install some modprobe.d files only for relevant architectures (apm_bios, sonypi, toshiba, legacy rtc) (bsc#1192974) ++++ yast2: - Do not reinitialize the packaging system during offline upgrade (bsc#1193784 and bsc#1192437). - 4.4.31 ++++ yast2-trans: - Update to version 84.87.20211219.ed0ba1e469: * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * New POT for text domain 'autoinst'. * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'tune'. * New POT for text domain 'registration'. * New POT for text domain 'installation'. * New POT for text domain 'packager'. * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * New POT for text domain 'registration'. * New POT for text domain 'installation'. * New POT for text domain 'bootloader'. * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Catalan) * New POT for text domain 'installation'. * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) ------------------------------------------------------------------ ------------------ 2021-12-19 - Dec 19 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add openssl-engdef-mr818.diff: Allow reading /etc/ssl/engdef.d/ and /etc/ssl/engines.d/ in abstractions/openssl which were introduced with the latest openssl update ++++ kernel-default: - NFSD: Fix exposure in nfsd4_decode_bitmap() (bnc#1193663 CVE-2021-4090). - commit 2b4cae0 ++++ libapparmor: - add openssl-engdef-mr818.diff: Allow reading /etc/ssl/engdef.d/ and /etc/ssl/engines.d/ in abstractions/openssl which were introduced with the latest openssl update ++++ patterns-microos: - do not require kernel-default (bsc#1193955) ------------------------------------------------------------------ ------------------ 2021-12-18 - Dec 18 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - hwmon: (k10temp) Remove residues of current and voltage (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Add support for yellow carp (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Rework the temperature offset calculation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Don't show Tdie for all Zen/Zen2/Zen3 CPU/APU (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Add additional missing Zen2 and Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) support Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - commit 0e017c0 ++++ util-linux: - blockdev: Remove NBSP character in values (bsc#1188507#c31, blockdev-remove-nbsp.patch). ++++ util-linux-systemd: - blockdev: Remove NBSP character in values (bsc#1188507#c31, blockdev-remove-nbsp.patch). ------------------------------------------------------------------ ------------------ 2021-12-17 - Dec 17 2021 ------------------- ------------------------------------------------------------------ ++++ librsvg: - Update to version 2.52.5: + Fix mangled output in rsvg-convert when redirecting output to a pipe on Windows. + When outputting to SVG, rsvg-convert now uses the width/height units specified in the command line; it always used pixels before. + Fix incorrect top/left margins for SVG/PS/EPS/PDF output. + Fix incorrect placement of glyphs when text has non-uniform scaling in the X/Y axes. This is not a librsvg bug, but is fixed by Pango 1.49.3 and later. Hopefully Pango 1.48.11 will be released soon with this fix as well. Note that this release of librsvg cannot increase the minimum Pango version to 1.48.11 because it is not released yet. + Miscellaneous: Updated crate dependencies: assert_cmd, cast, clap cssparser, float-cmp, itertools, nalgebra, png, proptest, rctree, selectors, system-deps. ++++ grub2: - Fix can't allocate initrd error (bsc#1191378) * 0001-Factor-out-grub_efi_linux_boot.patch * 0002-Fix-race-in-EFI-validation.patch * 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch * 0004-Try-to-pick-better-locations-for-kernel-and-initrd.patch * 0005-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch * 0006-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch * 0007-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch * 0008-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch * 0009-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch * 0010-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch * 0011-Also-define-GRUB_EFI_MAX_ALLOCATION_ADDRESS-for-RISC.patch ++++ hwinfo: - merge gh#openSUSE/hwinfo#109 - fix logic around cdrom detection - 21.80 ++++ kernel-default: - kernel-obs-build: remove duplicated/unused parameters lbs=0 - this parameters is just giving "unused parameter" and it looks like I can not find any version that implemented this. rd.driver.pre=binfmt_misc is not needed when setup_obs is used, it alread loads the kernel module. quiet and panic=1 will now be also always added by OBS, so we don't have to set it here anymore. - commit 972c692 ++++ harfbuzz: - Update to 3.2.0: + Fixed shaping of Apple Color Emoji flags in right-to-left context + Fixed positioning of CFF fonts in HB_TINY profile + OpenType 1.9 language tags update + Add HB_NO_VERTICAL config option + Add HB_CONFIG_OVERRIDE_H for easier configuration + Improved packing of cmap, loca, and Ligature tables + Significantly improved overflow-resolution strategy in the repacker - Update to 3.1.2: + hb-shape / hb-view: revert treating text on the commandline as single paragraph (was introduced in 3.0.0); add new - -single-par to do that + Subsetter bug fixes ++++ net-snmp: - Make extended MIB read-only (bsc#1174961, CVE-2020-15862). Add net-snmp-5.7.3-make-extended-mib-read-only.patch ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#556 - don't add Y2* install boot options to target system (jsc#SLE-21308) ------------------------------------------------------------------ ------------------ 2021-12-16 - Dec 16 2021 ------------------- ------------------------------------------------------------------ ++++ lvm2-device-mapper: - starting with 12SP4 lvconvert no longer takes stripes option (bsc#1183905) + bug-1183905_lvconvert-allow-stripes-stripesize-in-mirror-convers.patch - LVM vgimportclone on hardware snapshot does not work (bsc#1193181) + bug-1193181_vgimportclone_on_hardware_snapshot_does_not_work.patch ++++ gnutls: - FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192008] * fips: allow more RSA modulus sizes * Add gnutls-FIPS-RSA-mod-sizes.patch * Delete gnutls-3.6.7-fips-rsa-4096.patch ++++ kernel-default: - supported.conf: enable ffa-module (jsc#SLE-21844) - commit f52f878 ++++ mozilla-nss: - Mozilla NSS 3.68.2 (bsc#1193845) * mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses (bmo#966856) ++++ lvm2: - starting with 12SP4 lvconvert no longer takes stripes option (bsc#1183905) + bug-1183905_lvconvert-allow-stripes-stripesize-in-mirror-convers.patch - LVM vgimportclone on hardware snapshot does not work (bsc#1193181) + bug-1193181_vgimportclone_on_hardware_snapshot_does_not_work.patch ++++ openssl-1_1: - Add support for livepatches (jsc#SLE-20049). - Generate ipa-clones tarball artifact when livepatching is enabled. ++++ pango: - Update to version 1.50.2: + Fix a problem with font fallback for Arabic. + Fix handling of fonts without a space glyph. + Various documentation improvements. + Fix build issues. ++++ python3-core: - Don't use appstream-glib on SLE-12. - Use Python 2-based Sphinx on SLE-12. - No documentation on SLE-12. - Add skip_SSL_tests.patch skipping tests because of patched OpenSSL (bpo#9425). - Don't use appstream-glib on SLE-12. - Use Python 2-based Sphinx on SLE-12. - No documentation on SLE-12. - Add skip_SSL_tests.patch skipping tests because of patched OpenSSL (bpo#9425). ++++ python3: - Don't use appstream-glib on SLE-12. - Use Python 2-based Sphinx on SLE-12. - No documentation on SLE-12. - Add skip_SSL_tests.patch skipping tests because of patched OpenSSL (bpo#9425). - Don't use appstream-glib on SLE-12. - Use Python 2-based Sphinx on SLE-12. - No documentation on SLE-12. - Add skip_SSL_tests.patch skipping tests because of patched OpenSSL (bpo#9425). ++++ qemu: - Add an audio-oss sub-package - Add some new (mostly documentation) files in the package - Remove option --audio-drv-list because audio is detected by meson automatically in latest version. - Remove options --disable-jemalloc and --disable-tcmalloc which are changed in v6.2.0. - Update to v 6.2.0. For full release notese, see: * https://wiki.qemu.org/ChangeLog/6.2. Be sure to also check the following pages: * https://qemu-project.gitlab.io/qemu/about/removed-features.html * https://qemu-project.gitlab.io/qemu/about/deprecated.html Some notable changes: * virtio-mem: guest memory dumps are now fully supported, along with pre-copy/post-copy migration and background guest snapshots * QMP: support for nw DEVICE_UNPLUG_GUEST_ERROR to detect guest-reported hotplug failures * TCG: improvements to TCG plugin argument syntax, and multi-core support for cache plugin * 68k: improved support for Apple’s NuBus, including ability to load declaration ROMs, and slot IRQ support * ARM: macOS hosts with Apple Silicon CPUs now support ‘hvf’ accelerator for AArch64 guests * ARM: emulation support for Fujitsu A64FX processor model * ARM: emulation support for kudo-mbc machine type * ARM: M-profile MVE extension is now supported for Cortex-M55 * ARM: ‘virt’ machine now supports an emulated ITS (Interrupt Translation Service) and supports more than 123 CPUs in emulation mode * ARM: xlnx-zcu102 and xlnx-versal-virt machines now support BBRAM and eFUSE devices * PowerPC: improved POWER10 support for the ‘powernv’ machine type * PowerPC: initial support for POWER10 DD2.0 CPU model * PowerPC: support for FORM2 PAPR NUMA descriptions for ‘pseries’ machine type * RISC-V: support for Zb[abcs] instruction set extensions * RISC-V: support for vhost-user and numa mem options across all boards * RISC-V: SiFive PWM support * x86: support for new Snowridge-v4 CPU model * x86: guest support for Intel SGX * x86: AMD SEV guests now support measurement of kernel binary when doing direct kernel boot (not using a bootloader) * Patches dropped: 9pfs-fix-crash-in-v9fs_walk.patch block-introduce-max_hw_iov-for-use-in-sc.patch hmp-Unbreak-change-vnc.patch hw-acpi-ich9-Add-compat-prop-to-keep-HPC.patch hw-i386-acpi-build-Deny-control-on-PCIe-.patch i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch net-vmxnet3-validate-configuration-value.patch pcie-rename-native-hotplug-to-x-native-h.patch plugins-do-not-limit-exported-symbols-if.patch plugins-execlog-removed-unintended-s-at-.patch qemu-nbd-Change-default-cache-mode-to-wr.patch qemu-sockets-fix-unix-socket-path-copy-a.patch target-arm-Don-t-skip-M-profile-reset-en.patch target-i386-add-missing-bits-to-CR4_RESE.patch tcg-arm-Fix-tcg_out_vec_op-function-sign.patch uas-add-stream-number-sanity-checks.patch vhost-vsock-fix-migration-issue-when-seq.patch virtio-balloon-don-t-start-free-page-hin.patch virtio-mem-pci-Fix-memory-leak-when-crea.patch virtio-net-fix-use-after-unmap-free-for-.patch ++++ yast2: - Fixed RelURL to work properly with the FTP URLs (related to jsc#SLE-22669) - 4.4.30 ------------------------------------------------------------------ ------------------ 2021-12-15 - Dec 15 2021 ------------------- ------------------------------------------------------------------ ++++ bcm43xx-firmware: - Introduce firmware files for Raspberry Pi Zero 2 W support (jsc#SLE-23064). - Update BCM4345C0.hcd to fix Spectra for CYW43455 (CVE-2020-10370) - Change source file links from branch master to branch buster. ++++ iputils: - Update to version 20211215 https://github.com/iputils/iputils/releases/tag/20211215 - rarpd and rdisc are going to be removed in next release (https://github.com/iputils/iputils/issues/363) therefore don't pack it since this release - Drop harden_rdisc.service.patch, which was 1) merged upstream 4bb0ace ("systemd: Add ProtectHostname, ProtectKernelLogs") for all services 2) we don't build rdisc since this release ++++ kernel-default: - x86/sev: Fix SEV-ES INS/OUTS instructions for word, dword, and qword (bsc#1190497). - commit 8e47d62 - tracing: Add length protection to histogram string copies (git-fixes). - commit 0ebdac5 - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - commit 64a2763 - xen/netfront: don't trust the backend response data blindly (git-fixes). - commit 3d79f0a - xen/netfront: disentangle tx_skb_freelist (git-fixes). - commit 843455b - xen/netfront: don't read data from request on the ring page (git-fixes). - commit a7d9222 - xen/netfront: read response from backend only once (git-fixes). - commit 7ac98d9 - xen/blkfront: don't trust the backend response data blindly (git-fixes). - commit 8fa0a17 - xen/blkfront: don't take local copy of a request from the ring page (git-fixes). - commit ff5aa10 - xen/blkfront: read response from backend only once (git-fixes). - commit 160dbd1 - usb: core: config: using bit mask instead of individual bits (git-fixes). - USB: gadget: zero allocate endpoint 0 buffers (git-fixes). - USB: gadget: detect too-big endpoint 0 requests (git-fixes). - libata: add horkage for ASMedia 1092 (git-fixes). - platform/x86: amd-pmc: Fix s2idle failures on certain AMD laptops (git-fixes). - mmc: spi: Add device-tree SPI IDs (git-fixes). - usb: gadget: uvc: fix multiple opens (git-fixes). - commit e549085 - HID: Ignore battery for Elan touchscreen on Asus UX550VE (git-fixes). - HID: google: add eel USB id (git-fixes). - HID: add USB_HID dependancy to hid-prodikeys (git-fixes). - HID: add USB_HID dependancy to hid-chicony (git-fixes). - HID: bigbenff: prevent null pointer dereference (git-fixes). - HID: sony: fix error path in probe (git-fixes). - HID: add USB_HID dependancy on some USB HID drivers (git-fixes). - HID: check for valid USB device for many HID drivers (git-fixes). - HID: wacom: fix problems when device is not a valid USB device (git-fixes). - HID: add hid_is_usb() function to make it simpler for USB detection (git-fixes). - HID: quirks: Add quirk for the Microsoft Surface 3 type-cover (git-fixes). - HID: Ignore battery for Elan touchscreen on HP Envy X360 15-eu0xxx (git-fixes). - HID: sony: support for the ghlive ps4 dongles (git-fixes). - HID: sony: Fix more ShanWan clone gamepads to not rumble when plugged in (git-fixes). - commit 66fc3e6 ++++ supportutils: - Changes to version 3.1.19 + Removed chronyc DNS lookups with -n switch (bsc#1193732) ++++ yast2: - Fixed RelURL unit test randomly crashing (related to jsc#SLE-22669) - 4.4.29 ------------------------------------------------------------------ ------------------ 2021-12-14 - Dec 14 2021 ------------------- ------------------------------------------------------------------ ++++ libguestfs: - Add python-rpm-macros (bsc#1180125) ++++ hwinfo: - merge gh#openSUSE/hwinfo#108 - Donot close the open tray after read_cdrom_info. - Donot close the open tray after read. - 21.79 ++++ kernel-default: - Revert "- rpm/*build: use buildroot macro instead of env variable" buildroot macro is not being expanded inside a shell script. go back to the environment variable usage. This reverts parts of commit e2f60269b9330d7225b2547e057ef0859ccec155. - commit fe85f96 - kernel-obs-build: include the preferred kernel parameters Currently the Open Build Service hardcodes the kernel boot parameters globally. Recently functionality was added to control the parameters by the kernel-obs-build package, so make use of that. parameters here will overwrite what is used by OBS otherwise. - commit a631240 - vfio: Introduce a vfio_uninit_group_dev() API call (jsc#SLE-22601). - Refresh patches.suse/vfio-fsl-Move-to-the-device-set-infrastructure.patch. - Refresh patches.suse/0447-vfio-Provide-better-generic-support-for-open-release.patch. - commit 880f484 - sched/fair: Document the slow path and fast path in select_task_rq_fair (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Fix per-CPU kthread and wakee stacking for asym CPU capacity (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Fix detection of per-CPU kthreads waking a task (bsc#1189999 (Scheduler functional and performance backports)). - commit d543e74 - Refresh patches.suse/sched-fair-Adjust-the-allowed-NUMA-imbalance-when-SD_NUMA-spans-multiple-LLCs.patch. - Refresh patches.suse/sched-fair-Use-weight-of-SD_NUMA-domain-in-find_busiest_group.patch. - commit 24ff0a3 - xhci: avoid race between disable slot command and host runtime suspend (git-fixes). - commit 7ac82ba - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (git-fixes). - commit 47ed1f0 - Update patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch (bsc#1189158) - commit 5a1da74 - vdpa: Consider device id larger than 31 (git-fixes). - virtio/vsock: fix the transport to work with VMADDR_CID_ANY (git-fixes). - virtio_ring: Fix querying of maximum DMA mapping size for virtio device (git-fixes). - virtio: always enter drivers/virtio/ (git-fixes). - vdpa: check that offsets are within bounds (git-fixes). - commit a40ec17 ++++ util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954). ++++ libvirt: - libxl: Implement domainGetMessages API cbae4eaa-libxl-add-domainGetMessages.patch bsc##1193623 ++++ qemu: - Reinstate Lin Ma's fixes for bsc#1192147 as they were submitted only to IBS. * Patches added: hw-acpi-ich9-Add-compat-prop-to-keep-HPC.patch hw-i386-acpi-build-Deny-control-on-PCIe-.patch pcie-rename-native-hotplug-to-x-native-h.patch - Rename the Guest Agent service qemu-guest-agent, like in other distros (and upstream). bsc#1185543 ++++ rpm: - Add explicit requirement on python-rpm-macros to avoid widespread breakage by package mistakenly ignoring their requirement of python-rpm-macros (bsc#1180125, bsc#1193711). ++++ runc: - Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container hasexited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. - Drop runc-rpmlintrc because we don't have runc-test anymore. ++++ util-linux-systemd: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954). ++++ yast2: - Added RelURL class for working with relative URLs ("relurl://") (jsc#SLE-22669) - 4.4.28 ------------------------------------------------------------------ ------------------ 2021-12-13 - Dec 13 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: qla2xxx: Format log strings only if needed (git-fixes). - scsi: scsi_debug: Fix buffer size of REPORT ZONES command (git-fixes). - scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() (git-fixes). - scsi: scsi_debug: Zero clear zones at reset write pointer (git-fixes). - scsi: mpt3sas: Fix incorrect system timestamp (git-fixes). - scsi: mpt3sas: Fix system going into read-only mode (git-fixes). - scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes). - commit 590254f - RDMA/irdma: Don't arm the CQ more than two times if no CE for this CQ (jsc#SLE-18383). - RDMA/irdma: Report correct WC errors (jsc#SLE-18383). - RDMA/irdma: Fix a potential memory allocation issue in 'irdma_prm_add_pble_mem()' (jsc#SLE-18383). - RDMA/irdma: Fix a user-after-free in add_pble_prm (jsc#SLE-18383). - IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (jsc#SLE-19242). - IB/hfi1: Fix early init panic (jsc#SLE-19242). - IB/hfi1: Insure use of smp_processor_id() is preempt disabled (jsc#SLE-19242). - IB/hfi1: Correct guard on eager buffer deallocation (jsc#SLE-19242). - RDMA/rtrs: Call {get,put}_cpu_ptr to silence a debug kernel warning (jsc#SLE-19249). - RDMA/hns: Do not destroy QP resources in the hw resetting phase (bsc#1190336). - RDMA/hns: Do not halt commands during reset until later (bsc#1190336). - RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow (jsc#SLE-19253). - RDMA: Fix use-after-free in rxe_queue_cleanup (jsc#SLE-19249). - vmxnet3: fix minimum vectors alloc issue (bsc#1190406). - ice: safer stats processing (jsc#SLE-18375). - ice: fix adding different tunnels (jsc#SLE-18375). - ice: fix choosing UDP header type (jsc#SLE-18375). - ice: ignore dropped packets during init (jsc#SLE-18375). - ice: Fix problems with DSCP QoS implementation (jsc#SLE-18375). - ice: rearm other interrupt cause register after enabling VFs (jsc#SLE-18375). - ice: fix FDIR init missing when reset VF (jsc#SLE-18375). - i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc (jsc#SLE-18378). - i40e: Fix pre-set max number of queues for VF (jsc#SLE-18378). - i40e: Fix failed opcode appearing if handling messages from VF (jsc#SLE-18378). - iavf: Fix reporting when setting descriptor count (jsc#SLE-18385). - iavf: restore MSI state on reset (jsc#SLE-18385). - devlink: fix netns refcount leak in devlink_nl_cmd_reload() (git-fixes). - bonding: make tx_rebalance_counter an atomic (git-fixes). - net/tls: Fix authentication failure in CCM mode (git-fixes). - tcp: fix page frag corruption on page fault (git-fixes). - commit ed7a8c9 - config: INPUT_EVBUG=n (bsc#1192974). Debug driver unsuitable for production, only enabled on ppc64. - commit e6448a3 - ima: Fix undefined arch_ima_get_secureboot() and co (bsc#1193674). - commit acf34be - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes). - commit 6e691fe - kernel-obs-build: inform build service about virtio-serial Inform the build worker code that this kernel supports virtio-serial, which improves performance and relability of logging. - commit 301a3a7 - rpm/*.spec.in: use buildroot macro instead of env variable The RPM_BUILD_ROOT variable is considered deprecated over a buildroot macro. future proof the spec files. - commit e2f6026 - Move upstreamed rtw89 patch into sorted section - commit 0950df1 - net: mana: Fix memory leak in mana_hwc_create_wq (git-fixes). - commit 1fcab05 - usb: core: config: fix validation of wMaxPacketValue entries (git-fixes). - bus: mhi: core: Add support for forced PM resume (git-fixes). - iio: trigger: stm32-timer: fix MODULE_ALIAS (git-fixes). - iio: at91-sama5d2: Fix incorrect sign extension (git-fixes). - iio: adc: axp20x_adc: fix charging current reporting on AXP22x (git-fixes). - iio: gyro: adxrs290: fix data signedness (git-fixes). - iio: ad7768-1: Call iio_trigger_notify_done() on error (git-fixes). - iio: itg3200: Call iio_trigger_notify_done() on error (git-fixes). - iio: dln2: Check return value of devm_iio_trigger_register() (git-fixes). - iio: trigger: Fix reference counting (git-fixes). - iio: dln2-adc: Fix lockdep complaint (git-fixes). - iio: adc: stm32: fix a current leak by resetting pcsel before disabling vdda (git-fixes). - iio: mma8452: Fix trigger reference couting (git-fixes). - iio: stk3310: Don't return error code in interrupt handler (git-fixes). - iio: kxsd9: Don't return error code in trigger handler (git-fixes). - iio: ltr501: Don't return error code in trigger handler (git-fixes). - iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (git-fixes). - misc: rtsx: Avoid mangling IRQ during runtime PM (git-fixes). - misc: fastrpc: fix improper packet size calculation (git-fixes). - bus: mhi: pci_generic: Fix device recovery failed issue (git-fixes). - clocksource/drivers/dw_apb_timer_of: Fix probe failure (git-fixes). - irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL (git-fixes). - irqchip: nvic: Fix offset for Interrupt Priority Offsets (git-fixes). - irqchip/aspeed-scu: Replace update_bits with write_bits (git-fixes). - irqchip/armada-370-xp: Fix support for Multi-MSI interrupts (git-fixes). - irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() (git-fixes). - clocksource/drivers/arc_timer: Eliminate redefined macro error (git-fixes). - commit 458f7dd - Bbluetooth: btusb: Add another Bluetooth part for Realtek 8852AE (bsc#1193655). - Bluetooth: btusb: Add gpio reset way for qca btsoc in cmd_timeout (bsc#1193655). - Bluetooth: btusb: Add support for IMC Networks Mediatek Chip(MT7921) (bsc#1193655). - Bluetooth: btusb: Add the new support ID for Realtek RTL8852A (bsc#1193655). - Bluetooth: btusb: Add protocol for MediaTek bluetooth devices(MT7922) (bsc#1193655). - Bluetooth: btusb: Support public address configuration for MediaTek Chip (bsc#1193655). - commit aa63c80 ++++ colord: - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_colord.service.patch ++++ libvirt: - Don't spawn pkttyagent when stdin is not a tty 0001-util-Don-t-spawn-pkttyagent-when-stdin-is-not-a-tty.patch bsc#1193574 ++++ qemu: - disable QOM cast debug outside the testsuite as the corresponding asserts show up occassionally as top #1 in perf(1) traces under heavy virtio load - enable LTO when we'd like to use LTO ++++ rust-keylime: - Update to version 0.1.0+git.1639176416.fc90088: * Code refactor to use updated tss-esapi - Drop add_property_tag_variant_for_maxcapbuffer.patch, included in the upstream crate ++++ suse-module-tools: - Update to version 15.4.9: * same as Factory version 16.0.16 * modprobe.d: split conf files (jsc#SLE-21626, boo#1193059) - Rather than shipping two large files with modprobe.d options (00-system.conf and 50-blacklist.conf), ship multiple small per-module files. This makes it easier for users to override distribution defaults. * blacklist isst_if_mbox_msr (bsc#1187196) * boot-sysctl: make sure file exists (fix for containers) * remove blacklist entry for snd_bt87x (bsc#1192974, bsc#51718) ------------------------------------------------------------------ ------------------ 2021-12-12 - Dec 12 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - i2c: mpc: Use atomic read and fix break condition (git-fixes). - clk: qcom: sm6125-gcc: Swap ops of ice and apps on sdcc1 (git-fixes). - clk: imx: use module_platform_driver (git-fixes). - clk: qcom: clk-alpha-pll: Don't reconfigure running Trion (git-fixes). - clk: qcom: regmap-mux: fix parent clock lookup (git-fixes). - commit 3747790 ------------------------------------------------------------------ ------------------ 2021-12-11 - Dec 11 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform (git-fixes). - ALSA: ctl: Fix copy of updated id with element read/write (git-fixes). - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (git-fixes). - ALSA: pcm: oss: Limit the period size to 16MB (git-fixes). - ALSA: pcm: oss: Fix negative period/buffer sizes (git-fixes). - commit 70606b1 - thermal: int340x: Fix VCoRefLow MMIO bit offset for TGL (git-fixes). - PM: runtime: Fix pm_runtime_active() kerneldoc comment (git-fixes). - hwmon: (pwm-fan) Ensure the fan going on in .probe() (git-fixes). - hwmon: (dell-smm) Fix warning on /proc/i8k creation error (git-fixes). - hwmon: (corsair-psu) fix plain integer used as NULL pointer (git-fixes). - Revert "PCI: aardvark: Fix support for PCI_ROM_ADDRESS1 on emulated bridge" (git-fixes). - mmc: renesas_sdhi: initialize variable properly when tuning (git-fixes). - ASoC: codecs: wsa881x: fix return values from kcontrol put (git-fixes). - ASoC: codecs: wcd934x: return correct value from mixer put (git-fixes). - ASoC: codecs: wcd934x: handle channel mappping list correctly (git-fixes). - ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer (git-fixes). - ASoC: tegra: Use normal system sleep for ADX (git-fixes). - ASoC: tegra: Use normal system sleep for AMX (git-fixes). - ASoC: tegra: Use normal system sleep for Mixer (git-fixes). - ASoC: tegra: Use normal system sleep for MVC (git-fixes). - ASoC: tegra: Use normal system sleep for SFC (git-fixes). - ASoC: tegra: Balance runtime PM count (git-fixes). - ASoC: rt5682: Fix crash due to out of scope stack vars (git-fixes). - ALSA: usb-audio: Reorder snd_djm_devices[] entries (git-fixes). - ALSA: hda/realtek: Fix quirk for TongFang PHxTxX1 (git-fixes). - drm/amd/display: Fix DPIA outbox timeout after S3/S4/reset (git-fixes). - drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence (git-fixes). - commit 847c219 ++++ pango: - Update to version 1.50.1: + Fix a crash in tab handling. + Fix tab positioning without line wrapping. + Fix an assertion failure found by fuzzing. + Make underlines work again for broken fonts. ------------------------------------------------------------------ ------------------ 2021-12-10 - Dec 10 2021 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.183.g7d569585: * fix(dracut.spec): update usrmerged mkinitrd dir * fix(url-lib): improve ca-bundle detection (bsc#1175892) ++++ kernel-default: - can: m_can: make custom bittiming fields const (git-fixes). - commit 5d86bd5 - Update BT fix patch for regression with 8087:0026 device (bsc#1193124) Also corrected the references and patch description - commit 4cf2593 - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126). - commit 2b31676 - sched/fair: Adjust the allowed NUMA imbalance when SD_NUMA spans multiple LLCs (bsc#1192120). - sched/fair: Use weight of SD_NUMA domain in find_busiest_group (bsc#1192120). - commit 818b2ce - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (git-fixes). - can: kvaser_usb: get CAN clock frequency from device (git-fixes). - can: kvaser_pciefd: kvaser_pciefd_rx_error_frame(): increase correct stats->{rx,tx}_errors counter (git-fixes). - can: m_can: pci: use custom bit timings for Elkhart Lake (git-fixes). - can: m_can: pci: fix incorrect reference clock rate (git-fixes). - can: m_can: Disable and ignore ELO interrupt (git-fixes). - can: sja1000: fix use after free in ems_pcmcia_add_card() (git-fixes). - can: pch_can: pch_can_rx_normal: fix use after free (git-fixes). - mtd: dataflash: Add device-tree SPI IDs (git-fixes). - mtd: rawnand: fsmc: Fix timing computation (git-fixes). - mtd: rawnand: fsmc: Take instruction delay into account (git-fixes). - mtd: rawnand: Fix nand_choose_best_timings() on unsupported interface (git-fixes). - mtd: rawnand: Fix nand_erase_op delay (git-fixes). - HID: intel-ish-hid: ipc: only enable IRQ wakeup when requested (git-fixes). - soc: fsl: dpio: Unsigned compared against 0 in qbman_swp_set_irq_coalescing() (git-fixes). - commit 3db25ff - Refresh patches.suse/0011-PM-hibernate-require-hibernate-snapshot-image-to-be-.patch. - commit 90d6396 - Refresh patches.suse/0010-PM-hibernate-a-option-to-request-that-snapshot-image.patch. Update config files. CONFIG_HIBERNATE_VERIFICATION_FORCE is not set - commit c101ebd - unmark patches.suse/0009-PM-hibernate-prevent-EFI-secret-key-to-be-regenerate.patch - commit 3684c18 - Refresh patches.suse/0008-PM-hibernate-Generate-and-verify-signature-for-snaps.patch. Update config files. CONFIG_HIBERNATE_VERIFICATION=y - commit 402ebf2 - Refresh patches.suse/0007-PM-hibernate-encrypt-hidden-area.patch. - commit fbd4629 - Refresh patches.suse/0006-efi-allow-user-to-regenerate-secret-key.patch. - commit a86713d - Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch. Update config files. CONFIG_EFI_SECRET_KEY=y - commit 6e77a16 - unmark patches.suse/0002-hibernate-avoid-the-data-in-hidden-area-to-be-snapsh.patch - commit f20ffd1 - Refresh patches.suse/0001-security-create-hidden-area-to-keep-sensitive-data.patch. Update config files. CONFIG_HIDDEN_AREA - commit f4223b3 ++++ alsa: - Update to version 1.2.6.1: a minor fix release: * conf: fix the device parsing when arguments has no defaults * conf: accept '_' character in the variable name ++++ openssh: - Add openssh-CVE-2021-28041-agent-double-free.patch (bsc#1183137, CVE-2021-28041), from upstream. ++++ samba: - Update to 4.15.3 * Recursive directory delete with veto files is broken in 4.15.0; (bso#14878); * A directory containing dangling symlinks cannot be deleted by SMB2 alone when they are the only entry in the directory; (bso#14879); * SIGSEGV in rmdir_internals/synthetic_pathref - dirfsp is used uninitialized in rmdir_internals(); (bso#14892); * MaxQueryDuration not honoured in Samba AD DC LDAP; (bso#14694); * The CVE-2020-25717 username map [script] advice has undesired side effects for the local nt token; (bso#14901); (bsc#1192849); * User with multiple spaces (eg FredNurk) become un-deletable; (bso#14902); * Avoid storing NTTIME_THAW (-2) as value on disk; (bso#14127); * smbXsrv_client_global record validation leads to crash if existing record points at non-existing process; (bso#14882); * Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call; (bso#14890); * Samba process doesn't log to logfile; (bso#14897); * set_ea_dos_attribute() fallback calling get_file_handle_for_metadata() triggers locking.tdb assert; (bso#14907); * Kerberos authentication on standalone server in MIT realm broken; (bso#14922); * Segmentation fault when joining the domain; (bso#14923); * Support for ROLE_IPA_DC is incomplete; (bso#14903); * rpcclient cannot connect to ncacn_ip_tcp services anymore; (bso#14767); * winexe crashes since 4.15.0 after popt parsing; (bso#14893); * net ads status -P broken in a clustered environment; (bso#14908); * Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before smbd_smb2_ioctl_send; (bso#14788); * winbindd doesn't start when "allow trusted domains" is off; (bso#14899); * smbclient login without password using '-N' fails with NT_STATUS_INVALID_PARAMETER on Samba AD DC; (bso#14883); * A schannel client incorrectly detects a downgrade connecting to an AES only server; (bso#14912); * Possible null pointer dereference in winbind; (bso#14921); * Fix -k legacy option for client tools like smbclient, rpcclient, net, etc.; (bso#14846); * Add Debian 11 CI bootstrap support; (bso#14872); * Crash in recycle_unlink_internal(); (bso#14888); ------------------------------------------------------------------ ------------------ 2021-12-9 - Dec 9 2021 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.179.g3cf989c2: * fix(cpio): write zeros instead of seek for padding and alignment (bsc#1190982) * fix(dracut.sh): check kernel zstd support early * fix(dracut.sh): check availability of configured compression * fix(dracut.sh): inform user about auto-selected compression method * fix(dracut.sh): drop pointless check for module compression method * chore(suse): add dracut-cpio archiver (jsc#SLE-16157) * ci(TEST-63-DRACUT-CPIO): kernel extraction tests for dracut-cpio * feat(dracut.sh): add "--enhanced-cpio" option for calling dracut-cpio * feat(Makefile): cargo wrapper for dracut-cpio build * feat(cpio): add newc archive creation utility * feat(cpio): add rust argument parsing library from crosvm * ci(TEST-62-SKIPCPIO): add simple skipcpio test * ci(test): export basedir and testdir as absolute paths * ci(TEST-60-BONDBRIDGEVLANIFCFG): use toplevel Makefile * fix(dracut.spec): check for non-usrmerged environments * fix(zfcp_rules): add quotes around rule installation argument * fix(zipl): correct argument for uuid to device conversion * fix(fips): missing value of _vmname variable (bsc#1193267) * chore(suse): add fido2 module (jsc#SLE-21070) * feat(crypt): check if fido2 module is needed in hostonly mode (jsc#SLE-21070) * feat(fido2): introducing the fido2 module (jsc#SLE-21070) * feat(crypt): check if tpm2-tss module is needed in hostonly mode (jsc#SLE-21070) * fix(dracut-functions.sh): get block device driver if in a virtual subsystem (bsc#1189776) * fix(mdraid): allow UUID comparison for more than one UUID (bsc#1192665) ++++ kdump: - Sync with SLE15-SP4 changelog. These patches were never applied to Factory: * kdump-avoid-endless-loop-EAI_AGAIN.patch * kdump-calibrate-Add-LUKS2-Argon2-requirements-to-the-reser.patch * kdump-calibrate-Fix-kernel-command-line-parsing.patch * kdump-do-not-add-rd.neednet.patch * kdump-Do-not-list-all-block-devices-if-no-block-devices-ar.patch * kdump-ensure-initrd.target.wants-directory.patch * kdump-Enumerate-all-BTRFS-devices-for-btrfs-mount-points.patch * kdump-Implement-KString-isHexNumber.patch * kdump-install-etc-resolv.conf-using-resolved-path.patch * kdump-Mount-and-device-resolution-using-libmount-and-lsblk.patch * kdump-remove-console-hvc0-from-commandline.patch * kdump-set-serial-console-from-Xen-cmdline.patch ++++ kernel-default: - drm/i915/dp: Perform 30ms delay after source OUI write (git-fixes). - commit ffbcf49 - usb: cdns3: gadget: fix new urb never complete if ep cancel previous requests (git-fixes). - USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub (git-fixes). - serial: pl011: Add ACPI SBSA UART match id (git-fixes). - drm/amd/display: Allow DSC on supported MST branch devices (git-fixes). - iwlwifi: mvm: retry init flow if failed (git-fixes). - ata: libahci: Adjust behavior when StorageD3Enable _DSD is set (git-fixes). - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile (git-fixes). - drm/amd/amdgpu: fix potential memleak (git-fixes). - drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again (git-fixes). - drm/sun4i: fix unmet dependency on RESET_CONTROLLER for PHY_SUN6I_MIPI_DPHY (git-fixes). - thermal: core: Reset previous low and high trip during thermal zone init (git-fixes). - platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep (git-fixes). - platform/x86: thinkpad_acpi: Add support for dual fan control (git-fixes). - platform/x86: dell-wmi-descriptor: disable by default (git-fixes). - net: usb: r8152: Add MAC passthrough support for more Lenovo Docks (git-fixes). - mac80211: fix throughput LED trigger (git-fixes). - mac80211: do not access the IV when it was stripped (git-fixes). - drm/connector: fix all kernel-doc warnings (git-fixes). - commit 9be7e24 - tty: serial: fsl_lpuart: add timeout for wait_event_interruptible in .shutdown() (jsc#SLE-19033). - crypto: caam - save caam memory to support crypto engine retry mechanism (jsc#SLE-19033). - crypto: caam - replace this_cpu_ptr with raw_cpu_ptr (jsc#SLE-19033). - tty: serial: imx: disable UCR4_OREN in .stop_rx() instead of .shutdown() (jsc#SLE-19033). - tty: serial: imx: clear the RTSD status before enable the RTSD irq (jsc#SLE-19033). - memory: fsl_ifc: populate child devices without relying on simple-bus (jsc#SLE-19033). - soc: fsl: dpio: fix qbman alignment error in the virtualization context (jsc#SLE-19033). - net: stmmac: Disable Tx queues when reconfiguring the interface (jsc#SLE-19033). - dmaengine: fsl-edma: support edma memcpy (jsc#SLE-19033). - vfio/fsl-mc: Add per device reset support (jsc#SLE-19033). - bus/fsl-mc: Add generic implementation for open/reset/close commands (jsc#SLE-19033). - ASoC: fsl_spdif: implement bypass mode from in to out (jsc#SLE-19033). - ASoC: fsl_rpmsg: add soc specific data structure (jsc#SLE-19033). - net: dpaa2: add adaptive interrupt coalescing (jsc#SLE-19033). - soc: fsl: dpio: add Net DIM integration (jsc#SLE-19033). - net: dpaa2: add support for manual setup of IRQ coalesing (jsc#SLE-19033). - soc: fsl: dpio: add support for irq coalescing per software portal (jsc#SLE-19033). - soc: fsl: dpio: extract the QBMAN clock frequency from the attributes (jsc#SLE-19033). - spi: Convert NXP flexspi to json schema (jsc#SLE-19033). - vfio/fsl: Move to the device set infrastructure (jsc#SLE-19033). - tty: serial: fsl_lpuart: do software reset for imx7ulp and imx8qxp (jsc#SLE-19033). - tty: serial: fsl_lpuart: enable two stop bits for lpuart32 (jsc#SLE-19033). - tty: serial: fsl_lpuart: check dma_tx_in_progress in tx dma callback (jsc#SLE-19033). - net: phy: at803x: finish the phy id checking simplification (jsc#SLE-19033). - mmc: sdhci: Correct the tuning command handle for PIO mode (jsc#SLE-19033). - commit bad7a12 - Refresh patches.suse/mm-vmscan-Reduce-throttling-due-to-a-failure-to-make-progress.patch. Mmotm fix for a report stating there was a NULL pointer exception for a THP-intensive workload. - commit de8b975 ++++ python3-core: - Don't use OpenSSL 1.1 on platforms which don't have it. ++++ nvme-cli: - Update to version 1.16: + Print ProductName found even if subvendor/subdevice is unknown. + Add New fields on PEL based on NVMe 2.0a. + nvme-cli: - Split media units written/read into hi/lo 64 bit fields. - Add support for new SN650 device. - Update WDC pluging version to 1.15.3. - fix the [data|mdata]_len param (boo#1193547). - Add support for C3/Latency Monitor Log page parsing. - ctrl-loss-tmo should accept -1 as value. + nvme: add spinup control feature (fid=0x1A). + nvme: Add Identify for CNS 08h NVMe spec 2.0a based. + nvme: add boot partition log support. + nvme: add support for fid supported and effects log(lid = 0x12). + add identify endurance group list (cns 0x19) support. + add json support for zns report zones. + fabrics: fix 'nvme discover' segfault if sysfs path is not available. ++++ podman: - Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade path from podman < 3.1.2 ++++ python3: - Don't use OpenSSL 1.1 on platforms which don't have it. ------------------------------------------------------------------ ------------------ 2021-12-8 - Dec 8 2021 ------------------- ------------------------------------------------------------------ ++++ at-spi2-core: - Configure to use dbus-broker when available. - Add libsystemd to BuildRequires: needed for dbus-broker support. ++++ grub2: - Add support for simplefb (boo#1193532). + grub2-simplefb.patch ++++ kdump: - Update to 0.9.2 * Isolate fadump initrd within the default one (jsc#SLE-18272) * Bug fixes * Code cleanups - Remove patches that have been upstreamed: * kdump-mounts.cc-Include-sys-ioctl.h.patch * kdump-Add-bootdev-to-dracut-command-line.patch * kdump-do-not-iterate-past-end-of-string.patch * kdump-fix-incorrect-exit-code-checking.patch * kdump-avoid-endless-loop-on-EAI_AGAIN.patch * kdump-install-real-resolv.conf.patch * kdump-Store-kdump-initrd-in-kernel-image-path.patch - Remove patches that have been solved differently: * kdump-on-error-option-yesno.patch ++++ kernel-default: - Refresh patches.suse/ipmi-ssif-initialize-ssif_info-client-early.patch. - commit c1e3bcb - bus: fsl-mc: rescan devices if endpoint not found (jsc#SLE-19033). - bus: fsl-mc: pause the MC firmware when unloading (jsc#SLE-19033). - bus: fsl-mc: pause the MC firmware before IOMMU setup (jsc#SLE-19033). - bus: fsl-mc: add .shutdown() op for the bus driver (jsc#SLE-19033). - bus: fsl-mc: fully resume the firmware (jsc#SLE-19033). - bus: fsl-mc: handle DMA config deferral in ACPI case (jsc#SLE-19033). - bus: fsl-mc: extend fsl_mc_get_endpoint() to pass interface ID (jsc#SLE-19033). - commit 5b2ac90 - Revert "drm/i915: Implement Wa_1508744258" (git-fixes). - commit 78bf6ea - blacklist.conf: 1cbf731ef3a1 drm/i915: Fix missing docbook chapters for i915 uapi. - commit 6777126 - xen: remove stray preempt_disable() from PV AP startup code (bsc#1193524). - commit 39c2dee - xen/pvh: add missing prototype to header (git-fixes). - commit e49e355 - x86/pvh: add prototype for xen_pvh_init() (git-fixes). - commit 4f8d143 - ipmi: ssif: initialize ssif_info->client early (bsc#1193490). - commit e8af4dd - Delete patches.suse/sched-fair-Adjust-the-allowed-NUMA-imbalance-when-SD_NUMA-spans-multiple-LLCs.patch. - Delete patches.suse/sched-fair-Use-weight-of-SD_NUMA-domain-in-find_busiest_group.patch. New revision pending upstream. - commit dd182d0 - nvme-multipath: Skip not ready namespaces when revalidating paths (bsc#1191793 bsc#1192507 bsc#1192969). - commit 10dc5b5 - blacklist.conf: went in through stable - commit c751562 ++++ tpm2-0-tss: - Version 3.1.0 includes: + cover update to 2.4.5 (jsc#SLE-17366) + cover update to 2.3.0 (jsc#SLE-9515) + fix policy session for TPM2_PolicyAuthValue (bsc#1160736) - Add version the configuration file tpm2-tss-fapi.conf ++++ tpm2.0-abrmd: - Version 2.4.0 + remover syslog deprecation warning (bsc#1185154) + cover update to 2.3.3 (jsc#SLE-17366) + contains reload fix (bsc#1166936~ + fix tcti loading using short / long names (bsc#1159176) ++++ podman: - Update to version 3.4.4: * Bugfixes - Fixed a bug where the podman exec command would, under some circumstances, print a warning message about failing to move conmon to the appropriate cgroup (#12535). - Fixed a bug where named volumes created as part of container creation (e.g. podman run --volume avolume:/a/mountpoint or similar) would be mounted with incorrect permissions (#12523). - Fixed a bug where the podman-remote create and podman-remote run commands did not properly handle the --entrypoint="" option (to clear the container's entrypoint) (#12521). ++++ ovmf: - For preparing push to SLE15-SP4, add more notes: - Drop upstreamed ovmf-jscSLE-16075-SEV-ES-fixes.patch from 15-SP4 - All patches in the above big patch are in edk2-stable202011 - Some changes in ovmf.spec file of 15-SP4: - brotli-v1.0.7-17-g666c328-c.tar.xz and "add brotli" section be removed because ovmf-disable-brotli.patch. - Using %{_prefix} instead of /usr hard code. - Redundant %defattr(-,root,root) are removed. - BuildRoot be removed because factory doesn't have it. - Sync some differences in the change log between 15-SP3 with openSUSE TW since "Wed Jan 24 06:31:21 UTC 2018": - Add TLS and IPv6 supports for ArmVirtQemu. - ovmf-bsc1119454-additional-scsi-drivers.patch to support more SCSI drivers (PvScsi, MptScsi, and LsiScsi) (bsc#1119454) - already in edk2-stable202008 - Drop the build requirement of python2 ++++ tpm2-tss-engine: - --disable-defaultflags fix also bsc#1183895 - Drop 0001-build-add-disable-defaultflags.patch, already included in upstream code. - The update to 5.2 fill also jsc#SLE-9515 (4.1) and jsc#SLE-17366 (4.3.0) ------------------------------------------------------------------ ------------------ 2021-12-7 - Dec 7 2021 ------------------- ------------------------------------------------------------------ ++++ chrony: - Add chrony-htonl.patch to work around undocumented behaviour of htonl() in older glibc versions (SLE-12) on 64 bit big endian architectures (s390x). ++++ hwdata: - Update to version 0.354: + Updated pci, usb and vendor ids. ++++ kernel-default: - drm/connector: Give connector sysfs devices there own device_type (jsc#SLE-19356). - commit 5b7ab45 - drm/connector: Add a fwnode pointer to drm_connector and register with ACPI (v2) (jsc#SLE-19356). - commit f0b908e - drm/connector: Add support for out-of-band hotplug notification (v3) (jsc#SLE19356). - commit 6fa8d3d - drm/connector: Add drm_connector_find_by_fwnode() function (v3) (jsc#SLE-19356). - commit f8f4127 - usb: typec: ucsi: Don't stop alt mode registration on busy condition (jsc#SLE-19356). - commit d1dd3c7 - usb: typec: ucsi: Always cancel the command if PPM reports BUSY condition (jsc#SLE-19356). - commit 7d740d2 - usb: typec: altmodes/displayport: Notify drm subsys of hotplug events (git-fixes). - commit 5f1a962 - Remove patches.suse/nvme-add-sibling-to-list-after-full-initialization.patch As it turns out this fix is not correct. - commit bb77a4c - lpfc: Reintroduce old IRQ probe logic (bsc#1183897). - commit 00a7ff5 - Update patches.suse/powerpc-security-Use-a-mutex-for-interrupt-exit-code.patch (stable-5.14.19 bsc#1193470 ltc#195599). - commit a8808ca - Refresh patches.suse/0004-MODSIGN-checking-the-blacklisted-hash-before-loading.patch. - commit 4f48964 - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (jsc#SLE-19256). - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (git-fixes). - net/mlx5e: SHAMPO, Fix constant expression result (jsc#SLE-19253). - net/mlx5: Fix access to a non-supported register (jsc#SLE-19253). - net/mlx5: Fix too early queueing of log timestamp work (jsc#SLE-19253). - net/mlx5: Fix use after free in mlx5_health_wait_pci_up (jsc#SLE-19253). - net/mlx5: E-Switch, Use indirect table only if all destinations support it (jsc#SLE-19253). - net/mlx5: E-Switch, Check group pointer before reading bw_share value (jsc#SLE-19253). - net/mlx5: E-Switch, fix single FDB creation on BlueField (jsc#SLE-19253). - net/mlx5: E-switch, Respect BW share of the new group (jsc#SLE-19253). - net/mlx5: Lag, Fix recreation of VF LAG (jsc#SLE-19253). - net/mlx5: Move MODIFY_RQT command to ignore list in internal error state (jsc#SLE-19253). - net/mlx5e: Sync TIR params updates against concurrent create/modify (jsc#SLE-19253). - net/mlx5e: Fix missing IPsec statistics on uplink representor (jsc#SLE-19253). - net/mlx5e: IPsec: Fix Software parser inner l3 type setting in case of encapsulation (jsc#SLE-19253). - ice: xsk: clear status_error0 for each allocated desc (jsc#SLE-18375). - net/mlx4_en: Update reported link modes for 1/10G (jsc#SLE-19256). - net: qed: fix the array may be out of bound (jsc#SLE-19001). - igb: fix netpoll exit with traffic (jsc#SLE-18379). - net: chelsio: cxgb4vf: Fix an error code in cxgb4vf_pci_probe() (jsc#SLE-18992). - ice: avoid bpf_prog refcount underflow (jsc#SLE-18375). - ice: fix vsi->txq_map sizing (jsc#SLE-18375). - iavf: Fix VLAN feature flags after VFR (jsc#SLE-18385). - iavf: Fix refreshing iavf adapter stats on ethtool request (jsc#SLE-18385). - iavf: Fix deadlock occurrence during resetting VF interface (jsc#SLE-18385). - iavf: Prevent changing static ITR values if adaptive moderation is on (jsc#SLE-18385). - igb: unbreak I2C bit-banging on i350 (jsc#SLE-18379). - commit 24091ea - Delete patches.suse/0003-MODSIGN-load-blacklist-from-MOKx.patch. The ebd9c2ae369a45 patch introduced mokx support since v5.13 on upstream. Let's remove this downstream patch. (fate#316531, bnc#854875) - commit cd4e1c6 - Delete patches.suse/0001-efi-add-a-function-to-convert-the-status-code-to-a-s.patch. Delete patches.suse/0002-efi-show-error-messages-only-when-loading-certificat.patch Because upstream patch ebd9c2ae369a "efi: Only print errors about failing to get certs if EFI vars are found" already introduced new behavior of log. So those two SUSE downstream patches can be removed. (fate#316531, bnc#854875) - commit f98e665 - Refresh patches.suse/0001-MODSIGN-do-not-load-mok-when-secure-boot-disabled.patch. - Refresh patches.suse/0001-MODSIGN-do-not-load-mok-when-secure-boot-disabled.patch merge with patches.suse/0001-integrity-use-arch_ima_get_secureboot-instead-of-che.patch. (bsc#1188366) - Delete patches.suse/0001-integrity-use-arch_ima_get_secureboot-instead-of-che.patch. - commit f00ef99 - blacklist.conf: Add git-fixes patches checked into perf userspace - commit 032d842 ++++ c-ares: - update to 1.18.1. Changes since 1.17.2: * Allow '/' as a valid character for a returned name for CNAME in-addr.arpa delegation * no longer forwards requests for localhost resolution per RFC6761 * During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so that the search process will continue to the next domain in the search. * Provide ares_nameser.h as a public interface as needed by NodeJS * Add support for URI(Uniform Resource Identifier) records via ares_parse_uri_reply() - disable unit tests for SLE12 since GCC compiler too old to build unit tests - 5c995d5.patch: upstreamed - disable-live-tests.patch: refreshed ++++ libgcrypt: - FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480] * gcry_mpi_sub_ui: fix subtracting from negative value * Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch ++++ systemd: - move files related to static nodes to udev ++++ podman: - Update to version 3.4.3: * Security - This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777. - This release addresses CVE-2021-41190 / bsc#1193273, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients. * Features - The --secret type=mount option to podman create and podman run supports a new option, target=, which specifies where in the container the secret will be mounted (#12287). * Bugfixes - Fixed a bug where rootless Podman would occasionally print warning messages about failing to move the pause process to a new cgroup (#12065). - Fixed a bug where the podman run and podman create commands would, when pulling images, still require TLS even with registries set to Insecure via config file (#11933). - Fixed a bug where the podman generate systemd command generated units that depended on multi-user.target, which has been removed from some distributions (#12438). - Fixed a bug where Podman could not run containers with images that had /etc/ as a symlink (#12189). - Fixed a bug where the podman logs -f command would, when using the journald logs backend, exit immediately if the container had previously been restarted (#12263). - Fixed a bug where, in containers on VMs created by podman machine, the host.containers.internal name pointed to the VM, not the host system (#11642). - Fixed a bug where containers and pods created by the podman play kube command in VMs managed by podman machine would not automatically forward ports from the host machine (#12248). - Fixed a bug where podman machine init would fail on OS X when GNU Coreutils was installed (#12329). - Fixed a bug where podman machine start would exit before SSH on the started VM was accepting connections (#11532). - Fixed a bug where the podman run command with signal proxying (--sig-proxy) enabled could print an error if it attempted to send a signal to a container that had just exited (#8086). - Fixed a bug where the podman stats command would not return correct information for containers running Systemd as PID1 (#12400). - Fixed a bug where the podman image save command would fail on OS X when writing the image to STDOUT (#12402). - Fixed a bug where the podman ps command did not properly handle PS arguments which contained whitespace (#12452). - Fixed a bug where the podman-remote wait command could fail to detect that the container exited and return an error under some circumstances (#12457). - Fixed a bug where the Windows MSI installer for podman-remote would break the PATH environment variable by adding an extra " (#11416). * API - Updated the containers/image library to v5.17.0 - The Libpod Play Kube endpoint now also accepts ConfigMap YAML as part of its payload, and will use provided any ConfigMap to configure provided pods and services. - Fixed a bug where the Compat Create endpoint for Containers would not always create the container's working directory if it did not exist (#11842). - Fixed a bug where the Compat Create endpoint for Containers returned an incorrect error message with 404 errors when the requested image was not found (#12315). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the HostConfig.Mounts field (#12419). - Fixed a bug where the Compat Archive endpoint for Containers did not properly report errors when the operation failed (#12420). - Fixed a bug where the Compat Build endpoint for Images ignored the layers query parameter (for caching intermediate layers from the build) (#12378). - Fixed a bug where the Compat Build endpoint for Images did not report errors in a manner compatible with Docker (#12392). - Fixed a bug where the Compat Build endpoint for Images would fail to build if the context directory was a symlink (#12409). - Fixed a bug where the Compat List endpoint for Images included manifest lists (and not just images) in returned results (#12453). * Misc - Podman now builds by default with cgo enabled on OS X, resolving some issues with SSH (#10737). ++++ qemu: * Patches added (bsc#1186256): qemu-binfmt-conf.sh-allow-overriding-SUS.patch ------------------------------------------------------------------ ------------------ 2021-12-6 - Dec 6 2021 ------------------- ------------------------------------------------------------------ ++++ glib-networking: - Update to version 2.70.1: + Fix crashes when handshake is cancelled + OpenSSL: fix spurious certificate expired verification errors + GnuTLS: - Fix tests on 32-bit systems - Fix crash when invalid priority string is forced - Add check section and run meson_test macro during build. ++++ grub2: - Fix extent not found when initramfs contains shared extents (bsc#1190982) * 0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch ++++ kernel-default: - perf: Ignore sigtrap for tracepoints destined for other tasks (git-fixes). - perf/x86/intel/uncore: Fix IIO event constraints for Snowridge (git-fixes). - perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server (git-fixes). - perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server (git-fixes). - perf/x86/vlbr: Add c->flags to vlbr event constraints (git-fixes). - perf/x86/intel/uncore: Fix Intel SPR M3UPI event constraints (git-fixes). - perf/x86/intel/uncore: Fix Intel SPR M2PCIE event constraints (git-fixes). - perf/x86/intel/uncore: Fix Intel SPR IIO event constraints (git-fixes). - perf/x86/intel/uncore: Fix Intel SPR CHA event constraints (git-fixes). - commit 1cfbe90 - x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1190497). - commit 00aee08 - tracing/histograms: String compares should not care about signed values (git-fixes). - commit fa5ea58 - tracing: Fix pid filtering when triggers are attached (git-fixes). - commit 3c359a7 - blacklist.conf: 27ff768fa21c ("tracing: Test the 'Do not trace this pid' case in create event") Not needed. The backported "broken" commit is already fixed. - commit 2c0434d - tracing: Check pid filtering when creating events (git-fixes). - commit 90d7fd0 - arm64: cpufeature: Export this_cpu_has_cap helper (jsc#SLE-19046). - commit fd033df - coresight: Use devm_bitmap_zalloc when applicable (jsc#SLE-19046). - arm64: errata: Enable TRBE workaround for write to out-of-range address (jsc#SLE-19046). - arm64: errata: Enable workaround for TRBE overwrite in FILL mode (jsc#SLE-19046). - coresight: trbe: Work around write to out of range (jsc#SLE-19046). - coresight: trbe: Make sure we have enough space (jsc#SLE-19046). - coresight: trbe: Add a helper to determine the minimum buffer size (jsc#SLE-19046). - coresight: trbe: Workaround TRBE errata overwrite in FILL mode (jsc#SLE-19046). - coresight: trbe: Add infrastructure for Errata handling (jsc#SLE-19046). - coresight: trbe: Allow driver to choose a different alignment (jsc#SLE-19046). - coresight: trbe: Decouple buffer base from the hardware base (jsc#SLE-19046). - coresight: trbe: Add a helper to pad a given buffer area (jsc#SLE-19046). - coresight: trbe: Add a helper to calculate the trace generated (jsc#SLE-19046). - coresight: trbe: Prohibit trace before disabling TRBE (jsc#SLE-19046). - coresight: trbe: End the AUX handle on truncation (jsc#SLE-19046). - coresight: trbe: Do not truncate buffer on IRQ (jsc#SLE-19046). - coresight: trbe: Fix handling of spurious interrupts (jsc#SLE-19046). - coresight: trbe: irq handler: Do not disable TRBE if no action is needed (jsc#SLE-19046). - coresight: trbe: Unify the enabling sequence (jsc#SLE-19046). - coresight: trbe: Drop duplicate TRUNCATE flags (jsc#SLE-19046). - coresight: trbe: Ensure the format flag is always set (jsc#SLE-19046). - coresight: etm-pmu: Ensure the AUX handle is valid (jsc#SLE-19046). - coresight: etm4x: Use Trace Filtering controls dynamically (jsc#SLE-19046). - coresight: etm4x: Save restore TRFCR_EL1 (jsc#SLE-19046). - coresight: Don't immediately close events that are run on invalid CPU/sink combos (jsc#SLE-19046). - coresight: tmc-etr: Speed up for bounce buffer in flat mode (jsc#SLE-19046). - coresight: Update comments for removing cs_etm_find_snapshot() (jsc#SLE-19046). - coresight: tmc-etr: Use perf_output_handle::head for AUX ring buffer (jsc#SLE-19046). - coresight: tmc-etf: Add comment for store ordering (jsc#SLE-19046). - coresight: tmc-etr: Add barrier after updating AUX ring buffer (jsc#SLE-19046). - coresight: tmc: Configure AXI write burst size (jsc#SLE-19046). - arm64: errata: Add detection for TRBE write to out-of-range (jsc#SLE-19046). - arm64: errata: Add workaround for TSB flush failures (jsc#SLE-19046). - arm64: errata: Add detection for TRBE overwrite in FILL mode (jsc#SLE-19046). - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (jsc#SLE-19046). - commit d3c2191 - Update patches.suse/RDMA-cma-Do-not-change-route.addr.src_addr.ss_family.patch (stable-5.14.10 bsc#1192845 CVE-2021-43975). Added CVE reference - commit 8142e42 - atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (bsc#1192845 CVE-2021-43975). - commit 283c0a0 - perf: qcom_l2_pmu: ACPI: Use ACPI_COMPANION() directly (git-fixes). - drivers/perf: thunderx2_pmu: Change data in size tx2_uncore_event_update() (git-fixes). - drivers/perf: hisi: Fix PA PMU counter offset (git-fixes). - KVM: arm64: Fix PMU probe ordering (git-fixes). - KVM: arm64: perf: Replace '0xf' instances with ID_AA64DFR0_PMUVER_IMP_DEF (git-fixes). - commit 91fb475 - usb: typec: altmodes/displayport: Make dp_altmode_notify() more generic (git-fixes). - commit 5136280 - x86/entry: Use the correct fence macro after swapgs in kernel CR3 (bsc#1190497). - commit e1ed0c4 - Refresh patches.suse/s390-lock-down-kernel-in-secure-boot-mode.patch. - commit 2d12b8e - x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() (bsc#1190497). - commit 69d2c59 - unmark patches.suse/arm64-lock-down-kernel-in-secure-boot-mode.patch - commit 36647a7 - Refresh patches.suse/powerpc-lock-down-kernel-in-secure-boot-mode.patch. - commit e4b09e3 - unmark patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch - commit 0cf1770 - Refresh patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch. - Update config files. x86_64, arm64, ppc64le, s390x - Add CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y - commit 6189d45 - Refresh patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch. - commit f2a5454 - Refresh patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch. - commit f2c3a99 - usb: cdnsp: Fix a NULL pointer dereference in cdnsp_endpoint_init() (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - serial: 8250_bcm7271: UART errors after resuming from S2 (git-fixes). - serial: 8250_pci: rewrite pericom_do_set_divisor() (git-fixes). - serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array (git-fixes). - serial: 8250: Fix RTS modem control while in rs485 mode (git-fixes). - serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 (git-fixes). - serial: liteuart: fix minor-number leak on probe errors (git-fixes). - serial: liteuart: fix use-after-free and memleak on unbind (git-fixes). - serial: liteuart: Fix NULL pointer dereference in ->remove() (git-fixes). - vgacon: Propagate console boot parameters before calling `vc_resize' (git-fixes). - tty: serial: msm_serial: Deactivate RX DMA for polling support (git-fixes). - serial: core: fix transmit-buffer reset and memleak (git-fixes). - commit 3fabb98 - Move upstreamed USB fix into sorted section - commit e02363b ++++ kmod: - Ensure that kmod and packages linking to libkmod provide same features (bsc#1193430). ++++ multipath-tools: - Update to 0.8.8+38+suse.2bdd3a14.obscpio * upstream version bump. Code-wise identical to 0.8.7+138+suse.7c9afe31 ++++ alsa: - Update to version 1.2.6: lots of changes, including UCM and config updates and rawmidi framing mode support: for details, see below https://www.alsa-project.org/wiki/Changes_v1.2.5.1_v1.2.6#alsa-lib - Add *.sig file for the source tarball ++++ mozilla-nss: - Update FIPS validation string to version-release format. - Update nss-fips-approved-crypto-non-ec.patch to remove XCBC MAC from list of FIPS approved algorithms. ++++ makedumpfile: - Non-existent patches must be listed twice to appear as added in a unified diff against a version that had them. Only that can make factory-auto happy. Here we go: * makedumpfile-Retrieve-MAX_PHYSMEM_BITS-from-vmcoreinfo.patch * makedumpfile-arm64-Add-support-for-ARMv8.2-LPA-52-bit-PA-su.patch ++++ qemu: - cross-i386-binutils and cross-i386-gcc are not needed and were dropped from Factory - boo#1193424 ++++ ovmf: - cross-i386-binutils and cross-i386-gcc have been dropped from Factory, so use only cross-x86_64-* - boo#1193424 ++++ runc: - Update to runc v1.0.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.3. CVE-2021-43784 bsc#1193436 * A potential vulnerability was discovered in runc (related to an internal usage of netlink), however upon further investigation we discovered that while this bug was exploitable on the master branch of runc, no released version of runc could be exploited using this bug. The exploit required being able to create a netlink attribute with a length that would overflow a uint16 but this was not possible in any released version of runc. For more information see GHSA-v95c-p5hm-xq8f and CVE-2021-43784. Due to an abundance of caution we decided to do an emergency release with this fix, but to reiterate we do not believe this vulnerability was possible to exploit. Thanks to Felix Wilhelm from Google Project Zero for discovering and reporting this vulnerability so quickly. * Fixed inability to start a container with read-write bind mount of a read-only fuse host mount. * Fixed inability to start when read-only /dev in set in spec. * Fixed not removing sub-cgroups upon container delete, when rootless cgroup v2 is used with older systemd. * Fixed returning error from GetStats when hugetlb is unsupported (which causes excessive logging for kubernetes). ++++ yast2-trans: - Update to version 84.87.20211204.c55adb9b7a: * New POT for text domain 'installation'. * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Slovak) * New POT for text domain 'update'. * New POT for text domain 'storage'. * New POT for text domain 'packager'. * New POT for text domain 'installation'. * New POT for text domain 'base'. * New POT for text domain 'add-on'. * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * New POT for text domain 'users'. * New POT for text domain 'installation'. * New POT for text domain 'autoinst'. * New POT for text domain 'update'. * Translated using Weblate (Japanese) ------------------------------------------------------------------ ------------------ 2021-12-4 - Dec 4 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: hda/cs8409: Set PMSG_ON earlier inside cs8409 driver (git-fixes). - commit e3352ca - ipmi: msghandler: Make symbol 'remove_work_wq' static (git-fixes). - commit 992fab0 - drm/vc4: kms: Fix previous HVS commit wait (git-fixes). - drm/vc4: kms: Don't duplicate pending commit (git-fixes). - drm/vc4: kms: Clear the HVS FIFO commit pointer once done (git-fixes). - drm/vc4: kms: Add missing drm_crtc_commit_put (git-fixes). - drm/vc4: kms: Fix return code check (git-fixes). - drm/vc4: kms: Wait for the commit before increasing our clock rate (git-fixes). - drm/msm: Do hw_init() before capturing GPU state (git-fixes). - drm/msm/a6xx: Allocate enough space for GMU registers (git-fixes). - rt2x00: do not mark device gone on EPROTO errors during start (git-fixes). - mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode (git-fixes). - iwlwifi: Fix memory leaks in error handling path (git-fixes). - iwlwifi: fix warnings produced by kernel debug options (git-fixes). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available (git-fixes). - ipmi: Move remove_work to dedicated workqueue (git-fixes). - commit 7d5a7f0 - i2c: stm32f7: stop dma transfer in case of NACK (git-fixes). - i2c: stm32f7: recover the bus on access timeout (git-fixes). - i2c: stm32f7: flush TX FIFO upon transfer errors (git-fixes). - i2c: cbus-gpio: set atomic transfer callback (git-fixes). - dma-buf: system_heap: Use 'for_each_sgtable_sg' in pages free flow (git-fixes). - atlantic: Remove warn trace message (git-fixes). - atlantic: Fix statistics logic for production hardware (git-fixes). - atlantic: Add missing DIDs and fix 115c (git-fixes). - atlantic: Fix to display FW bundle version instead of FW mac version (git-fixes). - atlatnic: enable Nbase-t speeds with base-t (git-fixes). - atlantic: Increase delay for fw transactions (git-fixes). - ASoC: rk817: Add module alias for rk817-codec (git-fixes). - ASoC: tegra: Fix kcontrol put callback in Mixer (git-fixes). - ASoC: tegra: Fix kcontrol put callback in ADX (git-fixes). - ASoC: tegra: Fix kcontrol put callback in AMX (git-fixes). - ASoC: tegra: Fix kcontrol put callback in SFC (git-fixes). - ASoC: tegra: Fix kcontrol put callback in MVC (git-fixes). - ASoC: tegra: Fix kcontrol put callback in AHUB (git-fixes). - ASoC: tegra: Fix kcontrol put callback in DSPK (git-fixes). - ASoC: tegra: Fix kcontrol put callback in DMIC (git-fixes). - ASoC: tegra: Fix kcontrol put callback in I2S (git-fixes). - ASoC: tegra: Fix kcontrol put callback in ADMAIF (git-fixes). - ASoC: tegra: Fix wrong value type in MVC (git-fixes). - ASoC: tegra: Fix wrong value type in SFC (git-fixes). - ASoC: tegra: Fix wrong value type in DSPK (git-fixes). - ASoC: tegra: Fix wrong value type in DMIC (git-fixes). - ASoC: tegra: Fix wrong value type in I2S (git-fixes). - ASoC: tegra: Fix wrong value type in ADMAIF (git-fixes). - ALSA: intel-dsp-config: add quirk for CML devices based on ES8336 codec (git-fixes). - commit d6b0e1d ------------------------------------------------------------------ ------------------ 2021-12-3 - Dec 3 2021 ------------------- ------------------------------------------------------------------ ++++ blog: - Update to version 2.26 * On s390/x and PPC64 gcc misses unused arg0 - Remove patch fcb9e0c2.patch as now part of tar ball ++++ glib2: - Update to version 2.70.2: + Fix use of the default log writer with journald namespaces + Fix hang in `dbus-daemon` under `GTestDBus` when `G_MESSAGES_DEBUG=all` is set + Speed up `g_canonicalize_filename()` to avoid pathogenic cases with `..` + Fix URI for pcre subproject as it’s moved upstream + Fix storing GSettings dictionaries on macOS + Speed up ‘remove dot segments’ algorithm in `GUri` to avoid pathogenic cases with `..` + Fix infinite loops in D-Bus message parsing for truncated inputs + Improve correctness of version information returned by `g_get_os_info()` for Windows 10/Server 2019+ + Bugs fixed: glgo#GNOME/GLib#2400, glgo#GNOME/GLib#2426, glgo#GNOME/GLib#2528, glgo#GNOME/GLib#2530, glgo#GNOME/GLib#2537, glgo#GNOME/GLib#2541, glgo#GNOME/GLib!2312, glgo#GNOME/GLib!2313, glgo#GNOME/GLib!2314, glgo#GNOME/GLib!2316, glgo#GNOME/GLib!2320, glgo#GNOME/GLib!2335, glgo#GNOME/GLib!2337, glgo#GNOME/GLib!2340, glgo#GNOME/GLib!2344, glgo#GNOME/GLib!2356, glgo#GNOME/GLib!2359, glgo#GNOME/GLib!2361, glgo#GNOME/GLib!2363, glgo#GNOME/GLib!2366, glgo#GNOME/GLib!2375, glgo#GNOME/GLib!2383. + Updated translations. ++++ kernel-default: - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (git-fixes). - commit 713d069 - xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569). - commit e4fbc61 - ibmvnic: drop bad optimization in reuse_tx_pools() (bsc#1193349 ltc#195568). - ibmvnic: drop bad optimization in reuse_rx_pools() (bsc#1193349 ltc#195568). - commit 667806f ++++ multipath-tools: - Drop versioned dependency on libmpath0 again (bsc#1190622) * Since 0.8.6, libmultipath and libmpathpersist have got proper ABI versioning, and rpmbuild auto-generates dependencies on libmultipath.so.0(LIBMULTIPATH_13.0.0) etc. ++++ pango: - Update to version 1.50.0: + Fix glyph placement in gravity east + Fix line heights in improper gravities + Only shown selected ignorables with nicks + Support tab alignments other than left + Support custom decimal points on decimal tabs + Fix a pango-view crash + Optimize handling of many tabs + Drop json-glib dependency - Drop pkgconfig(json-glib-1.0) BuildRequires, no longer needed. ++++ zlib: - Update 410.patch to include new fixes from upstream, fixes bsc#1192688 - Refresh bsc1174736-DFLTCC_LEVEL_MASK-set-to-0x1ff.patch to match upstream commit - Drop patches which changes have been merged in 410.patch: * zlib-compression-switching.patch * zlib-390x-z15-fix-hw-compression.patch * bsc1174551-fxi-imcomplete-raw-streams.patch ++++ makedumpfile: - Merge SLE15 SP3 changelog. - Patches that were never actually applied to Factory: * makedumpfile-Retrieve-MAX_PHYSMEM_BITS-from-vmcoreinfo.patch (included in 1.6.8) * makedumpfile-arm64-Add-support-for-ARMv8.2-LPA-52-bit-PA-su.patch (included in 1.6.8) ++++ ovmf: - Merge the difference from SLE for pushing back to SLE15-SP4 - Add/Update 50-xen-hvm-x86_64.json in descriptors.tar.xz - Add the json descriptor for xen-hvm (bsc#1180050) - Add "nvram-template" and change the firmware file to ovmf-x86_64-ms-4m.bin (bsc#1180050, bsc#1181264) - The following patches in SLE are already in edk2-edk2-stable202108 in factory, so they will be removed from 15-SP4 - ovmf-bsc1177789-cryptopkg-fix-null-dereference.patch to fix the potential NULL dereference in AuthenticodeVerify() (bsc#1177789, CVE-2019-14584) - 26442d11e620a9 edk2-stable202011~124 - ovmf-bsc1180079-amd-sev-es-mitigation.patch to mitigate the potential AMD SEV-ES security issues (bsc#1180079) - a91b700e385e74 edk2-stable202102~181 - ovmf-jscSLE-16075-SEV-ES-use-physical-address.patch as the follow-up patch for SEV-ES to fix the flash writing (jsc#SLE-16075) - 3a3501862f7309 edk2-stable202102~105 - ovmf-bsc1183578-lzma-catch-4GB.patch to fix the possible heap corruption (bsc#1183578, CVE-2021-28211) - e7bd0dd26db7e5 edk2-stable202011~7 - ovmf-bsc1183579-fix-fv-recursion.patch to fix unlimited FV recursion (bsc#1183579, CVE-2021-28210) - b9bdfc72853fe9 edk2-stable202011~9 - Add ovmf-bsc1186151-fix-iscsi-overflows.patch to fix the possible overflows in IScsiDxe (bsc#1186151) - 83761337ec91fb edk2-stable202108-rc0~171 ------------------------------------------------------------------ ------------------ 2021-12-2 - Dec 2 2021 ------------------- ------------------------------------------------------------------ ++++ blog: - Add upstream patch fcb9e0c2.patch * On s390/x and PPC64 gcc misses unused arg0 - Update to version 2.24 * Avoid install errror due missed directory - Update to version 2.22 * Avoid KillMode=none for newer systemd version as well as rework the systemd unit files of blog (boo#1186506) ++++ librsvg: - Remove librsvg-s390x-cairo-has-current-point.patch - it is included in the upstream tarball now. ++++ kernel-default: - Bluetooth: Apply initial command workaround for more Intel chips (bsc#83f2dafe2a62). - commit e1329be - drm/i915/hdmi: Turn DP++ TMDS output buffers back on in encoder->shutdown() (git-fixes). - commit 905574f - Refresh patches.suse/drm-i915-Extend-the-async-flip-VT-d-w-a-to-skl-bxt.patch. Alt-commit - commit afad9d5 - Refresh patches.suse/drm-i915-gvt-fix-the-usage-of-ww-lock-in-gvt-schedul.patch. Alt-commit - commit 0475b7e - Refresh patches.suse/drm-amdgpu-Fix-even-more-out-of-bound-writes-from-de.patch. Alt-commit. Also updated the patch-mainline tag. - commit ce4a8c2 - Refresh patches.suse/drm-amd-display-Fix-deadlock-when-falling-back-to-v2.patch. Alt-commit - commit fadf24f - drm/amdgpu/display: add quirk handling for stutter mode (git-fixes). - commit 9ae484d - fuse: release pipe buf after last use (bsc#1193318). - commit fad20a3 - drm/msm/dsi: fix wrong type in msm_dsi_host (git-fixes). - commit 9d4cd6e - drm/msm/dsi: do not enable irq handler before powering up the host (git-fixes). - commit 21c53a3 - mm: vmscan: Reduce throttling due to a failure to make progress (bsc#1190208 (MM functional and performance backports)). - commit c9d43e5 - sched,x86: Fix L2 cache mask (bsc#1193302). - commit 512a2f3 - sched/fair: Adjust the allowed NUMA imbalance when SD_NUMA spans multiple LLCs (bsc#1192120). - sched/fair: Use weight of SD_NUMA domain in find_busiest_group (bsc#1192120). - commit 67de029 - Delete patches.suse/sched-fair-Adjust-the-allowed-NUMA-imbalance-when-SD_NUMA-spans-multiple-LLCS.patch. - commit 79c1d08 - drm/msm/dsi: rename dual DSI to bonded DSI (git-fixes). - commit 383555c - drm/amd/pm: Fix incorrect power limit readback in smu11 if POWER_SOURCE_DC (git-fixes). - commit c04f48c - drm/i915: Replace the unconditional clflush with drm_clflush_virt_range() (git-fixes). - commit bf0c1da - Refresh patches.suse/drm-i915-Remove-memory-frequency-calculation.patch. Alt-commit - commit 2650497 - Refresh patches.suse/0001-drm-i915-guc-drop-guc_communication_enabled.patch. Alt-commit - commit 01f68ee - blacklist.conf: faf890985e30 drm/i915: Fix syncmap memory leak - commit 62955ef - Refresh patches.suse/drm-amdgpu-handle-the-case-of-pci_channel_io_frozen-.patch. Alt-commit - commit 3b7e322 - staging: rtl8723bs: remove a second possible deadlock (git-fixes). - commit e15a622 - USB: serial: option: add Fibocom FM101-GL variants (git-fixes). - USB: serial: option: add Telit LE910S1 0x9200 composition (git-fixes). - mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB (git-fixes). - drm/nouveau: recognise GA106 (git-fixes). - drm/amdgpu: IH process reset count when restart (git-fixes). - PCI: aardvark: Simplify initialization of rootcap on virtual bridge (git-fixes). - PCI: aardvark: Implement re-issuing config requests on CRS response (git-fixes). - staging: rtl8723bs: remove a third possible deadlock (git-fixes). - staging: rtl8723bs: remove possible deadlock when disconnect (v2) (git-fixes). - commit cbbc2ed - rpm/kernel-binary.spec.in: don't strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash... - commit 83af88d ++++ multipath-tools: - Update to version 0.8.7+138+suse.7c9afe31: New upstream version (pre-0.8.8) * deprecate "config_dir" and "multipath_dir" config options (will be removed in future version) * remove dependency on systemd-udevd-settle.service (boo#1193336) * fix crash in remove_map (boo#1193334) * CLI: add path wildcard "%I" for init state * CLI: add "reconfigure all" command * allow multiple pending "reconfigure" commands (bsc#1189551) * speed up "reconfigure" by avoiding unnecessary map reloads (bsc#1189551) * rework of CLI command handler (unix socket handler) to avoid hanging CLI commands (bsc#1189551) * fix multipathd startup after stop during reconfigure (boo#1193338) * improve error detection and warning messages in config file parser * fix exit status of multipath -T (bsc#1191900) * fix defects reported by coverity (boo#1193342) - avoid sleeping with locks held - exit if bindings file is broken - set umask before mkstemp - add bounds and consistency checks in SCSI VPD parsing code * add hardware table entry for DellEMC/ME4 (PowerVault ME4) ++++ rdma-core: - Update to v38.0 (jsc#SLE-18383) - Bugfixes on all providers - New provider for irdma support - Add rdma-ndd to recommended depencies of rdma-core ++++ mozilla-nss: - Mozilla NSS 3.68.1 MFSA 2021-51 (bsc#1193170) * CVE-2021-43527 (bmo#1737470) Memory corruption via DER-encoded DSA and RSA-PSS signatures - Remove now obsolete patch nss-bsc1193170.patch ++++ libseccomp: - reenable python bindings at least for the distro default python3 package: - adds make-python-build.patch ++++ libvirt: - libxl: Fix libvirtd deadlocks and segfaults 23b51d7b-libxl-disable-death-event.patch, a4e6fba0-libxl-rename-threadinfo-struct.patch, e4f7589a-libxl-shutdown-thread-name.patch, b9a5faea-libxl-handle-death-thread.patch, 5c5df531-libxl-search-domid-in-thread.patch, a7a03324-libxl-protect-logger-access.patch bsc#1191668, bsc#1192017 - Update to libvirt 7.10.0 - jsc#SLE-18260, jsc#SLE-19264 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v7-10-0-2021-12-01 ++++ python-libvirt-python: - Update to 7.10.0 - Add all new APIs and constants in libvirt 7.10.0 - jsc#SLE-18260, jsc#SLE-19264 ++++ restorecond: - Claim ownership for %{_sysconfdir}/selinux ++++ yast2: - Drop support for subscription-tools, that package is not present in SLE15 anymore - removed modules/ProductProfiles.rb file (bsc#1193339) - 4.4.27 - Popup.YesNo(): Unify the internal [No] button ID (bsc#1193326) - 4.4.26 ------------------------------------------------------------------ ------------------ 2021-12-1 - Dec 1 2021 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - Ignore multipath devices when probing devices for a btrfs filesystem (bsc#1192983) * 0001-btrfs-progs-Add-optional-dependency-on-libudev.patch * 0002-btrfs-progs-Ignore-devices-representing-paths-in-mul.patch * 0003-btrfs-progs-Add-fallback-code-for-path-device-ignore.patch ++++ ignition: - Update to version 2.13.0: * news: add notes for 2.13.0 * config/v3_4_exp: noProxy entries cannot be null * config/v3_4_exp: mark ignition.version as required * docs/supported-platforms: add some description about Nutanix * providers/nutanix: add Nutanix platform * tests: use umountPath as a thin wrapper around umountPartition * internal/providers: refactor handling of unmounting the mount path * tests: address gostatic-check warning * tests: Add base64 decoding test * Dockerfile.validate: build with Fedora 35 * go.mod: update dataurl to 1.0.0 * ci: give blackbox tests two hours to run * tests/filesystem: fix umountPartition retry loop * templates: skip vendoring the new version in favor of dependabot * go.mod: update vcontext * providers/virtualbox: read config from /Ignition/Config guest property * stages/filesystems: use mkfs.fat instead of mkfs.vfat * docs/supported-platforms: switch to Afterburn docs URL * docs/supported-platforms: drop reference to platform-specific agents * test: ensure all platforms are documented * docs/supported-platforms: add missing platforms * stages/files: rename `relabelDirsForFile` and add docstring * stages/files: make variable name follow Go convention * docs/supported-platforms: update platform names and URLs * docs/supported-platforms: sort by platform ID * docs/supported-platforms: add platform IDs * docs: Remove default layout from front matter * docs: Do not convert -- & --- to en/em-dash * internal/*: change the location of Ignition report * internal/exec/util: rename FindFirstMissingDirForFile and tweak docs * providers/qemu: start reporting progress reading fw_cfg after 10 s * providers/qemu: optimize fw_cfg read size * ci: use coreos-ci-lib helper for kola testiso * *: gofmt 1.17 * workflows: bump Go and golangci-lint * config: update versions in comments - Removed obsolete ignition-rpmlintrc ++++ kernel-default: - Refresh patches.suse/drm-amdkfd-fix-a-potential-ttm-sg-memory-leak.patch. Alt-commit - commit 18c0378 - Refresh patches.suse/drm-amdkfd-fix-dma-mapping-leaking-warning.patch. Alt-commit - commit d513741 - Refresh patches.suse/0001-drm-amd-display-Fix-white-screen-page-fault-for-gpuv.patch. Alt-commit - commit d8362fa - Refresh patches.suse/0001-drm-amdgpu-fix-use-after-free-during-BO-move.patch. Alt-commit - commit 6231070 - Refresh patches.suse/drm-i915-tc-Fix-TypeC-port-init-resume-time-sanitiza.patch. Alt-commit - commit 75478ec - Refresh patches.suse/0425-drm-i915-Update-memory-bandwidth-parameters.patch. Alt-commit - commit 20108dd - blacklist.conf: b6dfa4161729 drm/i915/dp: Drop redundant debug print - commit c59ba00 - Refresh patches.suse/0001-drm-i915-dp-return-proper-DPRX-link-training-result.patch. Alt-commit - commit 70fb6b8 - blacklist.conf: d8959fb33890 drm/i915/dp: remove superfluous EXPORT_SYMBOL() - commit 83d3fca - blacklist.conf: f6864b27d6d3 drm/i915/edp: fix eDP MSO pipe sanity checks for ADL-P - commit fc8a263 - blacklist.conf: 8b46cc6577f4 drm/i915: Tweaked Wa_14010685332 for all PCHs - commit 8d282e0 - blacklist.conf: c5589bb5dccb drm/i915: Only access SFC_DONE when media domain is not fused off - commit e46b9ce - blacklist.conf: 70418a68713c drm/i915/display: Fix the 12 BPC bits for PIPE_MISC reg - commit 0ee0cf4 - rtw89: add AXIDMA and TX FIFO dump in mac_mem_dump (bsc#1188303). - rtw89: fix potentially access out of range of RF register array (bsc#1188303). - rtw89: remove unneeded variable (bsc#1188303). - rtw89: remove unnecessary conditional operators (bsc#1188303). - rtw89: update tx power limit/limit_ru tables to R54 (bsc#1188303). - rtw89: update rtw89 regulation definition to R58-R31 (bsc#1188303). - rtw89: fill regd field of limit/limit_ru tables by enum (bsc#1188303). - commit bdba716 - Update rtw89 fix with the upstream patch from wireless-drivers tree - commit 70a5c33 - mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (CVE-2021-43976 bsc#1192847). - commit 4829170 ++++ kernel-firmware: - Update to version 20211123 (git commit b0e898fbaf37): * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * amdgpu: update yellow carp dmcub firmware * amdgpu: update vangogh DMCUB firmware * Update ath10k/QCA6174/hw3.0/board-2.bin * mrvl: prestera: Update Marvell Prestera Switchdev v4.0 * QCA: Add Bluetooth firmware for WCN685x - Fix the script to adapt ZSTD compressed modules (jsc#SLE-21256) - Update _service to follow branch main instead - Update aliases ++++ libXfixes: - update to version 6.0 is needed for GNOME41, particularly the gnome-settings-daemon's new feature to disconnect from Xwayland (JIRA #SLE-22829) ++++ suseconnect-ng: - Update to version 0.0.4~git0.64b80e9: * Makefile: also run tests under ./suseconnect * Switch yast-test to upstream * Removed examples leftover from the POC phase * Add HA repo to get rubygem(ffi) before it's in the baseproduct * Add versions and lib deps * Post-review cleanup * Package libsuseconnect and shim * Align with yast-registration tests * Fix SSLCertificate mixins * Fix logger crash and restore mixin * Removed TODO item handled separately * Enable debug early * Add package search for YaST's "Online Search" * Clarify Repo fields * Export UpdateSystem() * Export SystemActivations() * Add migration functions * Fix handling of IsBase attribute * Add missing JSONError * Add list_installer_updates * Add "update certificates" * Add more specific errors * Improved SSL error handling * Init defaults for get_config() * Improved debug logging * Fix error scopes * Fix ApiError interface * Added DEFAULT_CREDENTIALS_DIR const * get proxy credentials from curlrc * Forward logs from Connect to YaST * Separate Info logger * Added more TODO items * Simplify Config object init * Map Repo and Config fields to JSON * Add remaining fields listed in addon.rb * Add product_type field to product * First working yast part * Add relative path support to credentials * Add steps to test from yast * Add yast create_credentials_file * Add CreateCredentials() method * Add yast credentials() * Add yast announce_system - WIP * Add MergeJSON method for Config * Add readme for YaST integration * Fix usage text * Add missing -g argument * Fix OBS CI, it now requires target * Add manpage placeholder * Simplify packageWanted() * Add sorting and grouping options * Add local repo search and duplicate removal * Add basic online package search * Update rpm spec for zypper-search-packages-plugin * Add CLI for zypper search-packages plugin * Optional base product in package search * Use DefaultTransport defaults + client timeout * Extract ReleaseType from zypper output * Print failed command on zypper error like the Ruby * Add package_search API wrapper * Allow de-register/de-activate a single product * Improve docstring for the Status struct * Always show subscription information if available * Refactor getStatuses() to ease testing * Add SUMA/Uyuni check * Fix status output order to follow zypper product xml * Change GetExtensionsList() to reduce calls * Add the subscription name to status output * allow --instance-data together with --regcode * Post-review cleanups * Add selfupdate functionality * Handle Leap -> SLES migration scenario * Add offline migrations support * Change parse error string and add block comment * Add disabling of obsolete repos * Add zypper repos listing * Add interactive migration selection * Allow loading Config from any path * Remove dummy flag * Add snapper support * Add zypper backup/restore functions * Use connect.StringSet * Add --query option * Add product and break-my-system options * Add note on conflicting flags * Check for flag contradictions * Add echoing output of executed commands to console * Move product printing out of checkProducts() * Split --debug and --verbose * Add zypper dist-upgrade part * Split migration code * Extract migration sorting * Expose migration(Add|Remove)Service() functions * Trap SIGINT/SIGTERM * Add zypper.RefreshRepos() * Expose client.upgradeProduct() * Add --root parameter * Add --migration N parameter * Prepare available migrations * Add API call to get online migration paths * Add system products checking * Add quiet logger for easier --quiet handling * Add zypper migration plugin implementation. * Export toTriplet and installReleasePackage * Add basic string set implementation * Remove quiet param from execute() and zypperRun() * Simplify mocking of external commands ++++ yast2: - Add register_target to the Y2Packager::Product class (bsc#1193212). - 4.4.25 - Do not crash when it is not possible to fetch the package containing the release notes (bsc#1193148). - 4.4.24 ------------------------------------------------------------------ ------------------ 2021-11-30 - Nov 30 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - nvme-pci: add NO APST quirk for Kioxia device (git-fixes). - commit 86d3c56 - crypto: dh - call dh_init() after drbg_init() and jent_mod_init() (jsc#SLE-21132,bsc#1191256). - commit 61dfd91 - crypto: dh - implement FIPS PCT (jsc#SLE-21132,bsc#1191256). - commit 9f91254 - crypto: dh - accept only approved safe-prime groups in FIPS mode (jsc#SLE-21132,bsc#1191256). - commit 2d1a8e9 - crypto: dh - try to match domain parameters to a known safe-prime group (jsc#SLE-21132,bsc#1191256). - commit 26a335b - crypto: dh - calculate Q from P for the full public key verification (jsc#SLE-21132,bsc#1191256). - commit b4037c4 - crypto: dh - store group id in dh-generic's dh_ctx (jsc#SLE-21132,bsc#1191256). - commit f0486a1 - lib/mpi: export mpi_rshift (jsc#SLE-21132,bsc#1191256). - commit 4310d0e - crypto: testmgr - add DH test vectors for key generation (jsc#SLE-21132,bsc#1191256). - commit 54bd083 - crypto: dh - introduce support for ephemeral key generation to qat driver (jsc#SLE-21132,bsc#1191256). - commit 7368cee - crypto: dh - introduce support for ephemeral key generation to hpre driver (jsc#SLE-21132,bsc#1191256). - commit 2b8dc8a - crypto: dh - introduce support for ephemeral key generation to dh-generic (jsc#SLE-21132,bsc#1191256). - commit 3773460 - crypto: dh - implement private key generation primitive (jsc#SLE-21132,bsc#1191256). - commit 6465374 - crypto: testmgr - run only subset of DH vectors based on config (jsc#SLE-21132,bsc#1191256). - commit ac8f2bb - crypto: testmgr - add DH RFC 3526 modp2048 test vector (jsc#SLE-21132,bsc#1191256). - commit d59cad5 - crypto: dh - introduce RFC 3526 safe-prime groups (jsc#SLE-21132,bsc#1191256). - Update config files. - commit 7ce8fbd - crypto: testmgr - add DH RFC 7919 ffdhe3072 test vector (jsc#SLE-21132,bsc#1191256). - commit 66277b9 - crypto: dh - introduce RFC 7919 safe-prime groups (jsc#SLE-21132,bsc#1191256). - Update config files. - commit ffde948 - hwmon: (dell-smm-hwmon) Fix fan mutliplier detection for 3rd fan (git-fixes). - commit fc58f7c - hwmon: (dell-smm-hwmon) Convert to devm_hwmon_device_register_with_info() (git-fixes). - commit 8eb28b7 - crypto: dh - optimize domain parameter serialization for well-known groups (jsc#SLE-21132,bsc#1191256). - commit 0e9a462 - crypto: dh - constify struct dh's pointer members (jsc#SLE-21132,bsc#1191256). - commit cd58585 - crypto: dh - remove struct dh's ->q member (jsc#SLE-21132,bsc#1191256). - commit ca28b3e - hwmon: (dell-smm-hwmon) Move variables into a driver private data structure (git-fixes). - commit a97cfe2 - hwmon: (dell-smm-hwmon) Use devm_add_action_or_reset() (git-fixes). - commit 12a377a - hwmon: (dell-smm-hwmon) Mark functions as __init (git-fixes). - commit a95801d - ptp: ocp: add COMMON_CLK dependency (git-fixes). - commit c11a32b - hwmon: (dell-smm-hwmon) Use platform device (git-fixes). - commit f051ae7 - mm: Add kvrealloc() (git-fixes). - commit ef97709 - crypto: jitter - quit sample collection loop upon RCT failure (jsc#SLE-21132,bsc#1191259). - commit 990cfda - crypto: jitter - don't limit ->health_failure check to FIPS mode (jsc#SLE-21132,bsc#1191259). - commit 583d284 - crypto: drbg - ignore jitterentropy errors if not in FIPS mode (jsc#SLE-21132,bsc#1191259). - commit a216735 - mt76: drop MCU header size from buffer size in __mt76_mcu_send_firmware (git-fixes). - commit 3d10da9 - mt76: introduce __mt76_mcu_send_firmware routine (git-fixes). - commit a54556a - x86/hyperv: Move required MSRs check to initial platform probing (git-fixes). - x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails (git-fixes). - Drivers: hv: balloon: Use VMBUS_RING_SIZE() wrapper for dm_ring_size (git-fixes). - net: mana: Fix spelling mistake "calledd" -> "called" (jsc#SLE-18779, bsc#1185726). - PCI: hv: Remove unnecessary use of %hx (git-fixes). - Drivers: hv : vmbus: Adding NULL pointer check (git-fixes). - x86/hyperv: Remove duplicate include (git-fixes). - x86/hyperv: Remove duplicated include in hv_init (git-fixes). - Drivers: hv: vmbus: Remove unused code to check for subchannels (git-fixes). - net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185726). - net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185726). - net: mana: Report OS info to the PF driver (jsc#SLE-18779, bsc#1185726). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185726). - net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185726). - hv_netvsc: Add comment of netvsc_xdp_xmit() (git-fixes). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185726). - net: use eth_hw_addr_set() (jsc#SLE-19256). - commit 64933c8 - Revert "drm/i915: Fix missing docbook chapters for i915 uapi" This reverts commit d33eb4b2a0b7422c9dc94bcd23d0d9ef458f2f77. - commit 6e0d735 - bpf: Stop caching subprog index in the bpf_pseudo_func insn (git-fixes). - commit 76c87a6 ++++ mozilla-nss: - Add patch to fix CVE-2021-43527 (bsc#1193170): nss-bsc1193170.patch ++++ libgcrypt: - FIPS: Define an entropy source SP800-90B compliant [bsc#1185140] * Disable jitter entropy by default in random.conf * Disable only-urandom option by default in random.conf ++++ sqlite3: - SQLite3 3.37.0: * STRICT tables provide a prescriptive style of data type management, for developers who prefer that kind of thing. * When adding columns that contain a CHECK constraint or a generated column containing a NOT NULL constraint, the ALTER TABLE ADD COLUMN now checks new constraints against preexisting rows in the database and will only proceed if no constraints are violated. * Added the PRAGMA table_list statement. * Add the .connection command, allowing the CLI to keep multiple database connections open at the same time. * Add the --safe command-line option that disables dot-commands and SQL statements that might cause side-effects that extend beyond the single database file named on the command-line. * CLI: Performance improvements when reading SQL statements that span many lines. * Added the sqlite3_autovacuum_pages() interface. * The sqlite3_deserialize() does not and has never worked for the TEMP database. That limitation is now noted in the documentation. * The query planner now omits ORDER BY clauses on subqueries and views if removing those clauses does not change the semantics of the query. * The generate_series table-valued function extension is modified so that the first parameter ("START") is now required. This is done as a way to demonstrate how to write table-valued functions with required parameters. The legacy behavior is available using the -DZERO_ARGUMENT_GENERATE_SERIES compile-time option. * Added new sqlite3_changes64() and sqlite3_total_changes64() interfaces. * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2(). * Use less memory to hold the database schema. * bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert extension when a column has no collating sequence. ++++ raspberrypi-firmware-dt: Enable RaspberryPi Zero 2 (jsc#SLE-23131). - Update to 14c1845ff9 (2021-11-19): * Add DTS: - bcm2710-rpi-zero-2-w.dts - bcm2710-rpi-zero-2.dts * Add overlays: - adafruit-st7735r-overlay.dts - fbtft-overlay.dts - imx519-overlay.dts - mcp2515-overlay.dts - mlx90640-overlay.dts ++++ yast2: - Prepare code for ruby3 (bsc#1193192) - 4.4.23 ------------------------------------------------------------------ ------------------ 2021-11-29 - Nov 29 2021 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Use %autosetup - Don't include sample rules as %doc, they're already installed as normal files - Fix create-augenrules-service.patch: * auditd.service needs to require augenrules.service, not the other way around - Fix documentation for enable-stop-rules.patch ++++ kernel-default: - usb: ohci: disable start-of-frame interrupt in ohci_rh_suspend (git-fixes). - commit 474865f - Refresh patches.suse/0410-drm-i915-adl_p-Also-disable-underrun-recovery-with-M.patch. Add alt-commit tag for duplicate - commit b076848 - drm/i915/guc: Reset LRC descriptor if register returns -ENODEV (git-fixes). - commit 65e549a - drm/i915/guc: Take context ref when cancelling request (git-fixes). - commit 506a6d9 - drm/i915/guc: Copy whole golden context, set engine state size of subset (git-fixes). - commit b1fdf4a - drm/i915/guc: Don't enable scheduling on a banned context, guc_id invalid, not registered (git-fixes). - commit c06d135 - drm/i915/guc: Kick tasklet after queuing a request (git-fixes). - commit 35e2726 - drm/i915/guc: Workaround reset G2H is received after schedule done G2H (git-fixes). - commit e25f4c3 - drm/i915/guc: Don't drop ce->guc_active.lock when unwinding context (git-fixes). - commit 380814a - drm/i915/guc: Unwind context requests in reverse order (git-fixes). - commit b4b0087 - drm/i915/guc: Fix outstanding G2H accounting (git-fixes). - commit bd00cfe - drm/i915/guc: Fix blocked context accounting (git-fixes). - commit 5787530 - drm/i915: Fix missing docbook chapters for i915 uapi (git-fixes). - commit d33eb4b - config: set the default cpufreq governor on x86 to "ondemand" (bsc#1190923) "Ondemand" has been the default cpufreq governor in previous SLES releases. Upstream has now set the default to be "schedutil" on all x86_64 systems except for the most recent Intel CPUs (see a00ec3874e7d3 ("cpufreq: intel_pstate: Select schedutil as the default governor")). We estimate this choice carries a notable performance regression. The direct effect of this patch is to restore "ondemand" as default governor on AMD systems. Setting CPU_FREQ_DEFAULT_GOV_CONSERVATIVE=n explicitely is necessary otherwise "make syncconfig" thinks that option is new and stops the build, if no silent config updates are permitted. - commit 5f12495 - Revert "cpufreq: Avoid configuring old governors as default with intel_pstate" (bsc#1190923). - commit a145265 - net: hns3: fix incorrect components info of ethtool --reset command (bsc#1190336). - net: hns3: fix one incorrect value of page pool info when queried by debugfs (bsc#1190336). - net: hns3: add check NULL address for page pool (bsc#1190336). - net: hns3: fix VF RSS failed problem after PF enable multi-TCs (bsc#1190336). - ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce() (jsc#SLE-19253). - nixge: fix mac address error handling again (jsc#SLE-19253). - ptp: ocp: Fix a couple NULL vs IS_ERR() checks (jsc#SLE-19253). - RDMA/core: Set sgtable nents when using ib_dma_virt_map_sg() (jsc#SLE-19249). - ethernet: fix up ps3_gelic_net.c for "ethernet: use eth_hw_addr_set()" (jsc#SLE-19256). - ethernet: ehea: add missing cast (jsc#SLE-19256). - dma-mapping: fix the kerneldoc for dma_map_sgtable() (jsc#SLE-19249). - dma-mapping: fix the kerneldoc for dma_map_sg_attrs (jsc#SLE-19249). - ptp: ocp: Have Kconfig select NET_DEVLINK (jsc#SLE-19253). - commit 5d25d7c - iommu/vt-d: Fix unmap_pages support (git-fixes). - commit 7a9b51b - rpm/modules.fips: remove des3 and des (jsc#SLE-21132,bsc#1191261). DES3 has been marked as not approved for FIPS now, remove it from modules.fips. - commit e1ec547 - iommu/rockchip: Fix PAGE_DESC_HI_MASKs for RK3568 (git-fixes). - iommu/dma: Account for min_align_mask w/swiotlb (git-fixes). - swiotlb: Support aligned swiotlb buffers (git-fixes). - iommu/dma: Check CONFIG_SWIOTLB more broadly (git-fixes). - iommu/dma: Fold _swiotlb helpers into callers (git-fixes). - iommu/dma: Skip extra sync during unmap w/swiotlb (git-fixes). - iommu/dma: Fix sync_sg with swiotlb (git-fixes). - iommu/vt-d: Drop "0x" prefix from PCI bus & device addresses (git-fixes). - iommu/amd: Remove iommu_init_ga() (git-fixes). - commit 27f96b2 - crypto: ecdh - implement FIPS PCT (jsc#SLE-21132,bsc#1191256). - commit 4be783b - crypto: populate downstream list of drivers unapproved for FIPS mode usage (jsc#SLE-21132,bsc#1191270). - commit cf79007 - crypto: implement downstream solution for disabling drivers in FIPS mode (jsc#SLE-21132,bsc#1191270). - commit 267194d - hugetlbfs: flush TLBs correctly after huge_pmd_unshare (bsc#1192946 CVE-2021-4002). - commit 9a6f8ea - locking/rwsem: Optimize down_read_trylock() under highly contended case (bsc#1190137). - locking/rwsem: Make handoff bit handling more consistent (bsc#1190137). - shm: extend forced shm destroy to support objects from several IPC nses (git-fixes). - net: stats: Read the statistics in ___gnet_stats_copy_basic() instead of adding (bsc#1189998). - lib/logic_iomem: fix sparse warnings (git-fixes). - net/sched: cls_api, reset flags on replay (bsc#1189998). - commit 2753e49 ++++ python3-core: - Remove shebangs from from python-base libraries in _libdir (bsc#1193179, bsc#1192249). - Readjust patches: - bpo-31046_ensurepip_honours_prefix.patch - decimal.patch - python-3.3.0b1-fix_date_time_compiler.patch ++++ systemd: - Update 1009-drop-or-soften-deprecation-warnings.patch (bsc#1193086) It rewords the warning about the use of 'KillMode=none'. ++++ tpm2.0-abrmd: - Warp selinux into a bcond ++++ python3: - Remove shebangs from from python-base libraries in _libdir (bsc#1193179, bsc#1192249). - Readjust patches: - bpo-31046_ensurepip_honours_prefix.patch - decimal.patch - python-3.3.0b1-fix_date_time_compiler.patch ++++ tpm2.0-tools: - Fix python3-PyYAML requirement - Move the tests inside a bcond. Disabled by default. ++++ yast2-trans: - Update to version 84.87.20211126.cedf3cc035: * New POT for text domain 'installation'. * New POT for text domain 'bootloader'. * New POT for text domain 'autoinst'. * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * New POT for text domain 'storage'. * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * New POT for text domain 'xpram'. * New POT for text domain 's390'. * New POT for text domain 'packager'. * New POT for text domain 'autoinst'. ------------------------------------------------------------------ ------------------ 2021-11-28 - Nov 28 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Move upstreamed xhci patch into sorted section - commit e524866 - crypto: dh - limit key size to 2048 in FIPS mode (jsc#SLE-21132,bsc#1193136). - commit 5ff1146 - crypto: rsa - limit key size to 2048 in FIPS mode (jsc#SLE-21132,bsc#1193136). - commit e13c64c - crypto: des - disallow des3 in FIPS mode (jsc#SLE-21132,bsc#1191261). - commit 5cba32d - crypto: jitter - consider 32 LSB for APT (jsc#SLE-21132,bsc#1191259). - commit e52f765 - crypto: drbg - reseed 'nopr' drbgs periodically from get_random_bytes() (jsc#SLE-21132,bsc#1191259). - commit 9772beb - crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors (jsc#SLE-21132,bsc#1191259). - commit 5d82af9 - crypto: drbg - make reseeding from get_random_bytes() synchronous (jsc#SLE-21132,bsc#1191259). - commit c503088 - crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed() (jsc#SLE-21132,bsc#1191259). - commit fe4673f - crypto: drbg - track whether DRBG was seeded with !rng_is_initialized() (jsc#SLE-21132,bsc#1191259). - commit 832d7de - crypto: drbg - prepare for more fine-grained tracking of seeding state (jsc#SLE-21132,bsc#1191259). - commit 832ea10 - crypto: drbg - Fix unused value warning in drbg_healthcheck_sanity() (jsc#SLE-21132,bsc#1191259). - commit 585265f ------------------------------------------------------------------ ------------------ 2021-11-27 - Nov 27 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - bpf: Fix toctou on read-only map's constant scalar tracking (bsc#1192990,CVE-2021-4001). - commit a65db58 - bpf: Use kvmalloc for map keys in syscalls (bsc#1192990,CVE-2021-4001). - Refresh patches.suse/bpf-Fix-error-usage-of-map_fd-and-fdget-in-generic_m.patch. - commit 8529db1 - usb: hub: Fix locking issues with address0_mutex (git-fixes). - commit 6e122fb - mdio: aspeed: Fix "Link is Down" issue (git-fixes). - lan743x: fix deadlock in lan743x_phy_link_status_change() (git-fixes). - ACPI: Get acpi_device's parent from the parent field (git-fixes). - ACPI: CPPC: Add NULL pointer check to cppc_get_perf() (git-fixes). - PM: hibernate: use correct mode for swsusp_close() (git-fixes). - staging/fbtft: Fix backlight (git-fixes). - USB: serial: pl2303: fix GC type detection (git-fixes). - usb: chipidea: ci_hdrc_imx: fix potential error pointer dereference in probe (git-fixes). - usb: hub: Fix usb enumeration issue due to address0 race (git-fixes). - usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (git-fixes). - usb: dwc3: leave default DMA for PCI devices (git-fixes). - usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes). - usb: dwc3: gadget: Fix null pointer exception (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for elapsed frames (git-fixes). - usb: dwc3: gadget: Check for L1/L2/U3 for Start Transfer (git-fixes). - usb: dwc3: gadget: Ignore NoStream after End Transfer (git-fixes). - usb: dwc3: core: Revise GHWPARAMS9 offset (git-fixes). - mmc: sdhci-esdhc-imx: disable CMDQ support (git-fixes). - commit 41fc655 ++++ pango: - Update to version 1.49.4: + Require fontconfig 2.13 + Require harfbuzz 2.6 + Many fixes to line breaking accuracy + coretext: Correctly clamp text weights at min/max values + Add serialization api for PangoLayout, PangoFont and PangoAttrList + Require json-glib + tests: - Use serialized layouts for test cases - Include fonts in git + pango-view: Accept serialized layouts + Fix a rounding problem with font metrics + Fix visible space display using ␣ - Changes from version 1.49.3: + Fix hinting of glyph metrics + Fix logical glyph extents in vertical gravities + Visualize more default-ignorable glyphs + Fix advance widths in transformed contexts + Implement Small Caps and other casing variations - Changes from version 1.49.2: + Update Unicode data to Unicode 14 + Fix underlining of spaces + Round font metrics when appropriate + Fix some corner cases of cursor positioning + Handle Catalan middle-dot in text segmentation - Changes from version 1.49.1: + Only recompute log attrs when needed + Validate log attrs + Fix conformance issues in Thai and Indic linebreaking + Add pango_attr_break to support customizing line and word breaks + Add font-dependent baseline shifts and sizing for super- and subscripts + Improve hyphenation support + pango-view: - Visualize caret positions and slopes - Show glyph rects - Make --annotate easier to use + Add pango_layout_get_caret_pos to support sloped carets + Improve caret positioning for ligatures + Better under- and overline placement + layout: - Allocate a bit less - Fix cluster extents with rise + Add pango_layout_iter_get_run_baseline + Add pango_glyph_string_index_to_x_full + coretext: Set size on font descriptions + Add color information to PangoGlyphVisAttr - Changes from version 1.49.0: + Require fribidi 1.0.6 + Fix threadsafety issues with Thai + Fix a rounding problem on i386 + Fix font choice for ellipsis + New api: - pango_font_get_languages - Introspection helpers for attributes + Ignore width in horizontal context when itemizing + markup: - Allow specifying size and rise in points - Allow specifying size as percentage + Rewrite pango_layout_move_cursor_visually + Add a line-height attribute and make logical line extents respect it + Add pango_justify_last_line + Add pango_shape_item + Add a text-transform attribute and implement it + Clean up fribidi api usage + Fix a bug in the gravity data table + pango-view: Improve the --annotate option + Fix a possible crash in rendering strikethroughs - Add pkgconfig(json-glib-1.0) BuildRequires, new dependency. ++++ python3-core: - build against openssl 1.1 as it is incompatible with openssl 3.0+ (bsc#1190566) ++++ python3: - build against openssl 1.1 as it is incompatible with openssl 3.0+ (bsc#1190566) ------------------------------------------------------------------ ------------------ 2021-11-26 - Nov 26 2021 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - Port change from Thu Sep 30 08:51:55 UTC 2022 forword to current version which includes a rename of patch git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch to git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch as otherwise autopatch macro does not work anymore ++++ gnutls: - Drop bogus condition "> 1550": that would mean 'more recent than Tumbleweed' which is technically impossible, as Tumbleweed is the leading project (and the condition causes issues as Tumbleweed needs to move away from 1550 due to CODE 15 SP5 plans). ++++ kernel-default: - drm/dp: Don't zero PWMGEN_BIT_COUNT when driver_pwm_freq_hz not specified (git-fixes). - commit c054b5e - Alt-commit updates for duplicates - Refresh patches.suse/0409-drm-i915-Use-designated-initializers-for-init-exit-t.patch. - Refresh patches.suse/0411-drm-i915-gt-Potential-error-pointer-dereference-in-p.patch. - Refresh patches.suse/0412-drm-i915-selftest-Fix-use-of-err-in-igt_reset_-fail-.patch. - Refresh patches.suse/0419-drm-i915-gem-Fix-the-mman-selftest.patch. - Refresh patches.suse/0420-drm-i915-Release-ctx-syncobj-on-final-put-not-on-ctx.patch. - Refresh patches.suse/0421-drm-i915-Get-PM-ref-before-accessing-HW-register.patch. - Refresh patches.suse/0422-drm-i915-selftests-Do-not-use-import_obj-uninitializ.patch. - Refresh patches.suse/0423-drm-i915-selftests-Always-initialize-err-in-igt_dmab.patch. - Refresh patches.suse/0426-drm-i915-Move-__i915_gem_free_object-to-ttm_bo_destr.patch. - Refresh patches.suse/0427-drm-i915-Free-all-DMC-payloads.patch. - Refresh patches.suse/0429-drm-i915-guc-docs-Fix-pdfdocs-build-error-by-removin.patch. - Refresh patches.suse/0432-drm-i915-fix-blank-screen-booting-crashes.patch. - Refresh patches.suse/0439-drm-i915-Fix-bug-in-user-proto-context-creation-that.patch. - Refresh patches.suse/0440-drm-i915-Free-the-returned-object-of-acpi_evaluate_d.patch. - Refresh patches.suse/0445-drm-i915-Revert-guc_id-from-i915_request-tracepoint.patch. - commit 6fe956e - constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm feature which is available only on recent ARMv8.1 CPUs. This should prevent scheduling the kernel on an older slower builder. - commit 60fc53f - iio: imu: adis16400: Fix buffer alignment requirements (git-fixes). - iio: gyro: mpu3050: Fix alignment and size issues with buffers (git-fixes). - iio: adc: ti-adc108s102: Fix alignment of buffer pushed to iio buffers (git-fixes). - staging: wfx: ensure IRQ is ready before enabling it (git-fixes). - commit 594abf0 - firmware: smccc: Fix check for ARCH_SOC_ID not implemented (git-fixes). - firmware: arm_scmi: Fix type error assignment in voltage protocol (git-fixes). - HID: multitouch: disable sticky fingers for UPERFECT Y (git-fixes). - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (git-fixes). - iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (git-fixes). - iio: core: Introduce iio_push_to_buffers_with_ts_unaligned() (git-fixes). - usb: host: ohci-tmio: check return value after calling platform_get_resource() (git-fixes). - usb: typec: tipd: Remove WARN_ON in tps6598x_block_read (git-fixes). - usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes). - memory: tegra20-emc: Add runtime dependency on devfreq governor module (git-fixes). - commit 872c3f8 - drm/hyperv: Fix device removal on Gen1 VMs (git-fixes). - drm/aspeed: Fix vga_pw sysfs output (git-fixes). - drm/vc4: fix error code in vc4_create_object() (git-fixes). - drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks (git-fixes). - drm/amd/display: Set plane update flags for all planes in reset (git-fixes). - drm/amd/display: Fix DPIA outbox timeout after GPU reset (git-fixes). - firmware: arm_scmi: Fix type error in sensor protocol (git-fixes). - firmware: arm_scmi: pm: Propagate return value to caller (git-fixes). - firmware: arm_scmi: Fix base agent discover response (git-fixes). - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (git-fixes). - commit 90685db - drm/amd/pm: avoid duplicate powergate/ungate setting (git-fixes). - drm/nouveau: clean up all clients on device removal (CVE-2020-27820 bsc#1179599 git-fixes). - drm/nouveau: Add a dedicated mutex for the clients list (CVE-2020-27820 bsc#1179599 git-fixes). - drm/nouveau: use drm_dev_unplug() during device removal (CVE-2020-27820 bsc#1179599 git-fixes). - clk: sunxi-ng: Unregister clocks/resets when unbinding (git-fixes). - clk: imx: imx6ul: Move csi_sel mux to correct base register (git-fixes). - bus: ti-sysc: Use context lost quirk for otg (git-fixes). - bus: ti-sysc: Add quirk handling for reinit on context lost (git-fixes). - ASoC: rt5682: fix a little pop while playback (git-fixes). - ASoC: Intel: sof_sdw: add missing quirk for Dell SKU 0A45 (git-fixes). - ASoC: Intel: soc-acpi: add missing quirk for TGL SDCA single amp (git-fixes). - ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect (git-fixes). - ASoC: rt5651: Use IRQF_NO_AUTOEN when requesting the IRQ (git-fixes). - ASoC: es8316: Use IRQF_NO_AUTOEN when requesting the IRQ (git-fixes). - ALSA: gus: fix null pointer dereference on pointer block (git-fixes). - ASoC: SOF: Intel: hda-dai: fix potential locking issue (git-fixes). - drm/amd/display: Update swizzle mode enums (git-fixes). - drm/amd/display: Limit max DSC target bpp for specific monitors (git-fixes). - commit acb861b - Move upstreamed media and ARM patches into sorted section Dropped a corresponding blacklist entry, too - commit c1e7317 ++++ brotli: - Fix CVE-2020-8927, decoder: integer overflow when input chunk is larger than 2GiB. (CVE-2020-8927, bsc#1175825) * fix-cve-2020-8927.patch ++++ libgcrypt: - FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192240] * rsa: Check RSA keylen constraints for key operations. * rsa: Fix regression in not returning an error for prime generation. * tests: Add 2k RSA key working in FIPS mode. * tests: pubkey: Replace RSA key to one of 2k. * tests: pkcs1v2: Skip tests with small keys in FIPS. * Add patches: - libgcrypt-FIPS-RSA-keylen.patch - libgcrypt-FIPS-RSA-keylen-tests.patch ++++ zstd: - Update to version 1.5.0 (jsc#SLE-20392) * https://github.com/facebook/zstd/releases/tag/v1.5.0 * Improved Middle-Level Compression Speed * Improved High-Level Compression Ratio * Faster Decompression Speed * Dynamic Library Supports Multithreading by Default ++++ openssh: - Add openssh-bsc1190975-CVE-2021-41617-authorizedkeyscommand.patch (bsc#1190975, CVE-2021-41617), backported from upstream by Ali Abdallah. ++++ python-Babel: - Add CVE-2021-42771-rel-path-traversal.patch fixing CVE-2021-42771 by cleaning locale identifiers before loading from file (bsc#1185768). ++++ sysuser-tools: - Disable systemd-sysuser on SLE15 to stay compatible (disable-systemd-sysusers.patch) ------------------------------------------------------------------ ------------------ 2021-11-25 - Nov 25 2021 ------------------- ------------------------------------------------------------------ ++++ catatonit: - Add 99bb9048f.patch: configure.ac: call AM_INIT_AUTOMAKE only once. Fix build with autocnf 2.71 / automake 1.16.5. ++++ kdump: - kdump-Store-kdump-initrd-in-kernel-image-path.patch: Fix kdumprd location for usrmerge kernels (boo#1190920). ++++ kernel-default: - powerpc/kexec_file: Add KEXEC_SIG support (jsc#SLE-18145 bsc#1192295). Update config files. - commit b9bad9a - powerpc/watchdog: Fix wd_smp_last_reset_tb reporting (bsc#1187541 ltc#192129). - powerpc/watchdog: read TB close to where it is used (bsc#1187541 ltc#192129). - powerpc/watchdog: Avoid holding wd_smp_lock over printk and smp_send_nmi_ipi (bsc#1187541 ltc#192129). - powerpc/watchdog: tighten non-atomic read-modify-write access (bsc#1187541 ltc#192129). - powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (bsc#1187541 ltc#192129). - commit 823022d - x86/sev: Fix noinstr for vc_ghcb_invalidate() (bsc#1169514). - commit 794a8a0 - x86: Always inline ip_within_syscall_gap() (bsc#1169514). - commit cfc10d5 - x86/kvm: Always inline evmcs_write64() (bsc#1169514). - commit 22c39a2 - x86/kvm: Always inline to_svm() (bsc#1169514). - commit 5a2d299 - x86: Always inline context_tracking_guest_enter() (bsc#1169514). - commit 57c3b6f - x86/kvm: Always inline vmload() / vmsave() (bsc#1169514). - commit bd03ad7 - x86/kvm: Always inline sev_*guest() (bsc#1169514). - commit cc1d87a - objtool: Introduce CFI hash (bsc#1169514). - Refresh patches.suse/objtool-Handle-__sanitize_cov-tail-calls.patch. - commit 4b4d3bb - HID: input: set usage type to key on keycode remap (git-fixes). - HID: input: Fix parsing of HID_CP_CONSUMER_CONTROL fields (git-fixes). - HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts (git-fixes). - commit 00be7f6 ++++ tpm2.0-abrmd: - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_tpm2-abrmd.service.patch ++++ policycoreutils: - finish UsrMerge (bsc#1191089) ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#547 - linuxrc handles LIBSTORAGE_* and YAST_* boot options (jsc#SLE-21308) - 16.57.10 ------------------------------------------------------------------ ------------------ 2021-11-24 - Nov 24 2021 ------------------- ------------------------------------------------------------------ ++++ aide: - aide-disable-gcrypt-MD5-in-fips-mode.patch: gcrypt aborts if MD5 is used in fips mode, so disable it also in aide (bsc#1191422). ++++ combustion: - Look for filesystems with uppercase labels as well ++++ kernel-default: - Refresh patches.suse/lib-scatterlist-Provide-a-dedicated-function-to-supp.patch. Fixes warning: ../drivers/gpu/drm/i915/gem/i915_gem_ttm.c:382:22: warning: unused variable 'sg' [-Wunused-variable] - commit 883a20a - ASoC: cs42l42: Assume 24-bit samples are in 32-bit slots (bsc#1192354). - commit 41fb147 - ASoC: rt1015: remove possible unused variable `bclk_ms' (bsc#1192354). - ASoC: rt1015p: add new acpi id and comapatible id (bsc#1192354). - ASoC: max98390: Add support change dsm param name (bsc#1192354). - ASoC: cs42l42: Update module authors (bsc#1192354). - ASoC: cs42l42: Validate dai_set_sysclk() frequency (bsc#1192354). - ASoC: cs42l42: Add PLL configuration for 44.1kHz/16-bit (bsc#1192354). - ASoC: max98090: remove duplicate status reads and useless assignmment (bsc#1192354). - ASoC: tlv320aic32x4: make array clocks static, makes object smaller (bsc#1192354). - ASoC: rt1015: Remove unnecessary flush work on rt1015 driver (bsc#1192354). - commit 79753e1 - ASoC: Intel: bytcht_es8316: Utilize dev_err_probe() to avoid log saturation (bsc#1192354). - ASoC: Intel: bytcht_es8316: Switch to use gpiod_get_optional() (bsc#1192354). - ASoC: Intel: bytcht_es8316: Use temporary variable for struct device (bsc#1192354). - ASoC: Intel: bytcht_es8316: Get platform data via dev_get_platdata() (bsc#1192354). - ASoC: SOF: trace: Omit error print when waking up trace sleepers (bsc#1192354). - ASoC: SOF: loader: Re-phrase the missing firmware error to avoid duplication (bsc#1192354). - ASoC: Intel: boards: Fix CONFIG_SND_SOC_SDW_MOCKUP select (bsc#1192354). - commit f37efd9 - ASoC: rt5682: fix headset background noise when S3 state (bsc#1192354). - ASoC: rt5682: Fix the vol+ button detection issue (bsc#1192354). - ASoC: Intel: bytcr_rt5640: Make rt5640_jack_gpio/rt5640_jack2_gpio static (bsc#1192354). - ASoC: SOF: intel: remove duplicate include (bsc#1192354). - ASoC: Intel: Skylake: Select first entry for singular pipe config arrays (bsc#1192354). - ASoC: Intel: Skylake: Properly configure modules with generic extension (bsc#1192354). - ASoC: Intel: Skylake: Support modules with generic extension (bsc#1192354). - ASoC: Intel: Skylake: Support multiple format configs (bsc#1192354). - ASoC: Intel: Skylake: Simplify m_state for loadable modules (bsc#1192354). - ASoC: Intel: Skylake: Select proper format for NHLT blob (bsc#1192354). - ASoC: Intel: bytcr_rt5640: Mark hp_elitepad_1000g2_jack?_check functions static (bsc#1192354). - ASoC: Intel: bytcr_rt5640: Add support for HP Elite Pad 1000G2 jack-detect (bsc#1192354). - ASoC: rt5640: Add rt5640_set_ovcd_params() helper (bsc#1192354). - ASoC: rt5640: Add optional hp_det_gpio parameter to rt5640_detect_headset() (bsc#1192354). - ASoC: rt5640: Delay requesting IRQ until the machine-drv calls set_jack (bsc#1192354). - ASoC: rt5640: Move rt5640_disable_jack_detect() up in the rt5640.c file (bsc#1192354). - ASoC: rt5514: make array div static const, makes object smaller (bsc#1192354). - ASoC: rt5682: enable SAR ADC power saving mode during suspend (bsc#1192354). - commit 048b9dc - ASoC: Intel: sof_sdw: pass card information to init/exit functions (bsc#1192354). - Refresh patches.suse/ASoC-Intel-sof_sdw-tag-SoundWire-BEs-as-non-atomic.patch. - commit 1e10617 - ASoC: Intel: bytct_rt5640: Add a separate "Headset Mic 2" DAPM pin for the mic on the 2nd jack (bsc#1192354). - ASoC: Intel: bytcr_rt5640: Use cfg-lineout:2 in the components string (bsc#1192354). - ASoC: Intel: boards: use software node API in Atom boards (bsc#1192354). - ASoC: Intel: remove device_properties for Atom boards (bsc#1192354). - ASoC: Intel: use software node API in SoundWire machines (bsc#1192354). - ASoC: Intel: sof_sdw_rt711*: keep codec device reference until remove (bsc#1192354). - ASoC: Intel: boards: get codec device with ACPI instead of bus search (bsc#1192354). - ASoC: Intel: boards: handle errors with acpi_dev_get_first_match_dev() (bsc#1192354). - ASoC: Intel: boards: harden codec property handling (bsc#1192354). - ASoC: SOF: Intel: make DMI L1 selection more robust (bsc#1192354). - commit 5cbe7a7 - ASoC: SOF: Intel: simplify logic for DMI_L1 handling (bsc#1192354). - ASoC: SOF: Intel: hda-stream: remove always true condition (bsc#1192354). - ASoC: SOF: Intel: Kconfig: clarify DMI L1 option description (bsc#1192354). - ASoC: amd: vangogh: Drop superfluous mmap callback (bsc#1192354). - ASoC: Intel: sof_sdw_max98373: remove useless inits (bsc#1192354). - ASoC: SOF: Intel: Use DMI string to search for adl_mx98373_rt5682 variant (bsc#1192354). - ASoC: Intel: sof_sdw: add quirk for Dell XPS 9710 (bsc#1192354). - soundwire: intel: introduce shim and alh base (bsc#1192354). - ASoC: SOF: intel: add snd_sof_dsp_check_sdw_irq ops (bsc#1192354). - commit e73d522 - ASoC: SOF: intel: move sof_intel_dsp_desc() forward (bsc#1192354). - Refresh patches.suse/ASoC-SOF-Intel-hda-fix-hotplug-when-only-codec-is-su.patch. - commit 6f291a3 - ASoC: SOF: intel: hda: remove HDA_DSP_REG_SNDW_WAKE_STS definition (bsc#1192354). - ASoC: SOF: intel: add sdw_shim/alh_base to sof_intel_dsp_desc (bsc#1192354). - soundwire: move intel sdw register definitions to sdw_intel.h (bsc#1192354). - ASoC: Intel: bytcr_rt5640: Fix HP ElitePad 1000 G2 quirk (bsc#1192354). - ASoC: Intel: bytcr_rt5640: Add support for a second headset mic input (bsc#1192354). - ASoC: Intel: bytcr_rt5640: Add support for a second headphones output (bsc#1192354). - ASoC: Intel: bytcr_rt5640: Add a byt_rt5640_get_codec_dai() helper (bsc#1192354). - ASoC: Intel: bytcr_rt5640: Add line-out support (bsc#1192354). - ASoC: intel: skylake: Drop superfluous mmap callback (bsc#1192354). - commit d756b8c - ASoC: amd: enable vangogh acp5x driver build (bsc#1192354). - Update config files. - commit 1e2e7cc - ASoC: amd: Drop superfluous mmap callbacks (bsc#1192354). - ASoC: Intel: Fix spelling contraction "cant" -> "can't" (bsc#1192354). - ASoC: amd: fix an IS_ERR() vs NULL bug in probe (bsc#1192354). - ASoC: amd: Use dev_probe_err helper (bsc#1192354). - ASoC: amd: Don't show messages about deferred probing by default (bsc#1192354). - ASoC: amd: add vangogh i2s dma driver pm ops (bsc#1192354). - ASoC: amd: add vangogh pci driver pm ops (bsc#1192354). - ASoC: amd: add vangogh i2s dai driver ops (bsc#1192354). - ASoC: amd: add vangogh i2s controller driver (bsc#1192354). - commit 97bb2cd - ASoC: amd: add ACP5x pcm dma driver ops (bsc#1192354). - ASoC: amd: irq handler changes for ACP5x PCM dma driver (bsc#1192354). - ASoC: amd: add ACP5x PCM platform driver (bsc#1192354). - ASoC: amd: create acp5x platform devices (bsc#1192354). - ASoc: amd: add acp5x init/de-init functions (bsc#1192354). - ASoC: amd: add Vangogh ACP PCI driver (bsc#1192354). - ASoC: amd: add Vangogh ACP5x IP register header (bsc#1192354). - ASOC: Intel: sof_sdw: add quirk for Intel 'Bishop County' NUC M15 (bsc#1192354). - ASoC: Intel: sof_sdw: update quirk for jack detection in ADL RVP (bsc#1192354). - ASoC: Intel: sof_sdw: include rt711.h for RT711 JD mode (bsc#1192354). - commit 725b1cd - ASoC: Intel: sof_sdw: extends SOF_RT711_JDSRC to 4 bits (bsc#1192354). - ASoC: Intel: sof_rt5682: code refactor for max98360a (bsc#1192354). - ASoC: Intel: sof_cs42l42: add support for jsl_cs4242_mx98360a (bsc#1192354). - ASoC: Intel: maxim-common: support max98360a (bsc#1192354). - ASoC: Intel: sof_cs42l42: support arbitrary DAI link sequence (bsc#1192354). - ASoC: Intel: sof_cs42l42: use helper function to get bclk frequency (bsc#1192354). - ASoC: SOF: add a helper to get topology configured bclk (bsc#1192354). - ASoC: Intel: soc-acpi: add support for SoundWire of TGL-H-RVP (bsc#1192354). - ASoC: amd: fix spelling mistakes (bsc#1192354). - ASoC: intel: atom: Revert PCM buffer address setup workaround again (bsc#1192354). - soundwire: cadence: do not extend reset delay (bsc#1192354). - soundwire: intel: conditionally exit clock stop mode on system suspend (bsc#1192354). - soundwire: intel: skip suspend/resume/wake when link was not started (bsc#1192354). - soundwire: cadence: override PDI configurations to create loopback (bsc#1192354). - soundwire: cadence: add debugfs interface for PDI loopbacks (bsc#1192354). - soundwire: stream: don't program mockup device ports (bsc#1192354). - soundwire: bus: squelch error returned by mockup devices (bsc#1192354). - soundwire: add flag to ignore all command/control for mockup devices (bsc#1192354). - soundwire: stream: don't abort bank switch on Command_Ignored/-ENODATA (bsc#1192354). - ASoC: Intel: boards: sof_sdw: add SoundWire mockup codecs for tests (bsc#1192354). - commit 01f384c - ASoC: codecs: add SoundWire mockup device support (bsc#1192354). - Update config files. - commit cb6d378 - ASoC: soc-acpi: tgl: add table for SoundWire mockup devices (bsc#1192354). - ASoC: soc-acpi: cnl: add table for SoundWire mockup devices (bsc#1192354). - soundwire: cadence: add paranoid check on self-clearing bits (bsc#1192354). - soundwire: dmi-quirks: add quirk for Intel 'Bishop County' NUC M15 (bsc#1192354). - soundwire: bus: update Slave status in sdw_clear_slave_status (bsc#1192354). - soundwire: cadence: Remove ret variable from sdw_cdns_irq() (bsc#1192354). - soundwire: bus: filter out more -EDATA errors on clock stop (bsc#1192354). - soundwire: dmi-quirks: add ull suffix for SoundWire _ADR values (bsc#1192354). - commit 96de317 - Revert "ALSA: hda: Drop workaround for a hang at shutdown again" (bsc#1192354). - Refresh patches.suse/ALSA-hda-Use-position-buffer-for-SKL-again.patch. - commit 14d0e54 - ALSA: hda: Drop workaround for a hang at shutdown again (bsc#1192354). - Refresh patches.suse/ALSA-hda-Use-position-buffer-for-SKL-again.patch. - commit 0b88e07 - ALSA: hda/cirrus: Move CS8409 HDA bridge to separate module (bsc#1192354). - Update config files. - commit af1e7cf - ALSA: hda: fix general protection fault in azx_runtime_idle (bsc#1192354). - ALSA: hda/cs8409: Setup Dolphin Headset Mic as Phantom Jack (bsc#1192354). - ALSA: hda/cs8409: Initialize Codec only in init fixup (bsc#1192354). - ALSA: hda/cs8409: Ensure Type Detection is only run on startup when necessary (bsc#1192354). - ALSA: hda: Disable runtime resume at shutdown (bsc#1192354). - ALSA: hda: Allow model option to specify PCI SSID alias (bsc#1192354). - ALSA: hda: Code refactoring snd_hda_pick_fixup() (bsc#1192354). - ALSA: hda/analog - Sink ad198x_shutup() and shuffle CONFIG_PM guards (bsc#1192354). - ALSA: hda/sigmatel - Sink stac_shutup() into stac_suspend() (bsc#1192354). - ALSA: hda: Nuke unused reboot_notify callback (bsc#1192354). - ALSA: hda: Suspend codec at shutdown (bsc#1192354). - ALSA: hda: conexant: Turn off EAPD at suspend, too (bsc#1192354). - ALSA: hda/cs8409: Prevent pops and clicks during suspend (bsc#1192354). - ALSA: hda/cs8409: Unmute/Mute codec when stream starts/stops (bsc#1192354). - ALSA: hda/cs8409: Follow correct CS42L42 power down sequence for suspend (bsc#1192354). - ALSA: hda/cs8409: Remove unnecessary delays (bsc#1192354). - ALSA: hda/cs8409: Use timeout rather than retries for I2C transaction waits (bsc#1192354). - ALSA: hda/cs8409: Set fixed sample rate of 48kHz for CS42L42 (bsc#1192354). - ALSA: hda/cs8409: Enable Full Scale Volume for Line Out Codec on Dolphin (bsc#1192354). - ALSA: hda/cs8409: Add support for dolphin (bsc#1192354). - ALSA: hda/cs8409: Add Support to disable jack type detection for CS42L42 (bsc#1192354). - ALSA: hda/cs8409: Support multiple sub_codecs for Suspend/Resume/Unsol events (bsc#1192354). - ALSA: hda/cs8409: Move codec properties to its own struct (bsc#1192354). - ALSA: hda/cs8409: Separate CS8409, CS42L42 and project functions (bsc#1192354). - ALSA: hda/cs8409: Support i2c bulk read/write functions (bsc#1192354). - ALSA: hda/cs8409: Avoid re-setting the same page as the last access (bsc#1192354). - ALSA: hda/cs8409: Avoid setting the same I2C address for every access (bsc#1192354). - ALSA: hda/cs8409: Dont disable I2C clock between consecutive accesses (bsc#1192354). - ALSA: hda/cs8409: Generalize volume controls (bsc#1192354). - ALSA: hda/cs8409: Prevent I2C access during suspend time (bsc#1192354). - ALSA: hda/cs8409: Simplify CS42L42 jack detect (bsc#1192354). - ALSA: hda/cs8409: Mask CS42L42 wake events (bsc#1192354). - ALSA: hda/cs8409: Disable unsolicited response for the first boot (bsc#1192354). - ALSA: hda/cs8409: Disable unsolicited responses during suspend (bsc#1192354). - ALSA: hda/cs8409: Disable unnecessary Ring Sense for Cyborg/Warlock/Bullseye (bsc#1192354). - ALSA: hda/cs8409: Reduce HS pops/clicks for Cyborg (bsc#1192354). - ALSA: hda/cs8409: Mask all CS42L42 interrupts on initialization (bsc#1192354). - ALSA: hda/cs8409: Use enums for register names and coefficients (bsc#1192354). - ALSA: hda/cs8409: Move arrays of configuration to a new file (bsc#1192354). - ALSA: hda: Allocate resources with device-managed APIs (bsc#1192354). - ALSA: hda/hdmi: Add option to enable all pins forcibly (bsc#1192354). - ALSA: hda/ca0132: remove redundant initialization of variable status (bsc#1192354). - commit bdfccf7 - ALSA: intel-dsp-config: add quirk for JSL devices based on ES8336 codec (bsc#1192354). - ALSA: intel-dsp-config: add quirk for APL/GLK/TGL devices based on ES8336 codec (bsc#1192354). - ALSA: hda: hdac_ext_stream: fix potential locking issues (bsc#1192354). - ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (bsc#1192354). - commit 7c0aa55 - ALSA: doc: Fix indentation warning (bsc#1192354). - ALSA: memalloc: Drop superfluous snd_dma_buffer_sync() declaration (bsc#1192354). - commit 856f153 - ALSA: usb-audio: Don't start stream for capture at prepare (bsc#1192354). - ALSA: usb-audio: Switch back to non-latency mode at a later point (bsc#1192354). - ALSA: usb-audio: fix null pointer dereference on pointer cs_desc (bsc#1192354). - ALSA: usb-audio: Initialize every feature unit once at probe time (bsc#1192354). - ALSA: usb-audio: Drop superfluous error message after disconnection (bsc#1192354). - ALSA: usb-audio: Downgrade error message in get_ctl_value_v2() (bsc#1192354). - ALSA: usb-audio: Less restriction for low-latency playback mode (bsc#1192354). - ALSA: usb-audio: Pass JOINT_DUPLEX info flag for implicit fb streams (bsc#1192354). - ALSA: usb-audio: Fix packet size calculation regression (bsc#1192354). - ALSA: usb-audio: disable implicit feedback sync for Behringer UFX1204 and UFX1604 (bsc#1192354). - ALSA: usb-audio: Avoid killing in-flight URBs during draining (bsc#1192354). - ALSA: usb-audio: Improved lowlatency playback support (bsc#1192354). - ALSA: usb-audio: Add spinlock to stop_urbs() (bsc#1192354). - ALSA: usb-audio: Check available frames for the next packet size (bsc#1192354). - ALSA: usb-audio: Disable low-latency mode for implicit feedback sync (bsc#1192354). - ALSA: usb-audio: Disable low-latency playback for free-wheel mode (bsc#1192354). - ALSA: usb-audio: Rename early_playback_start flag with lowlatency_playback (bsc#1192354). - ALSA: usb-audio: fix comment reference in __uac_clock_find_source (bsc#1192354). - commit 9d7667d - ALSA: usb-audio: Move ignore_ctl_error check into quirk_flags (bsc#1192354). - Refresh patches.suse/ALSA-usb-audio-Add-Audient-iD14-to-mixer-map-quirk-t.patch. - Refresh patches.suse/ALSA-usb-audio-Add-Schiit-Hel-device-to-mixer-map-qu.patch. - Refresh patches.suse/Revive-usb-audio-Keep-Interface-mixer.patch. - commit 823344c - ALSA: usx2y: Prefer struct_size over open coded arithmetic (bsc#1192354). - ALSA: usb-audio: Fix microphone sound on Jieli webcam (bsc#1192354). - ALSA: usb-audio: Enable rate validation for Scarlett devices (bsc#1192354). - ALSA: usb-audio: Move set-interface-first workaround into common quirk (bsc#1192354). - ALSA: usb-audio: make array static const, makes object smaller (bsc#1192354). - ALSA: doc: Add the description of quirk_flags option for snd-usb-audio (bsc#1192354). - ALSA: usb-audio: Add quirk_flags module option (bsc#1192354). - ALSA: usb-audio: Move generic DSD raw detection into quirk_flags (bsc#1192354). - ALSA: usb-audio: Move autosuspend quirk into quirk_flags (bsc#1192354). - ALSA: usb-audio: Move rate validation quirk into quirk_flags (bsc#1192354). - commit d167cc1 - ALSA: usb-audio: Move interface setup delay into quirk_flags (bsc#1192354). - ALSA: usb-audio: Move control message delay quirk into quirk_flags (bsc#1192354). - ALSA: usb-audio: Move ITF-USB DSD quirk handling into quirk_flags (bsc#1192354). - ALSA: usb-audio: Move clock setup quirk into quirk_flags (bsc#1192354). - ALSA: usb-audio: Move playback_first flag into quirk_flags (bsc#1192354). - ALSA: usb-audio: Move tx_length quirk handling to quirk_flags (bsc#1192354). - ALSA: usb-audio: Move txfr_quirk handling to quirk_flags (bsc#1192354). - ALSA: usb-audio: Move media-controller API quirk into quirk_flags (bsc#1192354). - ALSA: usb-audio: Introduce quirk_flags field (bsc#1192354). - commit 6630f4e - ALSA: memalloc: Remove a stale comment (bsc#1192354). - ALSA: memalloc: Use proper SG helpers for noncontig allocations (bsc#1192354). - ALSA: memalloc: Fix a typo in snd_dma_buffer_sync() description (bsc#1192354). - ALSA: memalloc: Support for non-coherent page allocation (bsc#1192354). - ALSA: memalloc: Support for non-contiguous page allocation (bsc#1192354). - ALSA: ISA: not for M68K (bsc#1192354). - ALSA: pcm: Unify snd_pcm_delay() and snd_pcm_hwsync() (bsc#1192354). - ALSA: pcm: Add more disconnection checks at file ops (bsc#1192354). - ALSA: pcm: Add SNDRV_PCM_INFO_EXPLICIT_SYNC flag (bsc#1192354). - ALSA: memalloc: Count continuous pages in vmalloc buffer handler (bsc#1192354). - ALSA: core: control_led: use strscpy instead of strlcpy (bsc#1192354). - ALSA: memalloc: Fix mmap of SG-buffer with WC pages (bsc#1192354). - ALSA: memalloc: Store snd_dma_buffer.addr for continuous pages, too (bsc#1192354). - ALSA: memalloc: Fix pgprot for WC mmap on x86 (bsc#1192354). - ALSA: memalloc: Support WC allocation on all architectures (bsc#1192354). - ALSA: pcm: Allow exact buffer preallocation (bsc#1192354). - ALSA: memalloc: Correctly name as WC (bsc#1192354). - ALSA: memalloc: Minor refactoring (bsc#1192354). - ALSA: core: Fix double calls of snd_card_free() via devres (bsc#1192354). - ALSA: seq: Fix comments of wrong client number for MIDI Passthrough (bsc#1192354). - ALSA: core: Add device-managed request_dma() (bsc#1192354). - ALSA: core: Add managed card creation (bsc#1192354). - ALSA: core: Add device-managed page allocator helper (bsc#1192354). - ALSA: compress: Initialize mutex in snd_compress_new() (bsc#1192354). - ALSA: compress: Drop unused functions (bsc#1192354). - commit f0eac26 - drm/i915/adl_s: Remove require_force_probe protection (jsc#SLE-22724). - commit 276c538 - drm/i915/dp: fix for ADL_P/S dp/edp max source rates (jsc#SLE-22724). - commit f8dd603 - drm/i915/dp: fix DG1 and RKL max source rates (jsc#SLE-22724). - commit ef43dd0 - drm/i915/dp: fix EHL/JSL max source rates calculation (jsc#SLE-22724). - commit 0821357 - drm/i915/dp: fix TGL and ICL max source rates (jsc#SLE-22724). - commit 61199d4 - drm/i915/dp: Fix eDP max rate for display 11+ (jsc#SLE-22724). - commit 468b330 - drm/i915/adl_s: Update ADL-S PCI IDs (jsc#SLE-22724). - commit d125195 - drm/i915: Disable bonding on gen12+ platforms (jsc#SLE-22724). - commit 5d84d6d - ALSA: ctxfi: Fix out-of-range access (git-fixes). - ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes). - ALSA: hda/realtek: Add quirk for ASRock NUC Box 1100 (git-fixes). - commit aee8b91 - selinux: fix NULL-pointer dereference when hashtab allocation fails (git-fixes). - ASoC: stm32: i2s: fix 32 bits channel length without mclk (git-fixes). - ASoC: codecs: lpass-rx-macro: fix HPHR setting CLSH mask (git-fixes). - ASoC: codecs: wcd934x: return error code correctly from hw_params (git-fixes). - ASoC: codecs: wcd938x: fix volatile register range (git-fixes). - ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ASoC: qdsp6: q6asm: fix q6asm_dai_prepare error handling (git-fixes). - ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (git-fixes). - ASoC: DAPM: Cover regression by kctl change notification fix (git-fixes). - ASoC: SOF: Intel: hda: fix hotplug when only codec is suspended (git-fixes). - media: cec: copy sequence field for the reply (git-fixes). - media: v4l2-core: fix VIDIOC_DQEVENT handling on non-x86 (git-fixes). - pinctrl: tegra194: remove duplicate initializer again (git-fixes). - memory: tegra186-emc: Fix error return code in tegra186_emc_probe() (git-fixes). - commit 40b2336 - Delete patches.suse/Fix-breakage-of-swap-over-NFS.patch. A recent patch patches.suse/NFS-move-generic_write_checks-call-from-nfs_file_dir.patch provides a better solution. - commit ab6f39b - SUNRPC/xprt: async tasks mustn't block waiting for memory (bsc#1191876). - SUNRPC: remove scheduling boost for "SWAPPER" tasks (bsc#1191876). - SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876). - SUNRPC/call_alloc: async tasks mustn't block waiting for memory (bsc#1191876). - SUNRPC/auth: async tasks mustn't block waiting for memory (bsc#1191876). - NFS: move generic_write_checks() call from nfs_file_direct_write() to nfs_file_write() (bsc#1191876). - NFS: do not take i_rwsem for swap IO (bsc#1191876). - MM: reclaim mustn't enter FS for swap-over-NFS (bsc#1191876). - commit 11279f5 ++++ openssl-1_1: - POWER10 performance enhancements for cryptography [jsc#SLE-18136] * openssl-1_1-Optimize-ppc64.patch ++++ libsoup2: - Update to version 2.74.2: + Error when libsoup3 is already loaded before libsoup2. ++++ policycoreutils: - Add run_init.pamd.patch to adjust to SUSE pam setup. Removed run_init_use_pam_keyinit.patch and included it in the new patch (bsc#1190098) ++++ rust-keylime: - Conflict with keylime-agent, keylime-config and keylime-firewalld - Add keylime_ima_emulator tool - Add patch add_property_tag_variant_for_maxcapbuffer.patch ++++ toolbox: - Update to version 2.2+git20211124.09791b1: * Introduce -n/--nostop switch so mutiple sessions can be run inside an existing toolbox ------------------------------------------------------------------ ------------------ 2021-11-23 - Nov 23 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id() (git-fixes). - scsi: core: sysfs: Fix hang when device state is set via sysfs (git-fixes). - scsi: ufs: core: Improve SCSI abort handling (git-fixes). - commit 13e7c01 - drm/i915: Revert 'guc_id' from i915_request tracepoint (jsc#SLE-22601). - drm/i915: Free the returned object of acpi_evaluate_dsm() (jsc#SLE-22601). - drm/i915: Fix bug in user proto-context creation that leaked contexts (jsc#SLE-22601). - drm/i915: remember to call i915_sw_fence_fini (jsc#SLE-22601). - drm/i915: fix blank screen booting crashes (jsc#SLE-22601). - drm/i915/guc, docs: Fix pdfdocs build error by removing nested grid (jsc#SLE-22601). - drm/i915: Free all DMC payloads (jsc#SLE-22601). - drm/i915: Move __i915_gem_free_object to ttm_bo_destroy (jsc#SLE-22601). - drm/i915: Update memory bandwidth parameters (jsc#SLE-22601). - drm/i915: Enable -Wsometimes-uninitialized (jsc#SLE-22601). - drm/i915/selftests: Always initialize err in igt_dmabuf_import_same_driver_lmem() (jsc#SLE-22601). - drm/i915/selftests: Do not use import_obj uninitialized (jsc#SLE-22601). - drm/i915: Get PM ref before accessing HW register (jsc#SLE-22601). - drm/i915: Release ctx->syncobj on final put, not on ctx close (jsc#SLE-22601). - drm/i915/gem: Fix the mman selftest (jsc#SLE-22601). - tools headers UAPI: Sync drm/i915_drm.h with the kernel sources (jsc#SLE-22601). - drm/i915: use linux/stddef.h due to "isystem: trim/fixup stdarg.h and other headers" (jsc#SLE-22601). - vfio/gvt: Fix open/close when multiple device FDs are open (jsc#SLE-22601). - vfio: Provide better generic support for open/release vfio_device_ops (jsc#SLE-22601). - drm/i915/selftest: Fix use of err in igt_reset_{fail, nop}_engine() (jsc#SLE-22601). - drm/i915/gt: Potential error pointer dereference in pinned_context() (jsc#SLE-22601). - drm/i915/adl_p: Also disable underrun recovery with MSO (jsc#SLE-22601). - drm/i915: Use designated initializers for init/exit table (jsc#SLE-22601). - drm/i915/dg2: Add support for new DG2-G11 revid 0x5 (jsc#SLE-22601). - drm/i915/display/adl_p: Correctly program MBUS DBOX A credits (jsc#SLE-22601). - drm/i915: Apply CMTG clock disabling WA while DPLL0 is enabled (jsc#SLE-22601). - drm/i915/dg1: Adjust the AUDIO power domain (jsc#SLE-22601). - drm/i915: finish removal of CNL (jsc#SLE-22601). - drm/i915: rename/remove CNL registers (jsc#SLE-22601). - drm/i915: remove GRAPHICS_VER == 10 (jsc#SLE-22601). - drm/i915: switch num_scalers/num_sprites to consider DISPLAY_VER (jsc#SLE-22601). - drm/i915: replace random CNL comments (jsc#SLE-22601). - drm/i915: rename CNL references in intel_dram.c (jsc#SLE-22601). - drm/i915: remove explicit CNL handling from intel_wopcm.c (jsc#SLE-22601). - drm/i915: remove explicit CNL handling from intel_pch.c (jsc#SLE-22601). - drm/i915: remove explicit CNL handling from intel_pm.c (jsc#SLE-22601). - drm/i915: remove explicit CNL handling from i915_irq.c (jsc#SLE-22601). - drm/i915/display: rename CNL references in skl_scaler.c (jsc#SLE-22601). - drm/i915/display: remove CNL ddi buf translation tables (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from intel_display_power.c (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from skl_universal_plane.c (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from intel_vdsc.c (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from intel_dpll_mgr.c (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from intel_dp.c (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from intel_dmc.c (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from intel_display_debugfs.c (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from intel_ddi.c (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from intel_crtc.c (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from intel_combo_phy.c (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from intel_color.c (jsc#SLE-22601). - drm/i915/display: remove explicit CNL handling from intel_cdclk.c (jsc#SLE-22601). - drm/i915/display: remove PORT_F workaround for CNL (jsc#SLE-22601). - drm/i915/dp: DPTX writes Swing/Pre-emphs(DPCD 0x103-0x106) requested during PHY Layer testing (jsc#SLE-22601). - drm/i915/dg2: Update to bigjoiner path (jsc#SLE-22601). - drm/i915/dg2: Update lane disable power state during PSR (jsc#SLE-22601). - drm/i915/dg2: Wait for SNPS PHY calibration during display init (jsc#SLE-22601). - drm/i915/dg2: Update modeset sequences (jsc#SLE-22601). - drm/i915/dg2: Add vswing programming for SNPS phys (jsc#SLE-22601). - drm/i915/dg2: Add MPLLB programming for HDMI (jsc#SLE-22601). - drm/i915/dg2: Add MPLLB programming for SNPS PHY (jsc#SLE-22601). - drm/i915/adl_p: Add ddi buf translation tables for combo PHY (jsc#SLE-22601). - drm/i915/adl_s: Update ddi buf translation tables (jsc#SLE-22601). - drm/i915: dgfx cards need to wait on pcode's uncore init done (jsc#SLE-22601). - drm/i915/adlp: Add workaround to disable CMTG clock gating (jsc#SLE-22601). - drm/i915/adl_p: Allow underrun recovery when possible (jsc#SLE-22601). - drm/i915/display: Disable audio, DRRS and PSR before planes (jsc#SLE-22601). - drm/i915: Implement PSF GV point support (jsc#SLE-22601). - drm/i915: Extend QGV point restrict mask to 0x3 (jsc#SLE-22601). - drm/i915/display/psr2: Fix cursor updates using legacy apis (jsc#SLE-22601). - drm/i915/display/psr2: Mark as updated all planes that intersect with pipe_clip (jsc#SLE-22601). - drm/i915: Program chicken bit during DP MST sequence on TGL+ (jsc#SLE-22601). - drm/i915/dg2: Add DG2 to the PSR2 defeature list (jsc#SLE-22601). - drm/i915/dg2: Classify DG2 PHY types (jsc#SLE-22601). - drm/i915/firmware: Update to DMC v2.03 on RKL (jsc#SLE-22601). - drm/i915/firmware: Update to DMC v2.12 on TGL (jsc#SLE-22601). - drm/i915/dmc: Change intel_get_stepping_info() (jsc#SLE-22601). - drm/i915/step: Add macro magic for handling steps (jsc#SLE-22601). - drm/i915/dg2: DG2 has fixed memory bandwidth (jsc#SLE-22601). - drm/i915/dg2: Don't read DRAM info (jsc#SLE-22601). - drm/i915/dg2: Don't program BW_BUDDY registers (jsc#SLE-22601). - drm/i915/dg2: Add dbuf programming (jsc#SLE-22601). - drm/i915/dg2: Setup display outputs (jsc#SLE-22601). - drm/i915/dg2: Don't wait for AUX power well enable ACKs (jsc#SLE-22601). - drm/i915/dg2: Skip shared DPLL handling (jsc#SLE-22601). - drm/i915/dg2: Add cdclk table and reference clock (jsc#SLE-22601). - drm/i915/dg2: Add fake PCH (jsc#SLE-22601). - drm/i915: Fork DG1 interrupt handler (jsc#SLE-22601). - drm/i915: Make display workaround upper bounds exclusive (jsc#SLE-22601). - drm/i915/rkl: Wa_1408330847 no longer applies to RKL (jsc#SLE-22601). - drm/i915/rkl: Wa_1409767108 also applies to RKL (jsc#SLE-22601). - drm/i915/adl_s: Wa_14011765242 is also needed on A1 display stepping (jsc#SLE-22601). - drm/i915/display: Fix shared dpll mismatch for bigjoiner slave (jsc#SLE-22601). - drm/i915/display: Disable FBC when PSR2 is enabled display 12 and newer (jsc#SLE-22601). - drm/i915/display/adl_p: Implement PSR changes (jsc#SLE-22601). - drm/i915/display/dsc: Force dsc BPP (jsc#SLE-22601). - drm/i915/display/dsc: Add Per connector debugfs node for DSC BPP enable (jsc#SLE-22601). - drm/i915/display: Add write permissions for fec support (jsc#SLE-22601). - drm/i915/debugfs: DISPLAY_VER 13 lpsp capability (jsc#SLE-22601). - drm/i915/display/xelpd: Extend Wa_14011508470 (jsc#SLE-22601). - drm/i915: Limit Wa_22010178259 to affected platforms (jsc#SLE-22601). - drm/i915/display: Settle on "adl-x" in WA comments (jsc#SLE-22601). - drm/i915: Invoke another _DSM to enable MUX on HP Workstation laptops (jsc#SLE-22601). - drm/i915/dg1: Compute MEM Bandwidth using MCHBAR (jsc#SLE-22601). Refresh patches.suse/drm-i915-Remove-memory-frequency-calculation.patch. - drm/i915/display/xelpd: Fix incorrect color capability reporting (jsc#SLE-22601). - drm/i915: Handle cdclk crawling flag in standard manner (jsc#SLE-22601). - drm/i915/plane: add intel_plane_helper_add() helper (jsc#SLE-22601). - drm/i915/dg2: Add SQIDI steering (jsc#SLE-22601). - drm/i915/dg2: Update steering tables (jsc#SLE-22601). - drm/i915/xehpsdv: Define steering tables (jsc#SLE-22601). - drm/i915/xehp: handle new steering options (jsc#SLE-22601). - drm/i915/userptr: Probe existence of backing struct pages upon creation (jsc#SLE-22601). - drm/i915: delete gpu reloc code (jsc#SLE-22601). - drm/i915: Disable gpu relocations (jsc#SLE-22601). - drm/i915/dg2: DG2 uses the same sseu limits as XeHP SDV (jsc#SLE-22601). - drm/i915/xehpsdv: Add maximum sseu limits (jsc#SLE-22601). - drm/i915/xehp: Changes to ss/eu definitions (jsc#SLE-22601). - drm/i915/dg2: Add forcewake table (jsc#SLE-22601). - drm/i915/guc/rc: Setup and enable GuCRC feature (jsc#SLE-22601). - drm/i915/guc/slpc: Add SLPC selftest (jsc#SLE-22601). - drm/i915/guc/slpc: Sysfs hooks for SLPC (jsc#SLE-22601). - drm/i915/guc/slpc: Cache platform frequency limits (jsc#SLE-22601). - drm/i915/guc/slpc: Enable ARAT timer interrupt (jsc#SLE-22601). - drm/i915/guc/slpc: Add debugfs for SLPC info (jsc#SLE-22601). - drm/i915/guc/slpc: Add get max/min freq hooks (jsc#SLE-22601). - drm/i915/guc/slpc: Add methods to set min/max frequency (jsc#SLE-22601). - drm/i915/guc/slpc: Remove BUG_ON in guc_submission_disable (jsc#SLE-22601). - drm/i915/guc/slpc: Enable SLPC and add related H2G events (jsc#SLE-22601). - drm/i915/guc/slpc: Allocate, initialize and release SLPC (jsc#SLE-22601). - drm/i915/guc/slpc: Adding SLPC communication interfaces (jsc#SLE-22601). - drm/i915/guc/slpc: Gate Host RPS when SLPC is enabled (jsc#SLE-22601). Refresh patches.suse/drm-i915-Remove-warning-from-the-rps-worker.patch. - drm/i915/guc/slpc: Initial definitions for SLPC (jsc#SLE-22601). - drm/i915/xehp: Fix missing sentinel on mcr_ranges_xehp (jsc#SLE-22601). - drm/i915/selftests: prefer the create_user helper (jsc#SLE-22601). - drm/i915/gt: remove GRAPHICS_VER == 10 (jsc#SLE-22601). - drm/i915/gt: rename CNL references in intel_engine.h (jsc#SLE-22601). - drm/i915/gt: remove explicit CNL handling from intel_sseu.c (jsc#SLE-22601). - drm/i915/gt: remove explicit CNL handling from intel_mocs.c (jsc#SLE-22601). - drm/i915: Extract i915_module.c (jsc#SLE-22601). - drm/i915: Remove i915_globals (jsc#SLE-22601). - drm/i915: move vma slab to direct module init/exit (jsc#SLE-22601). - drm/i915: move scheduler slabs to direct module init/exit (jsc#SLE-22601). - drm/i915: move request slabs to direct module init/exit (jsc#SLE-22601). - drm/i915: move gem_objects slab to direct module init/exit (jsc#SLE-22601). - drm/i915: move gem_context slab to direct module init/exit (jsc#SLE-22601). - drm/i915: move intel_context slab to direct module init/exit (jsc#SLE-22601). - drm/i915: move i915_buddy slab to direct module init/exit (jsc#SLE-22601). - drm/i915: move i915_active slab to direct module init/exit (jsc#SLE-22601). - drm/i915: Check for nomodeset in i915_init() first (jsc#SLE-22601). - drm/i915/xehpsdv: Correct parameters for IS_XEHPSDV_GT_STEP() (jsc#SLE-22601). - drm/i915/guc: Unblock GuC submission on Gen11+ (jsc#SLE-22601). - drm/i915/guc: Implement GuC priority management (jsc#SLE-22601). - drm/i915/selftest: Bump selftest timeouts for hangcheck (jsc#SLE-22601). - drm/i915/selftest: Fix hangcheck self test for GuC submission (jsc#SLE-22601). - drm/i915/selftest: Increase some timeouts in live_requests (jsc#SLE-22601). - drm/i915/selftest: Fix MOCS selftest for GuC submission (jsc#SLE-22601). - drm/i915/selftest: Fix workarounds selftest for GuC submission (jsc#SLE-22601). - drm/i915/selftest: Better error reporting from hangcheck selftest (jsc#SLE-22601). - drm/i915/guc: Support request cancellation (jsc#SLE-22601). - drm/i915/guc: Implement banned contexts for GuC submission (jsc#SLE-22601). - drm/i915/guc: Add golden context to GuC ADS (jsc#SLE-22601). - drm/i915/guc: Include scheduling policies in the debugfs state dump (jsc#SLE-22601). - drm/i915/guc: Connect reset modparam updates to GuC policy flags (jsc#SLE-22601). - drm/i915/guc: Hook GuC scheduling policies up (jsc#SLE-22601). - drm/i915/guc: Fix for error capture after full GPU reset with GuC (jsc#SLE-22601). - drm/i915/guc: Capture error state on context reset (jsc#SLE-22601). - drm/i915/guc: Enable GuC engine reset (jsc#SLE-22601). - drm/i915/guc: Don't complain about reset races (jsc#SLE-22601). - drm/i915/guc: Provide mmio list to be saved/restored on engine reset (jsc#SLE-22601). - drm/i915/guc: Enable the timer expired interrupt for GuC (jsc#SLE-22601). - drm/i915/guc: Handle engine reset failure notification (jsc#SLE-22601). - drm/i915/guc: Handle context reset notification (jsc#SLE-22601). - drm/i915/guc: Suspend/resume implementation for new interface (jsc#SLE-22601). - drm/i915/guc: Add disable interrupts to guc sanitize (jsc#SLE-22601). - drm/i915: Reset GPU immediately if submission is disabled (jsc#SLE-22601). - drm/i915/guc: Reset implementation for new GuC interface (jsc#SLE-22601). - drm/i915: Move active request tracking to a vfunc (jsc#SLE-22601). - drm/i915: Add i915_sched_engine destroy vfunc (jsc#SLE-22601). - drm/i915/guc: Direct all breadcrumbs for a class to single breadcrumbs (jsc#SLE-22601). - drm/i915/guc: Disable bonding extension with GuC submission (jsc#SLE-22601). - drm/i915: Hold reference to intel_context over life of i915_request (jsc#SLE-22601). - drm/i915/guc: Make hangcheck work with GuC virtual engines (jsc#SLE-22601). - drm/i915/guc: GuC virtual engines (jsc#SLE-22601). - drm/i915/ehl: unconditionally flush the pages on acquire (jsc#SLE-22601). - drm/i915: document caching related bits (jsc#SLE-22601). - drm/i915/gem: Migrate to system at dma-buf attach time (v7) (jsc#SLE-22601). - drm/i915/gem: Correct the locking and pin pattern for dma-buf (v8) (jsc#SLE-22601). - drm/i915/gem: Always call obj->ops->migrate unless can_migrate fails (jsc#SLE-22601). - drm/i915/gem/ttm: Only call __i915_gem_object_set_pages if needed (jsc#SLE-22601). - drm/i915/gem: Unify user object creation (v3) (jsc#SLE-22601). - drm/i915/gem: Call i915_gem_flush_free_objects() in i915_gem_dumb_create() (jsc#SLE-22601). - drm/i915/gem: Refactor placement setup for i915_gem_object_create* (v2) (jsc#SLE-22601). - drm/i915/gem: Check object_can_migrate from object_migrate (jsc#SLE-22601). - drm/i915/gt: nuke gen6_hw_id (jsc#SLE-22601). - drm/i915/xehp: Xe_HP forcewake support (jsc#SLE-22601). - drm/i915/xehp: Extra media engines - Part 3 (reset) (jsc#SLE-22601). - drm/i915/xehp: Extra media engines - Part 2 (interrupts) (jsc#SLE-22601). - drm/i915/xehp: Extra media engines - Part 1 (engine definitions) (jsc#SLE-22601). - drm/i915/xehp: Define multicast register ranges (jsc#SLE-22601). - drm/i915: Extend Wa_1406941453 to adl-p (jsc#SLE-22601). - drm/i915/uapi: reject set_domain for discrete (jsc#SLE-22601). - drm/i915/xehp: VDBOX/VEBOX fusing registers are enable-based (jsc#SLE-22601). - drm/i915/gt: rename legacy engine->hw_id to engine->gen6_hw_id (jsc#SLE-22601). - drm/i915/gt: nuke unused legacy engine hw_id (jsc#SLE-22601). - drm/i915/gt: fix platform prefix (jsc#SLE-22601). - drm/i915: Add intel_context tracing (jsc#SLE-22601). - drm/i915/guc: Add trace point for GuC submit (jsc#SLE-22601). - drm/i915/guc: Update GuC debugfs to support new GuC (jsc#SLE-22601). - drm/i915/guc: Update intel_gt_wait_for_idle to work with GuC (jsc#SLE-22601). - drm/i915/guc: Ensure G2H response has space in buffer (jsc#SLE-22601). - drm/i915/guc: Disable semaphores when using GuC scheduling (jsc#SLE-22601). - drm/i915/guc: Ensure request ordering via completion fences (jsc#SLE-22601). - drm/i915: Disable preempt busywait when using GuC scheduling (jsc#SLE-22601). - drm/i915/guc: Extend deregistration fence to schedule disable (jsc#SLE-22601). - drm/i915/guc: Disable engine barriers with GuC during unpin (jsc#SLE-22601). - drm/i915/guc: Defer context unpin until scheduling is disabled (jsc#SLE-22601). - drm/i915/guc: Insert fence on context when deregistering (jsc#SLE-22601). - drm/i915/guc: Implement GuC context operations for new inteface (jsc#SLE-22601). - drm/i915/guc: Add bypass tasklet submission path to GuC (jsc#SLE-22601). - drm/i915/guc: Implement GuC submission tasklet (jsc#SLE-22601). - drm/i915/guc: Add LRC descriptor context lookup array (jsc#SLE-22601). - drm/i915/guc: Remove GuC stage descriptor, add LRC descriptor (jsc#SLE-22601). - drm/i915/guc: Add new GuC interface defines and structures (jsc#SLE-22601). - drm/i915/xehp: New engine context offsets (jsc#SLE-22601). - drm/i915/xehp: Handle new device context ID format (jsc#SLE-22601). - drm/i915/selftests: Allow for larger engine counts (jsc#SLE-22601). - drm/i915/gen12: Use fuse info to enable SFC (jsc#SLE-22601). - drm/i915/dg2: add DG2 platform info (jsc#SLE-22601). - drm/i915/xehpsdv: add initial XeHP SDV definitions (jsc#SLE-22601). - drm/i915: Add XE_HP initial definitions (jsc#SLE-22601). - drm/i915: Add release id version (jsc#SLE-22601). - drm/i915: do not abbreviate version in debugfs (jsc#SLE-22601). - drm/i915: Make the kmem slab for i915_buddy_block a global (jsc#SLE-22601). - drm/i915: Use a table for i915_init/exit (v2) (jsc#SLE-22601). - drm/i915: Call i915_globals_exit() after i915_pmu_exit() (jsc#SLE-22601). - drm/i915: Ditch i915 globals shrink infrastructure (jsc#SLE-22601). - drm/i915: Make GT workaround upper bounds exclusive (jsc#SLE-22601). - drm/i915: Program DFR enable/disable as a GT workaround (jsc#SLE-22601). - drm/i915/icl: Drop a couple unnecessary workarounds (jsc#SLE-22601). - drm/i915: Fix application of WaInPlaceDecompressionHang (jsc#SLE-22601). - drm/i915: Add TTM offset argument to mmap (jsc#SLE-22601). - drm/i915/uapi: convert drm_i915_gem_userptr to kernel doc (jsc#SLE-22601). - drm/i915/uapi: reject caching ioctls for discrete (jsc#SLE-22601). - Revert "drm/i915: Skip over MI_NOOP when parsing" (jsc#SLE-22601). - drm/i915: Drop error handling from dma_fence_work (jsc#SLE-22601). - drm/i915: Remove allow_alloc from i915_gem_object_get_sg* (jsc#SLE-22601). - drm/i915/icl: Drop workarounds that only apply to pre-production steppings (jsc#SLE-22601). - drm/i915/cnl: Drop all workarounds (jsc#SLE-22601). - drm/i915/dg1: Use revid->stepping tables (jsc#SLE-22601). - drm/i915/rkl: Use revid->stepping tables (jsc#SLE-22601). - drm/i915/jsl_ehl: Use revid->stepping tables (jsc#SLE-22601). - drm/i915/icl: Use revid->stepping tables (jsc#SLE-22601). - drm/i915/glk: Use revid->stepping tables (jsc#SLE-22601). - drm/i915/bxt: Use revid->stepping tables (jsc#SLE-22601). - drm/i915/kbl: Drop pre-production revision from stepping table (jsc#SLE-22601). - drm/i915/skl: Use revid->stepping tables (jsc#SLE-22601). - drm/i915: Make pre-production detection use direct revid comparison (jsc#SLE-22601). - drm/i915/step: s/_revid_tbl/_revids (jsc#SLE-22601). - drm/i915/uapi: convert drm_i915_gem_set_domain to kernel doc (jsc#SLE-22601). - drm/i915/uapi: convert drm_i915_gem_caching to kernel doc (jsc#SLE-22601). - drm/i915/guc: Module load failure test for CT buffer creation (jsc#SLE-22601). - drm/i915/guc: Optimize CTB writes and reads (jsc#SLE-22601). - drm/i915/guc: Add stall timer to non blocking CTB send function (jsc#SLE-22601). - drm/i915/guc: Add non blocking CTB send function (jsc#SLE-22601). - drm/i915/guc: Increase size of CTB buffers (jsc#SLE-22601). - drm/i915/guc: Improve error message for unsolicited CT response (jsc#SLE-22601). - drm/i915/guc: Relax CTB response timeout (jsc#SLE-22601). - drm/i915/adl_s: Extend Wa_1406941453 (jsc#SLE-22601). - drm/i915: Implement Wa_1508744258 (jsc#SLE-22601). - drm/i915: Settle on "adl-x" in WA comments (jsc#SLE-22601). - drm/i915: use consistent CPU mappings for pin_map users (jsc#SLE-22601). - drm/i915: Finalize contexts in GEM_CONTEXT_CREATE on version 13+ (jsc#SLE-22601). - drm/i915/gem: Roll all of context creation together (jsc#SLE-22601). - i915/gem/selftests: Assign the VM at context creation in igt_shared_ctx_exec (jsc#SLE-22601). - drm/i915/selftests: Take a VM in kernel_context() (jsc#SLE-22601). - drm/i915/gem: Don't allow changing the engine set on running contexts (v3) (jsc#SLE-22601). - drm/i915/gem: Don't allow changing the VM on running contexts (v4) (jsc#SLE-22601). - drm/i915/gem: Delay context creation (v3) (jsc#SLE-22601). - drm/i915/gt: Drop i915_address_space::file (v2) (jsc#SLE-22601). - drm/i915/gem: Return an error ptr from context_lookup (jsc#SLE-22601). - drm/i915/gem: Use the proto-context to handle create parameters (v5) (jsc#SLE-22601). - drm/i915/gem: Make an alignment check more sensible (jsc#SLE-22601). - drm/i915: Add an i915_gem_vm_lookup helper (jsc#SLE-22601). - drm/i915/gem: Optionally set SSEU in intel_context_set_gem (jsc#SLE-22601). - drm/i915/gem: Rework error handling in default_engines (jsc#SLE-22601). - drm/i915/gem: Add an intermediate proto_context struct (v5) (jsc#SLE-22601). - drm/i915: Add gem/i915_gem_context.h to the docs (jsc#SLE-22601). - drm/i915/gem: Add a separate validate_priority helper (jsc#SLE-22601). - drm/i915: Stop manually RCU banging in reset_stats_ioctl (v2) (jsc#SLE-22601). - drm/i915/gem: Disallow creating contexts with too many engines (jsc#SLE-22601). - drm/i915/request: Remove the hook from await_execution (jsc#SLE-22601). - drm/i915/gem: Remove engine auto-magic with FENCE_SUBMIT (v2) (jsc#SLE-22601). - drm/i915/gem: Disallow bonding of virtual engines (v3) (jsc#SLE-22601). - drm/i915: Drop getparam support for I915_CONTEXT_PARAM_ENGINES (jsc#SLE-22601). - drm/i915: Implement SINGLE_TIMELINE with a syncobj (v4) (jsc#SLE-22601). - drm/i915: Drop the CONTEXT_CLONE API (v2) (jsc#SLE-22601). - drm/i915/gem: Return void from context_apply_all (jsc#SLE-22601). - drm/i915/gem: Set the watchdog timeout directly in intel_context_set_gem (v2) (jsc#SLE-22601). - drm/i915: Drop I915_CONTEXT_PARAM_NO_ZEROMAP (jsc#SLE-22601). - drm/i915: Stop storing the ring size in the ring pointer (v3) (jsc#SLE-22601). - drm/i915: Drop I915_CONTEXT_PARAM_RINGSIZE (jsc#SLE-22601). - drm/i915/adlp: Add ADL-P GuC/HuC firmware files (jsc#SLE-22601). - drm/i915/huc: Update TGL and friends to HuC 7.9.3 (jsc#SLE-22601). - drm/i915/adl_s: Fix dma_mask_size to 39 bit (jsc#SLE-22601). - drm/i915/gt: finish INTEL_GEN and friends conversion (jsc#SLE-22601). - drm/i915/selftests: fix smatch warning in mock_reserve (jsc#SLE-22601). - drm/i915/selftests: fix smatch warning in igt_check_blocks (jsc#SLE-22601). - drm/i915: Improve debug Kconfig texts a bit (jsc#SLE-22601). - drm/i915/gtt: ignore min_page_size for paging structures (jsc#SLE-22601). - drm/i915: support forcing the page size with lmem (jsc#SLE-22601). - drm/i915/display: Migrate objects to LMEM if possible for display (jsc#SLE-22601). - drm/i915/gem: Introduce a selftest for the gem object migrate functionality (jsc#SLE-22601). - drm/i915/gem: Implement object migration (jsc#SLE-22601). - drm/i915/selftest: Extend ctx_timestamp ICL workaround to GEN11 (jsc#SLE-22601). - drm/i915/ttm: Use TTM for system memory (jsc#SLE-22601). - drm/i915/ttm: Adjust gem flags and caching settings after a move (jsc#SLE-22601). - drm/i915: Update object placement flags to be mutable (jsc#SLE-22601). - drm/i915/ttm: fix static warning (jsc#SLE-22601). - drm/i915/eb: Fix pagefault disabling in the first slowpath (jsc#SLE-22601). - drm/i915: Document the Virtual Engine uAPI (jsc#SLE-22601). - drm/i915/guc: Update firmware to v62.0.0 (jsc#SLE-22601). - drm/i915/guc: Introduce unified HXG messages (jsc#SLE-22601). - drm/i915: Move submission tasklet to i915_sched_engine (jsc#SLE-22601). - drm/i915: Update i915_scheduler to operate on i915_sched_engine (jsc#SLE-22601). - drm/i915: Add kick_backend function to i915_sched_engine (jsc#SLE-22601). - drm/i915: Move engine->schedule to i915_sched_engine (jsc#SLE-22601). - drm/i915: Move active tracking to i915_sched_engine (jsc#SLE-22601). - drm/i915: Reset sched_engine.no_priolist immediately after dequeue (jsc#SLE-22601). - drm/i915: Add i915_sched_engine_is_empty function (jsc#SLE-22601). - drm/i915: Move priolist to new i915_sched_engine object (jsc#SLE-22601). - drm/i915/selftests: add back the selftest() hook for the buddy (jsc#SLE-22601). - drm/i915/ttm: Fix incorrect assumptions about ttm_bo_validate() semantics (jsc#SLE-22601). - drm/i915: Add support for explicit L3BANK steering (jsc#SLE-22601). - drm/i915: Add GT support for multiple types of multicast steering (jsc#SLE-22601). - drm/i915: extract steered reg access to common function (jsc#SLE-22601). - drm/i915: Remove duplicate include of intel_region_lmem.h (jsc#SLE-22601). - drm/i915: Perform execbuffer object locking as a separate step (jsc#SLE-22601). - drm/i915/gem: Zap the i915_gem_object_blt code (jsc#SLE-22601). - drm/i915/gem: Zap the client blt code (jsc#SLE-22601). - drm/i915/ttm: accelerated move implementation (jsc#SLE-22601). - drm/i915/gt: Setup a default migration context on the GT (jsc#SLE-22601). - drm/i915/gt: Pipelined clear (jsc#SLE-22601). - drm/i915/gt: Pipelined page migration (jsc#SLE-22601). - drm/i915/gt: Export the pinned context constructor and destructor (jsc#SLE-22601). - drm/i915/gt: Add a routine to iterate over the pagetables of a GTT (jsc#SLE-22601). - drm/i915/gt: Add an insert_entry for gen8_ppgtt (jsc#SLE-22601). - drm/i915: Introduce a ww transaction helper (jsc#SLE-22601). - drm/i915: Break out dma_resv ww locking utilities to separate files (jsc#SLE-22601). - drm/i915: Reference objects on the ww object list (jsc#SLE-22601). - drm/i915/ttm: remove unused function (jsc#SLE-22601). - drm/i915/gem: Remove duplicated call to ops->pread (jsc#SLE-22601). - drm/i915/ttm: restore min_page_size behaviour (jsc#SLE-22601). - drm/i915/ttm: switch over to ttm_buddy_man (jsc#SLE-22601). - drm/i915/ttm: remove node usage in our naming (jsc#SLE-22601). - drm/i915/ttm: pass along the I915_BO_ALLOC_CONTIGUOUS (jsc#SLE-22601). - drm/i915/ttm: Calculate the object placement at get_pages time (jsc#SLE-22601). - drm/i915/ttm: add i915_sg_from_buddy_resource (jsc#SLE-22601). - drm/i915/ttm: add ttm_buddy_man (jsc#SLE-22601). - drm/i915/ttm: Fix memory leaks (jsc#SLE-22601). - drm/i915/adl_p: Add initial ADL_P Workarounds (jsc#SLE-22601). - drm/i915: Simplify userptr locking (jsc#SLE-22601). Refresh patches.suse/lib-scatterlist-Provide-a-dedicated-function-to-supp.patch. - drm/i915: Fix busy ioctl commentary (jsc#SLE-22601). - drm/aperture: Pass DRM driver structure instead of driver name (jsc#SLE-22601). - drm/i915: Track IRQ state in local device state (jsc#SLE-22601). - dma-buf: add dma_fence_chain_alloc/free v3 (jsc#SLE-22601). - drm/i915: Use ttm mmap handling for ttm bo's (jsc#SLE-22601). - drm/vma: Add a driver_private member to vma_node (jsc#SLE-22601). - drm/i915/lmem: Verify checks for lmem residency (jsc#SLE-22601). - drm/i915/ttm: Introduce a TTM i915 gem object backend (jsc#SLE-22601). Refresh patches.suse/lib-scatterlist-Provide-a-dedicated-function-to-supp.patch. - drm/dp: Extract i915's eDP backlight code into DRM helpers (jsc#SLE-22601). - drm/i915/dpcd_bl: Print return codes for VESA backlight failures (jsc#SLE-22601). - drm/i915/dpcd_bl: Return early in vesa_calc_max_backlight if we can't read PWMGEN_BIT_COUNT (jsc#SLE-22601). - drm/i915/dpcd_bl: Move VESA backlight enabling code closer together (jsc#SLE-22601). - drm/i915/dpcd_bl: Cache some backlight capabilities in intel_panel.backlight (jsc#SLE-22601). - drm/i915/dpcd_bl: Cleanup intel_dp_aux_vesa_enable_backlight() a bit (jsc#SLE-22601). - drm/i915/dpcd_bl: Handle drm_dpcd_read/write() return values correctly (jsc#SLE-22601). - drm/i915/dpcd_bl: Remove redundant AUX backlight frequency calculations (jsc#SLE-22601). - gpu/drm/i915: nuke old GEN macros (jsc#SLE-22601). - drm/i915: finish INTEL_GEN and friends conversion (jsc#SLE-22601). - drm/i915/hdcp: Nuke Platform check for mst hdcp init (jsc#SLE-22601). - drm/i915/display: check if compressed_llb was allocated (jsc#SLE-22601). - drm/i915/display: Fix state mismatch in drm infoframe (jsc#SLE-22601). - drm/i915/ehl: Remove require_force_probe protection (jsc#SLE-22601). - drm/i915/jsl: Remove require_force_probe protection (jsc#SLE-22601). - drm/i915/display: use max_level to control loop (jsc#SLE-22601). - drm/i915/display: fix level 0 adjustement on display ver >= 12 (jsc#SLE-22601). - drm/i915/display/adl_p: Implement Wa_16011303918 (jsc#SLE-22601). - drm/i915/xelpd: Handle PSR2 SDP indication in the prior scanline (jsc#SLE-22601). - drm/i915/display/adl_p: Implement Wa_16011168373 (jsc#SLE-22601). - drm/i915/display/adl_p: Implement Wa_22012278275 (jsc#SLE-22601). - drm/i915/display/psr: Handle SU Y granularity (jsc#SLE-22601). - drm/i915: s/intel_crtc/crtc/ (jsc#SLE-22601). - drm/i915: Clean up intel_fbdev_init_bios() a bit (jsc#SLE-22601). - drm/i915: Clean up pre-skl wm calling convention (jsc#SLE-22601). - drm/i915: Clean up intel_find_initial_plane_obj() a bit (jsc#SLE-22601). - drm/i915: Clean up intel_get_load_detect_pipe() a bit (jsc#SLE-22601). - drm/i915: Stop hand rolling drm_crtc_mask() (jsc#SLE-22601). - drm/i915/fbc: Allocate llb before cfb (jsc#SLE-22601). - drm/i915/fbc: Make the cfb allocation loop a bit more legible (jsc#SLE-22601). - drm/i915/fbc: Extract intel_fbc_stolen_end() (jsc#SLE-22601). - drm/i915/fbc: Introduce g4x_dpfc_ctl_limit() (jsc#SLE-22601). - drm/i915/fbc: Handle 16bpp compression limit better (jsc#SLE-22601). - drm/i915/fbc: Don't pass around the mm node (jsc#SLE-22601). - drm/i915/fbc: Embed the compressed_llb node (jsc#SLE-22601). - drm/i915/fbc: Extract intel_fbc_program_cfb() (jsc#SLE-22601). - drm/i915/fbc: s/threshold/limit/ (jsc#SLE-22601). - drm/i915: Add the missing adls vswing tables (jsc#SLE-22601). - drm/i915: Nuke buf_trans hdmi functions (jsc#SLE-22601). - drm/i915: Clean up jsl/ehl buf trans functions (jsc#SLE-22601). - drm/i915: Fix ehl edp hbr2 vswing table (jsc#SLE-22601). - drm/i915: keep backlight_enable on until turn eDP display off (jsc#SLE-22601). - drm/i915: Deduplicate icl DP HBR2 vs. eDP HBR3 table (jsc#SLE-22601). - drm/i915: Fix dg1 buf trans tables (jsc#SLE-22601). - drm/i915: Introduce rkl_get_combo_buf_trans() (jsc#SLE-22601). - drm/i915: Clean up hsw/bdw/skl/kbl buf trans funcs (jsc#SLE-22601). - drm/i915: Introduce encoder->get_buf_trans() (jsc#SLE-22601). - drm/i915: Store the HDMI default entry in the bug trans struct (jsc#SLE-22601). - drm/i915; Return the whole buf_trans struct from get_buf_trans() (jsc#SLE-22601). - drm/i915: Introduce intel_get_buf_trans() (jsc#SLE-22601). - drm/i915: Wrap the buf trans tables into a struct (jsc#SLE-22601). - drm/i915: Rename dkl phy buf trans tables (jsc#SLE-22601). - drm/i915: Wrap the platform specific buf trans structs into a union (jsc#SLE-22601). - drm/i915: Introduce hsw_get_buf_trans() (jsc#SLE-22601). - drm/i915: s/intel/hsw/ for hsw/bdw/skl buf trans (jsc#SLE-22601). - drm/i915/adl_p: Load DMC (jsc#SLE-22601). - drm/i915/adl_p: Pipe B DMC Support (jsc#SLE-22601). - drm/i915/xelpd: Pipe A DMC plugging (jsc#SLE-22601). - drm/i915/dmc: Introduce DMC_FW_MAIN (jsc#SLE-22601). - drm/i915: Force a TypeC PHY disconnect during suspend/shutdown (jsc#SLE-22601). - drm/i915/xelpd: break feature inheritance (jsc#SLE-22601). - drm/i915: apply WaEnableVGAAccessThroughIOPort as needed (jsc#SLE-22601). - commit a14349b - block: Hold invalidate_lock in BLKZEROOUT ioctl (bsc#1183392). This patch series fixes the block/009 test which can fail with a low failure rate of about 1/1400. I've tested this series with kernel-ci against the baseline and found no regressions. - block: Hold invalidate_lock in BLKDISCARD ioctl (bsc#1183392). - mm: Add functions to lock invalidate_lock for two mappings (bsc#1183392). - mm: Protect operations adding pages to page cache with invalidate_lock (bsc#1183392). - commit 2ea6207 - printk: restore flushing of NMI buffers on remote CPUs after NMI backtraces (bsc#1192988). - commit 21c31a1 - printk: Remove printk.h inclusion in percpu.h (bsc#1192987). - commit b339baf - ethernet: chelsio: use eth_hw_addr_set() (jsc#SLE-18992). - net: chelsio: cxgb4vf: Make use of the helper function dev_err_probe() (jsc#SLE-18992). - cxgb4: Search VPD with pci_vpd_find_ro_info_keyword() (jsc#SLE-18992). - cxgb4: Remove unused vpd_param member ec (jsc#SLE-18992). - cxgb4: Validate VPD checksum with pci_vpd_check_csum() (jsc#SLE-18992). - cxgb4: Properly revert VPD changes (jsc#SLE-18992). - cxgb4: improve printing NIC information (jsc#SLE-18992). - net: chelsio: switch from 'pci_' to 'dma_' API (jsc#SLE-18992). - Revert "cxgb4: Validate VPD checksum with pci_vpd_check_csum()" (jsc#SLE-18992). - Revert "Revert "cxgb4: Search VPD with pci_vpd_find_ro_info_keyword()"" (jsc#SLE-18992). - Revert "cxgb4: Search VPD with pci_vpd_find_ro_info_keyword()" (jsc#SLE-18992). - cxgb4: Search VPD with pci_vpd_find_ro_info_keyword() (jsc#SLE-18992). - cxgb4: Remove unused vpd_param member ec (jsc#SLE-18992). - cxgb4: Validate VPD checksum with pci_vpd_check_csum() (jsc#SLE-18992). - cxgb4: make the array match_all_mac static, makes object smaller (jsc#SLE-18992). - commit e59b97c - RDMA/nldev: Check stat attribute before accessing it (jsc#SLE-19249). - RDMA/mlx4: Do not fail the registration on port stats (jsc#SLE-19255). - IB/hfi1: Properly allocate rdma counter desc memory (jsc#SLE-19242). - RDMA/core: Set send and receive CQ before forwarding to the driver (jsc#SLE-19249). - i40e: Fix display error code in dmesg (jsc#SLE-18378). - i40e: Fix creation of first queue by omitting it if is not power of two (jsc#SLE-18378). - i40e: Fix warning message and call stack during rmmod i40e driver (jsc#SLE-18378). - i40e: Fix ping is lost after configuring ADq on VF (jsc#SLE-18378). - i40e: Fix changing previously set num_queue_pairs for PFs (jsc#SLE-18378). - i40e: Fix NULL ptr dereference on VSI filter sync (jsc#SLE-18378). - i40e: Fix correct max_pkt_size on VF RX queue (jsc#SLE-18378). - devlink: Don't throw an error if flash notification sent before devlink visible (jsc#SLE-19253). - net/mlx5: E-Switch, return error if encap isn't supported (jsc#SLE-19253). - net/mlx5: Lag, update tracker when state change event received (jsc#SLE-19253). - net/mlx5e: CT, Fix multiple allocations and memleak of mod acts (jsc#SLE-19253). - net/mlx5: Fix flow counters SF bulk query len (jsc#SLE-19253). - net/mlx5: E-Switch, rebuild lag only when needed (jsc#SLE-19253). - net/mlx5: Update error handler for UCTX and UMEM (jsc#SLE-19253). - net/mlx5: DR, Fix check for unsupported fields in match param (jsc#SLE-19253). - net/mlx5: DR, Handle eswitch manager and uplink vports separately (jsc#SLE-19253). - net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() (jsc#SLE-19253). - net/mlx5: E-Switch, Fix resetting of encap mode when entering switchdev (jsc#SLE-19253). - net/mlx5e: Wait for concurrent flow deletion during neigh/fib events (jsc#SLE-19253). - net/mlx5e: kTLS, Fix crash in RX resync flow (jsc#SLE-19253). - net: sched: act_mirred: drop dst for the direction from egress to ingress (git-fixes). - bnxt_en: Fix compile error regression when CONFIG_BNXT_SRIOV is not set (jsc#SLE-18978). - udp: Validate checksum in udp_read_sock() (git-fixes). - xsk: Fix crash on double free in buffer pool (jsc#SLE-18375). - iavf: Restore VLAN filters after link down (jsc#SLE-18385). - iavf: Fix for setting queues to 0 (jsc#SLE-18385). - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (jsc#SLE-18385). - iavf: validate pointers (jsc#SLE-18385). - iavf: prevent accidental free of filter structure (jsc#SLE-18385). - iavf: Fix failure to exit out from last all-multicast mode (jsc#SLE-18385). - iavf: don't clear a lock we don't hold (jsc#SLE-18385). - iavf: free q_vectors before queues in iavf_disable_vf (jsc#SLE-18385). - iavf: check for null in iavf_fix_features (jsc#SLE-18385). - iavf: Fix return of set the new channel count (jsc#SLE-18385). - bnxt_en: reject indirect blk offload when hw-tc-offload is off (jsc#SLE-18978). - bnxt_en: fix format specifier in live patch error message (jsc#SLE-18978). - bnxt_en: extend RTNL to VF check in devlink driver_reinit (jsc#SLE-18978). - net: bnx2x: fix variable dereferenced before check (jsc#SLE-18274). - ethernet: bnx2x: use eth_hw_addr_set() (jsc#SLE-18274). - bnx2x: Search VPD with pci_vpd_find_ro_info_keyword() (jsc#SLE-18274). - bnx2x: Read VPD with pci_vpd_alloc() (jsc#SLE-18274). - bnx2x: remove unused variable 'cur_data_offset' (jsc#SLE-18274). - commit 4626034 - kernel-source.spec: install-kernel-tools also required on 15.4 - commit 6cefb55 ++++ mozilla-nss: - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. ++++ osinfo-db: - jsc#SLE-17764 - Dev: Support Oracle Linux as a guest VM. See also bsc#1192238 [Build58.2][KVM] The latest supported OracleLinux as guest versions are not included anywhere add-missing-oracle-linux-versions.patch ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#539 - add kernel modules for MPS3 USB (jsc#SLE-20148) - 16.57.9 - merge gh#openSUSE/installation-images#545 - ensure crypto-policies are added properly (bsc#1183082, bsc#1192957) - 16.57.8 ++++ virt-manager: - jsc#SLE-17735 - Support Oracle Linux as a guest VM. See also bsc#1192238 [Build58.2][KVM] The latest supported OracleLinux as guest versions are not included anywhere virtinst-add-oracle-linux-support.patch ------------------------------------------------------------------ ------------------ 2021-11-22 - Nov 22 2021 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.148.g65e8258f: * fix(dracut.spec): update dependency for suse-module-tools - Update to version 055+suse.146.g71f186fa: * fix(network-legacy): route parsing issues in ifup (bsc#1182688) * fix(systemd-udevd): make collect optional (bsc#1177870) * style(dracut.sh): remove redundant script header * fix(dracut.sh): change misspelled variable name * fix(dracut.sh): remove wrong $ in loop sequence * chore(suse): update spec * fix(90kernel-modules): add isp1760 USB controller * fix(iscsi): add support for the new iscsiadm "no-wait" (-W) command (bsc#1187190) * ci(suse.conf.example): optimal compression parameters for zstd * feat(dracut.sh): check if target kernel has zstd support compiled in * ci(suse.conf.example): change default compression option for SUSE ++++ transactional-update: - Version 4.0.0~rc1 This release is API, but not ABI compatible with previous releases; existing applications will have to be recompiled against this new version. Major features: - Introduces a D-Bus service to access the libtukit API via the org.opensuse.tukit.Transaction interface - Introduces a C binding via libtukit.h. Other changes: - t-u: Rework --quiet handling to make sure no output is shown even in error cases; this is necessary for automation, e.g. with Salt. [gh#openSUSE/transactional-update#73] - tukit: Allow storing command output into variable by introducing a new optional parameter for "execute" and "callExt". - Replace multiple and non-standalone occurenses of {} in "callExt" argument. - Split transactional-update.timer into transactional-update.timer and transactional-update-cleanup.timer; the later will clean up old snapshots even when the system does not do automatic updates. - tukit: Remove legacy alias "setDiscard" for "setDiscardIfUnchanged". - Throw exception if snapshot is not found. - Fix various compiler warnings - Update spec file: - Include tukitd D-Bus daemon - Only install one version of the library (as there are no breaking API changes yet) - Add %pre scriplets for systemd services - Replace %systemd_postun scriptlets with %systemd_postun_with_restart to satisfy rpmlint checks - Add transactional-update log file as %ghost file ++++ kernel-default: - dmanegine: idxd: fix resource free ordering on driver removal (git-fixes). - ALSA: usb-audio: Fix possible race at sync of urb completions (git-fixes). - Bluetooth: call sock_hold earlier in sco_conn_del (git-fixes). - commit c31b8d8 - blacklist.conf: 70a9ac36ffd8 ("f2fs: fix up f2fs_lookup tracepoints") CONFIG_F2FS_FS is not set anywhere. - commit 192a1c3 - tracing/histogram: Do not copy the fixed-size char array field over the field size (git-fixes). - commit c8df0a0 - blacklist.conf: 172f7ba9772c ("ftrace: Make ftrace_profile_pages_init static") A cosmetic fix. - commit 99f4114 - tracing: use %ps format string to print symbols (git-fixes). - commit 11044ff - Drivers: hv: vmbus: Initialize VMbus ring buffer for Isolation VM (bsc#1183682). - Update config files. - commit a524613 - config: disable unprivileged BPF by default (jsc#SLE-22573) Backport of mainline commit 8a03e56b253e ("bpf: Disallow unprivileged bpf by default") only changes kconfig default, used e.g. for "make oldconfig" when the config option is missing, but does not update our kernel configs used for build. Update also these to make sure unprivileged BPF is really disabled by default. - commit 4a1e78c - Drivers: hv: vmbus: Add SNP support for VMbus channel initiate message (bsc#1183682). - x86/hyperv: Add ghcb hvcall support for SNP VM (bsc#1183682). - x86/hyperv: Add Write/Read MSR registers via ghcb page (bsc#1183682). - Drivers: hv: vmbus: Mark vmbus ring buffer visible to host in Isolation VM (bsc#1183682). - x86/hyperv: Add new hvcall guest address host visibility support (bsc#1183682). - x86/hyperv: Initialize shared memory boundary in the Isolation VM (bsc#1183682). - x86/hyperv: Initialize GHCB page in Isolation VM (bsc#1183682). - x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV (bsc#1183682). - commit 7b9b378 - x86/sev: Allow #VC exceptions on the VC2 stack (git-fixes). - commit a295ccf - pstore/blk: Use "%lu" to format unsigned long (git-fixes). - commit 4c246a2 - Linux 5.14.21 (stable-5.14.21). - commit ccb8dac - Revert "ACPI: scan: Release PM resources blocked by unused objects" (stable-5.14.21). - KVM: Fix steal time asm constraints (stable-5.14.21). - parisc/entry: fix trace test in syscall exit path (stable-5.14.21). - PCI/MSI: Destroy sysfs before freeing entries (stable-5.14.21). - PCI: Add MSI masking quirk for Nvidia ION AHCI (stable-5.14.21). - PCI/MSI: Deal with devices lying about their MSI mask capability (stable-5.14.21). - perf/core: Avoid put_page() when GUP fails (stable-5.14.21). - thermal: Fix NULL pointer dereferences in of_thermal_ functions (stable-5.14.21). - Bluetooth: btusb: Add support for TP-Link UB500 Adapter (stable-5.14.21). - fortify: Explicitly disable Clang support (stable-5.14.21). - loop: Use blk_validate_block_size() to validate block size (stable-5.14.21). - block: Add a helper to validate the block size (stable-5.14.21). - bootconfig: init: Fix memblock leak in xbc_make_cmdline() (stable-5.14.21). - commit 5099a2b - Update patch references for stable-5.14.21 - commit b78e4e4 ++++ ceph: - Update to 16.2.6-463-g22e7612f9ad: + (bsc#1178073) mgr/dashboard: fix downstream NFS doc links ++++ systemd: - Import commit dcd562c17a5bd8df60aff757c9a4c823b1da9144 (merge of v249.7) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/a7d5fcde94e2351f6cdd1826726c52e22c9355f9...dcd562c17a5bd8df60aff757c9a4c823b1da9144 - Import commit a7d5fcde94e2351f6cdd1826726c52e22c9355f9 f99aa40c6e TEST-12: make sure 'adm' group exist 6c7194ff99 TEST-08: don't force ext4 for / dd1814b8f9 test: use kbd-mode-map we ship in one more test case 94c5febf2a test: fix TEST-10-ISSUE-2467 - Update the dependencies of the systemd-testsuite sub-package ++++ netcat-openbsd: - Fix download URL. Debian has purged older versions from their servers. ++++ yast2-trans: - Update to version 84.87.20211121.6ee9157350: * Translated using Weblate (Catalan) * New POT for text domain 'autoinst'. * Translated using Weblate (Slovak) * New POT for text domain 'control'. * Translated using Weblate (Slovak) * New POT for text domain 'storage'. * Translated using Weblate (Japanese) * New POT for text domain 'vpn'. * New POT for text domain 'users'. * New POT for text domain 'update'. * New POT for text domain 'tune'. * New POT for text domain 'tftp-server'. * New POT for text domain 'sysconfig'. * New POT for text domain 'support'. * New POT for text domain 'sudo'. * New POT for text domain 'storage'. * New POT for text domain 'squid'. * New POT for text domain 'sound'. * New POT for text domain 'snapper'. * New POT for text domain 'slp-server'. * New POT for text domain 'services-manager'. * New POT for text domain 'security'. * New POT for text domain 'scanner'. * New POT for text domain 'samba-server'. * New POT for text domain 'samba-client'. * New POT for text domain 's390'. * New POT for text domain 'registration'. * New POT for text domain 'rear'. * New POT for text domain 'proxy'. * New POT for text domain 'printer'. * New POT for text domain 'pam'. * New POT for text domain 'packager'. * New POT for text domain 'online-update-configuration'. * New POT for text domain 'online-update'. * New POT for text domain 'oneclickinstall'. * New POT for text domain 'ntp-client'. * New POT for text domain 'nis_server'. * New POT for text domain 'nis'. * New POT for text domain 'nfs_server'. * New POT for text domain 'nfs'. * New POT for text domain 'network'. * New POT for text domain 'migration'. * New POT for text domain 'mail'. * New POT for text domain 'ldap-client'. * New POT for text domain 'ldap'. * New POT for text domain 'kdump'. * New POT for text domain 'journalctl'. * New POT for text domain 'journal'. * New POT for text domain 'isns'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'instserver'. * New POT for text domain 'installation'. * New POT for text domain 'http-server'. * New POT for text domain 'ftp-server'. * New POT for text domain 'firewall'. * New POT for text domain 'fcoe-client'. * New POT for text domain 'drbd'. * New POT for text domain 'docker'. * New POT for text domain 'dns-server'. * New POT for text domain 'dhcp-server'. * New POT for text domain 'crowbar'. * New POT for text domain 'country'. * New POT for text domain 'control'. * New POT for text domain 'configuration_management'. * New POT for text domain 'cluster'. * New POT for text domain 'cio'. * New POT for text domain 'caasp'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * New POT for text domain 'autoinst'. * New POT for text domain 'authserver'. * New POT for text domain 'auth-client'. * New POT for text domain 'audit-laf'. * New POT for text domain 'apparmor'. * New POT for text domain 'alternatives'. * New POT for text domain 'add-on'. * New POT for text domain 'vpn'. * New POT for text domain 'users'. * New POT for text domain 'update'. * New POT for text domain 'tune'. * New POT for text domain 'tftp-server'. * New POT for text domain 'sysconfig'. * New POT for text domain 'support'. * New POT for text domain 'sudo'. * New POT for text domain 'storage'. * New POT for text domain 'squid'. * New POT for text domain 'sound'. * New POT for text domain 'snapper'. * New POT for text domain 'slp-server'. * New POT for text domain 'services-manager'. * New POT for text domain 'security'. * New POT for text domain 'scanner'. * New POT for text domain 'samba-server'. * New POT for text domain 'samba-client'. * New POT for text domain 's390'. * New POT for text domain 'registration'. * New POT for text domain 'rear'. * New POT for text domain 'proxy'. * New POT for text domain 'printer'. * New POT for text domain 'pam'. * New POT for text domain 'packager'. * New POT for text domain 'online-update-configuration'. * New POT for text domain 'online-update'. * New POT for text domain 'oneclickinstall'. * New POT for text domain 'ntp-client'. * New POT for text domain 'nis_server'. * New POT for text domain 'nis'. * New POT for text domain 'nfs_server'. * New POT for text domain 'nfs'. * New POT for text domain 'network'. * New POT for text domain 'migration'. * New POT for text domain 'mail'. * New POT for text domain 'ldap-client'. * New POT for text domain 'ldap'. * New POT for text domain 'kdump'. * New POT for text domain 'journalctl'. * New POT for text domain 'journal'. * New POT for text domain 'isns'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'instserver'. * New POT for text domain 'installation'. * New POT for text domain 'http-server'. * New POT for text domain 'ftp-server'. * New POT for text domain 'firewall'. * New POT for text domain 'fcoe-client'. * New POT for text domain 'drbd'. * New POT for text domain 'docker'. * New POT for text domain 'dns-server'. * New POT for text domain 'dhcp-server'. * New POT for text domain 'crowbar'. * New POT for text domain 'country'. * New POT for text domain 'control'. * New POT for text domain 'configuration_management'. * New POT for text domain 'cluster'. * New POT for text domain 'cio'. * New POT for text domain 'caasp'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * New POT for text domain 'autoinst'. * New POT for text domain 'authserver'. * New POT for text domain 'auth-client'. * New POT for text domain 'audit-laf'. * New POT for text domain 'apparmor'. * New POT for text domain 'alternatives'. * New POT for text domain 'add-on'. * New POT for text domain 'registration'. * New POT for text domain 'packager'. * New POT for text domain 'installation'. * New POT for text domain 'base'. * New POT for text domain 'autoinst'. ------------------------------------------------------------------ ------------------ 2021-11-21 - Nov 21 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Revert "mark pstore-blk as broken" (git-fixes). - Update config files. - supported.conf: adjust for pstore_blk and co - commit 79eccc2 - pinctrl: qcom: sm8350: Correct UFS and SDC offsets (git-fixes). - pinctrl: qcom: sdm845: Enable dual edge errata (git-fixes). - pinctrl: ralink: include 'ralink_regs.h' in 'pinctrl-mt7620.c' (git-fixes). - ACPI: Add stubs for wakeup handler functions (git-fixes). - commit 7d34774 ++++ libcap: - libcap 2.61: * Better error handling of the numerical arguments for capsh and setcap * Fix executable mode for all of the .so files. There were two situations where this was failing (with a hard to debug SIGSEGV inside libc) * Added an example of a shared library object with its own file capability * Fix the top-level include for Make.Rules in the contrib/sucap example application * Add support for running constructors at libcap.so start up time when running as stand alone binary. - includes changes from 2.60: * Some build, code linting fixes, the addition of the cap_fill_flag() API and a memory latency optimization * General improvement in thread safety for libcap and cap package * Minor API change replacing libcap:cap_launch_*() void returning functions with int + errno status returns. * Added a cap_iab_dup(), and (*cap.IAB).Dup() to API * New features for capsh: --quiet, -+ and =+ arguments - add upstream signing key and verify source signature ------------------------------------------------------------------ ------------------ 2021-11-20 - Nov 20 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: add media patch entry that was already picked up - commit 262559d - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (bsc#1192473). - commit a604fd5 - NFC: reorder the logic in nfc_{un,}register_device (git-fixes). - Refresh patches.suse/NFC-SUSE-specific-brutal-fix-for-runtime-PM.patch. - commit 58d673a - Revert "drm/i915/tgl/dsi: Gate the ddi clocks after pll mapping" (git-fixes). - fbdev: Prevent probing generic drivers if a FB is already registered (git-fixes). - drm/cma-helper: Release non-coherent memory with dma_free_noncoherent() (git-fixes). - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (git-fixes). - thermal: int340x: Limit Kconfig to 64-bit (git-fixes). - platform/x86: think-lmi: Abort probe on analyze failure (git-fixes). - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes). - spi: fix use-after-free of the add_lock mutex (git-fixes). - e100: fix device suspend/resume (git-fixes). - NFC: add NCI_UNREG flag to eliminate the race (git-fixes). - NFC: reorganize the functions in nci_request (git-fixes). - mac80211: fix monitor_sdata RCU/locking assertions (git-fixes). - mac80211: drop check for DONT_REORDER in __ieee80211_select_queue (git-fixes). - nl80211: fix radio statistics in survey dump (git-fixes). - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (git-fixes). - docs: accounting: update delay-accounting.rst reference (git-fixes). - commit 195d274 - powerpc/pseries/svm: Add a powerpc version of cc_platform_has() (jsc#SLE-19924). - Update config files. - commit d22f826 ++++ colord: - Change to systemd-sysusers ------------------------------------------------------------------ ------------------ 2021-11-19 - Nov 19 2021 ------------------- ------------------------------------------------------------------ ++++ chrony: - SLE bugs that have been fixed in openSUSE up to this point without explicit references: bsc#1183783, bsc#1184400, bsc#1171806, bsc#1161119, bsc#1159840. - Obsoleted SLE patches: * chrony-fix-open.patch * chrony-gettimeofday.patch * chrony-ntp-era-split.patch * chrony-pidfile.patch * chrony-select-timeout.patch * chrony-urandom.patch * chrony.sysconfig * clknetsim-glibc-2.31.patch ++++ cni-plugin-dnsname: - Update to version 1.3.0: * Bump to v1.3.0 * Output version information when called directly * Do not error on del command * Cirrus: Remove unused $DEST_BRANCH definition * Cleanup dangling config files * Update F34beta -> F34 and U2010 -> U2104 * Cirrus: Add modern get_ci_vm support * Cirrus: Update to F34beta VM image * Bump to v1.2.0 * return dnsmasq errors * Update podman readme * Add dns search domain to cni result * Add AppArmor instruction in the Podman readme * fix typo in README_PODMAN * Added missing comma in README_PODMAN.md * Cirrus: Update to F33 and U2010 * Improve documentation of use with Podman * bump go-iptables version - Fix build on SLE and Leap ++++ containerd: - Update to containerd v1.4.12 for Docker 20.10.11-ce. bsc#1192814 bsc#1193273 CVE-2021-41190 ++++ transactional-update: - Version 3.6.2 - Bind mount root file system snapshot on itself, this makes the temporary directory in /tmp unnecessary; also fixes [boo#1188110] to return the correct snapshot's working directory via API call. - Use separate mount namespace for transactional-update; this should fix several applications that fail to run if a mount point has the 'unbindable' mount flag set ++++ kernel-default: - btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896). - btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896). - commit 09c9eb3 - blacklist.conf: Add b94f9ac79a73 cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem - commit b3581c2 - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1192547). - treewide: Replace the use of mem_encrypt_active() with cc_platform_has() (jsc#SLE-19924). - x86/sev: Replace occurrences of sev_es_active() with cc_platform_has() (jsc#SLE-19924). - x86/sev: Replace occurrences of sev_active() with cc_platform_has() (jsc#SLE-19924). - x86/sme: Replace occurrences of sme_active() with cc_platform_has() (jsc#SLE-19924). - x86/ioremap: Selectively build arch override encryption functions (jsc#SLE-19924). - powerpc/svm: Don't issue ultracalls if !mem_encrypt_active() (jsc#SLE-19924). - commit c6b9314 - memcg: replace in_interrupt() by !in_task() in active_memcg() (bsc#1192894). - commit 8c447eb - Update metadata patches.suse/bpf-cgroup-Assign-cgroup-in-cgroup_sk_alloc-when-cal.patch (stable-5.14.19 bsc#1191279). - Update metadata patches.suse/bpf-cgroups-Fix-cgroup-v2-fallback-on-v1-v2-mixed-mo.patch (stable-5.14.19 bsc#1191279). - commit 590ab5b - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - commit 0b78f1b ++++ libvirt: - virt-create-rootfs: Fix repository URLs Updated virt-create-rootfs.patch boo#1192318 ++++ makedumpfile: - Turn on zstd. ++++ rust-keylime: - Update to version 0.1.0+git.1637095429.d5a3191: * Run Fedora tests on unified Keylime test container * ima_emulator: Print error message when TCTI envvar is not set * Add keylime_ima_emulator executable for testing * Fix 0mq problem * ci: Check unit test coverage with cargo tarpaulin (#216) * config: merge with Python keylime.conf and remove unused entries * Add support for contact ip and port * common: move get env or from config into sperate function * keys_handler: Add unit tests * quotes_handler: Add unit tests (#265) * Fix bugs that occur after a delete and re-add from the tenant * Retain the main loop running after payload execution (#249) * keys_handler: verify HMAC in constant-time (#248) * build: Adjust package dependencies to compile in Fedora (#245) * Generate Cargo.lock file * Add Ueno as a maintainer and set codeowners * Fix clippy errors, update to newest TSS-ESAPI - Drop generate-cargo-lock-file.patch (already in upstream) ------------------------------------------------------------------ ------------------ 2021-11-18 - Nov 18 2021 ------------------- ------------------------------------------------------------------ ++++ cryptsetup: - cryptsetup 2.4.2: * Fix possible large memory allocation if LUKS2 header size is invalid. * Fix memory corruption in debug message printing LUKS2 checksum. * veritysetup: remove link to the UUID library for the static build. * Remove link to pwquality library for integritysetup and veritysetup. These tools do not read passphrases. * OpenSSL3 backend: avoid remaining deprecated calls in API. Crypto backend no longer use API deprecated in OpenSSL 3.0 * Check if kernel device-mapper create device failed in an early phase. This happens when a concurrent creation of device-mapper devices meets in the very early state. * Do not set compiler optimization flag for Argon2 KDF if the memory wipe is implemented in libc. * Do not attempt to unload LUKS2 tokens if external tokens are disabled. This allows building a static binary with - -disable-external-tokens. * LUKS convert: also check sysfs for device activity. If udev symlink is missing, code fallbacks to sysfs scan to prevent data corruption for the active device. ++++ dnsmasq: - bsc#1192529, dnsmasq-resolv-conf.patch: Fix a segfault when re-reading an empty resolv.conf - Remove "nogroup" membership from the dnsmasq user. ++++ docker: - Update to Docker 20.10.11-ce. See upstream changelog online at . bsc#1192814 bsc#1193273 CVE-2021-41190 - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch - Remove upstreamed patches: - 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch ++++ librsvg: - Disable testsuite for now, let upstream figure out the issue with harfbuzz 3.1.1. ++++ kernel-default: - Eradicate Patch-mainline: No The pre-commit check can reject this deprecated tag then. - Refresh patches.suse/acpi_thinkpad_introduce_acpi_root_table_boot_param.patch. - Refresh patches.suse/btrfs-provide-super_operations-get_inode_dev. - Refresh patches.suse/intel_idle-Disable-ACPI-_CST-on-Haswell.patch - commit 50b72c3 - pinctrl: tegra: Return const pointer from tegra_pinctrl_get_group() (jsc#SLE-20498). - usb: xhci: tegra: Check padctrl interrupt presence in device tree (git-fixes). - dmaengine: tegra210-adma: Override ADMA FIFO size (jsc#SLE-20498). - dmaengine: tegra210-adma: Add description for 'adma_get_burst_config' (jsc#SLE-20498). - dmaengine: tegra210-adma: Re-order 'has_outstanding_reqs' member (jsc#SLE-20498). - gpio: tegra186: Support multiple interrupts per bank (jsc#SLE-20498). - gpio: tegra186: Force one interrupt per bank (jsc#SLE-20498). - i2c: tegra: Ensure that device is suspended before driver is removed (git-fixes). - pinctrl: tegra: Fix warnings and error (jsc#SLE-20498). - pinctrl: tegra: Use correct offset for pin group (jsc#SLE-20498). - pinctrl: tegra: Add pinmux support for Tegra194 (jsc#SLE-20498). - pinctrl: tegra: include lpdr pin properties (jsc#SLE-20498). - usb: phy: tegra: Support OTG mode programming (git-fixes). - memory: tegra186-emc: Handle errors in BPMP response (jsc#SLE-20498). - soc/tegra: Add Tegra186 ARI driver (jsc#SLE-20498). - cpufreq: tegra186/tegra194: Handle errors in BPMP response (jsc#SLE-20498). - spi: tegra210-quad: Put device into suspend on driver removal (git-fixes). - regulator: Don't error out fixed regulator in regulator_sync_voltage() (git-fixes). - thermal/drivers/tegra-soctherm: Silence message about clamped temperature (git-fixes). - PCI: tegra194: Cleanup unused code (jsc#SLE-20498). - PCI: tegra194: Don't allow suspend when Tegra PCIe is in EP mode (jsc#SLE-20498). - PCI: tegra194: Disable interrupts before entering L2 (jsc#SLE-20498). - gpio: tegra186: Add ACPI support (jsc#SLE-20498). - clk: tegra: Remove CLK_IS_CRITICAL flag from fuse clock (git-fixes). - soc/tegra: fuse: Enable fuse clock on suspend for Tegra124 (git-fixes). - soc/tegra: fuse: Add runtime PM support (git-fixes). - soc/tegra: fuse: Clear fuse->clk on driver probe failure (git-fixes). - soc/tegra: pmc: Prevent racing with cpuilde driver (git-fixes). - ASoC: rt5640: Silence warning message about missing interrupt (git-fixes). - commit 1fc03e4 - Update config files: bump to 5.14.20 - commit c08e20b - Linux 5.14.20 (stable-5.14.20). - commit 1a4044c - Drop x86 patch to follow a stable-5.14.20 revert Other two (sched and x86 fixes) were reverted in 5.14.20 but we keep them Delete patches.suse/x86-Fix-__get_wchan-for-STACKTRACE.patch Update blacklist.conf - commit 6440d2c - x86/setup: Explicitly include acpi.h (bsc#1192825). - commit 915b5b4 ++++ libblockdev: - Fix lack of dependency on libblockdev-lvm needed by libblockdev package. The lvm-cache-stats binary needs the logical volume plugin to work (boo#1183948). ++++ makedumpfile: - Update to 1.7.0 * Zstandard (zstd) compression support * New -L option to limit output file size * Support of kernels up to v5.15 (x86_64) ++++ salt: - Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution - Add "--no-return-event" option to salt-call to prevent sending return event back to master. - Make "state.highstate" to acts on concurrent flag. - Use dnfnotify instead yumnotify for relevant distros - dnfnotify pkgset plugin implementation - Add rpm_vercmp python library support for version comparison - Prevent pkg plugins errors on missing cookie path (bsc#1186738) - Make "tar" as required for "salt-transactional-update" package - Make "salt-api" package to require python3-cherrypy on RHEL systems - Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412) - Added: * fix-traceback.print_exc-calls-for-test_pip_state-432.patch * mock-ip_addrs-in-utils-minions.py-unit-test-443.patch * add-rpm_vercmp-python-library-for-version-comparison.patch * prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch * refactor-and-improvements-for-transactional-updates-.patch * fix-the-regression-for-yumnotify-plugin-456.patch * dnfnotify-pkgset-plugin-implementation-3002.2-450.patch * fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch ++++ samba: - Fix dependency problem upgrading from libndr0 to libndr2 and from libsamba-credentials0 to libsamba-credentials1; (bsc#1192684); ++++ shared-mime-info: - Add fix-build-meson-0_60.patch: Fix build with meson 0.60 and newer. - Add drop-itstool-dep.patch: Drop itstool as it is no longer needed, upstream was missing this in the patch. Following this: drop itstool BuildRequires. ------------------------------------------------------------------ ------------------ 2021-11-17 - Nov 17 2021 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - use autopatch - update first two patches from git originals to have the same apply depth as the rest: - git-01-61c106aac03930e03935172eaf94d92c02a343bd.patch - git-02-4e5fe2a6ec5690b51a369d2134a1119962438fd1.patch - fix get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563) - git-37-dfc5b8af96bec249e44a83d573af1f95a661a85c.patch - support xz compressed kernel (bsc#1162581) - git-38-4c0060639f6fa854830a708a823976772afe7764.patch - Fixing possible resource leak - git-39-df622b89bc92fd882a6715c5743095528a643546.patch - excluding new kernel string in version search ++++ kernel-default: - iscsi_ibft: fix warning in reserve_ibft_region() (bsc#1191540). - commit 4ad3fae - e1000e: Add support for the next LOM generation (jsc#SLE-18382). - Refresh patches.suse/e1000e-Separate-TGP-board-type-from-SPT.patch. - commit 92196b6 - e1000e: Add support for Lunar Lake (jsc#SLE-18382). - Refresh patches.suse/e1000e-Separate-TGP-board-type-from-SPT.patch. - commit d86918a - e1000e: Remove redundant statement (jsc#SLE-18382). - ionic: no devlink_unregister if not registered (jsc#SLE-19282). - ionic: tame the filter no space message (jsc#SLE-19282). - ionic: allow adminq requests to override default error message (jsc#SLE-19282). - ionic: handle vlan id overflow (jsc#SLE-19282). - ionic: generic filter delete (jsc#SLE-19282). - ionic: generic filter add (jsc#SLE-19282). - ionic: add generic filter search (jsc#SLE-19282). - ionic: remove mac overflow flags (jsc#SLE-19282). - ionic: move lif mac address functions (jsc#SLE-19282). - ionic: add filterlist to debugfs (jsc#SLE-19282). - ionic: add lif param to ionic_qcq_disable (jsc#SLE-19282). - ionic: have ionic_qcq_disable decide on sending to hardware (jsc#SLE-19282). - ionic: add polling to adminq wait (jsc#SLE-19282). - ionic: widen queue_lock use around lif init and deinit (jsc#SLE-19282). - ionic: move lif mutex setup and delete (jsc#SLE-19282). - ionic: check for binary values in FW ver string (jsc#SLE-19282). - ionic: remove debug stats (jsc#SLE-19282). - ionic: Move devlink registration to be last devlink command (jsc#SLE-19282). - net: e1000e: solve insmod 'Unknown symbol mutex_lock' error (jsc#SLE-18382). - net/e1000e: Fix spelling mistake "The" -> "This" (jsc#SLE-18382). - e1000e: Add space to the debug print (jsc#SLE-18382). - e1000e: Additional PHY power saving in S0ix (jsc#SLE-18382). - e1000e: Add polling mechanism to indicate CSME DPG exit (jsc#SLE-18382). - e1000e: Add handshake with the CSME to support S0ix (jsc#SLE-18382). - commit 405902c - PCI: PM: Do not call platform_pci_power_manageable() unnecessarily (jsc#SLE-19359). - commit 18069d0 - PCI: PM: Make pci_choose_state() call pci_target_state() (jsc#SLE-19359). - commit 397bfa6 - PCI: PM: Rearrange pci_target_state() (jsc#SLE-19359). - commit 6bb9c14 - PCI: endpoint: Use sysfs_emit() in "show" functions (jsc#SLE-19359). - commit 9243675 - x86/mm/64: Improve stack overflow warnings (stable-5.14.19). - commit 041e862 - PCI: ACPI: PM: Do not use pci_platform_pm_ops for ACPI (jsc#SLE-19359). - commit 96c7dd9 - PCI: PM: Do not use pci_platform_pm_ops for Intel MID PM (jsc#SLE-19359). - commit 7e981c8 - PCI: Tidy comments (git-fixes). - commit 125067a - blacklist.conf: Add entries for 5.14.19 - commit 0010d42 - Update config files: stable 5.14.19 - commit 8d0019c - Linux 5.14.19 (stable-5.14.19). - commit a808eab - media: videobuf2-dma-sg: Fix buf->vb NULL pointer dereference (stable-5.14.19). - commit 3eaf65a - x86/sev: Make the #VC exception stacks part of the default stacks storage (stable-5.14.19). - media: videobuf2: always set buffer vb2 pointer (stable-5.14.19). - x86/sev: Add an x86 version of cc_platform_has() (stable-5.14.19). - arch/cc: Introduce a function to check for confidential computing features (stable-5.14.19). - IMA: reject unknown hash algorithms in ima_get_hash_algo (stable-5.14.19). - commit b6cc9f9 - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (stable-5.14.19). - drm/amd/display: Look at firmware version to determine using dmub on dcn21 (stable-5.14.19). - SUNRPC: Partial revert of commit 6f9f17287e78 (stable-5.14.19). - selftests/x86/iopl: Adjust to the faked iopl CLI/STI usage (stable-5.14.19). - selftests/bpf: Fix also no-alu32 strobemeta selftest (stable-5.14.19). - ath10k: fix invalid dma_addr_t token assignment (stable-5.14.19). - mmc: moxart: Fix null pointer dereference on pointer host (stable-5.14.19). - media: vidtv: move kfree(dvb) to vidtv_bridge_dev_release() (stable-5.14.19). - pinctrl: amd: Handle wake-up interrupt (stable-5.14.19). - pinctrl: amd: Add irq field data (stable-5.14.19). - commit f6cd2b6 - s390/cio: make ccw_device_dma_* more robust (stable-5.14.19). - s390/ap: Fix hanging ioctl caused by orphaned replies (stable-5.14.19). - powerpc/32e: Ignore ESR in instruction storage interrupt handler (stable-5.14.19). - powerpc/powernv/prd: Unregister OPAL_MSG_PRD2 notifier during module unload (stable-5.14.19). - powerpc/security: Use a mutex for interrupt exit code patching (stable-5.14.19). - powerpc/bpf: Fix write protecting JIT code (stable-5.14.19). - powerpc/64s/interrupt: Fix check_return_regs_valid() false positive (stable-5.14.19). - powerpc/pseries/mobility: ignore ibm, platform-facilities updates (stable-5.14.19). - powerpc/vas: Fix potential NULL pointer dereference (stable-5.14.19). - powerpc/85xx: fix timebase sync issue when CONFIG_HOTPLUG_CPU=n (stable-5.14.19). - commit c55257b - io-wq: serialize hash clear with wakeup (stable-5.14.19). - s390/cio: check the subchannel validity for dev_busid (stable-5.14.19). - s390/cpumf: cpum_cf PMU displays invalid value after hotplug remove (stable-5.14.19). - s390/tape: fix timer initialization in tape_std_assign() (stable-5.14.19). - PM: sleep: Avoid calling put_device() under dpm_list_mtx (stable-5.14.19). - mfd: dln2: Add cell for initializing DLN2 ADC (stable-5.14.19). - mm, oom: do not trigger out_of_memory from the #PF (stable-5.14.19). - mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks (stable-5.14.19). - io-wq: fix queue stalling race (stable-5.14.19). - io-wq: ensure that hash wait lock is IRQ disabling (stable-5.14.19). - commit 2a16894 - erofs: fix unsafe pagevec reuse of hooked pclusters (stable-5.14.19). - f2fs: fix UAF in f2fs_available_free_memory (stable-5.14.19). - f2fs: include non-compressed blocks in compr_written_block (stable-5.14.19). - dmaengine: ti: k3-udma: Set r/tchan or rflow to NULL if request fail (stable-5.14.19). - dmaengine: ti: k3-udma: Set bchan to NULL if a channel request fail (stable-5.14.19). - 9p/net: fix missing error check in p9_check_errors (stable-5.14.19). - memcg: prohibit unconditional exceeding the limit of dying tasks (stable-5.14.19). - net, neigh: Enable state migration between NUD_PERMANENT and NTF_USE (stable-5.14.19). - bpf, cgroup: Assign cgroup in cgroup_sk_alloc when called from interrupt (stable-5.14.19). - bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode (stable-5.14.19). - commit 77ed3ef - parisc: Flush kernel data mapping in set_pte_at() when installing pte for user page (stable-5.14.19). - parisc: Fix backtrace to always include init funtion names (stable-5.14.19). - ARM: 9156/1: drop cc-option fallbacks for architecture selection (stable-5.14.19). - posix-cpu-timers: Clear task::posix_cputimers_work in copy_process() (stable-5.14.19). - irqchip/sifive-plic: Fixup EOI failed when masked (stable-5.14.19). - x86/mce: Add errata workaround for Skylake SKX37 (stable-5.14.19). - f2fs: should use GFP_NOFS for directory inodes (stable-5.14.19). - KVM: x86: move guest_pv_has out of user_access section (stable-5.14.19). - MIPS: fix duplicated slashes for Platform file path (stable-5.14.19). - MIPS: Fix assembly error from MIPSr2 code used within MIPS_ISA_ARCH_LEVEL (stable-5.14.19). - commit 3c7edaf - ARM: 9155/1: fix early early_iounmap() (stable-5.14.19). - smb3: do not error on fsync when readonly (stable-5.14.19). - selftests/net: udpgso_bench_rx: fix port argument (stable-5.14.19). - cxgb4: fix eeprom len when diagnostics not implemented (stable-5.14.19). - net/smc: fix sk_refcnt underflow on linkdown and fallback (stable-5.14.19). - vsock: prevent unnecessary refcnt inc for nonblocking connect (stable-5.14.19). - net: marvell: mvpp2: Fix wrong SerDes reconfiguration order (stable-5.14.19). - net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory (stable-5.14.19). - net: stmmac: allow a tc-taprio base-time of zero (stable-5.14.19). - net/sched: sch_taprio: fix undefined behavior in ktime_mono_to_any (stable-5.14.19). - commit 8c81fc3 - drm/i915/fb: Fix rounding error in subsampled plane size calculation (stable-5.14.19). - net: dsa: mv88e6xxx: Don't support >1G speeds on 6191X on ports other than 10 (stable-5.14.19). - bpf, sockmap: sk_skb data_end access incorrect when src_reg = dst_reg (stable-5.14.19). - bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding (stable-5.14.19). - bpf, sockmap: Fix race in ingress receive verdict with redirect to self (stable-5.14.19). - bpf, sockmap: Remove unhash handler for BPF sockmap usage (stable-5.14.19). - dmaengine: stm32-dma: fix burst in case of unaligned memory address (stable-5.14.19). - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (stable-5.14.19). - arm64: arm64_ftr_reg->name may not be a human-readable string (stable-5.14.19). - seq_file: fix passing wrong private data (stable-5.14.19). - commit 32c9b55 - llc: fix out-of-bound array index in llc_sk_dev_hash() (stable-5.14.19). - selftests/bpf/xdp_redirect_multi: Limit the tests in netns (stable-5.14.19). - selftests/bpf/xdp_redirect_multi: Give tcpdump a chance to terminate cleanly (stable-5.14.19). - selftests/bpf/xdp_redirect_multi: Use arping to accurate the arp number (stable-5.14.19). - selftests/bpf/xdp_redirect_multi: Put the logs to tmp folder (stable-5.14.19). - libbpf: Fix lookup_and_delete_elem_flags error reporting (stable-5.14.19). - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (stable-5.14.19). - perf bpf: Add missing free to bpf_event__print_bpf_prog_info() (stable-5.14.19). - zram: off by one in read_block_state() (stable-5.14.19). - mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() (stable-5.14.19). - commit f072f92 - net: phy: fix duplex out of sync problem while changing settings (stable-5.14.19). - net: dsa: felix: fix broken VLAN-tagged PTP under VLAN-aware bridge (stable-5.14.19). - net: vlan: fix a UAF in vlan_dev_real_dev() (stable-5.14.19). - cpufreq: intel_pstate: Clear HWP desired on suspend/shutdown and offline (stable-5.14.19). - ataflop: remove ataflop_probe_lock mutex (stable-5.14.19). - nvdimm/btt: do not call del_gendisk() if not needed (stable-5.14.19). - block/ataflop: provide a helper for cleanup up an atari disk (stable-5.14.19). - block/ataflop: add registration bool before calling del_gendisk() (stable-5.14.19). - block/ataflop: use the blk_cleanup_disk() helper (stable-5.14.19). - net: dsa: tag_ocelot: break circular dependency with ocelot switch lib driver (stable-5.14.19). - commit e9a91d1 - scsi: target: core: Remove from tmr_list during LUN unlink (stable-5.14.19). - ethtool: fix ethtool msg len calculation for pause stats (stable-5.14.19). - kselftests/net: add missed icmp.sh test to Makefile (stable-5.14.19). - net: davinci_emac: Fix interrupt pacing disable (stable-5.14.19). - NFSv4: Fix a regression in nfs_set_open_stateid_locked() (stable-5.14.19). - ar7: fix kernel builds for compiler test (stable-5.14.19). - nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (stable-5.14.19). - nbd: fix max value for 'first_minor' (stable-5.14.19). - gpio: realtek-otto: fix GPIO line IRQ offset (stable-5.14.19). - openrisc: fix SMP tlb flush NULL pointer dereference (stable-5.14.19). - commit 26c19bd - m68k: set a default value for MEMORY_RESERVE (stable-5.14.19). - netfilter: nfnetlink_queue: fix OOB when mac header was cleared (stable-5.14.19). - Fix user namespace leak (stable-5.14.19). - NFS: Fix an Oops in pnfs_mark_request_commit() (stable-5.14.19). - NFS: Fix up commit deadlocks (stable-5.14.19). - NFS: Fix deadlocks in nfs_scan_commit_list() (stable-5.14.19). - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (stable-5.14.19). - signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL) (stable-5.14.19). - opp: Fix return in _opp_add_static_v2() (stable-5.14.19). - fs: orangefs: fix error return code of orangefs_revalidate_lookup() (stable-5.14.19). - commit a5e9684 - nfsd: don't alloc under spinlock in rpc_parse_scope_id (stable-5.14.19). - NFS: Fix dentry verifier races (stable-5.14.19). - NFS: Ignore the directory size when marking for revalidation (stable-5.14.19). - NFS: Don't set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA (stable-5.14.19). - NFS: Default change_attr_type to NFS4_CHANGE_TYPE_IS_UNDEFINED (stable-5.14.19). - powerpc: Don't provide __kernel_map_pages() without ARCH_SUPPORTS_DEBUG_PAGEALLOC (stable-5.14.19). - powerpc/xmon: fix task state output (stable-5.14.19). - powerpc/44x/fsp2: add missing of_node_put (stable-5.14.19). - powerpc/book3e: Fix set_memory_x() and set_memory_nx() (stable-5.14.19). - mips: cm: Convert to bitfield API to fix out-of-bounds access (stable-5.14.19). - commit efb3815 - powerpc/nohash: Fix __ptep_set_access_flags() and ptep_set_wrprotect() (stable-5.14.19). - powerpc/booke: Disable STRICT_KERNEL_RWX, DEBUG_PAGEALLOC and KFENCE (stable-5.14.19). - powerpc/perf: Fix cycles/instructions as PM_CYC/PM_INST_CMPL in power10 (stable-5.14.19). - arm64: dts: qcom: sdm845: Fix Qualcomm crypto engine bus clock (stable-5.14.19). - arm64: dts: qcom: pmi8994: Fix "eternal"->"external" typo in WLED node (stable-5.14.19). - ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15 (stable-5.14.19). - ARM: dts: stm32: fix SAI sub nodes register range (stable-5.14.19). - ARM: dts: stm32: fix STUSB1600 Type-C irq level on stm32mp15xx-dkx (stable-5.14.19). - ARM: dts: stm32: Reduce DHCOR SPI NOR frequency to 50 MHz (stable-5.14.19). - arm64: dts: qcom: sdm845: Use RPMH_CE_CLK macro directly (stable-5.14.19). - commit 84dab26 - powerpc: fix unbalanced node refcount in check_kvm_guest() (stable-5.14.19). - powerpc/mem: Fix arch/powerpc/mm/mem.c:53:12: error: no previous prototype for 'create_section_mapping' (stable-5.14.19). - MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT (stable-5.14.19). - iommu/dma: Fix arch_sync_dma for map (stable-5.14.19). - iommu/mediatek: Fix out-of-range warning with clang (stable-5.14.19). - arm64: dts: qcom: pm8916: Remove wrong reg-names for rtc@6000 (stable-5.14.19). - arm64: dts: qcom: msm8916: Fix Secondary MI2S bit clock (stable-5.14.19). - arm: dts: omap3-gta04a4: accelerometer irq fix (stable-5.14.19). - arm64: dts: renesas: beacon: Fix Ethernet PHY mode (stable-5.14.19). - JFS: fix memleak in jfs_mount (stable-5.14.19). - commit 99b404e - arm64: dts: qcom: sc7180: Base dynamic CPU power coefficients in reality (stable-5.14.19). - ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (stable-5.14.19). - arm64: dts: ti: j7200-main: Fix "bus-range" upto 256 bus number for PCIe (stable-5.14.19). - arm64: dts: ti: j7200-main: Fix "vendor-id"/"device-id" properties of pcie node (stable-5.14.19). - arm64: dts: ti: k3-j721e-main: Fix "bus-range" upto 256 bus number for PCIe (stable-5.14.19). - arm64: dts: ti: k3-j721e-main: Fix "max-virtual-functions" in PCIe EP nodes (stable-5.14.19). - ARM: dts: at91: tse850: the emac<->phy interface is rmii (stable-5.14.19). - arm64: dts: meson-sm1: Fix the pwm regulator supply properties (stable-5.14.19). - arm64: dts: meson-g12b: Fix the pwm regulator supply properties (stable-5.14.19). - arm64: dts: meson-g12a: Fix the pwm regulator supply properties (stable-5.14.19). - commit b60ffc0 - arm64: dts: broadcom: bcm4908: Fix UART clock name (stable-5.14.19). - ARM: dts: BCM5301X: Fix memory nodes names (stable-5.14.19). - arm64: dts: meson: sm1: add Ethernet PHY reset line for ODROID-C4/HC4 (stable-5.14.19). - arm64: dts: rockchip: Fix GPU register width for RK3328 (stable-5.14.19). - arm64: dts: rockchip: fix rk3568 mbi-alias (stable-5.14.19). - ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (stable-5.14.19). - cgroup: Fix rootcg cpu.stat guest double counting (stable-5.14.19). - bpf: Fix propagation of signed bounds from 64-bit min/max into 32-bit (stable-5.14.19). - bpf: Fix propagation of bounds from 64-bit min/max into 32-bit and var_off (stable-5.14.19). - skmsg: Lose offset info in sk_psock_skb_ingress (stable-5.14.19). - commit be707b7 - udp6: allow SO_MARK ctrl msg to affect routing (stable-5.14.19). - selftests: net: bridge: update IGMP/MLD membership interval value (stable-5.14.19). - net: bridge: fix uninitialized variables when BRIDGE_CFM is disabled (stable-5.14.19). - net: phylink: avoid mvneta warning when setting pause parameters (stable-5.14.19). - net: amd-xgbe: Toggle PLL settings during rate change (stable-5.14.19). - sctp: return true only for pathmtu update in sctp_transport_pl_toobig (stable-5.14.19). - sctp: subtract sctphdr len in sctp_transport_pl_hlen (stable-5.14.19). - sctp: reset probe_timer in sctp_transport_pl_update (stable-5.14.19). - sctp: allow IP fragmentation when PLPMTUD enters Error state (stable-5.14.19). - selftests/bpf: Fix fclose/pclose mismatch in test_progs (stable-5.14.19). - commit 97ce5c0 - cpufreq: intel_pstate: Fix cpu->pstate.turbo_freq initialization (stable-5.14.19). - KVM: s390: Fix handle_sske page fault handling (stable-5.14.19). - selftests/bpf: Fix memory leak in test_ima (stable-5.14.19). - selftests/bpf: Fix fd cleanup in sk_lookup test (stable-5.14.19). - bpf: Fixes possible race in update_prog_stats() for 32bit arches (stable-5.14.19). - libbpf: Fix endianness detection in BPF_CORE_READ_BITFIELD_PROBED() (stable-5.14.19). - tcp: don't free a FIN sk_buff in tcp_remove_empty_skb() (stable-5.14.19). - samples/kretprobes: Fix return value if register_kretprobe() failed (stable-5.14.19). - x86: Fix __get_wchan() for !STACKTRACE (stable-5.14.19). - blk-cgroup: synchronize blkg creation against policy deactivation (stable-5.14.19). - commit dd773f7 - blacklist.conf: remove 32bit bpf fix to be backported via stable-5.14.x - commit 94a93eb - ARM: 9142/1: kasan: work around LPAE build warning (stable-5.14.19). - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (stable-5.14.19). - KVM: s390: pv: avoid double free of sida page (stable-5.14.19). - s390/uv: fully validate the VMA before calling follow_page() (stable-5.14.19). - s390/mm: fix VMA and page table handling code in storage key handling functions (stable-5.14.19). - s390/mm: validate VMA in PGSTE manipulation functions (stable-5.14.19). - s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() (stable-5.14.19). - net: dsa: avoid refcount warnings when ->port_{fdb,mdb}_del returns error (stable-5.14.19). - irq: mips: avoid nested irq_enter() (stable-5.14.19). - block: ataflop: more blk-mq refactoring fixes (stable-5.14.19). - commit eea1624 - s390/gmap: validate VMA in __gmap_zap() (stable-5.14.19). - KVM: selftests: Fix nested SVM tests when built with clang (stable-5.14.19). - libbpf: Fix BTF header parsing checks (stable-5.14.19). - libbpf: Fix overflow in BTF sanity checks (stable-5.14.19). - bpftool: Avoid leaking the JSON writer prepared for program metadata (stable-5.14.19). - libbpf: Fix memory leak in btf__dedup() (stable-5.14.19). - smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi (stable-5.14.19). - x86/sev: Fix stack type check in vc_switch_off_ist() (stable-5.14.19). - clocksource/drivers/timer-ti-dm: Select TIMER_OF (stable-5.14.19). - nvme-rdma: fix error code in nvme_rdma_setup_ctrl (stable-5.14.19). - commit 69474bd - drm/msm: fix potential NULL dereference in cleanup (stable-5.14.19). - mt76: connac: fix possible NULL pointer dereference in mt76_connac_get_phy_mode_v2 (stable-5.14.19). - iwlwifi: pnvm: read EFI data only if long enough (stable-5.14.19). - iwlwifi: pnvm: don't kmemdup() more than we have (stable-5.14.19). - net: enetc: unmap DMA in enetc_send_cmd() (stable-5.14.19). - net: stream: don't purge sk_error_queue in sk_stream_kill_queues() (stable-5.14.19). - tcp: switch orphan_count to bare per-cpu counters (stable-5.14.19). - net: tulip: winbond-840: fix build for UML (stable-5.14.19). - nbd: Fix use-after-free in pid_show (stable-5.14.19). - block: ataflop: fix breakage introduced at blk-mq refactoring (stable-5.14.19). - commit 1dcb6ba - cpuidle: Fix kobject memory leaks in error paths (stable-5.14.19). - netfilter: nft_dynset: relax superfluous check on set updates (stable-5.14.19). - net: fealnx: fix build for UML (stable-5.14.19). - net, neigh: Fix NTF_EXT_LEARNED in combination with NTF_USE (stable-5.14.19). - libbpf: Fix skel_internal.h to set errno on loader retval < 0 (stable-5.14.19). - rcu: Always inline rcu_dynticks_task*_{enter,exit}() (stable-5.14.19). - scs: Release kasan vmalloc poison in scs_free process (stable-5.14.19). - x86/insn: Use get_unaligned() instead of memcpy() (stable-5.14.19). - EDAC/amd64: Handle three rank interleaving mode (stable-5.14.19). - IMA: block writes of the security.ima xattr with unsupported algorithms (stable-5.14.19). - commit 9a66afb - cgroup: Make rebind_subsystems() disable v2 controllers all at once (stable-5.14.19). - net: dsa: rtl8366: Fix a bug in deleting VLANs (stable-5.14.19). - net: dsa: rtl8366rb: Fix off-by-one bug (stable-5.14.19). - rxrpc: Fix _usecs_to_jiffies() by using usecs_to_jiffies() (stable-5.14.19). - net: phylink: don't call netif_carrier_off() with NULL netdev (stable-5.14.19). - net: net_namespace: Fix undefined member in key_remove_domain() (stable-5.14.19). - MIPS: lantiq: dma: fix burst length for DEU (stable-5.14.19). - arm64: mm: update max_pfn after memory hotplug (stable-5.14.19). - objtool: Handle __sanitize_cov*() tail calls (stable-5.14.19). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (stable-5.14.19). - commit cd1e662 - selftests/bpf: Fix strobemeta selftest regression (stable-5.14.19). - netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream state (stable-5.14.19). - libbpf: Don't crash on object files with no symbol tables (stable-5.14.19). - rcu: Fix existing exp request check in sync_sched_exp_online_cleanup() (stable-5.14.19). - parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling (stable-5.14.19). - parisc/unwind: fix unwinder when CONFIG_64BIT is enabled (stable-5.14.19). - task_stack: Fix end_of_stack() for architectures with upwards-growing stack (stable-5.14.19). - parisc: fix warning in flush_tlb_all (stable-5.14.19). - perf/x86/intel: Fix ICL/SPR INST_RETIRED.PREC_DIST encodings (stable-5.14.19). - erofs: don't trigger WARN() when decompression fails (stable-5.14.19). - commit 4c6d157 - selftests/core: fix conflicting types compile error for close_range() (stable-5.14.19). - drm/amd/display: dcn20_resource_construct reduce scope of FPU enabled (stable-5.14.19). - x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted (stable-5.14.19). - Revert "wcn36xx: Enable firmware link monitoring" (stable-5.14.19). - wcn36xx: Fix packet drop on resume (stable-5.14.19). - wcn36xx: Correct band/freq reporting on RX (stable-5.14.19). - ftrace: do CPU checking after preemption disabled (stable-5.14.19). - spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (stable-5.14.19). - btrfs: do not take the uuid_mutex in btrfs_rm_device (stable-5.14.19). - btrfs: reflink: initialize return value to 0 in btrfs_extent_same() (stable-5.14.19). - commit 2eabf0b - ACPI: AC: Quirk GK45 to skip reading _PSR (stable-5.14.19). - ACPI: resources: Add one more Medion model in IRQ override quirk (stable-5.14.19). - gfs2: Fix glock_hash_walk bugs (stable-5.14.19). - gfs2: Cancel remote delete work asynchronously (stable-5.14.19). - ARM: 9136/1: ARMv7-M uses BE-8, not BE-32 (stable-5.14.19). - net: annotate data-race in neigh_output() (stable-5.14.19). - vrf: run conntrack only in context of lower/physdev for locally generated packets (stable-5.14.19). - can: bittiming: can_fixup_bittiming(): change type of tseg1 and alltseg to unsigned int (stable-5.14.19). - gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE (stable-5.14.19). - tools/latency-collector: Use correct size when writing queue_full_warning (stable-5.14.19). - commit fa88a36 - selftests: kvm: fix mismatched fclose() after popen() (stable-5.14.19). - selftests/bpf: Fix perf_buffer test on system with offline cpus (stable-5.14.19). - iwlwifi: mvm: disable RX-diversity in powersave (stable-5.14.19). - ARM: clang: Do not rely on lr register for stacktrace (stable-5.14.19). - smackfs: use __GFP_NOFAIL for smk_cipso_doi() (stable-5.14.19). - arm64: vdso32: suppress error message for 'make mrproper' (stable-5.14.19). - nvme: drop scan_lock and always kick requeue list when removing namespaces (stable-5.14.19). - nvmet-tcp: fix use-after-free when a port is removed (stable-5.14.19). - nvmet-rdma: fix use-after-free when a port is removed (stable-5.14.19). - nvmet: fix use-after-free when a port is removed (stable-5.14.19). - commit 67aba3b - drm/amdgpu/pm: properly handle sclk for profiling modes on vangogh (stable-5.14.19). - workqueue: make sysfs of unbound kworker cpumask more clever (stable-5.14.19). - mt76: mt7915: fix an off-by-one bound check (stable-5.14.19). - iwlwifi: change all JnP to NO-160 configuration (stable-5.14.19). - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (stable-5.14.19). - tracing/cfi: Fix cmp_entries_* functions signature mismatch (stable-5.14.19). - media: allegro: ignore interrupt if mailbox is not initialized (stable-5.14.19). - lib/xz: Validate the value before assigning it to an enum variable (stable-5.14.19). - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (stable-5.14.19). - block: remove inaccurate requeue check (stable-5.14.19). - commit c9c6f49 - thermal/core: Fix null pointer dereference in thermal_release() (stable-5.14.19). - Refresh patches.suse/thermal-core-fix-a-UAF-bug-in-__thermal_cooling_devi.patch. - commit 0f45953 - drm/msm: prevent NULL dereference in msm_gpu_crashstate_capture() (stable-5.14.19). - drm/amdkfd: fix resume error when iommu disabled in Picasso (stable-5.14.19). - drm/amd/display: fix null pointer deref when plugging in display (stable-5.14.19). - thermal/drivers/tsens: Add timeout to get_temp_tsens_valid (stable-5.14.19). - net: phy: micrel: make *-skew-ps check more lenient (stable-5.14.19). - memstick: r592: Fix a UAF bug when removing the driver (stable-5.14.19). - md: update superblock after changing rdev flags in state_store (stable-5.14.19). - floppy: fix calling platform_device_unregister() on invalid drives (stable-5.14.19). - block: bump max plugged deferred size from 16 to 32 (stable-5.14.19). - commit b6ec3a2 - drm/amdkfd: rm BO resv on validation to avoid deadlock (stable-5.14.19). - ACPI: battery: Accept charges over the design capacity as full (stable-5.14.19). - ACPI: scan: Release PM resources blocked by unused objects (stable-5.14.19). - iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value (stable-5.14.19). - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (stable-5.14.19). - net-sysfs: try not to restart the syscall if it will fail eventually (stable-5.14.19). - tracing: Disable "other" permission bits in the tracefs files (stable-5.14.19). - tracefs: Have tracefs directories not set OTH permission bits by default (stable-5.14.19). - mmc: moxart: Fix reference count leaks in moxart_probe (stable-5.14.19). - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (stable-5.14.19). - commit c6cab2b - cpufreq: Make policy min/max hard requirements (stable-5.14.19). - ACPICA: Avoid evaluating methods too early during system resume (stable-5.14.19). - brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (stable-5.14.19). - rtw88: fix RX clock gate setting while fifo dump (stable-5.14.19). - ipmi: Disable some operations during a panic (stable-5.14.19). - media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (stable-5.14.19). - media: ipu3-imgu: imgu_fmt: Handle properly try (stable-5.14.19). - media: imx-jpeg: Fix possible null pointer dereference (stable-5.14.19). - media: rcar-csi2: Add checking to rcsi2_start_receiver() (stable-5.14.19). - kselftests/sched: cleanup the child processes (stable-5.14.19). - commit 2879ff0 - ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK (stable-5.14.19). - media: mceusb: return without resubmitting URB in case of - EPROTO error (stable-5.14.19). - media: rcar-vin: Use user provided buffers when starting (stable-5.14.19). - media: imx: set a media_device bus_info string (stable-5.14.19). - media: videobuf2: rework vb2_mem_ops API (stable-5.14.19). - media: s5p-mfc: Add checking to s5p_mfc_probe() (stable-5.14.19). - media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (stable-5.14.19). - media: vidtv: Fix memory leak in remove (stable-5.14.19). - media: uvcvideo: Set unique vdev name based in type (stable-5.14.19). - media: uvcvideo: Return -EIO for control errors (stable-5.14.19). - commit 36aa6fb - ath10k: high latency fixes for beacon buffer (stable-5.14.19). - ath11k: Change DMA_FROM_DEVICE to DMA_TO_DEVICE when map reinjected packets (stable-5.14.19). - ath11k: add handler for scan event WMI_SCAN_EVENT_DEQUEUED (stable-5.14.19). - ath11k: Avoid reg rules update during firmware recovery (stable-5.14.19). - octeontx2-pf: Enable promisc/allmulti match MCAM entries (stable-5.14.19). - media: uvcvideo: Set capability in s_param (stable-5.14.19). - media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (stable-5.14.19). - media: atomisp: Fix error handling in probe (stable-5.14.19). - media: netup_unidvb: handle interrupt properly according to the firmware (stable-5.14.19). - media: mt9p031: Fix corrupted frame after restarting stream (stable-5.14.19). - commit 23c0bf6 - drm/amd/display: Fix null pointer dereference for encoders (stable-5.14.19). - drm/amdgpu: Fix MMIO access page fault (stable-5.14.19). - x86: Increase exception stack sizes (stable-5.14.19). - mwifiex: Properly initialize private structure on interface type changes (stable-5.14.19). - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (stable-5.14.19). - selftests: net: fib_nexthops: Wait before checking reported idle time (stable-5.14.19). - crypto: aesni - check walk.nbytes instead of err (stable-5.14.19). - spi: Check we have a spi_device_id for each DT compatible (stable-5.14.19). - fscrypt: allow 256-bit master keys with AES-256-XTS (stable-5.14.19). - commit da16a21 - platform/x86: wmi: do not fail if disabling fails (stable-5.14.19). - ACPI: resources: Add DMI-based legacy IRQ override quirk (stable-5.14.19). - ath11k: Align bss_chan_info structure with firmware (stable-5.14.19). - net: sched: update default qdisc visibility after Tx queue cnt changes (stable-5.14.19). - MIPS: lantiq: dma: reset correct number of channel (stable-5.14.19). - MIPS: lantiq: dma: add small delay after reset (stable-5.14.19). - rcutorture: Avoid problematic critical section nesting on PREEMPT_RT (stable-5.14.19). - rcu-tasks: Move RTGS_WAIT_CBS to beginning of rcu_tasks_kthread() loop (stable-5.14.19). - smackfs: Fix use-after-free in netlbl_catmap_walk() (stable-5.14.19). - locking/lockdep: Avoid RCU-induced noinstr fail (stable-5.14.19). - commit 2c9b87d - cifs: set a minimum of 120s for next dns resolution (stable-5.14.19). - coresight: trbe: Defer the probe on offline CPUs (stable-5.14.19). - coresight: trbe: Fix incorrect access of the sink specific data (stable-5.14.19). - coresight: cti: Correct the parameter for pm_runtime_put (stable-5.14.19). - drm/panel-orientation-quirks: add Valve Steam Deck (stable-5.14.19). - drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (stable-5.14.19). - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (stable-5.14.19). - drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (stable-5.14.19). - dma-buf: WARN on dmabuf release with pending attachments (stable-5.14.19). - Bluetooth: fix use-after-free error in lock_sock_nested() (stable-5.14.19). - commit bd4d6ec - KVM: nVMX: Handle dynamic MSR intercept toggling (stable-5.14.19). - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (stable-5.14.19). - ring-buffer: Protect ring_buffer_reset() from reentrancy (stable-5.14.19). - xen/balloon: add late_initcall_sync() for initial ballooning done (stable-5.14.19). - ovl: fix use after free in struct ovl_aio_req (stable-5.14.19). - cifs: To match file servers, make sure the server hostname matches (stable-5.14.19). - quota: correct error number in free_dqentry() (stable-5.14.19). - quota: check block number when reading the block in quota file (stable-5.14.19). - powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found (stable-5.14.19). - ifb: fix building without CONFIG_NET_CLS_ACT (stable-5.14.19). - commit f46c787 - KVM: arm64: Extract ESR_ELx.EC only (stable-5.14.19). - KVM: x86: Add helper to consolidate core logic of SET_CPUID{2} flows (stable-5.14.19). - KVM: x86: Fix recording of guest steal time / preempted status (stable-5.14.19). - signal/mips: Update (_save|_restore)_fp_context to fail with - EFAULT (stable-5.14.19). - signal: Remove the bogus sigkill_pending in ptrace_stop (stable-5.14.19). - libata: fix checking of DMA state (stable-5.14.19). - wcn36xx: handle connection loss indication (stable-5.14.19). - perf/x86/intel/uncore: Fix Intel ICX IIO event constraints (stable-5.14.19). - perf/x86/intel/uncore: Fix invalid unit check (stable-5.14.19). - perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server (stable-5.14.19). - commit 3bc363d - HID: surface-hid: Allow driver matching for target ID 1 devices (stable-5.14.19). - HID: surface-hid: Use correct event registry for managing HID events (stable-5.14.19). - platform/surface: aggregator_registry: Add support for Surface Laptop Studio (stable-5.14.19). - evm: mark evm_fixmode as __ro_after_init (stable-5.14.19). - ifb: Depend on netfilter alternatively to tc (stable-5.14.19). - mt76: mt7615: fix skb use-after-free on mac reset (stable-5.14.19). - mwifiex: Try waking the firmware until we get an interrupt (stable-5.14.19). - mwifiex: Read a PCI register after writing the TX ring write pointer (stable-5.14.19). - selinux: fix race condition when computing ocontext SIDs (stable-5.14.19). - md/raid1: only allocate write behind bio for WriteMostly device (stable-5.14.19). - commit f47bd03 - KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ handling (stable-5.14.19). - KVM: VMX: Unregister posted interrupt wakeup handler on hardware unsetup (stable-5.14.19). - ia64: kprobes: Fix to pass correct trampoline address to the handler (stable-5.14.19). - btrfs: clear MISSING device status bit in btrfs_close_one_device (stable-5.14.19). - btrfs: call btrfs_check_rw_degradable only if there is a missing device (stable-5.14.19). - btrfs: fix lost error handling when replaying directory deletes (stable-5.14.19). - tools/testing/selftests/vm/split_huge_page_test.c: fix application of sizeof to pointer (stable-5.14.19). - net/smc: Correct spelling mistake to TCPF_SYN_RECV (stable-5.14.19). - net/smc: Fix smc_link->llc_testlink_time overflow (stable-5.14.19). - nfp: bpf: relax prog rejection for mtu check through max_pkt_offset (stable-5.14.19). - commit 602c6fc - nvmet-tcp: fix header digest verification (stable-5.14.19). - nvmet-tcp: fix a memory leak when releasing a queue (stable-5.14.19). - block: schedule queue restart after BLK_STS_ZONE_RESOURCE (stable-5.14.19). - drm: panel-orientation-quirks: Add quirk for GPD Win3 (stable-5.14.19). - vmxnet3: do not stop tx queues after netif_device_detach() (stable-5.14.19). - r8169: Add device 10ec:8162 to driver r8169 (stable-5.14.19). - net: multicast: calculate csum of looped-back and forwarded packets (stable-5.14.19). - xen/netfront: stop tx queues during live migration (stable-5.14.19). - spi: spl022: fix Microwire full duplex mode (stable-5.14.19). - watchdog: Fix OMAP watchdog early handling (stable-5.14.19). - commit 5cebf2b - mmc: winbond: don't build on M68K (stable-5.14.19). - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (stable-5.14.19). - bpf: Prevent increasing bpf_jit_limit above max (stable-5.14.19). - bpf: Define bpf_jit_alloc_exec_limit for arm64 JIT (stable-5.14.19). - bpf: Define bpf_jit_alloc_exec_limit for riscv JIT (stable-5.14.19). - fcnal-test: kill hanging ping/nettest binaries on cleanup (stable-5.14.19). - spi: altera: Change to dynamic allocation of spi id (stable-5.14.19). - reset: socfpga: add empty driver allowing consumers to probe (stable-5.14.19). - ARM: dts: sun7i: A20-olinuxino-lime2: Fix ethernet phy-mode (stable-5.14.19). - sfc: Don't use netif_info before net_device setup (stable-5.14.19). - commit 1834fb0 - scsi: qla2xxx: Fix unmap of already freed sgl (stable-5.14.19). - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (stable-5.14.19). - sfc: Export fibre-specific supported link modes (stable-5.14.19). - cavium: Fix return values of the probe function (stable-5.14.19). - mISDN: Fix return values of the probe function (stable-5.14.19). - cavium: Return negative value when pci_alloc_irq_vectors() fails (stable-5.14.19). - net: mscc: ocelot: Add of_node_put() before goto (stable-5.14.19). - net: sparx5: Add of_node_put() before goto (stable-5.14.19). - ptp: fix error print of ptp_kvm on X86_64 platform (stable-5.14.19). - ASoC: cs42l42: Ensure 0dB full scale volume is used for headsets (stable-5.14.19). - commit b649fea - ext4: refresh the ext4_ext_path struct after dropping i_data_sem (stable-5.14.19). - ext4: ensure enough credits in ext4_ext_shift_path_extents (stable-5.14.19). - ext4: fix lazy initialization next schedule time computation in more granular unit (stable-5.14.19). - x86/irq: Ensure PI wakeup handler is unregistered before module unload (stable-5.14.19). - x86/iopl: Fake iopl(3) CLI/STI usage (stable-5.14.19). - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (stable-5.14.19). - parisc: Fix ptrace check on syscall return (stable-5.14.19). - x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (stable-5.14.19). - ASoC: soc-core: fix null-ptr-deref in snd_soc_del_component_unlocked() (stable-5.14.19). - KVM: arm64: Report corrupted refcount at EL2 (stable-5.14.19). - commit e87c1d0 - ce/gf100: fix incorrect CE0 address calculation on some GPUs (stable-5.14.19). - Input: elantench - fix misreporting trackpoint coordinates (stable-5.14.19). - libata: fix read log timeout value (stable-5.14.19). - ocfs2: fix data corruption on truncate (stable-5.14.19). - usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (stable-5.14.19). - mmc: dw_mmc: Dont wait for DRTO on Write RSP error (stable-5.14.19). - mmc: mtk-sd: Add wait dma stop done flow (stable-5.14.19). - parisc: Fix set_fixmap() on PA1.x CPUs (stable-5.14.19). - exfat: fix incorrect loading of i_blocks for large files (stable-5.14.19). - commit d3aead9 - Update patch references for stable-5.14.19 - commit 0013369 - bpf: Disallow unprivileged bpf by default (jsc#SLE-22575). - commit 1dfa117 - Move upstreamed input patch into sorted section - commit 6ef8342 - Input: i8042 - Add deferred probe support (bsc#1190256). - commit 0a16328 - iscsi_ibft: Fix isa_bus_to_virt not working under ARM (bsc#1191540). - iscsi_ibft: fix crash due to KASLR physical memory remapping (bsc#1191540). - commit 64cab0a ++++ util-linux: - Update to version 2.37.2: * No longer uses Groff to maintain man-pages. * New implementation of hardlink. * lscpu reimplemented. * uclampset: new util to manipulate the utilization clamping attributes of the system or a process. * hexdump automatically uses -C when called as "hd". * dmesg supports new command-line options --since and --until. * findmnt supports new command-line options --shadowed to print only filesystems over-mounted by another filesystem. * mount supports --read-only command-line option for non-root users too. * umount(8) can umount also all over-mounted filesystems (more filesystems on the the same mount point) when executed with - -recursive. * libfdisk (and fdisk, sfdisk, cfdisk) supports partition type names on input, ignoring the case of the characters and all non-alphanumeric and non-digit characters in the name (e.g. type="Linux /usr x86" is the same as type="linux usr-x86" for sfdisk). * libmount no longer contains a workaround to detect inconsistent /proc/self/mountinfo reads. * libblkid supports "probing hints" now. The hints are the optional way how to force probing functions to check for example another location -- for example specific session on multi-session UDF. The command blkid(8) supports this functionality with a new --hint option. The library has been also extended to support others ISO9660 and UDF identifiers. * blkzone provides a new "capacity" command. * cfdisk is possible to start in read-only mode by a new command-line option --read-only * lsblk provides new columns FSROOTS, and MOUNTPOINTS. The column MOUNTPOINTS is used in the default output now and this new column prints all mount points where the device is used (btrfs subvolumes, bind mounts, etc). * losetup uses LOOP_CONFIG ioctl now. * column supports a new command-line option --table-columns-limit to specify a maximal number of the input columns. The last column will contain all remaining line data if the limit is smaller than the number of the columns in the input data. * Obsoletes util-linux-ipcs-shmall-overflow-1.patch, util-linux-ipcs-shmall-overflow-2.patch, util-linux-ipcs-shmall-overflow-ts.patch, util-linux-ipcutils-overflow-CVE-2021-37600.patch. * Many other new features and fixes. For the complete list see https://www.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37-ReleaseNotes https://www.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.1-ReleaseNotes https://www.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.2-ReleaseNotes - Update util-linux-login_defs-check.sh and login_defs-support-for-util-linux to version 2.37 (new variable LOGIN_KEEP_USERNAME). - INCOMPATIBLE CHANGE: Remove the raw utility altogether, as it is not even built any more with the latest kernel. ++++ libglvnd: - Disable asm on aarch64 Tumbleweed due to issue with BTI - boo#1188928 ++++ systemd: - Enable systemd-experimental sub-package again, rpmlint should have been updated. ++++ libvirt: - spec: Weaken apparmor-abstractions dependency to Recommends bsc#1192119 ++++ shadow: - shadow-util-linux.patch: * Add support for LOGIN_KEEP_USERNAME from util-linux >= 2.37. - Refresh shadow-login_defs-suse.patch. ++++ supportutils: - Merged Include udev rules in /lib/udev/rules.d/ #113 - Merged Move localmessage/warm logs out of messages.txt to new localwarn.txt #87 ++++ systemd-rpm-macros: - Bump version to 9 - Introduce %_systemd_util_dir It's a backport of upstream commit 3bc66bfa0136e370a8f7b06c3b69a52f5636ef82. ++++ timezone: - timezone update 2021e (bsc#1177460): * Palestine will fall back 10-29 (not 10-30) at 01:00 - timezone update 2021d: * Fiji suspends DST for the 2021/2022 season * 'zic -r' marks unspecified timestamps with "-00" - timezone update 2021c: * Revert almost all of 2021b's changes to the 'backward' file * Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - timezone update 2021b: * Jordan now starts DST on February's last Thursday. * Samoa no longer observes DST. * Move some backward-compatibility links to 'backward'. * Rename Pacific/Enderbury to Pacific/Kanton. * Correct many pre-1993 transitions in Malawi, Portugal, etc. * zic now creates each output file or link atomically. * zic -L no longer omits the POSIX TZ string in its output. * zic fixes for truncation and leap second table expiration. * zic now follows POSIX for TZ strings using all-year DST. * Fix some localtime crashes and bugs in obscure cases. * zdump -v now outputs more-useful boundary cases. * tzfile.5 better matches a draft successor to RFC 8536. - Refresh tzdata-china.patch ++++ util-linux-systemd: - Update to version 2.37.2: * No longer uses Groff to maintain man-pages. * New implementation of hardlink. * lscpu reimplemented. * uclampset: new util to manipulate the utilization clamping attributes of the system or a process. * hexdump automatically uses -C when called as "hd". * dmesg supports new command-line options --since and --until. * findmnt supports new command-line options --shadowed to print only filesystems over-mounted by another filesystem. * mount supports --read-only command-line option for non-root users too. * umount(8) can umount also all over-mounted filesystems (more filesystems on the the same mount point) when executed with - -recursive. * libfdisk (and fdisk, sfdisk, cfdisk) supports partition type names on input, ignoring the case of the characters and all non-alphanumeric and non-digit characters in the name (e.g. type="Linux /usr x86" is the same as type="linux usr-x86" for sfdisk). * libmount no longer contains a workaround to detect inconsistent /proc/self/mountinfo reads. * libblkid supports "probing hints" now. The hints are the optional way how to force probing functions to check for example another location -- for example specific session on multi-session UDF. The command blkid(8) supports this functionality with a new --hint option. The library has been also extended to support others ISO9660 and UDF identifiers. * blkzone provides a new "capacity" command. * cfdisk is possible to start in read-only mode by a new command-line option --read-only * lsblk provides new columns FSROOTS, and MOUNTPOINTS. The column MOUNTPOINTS is used in the default output now and this new column prints all mount points where the device is used (btrfs subvolumes, bind mounts, etc). * losetup uses LOOP_CONFIG ioctl now. * column supports a new command-line option --table-columns-limit to specify a maximal number of the input columns. The last column will contain all remaining line data if the limit is smaller than the number of the columns in the input data. * Obsoletes util-linux-ipcs-shmall-overflow-1.patch, util-linux-ipcs-shmall-overflow-2.patch, util-linux-ipcs-shmall-overflow-ts.patch, util-linux-ipcutils-overflow-CVE-2021-37600.patch. * Many other new features and fixes. For the complete list see https://www.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37-ReleaseNotes https://www.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.1-ReleaseNotes https://www.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.2-ReleaseNotes - Update util-linux-login_defs-check.sh and login_defs-support-for-util-linux to version 2.37 (new variable LOGIN_KEEP_USERNAME). - INCOMPATIBLE CHANGE: Remove the raw utility altogether, as it is not even built any more with the latest kernel. ------------------------------------------------------------------ ------------------ 2021-11-16 - Nov 16 2021 ------------------- ------------------------------------------------------------------ ++++ afterburn: - No reason to exclude armv7, since it builds properly ++++ kernel-default: - Updated git-fix to remove uncalled function, fixing merge. This fixes: > Changed build warnings: > ***** 1 warnings ***** > * unused-function (ufshcd_send_request_sense) in ../drivers/scsi/ufs/ufshcd.c > ../drivers/scsi/ufs/ufshcd.c:8449:1: warning: 'ufshcd_send_request_sense' defined but not used [-Wunused-function] - commit 7e447e5 - powerps/pseries/dma: Add support for 2M IOMMU page size (jsc#SLE-19556). - commit 23aad36 - net: ethernet: ti: Move devlink registration to be last devlink command (jsc#SLE-19253). - commit 2ddcb3f - workqueue: fix state-dump console deadlock (bsc#1192750). - commit 25dc8d6 - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745). - commit 778cf29 - random: fix crash on multiple early calls to add_bootloader_randomness() (bsc#1184924) - commit d0015c2 - PCI: Coalesce host bridge contiguous apertures (jsc#SLE-19359). - commit ef3ff2c - PCI/sysfs: Return -EINVAL consistently from "store" functions (git-fixes). - commit e4fd4ba - PCI/sysfs: Check CAP_SYS_ADMIN before parsing user input (git-fixes). - commit 0da7e42 - PCI: ACPI: Drop acpi_pci_bus (git-fixes). - commit 2ffd6b1 - PCI: Rename pcibios_add_device() to pcibios_device_add() (git-fixes). - commit 8247513 - PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes). - commit 23e2a05 - PCI/P2PDMA: Apply bus offset correctly in DMA address calculation (git-fixes). - commit fb136b8 - ice: support basic E-Switch mode control (jsc#SLE-18375). - Update config files. - commit d25f447 - devlink: Set device as early as possible (jsc#SLE-19253). - Refresh patches.suse/net-hns3-remove-always-exist-devlink-pointer-check.patch. - commit 332e4ab - net/mlx5: Lag, fix a potential Oops with mlx5_lag_create_definer() (jsc#SLE-19253). - net: hns3: allow configure ETS bandwidth of all TCs (bsc#1190336). - net: hns3: remove check VF uc mac exist when set by PF (bsc#1190336). - net: hns3: fix some mac statistics is always 0 in device version V2 (bsc#1190336). - net: hns3: fix kernel crash when unload VF while it is being reset (bsc#1190336). - net: hns3: sync rx ring head in echo common pull (bsc#1190336). - net: hns3: fix pfc packet number incorrect after querying pfc parameters (bsc#1190336). - net: hns3: fix ROCE base interrupt vector initialization bug (bsc#1190336). - net: hns3: fix failed to add reuse multicast mac addr to hardware when mc mac table is full (bsc#1190336). - net: hisilicon: fix hsn3_ethtool kernel-doc warnings (bsc#1190336). - ice: Fix race conditions between virtchnl handling and VF ndo ops (jsc#SLE-18375). - ice: Fix not stopping Tx queues for VFs (jsc#SLE-18375). - ice: Fix replacing VF hardware MAC to existing MAC filter (jsc#SLE-18375). - ice: Remove toggling of antispoof for VF trusted promiscuous mode (jsc#SLE-18375). - ice: Fix VF true promiscuous mode (jsc#SLE-18375). - bnxt_en: avoid newline at end of message in NL_SET_ERR_MSG_MOD (jsc#SLE-18978). - net: hns3: use dev_driver_string() instead of pci_dev->driver->name (bsc#1190336). - RDMA/core: Require the driver to set the IOVA correctly during rereg_mr (jsc#SLE-19249). - RDMA/bnxt_re: Remove unsupported bnxt_re_modify_ah callback (jsc#SLE-18977). - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (jsc#SLE-18998). - RDMA/hns: Modify the value of MAX_LP_MSG_LEN to meet hardware compatibility (bsc#1190336). - RDMA/hns: Fix initial arm_st of CQ (bsc#1190336). - RDMA/irdma: optimize rx path by removing unnecessary copy (jsc#SLE-18383). - RDMA/hns: Use the core code to manage the fixed mmap entries (bsc#1190336). - IB/opa_vnic: Rebranding of OPA VNIC driver to Cornelis Networks (jsc#SLE-19242). - IB/qib: Rebranding of qib driver to Cornelis Networks (jsc#SLE-19242). - IB/hfi1: Rebranding of hfi1 driver to Cornelis Networks (jsc#SLE-19242). - RDMA/bnxt_re: Use helper function to set GUIDs (jsc#SLE-18977). - RDMA/bnxt_re: Fix kernel panic when trying to access bnxt_re_stat_descs (jsc#SLE-18977). - RDMA/rxe: Make rxe_type_info static const (jsc#SLE-19249). - RDMA/rxe: Use 'bitmap_zalloc()' when applicable (jsc#SLE-19249). - RDMA/rxe: Save a few bytes from struct rxe_pool (jsc#SLE-19249). - RDMA/irdma: Remove the unused variable local_qp (jsc#SLE-18383). - RDMA/core: Fix missed initialization of rdma_hw_stats::lock (jsc#SLE-19249). - RDMA/efa: Add support for dmabuf memory regions (jsc#SLE-19249). - RDMA/umem: Allow pinned dmabuf umem usage (jsc#SLE-19249). - RDMA/qedr: Remove unsupported qedr_resize_cq callback (jsc#SLE-18998). - RDMA/irdma: Remove the unused spin lock in struct irdma_qp_uk (jsc#SLE-18383). - RDMA/mlx5: Use dev_addr_mod() (jsc#SLE-19250). - RDMA/ipoib: Use dev_addr_mod() (jsc#SLE-19249). - RDMA/mlx5: fix build error with INFINIBAND_USER_ACCESS=n (jsc#SLE-19249). - RDMA/core: Use kvzalloc when allocating the struct ib_port (jsc#SLE-19249). - RDMA/irdma: Make irdma_uk_cq_init() return a void (jsc#SLE-18383). - RDMA/rxe: Convert kernel UD post send to use ah_num (jsc#SLE-19249). - RDMA/rxe: Lookup kernel AH from ah index in UD WQEs (jsc#SLE-19249). - RDMA/rxe: Replace ah->pd by ah->ibah.pd (jsc#SLE-19249). - RDMA/rxe: Create AH index and return to user space (jsc#SLE-19249). - RDMA/rxe: Change AH objects to indexed (jsc#SLE-19249). - RDMA/rxe: Move AV from rxe_send_wqe to rxe_send_wr (jsc#SLE-19249). - RDMA/mlx4: Return missed an error if device doesn't support steering (jsc#SLE-19249). - RDMA/irdma: Remove irdma_cqp_up_map_cmd() (jsc#SLE-18383). - RDMA/irdma: Remove irdma_get_hw_addr() (jsc#SLE-18383). - RDMA/irdma: Remove irdma_sc_send_lsmm_nostag() (jsc#SLE-18383). - RDMA/irdma: Remove irdma_uk_mw_bind() (jsc#SLE-18383). - RDMA: Remove redundant 'flush_workqueue()' calls (jsc#SLE-19249). - RDMA/iwpm: Remove redundant initialization of pointer err_str (jsc#SLE-19249). - RDMA/hns: Use dma_alloc_coherent() instead of kmalloc/dma_map_single() (bsc#1190336). - RDMA/mlx5: Add optional counter support in get_hw_stats callback (jsc#SLE-19249). - RDMA/mlx5: Add modify_op_stat() support (jsc#SLE-19249). - RDMA/mlx5: Add steering support in optional flow counters (jsc#SLE-19249). - RDMA/mlx5: Support optional counters in hw_stats initialization (jsc#SLE-19249). - RDMA/nldev: Allow optional-counter status configuration through RDMA netlink (jsc#SLE-19249). - RDMA/nldev: Split nldev_stat_set_mode_doit out of nldev_stat_set_doit (jsc#SLE-19249). - RDMA/nldev: Add support to get status of all counters (jsc#SLE-19249). - RDMA/counter: Add optional counter support (jsc#SLE-19249). - RDMA/counter: Add an is_disabled field in struct rdma_hw_stats (jsc#SLE-19249). - RDMA/core: Add a helper API rdma_free_hw_stats_struct (jsc#SLE-19249). - RDMA/counter: Add a descriptor in struct rdma_hw_stats (jsc#SLE-19249). - RDMA/efa: CQ notifications (jsc#SLE-19249). - RDMA/rxe: Remove duplicate settings (jsc#SLE-19249). - RDMA/rxe: Set partial attributes when completion status != IBV_WC_SUCCESS (jsc#SLE-19249). - RDMA/rxe: Change the is_user member of struct rxe_cq to bool (jsc#SLE-19249). - RDMA/rxe: Remove the is_user members of struct rxe_sq/rxe_rq/rxe_srq (jsc#SLE-19249). - RDMA/irdma: Delete unused struct irdma_bth (jsc#SLE-18383). - IB/hf1: Use string_upper() instead of an open coded variant (jsc#SLE-19242). - RDMA/rw: switch to dma_map_sgtable() (jsc#SLE-19249). - RDMA/mlx5: Avoid taking MRs from larger MR cache pools when a pool is empty (jsc#SLE-19250). - RDMA/rtrs-clt: Follow "one entry one value" rule for IO migration stats (jsc#SLE-19249). - RDMA/rtrs: Do not allow sessname to contain special symbols / and (jsc#SLE-19249). - RDMA/rtrs: Introduce destroy_cq helper (jsc#SLE-19249). - RDMA/rtrs: Replace duplicate check with is_pollqueue helper (jsc#SLE-19249). - RDMA/rtrs: Fix warning when use poll mode on client side (jsc#SLE-19249). - RDMA/rtrs: Remove len parameter from helper print functions of sysfs (jsc#SLE-19249). - RDMA/rtrs: Use sysfs_emit instead of s*printf function for sysfs show (jsc#SLE-19249). - RDMA/cma: Split apart the multiple uses of the same list heads (jsc#SLE-19249). - RDMA/rxe: Bump up default maximum values used via uverbs (jsc#SLE-19249). - IB/mlx5: Flow through a more detailed return code from get_prefetchable_mr() (jsc#SLE-19250). - RDMA/rxe: Remove unused WR_READ_WRITE_OR_SEND_MASK (jsc#SLE-19249). - RDMA/rxe: Add MASK suffix for RXE_READ_OR_ATOMIC and RXE_WRITE_OR_SEND (jsc#SLE-19249). - RDMA/rxe: Add new RXE_READ_OR_WRITE_MASK (jsc#SLE-19249). - RDMA/hfi1: Use struct_size() and flex_array_size() helpers (jsc#SLE-19242). - IB/hfi1: Add ring consumer and producers traces (jsc#SLE-19242). - IB/hfi1: Remove atomic completion count (jsc#SLE-19242). - IB/hfi1: Tune netdev xmit cachelines (jsc#SLE-19242). - IB/hfi1: Get rid of tx priv backpointer (jsc#SLE-19242). - IB/hfi1: Get rid of hot path divide (jsc#SLE-19242). - IB/hfi1: Remove cache and embed txreq in ring (jsc#SLE-19242). - RDMA/rxe: Only allow invalidate for appropriate MRs (jsc#SLE-19249). - RDMA/rxe: Create duplicate mapping tables for FMRs (jsc#SLE-19249). - RDMA/rxe: Separate HW and SW l/rkeys (jsc#SLE-19249). - RDMA/rxe: Cleanup MR status and type enums (jsc#SLE-19249). - RDMA/rxe: Add memory barriers to kernel queues (jsc#SLE-19249). - RDMA/bnxt_re: Check if the vlan is valid before reporting (jsc#SLE-18977). - RDMA/bnxt_re: Correct FRMR size calculation (jsc#SLE-18977). - RDMA/bnxt_re: Use GFP_KERNEL in non atomic context (jsc#SLE-18977). - RDMA/bnxt_re: Fix FRMR issue with single page MR allocation (jsc#SLE-18977). - RDMA/bnxt_re: Fix query SRQ failure (jsc#SLE-18977). - RDMA/bnxt_re: Suppress unwanted error messages (jsc#SLE-18977). - RDMA/bnxt_re: Support multiple page sizes (jsc#SLE-18977). - RDMA/bnxt_re: Reduce the delay in polling for hwrm command completion (jsc#SLE-18977). - RDMA/bnxt_re: Use separate response buffer for stat_ctx_free (jsc#SLE-18977). - RDMA/bnxt_re: Update statistics counter name (jsc#SLE-18977). - RDMA/bnxt_re: Add extended statistics counters (jsc#SLE-18977). - RDMA/rxe: remove the unnecessary variable (jsc#SLE-19249). - RDMA/rxe: remove the redundant variable (jsc#SLE-19249). - RDMA/rxe: Fix wrong port_cap_flags (jsc#SLE-19249). - iavf: Fix kernel BUG in free_msi_irqs (jsc#SLE-18385). - iavf: Add helper function to go from pci_dev to adapter (jsc#SLE-18385). - ice: Hide bus-info in ethtool for PRs in switchdev mode (jsc#SLE-18375). - ice: Clear synchronized addrs when adding VFs in switchdev mode (jsc#SLE-18375). - ice: Remove boolean vlan_promisc flag from function (jsc#SLE-18375). - net/mlx5: Support internal port as decap route device (jsc#SLE-19253). - net/mlx5e: Term table handling of internal port rules (jsc#SLE-19253). - net/mlx5e: Add indirect tc offload of ovs internal port (jsc#SLE-19253). - net/mlx5e: Offload internal port as encap route device (jsc#SLE-19253). - net/mlx5e: Offload tc rules that redirect to ovs internal port (jsc#SLE-19253). - net/mlx5e: Accept action skbedit in the tc actions list (jsc#SLE-19253). - net/mlx5: E-Switch, Add ovs internal port mapping to metadata support (jsc#SLE-19253). - net/mlx5e: Use generic name for the forwarding dev pointer (jsc#SLE-19253). - net/mlx5e: Refactor rx handler of represetor device (jsc#SLE-19253). - net/mlx5: DR, Add check for unsupported fields in match param (jsc#SLE-19253). - net/mlx5: Allow skipping counter refresh on creation (jsc#SLE-19253). - net/mlx5e: IPsec: Refactor checksum code in tx data path (jsc#SLE-19253). - net/mlx5: CT: Remove warning of ignore_flow_level support for VFs (jsc#SLE-19253). - net/mlx5: Add esw assignment back in mlx5e_tc_sample_unoffload() (jsc#SLE-19253). - igc: Change Device Reset to Port Reset (jsc#SLE-18377). - igc: Add new device ID (jsc#SLE-18377). - igc: Remove media type checking on the PHY initialization (jsc#SLE-18377). - bnxt_en: Remove not used other ULP define (jsc#SLE-18978). - net: ixgbevf: Remove redundant initialization of variable ret_val (jsc#SLE-18384). - intel: Simplify bool conversion (jsc#SLE-18378). - ice: fix error return code in ice_get_recp_frm_fw() (jsc#SLE-18375). - ice: Fix clang -Wimplicit-fallthrough in ice_pull_qvec_from_rc() (jsc#SLE-18375). - ice: Add support to print error on PHY FW load failure (jsc#SLE-18375). - ice: Add support for changing MTU on PR in switchdev mode (jsc#SLE-18375). - ice: send correct vc status in switchdev (jsc#SLE-18375). - ice: support for GRE in eswitch (jsc#SLE-18375). - ice: low level support for tunnels (jsc#SLE-18375). - ice: VXLAN and Geneve TC support (jsc#SLE-18375). - ice: support for indirect notification (jsc#SLE-18375). - bnxt_en: Provide stored devlink "fw" version on older firmware (jsc#SLE-18978). - bnxt_en: implement firmware live patching (jsc#SLE-18978). - bnxt_en: Update firmware interface to 1.10.2.63 (jsc#SLE-18978). - bnxt_en: implement dump callback for fw health reporter (jsc#SLE-18978). - bnxt_en: extract coredump command line from current task (jsc#SLE-18978). - bnxt_en: Retrieve coredump and crashdump size via FW command (jsc#SLE-18978). - bnxt_en: Add compression flags information in coredump segment header (jsc#SLE-18978). - bnxt_en: move coredump functions into dedicated file (jsc#SLE-18978). - bnxt_en: Refactor coredump functions (jsc#SLE-18978). - bnxt_en: improve fw diagnose devlink health messages (jsc#SLE-18978). - bnxt_en: consolidate fw devlink health reporters (jsc#SLE-18978). - bnxt_en: remove fw_reset devlink health reporter (jsc#SLE-18978). - bnxt_en: improve error recovery information messages (jsc#SLE-18978). - bnxt_en: add enable_remote_dev_reset devlink parameter (jsc#SLE-18978). - bnxt_en: implement devlink dev reload fw_activate (jsc#SLE-18978). - bnxt_en: implement devlink dev reload driver_reinit (jsc#SLE-18978). - bnxt_en: refactor cancellation of resource reservations (jsc#SLE-18978). - bnxt_en: refactor printing of device info (jsc#SLE-18978). - RDMA/mlx5: Attach ndescs to mlx5_ib_mkey (jsc#SLE-19250). - RDMA/mlx5: Move struct mlx5_core_mkey to mlx5_ib (jsc#SLE-19250). - RDMA/mlx5: Replace struct mlx5_core_mkey by u32 key (jsc#SLE-19250). - RDMA/mlx5: Remove pd from struct mlx5_core_mkey (jsc#SLE-19250). - RDMA/mlx5: Remove size from struct mlx5_core_mkey (jsc#SLE-19250). - RDMA/mlx5: Remove iova from struct mlx5_core_mkey (jsc#SLE-19250). - net/mlx5: Add priorities for counters in RDMA namespaces (jsc#SLE-19250). - net/mlx5: Add ifc bits to support optional counters (jsc#SLE-19250). - IB/mlx5: Enable UAR to have DevX UID (jsc#SLE-19250). - net/mlx5: Add uid field to UAR allocation structures (jsc#SLE-19253). - net/mlx5: Lag, Make mlx5_lag_is_multipath() be static inline (jsc#SLE-19253). - net/mlx5e: Prevent HW-GRO and CQE-COMPRESS features operate together (jsc#SLE-19253). - net/mlx5e: Add HW-GRO offload (jsc#SLE-19253). - net/mlx5e: Add HW_GRO statistics (jsc#SLE-19253). - net/mlx5e: HW_GRO cqe handler implementation (jsc#SLE-19253). - net/mlx5e: Add data path for SHAMPO feature (jsc#SLE-19253). - net/mlx5e: Add handle SHAMPO cqe support (jsc#SLE-19253). - net/mlx5e: Add control path for SHAMPO feature (jsc#SLE-19253). - net/mlx5e: Add support to klm_umr_wqe (jsc#SLE-19253). - net/mlx5e: Rename TIR lro functions to TIR packet merge functions (jsc#SLE-19253). - net/mlx5: Add SHAMPO caps, HW bits and enumerations (jsc#SLE-19253). - net/mlx5e: Rename lro_timeout to packet_merge_timeout (jsc#SLE-19253). - lib: bitmap: Introduce node-aware alloc API (jsc#SLE-19253). - net/mlx5: remove the recent devlink params (jsc#SLE-19253). - net/mlx5: SF_DEV Add SF device trace points (jsc#SLE-19253). - net/mlx5: SF, Add SF trace points (jsc#SLE-19253). - net/mlx5: Let user configure max_macs param (jsc#SLE-19253). - net/mlx5: Let user configure event_eq_size param (jsc#SLE-19253). - net/mlx5: Let user configure io_eq_size param (jsc#SLE-19253). - net/mlx5: Bridge, support replacing existing FDB entry (jsc#SLE-19253). - net/mlx5: Bridge, extract code to lookup and del/notify entry (jsc#SLE-19253). - net/mlx5: Add periodic update of host time to firmware (jsc#SLE-19253). - net/mlx5: Print health buffer by log level (jsc#SLE-19253). - net/mlx5: Extend health buffer dump (jsc#SLE-19253). - net/mlx5: Reduce flow counters bulk query buffer size for SFs (jsc#SLE-19253). - net/mlx5: Fix unused function warning of mlx5i_flow_type_mask (jsc#SLE-19253). - net/mlx5: Remove unnecessary checks for slow path flag (jsc#SLE-19253). - net: qed_dev: fix check of true !rc expression (jsc#SLE-19001). - net: qed_ptp: fix check of true !rc expression (jsc#SLE-19001). - net: hns3: add error recovery module and type for himac (bsc#1190336). - net: hns3: add new ras error type for roce (bsc#1190336). - net: hns3: add update ethtool advertised link modes for FIBRE port when autoneg off (bsc#1190336). - net: hns3: modify functions of converting speed ability to ethtool link mode (bsc#1190336). - net: hns3: add support pause/pfc durations for mac statistics (bsc#1190336). - net: hns3: device specifications add number of mac statistics (bsc#1190336). - net: hns3: modify mac statistics update process for compatibility (bsc#1190336). - net: hns3: add debugfs support for interrupt coalesce (bsc#1190336). - devlink: Delete obsolete parameters publish API (jsc#SLE-19253). - mlx5: fix build after merge (jsc#SLE-19253). - ice: Nuild fix (jsc#SLE-18375). - ice: Add tc-flower filter support for channel (jsc#SLE-18375). - ice: enable ndo_setup_tc support for mqprio_qdisc (jsc#SLE-18375). - ice: Add infrastructure for mqprio support via ndo_setup_tc (jsc#SLE-18375). - ice: fix an error code in ice_ena_vfs() (jsc#SLE-18375). - ice: use devm_kcalloc() instead of devm_kzalloc() (jsc#SLE-18375). - ice: Make use of the helper function devm_add_action_or_reset() (jsc#SLE-18375). - ice: Refactor PR ethtool ops (jsc#SLE-18375). - ice: Manage act flags for switchdev offloads (jsc#SLE-18375). - ice: Forbid trusted VFs in switchdev mode (jsc#SLE-18375). - ice: fix software generating extra interrupts (jsc#SLE-18375). - ice: fix rate limit update after coalesce change (jsc#SLE-18375). - ice: update dim usage and moderation (jsc#SLE-18375). - ice: Add support for VF rate limiting (jsc#SLE-18375). - devlink: Remove extra device_lock assert checks (jsc#SLE-19253). - net/mlx5: E-Switch, Increase supported number of forward destinations to 32 (jsc#SLE-19253). - net/mlx5: E-Switch, Use dynamic alloc for dest array (jsc#SLE-19253). - net/mlx5: Lag, use steering to select the affinity port in LAG (jsc#SLE-19253). - net/mlx5: Lag, add support to create/destroy/modify port selection (jsc#SLE-19253). - net/mlx5: Lag, add support to create TTC tables for LAG port selection (jsc#SLE-19253). - net/mlx5: Lag, add support to create definers for LAG (jsc#SLE-19253). - net/mlx5: Lag, set match mask according to the traffic type bitmap (jsc#SLE-19253). - net/mlx5: Lag, set LAG traffic type mapping (jsc#SLE-19253). - net/mlx5: Lag, move lag files into directory (jsc#SLE-19253). - net/mlx5: Introduce new uplink destination type (jsc#SLE-19253). - net/mlx5: Add support to create match definer (jsc#SLE-19253). - net/mlx5: Introduce port selection namespace (jsc#SLE-19253). - net/mlx5: Support partial TTC rules (jsc#SLE-19253). - iavf: Combine init and watchdog state machines (jsc#SLE-18385). - iavf: Add __IAVF_INIT_FAILED state (jsc#SLE-18385). - iavf: Refactor iavf state machine tracking (jsc#SLE-18385). - qed: Change the TCP common variable - "iscsi_ooo" (jsc#SLE-19001). - qed: Optimize the ll2 ooo flow (jsc#SLE-19001). - mlx5: prevent 64bit divide (jsc#SLE-19253). - net/mlx5: Use system_image_guid to determine bonding (jsc#SLE-19253). - net/mlx5: Use native_port_num as 1st option of device index (jsc#SLE-19253). - net/mlx5: Introduce new device index wrapper (jsc#SLE-19253). - net/mlx5: Check return status first when querying system_image_guid (jsc#SLE-19253). - net/mlx5: DR, Prefer kcalloc over open coded arithmetic (jsc#SLE-19253). - net/mlx5e: Add extack msgs related to TC for better debug (jsc#SLE-19253). - net/mlx5: CT: Fix missing cleanup of ct nat table on init failure (jsc#SLE-19253). - net/mlx5: Disable roce at HCA level (jsc#SLE-19253). - net/mlx5i: Enable Rx steering for IPoIB via ethtool (jsc#SLE-19253). - net/mlx5: Bridge, provide flow source hints (jsc#SLE-19253). - net/mlx5: Read timeout values from DTOR (jsc#SLE-19253). - net/mlx5: Read timeout values from init segment (jsc#SLE-19253). - net/mlx5: Add layout to support default timeouts register (jsc#SLE-19253). - ice: make use of ice_for_each_* macros (jsc#SLE-18375). - ice: introduce XDP_TX fallback path (jsc#SLE-18375). - ice: optimize XDP_TX workloads (jsc#SLE-18375). - ice: propagate xdp_ring onto rx_ring (jsc#SLE-18375). - ice: do not create xdp_frame on XDP_TX (jsc#SLE-18375). - ice: unify xdp_rings accesses (jsc#SLE-18375). - ice: split ice_ring onto Tx/Rx separate structs (jsc#SLE-18375). - ice: move ice_container_type onto ice_ring_container (jsc#SLE-18375). - ice: remove ring_active from ice_ring (jsc#SLE-18375). - net: intel: igc_ptp: fix build for UML (jsc#SLE-18377). - ice: Implement support for SMA and U.FL on E810-T (jsc#SLE-18375). - ice: Add support for SMA control multiplexer (jsc#SLE-18375). - ice: Implement functions for reading and setting GPIO pins (jsc#SLE-18375). - ice: Refactor ice_aqc_link_topo_addr (jsc#SLE-18375). - net: qed_debug: fix check of false (grc_param < 0) expression (jsc#SLE-19001). - devlink: Delete reload enable/disable interface (jsc#SLE-19253). - net/mlx5: Set devlink reload feature bit for supported devices only (jsc#SLE-19253). - devlink: Allow control devlink ops behavior through feature mask (jsc#SLE-19253). - devlink: Annotate devlink API calls (jsc#SLE-19253). - devlink: Move netdev_to_devlink helpers to devlink.c (jsc#SLE-19253). - devlink: Reduce struct devlink exposure (jsc#SLE-19253). - net: hns3: debugfs add support dumping page pool info (bsc#1190336). - ice: ndo_setup_tc implementation for PR (jsc#SLE-18375). - ice: ndo_setup_tc implementation for PF (jsc#SLE-18375). - ice: Allow changing lan_en and lb_en on all kinds of filters (jsc#SLE-18375). - ice: cleanup rules info (jsc#SLE-18375). - ice: allow deleting advanced rules (jsc#SLE-18375). - ice: allow adding advanced rules (jsc#SLE-18375). - ice: create advanced switch recipe (jsc#SLE-18375). - ice: manage profiles and field vectors (jsc#SLE-18375). - ice: implement low level recipes functions (jsc#SLE-18375). - ethernet: Remove redundant 'flush_workqueue()' calls (jsc#SLE-19253). - bnxt: use netif_is_rxfh_configured instead of open code (jsc#SLE-18978). - qed: Fix compilation for CONFIG_QED_SRIOV undefined scenario (jsc#SLE-19001). - qed: Initialize debug string array (jsc#SLE-19001). - ice: add port representor ethtool ops and stats (jsc#SLE-18375). - ice: switchdev slow path (jsc#SLE-18375). - ice: rebuild switchdev when resetting all VFs (jsc#SLE-18375). - ice: enable/disable switchdev when managing VFs (jsc#SLE-18375). - ice: introduce new type of VSI for switchdev (jsc#SLE-18375). - ice: set and release switchdev environment (jsc#SLE-18375). - ice: allow changing lan_en and lb_en on dflt rules (jsc#SLE-18375). - ice: manage VSI antispoof and destination override (jsc#SLE-18375). - ice: allow process VF opcodes in different ways (jsc#SLE-18375). - ice: introduce VF port representor (jsc#SLE-18375). - ice: Move devlink port to PF/VF struct (jsc#SLE-18375). - qed: Fix spelling mistake "ctx_bsaed" -> "ctx_based" (jsc#SLE-19001). - ethernet: use eth_hw_addr_set() for dev->addr_len cases (jsc#SLE-18377). - mlx4: constify args for const dev_addr (jsc#SLE-19256). - mlx4: remove custom dev_addr clearing (jsc#SLE-19256). - mlx4: replace mlx4_u64_to_mac() with u64_to_ether_addr() (jsc#SLE-19256). - mlx4: replace mlx4_mac_to_u64() with ether_addr_to_u64() (jsc#SLE-19256). - net/mlx5: Enable single IRQ for PCI Function (jsc#SLE-19253). - net/mlx5: Shift control IRQ to the last index (jsc#SLE-19253). - net/mlx5: Bridge, pop VLAN on egress table miss (jsc#SLE-19253). - net/mlx5: Bridge, mark reg_c1 when pushing VLAN (jsc#SLE-19253). - net/mlx5: Bridge, extract VLAN pop code to dedicated functions (jsc#SLE-19253). - net/mlx5: Bridge, refactor eswitch instance usage (jsc#SLE-19253). - net/mlx5e: Support accept action (jsc#SLE-19253). - net/mlx5e: Specify out ifindex when looking up encap route (jsc#SLE-19253). - net/mlx5e: Reserve a value from TC tunnel options mapping (jsc#SLE-19253). - net/mlx5e: Move parse fdb check into actions_match_supported_fdb() (jsc#SLE-19253). - net/mlx5e: Split actions_match_supported() into a sub function (jsc#SLE-19253). - net/mlx5e: Move mod hdr allocation to a single place (jsc#SLE-19253). - net/mlx5e: TC, Refactor sample offload error flow (jsc#SLE-19253). - net/mlx5e: Add TX max rate support for MQPRIO channel mode (jsc#SLE-19253). - net/mlx5e: Specify SQ stats struct for mlx5e_open_txqsq() (jsc#SLE-19253). - qed: fix ll2 establishment during load of RDMA driver (jsc#SLE-19001). - qed: Update the TCP active termination 2 MSL timer ("TIME_WAIT") (jsc#SLE-19001). - qed: Update TCP silly-window-syndrome timeout for iwarp, scsi (jsc#SLE-19001). - qed: Update debug related changes (jsc#SLE-19001). - qed: Add '_GTT' suffix to the IRO RAM macros (jsc#SLE-19001). - qed: Update FW init functions to support FW 8.59.1.0 (jsc#SLE-19001). - qed: Use enum as per FW 8.59.1.0 in qed_iro_hsi.h (jsc#SLE-19001). - qed: Update qed_hsi.h for fw 8.59.1.0 (jsc#SLE-19001). - qed: Update qed_mfw_hsi.h for FW ver 8.59.1.0 (jsc#SLE-19001). - qed: Update common_hsi for FW ver 8.59.1.0 (jsc#SLE-19001). - qed: Split huge qed_hsi.h header file (jsc#SLE-19001). - qed: Remove e4_ and _e4 from FW HSI (jsc#SLE-19001). - qed: Fix kernel-doc warnings (jsc#SLE-19001). - net/mlx4_en: avoid one cache line miss to ring doorbell (jsc#SLE-19256). - ethernet: use eth_hw_addr_set() instead of ether_addr_copy() (jsc#SLE-19253). - ethernet: use eth_hw_addr_set() (jsc#SLE-19256). - i40e: Use the xsk batched rx allocation interface (jsc#SLE-18378). - ice: Use the xsk batched rx allocation interface (jsc#SLE-18375). - ice: Use xdp_buf instead of rx_buf for xsk zero-copy (jsc#SLE-18375). - xsk: Batched buffer allocation for the pool (jsc#SLE-18375). - net/mlx5e: Use array_size() helper (jsc#SLE-19253). - net/mlx5: Use struct_size() helper in kvzalloc() (jsc#SLE-19253). - net/mlx5: Use kvcalloc() instead of kvzalloc() (jsc#SLE-19253). - net/mlx5: Tolerate failures in debug features while driver load (jsc#SLE-19253). - net/mlx5: Warn for devlink reload when there are VFs alive (jsc#SLE-19253). - net/mlx5: DR, Add missing string for action type SAMPLER (jsc#SLE-19253). - net/mlx5: DR, init_next_match only if needed (jsc#SLE-19253). - net/mlx5: DR, Fix typo 'offeset' to 'offset' (jsc#SLE-19253). - net/mlx5: DR, Increase supported num of actions to 32 (jsc#SLE-19253). - net/mlx5: DR, Add support for SF vports (jsc#SLE-19253). - net/mlx5: DR, Support csum recalculation flow table on SFs (jsc#SLE-19253). - net/mlx5: DR, Align error messages for failure to obtain vport caps (jsc#SLE-19253). - net/mlx5: DR, Add missing query for vport 0 (jsc#SLE-19253). - net/mlx5: DR, Replace local WIRE_PORT macro with the existing MLX5_VPORT_UPLINK (jsc#SLE-19253). - net/mlx5: DR, Fix vport number data type to u16 (jsc#SLE-19253). - devlink: report maximum number of snapshots with regions (jsc#SLE-19253). - net/mlx4_en: Add XDP_REDIRECT statistics (jsc#SLE-19256). - ixgbe: let the xdpdrv work with more than 64 cpus (jsc#SLE-18384). - devlink: Add missed notifications iterators (jsc#SLE-19253). - net/mlx4: Use array_size() helper in copy_to_user() (jsc#SLE-19256). - ice: Prefer kcalloc over open coded arithmetic (jsc#SLE-18375). - ice: Fix macro name for IPv4 fragment flag (jsc#SLE-18375). - ice: refactor devlink getter/fallback functions to void (jsc#SLE-18375). - ice: Fix link mode handling (jsc#SLE-18375). - ice: Add feature bitmap, helpers and a check for DSCP (jsc#SLE-18375). - ice: Add DSCP support (jsc#SLE-18375). - net/mlx5e: check return value of rhashtable_init (jsc#SLE-19253). - net: dsa: Move devlink registration to be last devlink command (jsc#SLE-19253). - netdevsim: Move devlink registration to be last devlink command (jsc#SLE-19253). - qed: Move devlink registration to be last devlink command (jsc#SLE-19001). - nfp: Move delink_register to be last command (jsc#SLE-19253). - mlxsw: core: Register devlink instance last (jsc#SLE-19253). - net/mlx5: Accept devlink user input after driver initialization complete (jsc#SLE-19253). - net/mlx4: Move devlink_register to be the last initialization command (jsc#SLE-19256). - ice: Open devlink when device is ready (jsc#SLE-18375). - bnxt_en: Register devlink instance at the end devlink configuration (jsc#SLE-18978). - devlink: Notify users when objects are accessible (jsc#SLE-19253). - net/mlx5e: Enable TC offload for ingress MACVLAN (jsc#SLE-19253). - net/mlx5e: Enable TC offload for egress MACVLAN (jsc#SLE-19253). - net/mlx5e: loopback test is not supported in switchdev mode (jsc#SLE-19253). - net/mlx5e: Use NL_SET_ERR_MSG_MOD() for errors parsing tunnel attributes (jsc#SLE-19253). - net/mlx5e: Use tc sample stubs instead of ifdefs in source file (jsc#SLE-19253). - net/mlx5e: Remove redundant priv arg from parse_pedit_to_reformat() (jsc#SLE-19253). - net/mlx5e: Check action fwd/drop flag exists also for nic flows (jsc#SLE-19253). - net/mlx5e: Set action fwd flag when parsing tc action goto (jsc#SLE-19253). - net/mlx5e: Remove incorrect addition of action fwd flag (jsc#SLE-19253). - net/mlx5e: Use correct return type (jsc#SLE-19253). - net/mlx5e: Add error flow for ethtool -X command (jsc#SLE-19253). - net/mlx5: DR, Fix code indentation in dr_ste_v1 (jsc#SLE-19253). - qed: Don't ignore devlink allocation failures (jsc#SLE-19001). - ice: Delete always true check of PF pointer (jsc#SLE-18375). - devlink: Remove single line function obfuscations (jsc#SLE-19253). - devlink: Delete not used port parameters APIs (jsc#SLE-19253). - bnxt_en: Properly remove port parameter support (jsc#SLE-18978). - bnxt_en: Check devlink allocation and registration status (jsc#SLE-18978). - net: mlx4: Add support for XDP_REDIRECT (jsc#SLE-19256). - devlink: Make devlink_register to be void (jsc#SLE-19253). - devlink: Delete not-used devlink APIs (jsc#SLE-19253). - mlxsw: core: Remove mlxsw_core_is_initialized() (jsc#SLE-19253). - mlxsw: core: Initialize switch driver last (jsc#SLE-19253). - devlink: Delete not-used single parameter notification APIs (jsc#SLE-19253). - net/mlx5: Publish and unpublish all devlink parameters at once (jsc#SLE-19253). - net: hns3: PF support get multicast MAC address space assigned by firmware (bsc#1190336). - net: hns3: PF support get unicast MAC address space assigned by firmware (bsc#1190336). - mlxsw: spectrum: Use PMTDB register to obtain split info (jsc#SLE-19253). - mlxsw: reg: Add Port Module To local DataBase Register (jsc#SLE-19253). - qed: Improve the stack space of filter_config() (jsc#SLE-19001). - bnxt_en: Use struct_group_attr() for memcpy() region (jsc#SLE-18978). - stddef: Introduce struct_group() helper macro (jsc#SLE-18978). - net: hns3: adjust string spaces of some parameters of tx bd info in debugfs (bsc#1190336). - net: hns3: ignore reset event before initialization process is done (bsc#1190336). - net: hns3: change hclge/hclgevf workqueue to WQ_UNBOUND mode (bsc#1190336). - rdma/qedr: Fix crash due to redundant release of device's qp memory (jsc#SLE-18998). - RDMA/rdmavt: Fix error code in rvt_create_qp() (jsc#SLE-19249). - net/mlx5e: Fix vlan data lost during suspend flow (jsc#SLE-19253). - net/mlx5: E-switch, Return correct error code on group creation failure (jsc#SLE-19253). - IB/qib: Fix clang confusion of NULL pointer comparison (jsc#SLE-19249). - bnxt: Search VPD with pci_vpd_find_ro_info_keyword() (jsc#SLE-18978). - bnxt: Read VPD with pci_vpd_alloc() (jsc#SLE-18978). - net: create netdev->dev_addr assignment helpers (jsc#SLE-19253). - dma-mapping: allow map_sg() ops to return negative error codes (jsc#SLE-19249). - ptp: ocp: Fix error path for pci_ocp_device_init() (jsc#SLE-19253). - ptp: ocp: Fix uninitialized variable warning spotted by clang (jsc#SLE-19253). - devlink: Use xarray to store devlink instances (jsc#SLE-19253). - devlink: Count struct devlink consumers (jsc#SLE-19253). - devlink: Remove check of always valid devlink pointer (jsc#SLE-19253). - devlink: Simplify devlink_pernet_pre_exit call (jsc#SLE-19253). - ptp: ocp: Remove pending_image indicator from devlink (jsc#SLE-19253). - ptp: ocp: Rename version string shown by devlink (jsc#SLE-19253). - ptp: ocp: Use 'gnss' naming instead of 'gps' (jsc#SLE-19253). - ptp: ocp: Remove devlink health and unused parameters (jsc#SLE-19253). - ptp: ocp: Add the mapping for the external PPS registers (jsc#SLE-19253). - ptp: ocp: Fix the error handling path for the class device (jsc#SLE-19253). - netdevsim: Protect both reload_down and reload_up paths (jsc#SLE-19253). - netdevsim: Forbid devlink reload when adding or deleting ports (jsc#SLE-19253). - ptp: ocp: Expose various resources on the timecard (jsc#SLE-19253). - devlink: Allocate devlink directly in requested net namespace (jsc#SLE-19253). - devlink: Remove duplicated registration check (jsc#SLE-19253). - commit 8724dc6 - ALSA: usb-audio: Fix dB level of Bose Revolve+ SoundLink (bsc#1192375). - ALSA: usb-audio: Add minimal-mute notion in dB mapping table (bsc#1192375). - ALSA: usb-audio: Use int for dB map values (bsc#1192375). - commit a6f9546 - Refresh patches.suse/sched-Temporarily-restore-deprecated-scheduler-sysctls-with-a-warning.patch (bsc#1192700) Fix build for CONFIG_SCHED_DEBUG=n. - commit b18b64a - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - commit a133bf4 - rtw89: update partition size of firmware header on skb->data (bsc#1188303). - commit 107cd5f - Drop downstream rtw89 fix patch, to be replaced with the upstream fix - commit 1e369dc - init: Revert accidental changes to print irqs_disabled() (git-fixes). - commit 62177ed - PM: hibernate: Get block device exclusively in swsusp_check() (git-fixes). - commit ab0eb1b - PM: hibernate: swap: Use vzalloc() and kzalloc() (git-fixes). - commit eb3f380 - PM: hibernate: fix sparse warnings (git-fixes). - commit 348b162 - PM: hibernate: Remove blk_status_to_errno in hib_wait_io (git-fixes). - commit def0ee8 - init: Revert accidental changes to print irqs_disabled() (git-fixes). - commit 35c394e - scsi: core: Remove command size deduction from scsi_setup_scsi_cmnd() (git-fixes). - scsi: core: Avoid leaving shost->last_reset with stale value if EH does not run (git-fixes). - scsi: qla2xxx: Turn off target reset during issue_lip (git-fixes). - scsi: qla2xxx: Fix gnl list corruption (git-fixes). - scsi: qla2xxx: Relogin during fabric disturbance (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: pm80xx: Fix misleading log statement in pm8001_mpi_get_nvmd_resp() (git-fixes). - scsi: ufs: core: Stop clearing UNIT ATTENTIONS (git-fixes). - scsi: ufs: core: Retry START_STOP on UNIT_ATTENTION (git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: pm80xx: Fix lockup in outbound queue management (git-fixes). - scsi: elx: efct: Delete stray unlock statement (git-fixes). - um: virt-pci: fix uapi documentation (git-fixes). - scsi: ufs: Optimize serialization of setup_xfer_req() calls (git-fixes). - commit 8d221dc ++++ kernel-firmware: - Update to version 20211115 (git commit f5d519563ac9): * linux-firmware: Update AMD cpu microcode * amdgpu: update raven2 firmware from 21.40 * amdgpu: update navi14 firmware from 21.40 * amdgpu: update raven firmware from 21.40 * amdgpu: update navi12 firmware from 21.40 * amdgpu: update navi10 firmware from 21.40 * amdgpu: update vega20 firmware from 21.40 * amdgpu: update vega12 firmware from 21.40 * amdgpu: update vega10 firmware from 21.40 * amdgpu: update picasso firmware from 21.40 * amdgpu: update vangogh firmware from 21.40 * amdgpu: update beige goby firmware from 21.40 * amdgpu: add cyan skillfish firmware from 21.40 * amdgpu: update dimgrey cavefish firmware from 21.40 * amdgpu: update green sardine firmware from 21.40 * amdgpu: update navy flounder firmware from 21.40 * amdgpu: update renoir firmware from 21.40 * amdgpu: update arcturus firmware from 21.40 * amdgpu: update sienna cichlid firmware from 21.40 * rtl_bt: Update RTL8852A BT USB firmware to 0xDBA9_6937 * iwlwifi: add new FWs from core64-96 release * iwlwifi: update 9000-family firmwares to core64-96 * amdgpu: update VCN firmware for green sardine * linux-firmware: update frimware for mediatek bluetooth chip (MT7921) - Update aliases ++++ gmp: - Add gmp-6.2.1-CVE-2021-43618.patch to fix buffer overflow on malformed input to mpz_inp_raw. [bsc#1192717, CVE-2021-43618] ------------------------------------------------------------------ ------------------ 2021-11-15 - Nov 15 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - clocksource: Forgive repeated long-latency watchdog clocksource reads (bsc#1192724). - scripts/git_sort/git_sort.py: add a dev branch of the -rcu tree - commit 0845241 - patches.suse/zram-replace-fsync_bdev-with-sync_blockdev.patch: (bsc#1170269). - commit 5c8aa0e - patches.suse/zram-avoid-race-between-zram_remove-and-disksize_sto.patch: (bsc#1170269). - commit 5e92544 - patches.suse/zram-don-t-fail-to-remove-zram-during-unloading-modu.patch: (bsc#1170269). - commit 534b940 - patches.suse/zram-fix-race-between-zram_reset_device-and-disksize.patch: (bsc#1170269). - commit 78167fd - x86/fpu: Optimize out sigframe xfeatures when in init state (bsc#1190497). - commit 00db683 - fuse: fix page stealing (bsc#1192718). - virtiofs: use strscpy for copying the queue name (bsc#1192720). - commit c8072b7 - cpumask: Omit terminating null byte in cpumap_print_{list,bitmask}_to_buf (bsc#1192611). - commit 6727db6 - ABI: sysfs-devices-power: add some debug sysfs files (git-fixes). - commit 166ca61 - ABI: sysfs-devices-power: document some RPM statistics (git-fixes). - commit d90cdd7 - kprobes: Do not use local variable when creating debugfs file (git-fixes). - commit 31c6a3a - ptp: Document the PTP_CLK_MAGIC ioctl number (git-fixes). - commit 4fba2e2 - Update patches.suse/thunderbolt-Enable-retry-logic-for-intra-domain-cont.patch (jsc#SLE-19356 jsc#SLE-19359). Corrected Jira numbers to Epics - commit 3be9934 - net: mellanox: mlxbf_gige: Replace non-standard interrupt handling (jsc#SLE-19248). - gpio: mlxbf2: Introduce IRQ support (jsc#SLE-19248). - gpio: mlxbf2.c: Add check for bgpio_init failure (jsc#SLE-19248). - commit d883dc9 - README.BRANCH: Add Vlastimil Babka as SLE15-SP4 maintainer. - commit 31b8a3a - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - commit 907bc9c - xen: Fix implicit type conversion (git-fixes). - commit c808811 - x86/smp: Factor out parts of native_smp_prepare_cpus() (bsc#1192258). - commit a1b08b7 - PCI: pciehp: Ignore Link Down/Up caused by error-induced Hot Reset (git-fixes). - PCI/portdrv: Rename pm_iter() to pcie_port_device_iter() (git-fixes). - commit 82e03a0 - PCI/MSI: Move non-mask check back into low level accessors (git-fixes). - PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes). - PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes). - PCI: aardvark: Fix PCIe Max Payload Size setting (git-fixes). - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes). - dyndbg: make dyndbg a known cli param (git-fixes). - commit 6e4688e - powerpc/paravirt: correct preempt debug splat in vcpu_is_preempted() (git-fixes). - commit 45d77db ++++ systemd: - Import commit 77ad76ed6e5c8170e3825d57abf8690b2a95bc06 (merge of v249.6) bcdeee7b4c virt: Support detection for ARM64 Hyper-V guests (bsc#1186071) [...] For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/ad045db5d34afeb4ece43f349783eda931e49a04...77ad76ed6e5c8170e3825d57abf8690b2a95bc06 ++++ restorecond: - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_restorecond.service.patch ++++ rpm-config-SUSE: - Add bsc1192160-rpm-config-SUSE-support-compressed-firmware-files.patch: Backported from e4c04ac, the upcoming kernel will support the compressed firmware files, and this patch corresponds to that kernel change, fixing firmware.prov to deal with the xz-compressed firmware files as well (bsc#1192160). ++++ yast2: - Force creating the UI before checking -pkg etc. UI plug-ins (bsc#1192650) - 4.4.22 ++++ yast2-trans: - Update to version 84.87.20211114.f6c5a7e501: * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'users'. * New POT for text domain 'bootloader'. * Translated using Weblate (Malay) * Translated using Weblate (Malay) * Translated using Weblate (Malay) * Translated using Weblate (Malay) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * New POT for text domain 'registration'. * New POT for text domain 'network'. ------------------------------------------------------------------ ------------------ 2021-11-14 - Nov 14 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1190497). - commit a856ef9 - clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk (git-fixes). - clk/ast2600: Fix soc revision for AHB (git-fixes). - Revert "clk: rockchip: use module_platform_driver_probe" (git-fixes). - clk: ingenic: Fix bugs with divided dividers (git-fixes). - commit 6b7f27c ++++ libblockdev: - Update to version 2.26: + Fixes: - Deprecated glib function call; - Build with LLVM/clang; - Many memory leaks; - Many tests. - Fix dbus.h being wrongly packaged in libbd_lvm-dbus-devl instead of libbd_utils-devel (boo#1189787). ------------------------------------------------------------------ ------------------ 2021-11-13 - Nov 13 2021 ------------------- ------------------------------------------------------------------ ++++ librsvg: - Update to version 2.52.4: + New features: - Support the isolation property from the Compositing and Blending Level 1 specification. - Support Visual Studio 2022. + Bug fixes: - The opacity and mix-blend-mode properties were not being applied when an element has a mask. - Fix panic when an empty group has a pattern fill and filters. - Fix the tests on Windows; the still only work when Fontconfig is present. - Work around a bug in the cairo-rs bindings in the test suite, that only manifests itself in s/390x due to its calling convention. See https://github.com/gtk-rs/gtk-rs-core/issues/335 ++++ kernel-default: - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1190497). - commit ff42fca - Update config files: bump version to 5.14.18 - commit eee3ca4 - drm: fb_helper: improve CONFIG_FB dependency (git-fixes). - Update config files. - commit 12bd574 - ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (git-fixes). - ALSA: synth: missing check for possible NULL after the call to kstrdup (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UX550VE (git-fixes). - ALSA: timer: Unconditionally unlink slave instances, too (git-fixes). - ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N (git-fixes). - ALSA: hda/realtek: Headset fixup for Clevo NH77HJQ (git-fixes). - ALSA: timer: Fix use-after-free problem (git-fixes). - commit 00ac1e4 - ALSA: hda: Free card instance properly at probe errors (git-fixes). - ALSA: PCM: Fix NULL dereference at mmap checks (git-fixes). - ALSA: memalloc: Catch call with NULL snd_dma_buffer pointer (git-fixes). - drm/nouveau/svm: Fix refcount leak bug and missing check against null bug (git-fixes). - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (git-fixes). - Revert "drm/imx: Annotate dma-fence critical section in commit path" (git-fixes). - drm/udl: fix control-message timeout (git-fixes). - drm/ttm: remove ttm_bo_vm_insert_huge() (git-fixes). - drm/plane-helper: fix uninitialized variable reference (git-fixes). - drm/bridge/lontium-lt9611uxc: fix provided connector suport (git-fixes). - Input: iforce - fix control-message timeout (git-fixes). - Input: max8925_onkey - don't mark comment as kernel-doc (git-fixes). - Input: st1232 - increase "wait ready" timeout (git-fixes). - Input: ariel-pwrbutton - add SPI device ID table (git-fixes). - rtc: rv3032: fix error handling in rv3032_clkout_set_rate() (git-fixes). - rtc: mcp795: Add SPI ID table (git-fixes). - rtc: pcf2123: Add SPI ID table (git-fixes). - rtc: ds1390: Add SPI ID table (git-fixes). - rtc: ds1302: Add SPI ID table (git-fixes). - thermal: int340x: fix build on 32-bit targets (git-fixes). - commit 63439e7 ++++ podman: - Update to version 3.4.2: * Fixed a bug where podman tag could not tag manifest lists (#12046). * Fixed a bug where built-in volumes specified by images would not be created correctly under some circumstances. * Fixed a bug where, when using Podman Machine on OS X, containers in pods did not have working port forwarding from the host (#12207). * Fixed a bug where the podman network reload command command on containers using the slirp4netns network mode and the rootlessport port forwarding driver would make an unnecessary attempt to restart rootlessport on containers that did not forward ports. * Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. empty SELinux and DNS configuration blocks, and the privileged flag when set to false) (#11995). * Fixed a bug where the podman pod rm command could, if interrupted at the right moment, leave a reference to an already-removed infra container behind (#12034). * Fixed a bug where the podman pod rm command would not remove pods with more than one container if all containers save for the infra container were stopped unless --force was specified (#11713). * Fixed a bug where the --memory flag to podman run and podman create did not accept a limit of 0 (which should specify unlimited memory) (#12002). * Fixed a bug where the remote Podman client's podman build command could attempt to build a Dockerfile in the working directory of the podman system service instance instead of the Dockerfile specified by the user (#12054). * Fixed a bug where the podman logs --tail command could function improperly (printing more output than requested) when the journald log driver was used. * Fixed a bug where containers run using the slirp4netns network mode with IPv6 enabled would not have IPv6 connectivity until several seconds after they started (#11062). * Fixed a bug where some Podman commands could cause an extra dbus-daemon process to be created (#9727). * Fixed a bug where rootless Podman would sometimes print warnings about a failure to move the pause process into a given CGroup (#12065). * Fixed a bug where the checkpointed field in podman inspect on a container was not set to false after a container was restored. * Fixed a bug where the podman system service command would print overly-verbose logs about request IDs (#12181). * Fixed a bug where Podman could, when creating a new container without a name explicitly specified by the user, sometimes use an auto-generated name already in use by another container if multiple containers were being created in parallel (#11735). ------------------------------------------------------------------ ------------------ 2021-11-12 - Nov 12 2021 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - Update to version 9.3.0 (jsc#PCT-130) + Support AHB-v3 + Support registration of BYOS instances against the update infrastructure + Properly extract the region for local zones in AWS to ensure instances get connected to the proper update servers + Azure addon service and executable rename + Support non SLE repos + Fix handling of regionservers configured with DNS names ++++ container-selinux: - Update to version 2.171.0 * Define kubernetes_file_t as a config_type * Allow containers to be socket activated by user domains and by systemd. * Allow iptables to use fifo files of a container runtime * Allow container_runtime create all tmpfs content as container_runtime_tmpfs_t * Allow containers to create lnk_file on tmpfs_t directories. ++++ cpuset: - Add cpuset-1.6-Fix_invalid_parentheses.patch to fix a semantic error. (bsc#1191418) - %check: really test the package [bsc#1191736] ++++ kernel-default: - Linux 5.14.18 (stable-5.14.18). - commit 739ae10 - isofs: Fix out of bound access for corrupted isofs image (stable-5.14.18). - binder: don't detect sender/target during buffer cleanup (stable-5.14.18). - usb: gadget: Mark USB_FSL_QE broken on 64-bit (stable-5.14.18). - usb-storage: Add compatibility quirk flags for iODD 2531/2541 (stable-5.14.18). - usb: ehci: handshake CMD_RUN instead of STS_HALT (stable-5.14.18). - KVM: x86: avoid warning with -Wbitwise-instead-of-logical (stable-5.14.18). - Revert "x86/kvm: fix vcpu-id indexed array sizes" (stable-5.14.18). - binder: use cred instead of task for getsecid (stable-5.14.18). - binder: use cred instead of task for selinux checks (stable-5.14.18). - binder: use euid from cred instead of using task (stable-5.14.18). - ALSA: pci: cs46xx: Fix set up buffer type properly (stable-5.14.18). - ALSA: pcm: Check mmap capability of runtime dma buffer at first (stable-5.14.18). - commit ac03c67 - pwm: rockchip: Unprepare clocks only after the PWM was unregistered (jsc#SLE-22616). - commit 12bd5ce - Update patch references for stable-5.14.18 - commit 40343d9 - Fix and move the upstreamed patches into sorted section - commit 8dc4b32 - supported.conf: add pwm-rockchip References: jsc#SLE-22616 - commit c6166b8 - btrfs: remove unused function btrfs_bio_fits_in_stripe() (jsc#SLE-17674). - btrfs: determine stripe boundary at bio allocation time in btrfs_submit_compressed_write (jsc#SLE-17674). - btrfs: determine stripe boundary at bio allocation time in btrfs_submit_compressed_read (jsc#SLE-17674). - btrfs: introduce alloc_compressed_bio() for compression (jsc#SLE-17674). - btrfs: introduce submit_compressed_bio() for compression (jsc#SLE-17674). - btrfs: handle errors properly inside btrfs_submit_compressed_write() (jsc#SLE-17674). - btrfs: handle errors properly inside btrfs_submit_compressed_read() (jsc#SLE-17674). - commit f0da449 - btrfs: subpage: add bitmap for PageChecked flag (jsc#SLE-17674). - commit 50c42db - btrfs: subpage: pack all subpage bitmaps into a larger bitmap (jsc#SLE-17674). - btrfs: subpage: introduce btrfs_subpage_bitmap_info (jsc#SLE-17674). - commit 087ca75 - btrfs: subpage: make btrfs_alloc_subpage() return btrfs_subpage directly (jsc#SLE-17674). - commit 46a7040 - btrfs: subpage: only call btrfs_alloc_subpage() when sectorsize is smaller than PAGE_SIZE (jsc#SLE-17674). - commit a26cf9b - btrfs: introduce compressed_bio::pending_sectors to trace compressed bio (jsc#SLE-17674). - commit f3b6498 - btrfs: rename struct btrfs_io_bio to btrfs_bio (jsc#SLE-17674). - commit 96b1426 - btrfs: remove btrfs_bio_alloc() helper (jsc#SLE-17674). - commit 83c8397 - btrfs: rename btrfs_bio to btrfs_io_context (jsc#SLE-17674). - commit 6b2229b - blacklist.conf: d979617aa84d ("bpf: Fixes possible race in update_prog_stats() for 32bit arches") 32-bit only - commit 0d1ab9a - apparmor: fix error check (git-fixes). - gve: Fix off by one in gve_tx_timeout() (git-fixes). - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails (git-fixes). - can: mcp251xfd: mcp251xfd_chip_start(): fix error handling for mcp251xfd_chip_rx_int_enable() (git-fixes). - can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path (git-fixes). - can: j1939: j1939_can_recv(): ignore messages with invalid source address (git-fixes). - can: j1939: j1939_tp_cmd_recv(): ignore abort message in the BAM transport (git-fixes). - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (git-fixes). - commit a02425d ++++ regionServiceClientConfigEC2: - Update to version 3.1.0 (bsc#1029162) + Add IPv6 addresses to config + Include IPv6 certificates + Requires cloud-regionsrv-client >= v9.3.0 ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#538 - handle zstd compressed modules - handle new .ko.zst kernel module suffix - handle zstd compression (jsc#SLE-18768, jsc#SLE-20248, jsc#SLE-21256) - 16.57.7 ++++ yast2: - Adapt the code to the new product specification API (bsc#1192626). - yast2-packager is now responsible for finding the list of available base products during installation. - Drop ProductControlProduct class. - 4.4.21 ------------------------------------------------------------------ ------------------ 2021-11-11 - Nov 11 2021 ------------------- ------------------------------------------------------------------ ++++ checkpolicy: - Update to version 3.3 * When reading a binary policy by checkpolicy, do not automatically change the version to the max policy version supported by libsepol or, if specified, the value given using the "-c" flag. * Updated documentation * Prints the reason why opening a source policy file failed ++++ grub2: - Fix arm64 kernel image not aligned on 64k boundary (bsc#1192522) * 0001-arm64-Fix-EFI-loader-kernel-image-allocation.patch * 0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch ++++ hwdata: - Update to version 0.353 (bsc#1192587): + Updated pci, usb and vendor ids. ++++ hwinfo: - merge gh#openSUSE/hwinfo#106 - Always read numerical 32bit serial number from EDID header. Override this with ASCII serial number from display descriptor, if available. - Display numerical 32bit serial number for monitors without serial number display descriptor - 21.78 ++++ open-iscsi: - Merged latest upstream. Mostly cleanup, but includes a fix for iscsi-init.service when trying to write to the root volume too early (bsc#1192568), as well as an upstream fix for possible deadlock when dealing with sysfs. ++++ kernel-default: - blacklist.conf: 868c250bb463 ("x86/fpu: Include vmalloc.h for vzalloc()") - commit fcf1347 - Documentation/x86: Add documentation for using dynamic XSTATE features (jsc#SLE-18931). - commit cc5cb1c - selftests/x86/amx: Add context switch test (jsc#SLE-18931). - commit 9946b7f - selftests/x86/amx: Add test cases for AMX state management (jsc#SLE-18931). - commit 4e5182e - x86/fpu/amx: Enable the AMX feature in 64-bit mode (jsc#SLE-18931). - commit 2ac2782 - x86/fpu: Add XFD handling for dynamic states (jsc#SLE-18931). - commit 49619a9 - x86/fpu: Calculate the default sizes independently (jsc#SLE-18931). - commit afcd73c - x86/fpu/amx: Define AMX state components and have it used for boot-time checks (jsc#SLE-18931). - commit ddf9464 - x86/fpu/xstate: Prepare XSAVE feature table for gaps in state component numbers (jsc#SLE-18931). - commit fb12c6f - x86/fpu/xstate: Add fpstate_realloc()/free() (jsc#SLE-18931). - commit 52e8e05 - x86/fpu/xstate: Add XFD #NM handler (jsc#SLE-18931). - commit 1918fca - x86/fpu: Update XFD state where required (jsc#SLE-18931). - commit ae721d6 - x86/fpu: Add sanity checks for XFD (jsc#SLE-18931). - commit e7eb3fb - x86/fpu: Add XFD state to fpstate (jsc#SLE-18931). - commit ccad282 - x86/msr-index: Add MSRs for XFD (jsc#SLE-18931). - commit 7ede736 - x86/cpufeatures: Add eXtended Feature Disabling (XFD) feature bit (jsc#SLE-18931). - commit d77baa8 - x86/fpu: Reset permission and fpstate on exec() (jsc#SLE-18931). - commit 1b6783e - dmaengine: stm32-dma: avoid 64-bit division in stm32_dma_get_max_width (git-fixes). - sysv: use BUILD_BUG_ON instead of runtime check (git-fixes). - commit fa67de7 - soc: ti: fix wkup_m3_rproc_boot_thread return type (git-fixes). - thermal/drivers/int340x: processor_thermal: Suppot 64 bit RFIM responses (git-fixes). - soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read (git-fixes). - soc: fsl: dpio: use the combined functions to protect critical zone (git-fixes). - soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id (git-fixes). - watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT (git-fixes). - remoteproc: Fix a memory leak in an error handling path in 'rproc_handle_vdev()' (git-fixes). - rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined (git-fixes). - commit 4b979a4 - dmaengine: idxd: fix resource leak on dmaengine driver disable (git-fixes). - dmaengine: idxd: reconfig device after device reset command (git-fixes). - dmaengine: remove debugfs #ifdef (git-fixes). - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` (git-fixes). - dmaengine: stm32-dma: fix stm32_dma_get_max_width (git-fixes). - remoteproc: imx_rproc: Fix rsc-table name (git-fixes). - remoteproc: imx_rproc: Fix ignoring mapping vdev regions (git-fixes). - remoteproc: imx_rproc: Fix TCM io memory type (git-fixes). - remoteproc: Fix the wrong default value of is_iomem (git-fixes). - remoteproc: elf_loader: Fix loading segment when is_iomem true (git-fixes). - commit 88fbf4c - ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (git-fixes). - ACPI: PM: Fix device wakeup power reference counting error (git-fixes). - dmaengine: bestcomm: fix system boot lockups (git-fixes). - dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (git-fixes). - dmaengine: at_xdmac: call at_xdmac_axi_config() on resume path (git-fixes). - dmaengine: idxd: move out percpu_ref_exit() to ensure it's outside submission (git-fixes). - crypto: tcrypt - fix skcipher multi-buffer tests for 1420B blocks (git-fixes). - crypto: ccree - avoid out-of-range warnings from clang (git-fixes). - crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (git-fixes). - commit 415ba15 - init: make unknown command line param message clearer (bsc#1192590). - commit 5097b41 - x86/fpu: Prepare fpu_clone() for dynamically enabled features (jsc#SLE-18931). - commit 3b5888e - x86/fpu/signal: Prepare for variable sigframe length (jsc#SLE-18931). - commit 7107574 - x86/signal: Use fpu::__state_user_size for sigalt stack validation (jsc#SLE-18931). - commit 96c1b01 - x86/fpu: Add basic helpers for dynamically enabled features (jsc#SLE-18931). - commit bf58746 - x86/arch_prctl: Add controls for dynamic XSTATE components (jsc#SLE-18931). - commit 6553ecb - nvme: Add sibling to list after full initialization (bsc#1191793 bsc#1192507). - commit 5fedc09 - x86/fpu: Add fpu_state_config::legacy_features (jsc#SLE-18931). - commit 938ac07 - x86/fpu: Add members to struct fpu to cache permission information (jsc#SLE-18931). - commit 96e08c8 - x86/fpu/xstate: Provide xstate_calculate_size() (jsc#SLE-18931). - commit 0eebbe6 - x86/signal: Implement sigaltstack size validation (jsc#SLE-18931). - Update config files. - commit 40edc00 - signal: Add an optional check for altstack size (jsc#SLE-18931). - commit c2d9b5c - x86/fpu: Remove old KVM FPU interface (jsc#SLE-18931). - commit b289ef7 - mm/vmscan: delay waking of tasks throttled on NOPROGRESS (bsc#1190208 (MM functional and performance backports)). - mm/vmscan: increase the timeout if page reclaim is not making progress (bsc#1190208 (MM functional and performance backports)). - mm/vmscan: centralise timeout values for reclaim_throttle (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc: remove the throttling logic from the page allocator (bsc#1190208 (MM functional and performance backports)). - mm/writeback: throttle based on page writeback instead of congestion (bsc#1190208 (MM functional and performance backports)). - mm/vmscan: throttle reclaim when no progress is being made (bsc#1190208 (MM functional and performance backports)). - mm/vmscan: throttle reclaim and compaction when too may pages are isolated (bsc#1190208 (MM functional and performance backports)). - mm/vmscan: throttle reclaim until some writeback completes if congested (bsc#1190208 (MM functional and performance backports)). - mm: hwpoison: handle non-anonymous THP correctly (bsc#1190208 (MM functional and performance backports)). - mm: shmem: don't truncate page if memory failure happens (bsc#1190208 (MM functional and performance backports)). - mm: hwpoison: refactor refcount check handling (bsc#1190208 (MM functional and performance backports)). - mm: filemap: coding style cleanup for filemap_map_pmd() (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc: use clamp() to simplify code (bsc#1190208 (MM functional and performance backports)). - mm: page_alloc: use migrate_disable() in drain_local_pages_wq() (bsc#1189998 (PREEMPT_RT prerequisite backports)). - mm/page_alloc.c: show watermark_boost of zone in zoneinfo (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc: detect allocation forbidden by cpuset and bail out early (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc.c: do not acquire zone lock in is_free_buddy_page() (bsc#1190208 (MM functional and performance backports)). - mm: move fold_vm_numa_events() to fix NUMA without SMP (bsc#1190208 (MM functional and performance backports)). - mm: move node_reclaim_distance to fix NUMA without SMP (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc.c: avoid allocating highmem pages via alloc_pages_exact[_nid] (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc.c: use helper function zone_spans_pfn() (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc.c: fix obsolete comment in free_pcppages_bulk() (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc.c: simplify the code by using macro K() (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc.c: remove meaningless VM_BUG_ON() in pindex_to_order() (bsc#1190208 (MM functional and performance backports)). - mm: remove redundant smp_wmb() (bsc#1190208 (MM functional and performance backports)). - mm: introduce pmd_install() helper (bsc#1190208 (MM functional and performance backports)). - mm: add zap_skip_check_mapping() helper (bsc#1190208 (MM functional and performance backports)). - mm: drop first_index/last_index in zap_details (bsc#1190208 (MM functional and performance backports)). - mm: clear vmf->pte after pte_unmap_same() returns (bsc#1190208 (MM functional and performance backports)). - mm/memory.c: avoid unnecessary kernel/user pointer conversion (bsc#1190208 (MM functional and performance backports)). - mm: move more expensive part of XA setup out of mapping check (bsc#1190208 (MM functional and performance backports)). - mm/filemap.c: remove bogus VM_BUG_ON (bsc#1190208 (MM functional and performance backports)). - mm: don't read i_size of inode unless we need it (bsc#1190208 (MM functional and performance backports)). - mm: stop filemap_read() from grabbing a superfluous page (bsc#1190208 (MM functional and performance backports)). - mm: Fix comments mentioning i_mutex (bsc#1190208 (MM functional and performance backports)). - commit 1829ec0 - x86/kvm: Convert FPU handling to a single swap buffer (jsc#SLE-18931). - commit 1b316b0 - x86/fpu: Provide infrastructure for KVM FPU cleanup (jsc#SLE-18931). - commit 09d3f06 - x86/fpu: Prepare for sanitizing KVM FPU code (jsc#SLE-18931). - commit e472864 - x86/fpu/xstate: Move remaining xfeature helpers to core (jsc#SLE-18931). - commit 7892ec7 - x86/fpu: Rework restore_regs_from_fpstate() (jsc#SLE-18931). - commit 87bde61 - x86/fpu: Mop up xfeatures_mask_uabi() (jsc#SLE-18931). - commit d6d75f4 - Fix problem with missing installkernel on Tumbleweed. - commit 2ed6686 - x86/fpu: Move xstate feature masks to fpu_*_cfg (jsc#SLE-18931). - commit 04a01f4 - x86/fpu: Move xstate size to fpu_*_cfg (jsc#SLE-18931). - commit cf4b506 - x86/fpu/xstate: Cleanup size calculations (jsc#SLE-18931). - commit d16b889 - x86/fpu: Cleanup fpu__init_system_xstate_size_legacy() (jsc#SLE-18931). - commit 6817654 - x86/fpu: Provide struct fpu_config (jsc#SLE-18931). - commit e9e9154 - Refresh patches.suse/mm-page_alloc-Print-node-fallback-order.patch. - Refresh patches.suse/mm-page_alloc-Use-accumulated-load-when-building-node-fallback-list.patch. Move to sorted section. - commit df23484 - x86/fpu/signal: Use fpstate for size and features (jsc#SLE-18931). - commit 00eca20 - x86/fpu/xstate: Use fpstate for copy_uabi_to_xstate() (jsc#SLE-18931). - commit 36ed39f - x86/fpu: Use fpstate in __copy_xstate_to_uabi_buf() (jsc#SLE-18931). - commit 292d93f - x86/fpu: Use fpstate in fpu_copy_kvm_uabi_to_fpstate() (jsc#SLE-18931). - commit f1d4fea - x86/fpu/xstate: Use fpstate for xsave_to_user_sigframe() (jsc#SLE-18931). - commit 3bd5114 - x86/fpu/xstate: Use fpstate for os_xsave() (jsc#SLE-18931). - commit 310c2fa - s390/qeth: Register switchdev event handler (jsc#SLE-18329 jsc#SLE-18330 jsc#SLE-18516 bsc#1191738 LTC#193282). - Refresh patches.suse/s390-qeth-Fix-deadlock-in-remove_discipline.patch. - commit d424df5 - s390/qeth: Update MACs of LEARNING_SYNC device (jsc#SLE-18329 jsc#SLE-18330 jsc#SLE-18516 bsc#1191738 LTC#193282). - s390/qeth: Switchdev event handler (jsc#SLE-18329 jsc#SLE-18330 jsc#SLE-18516 bsc#1191738 LTC#193282). - s390/qdio: propagate error when cancelling a ccw fails (jsc#SLE-18329 jsc#SLE-18330 jsc#SLE-18516 bsc#1191738 LTC#193282). - s390/qdio: improve roll-back after error on ESTABLISH ccw (jsc#SLE-18329 jsc#SLE-18330 jsc#SLE-18516 bsc#1191738 LTC#193282). - commit 9cdc2d7 - kcov: replace local_irq_save() with a local_lock_t (bsc#1189998). - kcov: avoid enable+disable interrupts if !in_task() (bsc#1189998). - kcov: allocate per-CPU memory on the relevant node (bsc#1189998). - Documentation/kcov: define `ip' in the example (bsc#1189998). - Documentation/kcov: include types.h in the example (bsc#1189998). - commit ce3a059 ++++ libeconf: - Update to version libeconf-0.4.2+git20211111.c7a2c52: * CMake fixes regarding document installation. * Fixed different issues while writing string values to file. * Writing comments to file too. * Fixed memory leaks. * Fixed crash while merging values. ++++ pcre2: - added patches fix revert https://github.com/PhilipHazel/pcre2/commit/080d7789eba00b570181dfe28809b01aa88c01f8 + pcre2-readd-wrappers-POSIX.patch ++++ libselinux: - Update to version 3.3: * Lots of smaller issues fixed found by fuzzing ++++ libsemanage: - Update to version 3.3 * Fixed use-after-free in parse_module_store() * Fixed use_after_free in semanage_direct_write_langext() ++++ libsepol: - Update to version 3.3 * Dropped CVE-2021-36085.patch, CVE-2021-36086.patch, CVE-2021-36087.patch are all included * Lot of smaller fixes identified by fuzzing ++++ sg3_utils: - Update to version 1.47: * sg_rep_zones: add support for REPORT ZONE DOMAINS and REPORT REALMS in this utility * sg_raw: fix prints of NVMe NVM command names * sg_logs: additions to Volume statistics lpage [ssc5r05c] - additions to Command duration limits statistics log page [spc6r06] * sg_vpd: fix do_hex type on some recent pages - zoned block dev char vpd: add zone alignment mode and zone starting LBA granularity [zbc2r11] * sg_read_buffer: fix --length= problem * sg_dd, sgm_dd, sgp_dd: don't close negative file descriptors * sg_dd: srand48_r() and mrand48_r() are GNU libc specific, put conditional in so non-reentrant version used otherwise - 'iflag=00,ff' places the 32 bit block address (big endian) into each block * sgp_dd: major rework, fix issue with error being ignored - new: --chkaddr which checks for block address in each block - add check for stdatomic.h presence in configure.ac * sg_xcopy: tweak CSCD identification descriptor * sg_get_elem_status: fix issue with '--maxlen=' option - add 2 depopulation revocation health attributes [sbc5r01] * transport error handling improved. To fix report of a BAD_TARGET transport error but the utility still continued. - introduce SG_LIB_TRANSPORT_ERROR [35] exit status * several utilities: override '--maxlen=LEN' when LEN is < 16 (or 4), take default (or 4) instead * scripts: 55-scsi-sg3_id.rules remove outdated rule (bsc#1189297) * sg_lib: add sg_scsi_status_is_good(), sg_scsi_status_is_bad() and sg_get_zone_type_str() * pt_linux: fix verify(BytChk=0) which Linux SNTL translated to write, other SNTL cleanups * pt_linux_nvme: fix fua setting * pt: check_pt_file_handle() add return value of 5 for - _service updates: * re-enable service, hadn't been used for 1.46 release * use upstream author's git repository, simplify versioning scheme * use obscpio format ++++ libzypp: - Disable logger in the child after fork (bsc#1192436) - version 17.28.8 (22) ++++ lshw: - Update to version B.02.19.2+git.20211102: * merge Github PR#77 * use max (9) Gzip compression * Add Catalan translation * Update POT file * Add more network speeds ++++ policycoreutils: - Update to version 3.3 * Lots of fuzzing fixes * `fixfiles -C` doesn't exclude /dev and /run anymore Refreshed get_os_version.patch ++++ libselinux-bindings: - Update to version 3.3: * Lots of smaller issues fixed found by fuzzing ++++ python-semanage: - Update to version 3.3 * Fixed use-after-free in parse_module_store() * Fixed use_after_free in semanage_direct_write_langext() ++++ restorecond: - Update to version 3.3 * No user visible changes ++++ selinux-policy: - Update to version 20211111. Refreshed: * fix_dbus.patch * fix_systemd.patch * fix_authlogin.patch * fix_auditd.patch * fix_kernel_sysctl.patch * fix_networkmanager.patch * fix_chronyd.patch * fix_unconfineduser.patch * fix_unconfined.patch * fix_firewalld.patch * fix_init.patch * fix_xserver.patch * fix_logging.patch * fix_hadoop.patch ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#536 - enable Xorg on s390x (jsc#SLE-18632, jsc#SLE-22176) - 16.57.6 ------------------------------------------------------------------ ------------------ 2021-11-10 - Nov 10 2021 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 3.6.1 - Fix rsyncing /etc into the running system with - -drop-if-no-change [bsc#1192242] ++++ glib2: - Stop passing fam=true to meson and drop gamin-devel BuildRequires, following upstream default. Following this, drop libgio-fam sub-package. ++++ kernel-default: - scsi: smartpqi: Update version to 2.1.12-055 (jsc#SLE-19277). - scsi: smartpqi: Add 3252-8i PCI id (jsc#SLE-19277). - scsi: smartpqi: Fix duplicate device nodes for tape changers (jsc#SLE-19277). - scsi: smartpqi: Fix boot failure during LUN rebuild (jsc#SLE-19277). - scsi: smartpqi: Add extended report physical LUNs (jsc#SLE-19277). - scsi: smartpqi: Avoid failing I/Os for offline devices (jsc#SLE-19277). - scsi: smartpqi: Add TEST UNIT READY check for SANITIZE operation (jsc#SLE-19277). - scsi: smartpqi: Update LUN reset handler (jsc#SLE-19277). - scsi: smartpqi: Capture controller reason codes (jsc#SLE-19277). - scsi: smartpqi: Add controller handshake during kdump (jsc#SLE-19277). - scsi: smartpqi: Update device removal management (jsc#SLE-19277). - scsi: smartpqi: Replace one-element array with flexible-array member (jsc#SLE-19277). - scsi: smartpqi: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-19277). - scsi: smartpqi: Update version to 2.1.10-020 (jsc#SLE-19277). - scsi: smartpqi: Fix ISR accessing uninitialized data (jsc#SLE-19277). - scsi: smartpqi: Add PCI IDs for new ZTE controllers (jsc#SLE-19277). - scsi: smartpqi: Add PCI ID for new ntcom controller (jsc#SLE-19277). - scsi: smartpqi: Add SCSI cmd info for resets (jsc#SLE-19277). - scsi: smartpqi: Change Kconfig menu entry to Microchip (jsc#SLE-19277). - scsi: smartpqi: Change driver module macros to Microchip (jsc#SLE-19277). - scsi: smartpqi: Update copyright notices (jsc#SLE-19277). - scsi: smartpqi: Add PCI IDs for H3C P4408 controllers (jsc#SLE-19277). - commit bcef281 - x86/fpu: Use fpstate::size (jsc#SLE-18931). - commit f9fab51 - x86/fpu: Add size and mask information to fpstate (jsc#SLE-18931). - commit 4e0ac7e - x86/process: Move arch_thread_struct_whitelist() out of line (jsc#SLE-18931). - commit f8a7a93 - x86/fpu: Do not leak fpstate pointer on fork (jsc#SLE-18931). - commit 54a4c96 - x86/fpu: Remove fpu::state (jsc#SLE-18931). - commit 1aeab0c - x86/math-emu: Convert to fpstate (jsc#SLE-18931). - commit 3a0d6a3 - x86/fpu/core: Convert to fpstate (jsc#SLE-18931). - commit f154e4c - x86/fpu/signal: Convert to fpstate (jsc#SLE-18931). - commit c811273 - x86/fpu/regset: Convert to fpstate (jsc#SLE-18931). - commit ddc34e9 - x86/fpu: Convert tracing to fpstate (jsc#SLE-18931). - commit 6494d77 - x86/KVM: Convert to fpstate (jsc#SLE-18931). - commit a14d0c2 - x86/fpu: Replace KVMs xstate component clearing (jsc#SLE-18931). - commit dbdf07f - x86/fpu: Convert restore_fpregs_from_fpstate() to struct fpstate (jsc#SLE-18931). - commit 5d24bac - x86/fpu: Convert fpstate_init() to struct fpstate (jsc#SLE-18931). - commit a8d6069 - x86/fpu: Provide struct fpstate (jsc#SLE-18931). - commit 93cdff1 - x86/fpu: Replace KVMs home brewed FPU copy to user (jsc#SLE-18931). - commit 7d64666 - x86/fpu: Provide a proper function for ex_handler_fprestore() (jsc#SLE-18931). - commit 8d40edd - x86/fpu: Replace the includes of fpu/internal.h (jsc#SLE-18931). - commit 64c9a3a - x86/fpu: Mop up the internal.h leftovers (jsc#SLE-18931). - commit 3802fa4 - x86/sev: Include fpu/xcr.h (jsc#SLE-18931). - commit 893d382 - x86/fpu: Remove internal.h dependency from fpu/signal.h (jsc#SLE-18931). - commit 36ba3e4 - x86/fpu: Move fpstate functions to api.h (jsc#SLE-18931). - commit 8b9d235 - x86/fpu: Move mxcsr related code to core (jsc#SLE-18931). - commit 009e4b2 - x86/fpu: Move fpregs_restore_userregs() to core (jsc#SLE-18931). - commit c095776 - net: sched: gred: dynamically allocate tc_gred_qopt_offload (bsc#1189998). - net: sched: remove one pair of atomic operations (bsc#1189998). - net: sched: fix logic error in qdisc_run_begin() (bsc#1189998). - net: sched: Allow statistics reads from softirq (bsc#1189998). - net: sched: Remove Qdisc::running sequence counter (bsc#1189998). - net: sched: Merge Qdisc::bstats and Qdisc::cpu_bstats data types (bsc#1189998). - net: sched: Use _bstats_update/set() instead of raw writes (bsc#1189998). - net: sched: Protect Qdisc::bstats with u64_stats (bsc#1189998). - u64_stats: Introduce u64_stats_set() (bsc#1189998). - gen_stats: Move remaining users to gnet_stats_add_queue() (bsc#1189998). - mq, mqprio: Use gnet_stats_add_queue() (bsc#1189998). - gen_stats: Add gnet_stats_add_queue() (bsc#1189998). - gen_stats: Add instead Set the value in __gnet_stats_copy_basic() (bsc#1189998). - net/sched: sch_ets: properly init all active DRR list handles (bsc#1189998). - net_sched: refactor TC action init API (bsc#1189998). - net/sched: act_skbmod: Add SKBMOD_F_ECN option support (bsc#1189998). - commit 1f00ef0 - x86/fpu: Make WARN_ON_FPU() private (jsc#SLE-18931). - commit a770cfc - x86/fpu: Move legacy ASM wrappers to core (jsc#SLE-18931). - commit 550c5bb - scsi: mpt3sas: Fix reference tag handling for WRITE_INSERT (jsc#SLE-18967). - scsi: mpt3sas: Clean up some inconsistent indenting (jsc#SLE-18967). - scsi: mpt3sas: Call cpu_relax() before calling udelay() (jsc#SLE-18967). - scsi: mpt3sas: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18967). - scsi: mpt3sas: Introduce sas_ncq_prio_supported sysfs sttribute (jsc#SLE-18967). - scsi: mpt3sas: Update driver version to 39.100.00.00 (jsc#SLE-18967). - scsi: mpt3sas: Use firmware recommended queue depth (jsc#SLE-18967). - scsi: mpt3sas: Bump driver version to 38.100.00.00 (jsc#SLE-18967). - scsi: mpt3sas: Add io_uring iopoll support (jsc#SLE-18967). - commit 769c603 - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - ibmvnic: don't stop queue in xmit (bsc#1192273 ltc#194629). - commit 0c1f769 - Revert "ibmvnic: check failover_pending in login response" (bsc#1190523 ltc#194510). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - commit 3cece0c - x86/fpu: Move os_xsave() and os_xrstor() to core (jsc#SLE-18931). - commit 0e76265 - x86/fpu: Make os_xrstor_booting() private (jsc#SLE-18931). - commit 5d32b8f - x86/fpu: Clean up CPU feature tests (jsc#SLE-18931). - commit 446c71a - x86/fpu: Move context switch and exit to user inlines into sched.h (jsc#SLE-18931). - commit 93f59dc - scsi: megaraid_sas: Driver version update to 07.719.03.00-rc1 (jsc#SLE-18968). - scsi: megaraid_sas: Add helper functions for irq_context (jsc#SLE-18968). - scsi: megaraid_sas: Fix concurrent access to ISR between IRQ polling and real interrupt (jsc#SLE-18968). - scsi: megaraid: Clean up some inconsistent indenting (jsc#SLE-18968). - scsi: megaraid: Fix Coccinelle warning (jsc#SLE-18968). - scsi: megaraid: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18968). - commit 15f1bb5 - x86/fpu: Mark fpu__init_prepare_fx_sw_frame() as __init (jsc#SLE-18931). - commit d3c4053 - x86/fpu: Rework copy_xstate_to_uabi_buf() (jsc#SLE-18931). - commit 2a28e7e - x86/fpu: Replace KVMs home brewed FPU copy from user (jsc#SLE-18931). - commit d2f0bca - x86/fpu: Move KVMs FPU swapping to FPU core (jsc#SLE-18931). - commit 640c80f - x86/fpu/xstate: Mark all init only functions __init (jsc#SLE-18931). - commit b7fb34b - x86/fpu/xstate: Provide and use for_each_xfeature() (jsc#SLE-18931). - commit 1c5014e - x86/fpu: Cleanup xstate xcomp_bv initialization (jsc#SLE-18931). - commit 135211d - x86/fpu: Do not inherit FPU context for kernel and IO worker threads (jsc#SLE-18931). - commit becc295 - x86/process: Clone FPU in copy_thread() (jsc#SLE-18931). - commit 2d0ab18 - x86/fpu: Remove pointless memset in fpu_clone() (jsc#SLE-18931). - commit 43563a6 - x86/fpu: Cleanup the on_boot_cpu clutter (jsc#SLE-18931). - commit fba46f1 - char/random: reinstantiate DRBGs once optimized sha512 becomes available (jsc#SLE-21132,bsc#1191259). - commit f4f5829 - char/random: wire up userspace interface to SP800-90B compliant drbg (jsc#SLE-21132,bsc#1191259). - commit 08f937f - x86/fpu: Restrict xsaves()/xrstors() to independent states (jsc#SLE-18931). - commit 2680d35 - x86/pkru: Remove useless include (jsc#SLE-18931). - commit 0a37ab9 - x86/fpu: Update stale comments (jsc#SLE-18931). - commit ccb8547 - x86/fpu: Remove pointless argument from switch_fpu_finish() (jsc#SLE-18931). - commit 2a98e69 - Delete patches.suse/sched-fair-Couple-wakee-flips-with-heavy-wakers.patch. Upstream thought the heuristic was too specific. - commit f48e685 - sched: Temporarily restore deprecated scheduler sysctls with a warning (bsc#1192327, bsc#1191396). - commit b45e01a - Update patches.suse/x86-fpu-mask-out-the-invalid-mxcsr-bits-properly.patch (jsc#SLE-18931). - commit 1bb370e - x86/fpu/signal: Fix missed conversion to correct boolean retval in save_xstate_epilog() (jsc#SLE-18931). - commit 88b693c - x86/fpu/signal: Change return code of restore_fpregs_from_user() to boolean (jsc#SLE-18931). - commit bff2e93 - x86/fpu/signal: Change return code of check_xstate_in_sigframe() to boolean (jsc#SLE-18931). - commit 0925586 - x86/fpu/signal: Change return type of __fpu_restore_sig() to boolean (jsc#SLE-18931). - commit 8707aff - trap: cleanup trap_init() (git-fixes). - commit 84c723c - xsurf100: drop include of lib8390.c (git-fixes). - commit b8f067c - x86/fpu/signal: Change return type of fpu__restore_sig() to boolean (jsc#SLE-18931). - commit a9ed3f4 - x86/signal: Change return type of restore_sigcontext() to boolean (jsc#SLE-18931). - commit eacd67e - x86/fpu/signal: Change return type of copy_fpregs_to_sigframe() helpers to boolean (jsc#SLE-18931). - commit f83d895 - x86/fpu/signal: Change return type of copy_fpstate_to_sigframe() to boolean (jsc#SLE-18931). - commit a72c41f - x86/fpu/signal: Move xstate clearing out of copy_fpregs_to_sigframe() (jsc#SLE-18931). - commit 2f939c3 - Removed c0891ac1 patch backporting because it touched many files in different subsystems and it's not necessary for ACPI (jsc#SLE-18523) The c0891ac1 patch causes many "warning: "va_start" redefined" messages when building kernel. The patch touched many files in different subsystem and it's not neceaary for ACPI backporting. So I removed this patch and also respin related patches. (jsc#SLE-18523) - Refresh patches.suse/ACPI-tools-fix-compilation-error.patch. - Delete patches.suse/isystem-ship-and-use-stdarg.h-c0891ac1.patch. - commit b3998a8 - x86/fpu/signal: Move header zeroing out of xsave_to_user_sigframe() (jsc#SLE-18931). - commit 05da93a - x86/fpu/signal: Clarify exception handling in restore_fpregs_from_user() (jsc#SLE-18931). - commit d359dfe ++++ ldb: - Update to version 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); + Corrected python docstrings ++++ ceph: - Preservation of Bugzilla, Jira and CVE citations from earlier incarnations of this changes file after double-checking that none of these fixes got lost in the pacific rebase: + bsc#1163764 (--container-init feature cherry-picked to octopus) + bsc#1170200 (mgr/dashboard: Fix for CrushMap viewer items getting compressed vertically) + bsc#1172926 (mgr/orchestrator: Sort 'ceph orch device ls' by host) + bsc#1173079 (mgr/devicehealth: device_health_metrics pool gets created even without any OSDs in the cluster) + bsc#1174466 (mon: have 'mon stat' output json as well) + bsc#1174526 (mgr/dashboard: allow getting fresh inventory data from the orchestrator) + bsc#1174529 (rpm: on SUSE, podman is required for cephadm to work) + bsc#1174644 (cephadm: log to file) + bsc#1175120 (downstream branding) + bsc#1175161 (downstream branding) + bsc#1175169 (downstream branding) + bsc#1176390 (mgr/dashboard: enable different URL for users of browser to Grafana) + bsc#1176451 (Drop patch "rpm: on SUSE, podman is required for cephadm to work") + bsc#1176489 (mgr/cephadm: lock multithreaded access to OSDRemovalQueue) + bsc#1176499 (mgr/cephadm: fix RemoveUtil.load_from_store()) + bsc#1176638 (ceph-volume: batch: call the right prepare method) + bsc#1176679 (mgr/dashboard: enable different URL for users of browser to Grafana) + bsc#1176828 (cephadm: command_unit: call systemctl with verbose=True) + bsc#1177078 (mgr/dashboard: Fix bugs in a unit test and i18n translation) + bsc#1177151 (python-common: do not skip unavailable devices) + bsc#1177319 (--container-init feature cherry-picked to octopus) + bsc#1177344 (mgr/dashboard: support Orchestrator and user-defined Ganesha cluster) + bsc#1177360 (cephadm: silence "Failed to evict container" log msg) + bsc#1177450 (ceph-volume: don't exit before empty report can be printed) + bsc#1177643 (Revert "spec: Podman (temporarily) requires apparmor-abstractions on suse") + bsc#1177676 (cephadm: allow uid/gid == 0 in copy_tree, copy_files, move_files) + bsc#1177843 (CVE-2020-25660) + bsc#1177857 (mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails) + bsc#1177933 (cephadm: configure journald as the logdriver) + bsc#1178531 (cephadm: set default container_image to registry.suse.com/ses/7/ceph/ceph) + bsc#1178837 (rgw: cls/user: set from_index for reset stats calls) + bsc#1178860 (mgr/dashboard: Disable TLS 1.0 and 1.1) + bsc#1178905 (CVE-2020-25678) + bsc#1178932 (cephadm: reference the last local image by digest) + bsc#1179016 (rpm: require smartmontools on SUSE) + bsc#1179452 (mgr/insights: Test environment requires 'six') + bsc#1179526 (rgw: during GC defer, prevent new GC enqueue) + bsc#1179569 (cephadm: reference the last local image by digest) + bsc#1179802 (CVE-2020-27781) + bsc#1179997 (CVE-2020-27839) + bsc#1180107 (ceph-volume: pass --filter-for-batch from drive-group subcommand) + bsc#1180155 (CVE-2020-27781) + bsc#1181291 (mgr/cephadm: alias rgw-nfs -> nfs) + bsc#1182766 (cephadm: fix 'inspect' and 'pull') + bsc#1183074 (CVE-2021-20288) + bsc#1183561 (mgr/cephadm: on ssh connection error, advice chmod 0600) + bsc#1183899 (bluestore: fix huge reads/writes at BlueFS) + bsc#1184231 (cephadm: Allow to use paths in all <_devices> drivegroup sections) + bsc#1184517 (cls/rgw: look for plane entries in non-ascii plain namespace too) + bsc#1185246 (rgw: check object locks in multi-object delete) + bsc#1185619 (CVE-2021-3524) + bsc#1185619 (CVE-2021-3524) + bsc#1186020 (CVE-2021-3531) + bsc#1186021 (CVE-2021-3509) + bsc#1186348 (mgr/zabbix: adapt zabbix_sender default path) + bsc#1188979 ("mgr/cephadm: pass --container-init to "cephadm deploy" if specified" and "Revert "cephadm: default container_init to False") + bsc#1189173 (downstream branding) + jsc#SES-1071 (ceph-volume: major batch refactor - upstream PR#34740) + jsc#SES-185 (SES support with cache software) + jsc#SES-704 (mgr/snap_schedule) ++++ samba: - Fix regression introduced by CVE-2020-25717 patches, winbindd does not start when 'allow trusted domains' is off; (bso#14899); - Update to 4.15.2 * CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication; (bso#12444); (bsc#1014440); * CVE-2020-25717: A user on the domain can become root on domain members; (bso#14556); (bsc#1192284); * CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued by an RODC; (bso#14558); (bsc#1192246); * CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets; (bso#14561); (bsc#1192247); * CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers (eg objectSid); (bso#14557); (bsc#1192505); * CVE-2020-25722: Samba AD DC did not do suffienct access and conformance checking of data stored; (bso#14564); (bsc#1192283); * CVE-2021-3738: Use after free in Samba AD DC RPC server; (bso#14468); (bsc#1192215); * CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability; (bso#14875); (bsc#1192214); - Update to 4.15.1 * vfs_shadow_copy2: core dump in make_relative_path; (bso#14682); * Log clutter from filename_convert_internal; (bso#14685); * MacOSX compilation fixes; (bso#14862); * rodc_rwdc test flaps; (bso#14868); * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal; (bso#14642); * Python ldb.msg_diff() memory handling failure; (bso#14836); * "in" operator on ldb.Message is case sensitive; (bso#14845); * Release LDB 2.4.1 for Samba 4.15.1; (bso#14848); * samldb_krbtgtnumber_available() looks for incorrect string; (bso#14854); * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED; (bso#14871); * Allow special chars like "@" in samAccountName when generating the salt; (bso#14874); * Correctly ignore comments in CTDB public addresses file; (bso#14826); * Fix transit path validation; (bso#12998); * Fix that child winbindd logs to log.winbindd instead of log.wb-; (bso#14852); * SMB3 cancel requests should only include the MID together with AsyncID when AES-128-GMAC is used; (bso#14855); * Prepare to operate with MIT krb5 >= 1.20; (bso#14870); * Heimdal prefers RC4 over AES for machine accounts; (bso#14864); ++++ tk: - New version 8.6.12: * (bug)[7beaed] ttk::bindMouseWheel syntax error * (new) support 4 new keycodes: CodeInput, SingleCandidate, MultipleCandidate, PreviousCandidate * (new) Portable keycodes: OE, oe, Ydiaeresis * (bug)[9e1312] to parent after child destroyed * (bug)[d3cd4c] more robust notebook processing * (bug)[234ee4] crash in [clipboard get] invalid encoding * (bug)[be9cad] Poor trace housekeeping -> tkwait segfault * (bug)[9b6065] restore Tcl [update], see window-2.12 * (bug)[34db75,ea876b] cursor motion in peer text * (bug)[c97464] memleak in TkpDrawAngledChars * (bug)[171ba7] crash when grab and focus are not coordinated * crash due to failed transient record housekeeping * (bug)[099109] segfault reusing a container toplevel * (bug)[4efbfe] static package init order in wish * (bug)[033886] Win: hang in font loading * (bug)[8ebed3] multi-thread safety in Xft use * (new)[TIP 608] New virtual event <> ------------------------------------------------------------------ ------------------ 2021-11-9 - Nov 9 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add aa-notify-more-arch-mr809.diff: Add support for reading s390x and aarch64 wtmp files (boo#1181155) ++++ kernel-default: - x86/extable: Remove EX_TYPE_FAULT from MCE safe fixups (jsc#SLE-18931). - commit f1063b0 - x86/fpu: Use EX_TYPE_FAULT_MCE_SAFE for exception fixups (jsc#SLE-18931). - commit cfb074b - x86/copy_mc: Use EX_TYPE_DEFAULT_MCE_SAFE for exception fixups (jsc#SLE-18931). - commit c72dfcc - x86/extable: Provide EX_TYPE_DEFAULT_MCE_SAFE and EX_TYPE_FAULT_MCE_SAFE (jsc#SLE-18931). - commit 0827eac - x86/extable: Rework the exception table mechanics (jsc#SLE-18931). - commit 91c2fad - x86/mce: Get rid of stray semicolons (jsc#SLE-18931). - commit 03638cb - x86/mce: Deduplicate exception handling (jsc#SLE-18931). - commit 01e0919 - x86/extable: Get rid of redundant macros (jsc#SLE-18931). - commit 9770234 - x86/extable: Tidy up redundant handler functions (jsc#SLE-18931). - commit ef9303c - crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes). - commit 29916de - crypto: octeontx2 - set assoclen in aead_do_fallback() (git-fixes). - commit dac895e - crypto: qat - disregard spurious PFVF interrupts (git-fixes). - commit 6643391 - crypto: qat - detect PFVF collision after ACK (git-fixes). - commit e7481e9 - crypto: qat - store vf.compatible flag (git-fixes). - commit e25bd9f - crypto: caam - disable pkc for non-E SoCs (git-fixes). - commit 74d1a4c - crypto: qat - power up 4xxx device (git-fixes). - commit 3d9a37e - crypto: qat - fix naming of PF/VF enable functions (git-fixes). - commit 8111874 - crypto: qat - complete all the init steps before service notification (git-fixes). - commit 4e4b1e2 - crypto: qat - enable interrupts only after ISR allocation (git-fixes). - commit f21fda1 - crypto: qat - protect interrupt mask CSRs with a spinlock (git-fixes). - commit 3990e0f - crypto: qat - remove intermediate tasklet for vf2pf (git-fixes). - Refresh patches.suse/crypto-qat-fix-naming-for-init-shutdown-VF-to-PF-not.patch. - commit 5b8bbae - Revert "rpm/config.sh: Compress modules with zstd (jsc#SLE-21256)." This reverts commit 648b5c7cb84366056aed609528029ae9c75c3d37. Reported to cause build problems in IBS. - commit 082e0f1 - crypto: qat - prevent spurious MSI interrupt in PF (git-fixes). - commit 0efbad5 - crypto: qat - move IO virtualization functions (git-fixes). - commit 68d4675 - crypto: qat - move pf2vf interrupt [en|dis]able to adf_vf_isr.c (git-fixes). - commit 756b47d - crypto: qat - rename compatibility version definition (git-fixes). - Refresh patches.suse/crypto-qat-fix-reuse-of-completion-variable.patch. - commit 0a119bc - Delete check.sh that was mistakenly taken into the tree - commit 0bf8e1d - mfd: altera-a10sr: Include linux/module.h (git-fixes). - commit 71795a7 - video: backlight: Drop maximum brightness override for brightness zero (git-fixes). - mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() (git-fixes). - mtd: rawnand: arasan: Prevent an unsupported configuration (git-fixes). - mtd: rawnand: xway: Keep the driver compatible with on-die ECC engines (git-fixes). - mtd: rawnand: socrates: Keep the driver compatible with on-die ECC engines (git-fixes). - mtd: rawnand: plat_nand: Keep the driver compatible with on-die ECC engines (git-fixes). - mtd: rawnand: pasemi: Keep the driver compatible with on-die ECC engines (git-fixes). - mtd: rawnand: orion: Keep the driver compatible with on-die ECC engines (git-fixes). - mtd: rawnand: mpc5121: Keep the driver compatible with on-die ECC engines (git-fixes). - mtd: rawnand: gpio: Keep the driver compatible with on-die ECC engines (git-fixes). - commit e849ae5 - mtd: rawnand: au1550nd: Keep the driver compatible with on-die ECC engines (git-fixes). - mtd: rawnand: ams-delta: Keep the driver compatible with on-die ECC engines (git-fixes). - Revert "mtd: rawnand: cs553x: Fix external use of SW Hamming ECC helper" (git-fixes). - Revert "mtd: rawnand: lpc32xx_slc: Fix external use of SW Hamming ECC helper" (git-fixes). - Revert "mtd: rawnand: ndfc: Fix external use of SW Hamming ECC helper" (git-fixes). - Revert "mtd: rawnand: sharpsl: Fix external use of SW Hamming ECC helper" (git-fixes). - Revert "mtd: rawnand: tmio: Fix external use of SW Hamming ECC helper" (git-fixes). - Revert "mtd: rawnand: txx9ndfmc: Fix external use of SW Hamming ECC helper" (git-fixes). - mtd: rawnand: fsmc: Fix use of SM ORDER (git-fixes). - mtd: rawnand: intel: Fix potential buffer overflow in probe (git-fixes). - commit 7347e0b - mfd: altera-sysmgr: Fix a mistake caused by resource_size conversion (git-fixes). - mfd: sprd: Add SPI device ID table (git-fixes). - mfd: cpcap: Add SPI device ID table (git-fixes). - mfd: altr_a10sr: Add SPI device ID table (git-fixes). - mfd: core: Add missing of_node_put for loop iteration (git-fixes). - cxl/pci: Fix NULL vs ERR_PTR confusion (git-fixes). - i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' (git-fixes). - i2c: mediatek: fixing the incorrect register offset (git-fixes). - mtd: core: don't remove debugfs directory if device is in use (git-fixes). - commit deece6f - x86/softirq: Disable softirq stacks on PREEMPT_RT (bsc#1189998). - commit acf1ee7 - mm: disable NUMA_BALANCING_DEFAULT_ENABLED and TRANSPARENT_HUGEPAGE on PREEMPT_RT (bsc#1189998). - net/core: disable NET_RX_BUSY_POLL on PREEMPT_RT (bsc#1189998). - crypto: testmgr - Only disable migration in crypto_disable_simd_for_test() (bsc#1189998). - leds: trigger: Disable CPU trigger on PREEMPT_RT (bsc#1189998). - smack: Guard smack_ipv6_lock definition within a SMACK_IPV6_PORT_LABELING block (bsc#1189998). - efi: Allow efi=runtime (bsc#1189998). - efi: Disable runtime services on RT (bsc#1189998). - sched/rt: Annotate the RT balancing logic irqwork as IRQ_WORK_HARD_IRQ (bsc#1189998). - genirq: Disable irqfixup/poll on PREEMPT_RT (bsc#1189998). - genirq: Move prio assignment into the newly created thread (bsc#1189998). - genirq: Update irq_set_irqchip_state documentation (bsc#1189998). - smack: mark 'smack_enabled' global variable as __initdata (bsc#1189998). - genirq: Fix kernel doc indentation (bsc#1189998). - genirq: Change force_irqthreads to a static key (bsc#1189998). - genirq: Clarify documentation for request_threaded_irq() (bsc#1189998). - commit fbda427 ++++ libapparmor: - add aa-notify-more-arch-mr809.diff: Add support for reading s390x and aarch64 wtmp files (boo#1181155) ++++ harfbuzz: - Update to version 3.1.1: + Work around GCC cast-align error/warning on some platforms. + Documentation improvements. - Drop patch fixed upstream: + harfbuzz-3.1.0-work-around-GCC-cast-align-error-warning.patch ++++ suse-module-tools: - Update to version 15.4.8: * Same as Factory version 16.0.14 * add udev rules from udev-extra-rules (formerly system-tuning-common-SUSE). Both packages are now both obsoleted by suse-module-tools. (jsc#SLE-21032) * 60-io-scheduler.rules: don't use BFQ for real multiqueue devices (jsc#SLE-21032, bsc#1192161) * 60-io-scheduler.rules: use "none" for multipath components (bsc#1192161) ++++ tcl: - New version 8.6.12: * (bug)[d43f96] [string trim*] broken for Emoji * (bug)[22324b] [string reverse] broken for Emoji * (bug)[1dab71,7c64aa] BRE broken by uninitialized value use * (bug)[8419c5] Unix tty channels tolerate EINTR * ** POTENTIAL INCOMPATIBILITY *** * (bug)[4c591f] [string compare] EIAS violation * (bug)[266494] [concat foo [list #]] EIAS violation * (bug)[24b918] Save IO buffers from modern optimizers * (new) support for POSIX error EILSEQ * (bug)[688fcc] segfault during traced delete of alias * (bug)[ccc448] segfault in ensemble rewrite machinery * (new) Update to Unicode-14 * (bug)[a8579d] failed proc argument spec processing * Obsoletes tcl-aa4a13c15516da45.patch - Bump %itclver and ensure it stays in sync. ------------------------------------------------------------------ ------------------ 2021-11-8 - Nov 8 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - PCI: Set dma-can-stall for HiSilicon chips (jsc#SLE-17310). - commit 062d197 - crypto: pcrypt - Delay write to padata->info (git-fixes). - commit 4723c6a - thunderbolt: Fix -Wrestrict warning (jsc#SLE-19438). - commit d228f70 - thunderbolt: Enable retry logic for intra-domain control packets (jsc#SLE-19430 jsc#SLE-19436). - commit 984baff - Update config files (bsc#1192456). CONFIG_IMA_ARCH_POLICY=y CONFIG_IMA_READ_POLICY=y CONFIG_IMA_TRUSTED_KEYRING=y CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y - commit 14c1dff - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - commit e6b961a - auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes). - auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes). - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes). - PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes). - PCI: cadence: Add cdns_plat_pcie_probe() missing return (git-fixes). - PCI: j721e: Fix j721e_pcie_probe() error path (git-fixes). - PCI: aardvark: Fix support for PCI_ROM_ADDRESS1 on emulated bridge (git-fixes). - PCI: aardvark: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge (git-fixes). - PCI: aardvark: Set PCI Bridge Class Code to PCI Bridge (git-fixes). - PCI: aardvark: Fix support for bus mastering and PCI_COMMAND on emulated bridge (git-fixes). - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes). - PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes). - PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes). - PCI: aardvark: Deduplicate code in advk_pcie_rd_conf() (git-fixes). - PCI: aardvark: Do not unmask unused interrupts (git-fixes). - PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes). - PCI: aardvark: Fix configuring Reference clock (git-fixes). - PCI: aardvark: Fix preserving PCI_EXP_RTCTL_CRSSVE flag on emulated bridge (git-fixes). - PCI: aardvark: Don't spam about PIO Response Status (git-fixes). - PCI: Do not enable AtomicOps on VFs (git-fixes). - commit bed291e - Drop two USB patches that have been reverted by stable-5.14.17 Deleted: patches.suse/usb-core-hcd-Add-support-for-deferring-roothub-regis.patch patches.suse/xhci-Set-HCD-flag-to-defer-primary-roothub-registrat.patch blacklist.conf: updated - commit c2712fa ++++ libgcrypt: - FIPS: Disable 3DES/Triple-DES in FIPS mode [bsc#1185138] * Add libgcrypt-FIPS-disable-3DES.patch ++++ pcsc-tools: - Update to version 1.5.8 * 360 new ATRs * ATR_analysis: + fix TB2 parsing error + misc spelling fixes * pcsc_scan: + add maxtime option -t + add the option -c to list cards only once + no spinner in quiet mode (-q) + turn off colour if redirected output + Exit if no reader is found and -c or -r is used - Run spec-cleaner ++++ ovmf: - Update rpmlintrc (fixes aarch64 build) ++++ toolbox: - Don't install config file in /etc in favor of a built-in default. Avoids empty /etc pulling wrong image. - Handle Leap Micro (boo#1192474) ++++ yast2-trans: - Update to version 84.87.20211108.3133c3ccde: * Translated using Weblate (Japanese) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * New POT for text domain 'packager'. * New POT for text domain 'installation'. ------------------------------------------------------------------ ------------------ 2021-11-7 - Nov 7 2021 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Update to version 3.0.6: * fixes a segfault on some SELINUX_ERR records * makes IPX packet interpretation dependent on the ipx header file existing * adds b32/b64 support to ausyscall * adds support for armv8l * fixes auditctl list of syscalls on PPC * auditd.service now restarts auditd under some conditions ++++ kernel-default: - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263). - PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263). - PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263). - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263). - commit 45659d5 ++++ audit: - Update to version 3.0.6: * fixes a segfault on some SELINUX_ERR records * makes IPX packet interpretation dependent on the ipx header file existing * adds b32/b64 support to ausyscall * adds support for armv8l * fixes auditctl list of syscalls on PPC * auditd.service now restarts auditd under some conditions ++++ libseccomp: - Update to release 2.5.3 * Update the syscall table for Linux v5.15 * Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2 * Document that seccomp_rule_add() may return -EACCES ------------------------------------------------------------------ ------------------ 2021-11-6 - Nov 6 2021 ------------------- ------------------------------------------------------------------ ++++ librsvg: - Add librsvg-s390x-cairo-has-current-point.patch for https://github.com/gtk-rs/gtk-rs-core/issues/335 - otherwise the test suite fails on s390x due to a bug in the cairo-rs bindings. ++++ gobject-introspection: - Add explicit libgirepository-1_0-1 Requires to devel subpackage, it was already pulled in via the main package, so no real change. - Use ldconfig_scriptlets macro for post(un) handling. ++++ kernel-default: - Update config files: version bump to 5.14.17 - commit d9ad97b - Linux 5.14.17 (stable-5.14.17). - commit b38f62e - Revert "soc: imx: gpcv2: move reset assert after requesting domain power up" (stable-5.14.17). - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (stable-5.14.17). - drm/amdkfd: fix boot failure when iommu is disabled in Picasso (stable-5.14.17). - Revert "drm/i915/gt: Propagate change in error status to children on unhold" (stable-5.14.17). - ARM: 9120/1: Revert "amba: make use of -1 IRQs warn" (stable-5.14.17). - sfc: Fix reading non-legacy supported link modes (stable-5.14.17). - drm/i915: Remove memory frequency calculation (stable-5.14.17). - scsi: core: Put LLD module refcnt after SCSI device is released (stable-5.14.17). - vrf: Revert "Reset skb conntrack connection..." (stable-5.14.17). - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (stable-5.14.17). - commit f0969c0 - Update patch references for stable-5.14.17 - commit f5fa096 - HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes). - HID: u2fzero: clarify error check and length calculations (git-fixes). - pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes). - pinctrl: equilibrium: Fix function addition in multiple groups (git-fixes). - pinctrl: renesas: checker: Fix off-by-one bug in drive register check (git-fixes). - pinctrl: mediatek: mt8195: Add pm_ops (git-fixes). - video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes). - commit 3eb7025 - blacklist.conf: Add perf git-fixes checked into userspace package - commit 1d6e569 ++++ harfbuzz: - harfbuzz 3.1.0: * Better offset-overflow handling in the subsetter library * Improved Unicode 14 properties in the USE shaper, and various other USE shaper fixes * MATH and COLR v1 tables subsetting support, and various other subsetter fixes * Support for Pwo Karen / Ason Chin medial la. (Simon Cozens) * Apply GPOS positioning when substituting with morx table, if kerx is missing * Apply calt and clig features across syllable boundaries in Indic shaper * Meson option for enabling Graphite 2 has been renamed to graphite2 * Build and documentation fixes - add harfbuzz-3.1.0-work-around-GCC-cast-align-error-warning.patch ------------------------------------------------------------------ ------------------ 2021-11-5 - Nov 5 2021 ------------------- ------------------------------------------------------------------ ++++ ethtool: - upgrade to upstream version 5.14 (jsc#SLE-17360, jsc#SLE-19267) * upstream 5.9 -> 5.10 - Feature: infrastructure for JSON output - Feature: separate FLAGS in -h output - Feature: use policy dumps to check flags support - Feature: show pause stats (-a) - Feature: pretty printing of policy dumps - Feature: improve error message when SFP module is missing - Fix: use after free in netlink_run_handler() - Fix: leaked instances of struct nl_socket - Fix: improve compatibility between netlink and ioctl (-s) * upstream 5.10 -> 5.12 - Feature: support lanes count (no option and -s) - Fix: fix help message for master-slave parameter (-s) - Fix: better error message for master-slave in ioctl code path - Fix: get rid of compiler warnings in "make check" * upstream 5.12 -> 5.13 - Feature: netlink handler for FEC (--show-fec and --set-fec) - Feature: FEC stats support (--show-fec) - Feature: standard based stats support (-S) - Feature: netlink handler for module EEPROM dump (-m) - Feature: page, bank and i2c selection in module dump (-m) * upstream 5.13 -> 5.14 - Feature: do not silently ignore --json if unsupported - Feature: support new message types in pretty print * drop mainline backports contained in v5.14 ethtool-Improve-compatibility-between-netlink-and-io.patch netlink-do-not-send-messages-and-process-replies-in-.patch netlink-fix-leaked-instances-of-struct-nl_socket.patch netlink-fix-use-after-free-in-netlink_run_handler.patch ++++ kernel-default: - Drop patches.suse/Revert-platform-x86-i2c-multi-instantiate-Don-t-crea.patch again (git-fxies) This needs the fix in tipd driver at first (likey commit 9990f2f6264c). - commit 3c36722 - Update patch reference for ISDN fix (CVE-2021-43389 bsc#1191958) - commit 69afb02 - rtw89: Fix crash by loading compressed firmware file (bsc#1188303). - commit fce817c - soundwire: bus: stop dereferencing invalid slave pointer (git-fixes). - USB: serial: keyspan: fix memleak on probe errors (git-fixes). - USB: iowarrior: fix control-message timeouts (git-fixes). - USB: chipidea: fix interrupt deadlock (git-fixes). - usb: musb: Balance list entry in musb_gadget_queue (git-fixes). - usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes). - usb: dwc2: drd: reset current session before setting the new one (git-fixes). - usb: dwc2: drd: fix dwc2_drd_role_sw_set when clock could be disabled (git-fixes). - usb: dwc2: drd: fix dwc2_force_mode call in dwc2_ovr_init (git-fixes). - usb: typec: STUSB160X should select REGMAP_I2C (git-fixes). - usb: musb: select GENERIC_PHY instead of depending on it (git-fixes). - usb: gadget: hid: fix error code in do_config() (git-fixes). - commit e5a5f46 - serial: cpm_uart: Protect udbg definitions by CONFIG_SERIAL_CPM_CONSOLE (git-fixes). - serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes). - serial: 8250: fix racy uartclk update (git-fixes). - serial: imx: fix detach/attach of serial console (git-fixes). - serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes). - serial: core: Fix initializing and restoring termios speed (git-fixes). - soundwire: debugfs: use controller id and link_id for debugfs (git-fixes). - staging: r8712u: fix control-message timeout (git-fixes). - staging: rtl8192u: fix control-message timeouts (git-fixes). - staging: rtl8712: fix use-after-free in rtl8712_dl_fw (git-fixes). - commit 9e7d7b6 - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes). - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes). - power: supply: max17042_battery: Clear status bits in interrupt handler (git-fixes). - power: supply: max17040: fix null-ptr-deref in max17040_probe() (git-fixes). - =?UTF-8?q?power:=20supply:=20rt5033=5Fbattery:=20Change?= =?UTF-8?q?=20voltage=20values=20to=20=C2=B5V?= (git-fixes). - power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes). - power: reset: at91-reset: check properly the return value of devm_of_iomap (git-fixes). - phy: Sparx5 Eth SerDes: Fix return value check in sparx5_serdes_probe() (git-fixes). - phy: qcom-snps: Correct the FSEL_MASK (git-fixes). - Revert "platform/x86: i2c-multi-instantiate: Don't create platform device for INT3515 ACPI nodes" (git-fixes). - commit 0b67117 - phy: ti: gmii-sel: check of_get_address() for failure (git-fixes). - phy: qcom-qusb2: Fix a memory leak on probe (git-fixes). - most: fix control-message timeouts (git-fixes). - iio: buffer: Fix memory leak in iio_buffers_alloc_sysfs_and_mask() (git-fixes). - iio: adc: tsc2046: fix scan interval warning (git-fixes). - iio: core: fix double free in iio_device_unregister_sysfs() (git-fixes). - iio: core: check return value when calling dev_set_name() (git-fixes). - staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC (git-fixes). - staging: most: dim2: do not double-register the same device (git-fixes). - phy: micrel: ksz8041nl: do not use power down mode (git-fixes). - commit f2194b0 - iio: buffer: Fix memory leak in iio_buffer_register_legacy_sysfs_groups() (git-fixes). - iio: buffer: Fix double-free in iio_buffers_alloc_sysfs_and_mask() (git-fixes). - iio: buffer: Fix memory leak in __iio_buffer_alloc_sysfs_and_mask() (git-fixes). - iio: buffer: check return value of kstrdup_const() (git-fixes). - iio: dac: ad5446: Fix ad5622_write() return value (git-fixes). - drivers: iio: dac: ad5766: Fix dt property name (git-fixes). - iio: st_pressure_spi: Add missing entries SPI to device ID table (git-fixes). - commit 614338b - component: do not leave master devres group open after bind (git-fixes). - device property: Add missed header in fwnode.h (git-fixes). - driver core: Fix possible memory leak in device_link_add() (git-fixes). - comedi: dt9812: fix DMA buffers on stack (git-fixes). - comedi: ni_usb6501: fix NULL-deref in command paths (git-fixes). - Documentation:devicetree:bindings:iio:dac: Fix val (git-fixes). - iio: adis: do not disabe IRQs in 'adis_init()' (git-fixes). - dt-bindings: iio: magnetometer: asahi-kasei,ak8975 add vid reg (git-fixes). - iio: ad5770r: make devicetree property reading consistent (git-fixes). - iio: st_sensors: disable regulators after device unregistration (git-fixes). - commit 7a34673 - ABI: obsolete/sysfs-bus-iio: add some missing blank lines (git-fixes). - ABI: sysfs-kernel-slab: Document some stats (git-fixes). - ABI: sysfs-devices-removable: make a table valid as ReST markup (git-fixes). - ABI: configfs-usb-gadget-uac2: fix a broken table (git-fixes). - ABI: sysfs-platform-dptf: Add tables markup to a table (git-fixes). - comedi: vmk80xx: fix bulk and interrupt message timeouts (git-fixes). - comedi: vmk80xx: fix bulk-buffer overflow (git-fixes). - comedi: vmk80xx: fix transfer-buffer overflows (git-fixes). - char: xillybus: fix msg_ep UAF in xillyusb_probe() (git-fixes). - commit 7b9627f ++++ ceph: - Update to 16.2.6-462-g5fefbbf8888: + rebased on top of upstream commit SHA1 dd7139c66c1d36da50475ec97d8d6b54b07d1dea * (bsc#1191751) rgw/tracing: unify SO version numbers within librgw2 package * spec: make selinux scriptlets respect CEPH_AUTO_RESTART_ON_UPGRADE ++++ systemd-presets-common-SUSE: - Replace the pipewire-media-session preset with a wireplumber user service preset to enable it by default. ------------------------------------------------------------------ ------------------ 2021-11-4 - Nov 4 2021 ------------------- ------------------------------------------------------------------ ++++ gdk-pixbuf: - Stop passing no longer used nor recognized options jasper=false and x11=false to meson, fails the build when using meson 0.60.x. ++++ glibc: - 0001-s390x-Align-child-stack-while-clone.-BZ-27968.patch, 0002-S390-Optimize-__memcpy_z196.patch, 0003-S390-Optimize-__memset_z196.patch, 0004-S390-Sync-HWCAP-names-with-kernel-by-adding-aliases-.patch, 0005-S390-Add-new-hwcap-values.patch, 0006-S390-Add-PCI_MIO-and-SIE-HWCAPs.patch: [15sp4 FEAT] GNU2007 - GLIBC: Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ++++ kernel-default: - Update patch reference for a net fix (CVE-2021-43267 bsc#1192341) - commit f6e8d1c - ALSA: usb-audio: Input source control - digidesign mbox (git-fixes). - commit 5b93860 - ALSA: usb-audio: Add support for the Pioneer DJM 750MK2 Mixer/Soundcard (git-fixes). - commit 587cd4a - ALSA: hda/realtek: Fixes HP Spectre x360 15-eb1xxx speakers (git-fixes). - commit df7bc2c - ALSA: hda/realtek: Add quirk for Clevo PC70HS (git-fixes). - ALSA: usb-audio: Line6 HX-Stomp XL USB_ID for 48k-fixed quirk (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 400 (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 mute LED (git-fixes). - ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume (git-fixes). - ALSA: mixer: oss: Fix racy access to slots (git-fixes). - commit dee578e - clk: qcom: gcc-sc7280: Drop unused array (git-fixes). - commit dbfffa3 - soc: qcom: apr: Add of_node_put() before return (git-fixes). - soc: qcom: rpmhpd: fix sm8350_mxc's peer domain (git-fixes). - soc: qcom: socinfo: add two missing PMIC IDs (git-fixes). - soc: qcom: rpmhpd: Make power_on actually enable the domain (git-fixes). - soc: samsung: pm_domains: drop unused is_off field (git-fixes). - soc: samsung: exynos-pmu: Fix compilation when nothing selects CONFIG_MFD_CORE (git-fixes). - soc: fsl: dpio: rename the enqueue descriptor variable (git-fixes). - soc: fsl: dpio: use an explicit NULL instead of 0 (git-fixes). - soc: qcom: llcc: Disable MMUHWT retention (git-fixes). - virtio_ring: check desc == NULL when using indirect with packed (git-fixes). - commit 46f0c26 - firmware: qcom_scm: Fix error retval in __qcom_scm_is_call_available() (git-fixes). - memory: renesas-rpc-if: Avoid unaligned bus access for HyperFlash (git-fixes). - memory: renesas-rpc-if: Correct QSPI data transfer in Manual mode (git-fixes). - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes). - soc/tegra: Fix an error handling path in tegra_powergate_power_up() (git-fixes). - firmware: tegra: Reduce stack usage (git-fixes). - of: unittest: fix EXPECT text for gpio hog errors (git-fixes). - of: remove duplicate declarations of __of_*_sysfs() functions (git-fixes). - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes). - commit eb8bc37 - clk: at91: clk-master: fix prescaler logic (git-fixes). - clk: at91: clk-master: check if div or pres is zero (git-fixes). - clk: at91: sam9x60-pll: use DIV_ROUND_CLOSEST_ULL (git-fixes). - clk: at91: check pmc node status before registering syscore ops (git-fixes). - clk: rockchip: use module_platform_driver_probe (git-fixes). - clk: mvebu: ap-cpu-clk: Fix a memory leak in error handling paths (git-fixes). - clk: qcom: gcc: Remove CPUSS clocks control for SC7280 (git-fixes). - bus: ti-sysc: Fix timekeeping_suspended warning on resume (git-fixes). - docs: f2fs: fix text alignment (git-fixes). - docs: UML: user_mode_linux_howto_v2 edits (git-fixes). - commit e03ec55 - ASoC: rsnd: Fix an error handling path in 'rsnd_node_count()' (git-fixes). - ASoC: cs42l42: Correct configuring of switch inversion from ts-inv (git-fixes). - ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes). - ASoC: topology: Fix stub for snd_soc_tplg_component_remove() (git-fixes). - ASoC: tegra: Set default card name for Trimslice (git-fixes). - ASoC: tegra: Restore AC97 support (git-fixes). - ASoC: soc-pcm: restore mixer functionality (git-fixes). - ASoC: SOF: topology: do not power down primary core during topology removal (git-fixes). - ASoC: wcd9335: Use correct version to initialize Class H (git-fixes). - ASoC: ti: rename CONFIG_SND_SOC_DM365_VOICE_CODEC_MODULE (git-fixes). - commit a8c85b8 - ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes). - ASoC: meson: t9015: Add missing AVDD-supply property (git-fixes). - ASoC: rockchip: Use generic dmaengine code (git-fixes). - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes). - ASoC: cs42l42: Don't set defaults for volatile registers (git-fixes). - ASoC: cs42l42: Correct some register default values (git-fixes). - ASoC: cs42l42: Always configure both ASP TX channels (git-fixes). - ALSA: oxfw: fix functional regression for Mackie Onyx 1640i in v5.14 or later (git-fixes). - ALSA: ua101: fix division by zero at probe (git-fixes). - ALSA: line6: fix control and interrupt message timeouts (git-fixes). - commit 8645368 - ALSA: 6fire: fix control and bulk message timeouts (git-fixes). - ALSA: uapi: Fix a C++ style comment in asound.h (git-fixes). - ALSA: hda: Use position buffer for SKL+ again (git-fixes). - ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes). - ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14 (git-fixes). - ABI: sysfs-platform-intel-pmc: add blank lines to make it valid for ReST (git-fixes). - ABI: sysfs-platform-dell-privacy-wmi: correct ABI entries (git-fixes). - commit 19d7af3 - Move upstreamed patches into sorted section - commit d1ff8bb - locking: Remove spin_lock_flags() etc (bsc#1190137). - locking/rwsem: Fix comments about reader optimistic lock stealing conditions (bsc#1190137). - locking: Remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1190137). - locking/rwsem: Disable preemption for spinning region (bsc#1190137). - locking/rwbase: Optimize rwbase_read_trylock (bsc#1190137 bsc#1189998). - rtmutex: Wake up the waiters lockless while dropping the read lock (bsc#1190137 bsc#1189998). - rtmutex: Check explicit for TASK_RTLOCK_WAIT (bsc#1190137 bsc#1189998). - locking/rt: Take RCU nesting into account for __might_resched() (bsc#1190137 bsc#1189998). - sched: Make cond_resched_lock() variants RT aware (bsc#1190137 bsc#1189998). - sched: Make RCU nest depth distinct in __might_resched() (bsc#1190137 bsc#1189998). - sched: Make might_sleep() output less confusing (bsc#1190137 bsc#1189998). - sched: Cleanup might_sleep() printks (bsc#1190137 bsc#1189998). - sched: Remove preempt_offset argument from __might_sleep() (bsc#1190137 bsc#1189998). - sched: Make cond_resched_*lock() variants consistent vs. might_sleep() (bsc#1190137 bsc#1189998). - sched: Clean up the might_sleep() underscore zoo (bsc#1190137 bsc#1189998). - locking/ww-mutex: Fix uninitialized use of ret in test_aa() (bsc#1190137). - lockdep: Improve comments in wait-type checks (bsc#1190137). - lockdep: Let lock_is_held_type() detect recursive read as read (bsc#1190137). - kernel/locking: Add context to ww_mutex_trylock() (bsc#1190137). - commit 86065d6 ++++ libvirt: - Update to libvirt 7.9.0 - jsc#SLE-19264 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html - Dropped patches: 3f9c1a4b-fix-host-validate-sev.patch, 2703b0b5-qemu-dont-report-eof.patch, 1b9ce05c-lxc-fix-cgroupV1.patch - Include collection of active VM config files in the supportconfig plugin ++++ libzypp: - Check log writer before accessing it (fixes #355, bsc#1192337) - Save locks: Update an existing locks changed comment string. - Allow uname-r format in purge kernels keepspec (fixes openSUSE/zypper#418) - version 17.28.7 (22) ++++ python-libvirt-python: - Update to 7.9.0 - Add all new APIs and constants in libvirt 7.9.0 - jsc#SLE-19264 ++++ wicked: - dbus: config files in /usr shouldn't be marked as config in spec ------------------------------------------------------------------ ------------------ 2021-11-3 - Nov 3 2021 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - Add git-36-16d1cb895c2742e96a56af98111f8281bedd3188.patch: * Add $HOME/.local/bin to PATH, if it exists (bsc#1192248) ++++ cockpit-branding-openSUSE-Leap-Micro: - initial package ++++ haproxy: - Update to version 2.4.8+git0.d1f8d41e0: * [RELEASE] Released version 2.4.8 * SCRIPTS: git-show-backports: re-enable file-based filtering * DOC/peers: some grammar fixes for peers 2.1 spec * MINOR: stream: Improve dump of bogus streams * BUILD/MINOR: cpuset freebsd build fix * DOC: config: Fix alphabetical order of fc_* samples * BUG/MINOR: sample: fix backend direction flags consecutive to last fix * BUG/MEDIUM: sample: Cumulate frontend and backend sample validity flags * BUG/MEDIUM: stream-int: Block reads if channel cannot receive more data * BUG/MINOR: http: Authorization value can have multiple spaces after the scheme * BUG/MEDIUM: http-ana: Drain request data waiting the tarpit timeout expiration * MINOR: halog: Add support for extracting captures using -hdr * BUG/MINOR: halog: Add missing newlines in die() messages * CLEANUP: halog: Use consistent indentation in help() * MINOR: halog: Rename -qry to -query * DOC: halog: Move the `-qry` parameter into the correct section in help text * MINOR: halog: Add -qry parameter allowing to preserve the query string in -uX * BUG/MEDIUM: resolvers: Track api calls with a counter to free resolutions * BUG/MEDIUM: resolvers: Don't recursively perform requester unlink * MEDIUM: resolvers: remove the last occurrences of the "safe" argument * MEDIUM: resolvers: use a kill list to preserve the list consistency * CLEANUP: resolvers: replace all LIST_DELETE with LIST_DEL_INIT * CLEANUP: resolvers: simplify resolv_link_resolution() regarding requesters * CLEANUP: always initialize the answer_list * CLEANUP: resolvers: do not export resolv_purge_resolution_answer_records() * BUG/MEDIUM: mux-h1: Perform a connection shutdown when the h1c is released * BUG/MINOR: mux-h1: Save shutdown mode if the shutdown is delayed * BUILD: atomic: fix build on mac/arm64 * BUG/MINOR: backend: fix improper insert in avail tree for always reuse * BUILD: fix compilation on NetBSD * MINOR: memprof: add one pointer size to the size of allocations * MINOR: memprof: report the delta between alloc and free on realloc() * BUG/MEDIUM: lua: fix memory leaks with realloc() on non-glibc systems * BUG/MINOR: mux-h2: do not prevent from sending a final GOAWAY frame * BUG/MINOR: task: do not set TASK_F_USR1 for no reason * BUG/MAJOR: buf: fix varint API post- vs pre- increment * BUG/MEDIUM: resolvers: always check a valid item in query_list * BUILD: resolvers: avoid a possible warning on null-deref * BUG/MAJOR: resolvers: add other missing references during resolution removal * MINOR: resolvers: merge address and target into a union "data" * BUG/MEDIUM: resolvers: use correct storage for the target address * BUG/MEDIUM: resolvers: fix truncated TLD consecutive to the API fix * MINOR: resolvers: fix the resolv_dn_label_to_str() API about trailing zero * BUG/MINOR: resolvers: do not reject host names of length 255 in SRV records * BUG/MEDIUM: resolver: make sure to always use the correct hostname length * MINOR: resolvers: fix the resolv_str_to_dn_label() API about trailing zero * BUG/MAJOR: dns: attempt to lock globaly for msg waiter list instead of use barrier * BUG/MAJOR: dns: tcp session can remain attached to a list after a free * BUG/MEDIUM: tcpcheck: Properly catch early HTTP parsing errors * Revert "CLEANUP: server: always include the storage for SSL settings" * BUG/MEDIUM: stream: Keep FLT_END analyzers if a stream detects a channel error * BUG/MEDIUM: cpuset: fix cpuset size for FreeBSD * BUG/MINOR: sample: Fix 'fix_tag_value' sample when waiting for more data * BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back * MINOR: initcall: Rename __GLOBL and __GLOBL1. * DOC: configuration: add clarification on escaping in keyword arguments * BUG/MEDIUM: mux_h2: Handle others remaining read0 cases on partial frames * BUG/MEDIUM: sample: properly verify that variables cast to sample * MINOR: sample: provide a generic var-to-sample conversion function * CLEANUP: sample: uninline sample_conv_var2smp_str() * CLEANUP: sample: rename sample_conv_var2smp() to *_sint * CLEANUP: server: always include the storage for SSL settings ++++ kernel-default: - Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980). - commit 3274f52 - Move upstreamed patches into sorted section - commit 8e8bf1d - Revert "PM: sleep: Do not assume that "mem" is always present" (git-fixes). - commit c0f0040 - wilc1000: fix possible memory leak in cfg_scan_result() (git-fixes). - commit 663fdc6 - virtio-gpu: fix possible memory allocation failure (git-fixes). - wcn36xx: Channel list update before hardware scan (git-fixes). - wcn36xx: Fix discarded frames due to wrong sequence number (git-fixes). - wcn36xx: add proper DMA memory barriers in rx path (git-fixes). - wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes). - Revert "wcn36xx: Disable bmps when encryption is disabled" (git-fixes). - wcn36xx: Fix tx_status mechanism (git-fixes). - wcn36xx: Fix (QoS) null data frame bitrate/modulation (git-fixes). - wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes). - wcn36xx: Fix Antenna Diversity Switching (git-fixes). - commit c191910 - thermal/core: fix a UAF bug in __thermal_cooling_device_register() (git-fixes). - PM: EM: Fix inefficient states detection (git-fixes). - PM: sleep: Do not let "syscore" devices runtime-suspend during system transitions (git-fixes). - rsi: fix control-message timeout (git-fixes). - rtl8187: fix control-message timeouts (git-fixes). - rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes). - rsi: Fix module dev_oper_mode parameter description (git-fixes). - rsi: fix rate mask set leading to P2P failure (git-fixes). - rsi: fix key enabled check causing unwanted encryption for vap_id > 0 (git-fixes). - rsi: fix occasional initialisation failure with BT coex (git-fixes). - commit 0e59d7a - PM: sleep: Do not assume that "mem" is always present (git-fixes). - mwifiex: fix division by zero in fw download path (git-fixes). - mt76: mt7615: mt7622: fix ibss and meshpoint (git-fixes). - mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req() (git-fixes). - mt76: mt7915: fix sta_rec_wtbl tag len (git-fixes). - mt76: mt7615: fix monitor mode tear down crash (git-fixes). - mt76: mt7921: fix retrying release semaphore without end (git-fixes). - mt76: mt7915: fix possible infinite loop release semaphore (git-fixes). - mt76: mt7615: fix hwmon temp sensor mem use-after-free (git-fixes). - mwifiex: Send DELBA requests according to spec (git-fixes). - commit 11ac107 - mt76: mt7915: fix hwmon temp sensor mem use-after-free (git-fixes). - mt76: mt7921: always wake device if necessary in debugfs (git-fixes). - mt76: mt7921: fix kernel warning from cfg80211_calculate_bitrate (git-fixes). - mt76: mt7921: fix firmware usage of RA info using legacy rates (git-fixes). - mt76: mt7921: report HE MU radiotap (git-fixes). - mt76: overwrite default reg_ops if necessary (git-fixes). - mt76: connac: fix GTK rekey offload failure on WPA mixed mode (git-fixes). - mt76: mt7921: fix dma hang in rmmod (git-fixes). - mt76: mt7915: fix bit fields for HT rate idx (git-fixes). - mt76: mt7915: fix potential overflow of eeprom page index (git-fixes). - commit 282c2b4 - ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes). - commit 19163fe - mt76: mt7921: Fix out of order process by invalid event pkt (git-fixes). - mt76: mt7915: fix mgmt frame using unexpected bitrate (git-fixes). - mt76: mt7921: fix mgmt frame using unexpected bitrate (git-fixes). - mt76: add mt76_default_basic_rate more devices can rely on (git-fixes). - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes). - mt76: mt7921: fix survey-dump reporting (git-fixes). - mt76: fix build error implicit enumeration conversion (git-fixes). - mt76: connac: fix mt76_connac_gtk_rekey_tlv usage (git-fixes). - mt76: mt7915: fix info leak in mt7915_mcu_set_pre_cal() (git-fixes). - mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi (git-fixes). - mt76: mt7921: fix endianness warning in mt7921_update_txs (git-fixes). - commit d1310f8 - iwlwifi: fw: uefi: add missing include guards (git-fixes). - iwlwifi: mvm: fix some kerneldoc issues (git-fixes). - libertas: Fix possible memory leak in probe and disconnect (git-fixes). - libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes). - mt76: mt7915: fix endianness warning in mt7915_mac_add_txs_skb (git-fixes). - mt76: mt7921: fix endianness in mt7921_mcu_tx_done_event (git-fixes). - iwlwifi: cfg: set low-latency-xtal for some integrated So devices (git-fixes). - iwlwifi: mvm: reset PM state on unsuccessful resume (git-fixes). - gve: Track RX buffer allocation failures (git-fixes). - gve: Allow pageflips on larger pages (git-fixes). - commit 110b62b - drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits (git-fixes). - drm/amdgpu: fix a potential memory leak in amdgpu_device_fini_sw() (git-fixes). - drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes). - fbdev/efifb: Release PCI device's runtime PM ref during FB destroy (git-fixes). - gve: Add netif_set_xps_queue call (git-fixes). - gve: Recover from queue stall due to missed IRQ (git-fixes). - gve: Do lazy cleanup in TX path (git-fixes). - gve: Add rx buffer pagecnt bias (git-fixes). - gve: Switch to use napi_complete_done (git-fixes). - gve: DQO: avoid unused variable warnings (git-fixes). - commit 55a8612 - drm/amdgpu: revert "Add autodump debugfs node for gpu reset v8" (git-fixes). - commit 542acac - drm/msm: uninitialized variable in msm_gem_import() (git-fixes). - drm/msm: potential error pointer dereference in init() (git-fixes). - drm/msm: Fix potential Oops in a6xx_gmu_rpmh_init() (git-fixes). - drm/amdkfd: Fix an inappropriate error handling in allloc memory of gpu (git-fixes). - drm: fb_helper: fix CONFIG_FB dependency (git-fixes). - drm/ttm: stop calling tt_swapin in vm_access (git-fixes). - drm/amdgpu: fix warning for overflow check (git-fixes). - drm/amdgpu: move amdgpu_virt_release_full_gpu to fini_early stage (git-fixes). - commit b55334e - drm/amd/display: Revert "Directly retrain link from debugfs" (git-fixes). - drm: bridge: it66121: Fix return value it66121_probe (git-fixes). - drm/v3d: fix wait for TMU write combiner flush (git-fixes). - drm/sun4i: Fix macros in sun8i_csc.h (git-fixes). - drm/bridge: it66121: Wait for next bridge to be probed (git-fixes). - drm/bridge: it66121: Initialize {device,vendor}_ids (git-fixes). - drm/bridge: anx7625: Propagate errors from sp_tx_rst_aux() (git-fixes). - cfg80211: always free wiphy specific regdomain (git-fixes). - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes). - Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes). - commit c29b2e3 - ath6kl: fix division by zero in send path (git-fixes). - ath10k: fix division by zero in send path (git-fixes). - ath6kl: fix control-message timeout (git-fixes). - ath9k: Fix potential interrupt storm on queue reset (git-fixes). - b43: fix a lower bounds test (git-fixes). - b43legacy: fix a lower bounds test (git-fixes). - ath11k: Fix memory leak in ath11k_qmi_driver_event_work (git-fixes). - ath11k: fix packet drops due to incorrect 6 GHz freq value in rx status (git-fixes). - ath11k: Avoid race during regd updates (git-fixes). - ath11k: fix some sleeping in atomic bugs (git-fixes). - commit 4e5d1a9 - amd/display: remove ChromeOS workaround (git-fixes). - ACPI: PM: Fix sharing of wakeup power resources (git-fixes). - ACPI: PM: Turn off unused wakeup power resources (git-fixes). - ath10k: fix control-message timeout (git-fixes). - ath10k: fix module load regression with iram-recovery feature (git-fixes). - ath10k: fix max antenna gain unit (git-fixes). - ath10k: Don't always treat modem stop events as crashes (git-fixes). - ath10k: sdio: Add missing BH locking around napi_schdule() (git-fixes). - ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes). - commit dfaf1e9 - Revert "net: hns3: fix pause config problem after autoneg disabled" (git-fixes). - commit ea23b32 - Update config files: version bump to 5.14.16 - commit b93546f - Linux 5.14.16 (stable-5.14.16). - commit e533e4f - perf script: Fix PERF_SAMPLE_WEIGHT_STRUCT support (stable-5.14.16). - perf script: Check session->header.env.arch before using it (stable-5.14.16). - KVM: x86: Take srcu lock in post_kvm_run_save() (stable-5.14.16). - KVM: SEV-ES: fix another issue with string I/O VMGEXITs (stable-5.14.16). - KVM: x86/xen: Fix kvm_xen_has_interrupt() sleeping in kvm_vcpu_block() (stable-5.14.16). - KVM: x86: switch pvclock_gtod_sync_lock to a raw spinlock (stable-5.14.16). - scsi: ufs: ufs-exynos: Correct timeout value setting registers (stable-5.14.16). - riscv: Fix asan-stack clang build (stable-5.14.16). - riscv: Do not re-populate shadow memory with kasan_populate_early_shadow (stable-5.14.16). - riscv: fix misalgned trap vector base address (stable-5.14.16). - commit 09b4969 - bpf: Use kvmalloc for map values in syscall (stable-5.14.16). - Refresh patches.suse/bpf-Fix-error-usage-of-map_fd-and-fdget-in-generic_m.patch. - commit cedd276 - KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (stable-5.14.16). - KVM: s390: clear kicked_mask before sleeping again (stable-5.14.16). - octeontx2-af: Check whether ipolicers exists (stable-5.14.16). - net: hns3: expand buffer len for some debugfs command (stable-5.14.16). - net: hns3: add more string spaces for dumping packets number of queue info in debugfs (stable-5.14.16). - phy: phy_ethtool_ksettings_set: Lock the PHY while changing settings (stable-5.14.16). - RDMA/irdma: Do not hold qos mutex twice on QP resume (stable-5.14.16). - RDMA/irdma: Set VLAN in UD work completion correctly (stable-5.14.16). - RDMA/irdma: Process extended CQ entries correctly (stable-5.14.16). - commit 53d65f5 - net: ethernet: microchip: lan743x: Fix skb allocation failure (stable-5.14.16). - net/tls: Fix flipped sign in async_wait.err assignment (stable-5.14.16). - net: hns3: fix data endian problem of some functions of debugfs (stable-5.14.16). - net: hns3: fix pause config problem after autoneg disabled (stable-5.14.16). - net: nxp: lpc_eth.c: avoid hang when bringing interface down (stable-5.14.16). - phy: phy_start_aneg: Add an unlocked version (stable-5.14.16). - phy: phy_ethtool_ksettings_set: Move after phy_start_aneg (stable-5.14.16). - phy: phy_ethtool_ksettings_get: Lock the phy for consistency (stable-5.14.16). - net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent (stable-5.14.16). - net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails (stable-5.14.16). - commit df8349f - ice: check whether PTP is initialized in ice_ptp_release() (stable-5.14.16). - mlxsw: pci: Recycle received packet upon allocation failure (stable-5.14.16). - net-sysfs: initialize uid and gid before calling net_ns_get_ownership (stable-5.14.16). - net: Prevent infinite while loop in skb_tx_hash() (stable-5.14.16). - nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST (stable-5.14.16). - RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (stable-5.14.16). - RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR (stable-5.14.16). - RDMA/mlx5: Set user priority for DCT (stable-5.14.16). - reset: brcmstb-rescal: fix incorrect polarity of status bit (stable-5.14.16). - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (stable-5.14.16). - commit 97aac17 - nvmet-tcp: fix data digest pointer calculation (stable-5.14.16). - nvme-tcp: fix data digest pointer calculation (stable-5.14.16). - nvme-tcp: fix possible req->offset corruption (stable-5.14.16). - octeontx2-af: Fix possible null pointer dereference (stable-5.14.16). - octeontx2-af: Display all enabled PF VF rsrc_alloc entries (stable-5.14.16). - tcp_bpf: Fix one concurrency problem in the tcp_bpf_send_verdict function (stable-5.14.16). - bpf: Fix error usage of map_fd and fdget() in generic_map_update_batch() (stable-5.14.16). - ice: Respond to a NETDEV_UNREGISTER event for LAG (stable-5.14.16). - IB/hfi1: Fix abba locking issue with sc_disable() (stable-5.14.16). - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (stable-5.14.16). - commit a55a0c7 - drm/ttm: fix memleak in ttm_transfered_destroy (stable-5.14.16). - drm/amd/display: Fallback to clocks which meet requested voltage on DCN31 (stable-5.14.16). - drm/amdgpu: support B0&B1 external revision id for yellow carp (stable-5.14.16). - drm/amd/display: Moved dccg init to after bios golden init (stable-5.14.16). - drm/amd/display: Increase watermark latencies for DCN3.1 (stable-5.14.16). - drm/amd/display: increase Z9 latency to workaround underflow in Z9 (stable-5.14.16). - drm/amd/display: Fix prefetch bandwidth calculation for DCN3.1 (stable-5.14.16). - drm/amd/display: Limit display scaling to up to true 4k for DCN 3.1 (stable-5.14.16). - riscv, bpf: Fix potential NULL dereference (stable-5.14.16). - cgroup: Fix memory leak caused by missing cgroup_bpf_offline (stable-5.14.16). - commit e3a5ce8 - mm: khugepaged: skip huge page collapse for special files (stable-5.14.16). - mm, thp: bail out early in collapse_file for writeback page (stable-5.14.16). - mm: filemap: check if THP has hwpoisoned subpage for PMD page fault (stable-5.14.16). - mm: hwpoison: remove the unnecessary THP check (stable-5.14.16). - drm/amd/display: Require immediate flip support for DCN3.1 planes (stable-5.14.16). - arm64: dts: imx8mm-kontron: Fix connection type for VSC8531 RGMII PHY (stable-5.14.16). - arm64: dts: imx8mm-kontron: Fix CAN SPI clock frequency (stable-5.14.16). - arm64: dts: imx8mm-kontron: Fix polarity of reg_rst_eth2 (stable-5.14.16). - arm64: dts: imx8mm-kontron: Set lower limit of VDD_SNVS to 800 mV (stable-5.14.16). - arm64: dts: imx8mm-kontron: Make sure SOC and DRAM supply voltages are correct (stable-5.14.16). - commit 274ce5a - nvme-tcp: fix H2CData PDU send accounting (again) (stable-5.14.16). - block: Fix partition check for host-aware zoned block devices (stable-5.14.16). - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (stable-5.14.16). - ocfs2: fix race between searching chunks and release journal_head from buffer_head (stable-5.14.16). - net/tls: Fix flipped sign in tls_err_abort() calls (stable-5.14.16). - tipc: fix size validations for the MSG_CRYPTO type (stable-5.14.16). - ftrace/nds32: Update the proto for ftrace_trace_function to match ftrace_stub (stable-5.14.16). - ata: sata_mv: Fix the error handling of mv_chip_id() (stable-5.14.16). - pinctrl: amd: disable and mask interrupts on probe (stable-5.14.16). - Revert "pinctrl: bcm: ns: support updated DT binding as syscon subnode" (stable-5.14.16). - commit 26c5964 - usbnet: fix error return code in usbnet_probe() (stable-5.14.16). - ARM: 9148/1: handle CONFIG_CPU_ENDIAN_BE32 in arch/arm/kernel/head.S (stable-5.14.16). - ARM: 9141/1: only warn about XIP address when not compile testing (stable-5.14.16). - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (stable-5.14.16). - ARM: 9138/1: fix link warning with XIP + frame-pointer (stable-5.14.16). - ARM: 9134/1: remove duplicate memcpy() definition (stable-5.14.16). - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (stable-5.14.16). - ARM: 9132/1: Fix __get_user_check failure with ARM KASAN images (stable-5.14.16). - usbnet: sanity check for maxpacket (stable-5.14.16). - commit 47b76d0 - Update patch references for stable-5.14.16 - commit 88fbd03 ++++ python3-core: - 0001-allow-for-reproducible-builds-of-python-packages.patch: ignore permission error when changing the mtime of the source file in presence of SOURCE_DATE_EPOCH ++++ patterns-microos: - adjustments to be able to build for Leap (boo#1192518) ++++ python3: - 0001-allow-for-reproducible-builds-of-python-packages.patch: ignore permission error when changing the mtime of the source file in presence of SOURCE_DATE_EPOCH ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#532 - merge gh#openSUSE/installation-images#521 - Fix conditions for turning on/off zram (bcs#1187434) - 16.57.5 - merge gh#openSUSE/installation-images#531 - increase minimal ext2 fs size to 128 kiB (bsc#1192213) - 16.57.4 ------------------------------------------------------------------ ------------------ 2021-11-2 - Nov 2 2021 ------------------- ------------------------------------------------------------------ ++++ afterburn: - Add cargo_audit service - Resolve incomplete use of services for getting source tars. - Update to version 5.0.0: * cargo: Afterburn release 5.0.0 * providers: add Azure Stack Hub (azurestack) * providers: move azure into microsoft module * build(deps): bump anyhow from 1.0.39 to 1.0.40 * ci: adapt to new buildroot image * build(deps): bump serde from 1.0.124 to 1.0.125 * build(deps): bump anyhow from 1.0.38 to 1.0.39 * cargo: accept mockito 0.29 * build(deps): bump mockito from 0.29.0 to 0.30.0 * cli: stop wrapping command-line parse errors * Switch from error-chain to anyhow ++++ librsvg: - Add cargo audit obs service ++++ haveged: - revert last change, e.g. for VMs where we are not being fed entropy from the host or similar setups. ++++ kernel-default: - Update patch reference for selinux fix (CVE-2021-43057 bsc#1192260) - commit 23a504e - Update reference tag to the right issuses. - Update patches.suse/gpio-mlxbf2-Convert-to-device-PM-ops.patch (jsc#SLE-19248 jsc#SLE-19789). - Update patches.suse/gpio-mlxbf2-Drop-wrong-use-of-ACPI_PTR.patch (jsc#SLE-19248 jsc#SLE-19789). - Update patches.suse/gpio-mlxbf2-Use-DEFINE_RES_MEM_NAMED-helper-macro.patch (jsc#SLE-19248 jsc#SLE-19789). - Update patches.suse/gpio-mlxbf2-Use-devm_platform_ioremap_resource.patch (jsc#SLE-19248 jsc#SLE-19789). - commit d6c0a5e - spi: spi-rpc-if: Check return value of rpcif_sw_init() (git-fixes). - spi: Fixed division by zero warning (git-fixes). - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes). - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes). - mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes). - tpm_tis_spi: Add missing SPI ID (git-fixes). - tpm: fix Atmel TPM crash caused by too frequent queries (git-fixes). - tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes). - commit d58beb2 - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes). - memstick: avoid out-of-range warning (git-fixes). - mmc: sdhci-omap: Fix context restore (git-fixes). - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes). - media: ite-cir: IR receiver stop working after receive overflow (git-fixes). - media: ir_toy: assignment to be16 should be of correct type (git-fixes). - media: ivtv: fix build for UML (git-fixes). - media: rkvdec: Support dynamic resolution changes (git-fixes). - media: rkvdec: Do not override sizeimage for output format (git-fixes). - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes). - commit 747b3ec - media: CEC: keep related menu entries together (git-fixes). - Update config files. - commit db3b570 - media: venus: fix vpp frequency calculation for decoder (git-fixes). - media: em28xx: Don't use ops->suspend if it is NULL (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: mxl111sf: change mutex_init() location (git-fixes). - media: atmel: fix the ispck initialization (git-fixes). - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes). - media: tm6000: Avoid card name truncation (git-fixes). - media: si470x: Avoid card name truncation (git-fixes). - media: radio-wl1273: Avoid card name truncation (git-fixes). - commit 58ed58d - media: sun6i-csi: Allow the video device to be open multiple times (git-fixes). - media: i2c: ths8200 needs V4L2_ASYNC (git-fixes). - media: imx-jpeg: Fix the error handling path of 'mxc_jpeg_probe()' (git-fixes). - media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes). - media: TDA1997x: handle short reads of hdmi info frame (git-fixes). - media: mtk-vcodec: venc: fix return value when start_streaming fails (git-fixes). - media: v4l2-ioctl: S_CTRL output the right value (git-fixes). - media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes). - media: ov8856: Set default mbus format but allow caller to alter (git-fixes). - media: imx258: Fix getting clock frequency (git-fixes). - commit 10ca4a5 - mailbox: Remove WARN_ON for async_cb.cb in cmdq_exec_done (git-fixes). - ipmi: kcs_bmc: Fix a memory leak in the error handling path of 'kcs_bmc_serio_add_device()' (git-fixes). - ipmi:watchdog: Set panic count to proper value on a panic (git-fixes). - media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes). - media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes). - media: ttusb-dec: avoid release of non-acquired mutex (git-fixes). - media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes). - media: meson-ge2d: Fix rotation parameter changes detection in 'ge2d_s_ctrl()' (git-fixes). - media: em28xx: add missing em28xx_close_extension (git-fixes). - irqchip: Fix compile-testing without CONFIG_OF (git-fixes). - commit 962eefd - hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes). - hwmon: (tmp401) Drop support for TMP461 (git-fixes). - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes). - hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes). - hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes). - firmware/psci: fix application of sizeof to pointer (git-fixes). - fortify: Fix dropped strcpy() compile-time write overflow check (git-fixes). - commit c3d9755 - Move more upstreamed patches into sorted section - commit 6bd75c5 - Move upstreamed patches into sorted section - commit 3505517 - bpf: Fix potential race in tail call compatibility check (git-fixes). - bpf: Move BPF_MAP_TYPE for INODE_STORAGE and TASK_STORAGE outside of CONFIG_NET (git-fixes). - commit 7b0e1e4 ++++ libgcrypt: - FIPS: PBKDF requirements [bsc#1185137] * The PBKDF2 selftests were introduced in libgcrypt version 1.9.1 in the function selftest_pbkdf2() * Upstream task: https://dev.gnupg.org/T5182 ------------------------------------------------------------------ ------------------ 2021-11-1 - Nov 1 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Drop patches where were added for ustat() glibc doesn't expose this system call anymore, and so no point in carrying this delta. LTP does test for this but the test uses its own headers instead of libc for it. It is not worth carrying this delta for a deprecated call. This patch set was tested with kernel-ci and found no new regressions with btrfs. - Delete patches.suse/btrfs-fs-super.c-add-new-super-block-devices-super_block_d.patch. - Delete patches.suse/btrfs-use-the-new-VFS-super_block_dev.patch. - commit ea7c7f6 - iommu/dart: Clear sid2group entry when a group is freed (bsc#1192202). - iommu/dart: Remove iommu_flush_ops (bsc#1192202). - commit bfa1796 - iommu: Merge strictness and domain type configs (bsc#1192202). - Update config files. - commit d1fa7e3 - iommu/dart: Add DART iommu driver (bsc#1192202). - Update config files. - commit 5aaf175 - check.sh: - iommu: Enhance IOMMU default DMA mode build options (bsc#1192202). - Update config files. - commit 2189b47 - iommu/io-pgtable: Abstract iommu_iotlb_gather access (bsc#1192202). - iommu/vt-d: Add present bit check in pasid entry setup helpers (bsc#1192202). - iommu/vt-d: Use pasid_pte_is_present() helper function (bsc#1192202). - iommu/vt-d: Drop the kernel doc annotation (bsc#1192202). - iommu/vt-d: Allow devices to have more than 32 outstanding PRs (bsc#1192202). - iommu/vt-d: Preset A/D bits for user space DMA usage (bsc#1192202). - iommu/vt-d: Enable Intel IOMMU scalable mode by default (bsc#1192202). - iommu/vt-d: Refactor Kconfig a bit (bsc#1192202). - iommu/vt-d: Remove unnecessary oom message (bsc#1192202). - iommu: Allow enabling non-strict mode dynamically (bsc#1192202). - iommu: Only log strictness for DMA domains (bsc#1192202). - iommu: Expose DMA domain strictness via sysfs (bsc#1192202). - iommu: Express DMA strictness via the domain type (bsc#1192202). - iommu/vt-d: Prepare for multiple DMA domain types (bsc#1192202). - iommu/arm-smmu: Prepare for multiple DMA domain types (bsc#1192202). - iommu/amd: Prepare for multiple DMA domain types (bsc#1192202). - iommu: Introduce explicit type for non-strict DMA domains (bsc#1192202). - iommu/io-pgtable: Remove non-strict quirk (bsc#1192202). - iommu: Indicate queued flushes via gather data (bsc#1192202). - iommu/dma: Remove redundant "!dev" checks (bsc#1192202). - iommu/virtio: Drop IOVA cookie management (bsc#1192202). - iommu/sun50i: Drop IOVA cookie management (bsc#1192202). - iommu/sprd: Drop IOVA cookie management (bsc#1192202). - iommu/rockchip: Drop IOVA cookie management (bsc#1192202). - iommu/mtk: Drop IOVA cookie management (bsc#1192202). - iommu/ipmmu-vmsa: Drop IOVA cookie management (bsc#1192202). - iommu/exynos: Drop IOVA cookie management (bsc#1192202). - iommu/vt-d: Drop IOVA cookie management (bsc#1192202). - iommu/arm-smmu: Drop IOVA cookie management (bsc#1192202). - iommu/amd: Drop IOVA cookie management (bsc#1192202). - iommu: Pull IOVA cookie management into the core (bsc#1192202). - iommu/amd: Remove stale amd_iommu_unmap_flush usage (bsc#1192202). - iommu/amd: Use only natural aligned flushes in a VM (bsc#1192202). - iommu/amd: Sync once for scatter-gather operations (bsc#1192202). - iommu/amd: Tailored gather logic for AMD (bsc#1192202). - iommu: Factor iommu_iotlb_gather_is_disjoint() out (bsc#1192202). - iommu: Improve iommu_iotlb_gather helpers (bsc#1192202). - iommu/amd: Do not use flush-queue when NpCache is on (bsc#1192202). - iommu/amd: Selective flush on unmap (bsc#1192202). - iommu/amd: Fix printing of IOMMU events when rate limiting kicks in (bsc#1192202). - iommu/amd: Convert from atomic_t to refcount_t on pasid_state->count (bsc#1192202). - iommu/arm-smmu: Fix missing unlock on error in arm_smmu_device_group() (bsc#1192202). - iommu/arm-smmu-v3: Stop pre-zeroing batch commands (bsc#1192202). - iommu/arm-smmu-v3: Extract reusable function __arm_smmu_cmdq_skip_err() (bsc#1192202). - iommu/arm-smmu-v3: Add and use static helper function arm_smmu_get_cmdq() (bsc#1192202). - iommu/arm-smmu-v3: Add and use static helper function arm_smmu_cmdq_issue_cmd_with_sync() (bsc#1192202). - iommu/arm-smmu-v3: Use command queue batching helpers to improve performance (bsc#1192202). - iommu/arm-smmu: Optimize ->tlb_flush_walk() for qcom implementation (bsc#1192202). - iommu/arm-smmu: Fix race condition during iommu_group creation (bsc#1192202). - iommu: Fix race condition during default domain allocation (bsc#1192202). - iommu/arm-smmu: Add clk_bulk_{prepare/unprepare} to system pm callbacks (bsc#1192202). - iommu/arm-smmu-v3: Remove some unneeded init in arm_smmu_cmdq_issue_cmdlist() (bsc#1192202). - iommu/dart: APPLE_DART should depend on ARCH_APPLE (bsc#1192202). - dt-bindings: iommu: add DART iommu bindings (bsc#1192202). - iommu/io-pgtable: Add DART pagetable format (bsc#1192202). - iommu/arm-smmu-v3: Implement the map_pages() IOMMU driver callback (bsc#1192202). - iommu/arm-smmu-v3: Implement the unmap_pages() IOMMU driver callback (bsc#1192202). - iommu/vt-d: Move clflush'es from iotlb_sync_map() to map_pages() (bsc#1192202). - iommu/vt-d: Implement map/unmap_pages() iommu_ops callback (bsc#1192202). - iommu/vt-d: Report real pgsize bitmap to iommu core (bsc#1192202). - iommu: Streamline iommu_iova_to_phys() (bsc#1192202). - iommu: Remove mode argument from iommu_set_dma_strict() (bsc#1192202). - iommu/amd: Add support for IOMMU default DMA mode build options (bsc#1192202). - iommu/vt-d: Add support for IOMMU default DMA mode build options (bsc#1192202). - iommu: Print strict or lazy mode at init time (bsc#1192202). - iommu: Deprecate Intel and AMD cmdline methods to enable strict mode (bsc#1192202). - iommu/arm-smmu: Implement the map_pages() IOMMU driver callback (bsc#1192202). - iommu/arm-smmu: Implement the unmap_pages() IOMMU driver callback (bsc#1192202). - iommu/io-pgtable-arm-v7s: Implement arm_v7s_map_pages() (bsc#1192202). - iommu/io-pgtable-arm-v7s: Implement arm_v7s_unmap_pages() (bsc#1192202). - iommu/io-pgtable-arm: Implement arm_lpae_map_pages() (bsc#1192202). - iommu/io-pgtable-arm: Implement arm_lpae_unmap_pages() (bsc#1192202). - iommu/io-pgtable-arm: Prepare PTE methods for handling multiple entries (bsc#1192202). - iommu: Add support for the map_pages() callback (bsc#1192202). - iommu: Hook up '->unmap_pages' driver callback (bsc#1192202). - iommu: Split 'addr_merge' argument to iommu_pgsize() into separate parts (bsc#1192202). - iommu: Use bitmap to calculate page size in iommu_pgsize() (bsc#1192202). - iommu: Add a map_pages() op for IOMMU drivers (bsc#1192202). - iommu/io-pgtable: Introduce map_pages() as a page table op (bsc#1192202). - iommu: Add an unmap_pages() op for IOMMU drivers (bsc#1192202). - iommu/io-pgtable: Introduce unmap_pages() as a page table op (bsc#1192202). - commit a0c9d74 - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (boo#1191417) There is one model that contains *-66.ucode. Add the exception. - commit 092f914 ++++ mozilla-nss: - Update nss-fips-approved-crypto-non-ec.patch to claim 3DES unapproved in FIPS mode (bsc#1192080). - Update nss-fips-constructor-self-tests.patch to allow testing of unapproved algorithms (bsc#1192228). - Add nss-fips-version-indicators.patch (bmo#1729550, bsc#1192086). This adds FIPS version indicators. - Add nss-fips-180-3-csp-clearing.patch (bmo#1697303, bsc#1192087). Most of the relevant changes are already upstream since NSS 3.60. ++++ yast2-trans: - Update to version 84.87.20211030.c198d302b1: * Translated using Weblate (Korean) * Translated using Weblate (Korean) * Translated using Weblate (Korean) * Translated using Weblate (Korean) * New POT for text domain 'installation'. * New POT for text domain 'autoinst'. * New POT for text domain 's390'. ------------------------------------------------------------------ ------------------ 2021-10-31 - Oct 31 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - sctp: add vtag check in sctp_sf_ootb (CVE-2021-3772 bsc#1190351). - sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (CVE-2021-3772 bsc#1190351). - sctp: add vtag check in sctp_sf_violation (CVE-2021-3772 bsc#1190351). - sctp: fix the processing for COOKIE_ECHO chunk (CVE-2021-3772 bsc#1190351). - sctp: fix the processing for INIT_ACK chunk (CVE-2021-3772 bsc#1190351). - sctp: fix the processing for INIT chunk (CVE-2021-3772 bsc#1190351). - sctp: use init_tag from inithdr for ABORT chunk (CVE-2021-3772 bsc#1190351). - commit eced362 ------------------------------------------------------------------ ------------------ 2021-10-30 - Oct 30 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - gpio: xgs-iproc: fix parsing of ngpios property (git-fixes). - mmc: tmio: reenable card irqs after the reset callback (git-fixes). - mmc: mediatek: Move cqhci init behind ungate clock (git-fixes). - mmc: cqhci: clear HALT state after CQE enable (git-fixes). - mmc: vub300: fix control-message timeouts (git-fixes). - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes). - mmc: sdhci-pci: Read card detect from ACPI for Intel Merrifield (git-fixes). - commit 1481f8d ++++ python-pyOpenSSL: - Add check_inv_ALPN_lists.patch checks for invalid ALPN lists before calling OpenSSL (gh#pyca/pyopenssl#1056). ------------------------------------------------------------------ ------------------ 2021-10-29 - Oct 29 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145). - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145). - scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145). - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145). - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145). - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145). - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145). - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145). - commit 646f67b - rtw89: Fix variable dereferenced before check 'sta' (bsc#1191321). - rtw89: fix return value in hfc_pub_cfg_chk (bsc#1191321). - rtw89: remove duplicate register definitions (bsc#1191321). - rtw89: fix error function parameter (bsc#1191321). - rtw89: remove unneeded semicolon (bsc#1191321). - rtw89: fix return value check in rtw89_cam_send_sec_key_cmd() (bsc#1191321). - rtw89: Remove redundant check of ret after call to rtw89_mac_enable_bb_rf (bsc#1191321). - rtw89: Fix two spelling mistakes in debug messages (bsc#1191321). - commit 6b3302b - gpio: mlxbf2: Use DEFINE_RES_MEM_NAMED() helper macro (jsc#SLE-95282). - gpio: mlxbf2: Use devm_platform_ioremap_resource() (jsc#SLE-95282). - gpio: mlxbf2: Drop wrong use of ACPI_PTR() (jsc#SLE-95282). - gpio: mlxbf2: Convert to device PM ops (jsc#SLE-95282). - commit 9b96e8f - Update references to a new jira ticket SLE-22489. - Update patches.suse/MAINTAINERS-add-an-entry-for-NXP-S32G-boards.patch (jsc#SLE-22489). - Update patches.suse/arm64-dts-add-NXP-S32G2-support.patch (jsc#SLE-22489). - Update patches.suse/arm64-dts-s32g2-add-USDHC-support.patch (jsc#SLE-22489). - Update patches.suse/arm64-dts-s32g2-add-VNP-EVB-and-VNP-RDB2-support.patch (jsc#SLE-22489). - Update patches.suse/arm64-dts-s32g2-add-memory-nodes-for-evb-and-rdb2.patch (jsc#SLE-22489). - Update patches.suse/arm64-dts-s32g2-add-serial-uart-support.patch (jsc#SLE-22489). - Update patches.suse/dt-bindings-arm-fsl-add-NXP-S32G2-boards.patch (jsc#SLE-22489). - Update patches.suse/dt-bindings-mmc-fsl-imx-esdhc-add-NXP-S32G2-support.patch (jsc#SLE-22489). - Update patches.suse/dt-bindings-serial-fsl-linflexuart-add-compatible-fo.patch (jsc#SLE-22489). - Update patches.suse/dt-bindings-serial-fsl-linflexuart-convert-to-json-s.patch (jsc#SLE-22489). - Update patches.suse/mmc-sdhci-esdhc-imx-Remove-redundant-code-for-manual.patch (jsc#SLE-22489). - Update patches.suse/mmc-sdhci-esdhc-imx-Remove-unneeded-mmc-esdhc-imx.h-.patch (jsc#SLE-22489). - Update patches.suse/mmc-sdhci-esdhc-imx-Select-the-correct-mode-for-auto.patch (jsc#SLE-22489). - Update patches.suse/mmc-sdhci-esdhc-imx-add-NXP-S32G2-support.patch (jsc#SLE-22489). - Update patches.suse/mmc-sdhci-esdhc-imx-clear-the-buffer_read_ready-to-r.patch (jsc#SLE-22489). - commit 618f4ad - drm/i915/dp: Skip the HW readout of DPCD on disabled encoders (git-fixes). - drm/i915: Catch yet another unconditioal clflush (git-fixes). - drm/i915: Convert unconditional clflush to drm_clflush_virt_range() (git-fixes). - drm/amd/display: Fix deadlock when falling back to v2 from v3 (git-fixes). - cfg80211: correct bridge/4addr mode check (git-fixes). - cfg80211: fix management registrations locking (git-fixes). - net: lan78xx: fix division by zero in send path (git-fixes). - net: batman-adv: fix error handling (git-fixes). - nfc: port100: fix using -ERRNO as command type mask (git-fixes). - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes). - mac80211: mesh: fix HE operation element length check (git-fixes). - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes). - watchdog: sbsa: only use 32-bit accessors (git-fixes). - Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout" (git-fixes). - virtio-ring: fix DMA metadata flags (git-fixes). - commit 0d15701 - drm/amdgpu: Fix even more out of bound writes from debugfs (bsc#1191949 CVE-2021-42327). - drm/amdgpu: fix out of bounds write (bsc#1191949 CVE-2021-42327). - commit 3b100a9 - arm64: dts: s32g2: add USDHC support (jsc#SLE-17612). - mmc: sdhci-esdhc-imx: add NXP S32G2 support (jsc#SLE-17612). - mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit (jsc#SLE-17612). - dt-bindings: mmc: fsl-imx-esdhc: add NXP S32G2 support (jsc#SLE-17612). - MAINTAINERS: add an entry for NXP S32G boards (jsc#SLE-17612). - arm64: dts: s32g2: add memory nodes for evb and rdb2 (jsc#SLE-17612). - arm64: dts: s32g2: add VNP-EVB and VNP-RDB2 support (jsc#SLE-17612). - arm64: dts: s32g2: add serial/uart support (jsc#SLE-17612). - arm64: dts: add NXP S32G2 support (jsc#SLE-17612). - dt-bindings: serial: fsl-linflexuart: add compatible for S32G2 (jsc#SLE-17612). - dt-bindings: serial: fsl-linflexuart: convert to json-schema format (jsc#SLE-17612). - dt-bindings: arm: fsl: add NXP S32G2 boards (jsc#SLE-17612). - mmc: sdhci-esdhc-imx: Select the correct mode for auto tuning (jsc#SLE-17612). - mmc: sdhci-esdhc-imx: Remove redundant code for manual tuning (jsc#SLE-17612). - mmc: sdhci-esdhc-imx: Remove unneeded mmc-esdhc-imx.h header (jsc#SLE-17612). - commit 904b8f7 ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#529 - Add chipidea module (bsc#1184867) - add kernel modules for USB PHYs (bsc#1184867) - Add chipidea and USB PHYs (bsc#1184867) - 16.57.3 ------------------------------------------------------------------ ------------------ 2021-10-28 - Oct 28 2021 ------------------- ------------------------------------------------------------------ ++++ cpio: - Update keyring ++++ glib2: - Update to version 2.70.1: + Fix network changes not being signalled from NetworkManager. + Fix build when building with --fatal-meson-warnings. + Bugs fixed: glgo#GNOME/GLib#2505, glgo#GNOME/GLib!2245, glgo#GNOME/GLib!2253, glgo#GNOME/GLib!2256, glgo#GNOME/GLib!2259, glgo#GNOME/GLib!2262, glgo#GNOME/GLib!2271, glgo#GNOME/GLib!2276, glgo#GNOME/GLib!2300, glgo#GNOME/GLib!2301, glgo#GNOME/GLib!2302, glgo#GNOME/GLib!2304. - Refresh patches with quilt. ++++ kernel-default: - Delete patches.suse/sched-numa-Check-numa-balancing-information-only-when-enabled.patch. Marginal benefit. - commit f084d35 - sched/fair: Increase wakeup_gran if current task has not executed the minimum granularity (Scheduler enhancements for I7 (bnc#754690, bnc#1144446)). - commit c69685a - sched/fair: Couple wakee flips with heavy wakers (Scheduler enhancements for I7 (bnc#754690, bnc#1144446)). - commit fdca596 - sched/fair: Adjust the allowed NUMA imbalance when SD_NUMA spans multiple LLCS (bsc#1192120). - commit c881665 - Update bug references. patches.suse/KVM-PPC-Book3S-HV-Fix-stack-handling-in-idle_kvm_sta.patch (stable-5.14.15 bko#206669 bsc#1174585 bsc#1192107 CVE-2021-43056). patches.suse/KVM-PPC-Book3S-HV-Make-idle_kvm_start_guest-return-0.patch (stable-5.14.15 bko#206669 bsc#1174585 bsc#1192107 CVE-2021-43056). patches.suse/powerpc-idle-Don-t-corrupt-back-chain-when-going-idl.patch (stable-5.14.15 bko#206669 bsc#1174585 bsc#1192107 CVE-2021-43056). - commit 140b7c5 - Update patch reference for ISDN fix (CVE-2021-3896 bsc#1191958) The config isn't enabled but the fix was already picked up by stable tree. - commit ee64c99 - efi: cper: check section header more appropriately (jsc#SLE-18522). - efi/libstub: Simplify "Exiting bootservices" message (jsc#SLE-18522). - efi: sysfb_efi: fix build when EFI is not set (jsc#SLE-18522). - drivers/firmware: fix SYSFB depends to prevent build failures (jsc#SLE-18522). - drivers/firmware: consolidate EFI framebuffer setup for all arches (jsc#SLE-18522). Update config files: +# CONFIG_SYSFB_SIMPLEFB is not set - drivers/firmware: move x86 Generic System Framebuffers support (jsc#SLE-18522). Update config files: +CONFIG_SYSFB=y - efi: cper: fix scnprintf() use in cper_mem_err_location() (jsc#SLE-18522). - commit f3836a8 ++++ kmod: - Enable ZSTD on 15.3 as well (boo#1192104). - Only test ZSTD in testsuite on releases where it is available. ++++ libgcrypt: - FIPS: Fix regression tests in FIPS mode [bsc#1192131] * Add libgcrypt-FIPS-fix-regression-tests.patch * Upstream task: https://dev.gnupg.org/T5520 ++++ rpm-config-SUSE: - backport %sle_version in macros file from Factory (boo#1187214, sle_version.diff) ++++ virt-manager: - bsc#1188223 - L3: Sles12sp3 DomU won't boot after adding phys hard drive virtinst-xenbus-disk-index-fix.patch ------------------------------------------------------------------ ------------------ 2021-10-27 - Oct 27 2021 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - Add patch git-34-9a1bc15517d6da56d75182338c0f1bc4518b2b75.patch * sysctl.d/50-default.conf: allow everybody to create IPPROTO_ICMP sockets (bsc#1174504) - Add patch git-35-91f496b1f65af29832192bad949685a7bc25da0a.patch * sysctl.d/50-default.conf: fix ping_group_range syntax error ++++ librsvg: - Update to version 2.52.3: + Bugfixes, mostly for text layout. Also, text links in PDF! - Support text-decoration=overline. - Basic support for the unicode-bidi property. Librsvg still considers each tspan independently of others, which is incorrect, but at least bidi-override works now for a single embedding level. - Fix placement of tspan that changes the text direction. - :lang() selector should now match lang attribute from an element's parent. - Fix the text-anchor property for right-to-left text. - PDF now includes links inside text elements. ++++ kernel-default: - ACPI: tools: fix compilation error (jsc#SLE-19223). - ACPI: PM: Do not turn off power resources in unknown state (jsc#SLE-19223). - Revert "ACPI: Add memory semantics to acpi_os_map_memory()" (jsc#SLE-19223). - ACPI: scan: Remove unneeded header linux/nls.h (jsc#SLE-19223). - ACPI: CPPC: Introduce cppc_get_nominal_perf() (jsc#SLE-19223). - ACPI: memhotplug: memory resources cannot be enabled yet (jsc#SLE-19223). - clk: fractional-divider: Introduce POWER_OF_TWO_PS flag (jsc#SLE-19223). - isystem: ship and use stdarg.h (jsc#SLE-19223). - clk: x86: Rename clk-lpt to more specific clk-lpss-atom (jsc#SLE-19223). - ACPI: button: Add DMI quirk for Lenovo Yoga 9 (14INTL5) (jsc#SLE-19223). - ACPI: power: Drop name from struct acpi_power_resource (jsc#SLE-19223). - ACPI: power: Use acpi_handle_debug() to print debug messages (jsc#SLE-19223). - ACPI: Add memory semantics to acpi_os_map_memory() (jsc#SLE-19223). - ACPI: platform-profile: call sysfs_notify() from platform_profile_store() (jsc#SLE-19223). - ACPI: tables: FPDT: Do not print FW_BUG message if record types are reserved (jsc#SLE-19223). - ACPI: SPCR: Add support for the new 16550-compatible Serial Port Subtype (jsc#SLE-19223). - ACPI: DPTF: Add new PCH FIVR methods (jsc#SLE-19223). - ACPI / PMIC: XPower: optimize MIPI PMIQ sequence I2C-bus accesses (jsc#SLE-19223). - ACPI / PMIC: XPower: optimize I2C-bus accesses (jsc#SLE-19223). - ACPI: configfs: Make get_header() to return error pointer (jsc#SLE-19223). - ACPI: configfs: Use sysfs_emit() in "show" functions (jsc#SLE-19223). - ACPI: glue: Eliminate acpi_platform_notify() (jsc#SLE-19223). - ACPI: bus: Rename functions to avoid name collision (jsc#SLE-19223). - ACPI: glue: Change return type of two functions to void (jsc#SLE-19223). - ACPI: glue: Rearrange acpi_device_notify() (jsc#SLE-19223). - ACPI: Add LoongArch support for ACPI_PROCESSOR/ACPI_NUMA (jsc#SLE-19223). - ACPICA: Update version to 20210730 (jsc#SLE-19223). - ACPICA: Add method name "_DIS" For use with aslmethod.c (jsc#SLE-19223). - ACPICA: iASL: Fix for WPBT table with no command-line arguments (jsc#SLE-19223). - ACPICA: Headers: Add new DBG2 Serial Port Subtypes (jsc#SLE-19223). - ACPICA: Macros should not use a trailing semicolon (jsc#SLE-19223). - ACPICA: Fix an if statement (add parens) (jsc#SLE-19223). - ACPICA: iASL: Add support for the AEST table (data compiler) (jsc#SLE-19223). - x86: Fix typo s/ECLR/ELCR/ for the PIC register (jsc#SLE-19223). - x86: Avoid magic number with ELCR register accesses (jsc#SLE-19223). - commit fec7c9a - blacklist.conf: Blacklist 889c05cc5834 - commit 5a487b9 - block, bfq: reset last_bfqq_created on group change (bsc#1192069). - commit 766d534 - Update patch reference for NFC fix (CVE-2021-3760 bsc#1190067) - commit ff45dbb - Update patch reference for firewire fix (CVE-2021-42739 CVE-2021-3542 bsc#1184673) - commit 5dddbb4 - Revert "net: mdiobus: Fix memory leak in __mdiobus_register" (git-fixes). - commit 9dd851c - Update config files: just version bump to 5.14.15 - commit 9c26279 - ARM: 9122/1: select HAVE_FUTEX_CMPXCHG (stable-5.14.15). - Update config files. - commit 3874624 - Linux 5.14.15 (stable-5.14.15). - commit de92495 - pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume() (stable-5.14.15). - commit f116064 - drm/kmb: Enable alpha blended second plane (stable-5.14.15). - Refresh patches.suse/drm-kmb-Disable-change-of-plane-parameters.patch. - commit 6bcd94d - autofs: fix wait name hash calculation in autofs_wait() (stable-5.14.15). - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() (stable-5.14.15). - drm/kmb: Limit supported mode to 1080p (stable-5.14.15). - e1000e: Separate TGP board type from SPT (stable-5.14.15). - s390/pci: fix zpci_zdev_put() on reserve (stable-5.14.15). - bpf, test, cgroup: Use sk_{alloc,free} for test cases (stable-5.14.15). - net: mdiobus: Fix memory leak in __mdiobus_register (stable-5.14.15). - s390/pci: cleanup resources only if necessary (stable-5.14.15). - commit 905ecd1 - net/mlx5: Lag, change multipath and bonding to be mutually exclusive (stable-5.14.15). - commit 46bc273 - net: hns3: fix for miscalculation of rx unused desc (stable-5.14.15). - commit 4b9aac9 - sched/scs: Reset the shadow stack when idle_task_exit (stable-5.14.15). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (stable-5.14.15). - scsi: mpi3mr: Fix duplicate device entries when scanning through sysfs (stable-5.14.15). - scsi: storvsc: Fix validation for unsolicited incoming packets (stable-5.14.15). - scsi: iscsi: Fix set_param() handling (stable-5.14.15). - ASoC: codec: wcd938x: Add irq config support (stable-5.14.15). - mm/thp: decrease nr_thps in file's mapping on THP split (stable-5.14.15). - Input: snvs_pwrkey - add clk handling (stable-5.14.15). - commit 45f2107 - perf/x86/msr: Add Sapphire Rapids CPU support (stable-5.14.15). - libperf tests: Fix test_stat_cpu (stable-5.14.15). - libperf test evsel: Fix build error on !x86 architectures (stable-5.14.15). - spi-mux: Fix false-positive lockdep splats (stable-5.14.15). - spi: Fix deadlock when adding SPI controllers on SPI buses (stable-5.14.15). - isdn: mISDN: Fix sleeping function called from invalid context (stable-5.14.15). - ARM: dts: spear3xx: Fix gmac node (stable-5.14.15). - net: stmmac: add support for dwmac 3.40a (stable-5.14.15). - platform/x86: intel_scu_ipc: Update timeout value in comment (stable-5.14.15). - platform/x86: intel_scu_ipc: Increase virtual timeout to 10s (stable-5.14.15). - commit 09559eb - KVM: MMU: Reset mmu->pkru_mask to avoid stale data (stable-5.14.15). - objtool: Update section header before relocations (stable-5.14.15). - objtool: Check for gelf_update_rel[a] failures (stable-5.14.15). - drm/msm/a6xx: Serialize GMU communication (stable-5.14.15). - bitfield: build kunit tests without structleak plugin (stable-5.14.15). - device property: build kunit tests without structleak plugin (stable-5.14.15). - iio/test-format: build kunit tests without structleak plugin (stable-5.14.15). - gcc-plugins/structleak: add makefile var for disabling structleak (stable-5.14.15). - kunit: fix reference count leak in kfree_at_end (stable-5.14.15). - btrfs: deal with errors when checking if a dir entry exists during log replay (stable-5.14.15). - commit 1f55831 - KVM: x86: remove unnecessary arguments from complete_emulator_pio_in (stable-5.14.15). - KVM: x86: split the two parts of emulator_pio_in (stable-5.14.15). - drm: mxsfb: Fix NULL pointer dereference crash on unload (stable-5.14.15). - selftests: netfilter: remove stray bash debug line (stable-5.14.15). - netfilter: Kconfig: use 'default y' instead of 'm' for bool config option (stable-5.14.15). - net: hns3: fix the max tx size according to user manual (stable-5.14.15). - net: bridge: mcast: use multicast_membership_interval for IGMPv3 (stable-5.14.15). - KVM: SEV-ES: Set guest_state_protected after VMSA update (stable-5.14.15). - isdn: cpai: check ctr->cnr to avoid array index out of bound (stable-5.14.15). - nfc: nci: fix the UAF of rf_conn_info object (stable-5.14.15). - commit 41d6324 - KVM: SEV-ES: go over the sev_pio_data buffer in multiple passes if needed (stable-5.14.15). - KVM: SEV-ES: keep INS functions together (stable-5.14.15). - KVM: SEV-ES: clean up kvm_sev_es_ins/outs (stable-5.14.15). - KVM: x86: leave vcpu->arch.pio.count alone in emulator_pio_in_out (stable-5.14.15). - KVM: SEV-ES: rename guest_ins_data to sev_pio_data (stable-5.14.15). - KVM: SEV: Flush cache on non-coherent systems before RECEIVE_UPDATE_DATA (stable-5.14.15). - KVM: nVMX: promptly process interrupts delivered while in guest mode (stable-5.14.15). - KVM: x86: check for interrupts before deciding whether to exit the fast path (stable-5.14.15). - KVM: SEV-ES: reduce ghcb_sa_len to 32 bits (stable-5.14.15). - KVM: SEV-ES: fix length of string I/O (stable-5.14.15). - commit 55eb497 - ucounts: Proper error handling in set_cred_ucounts (stable-5.14.15). - ucounts: Pair inc_rlimit_ucounts with dec_rlimit_ucoutns in commit_creds (stable-5.14.15). - ucounts: Fix signal ucount refcounting (stable-5.14.15). - powerpc/idle: Don't corrupt back chain when going idle (stable-5.14.15). - mm, slub: fix incorrect memcg slab count for bulk free (stable-5.14.15). - mm, slub: fix potential use-after-free in slab_debugfs_fops (stable-5.14.15). - mm, slub: fix potential memoryleak in kmem_cache_open() (stable-5.14.15). - mm, slub: fix mismatch between reconstructed freelist depth and cnt (stable-5.14.15). - KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest (stable-5.14.15). - KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest() (stable-5.14.15). - commit 91fb3d7 - blk-cgroup: blk_cgroup_bio_start() should use irq-safe operations on blkg->iostat_cpu (stable-5.14.15). - ucounts: Move get_ucounts from cred_alloc_blank to key_change_session_keyring (stable-5.14.15). - net: dsa: mt7530: correct ds->num_ports (stable-5.14.15). - ASoC: DAPM: Fix missing kctl change notifications (stable-5.14.15). - ASoC: nau8824: Fix headphone vs headset, button-press detection no longer working (stable-5.14.15). - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (stable-5.14.15). - ALSA: hda/realtek: Add quirk for Clevo PC50HS (stable-5.14.15). - audit: fix possible null-pointer dereference in audit_filter_rules (stable-5.14.15). - mm/secretmem: fix NULL page->mapping dereference in page_is_secretmem() (stable-5.14.15). - vfs: check fd has read access in kernel_read_file_from_fd() (stable-5.14.15). - commit 683b2ff - can: j1939: j1939_xtp_rx_rts_session_new(): abort TP less than 9 bytes (stable-5.14.15). - ceph: fix handling of "meta" errors (stable-5.14.15). - ceph: skip existing superblocks that are blocklisted or shut down when mounting (stable-5.14.15). - tracing: Have all levels of checks prevent recursion (stable-5.14.15). - elfcore: correct reference to CONFIG_UML (stable-5.14.15). - mm/mempolicy: do not allow illegal MPOL_F_NUMA_BALANCING | MPOL_LOCAL in mbind() (stable-5.14.15). - ocfs2: mount fails with buffer overflow in strlen (stable-5.14.15). - ocfs2: fix data corruption after conversion from inline format (stable-5.14.15). - userfaultfd: fix a race between writeprotect and exit_mmap() (stable-5.14.15). - mm/userfaultfd: selftests: fix memory corruption with thp enabled (stable-5.14.15). - commit f96874a - net: enetc: make sure all traffic classes can send large frames (stable-5.14.15). - can: isotp: isotp_sendmsg(): fix return error on FC timeout on TX path (stable-5.14.15). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (stable-5.14.15). - can: peak_pci: peak_pci_remove(): fix UAF (stable-5.14.15). - can: rcar_can: fix suspend/resume (stable-5.14.15). - can: isotp: isotp_sendmsg(): fix TX buffer concurrent access in isotp_sendmsg() (stable-5.14.15). - can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible() (stable-5.14.15). - can: j1939: j1939_xtp_rx_dat_one(): cancel session if receive TP.DT with error length (stable-5.14.15). - can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv (stable-5.14.15). - can: j1939: j1939_tp_rxtimer(): fix errant alert in j1939_tp_rxtimer (stable-5.14.15). - commit 5922c25 - drm/kmb: Enable ADV bridge after modeset (stable-5.14.15). - drm/kmb: Corrected typo in handle_lcd_irq (stable-5.14.15). - drm/kmb: Disable change of plane parameters (stable-5.14.15). - drm/kmb: Remove clearing DPHY regs (stable-5.14.15). - drm/kmb: Work around for higher system clock (stable-5.14.15). - drm/panel: ilitek-ili9881c: Fix sync for Feixin K101-IM2BYL02 panel (stable-5.14.15). - net: enetc: fix ethtool counter name for PM0_TERR (stable-5.14.15). - net/mlx5e: IPsec: Fix work queue entry ethernet segment checksum flags (stable-5.14.15). - net/mlx5e: IPsec: Fix a misuse of the software parser's fields (stable-5.14.15). - ice: Add missing E810 device ids (stable-5.14.15). - commit 8a2728b - igc: Update I226_K device ID (stable-5.14.15). - e1000e: Fix packet loss on Tiger Lake and later (stable-5.14.15). - ptp: Fix possible memory leak in ptp_clock_register() (stable-5.14.15). - net: stmmac: Fix E2E delay mechanism (stable-5.14.15). - net: hns3: disable sriov before unload hclge layer (stable-5.14.15). - net: hns3: fix vf reset workqueue cannot exit (stable-5.14.15). - net: hns3: schedule the polling again when allocation fails (stable-5.14.15). - net: hns3: add limit ets dwrr bandwidth cannot be 0 (stable-5.14.15). - net: hns3: reset DWRR of unused tc to zero (stable-5.14.15). - net: hns3: Add configuration of TM QCN error event (stable-5.14.15). - commit 5c6e545 - net: dsa: Fix an error handling path in 'dsa_switch_parse_ports_of()' (stable-5.14.15). - net/sched: act_ct: Fix byte count on fragmented packets (stable-5.14.15). - net: dsa: lantiq_gswip: fix register definition (stable-5.14.15). - hamradio: baycom_epp: fix build for UML (stable-5.14.15). - ipv6: When forwarding count rx stats on the orig netdev (stable-5.14.15). - tcp: md5: Fix overlap between vrf and non-vrf keys (stable-5.14.15). - lan78xx: select CRC32 (stable-5.14.15). - sctp: fix transport encap_port update in sctp_vtag_verify (stable-5.14.15). - powerpc/smp: do not decrement idle task preempt count in CPU offline (stable-5.14.15). - NIOS2: irqflags: rename a redefined register name (stable-5.14.15). - commit 9aa725a - netfilter: ipvs: make global sysctl readonly in non-init netns (stable-5.14.15). - netfilter: ip6t_rt: fix rt0_hdr parsing in rt_mt6 (stable-5.14.15). - netfilter: nf_tables: skip netdev events generated on netns removal (stable-5.14.15). - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value (stable-5.14.15). - ice: Print the api_patch as part of the fw.mgmt.api (stable-5.14.15). - ice: fix getting UDP tunnel entry (stable-5.14.15). - ice: Avoid crash from unnecessary IDA free (stable-5.14.15). - ice: Fix failure to re-add LAN/RDMA Tx queues (stable-5.14.15). - dma-debug: fix sg checks in debug_dma_map_sg() (stable-5.14.15). - ASoC: wm8960: Fix clock configuration on slave mode (stable-5.14.15). - commit 245d6d8 - ASoC: cs4341: Add SPI device ID table (stable-5.14.15). - ASoC: pcm179x: Add missing entries SPI to device ID table (stable-5.14.15). - ASoC: fsl_xcvr: Fix channel swap issue with ARC (stable-5.14.15). - ASoC: pcm512x: Mend accesses to the I2S_1 and I2S_2 registers (stable-5.14.15). - KVM: arm64: Release mmap_lock when using VM_SHARED with MTE (stable-5.14.15). - KVM: arm64: Fix host stage-2 PGD refcount (stable-5.14.15). - xtensa: xtfpga: Try software restart before simulating CPU reset (stable-5.14.15). - xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF (stable-5.14.15). - drm/amdgpu: init iommu after amdkfd device init (stable-5.14.15). - NFSD: Keep existing listeners on portlist error (stable-5.14.15). - commit c073ebb - block: decode QUEUE_FLAG_HCTX_ACTIVE in debugfs output (stable-5.14.15). - xen/x86: prevent PVH type from getting clobbered (stable-5.14.15). - drm/amdgpu/display: fix dependencies for DRM_AMD_DC_SI (stable-5.14.15). - arm: dts: vexpress-v2p-ca9: Fix the SMB unit-address (stable-5.14.15). - ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default (stable-5.14.15). - r8152: avoid to resubmit rx immediately (stable-5.14.15). - sh: pgtable-3level: fix cast to pointer from integer of different size (stable-5.14.15). - block/mq-deadline: Move dd_queued() to fix defined but not used warning (stable-5.14.15). - parisc: math-emu: Fix fall-through warnings (stable-5.14.15). - commit 009acde - Update patch references for stable-5.14.15 - commit c4e784c ++++ kernel-firmware: - Update to version 20211027 (git commit 1d00989a6596): * linux-firmware: Update AMD cpu microcode * QCA: Update Bluetooth firmware for WCN685x * bnx2x: Add FW 7.13.20.0 * Mellanox: Add new mlxsw_spectrum firmware xx.2010.1006 * linux-firmware: Update NXP Management Complex firmware to version 10.28.1 * linux-firmware: update firmware for MT7921 WiFi device * rtw89: 8852a: update fw to v0.13.30.0 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 - Update topics and aliases for rtw88 and rtw89 ++++ bluez: - update to version 5.62 (JIRA-SLE-18497): * Fix issue with handling truncation when loading LTKs. * Fix issue with accepting Exchange MTU on EATT bearer. * Fix issue with clearing DeviceLost timers on power down. * Fix issue with AVCTP browsing channel and missing ERTM. * Fix issue with AVDTP and local SEID pool for each adapter. * Add support for BR/EDR and LE connection failure reasons. - refresh patch hcidump-fixed-hci-frame-dump-stack-buffer-overflow.patch ++++ python3-core: - The previous construct works only on the current Factory, not in SLE. ++++ python3: - The previous construct works only on the current Factory, not in SLE. ------------------------------------------------------------------ ------------------ 2021-10-26 - Oct 26 2021 ------------------- ------------------------------------------------------------------ ++++ libguestfs: - Fix build errors in Factory * Alert ocaml_deprecated_cli: Setting a warning with a sequence of lowercase or uppercase letters, like 'CDEFLMPSUVYZX', is deprecated. 63c9cd93-m4-guestfs-ocaml.m4-Fix-deprecated-warning-format.patch * Error (warning 6 [labels-omitted]): label verbose was omitted in the application of this function. a4930f5f-customize-Suppress-OCaml-warning.patch ++++ kernel-default: - scsi: storvsc: Fix validation for unsolicited incoming packets (git-fixes). - hyperv/vmbus: include linux/bitops.h (git-fixes). - commit b72f394 - Normally we take git fixes for perf userspace into the userspace package. However prior commit f3f3684a8ebf perf-tools-Fix-hybrid-config-terms-list-corruption.patch) was added but without this needed dependency so perf userspace fails to build perf tools: Factor out copy_config_terms() and free_config_terms() (git-fixes). - commit 0d60052 - perf/x86/intel/uncore: Support IMC free-running counters on Sapphire Rapids server (jsc#SLE-18939). - perf/x86/intel/uncore: Support IIO free-running counters on Sapphire Rapids server (jsc#SLE-18939). - perf/x86/intel/uncore: Factor out snr_uncore_mmio_map() (jsc#SLE-18939). - perf/x86/intel/uncore: Add alias PMU name (jsc#SLE-18939). - perf/x86/intel/uncore: Add Sapphire Rapids server MDF support (jsc#SLE-18939). - perf/x86/intel/uncore: Add Sapphire Rapids server M3UPI support (jsc#SLE-18939). - perf/x86/intel/uncore: Add Sapphire Rapids server UPI support (jsc#SLE-18939). - perf/x86/intel/uncore: Add Sapphire Rapids server M2M support (jsc#SLE-18939). - perf/x86/intel/uncore: Add Sapphire Rapids server IMC support (jsc#SLE-18939). - perf/x86/intel/uncore: Add Sapphire Rapids server PCU support (jsc#SLE-18939). - perf/x86/intel/uncore: Add Sapphire Rapids server M2PCIe support (jsc#SLE-18939). - perf/x86/intel/uncore: Add Sapphire Rapids server IRP support (jsc#SLE-18939). - perf/x86/intel/uncore: Add Sapphire Rapids server IIO support (jsc#SLE-18939). - perf/x86/intel/uncore: Add Sapphire Rapids server CHA support (jsc#SLE-18939). - perf/x86/intel/uncore: Add Sapphire Rapids server framework (jsc#SLE-18939). - commit 4b44ca8 ++++ python-pyOpenSSL: - update to 21.0.0 (bsc#1200771, jsc#SLE-24519): - The minimum ``cryptography`` version is now 3.3. - Drop support for Python 3.5 - Raise an error when an invalid ALPN value is set. - Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version`` - Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings. ++++ qemu: - qemu: virtio-net: heap use-after-free in virtio_net_receive_rcu (bsc#1189938 CVE-2021-3748) solved by virtio-net-fix-use-after-unmap-free-for-.patch - kvm,qemu: out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702 CVE-2021-3713) * Patches added: uas-add-stream-number-sanity-checks.patch ++++ ovmf: - Removed patches which are merged to mainline: ovmf-bsc1186151-fix-iscsi-overflows.patch ovmf-xen-relocate-shared_info_page-map.patch - Removed patches because replaced: ovmf-fix-xen-s3-detection.patch -> ovmf-OvmfPkg-OvmfXen-set-PcdAcpiS3Enable-at-initializatio.patch ovmf-xen-add-qemu-kernel-loader-fs.patch -> ovmf-OvmfPkg-OvmfXen-add-QemuKernelLoaderFsDxe.patch ++++ virt-manager: - jsc#SLE-21540 Dev: Prefer UEFI when creating new virtual machines. Add a preferences option to allow users to default to UEFI when creating a new VM. Libvirt decides which firmware file to use. virtman-add-firmware-preferences.patch - Renamed patch virtinst-modify-gui-defaults.patch to virtman-modify-gui-defaults.patch ------------------------------------------------------------------ ------------------ 2021-10-25 - Oct 25 2021 ------------------- ------------------------------------------------------------------ ++++ avahi: - Change %python38_version_nodots to %suse_version which is compatible with Leap and SLE. See also: https://github.com/openSUSE/python-rpm-macros/issues/107 ++++ coreutils: - coreutils-df-fuse-portal-dummy.patch: df: Add "fuse.portal" as a dummy file system (used in flatpak implementations). (bsc#1189152) ++++ python-kiwi: - Bump version: 9.23.20 → 9.24.2 This version upgrade includes several fixes: * Fixed secure boot fallback setup Make sure MokManager gets copied. The name and location of the mok manager is distribution specific in the same way as the shim loader. Thus we need to apply a similar concept for looking it up. This Fixes bsc#1187515 * Allow creation of LUKS system with empty key To support cloud platforms better we should allow the creation of an initial(insecure) LUKS encrypted image with an empty passphrase/keyfile. This Fixes bsc#1187461 and bsc#1187460 * Delete obsolete ddb.adapterType patching When building a vmdk image with pvscsi as adapter type, kiwi implicitly changed the adapter_type from pvscsi to lsilogic because qemu only knows lsilogic. At the end kiwi patched the adapter type in the descriptor of the vmdk header back to pvscsi. That patching seems to be wrong according to information from users and VMware support. This commit deletes the descriptor patching and only leaves the pvscsi setting in the guest configuration(vmx). This Fixes bsc#1180539 and Fixes #1847 * Make dracut version check more robust The check_dracut_module_versions_compatible_to_kiwi() runtime check calls the package manager from the host and reads the package database from the image root. Doing this requires the package database in the image to be compatible with the package manager on the host. However this cannot be guarenteed and it is more robust to chroot into the image root and call the package manager from there. However, this change also comes with the cost that it's required to have a package manager available in the image root tree. Therefore along with the chroot based call, eventual exceptions from the call are now catched and leads to a debug message in the log file but will not lead the runtime check to fail. I consider the cases without a package database inside of the image to be less critical than the incompatibility issue between the host tooling and the package database in the image. This Fixes bsc#1185937 * Fixed setup of repository architecture Unfortunately the architecture reported by uname is not necessarily the same name as used in the repository metadata. Therefore it was not a good idea to set the architecture and manage the name via a mapping table. It also has turned out that repo arch names are distro specific which causes more complexity on an eventual mapping table. In the end this commit changes the way how the repository architecture is setup in a way that we only set the architecture if a name was explicitly specified such that the user keeps full control over it without any mapping magic included This Fixes bsc#1185287 * Do not apply default subcommand for derivate containers This commit does not apply the default subcommand for derivate containers. Fixes bsc#1184823 * Added openssl to the core requires openssl is used in kiwi to construct a password hash if the plaintext password feature for user settings is used. This Fixes bsc#1184128 ++++ open-iscsi: - Fix the usr-merge changes (bsc#1192013). This includes catching all the places that /sbin was still used directly, as well as making the SPEC file build using /usr/sbin for openSUSE but still use /sbin for SLE, for now. ++++ kernel-default: - PCI: ACPI: Check parent pointer in acpi_pci_find_companion() (git-fixes). - commit 90dd941 - PCI/ACPI: Don't reset a fwnode set by OF (git-fixes). - commit 0173047 - PCI/VPD: Defer VPD sizing until first access (git-fixes). - commit 92d679d - PCI: Make saved capability state private to core (git-fixes). - commit bac6705 - PCI/ACS: Enforce pci=noats with Transaction Blocking (git-fixes). - commit 6f1e5b6 - PCI/VPD: Add pci_vpd_check_csum() (git-fixes). - commit b2480cc - PCI/VPD: Add pci_vpd_find_ro_info_keyword() (git-fixes). - commit fdb75f4 - PCI/VPD: Add pci_vpd_alloc() (git-fixes). - commit fe7ed38 - Revert "Revert "rpm: Abolish scritplet templating (bsc#1189841)."" This reverts commit eebdae782118154482586a51f83b305ccb57f907. - commit d8f0414 ++++ selinux-policy: - fix_wine.patch: give Wine .dll same context as .so (bsc#1191976) ++++ yast2-trans: - Update to version 84.87.20211022.37a68b8306: * Translated using Weblate (Turkish) * New POT for text domain 'timezone_db'. * New POT for text domain 'country'. * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * New POT for text domain 'users'. * New POT for text domain 'network'. * New POT for text domain 'registration'. * Translated using Weblate (Hindi) * New POT for text domain 'installation'. ------------------------------------------------------------------ ------------------ 2021-10-24 - Oct 24 2021 ------------------- ------------------------------------------------------------------ ++++ pcre2: - pcre2 10.38: * Following Perl's lead, \K is now locked out in lookaround assertions by default, but an option is provided to re-enable the previous behaviour ++++ libsoup2: - Update to version 2.74.1: + Fix support for older versions of Vala. + Fix trying to build sysprof as a subproject on Windows. + Fix missing `extern "C"` in an installed header. + Improve `gssapi` dependency handling. + Fix `libsoup-doc` build target. + Updated translations. ------------------------------------------------------------------ ------------------ 2021-10-22 - Oct 22 2021 ------------------- ------------------------------------------------------------------ ++++ bash: - Using package bash-sh instead of the update-alternative mechanism. ++++ transactional-update: - Version 3.6.0 - Simplify mount hierarchy by just using a single slave bind mount as the root of the update environment; this may avoid the error messages of failed unmounts May fix [boo#1191945] ++++ kernel-default: - scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867 ltc#194757). - commit bb7897a ++++ cairo: - Add upstream patch + cairo-do-not-override-explicitly-requested-grayscale-aa.patch Do not replace explicitly set applications settings by user settings for font antialiasing. See: https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/114 ++++ ovmf: - Removed edk2-stable202105.tar.gz because we updated to edk2-stable202108 ++++ suse-module-tools: - Update to version 15.4.7: * fixup "rpm-script: fix bad exit status in OpenQA (bsc#1191922)" - Update to version 15.4.6: * rpm-script: fix bad exit status in OpenQA (bsc#1191922) * cert-script: Deal with existing $cert.delete file (bsc#1191804). * cert-script: Ignore kernel keyring for kernel certificates (bsc#1191480). * cert-script: Only print mokutil output in verbose mode. ++++ u-boot-rpiarm64: Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10 * Patches added: 0015-Enable-EFI-and-ISO-partitions-suppo.patch - boo#1191966 0016-Revert-video-backlight-fix-pwm-s-du.patch - boo#1187573 ++++ virt-manager: - Add dependency in spec file for python3-gobject-Gdk (bsc#1191705) virt-manager.spec ------------------------------------------------------------------ ------------------ 2021-10-21 - Oct 21 2021 ------------------- ------------------------------------------------------------------ ++++ grub2: - Remove openSUSE Tumbleweed specific handling for default grub distributor (bsc#1191198) - Use /usr/lib/os-release as fallback (bsc#1191196) * grub2-default-distributor.patch * grub2-check-default.sh - VUL-0: grub2: grub2-once uses fixed file name in /var/tmp (bsc#1190474) (CVE-2021-46705) * grub2-once * grub2-once.service - Fix unknown TPM error on buggy uefi firmware (bsc#1191504) * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch - Fix error /boot/grub2/locale/POSIX.gmo not found (bsc#1189769) * 0001-Filter-out-POSIX-locale-for-translation.patch - Fix error lvmid disk cannot be found after second disk added to the root volume group (bsc#1189874) (bsc#1071559) * 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch - Fix error in grub installation due to unnecessary requirement to support excessive device for the root logical volume (bsc#1184135) * 0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch - Fix regression in reading xfs v4 * 0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch ++++ gtk2: - Add gtk2-rpmlintrc (boo#1191758): + Filter wrong split request for libgdk-x11-2.0.so.0: the library shares the version info with gtk2 and is allowed to be in the same library package. + Filter libgail.so.18 split request: the error is actually correct, but gtk2 being a legacy package does not justify the extra efort. The libgtk-2_0-0 package is the only consumer. ++++ kernel-default: - irq_work: Also rcuwait for !IRQ_WORK_HARD_IRQ on PREEMPT_RT (bsc#1189998 (PREEMPT_RT prerequisite backports)). - irq_work: Handle some irq_work in a per-CPU thread on PREEMPT_RT (bsc#1189998 (PREEMPT_RT prerequisite backports)). - irq_work: Allow irq_work_sync() to sleep if irq_work() no IRQ support (bsc#1189998 (PREEMPT_RT prerequisite backports)). - commit 4d0412e - sched: Add cluster scheduler level for x86 (bsc#1189999 (Scheduler functional and performance backports)). - Update config files. - commit 7189714 - x86/cpu: Add get_llc_id() helper function (bsc#1189999 (Scheduler functional and performance backports)). - commit 297c787 - sched: Add cluster scheduler level in core and related Kconfig for ARM64 (bsc#1189999 (Scheduler functional and performance backports)). - Update config files. - commit c5db281 - topology: Represent clusters of CPUs within a die (bsc#1189999 (Scheduler functional and performance backports)). - commit 323bd69 - sched: Add wrapper for get_wchan() to keep task blocked (bsc#1189999 (Scheduler functional and performance backports)). - x86: Fix get_wchan() to support the ORC unwinder (bsc#1189999 (Scheduler functional and performance backports)). - proc: Use task_is_running() for wchan in /proc/$pid/stat (bsc#1189999 (Scheduler functional and performance backports)). - leaking_addresses: Always print a trailing newline (bsc#1189999 (Scheduler functional and performance backports)). - Revert "proc/wchan: use printk format instead of lookup_symbol_name()" (bsc#1189999 (Scheduler functional and performance backports)). - sched: Fill unconditional hole induced by sched_entity (bsc#1189999 (Scheduler functional and performance backports)). - kernel/sched: Fix sched_fork() access an invalid sched_task_group (bsc#1189999 (Scheduler functional and performance backports)). - sched/topology: Remove unused numa_distance in cpu_attach_domain() (bsc#1189999 (Scheduler functional and performance backports)). - sched/numa: Fix a few comments (bsc#1189999 (Scheduler functional and performance backports)). - sched/numa: Remove the redundant member numa_group::fault_cpus (bsc#1189999 (Scheduler functional and performance backports)). - sched/numa: Replace hard-coded number by a define in numa_task_group() (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Removed useless update of p->recent_used_cpu (bsc#1189999 (Scheduler functional and performance backports)). - sched: Remove pointless preemption disable in sched_submit_work() (bsc#1189998 (PREEMPT_RT prerequisite backports)). - sched: Move kprobes cleanup out of finish_task_switch() (bsc#1189998 (PREEMPT_RT prerequisite backports)). - sched: Disable TTWU_QUEUE on RT (bsc#1189998 (PREEMPT_RT prerequisite backports)). - sched: Limit the number of task migrations per batch on RT (bsc#1189998 (PREEMPT_RT prerequisite backports)). - sched: Move mmdrop to RCU on RT (bsc#1189998 (PREEMPT_RT prerequisite backports)). - sched: Make cookie functions static (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Consider SMT in ASYM_PACKING load balance (jsc#SLE-18889). - sched/fair: Carve out logic to mark a group for asymmetric packing (jsc#SLE-18889). - sched/fair: Provide update_sg_lb_stats() with sched domain statistics (jsc#SLE-18889). - sched/fair: Optimize checking for group_asym_packing (jsc#SLE-18889). - sched/topology: Introduce sched_group::flags (jsc#SLE-18889). - x86/sched: Decrease further the priorities of SMT siblings (jsc#SLE-18889). - kthread: Move prio/affinite change into the newly created thread (bsc#1189998 (PREEMPT_RT prerequisite backports)). - sched: Remove unused inline function __rq_clock_broken() (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Use __schedstat_set() in set_next_entity() (bsc#1189999 (Scheduler functional and performance backports)). - sched: adjust sleeper credit for SCHED_IDLE entities (bsc#1189999 (Scheduler functional and performance backports)). - sched: reduce sched slice for SCHED_IDLE entities (bsc#1189999 (Scheduler functional and performance backports)). - sched: Account number of SCHED_IDLE entities on each cfs_rq (bsc#1189999 (Scheduler functional and performance backports)). - fs/proc/uptime.c: Fix idle time reporting in /proc/uptime (bsc#1189999 (Scheduler functional and performance backports)). Refresh patches.suse/ACPI-acpi_pad-Do-not-launch-acpi_pad-threads-on-idle-cpus.patch. - sched/core: Simplify core-wide task selection (bsc#1189999 (Scheduler functional and performance backports)). - sched: Switch wait_task_inactive to HRTIMER_MODE_REL_HARD (bsc#1189998 (PREEMPT_RT prerequisite backports)). - sched/fair: Trigger nohz.next_balance updates when a CPU goes NOHZ-idle (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Add NOHZ balancer flag for nohz.next_balance updates (bsc#1189999 (Scheduler functional and performance backports)). - drivers/base/node.c: use bin_attribute to break the size limitation of cpumap ABI (bsc#1189999 (Scheduler functional and performance backports)). - topology: use bin_attribute to break the size limitation of cpumap ABI (bsc#1189999 (Scheduler functional and performance backports)). - cpumask: introduce cpumap_print_list/bitmask_to_buf to support large bitmask and list (bsc#1189999 (Scheduler functional and performance backports)). - sched: Cgroup SCHED_IDLE support (bsc#1189999 (Scheduler functional and performance backports)). - commit 2792d9b ++++ systemd: - Temporarily disable systemd-experimental sub-package until rpmlint is updated. - Add 1009-drop-or-soften-deprecation-warnings.patch ++++ pam: - Corrected a bad directive file which resulted in the "securetty" file to be installed as "macros.pam". [pam.spec] ------------------------------------------------------------------ ------------------ 2021-10-20 - Oct 20 2021 ------------------- ------------------------------------------------------------------ ++++ dnsmasq: - Use systemd-sysusers from 15.3 onwards ++++ kernel-default: - Linux 5.14.14 (stable-5.14.14). - commit cdb7a44 - net: dsa: felix: break at first CPU port during init and teardown (stable-5.14.14). - net: mscc: ocelot: cross-check the sequence id from the timestamp FIFO with the skb PTP header (stable-5.14.14). - net: mscc: ocelot: deny TX timestamping of non-PTP packets (stable-5.14.14). - net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (stable-5.14.14). - net: mscc: ocelot: avoid overflowing the PTP timestamp FIFO (stable-5.14.14). - net: mscc: ocelot: make use of all 63 PTP timestamp identifiers (stable-5.14.14). - ionic: don't remove netdev->dev_addr when syncing uc list (stable-5.14.14). - commit d86b081 - block/rnbd-clt-sysfs: fix a couple uninitialized variable bugs (stable-5.14.14). - mlxsw: thermal: Fix out-of-bounds memory accesses (stable-5.14.14). - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (stable-5.14.14). - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (stable-5.14.14). - nfp: flow_offload: move flow_indr_dev_register from app init to app start (stable-5.14.14). - ice: fix locking for Tx timestamp tracking flush (stable-5.14.14). - r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256 (stable-5.14.14). - qed: Fix missing error code in qed_slowpath_start() (stable-5.14.14). - mqprio: Correct stats in mqprio_dump_class_stats() (stable-5.14.14). - mptcp: fix possible stall on recvmsg() (stable-5.14.14). - commit ee264dd - vhost-vdpa: Fix the wrong input in config_cb (stable-5.14.14). - ethernet: s2io: fix setting mac address during resume (stable-5.14.14). - nfc: fix error handling of nfc_proto_register() (stable-5.14.14). - net: encx24j600: check error in devm_regmap_init_encx24j600 (stable-5.14.14). - net/mlx5e: Switchdev representors are not vlan challenged (stable-5.14.14). - net: dsa: fix spurious error message when unoffloaded port leaves bridge (stable-5.14.14). - net: dsa: microchip: Added the condition for scheduling ksz_mib_read_work (stable-5.14.14). - net: dsa: mv88e6xxx: don't use PHY_DETECT on internal PHY's (stable-5.14.14). - net: phy: Do not shutdown PHYs in READY state (stable-5.14.14). - net: stmmac: fix get_hw_feature() on old hardware (stable-5.14.14). - commit 809f3a8 - clk: renesas: rzg2l: Fix clk status function (stable-5.14.14). - ARM: dts: bcm2711-rpi-4-b: Fix pcie0's unit address formatting (stable-5.14.14). - ARM: dts: bcm2711-rpi-4-b: fix sd_io_1v8_reg regulator states (stable-5.14.14). - ARM: dts: bcm2711: fix MDIO #address- and #size-cells (stable-5.14.14). - sctp: account stream padding length for reconf chunk (stable-5.14.14). - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (stable-5.14.14). - net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path (stable-5.14.14). - net: korina: select CRC32 (stable-5.14.14). - net: arc: select CRC32 (stable-5.14.14). - net/smc: improved fix wait on already cleared link (stable-5.14.14). - commit 0bb8d8e - Revert "virtio-blk: Add validation for block size in config space" (stable-5.14.14). - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (stable-5.14.14). - x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically (stable-5.14.14). - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells (stable-5.14.14). - iio: adc: aspeed: set driver data when adc probe (stable-5.14.14). - tracing: Fix missing osnoise tracer on max_latency (stable-5.14.14). - tee: optee: Fix missing devices unregister during optee_remove (stable-5.14.14). - ARM: dts: bcm2711-rpi-4-b: Fix usb's unit address (stable-5.14.14). - ARM: dts: bcm283x: Fix VEC address for BCM2711 (stable-5.14.14). - virtio-blk: remove unneeded "likely" statements (stable-5.14.14). - commit 34ea1c0 - blacklist.conf: remove the entries to be backported via 5.14.14 stable - commit 7f83a6f - virtio: write back F_VERSION_1 before validate (stable-5.14.14). - efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() (stable-5.14.14). - efi/cper: use stack buffer for error record decoding (stable-5.14.14). - USB: serial: qcserial: add EM9191 QDL support (stable-5.14.14). - USB: serial: option: add Quectel EC200S-CN module support (stable-5.14.14). - USB: serial: option: add prod. id for Quectel EG91 (stable-5.14.14). - USB: serial: option: add Telit LE910Cx composition 0x1204 (stable-5.14.14). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (stable-5.14.14). - xhci: Fix command ring pointer corruption while aborting a command (stable-5.14.14). - Input: xpad - add support for another USB ID of Nacon GC-100 (stable-5.14.14). - commit 210e031 - mei: me: add Ice Lake-N device id (stable-5.14.14). - xhci: add quirk for host controllers that don't update endpoint DCS (stable-5.14.14). - module: fix clang CFI with MODULE_UNLOAD=n (stable-5.14.14). - arm64/hugetlb: fix CMA gigantic page order for non-4K PAGE_SIZE (stable-5.14.14). - btrfs: fix abort logic in btrfs_replace_file_extents (stable-5.14.14). - btrfs: check for error when looking up inode during dir entry replay (stable-5.14.14). - btrfs: deal with errors when adding inode reference during log replay (stable-5.14.14). - btrfs: deal with errors when replaying dir entry during log replay (stable-5.14.14). - btrfs: update refs for any root except tree log roots (stable-5.14.14). - btrfs: unlock newly allocated extent buffer after error (stable-5.14.14). - commit f6ad9c3 - nds32/ftrace: Fix Error: invalid operands (*UND* and *UND* sections) for `^' (stable-5.14.14). - dm: fix mempool NULL pointer race when completing IO (stable-5.14.14). - dm rq: don't queue request to blk-mq during DM suspend (stable-5.14.14). - s390: fix strrchr() implementation (stable-5.14.14). - csky: Fixup regs.sr broken in ptrace (stable-5.14.14). - csky: don't let sigreturn play with priveleged bits of status register (stable-5.14.14). - ACPI: PM: Include alternate AMDI0005 id in special behaviour (stable-5.14.14). - platform/x86: gigabyte-wmi: add support for B550 AORUS ELITE AX V2 (stable-5.14.14). - platform/x86: amd-pmc: Add alternative acpi id for PMC controller (stable-5.14.14). - commit cbe2ba1 - Update patch references for stable-5.14.14 - commit c50dd6b - net/mlx5e: Fix division by 0 in mlx5e_select_queue for representors (jsc#SLE-19253). - net/mlx5e: Allow only complete TXQs partition in MQPRIO channel mode (jsc#SLE-19253). - net/mlx5: Fix cleanup of bridge delayed work (jsc#SLE-19253). - ionic: move filter sync_needed bit set (jsc#SLE-19282). - net/mlx5e: Mutually exclude setting of TX-port-TS and MQPRIO in channel mode (jsc#SLE-19253). - net/mlx5e: Improve MQPRIO resiliency (jsc#SLE-19253). - net: hns3: PF enable promisc for VF when mac table is overflow (bsc#1190336). - net: hns3: fix hclge_dbg_dump_tm_pg() stack usage (bsc#1190336). - RDMA/usnic: Lock VF with mutex instead of spinlock (jsc#SLE-19249). - igc: fix build errors for PTP (jsc#SLE-18377). - devlink: Fix port_type_set function pointer check (jsc#SLE-19253). - commit 1989ed9 - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (CVE-2021-3542 bsc#1184673). - commit f01ebd2 - PCI: Change the type of probe argument in reset functions (jsc#SLE-19359). - commit 15b2a9c - PCI: Add support for ACPI _RST reset method (jsc#SLE-19359). - commit 954ff8e - PCI: Setup ACPI fwnode early and at the same time with OF (jsc#SLE-19357). - commit 4efb7e7 - mm: fs: invalidate bh_lrus for only cold path (git fixes (fs)). - mm/shmem.c: fix judgment error in shmem_is_huge() (git fixes (mm/shmem)). - commit 9a4edb0 - PCI: Use acpi_pci_power_manageable() (jsc#SLE-19357). - commit b978bc6 - PCI: Add pci_set_acpi_fwnode() to set ACPI_COMPANION (jsc#SLE-19357). - commit edd957b - PCI: Allow userspace to query and set device reset mechanism (jsc#SLE-19359). - commit 836778f - PCI: Remove reset_fn field from pci_dev (jsc#SLE-19359). - commit de732a2 - PCI: Add array to track reset method ordering (jsc#SLE-19359). - commit b158f04 - PCI: Add pcie_reset_flr() with 'probe' argument (jsc#SLE-19359). - PCI: Cache PCIe Device Capabilities register (jsc#SLE-19359). - commit da5c594 - PCI/VPD: Treat invalid VPD like missing VPD capability (jsc#SLE-19359). - commit 53f468a - PCI/VPD: Determine VPD size in pci_vpd_init() (jsc#SLE-19359). - commit 470bfbb - PCI/VPD: Embed struct pci_vpd in struct pci_dev (jsc#SLE-19359). - commit 47aa1b9 - PCI/VPD: Remove struct pci_vpd.valid member (jsc#SLE-19359). - commit ef22353 - kernel-binary.spec: Bump dwarves requirement to 1.22. 1.22 is finally released, and it is required for functionality. - commit 83e6c84 ++++ libglvnd: - libglvnd.rpmlintrc * workaround for future buildcheck (boo#1191763) ++++ openssl-1_1: - Import centralized crypto policy profile from Factory [jsc#SLE-15832] * openssl-1.1.1-system-cipherlist.patch * openssl-1_1-disable-test_srp-sslapi.patch * openssl-1_1-seclevel.patch * openssl-1_1-use-seclevel2-in-tests.patch ++++ libxml2: - Rewrite package to the single-spec %python_subpackage_only style and eliminate unnecessary multibuild. ++++ osinfo-db: - Update to database version 20211013 osinfo-db-20211013.tar.xz ++++ podman: - Update to version 3.4.1: * Bugfixes - Fixed a bug where podman machine init could, under some circumstances, create invalid machine configurations which could not be started (#11824). - Fixed a bug where the podman machine list command would not properly populate some output fields. - Fixed a bug where podman machine rm could leave dangling sockets from the removed machine (#11393). - Fixed a bug where podman run --pids-limit=-1 was not supported (it now sets the PID limit in the container to unlimited) (#11782). - Fixed a bug where podman run and podman attach could throw errors about a closed network connection when STDIN was closed by the client (#11856). - Fixed a bug where the podman stop command could fail when run on a container that had another podman stop command run on it previously. - Fixed a bug where the --sync flag to podman ps was nonfunctional. - Fixed a bug where the Windows and OS X remote clients' podman stats command would fail (#11909). - Fixed a bug where the podman play kube command did not properly handle environment variables whose values contained an = (#11891). - Fixed a bug where the podman generate kube command could generate invalid annotations when run on containers with volumes that use SELinux relabelling (:z or :Z) (#11929). - Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. user and group, entrypoint, default protocol for forwarded ports) (#11914, #11915, and #11965). - Fixed a bug where the podman generate kube command could, under some circumstances, generate YAML including an invalid targetPort field for forwarded ports (#11930). - Fixed a bug where rootless Podman's podman info command could, under some circumstances, not read available CGroup controllers (#11931). - Fixed a bug where podman container checkpoint --export would fail to checkpoint any container created with --log-driver=none (#11974). * API - Fixed a bug where the Compat Create endpoint for Containers could panic when no options were passed to a bind mount of tmpfs (#11961). ++++ libxml2-python: - Rewrite package to the single-spec %python_subpackage_only style and eliminate unnecessary multibuild. ++++ tpm2.0-tools: - Update to version 5.2: + tpm2_nvextend: * Added option -n, --name to specify the name of the nvindex in hex bytes. This is used when cpHash ought to be calculated without dispatching the TPM2_NV_Extend command to the TPM. + tpm2_nvread: * Added option --rphash=FILE to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. * Added option -n, --name to specify the name of the nvindex in hex bytes. This is used when cpHash ought to be calculated without dispatching the TPM2_NVRead command to the TPM. * Added option -S, --session to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. + tpm2_nvsetbits: * Added option --rphash=FILE to specify file path to record the hash of the response parameters. This is commonly termed as rpHash. * Added option -S, --session to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. * Added option -n, --name to specify the name of the nvindex in hex bytes. This is used when cpHash ought to be calculated without dispatching the TPM2_NV_SetBits command to the TPM. + tpm2_createprimary: * Support public-key output at creation time in various public-key formats. + tpm2_create: * Support public-key output at creation time in various public-key formats. + tpm2_print: * Support outputing public key in various public key formats over the default YAML output. Supports taking -u output from tpm2_create and converting it to a PEM or DER file format. + tpm2_import: * Add support for importing keys with sealed-data-blobs. + tpm2_rsaencrypt, tpm2_rsadecrypt: * Add support for specifying the hash algorithm with oaep. + tpm2_pcrread, tpm2_quote: * Add option -F, --pcrs_format to specify PCR format selection for the binary blob in the PCR output file. 'values' will output a binary blob of the PCR values. 'serialized' will output a binary blob of the PCR values in the form of serialized data structure in little endian format. + tpm2_eventlog: * Add support for decoding StartupLocality. * Add support for printing the partition information. * Add support for reading eventlogs longer than 64kb including from /sys/kernel/security/tpm0/binary_bios-measurements. + tpm2_duplicate: * Add option -L, --policy to specify an authorization policy to be associated with the duplicated object. * Added support for external key duplication without needing the TCTI. + tools: * Enhance error message on invalid passwords when sessions cannot be used. + lib/tpm2_options: * Add option to specify fake tcti which is required in cases where sapi ctx is required to be initialized for retrieving command parameters without invoking the tcti to talk to the TPM. + openssl: * Dropped support for OpenSSL < 1.1.0 * Add support for OpenSSL 3.0.0 + Support added to make the repository documentation and man pages available live on readthedocs. + Bug-fixes: * tpm2_import: Don't allow setting passwords for imported object with -p option as the tool doesn't modify the TPM2B_SENSITIVE structure. Added appropriate logging to indicate using tpm2_changeauth after import. * lib/tpm2_util.c: The function to calculate pHash algorithm returned error when input session is a password session and the only session in the command. * lib/tpm2_alg_util.c: Fix an error where oaep was parsed under ECC. * tpm2_sign: Fix segfaults when tool does not find TPM resources (TPM or RM). * tpm2_makecredential: Fix an issue where reading input from stdin could result in unsupported data size larger than the largest digest size. * tpm2_loadexternal: Fix an issue where restricted attribute could not be set. * lib/tpm2_nv_util.h: The NV index size is dependent on different data sets read from the GetCapability structures because there is a dependency on the NV operation type: Define vs Read vs Write vs Extend. Fix a sane default in the case where GetCapability fails or fails to report the specific property/ data set. This is especially true because some properties are TPM implementation dependent. * tpm2_createpolicy: Fix an issue where tool exited silently without reporting an error if wrong pcr string is specified. * lib/tpm2_alg_util: add error message on public init to prevent tools from dying silently, add an error message. * tpm2_import: fix an issue where an imported hmac object scheme was NULL. While allowed, it was inconsistent with other tools like tpm2_create which set the scheme as hmac->sha256 when generating a keyedhash object. - Drop patches already in upstream: + 0001-tpm2_checkquote-fix-uninitialized-variable.patch + 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch + 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch ------------------------------------------------------------------ ------------------ 2021-10-19 - Oct 19 2021 ------------------- ------------------------------------------------------------------ ++++ avahi: - Add rpmlintrc: Filter shlib-policy-name-error for libdns_sd (boo#1191750). ++++ grub2: - Fix installation on usrmerged s390x ++++ kernel-default: - blacklist.conf: 711885906b5c x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically - commit cf4ab4f - x86/fpu: Mask out the invalid MXCSR bits properly (bsc#1190497). - commit 58acecc - rpm/kernel-obs-build.spec.in: move to zstd for the initrd Newer distros have capability to decompress zstd, which provides a 2-5% better compression ratio at very similar cpu overhead. Plus this tests the zstd codepaths now as well. - commit 3d53a5b - rpm/kernel-obs-build.spec.in: reduce initrd functionality For building in OBS, we always build inside a virtual machine that gets a new, freshly created scratch filesystem image. So we do not need to handle fscks because that ain't gonna happen, as well as not we do not need to handle microcode update in the initrd as these only can be run on the host system anyway. We can also strip and hardlink as an additional optimisation that should not significantly hurt. - commit c72c6fc - blacklist.conf: 424b650f35c7 ("tracing: Fix missing osnoise tracer on max_latency") A cleanup. Not needed, because our configuration does not allow the fixed case. - commit aae9b8a - nvme-pci: Fix abort command id (git-fixes). - commit e887eb9 - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes). - pata_legacy: fix a couple uninitialized variable bugs (git-fixes). - commit e69f9af ++++ pcre: - pcre 8.45 (the final release) * Fixed a small (*MARK) bug in the interpreter (Bugzilla #2771). - pcre 8.44 * Small patch to pcreposix.c to set the erroroffset field to -1 immediately after a successful compile, instead of at the start of matching to avoid a sanitizer complaint (regexec is supposed to be thread safe). * Check the size of the number after (?C as it is read, in order to avoid integer overflow. (bsc#1172974, CVE-2020-14155) * Tidy up left shifts to avoid sanitize warnings; also fix one NULL deference in pcretest. - pcre 8.43 * In a pattern such as /[^\x{100}-\x{ffff}]*[\x80-\xff]/ which has a repeated negative class with no characters less than 0x100 followed by a positive class with only characters less than 0x100, the first class was incorrectly being auto-possessified, causing incorrect match failures. * If the only branch in a conditional subpattern was anchored, the whole subpattern was treated as anchored, when it should not have been, since the assumed empty second branch cannot be anchored. Demonstrated by test patterns such as /(?(1)^())b/ or /(?(?=^))b/. * Fix subject buffer overread in JIT when UTF is disabled and \X or \R has a greater than 1 fixed quantifier. This issue was found by Yunho Kim. (bsc#1172973 CVE-2019-20838) * If a pattern started with a subroutine call that had a quantifier with a minimum of zero, an incorrect "match must start with this character" could be recorded. Example: /(?&xxx)*ABC(?XYZ)/ would (incorrectly) expect 'A' to be the first character of a match. - pcre 8.42 * If a backreference with a minimum repeat count of zero was first in a pattern, apart from assertions, an incorrect first matching character could be recorded. For example, for the pattern /(?=(a))\1?b/, "b" was incorrectly set as the first character of a match. * Fix out-of-bounds read for partial matching of /./ against an empty string when the newline type is CRLF. * When matching using the the REG_STARTEND feature of the POSIX API with a non-zero starting offset, unset capturing groups with lower numbers than a group that did capture something were not being correctly returned as "unset" (that is, with offset values of -1). * Matching the pattern /(*UTF)\C[^\v]+\x80/ against an 8-bit string containing multi-code-unit characters caused bad behaviour and possibly a crash. This issue was fixed for other kinds of repeat in release 8.37 by change 38, but repeating character classes were overlooked. ++++ systemd: - Disable nss-systemd and translations features for the mini flavour ------------------------------------------------------------------ ------------------ 2021-10-18 - Oct 18 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - PCI/VPD: Remove struct pci_vpd_ops (git-fixes). - commit 984c94d - PCI/VPD: Remove struct pci_vpd.flag (jsc#SLE-19359). - commit 006d47c - PCI/VPD: Make pci_vpd_wait() uninterruptible (jsc#SLE-19359). - commit 334e7ed - PCI/VPD: Remove pci_vpd_size() old_size argument (jsc#SLE-19359). - commit 420bcdb - PCI/VPD: Allow access to valid parts of VPD if some is invalid (jsc#SLE-19359). - commit b0220ad - PCI/VPD: Don't check Large Resource Item Names for validity (jsc#SLE-19359). - commit 3f38b29 - Update upstream commit id for rtw89 patch (bsc#1191321) - commit 6302389 - EDAC/armada-xp: Fix output of uncorrectable error counter (bsc#1190497). - commit ab34390 - PCI/VPD: Reject resource tags with invalid size (jsc#SLE-19359). - commit 2e7fe76 - PCI/VPD: Reorder pci_read_vpd(), pci_write_vpd() (jsc#SLE-19359). - commit ca27a75 - PCI/MSI: Use new mask/unmask functions (jsc#SLE-19359). - commit 170d718 - PCI/MSI: Provide a new set of mask and unmask functions (jsc#SLE-19359). - commit c486b09 - PCI/MSI: Cleanup msi_mask() (jsc#SLE-19359). - commit d5b790b - PCI/MSI: Deobfuscate virtual MSI-X (jsc#SLE-19359). - commit 3f4f59c - PCI/MSI: Consolidate error handling in msi_capability_init() (jsc#SLE-19359). - commit 7aeefb4 - PCI/MSI: Rename msi_desc::masked (jsc#SLE-19359). - commit 1677f96 - s390/pci: Do not mask MSI[-X] entries on teardown (jsc#SLE-19359). - commit b8a920c - PCI/MSI: Simplify msi_verify_entries() (jsc#SLE-19359). - commit d5590a9 - eeprom: 93xx46: fix MODULE_DEVICE_TABLE (git-fixes). - commit d949730 - drivers: bus: simple-pm-bus: Add support for probing simple bus only devices (git-fixes). - driver core: Reject pointless SYNC_STATE_ONLY device links (git-fixes). - mei: hbm: drop hbm responses on early shutdown (git-fixes). - fpga: ice40-spi: Add SPI device ID table (git-fixes). - eeprom: 93xx46: Add SPI device ID table (git-fixes). - eeprom: at25: Add SPI ID table (git-fixes). - misc: fastrpc: Add missing lock before accessing find_vma() (git-fixes). - cb710: avoid NULL pointer subtraction (git-fixes). - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes). - iio: adis16480: fix devices that do not support sleep mode (git-fixes). - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes). - iio: adis16475: fix deadlock on frequency set (git-fixes). - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes). - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes). - iio: adc: ad7793: Fix IRQ flag (git-fixes). - iio: adc: ad7780: Fix IRQ flag (git-fixes). - iio: adc: ad7192: Add IRQ flag (git-fixes). - iio: adc: max1027: Fix the number of max1X31 channels (git-fixes). - iio: adc: max1027: Fix wrong shift with 12-bit devices (git-fixes). - iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes). - iio: accel: fxls8962af: return IRQ_HANDLED when fifo is flushed (git-fixes). - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes). - usb: musb: dsps: Fix the probe error path (git-fixes). - USB: xhci: dbc: fix tty registration race (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). - Input: resistive-adc-touch - fix division by zero error on z1 == 0 (git-fixes). - commit 4a8ed33 - net: mana: Fix error handling in mana_create_rxq() (jsc#SLE-18779, bsc#1185726). - commit 2dddb33 - Linux 5.14.13 (stable-5.14.13). - commit 8c13fce - ext4: correct the error path of ext4_write_inline_data_end() (stable-5.14.13). - ext4: check and update i_disksize properly (stable-5.14.13). - sched: Always inline is_percpu_thread() (stable-5.14.13). - perf/core: fix userpage->time_enabled of inactive events (stable-5.14.13). - hwmon: (pmbus/ibm-cffps) max_power_out swap changes (stable-5.14.13). - hwmon: (ltc2947) Properly handle errors when looking for the external clock (stable-5.14.13). - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" (stable-5.14.13). - scsi: ses: Fix unsigned comparison with less than zero (stable-5.14.13). - io_uring: kill fasync (stable-5.14.13). - drm/amdgpu: fix gart.bo pin_count leak (stable-5.14.13). - net: sun: SUNVNET_COMMON should depend on INET (stable-5.14.13). - mac80211: check return value of rhashtable_init (stable-5.14.13). - mac80211: Drop frames from invalid MAC address in ad-hoc mode (stable-5.14.13). - net: bgmac-platform: handle mac-address deferral (stable-5.14.13). - net: prevent user from passing illegal stab size (stable-5.14.13). - netfilter: nf_nat_masquerade: defer conntrack walk to work queue (stable-5.14.13). - netfilter: nf_nat_masquerade: make async masq_inet6_event handling generic (stable-5.14.13). - netfilter: ip6_tables: zero-initialize fragment offset (stable-5.14.13). - ASoC: SOF: loader: release_firmware() on load failure to avoid batching (stable-5.14.13). - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (stable-5.14.13). - ALSA: usb-audio: Unify mixer resume and reset_resume procedure (stable-5.14.13). - ALSA: oxfw: fix transmission method for Loud models based on OXFW971 (stable-5.14.13). - pinctrl: qcom: sc7280: Add PM suspend callbacks (stable-5.14.13). - m68k: Handle arrivals of multiple signals correctly (stable-5.14.13). - KVM: arm64: nvhe: Fix missing FORCE for hyp-reloc.S build rule (stable-5.14.13). - vboxfs: fix broken legacy mount signature checking (stable-5.14.13). - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (stable-5.14.13). - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (stable-5.14.13). - commit b87c703 - Update patch references for stable-5.14.13 - commit 35174a4 ++++ pcsc-lite: - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_pcscd.service.patch ++++ systemd: - Enable build of systemd-experimental sub-package It will be shipped in Leap only. - Really enable libiptc for masquerading support (bsc#1191651) Currently used by systemd-nspawn and systemd-networkd. - Convert systemd package to multibuild ++++ libvirt: - supportconfig: Use systemctl command 'is-active' instead of 'is-enabled' when checking if libvirtd is active ++++ libzypp: - Zypper should keep cached files if transaction is aborted (bsc#1190356) Singletrans mode currently does not keep files around if the transaction is aborted. This patch fixes the problem. - Require a minimum number of mirrors for multicurl (bsc#1191609) - Use procfs to detect nr of open fd's if rlimit is too high (bsc#1191324) Especially in a VM iterating over all possible fd's to close open ones right before a exec() slows down zypper unnecessarily. This patch uses /proc/self/fd to iterate over open fd's in case rlimit is above 1024. - po: Fix some lost '%' signs in positional args (bsc#1191370) - RepoManager: Don't probe for plaindir repo if URL schema is plugin: (bsc#1191286) - version 17.28.6 (22) ++++ pam_u2f: - Define macro _pam_moduledir if not set to fix builds for Leap and SLE ++++ supportutils: - getappcore identifies compressed core files (bsc#1191794) ++++ zypper: - Fix compiler warning. - zypper.conf: New option whether to collect subcommands found in $PATH (fixes #379) +[subcommand] i + +## Whether to look for subcommands in $PATH +## +## If a subcommand is not found in the zypper_execdir, the wrapper +## will look in the rest of your $PATH for it. Thus, it's possible +## to write local zypper extensions that don't live in system space. +## See section SUBCOMMANDS in the zypper manpage. +## +## Valid values: boolean +## Default value: yes +## +# seachSubcommandInPath = yes. - help subcommand: show path of command found in $PATH. - version 1.14.50 ------------------------------------------------------------------ ------------------ 2021-10-17 - Oct 17 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - clk: renesas: r9a07g044: Mark IA55_CLK and DMAC_ACLK critical (git-fixes). - clk: socfpga: agilex: fix duplicate s2f_user0_clk (git-fixes). - firmware: arm_ffa: Fix __ffa_devices_unregister (git-fixes). - firmware: arm_ffa: Add missing remove callback to ffa_bus_type (git-fixes). - commit 4bfc04e ------------------------------------------------------------------ ------------------ 2021-10-16 - Oct 16 2021 ------------------- ------------------------------------------------------------------ ++++ librsvg: - Update to version 2.52.2: + New features: - rsvg-convert now supports generating multi-page PDFs in a sensible way. - With one SVG document per page, each page with the SVG's natural size: - rsvg-convert --format=pdf -o out.pdf a.svg b.svg c.svg - With all pages sized as portrait US Letter, and each SVG scaled to fit so that there is a 1in margin around each page: rsvg-convert --format=pdf -o out.pdf \ - -page-width=8.5in --page-height=11in \ - -width=6.5in --height=8.5in --keep-aspect-ratio \ - -top=1in --left=1in a.svg b.svg c.svg Please see the man page for details. - Support elements inside . Also, support the CSS :link pseudo-class for matching against links. - Support the CSS :lang() pseudo-class for matching against an element's xml:lang attribute. - Support the mask-type property from SVG2. + Bugs fixed: - Don't panic when a shorthand property is set to inherit. - Fix regression with the viewport size of interior elements. - Allow length units to be case-insensitive, per SVG2. + Documentation: - There is now a FEATURES.md in the repository, where you can see all the elements, attributes, and properties that librsvg supports. We will be adding detail to this gradually. - For developers, there is now devel-docs/adding-a-property.md with a tutorial on how to add support for new CSS properties. ++++ kernel-default: - gpio: pca953x: Improve bias setting (git-fixes). - gpio: 74x164: Add SPI device ID table (git-fixes). - spi: bcm-qspi: clear MSPI spifie interrupt during probe (git-fixes). - spi: spi-nxp-fspi: don't depend on a specific node name erratum workaround (git-fixes). - spi: atmel: Fix PDC transfer setup bug (git-fixes). - spi: spidev: Add SPI ID table (git-fixes). - mtd: rawnand: qcom: Update code word value for raw read (git-fixes). - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes). - commit 640042d - drm/r128: fix build for UML (git-fixes). - drm/nouveau/fifo: Reinstate the correct engine bit programming (git-fixes). - drm/hyperv: Fix double mouse pointers (git-fixes). - drm/fbdev: Clamp fbdev surface size if too large (git-fixes). - drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read (git-fixes). - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes). - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes). - drm/msm/dsi: dsi_phy_14nm: Take ready-bit into account in poll_for_ready (git-fixes). - drm/msm/dsi/phy: fix clock names in 28nm_8960 phy (git-fixes). - drm/msm/dpu: Fix address of SM8150 PINGPONG5 IRQ register (git-fixes). - commit 2a33767 - drm/msm: Do not run snapshot on non-DPU devices (git-fixes). - drm/msm/a3xx: fix error handling in a3xx_gpu_init() (git-fixes). - drm/msm/a4xx: fix error handling in a4xx_gpu_init() (git-fixes). - drm/msm: Fix null pointer dereference on pointer edp (git-fixes). - drm/msm/mdp5: fix cursor-related warnings (git-fixes). - drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes). - drm/msm/dp: only signal audio when disconnected detected at dp_pm_resume (git-fixes). - drm/msm/submit: fix overflow check on 64-bit architectures (git-fixes). - drm/msm/a6xx: Track current ctx by seqno (git-fixes). - commit ae911f7 ++++ python-pytz: - update to 2021.3 * matches tzdata 2021c ------------------------------------------------------------------ ------------------ 2021-10-15 - Oct 15 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add add-samba-bgqd.diff: add profile for samba-bgqd (boo#1191532) ++++ audit-secondary: - Add CONFIG parameter to %sysusers_generate_pre ++++ fdo-client: - This is the successor of sdo-client EPIC: SLE/SLE-22946 ++++ iputils: - Drop ProtectClock hardening, can cause issues if other device acceess is needed ++++ kernel-default: - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - commit 3fb3802 - scsi: csiostor: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18989). - commit 0d8669e ++++ libapparmor: - add add-samba-bgqd.diff: add profile for samba-bgqd (boo#1191532) ++++ rdma-core: - Update to rdma-core v37.1 (jsc#SLE-18381, jsc#SLE-19249) - Bugfixes on all providers - Fix cmake flags to correct paths for .pc files ++++ Mesa: - update to 21.2.4 * fourth bugfix release * 300 fixes from the new r300 maintainer! Additionally, panfrost, lots of crocus, some freedreno, intel, radv, core meas, gallivum, anv, spirv, gallim, aco, i915g, lima, and llvmpipe fixes. - supersedes U_gallivm-add-new-wrapper-around-Module.patch, U_gallivm-fix-FTBFS-on-i386-with-LLVM-13.patch ++++ systemd: - Import commit ad045db5d34afeb4ece43f349783eda931e49a04 (merge of v249.5) 8de173ff93 mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984) [...] For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/2f8e2ef85dfbe8e10a21e0e1bd5e356ff8ed6c5a...ad045db5d34afeb4ece43f349783eda931e49a04 - Rename %{gnu-efi} into %{sd_boot} Build conditionals (%bcond_with and %bcond_without) are used to define a specific feature of systemd. "gnu-efi" is rather an implemenation detail. Also not really sure what "efi" option alone is useful for since systemd-boot & co depends on "gnu-efi". - Enable sd_boot support for aarch64 - Suppress PAM warning when the credentials for user@.service service are established (bsc#1190515) systemd-user PAM service needs to define a default implementation of pam_setcred() otherwise the fallback (defined by /etc/pam.d/other) is used, which consists of pam_warn.so + pam_deny.so, and will throw a warning each time a user logs in. - Drop systemd-logger (Leap only) This sub package was introduced in order to configure persistent journal and also to make sure that another syslog provider (such as rsyslog) couldn't be installed at the same time: each syslog provider conflicts with each others. However this mechanism didn't work since uninstalling systemd-logger wasn't magically turning off persistent logging because /var/log/journal is likely to be populated hence not removed. Moreover using a subpackage to configure the mode of journald was overkill and the usual ways (main conf file or drop-ins) should be preferred. This change should have no effect on SLE as the sub-package was shipped in Leap only. ++++ libvirt: - Drop 'Requires: libvirt-daemon-driver-lxc' from the main libvirt package jsc#SLE-22296 - qemu: Do not report eof when processing monitor IO 2703b0b5-qemu-dont-report-eof.patch bsc#1190917 ++++ nvme-cli: - Drop ProtectClock hardening, can cause issues if other device acceess is needed ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#527 - ensure perl-XML-Simple is available in installation system (bsc#1191498) - 16.57.2 ------------------------------------------------------------------ ------------------ 2021-10-14 - Oct 14 2021 ------------------- ------------------------------------------------------------------ ++++ gnutls: - Add crypto-policies support in SLE-15-SP4 [jsc#SLE-20287] ++++ kernel-default: - scsi: bnx2i: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-19010). - commit 7d4390e - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349). - commit c792d6c - Move upstreamed ALSA fix into sorted section - commit 0bb2bac - ALSA: usb-audio: Add quirk for VF0770 (git-fixes). - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl (git-fixes). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s Gen2 (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes). - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 (git-fixes). - ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop (git-fixes). - ALSA: usb-audio: Fix a missing error check in scarlett gen2 mixer (git-fixes). - commit ed955ae - supported.conf: sort sound/* entries - commit 590a3e1 - scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941). - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941). - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941). - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941). - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941). - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941). - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941). - scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941). - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941). - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941). - scsi: target: usb: Replace enable attr with ops.enable (bsc#1191649). - scsi: target: ibm_vscsi: Replace enable attr with ops.enable (bsc#1191649). - scsi: target: srpt: Replace enable attr with ops.enable (bsc#1191649). - scsi: target: sbp: Replace enable attr with ops.enable (bsc#1191649). - scsi: target: qla2xxx: Replace enable attr with ops.enable (bsc#1191649). - scsi: target: iscsi: Replace tpg enable attr with ops.enable (bsc#1191649). - scsi: target: core: Add common tpg/enable attribute (bsc#1191649). - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941). - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941). - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941). - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941). - scsi: qla2xxx: Fix NVMe retry (bsc#1190941). - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941). - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941). - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941). - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941). - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941). - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941). - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941). - scsi: qla2xxx: edif: Fix stale session (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941). - scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941). - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941). - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941). - scsi: qla2xxx: Fix port type info (bsc#1190941). - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941). - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941). - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941). - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941). - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941). - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941). - commit 0d93e70 ++++ Mesa: - u_fix-build-on-ppc64le.patch * fixes build on ppc64le (boo#1191569) ++++ lshw: - Update to version B.02.19.2+git.20211013: * add some includes * fix typo * cosmetic fixes * support for new ethtool capabilities * code clean-up * code clean-up * allow pkg-config override * allow pkg-config override * Remove unnecessary space before closing parenthesis * Translate all words of a phrase together * Fix another typo ++++ pam: - Added tmpfiles for pam to set up directory for pam_faillock. [pam.conf] ++++ ovmf: - Update to edk2-stable202108 - Features (https://github.com/tianocore/edk2/releases): OvmfPkg: remove Xen support from OvmfPkg*.dsc, in favor of OvmfXen.dsc Add CLANGDWARF toolchain for generating ELF+DWARF NetworkPkg/IScsiDxe: remotely exploitable buffer overflows NetworkPkg/IScsiDxe: add sha256 support to CHAP Create header files and multiple Hobs for Universal Payload Add search feature in config editor Add additional build option to treat Dynamic Pcd as DynamicEx Pcd Add a new MicrocodeLib for microcode loading Implement key enrolment from default key variables StandaloneMm support for 32bit Arm machines Add firmware support for Cloud Hypervisor on arm64 Support architecture-specific openssl acceleration Support measured AMD SEV boot with kernel/initrd/cmdline Add ACPI 6.4 header Add new BootDiscoveryPolicyUiLib - Patches (git log --oneline --reverse edk2-stable202105~..edk2-stable202108): e1999b264f ArmPkg/ArmGic: Fix maximum number of interrupts in GICv3 b8ed8c0fb2 Maintainers.txt: add Sami Mujawar as top-level ArmVirtPkg reviewer dbc22a1785 UefiCpuPkg/MpInitLib: Allocate a separate SEV-ES AP reset stack area 0095070e70 MdePkg/Register/Amd: expand the SEV MSR to include the SNP definition f828fc9876 MdePkg/Register/Amd: realign macros with more space for future expansion 34e16ff883 MdePkg/Register/Amd: define GHCB macros for hypervisor feature detection f0983b2074 MdePkg/Register/Amd: define GHCB macro for Register GPA structure 4665fa6503 MdePkg/Register/Amd: define GHCB macro for the Page State Change dfd41aef78 MdePkg/Register/Amd: define GHCB macros for SNP AP creation 5a7cbd54a1 MdePkg/BaseLib: add support for PVALIDATE instruction 2b5b2ff04d MdePkg/BaseLib: add support for RMPADJUST instruction 901a9bfc3a OvmfPkg/BaseMemEncryptSevLib: introduce MemEncryptSevClearMmioPageEncMask() c394fa4c9e OvmfPkg/AmdSevDxe: use MemEncryptSevClearMmioPageEncMask() to clear EncMask 8ee4e52ba8 OvmfPkg/QemuFlashFvbServicesRuntimeDxe: use Mmio helper to clear enc mask b4a8de5d27 OvmfPkg/TpmMmioSevDecryptPei: use MemEncryptSevClearMmioPageEncMask() adfa3327d4 OvmfPkg/BaseMemEncryptSevLib: remove Flush parameter fe5da0927a IntelFsp2WrapperPkg: Remove microcode related PCDs d3ff5dbe1d MdePkg: MmControl: Fix function and structure definition mismatches 197e27c90a MdePkg: Add new 16550-compatible Serial Port Subtypes to DBG2 fdf3666f01 MdePkg: Update DBG2 and SPCR header with NVIDIA 16550 Subtype b233eb1849 EmbeddedPkg/RealTimeClockRuntimeDxe: Improve GetWakeupTime b5379899b3 MdeModulePkg/Xhci: Fix TRT when data length is 0 039e07f626 MdePkg/MdeModulePkg: Move AML_NAME_SEG_SIZE definition 1f515342d8 DynamicTablesPkg: Use AML_NAME_SEG_SIZE define 75e9154f81 OvmfPkg/VirtioMmioDeviceLib: Add EFIAPI to VirtioMmioSetQueueAddress c410ad4da4 MdePkg/BaseLib: Fix AsmReadSs() with GCC toolchain c1aa3bab12 BaseTools: Add ClangBase.lds for CLANG8 tool chain with max-page-size c6b872c6ab BaseTools GenFw: Support CLANG8ELF with conversion ELF to PE/COFF image cf9959adff BaseTools: Update build_rule to skip CLANG resource section generation 4b56ad2049 BaseTools: Add new CLANG8ELF tool chain for new LLVM/CLANG8 e1636fe18f BaseTools: Update ClangBase.lds to keep dynamic section 924c2b847f BaseTools: Change CLANG8ELF to CLANGDWARF e25566cd2b OvmfPkg: remove the Xen drivers from the IA32, IA32X64, and X64 platforms aa7f19f480 OvmfPkg: remove the Xen drivers from the AmdSev platform 7bc04a75a7 OvmfPkg: switch IA32, IA32X64, X64 to the fw_cfg-only ACPI platform driver d697037446 OvmfPkg: switch the AmdSev platform to the fw_cfg-only ACPI platform driver ae4aa4a346 OvmfPkg/README: bump minimum QEMU version to 1.7.1, machine types to 1.7 2a85d9b07e OvmfPkg/AcpiPlatformDxe: fix header file warts 180f1908b3 OvmfPkg/AcpiPlatformDxe: sort #includes and [LibraryClasses] 6d1e56e715 OvmfPkg/AcpiPlatformDxe/QemuLoader.h: remove QemuFwCfgLib class dependency 747b1ef725 OvmfPkg/AcpiPlatformDxe: move "QemuLoader.h" to IndustryStandard cc302b799e OvmfPkg/AcpiPlatformDxe: consolidate #includes and [LibraryClasses] c9bba52fc7 OvmfPkg/XenAcpiPlatformDxe: create from AcpiPlatformDxe a31fcb5096 OvmfPkg/AcpiPlatformDxe: remove the "AcpiPlatformDxe.inf" driver 4115840c28 OvmfPkg/XenAcpiPlatformDxe: remove the QEMU ACPI linker/loader client d6ba8aa6ef OvmfPkg/XenAcpiPlatformDxe: remove QEMU fw_cfg dependency 3f975ee570 OvmfPkg/XenAcpiPlatformDxe: remove the InstallAcpiTable() helper function 8f8d3d90c5 OvmfPkg/XenAcpiPlatformDxe: remove OVMF's built-in ACPI tables 4174c5c787 OvmfPkg/Bhyve/AcpiPlatformDxe: fix file path typo in comment d491c88a0c OvmfPkg/AcpiTables: remove unused module e7641171b6 OvmfPkg/OvmfXen: make "PcdPciDisableBusEnumeration" Fixed-at-Build 3357ac7380 OvmfPkg/XenAcpiPlatformDxe: remove delayed ACPI table installation d06eb2d1d9 OvmfPkg/PlatformPei: remove Xen support 8899e3fe6a OvmfPkg: drop PcdPciDisableBusEnumeration from the IA32, IA32X64, X64 DSCs 2833589ad0 OvmfPkg: drop PcdPciDisableBusEnumeration from the AmdSev platform e43cca74ad OvmfPkg/Bhyve: make "PcdPciDisableBusEnumeration" Fixed-at-Build b005f9f1f5 OvmfPkg/OvmfXen: remove IncompatiblePciDeviceSupport DXE driver 8c8f886f27 OvmfPkg/Bhyve: remove IncompatiblePciDeviceSupport DXE driver 984c93ece3 OvmfPkg/IncompatiblePciDeviceSupportDxe: remove PcdPciDisableBusEnumeration 32fef03563 OvmfPkg/PciHostBridgeLib: consolidate #includes and INF file sections e120c962f5 OvmfPkg/PciHostBridgeLibScan: create from PciHostBridgeLib c2f24ba321 OvmfPkg/Bhyve: consume PciHostBridgeLibScan 307763c3da OvmfPkg/OvmfXen: consume PciHostBridgeLibScan 242678da2a OvmfPkg/PciHostBridgeLib: remove Bhyve and Xen support 33d4f3e39e OvmfPkg/PciHostBridgeLibScan: remove QEMU (fw_cfg) support 4c81178cf0 OvmfPkg/PciHostBridgeLibScan: remove PcdOvmfHostBridgePciDevId 8af38170b5 OvmfPkg/PciHostBridgeLibScan: clean up file names and file-top comments 7e25086a00 OvmfPkg/SmbiosPlatformDxe: clean up #includes and INF 5072593738 OvmfPkg/SmbiosPlatformDxe: return EFI_NOT_FOUND if there is no SMBIOS data 4db374562f OvmfPkg/SmbiosPlatformDxe: locate SMBIOS protocol in InstallAllStructures() a8ab14424e OvmfPkg/SmbiosPlatformDxe: split GetXenSmbiosTables() decl. to new header 9d84e74ca0 OvmfPkg/SmbiosPlatformDxe: declare InstallAllStructures() in header file d4a8aaee73 OvmfPkg/SmbiosPlatformDxe: create Xen-specific module INF file ce270905bf OvmfPkg/SmbiosPlatformDxe: split Xen entry point from QEMU entry point 51adb689e1 OvmfPkg: restrict XenPlatformLib to BdsDxe in the IA32, IA32X64, X64 DSCs ddb3fdbef3 BaseTools GenFw: Fix regression issue to convert the image to ACPI data 558d83ab1a OvmfPkg/README: Fix typo in README beb443fde0 ShellPkg: Fix typo 702ba436ed OvmfPkg/PlatformCI: bump QEMU choco package version to 2021.5.5 83761337ec NetworkPkg/IScsiDxe: wrap IScsiCHAP source files to 80 characters 29cab43bb7 NetworkPkg/IScsiDxe: simplify "ISCSI_CHAP_AUTH_DATA.InChallenge" size 95616b8661 NetworkPkg/IScsiDxe: clean up "ISCSI_CHAP_AUTH_DATA.OutChallengeLength" e8f28b09e6 NetworkPkg/IScsiDxe: clean up library class dependencies cf01b2dc8f NetworkPkg/IScsiDxe: fix potential integer overflow in IScsiBinToHex() d90fff40cb NetworkPkg/IScsiDxe: assert that IScsiBinToHex() always succeeds dc469f1371 NetworkPkg/IScsiDxe: reformat IScsiHexToBin() leading comment block 47b76780b4 NetworkPkg/IScsiDxe: fix IScsiHexToBin() hex parsing 54e90edaed NetworkPkg/IScsiDxe: fix IScsiHexToBin() buffer overflow b8649cf2a3 NetworkPkg/IScsiDxe: check IScsiHexToBin() return values 288bd74a22 Pytool: SpellCheck: Fix incorrect file mask across package matrices 1ad794b627 MdeModulePkg: Fix device path when boot manager menu is from different FV 11b1c1d4b9 SecurityPkg: TcgStorageOpalLib: Initialize SupportedAttributes parameter. d58016b768 UefiPayloadPkg: Get platform specific logic via protocol for BDS d8c18ba3f4 MdeModulePkg: Add Universal Payload general definition header file b597b6e24c MdeModulePkg: Add new structure for the PCI Root Bridge Info Hob 99de2e7e03 UefiPayloadPkg: UefiPayload retrieve PCI root bridge from Guid Hob 9d53e01efe MdeModulePkg: Add new structure for the Universal Payload SMBios Table Hob 70e8c9c3bc MdeModulePkg/Universal/SmbiosDxe: Scan for existing tables 302a8f353c UefiPayloadPkg: Create gUniversalPayloadSmbiosTableGuid Hob 75293330ea MdeModulePkg: Add new structure for the Universal Payload ACPI Table Hob 761329ee27 MdeModulePkg/ACPI: Install ACPI table from HOB. 8c0d678063 UefiPayloadPkg: Create gUniversalPayloadAcpiTableGuid Hob fa24b6ed26 UefiPayloadPkg: Use DynamicEx instead of Dynamic to pass PCD across binary c511426abe MdeModulePkg/UniversalPayload: Add definition for extra info in payload fe471d4a57 UefiPayloadPkg: Add PayloadLoaderPeim which can load ELF payload ab2b389e7a PeiCore: Remove assertion when failing to load PE image 1b380aa603 BaseTools GenFw: Keep read only alloc section as text when convert ELF 9cf9de668f StandaloneMmPkg: Core: Spelling error in comment 610385fa3b ArmPlatformPkg: SpellCheck: Switch spellcheck CI to AuditOnly 04ddd1271e ArmPkg: SpellCheck: Update valid acronyms in ExtendedWords cdf7544703 MdeModulePkg PciBusDxe: Increase the width of data read during oprom shadow 2847c72fda Maintainers.txt: Add Reviewers for Universal Payload definitions 1162ae8297 Maintainers.txt: Add reviewers for ACPI and SMBIOS modules a63914d3f6 ArmPkg: Move cache defs used in Universal/Smbios into ArmCache.h 6cfeeb71c4 UefiCpuPkg/CpuCommonFeaturesLib: Correct the CPU location check d9a7612f8d MdeModulePkg/BdsDxe: Update BdsEntry to use Variable Policy 5959879e92 ArmVirtPkg: Add PCIe host bridge utility lib for ArmVirtPkg 4dda0f7ab4 ArmVirtPkg: Enable PCIe support for Kvmtool 1e5e58d39b UefiPayloadPkg/UefiPayloadEntry: Improve bootloader memrange parsing 7471751a4d UefiPayloadPkg/UefiPayloadEntry: Remove 4GB memory WA 20ca528828 CryptoPkg: BaseCryptLib: Update Salt length requirement for RSA-PSS scheme. 18b2272e4d Azurepipeline: SpellCheck: Enforce Node dependency to use version 14.x eba32695ee CryptoPkg/BaseCryptLib: Enabled CryptSha512 for Smm/Runtime drivers 12e34cd2f7 OvmfPkg/Bhyve: clean up TPM_ENABLE remnants 82f727c4af UefiPayloadPkg: Add HobLib for UniversalPayload ea0bd5f6a7 MdeModulePkg: Add new structure for the Universal Payload Serial Port Info a75c029f60 UefiPayloadPkg: Add a separate PlatformHookLib for Universal Payload d63595c3c9 UefiPayloadPkg: Update the function definition of HobConstructor 0ff6de9358 UefiPayloadPkg: Create separate Payload Entry for UniversalPayload b208d37c73 UefiPayloadPkg: Get and enter DxeCore for Universal Payload 27cb64fffc UefiPayloadPkg: Fix up UPL Pcd database 6b69f73b59 UefiPayloadPkg: Include UniversalPayLoad modules in UefiPayloadPkg.dsc 86e6948cfb UefiPayloadPkg: Remove assert when reserve MMIO/IO resource for devices 2db0ed93ff UefiPayloadPkg: Add macro to enable and disable some drivers 3eb72b308a UefiPayloadPkg: Add PcdInstallAcpiSdtProtocol feature in UefiPayloadPkg caa139fe17 UefiPayloadPkg: Add PcdResetOnMemoryTypeInformationChange in UefiPayloadPkg 8efd912baf UefiPayloadPkg: Add new structure for BootManagerMenuFile HOB 19a541d70e UefiPayloadPkg: consume the BootManagerMenuFile HOB 333a866106 BaseTools: Remove check for Split.exe in toolset.bat f0a3f6d9c3 BaseTools: Fix spelling of "overwrite" and "overwriting" in toolset.bat 17143c4837 BaseTools: Reset ERRORLEVEL in toolsetup.bat after edk2basetools check abfff7c45d BaseTools GenFw: Add support for RISCV GOT/PLT relocations 27b8a52957 MdePkg: MmConfiguration: Move definition of EFI_MM_RESERVED_MMRAM_REGION d1fc3d7ef3 MdePkg: MmConfiguration: Added definition of MM Configuration PPI 5a2e030f73 OvmfPkg/GenericQemuLoadImageLib: plug cmdline blob leak on success 932449710c OvmfPkg/X86QemuLoadImageLib: plug cmdline blob leak on success 24b0e9d128 Revert "OvmfPkg/QemuKernelLoaderFsDxe: don't expose kernel command line" cf20302474 OvmfPkg/GenericQemuLoadImageLib: Read cmdline from QemuKernelLoaderFs 9421f5ab8d OvmfPkg/X86QemuLoadImageLib: State fw_cfg dependency in file header b37cfdd280 OvmfPkg/XenPlatformPei: Relocate shared_info page mapping 55dee4947b MdePkg : Add IPMI Macro and Structure Defintions to resolve build errors 580b11201e IntelFsp2Pkg: Add Config Editor tool support 939ed3a592 UefiPayloadPkg/PayloadLoader: Fix bug in locating relocation section 3cde0d553d UefiPayloadPkg/PayloadLoader: Remove assertion 49eeda113a NetworkPkg/IScsiDxe: re-set session-level authentication state before login 7eba9f698e NetworkPkg/IScsiDxe: add horizontal whitespace to IScsiCHAP files 7b6c2b2a26 NetworkPkg/IScsiDxe: distinguish "maximum" and "selected" CHAP digest sizes 903ce1d8f8 NetworkPkg/IScsiDxe: support multiple hash algorithms for CHAP 47fea2abcb NetworkPkg/IScsiDxe: support SHA256 in CHAP bb33c27fbe NetworkPkg: introduce the NETWORK_ISCSI_MD5_ENABLE feature test macro 8697dc60cc Maintainers.txt: Update Maintainers and reviewers for UefiPayloadPkg fea7901dba UefiPayloadPkg: Fix the build failure 1e0c441c92 OvmfPkg/Bhyve: add USB support 44ced03798 OvmfPkg/Bhyve: use static PCI32Base address b3db0cb1f8 MdeModulePkg/PartitionDxe: Ignore PMBR BootIndicator per UEFI spec 0a6b303dce UefiCpuPkg/ExceptionLib: Conditionally clear shadow stack token busy bit d10e058016 MdeModulePkg/RegularExpressionDxe: Fix memory assert in FreePool() 4c051c2c65 MdeModulePkg: Update YAML file to fix CI error 31fcee6d99 ArmVirtPkg: Add PlatformHasAcpiDtDxe for Cloud Hypervisor c28fc8ab3b ArmVirtPkg: Install Acpi tables for Cloud Hypervisor 0e3b6bd0ee ArmVirtPkg: support Cloud Hypervisor in edk2 b560e9d9b6 IntelFsp2Pkg: PatchFv parseInfFile function modification f47c4676dd Pytool: SpellCheck: Defer path expansion in cspell parameters cc89d245f9 Maintainers.txt: remove Laszlo Ersek's entries 84af6ea320 BaseTools/Scripts: Ignore Mergify merge commits in PatchCheck.py b491eace37 .mergify: Simplify Mergify rules using GitHub status checks 5ef08a49e3 .azurepipelines: Remove FINISHED and FAILED states ad1009ec62 MdePkg/Include: Add STATIC_ASSERT for L'' and L"" strings 3de3c24755 BaseTools: Remove non-ascii character of StructurePcd comment 40a9066439 BaseTools: Enable the flag to treat dynamic pcd as dynamicEx 22fe311bd2 .pytool/EccCheck: Locate BaseTools dir with EDK_TOOLS_PATH a050c599df .pytool/EccCheck: Rename edk2_path as workspace_path 50672d2692 .pytool/EccCheck: Check ecc_csv exists fb5b6220a9 .pytool/EccCheck: Set PACKAGES_PATH env var in Ecc fda5226aa3 UefiPayloadPkg: Dump hob information from boot loader 7d748705b1 MdeModulePkg: Change the PldHeader to Header in ExtraData.h 9bf4aee734 UefiPayloadPkg: Assign the length of UniversalPayload ExtraData d0b6596b8e MdeModulePkg/RamDiskDxe: Init list head before registering RamDisk protocol 91f5d3b410 IntelFsp2Pkg: BaseCacheLib EfiProgramMtrr MtrrNumber Should be UINT32 be282b1493 UefiPayloadPkg: Add PCD_DYNAMIC_AS_DYNAMICEX and set to True cac83b6f3b IntelFsp2Pkg: Add search function for Config Editor 4bac086e8e UefiPayloadPkg: Add FV Guid for DXEFV and PLDFV fddb8d24ec ArmPlatformPkg/Scripts: Infer dll load address from console output 885efcd3f9 MdePkg/Include: Smbios Specification 3.4.0 changes 83b43c4cb1 MdeModulePkg PCD: Print which PCD was unable to be found c32c5911c4 BaseTools GenFw: Add support for R_RISCV_PCREL_LO12_S relocation 097aeeb119 MdePkg/BaseLib: Add MemoryFence implementation for RiscV64 391cffcb61 MdeModulePkg PiSmmCore: Change MemoryAttributes message to DEBUG_VERBOSE 8781b143de BaseTools/Scripts: Fix GetMaintainer.py line endings 28ef05ce10 BaseTools/Scripts: Allow GitHub ID at end Maintainers.txt lines 2f5ad3f451 Maintainers.txt: Add GitHub IDs 332632abf3 Maintainers.txt: Add Jiewen Yao as OvmfPkg Maintainer 4d28a1c2fd BaseTools: Remove COMMON section from the GCC discard list 878a92a887 CryptoPkg/OpensslLib: Add native instruction support for X64 147f34b56c CryptoPkg/OpensslLib: Commit the auto-generated assembly files for X64 ac70e71b1f NetworkPkg: Making the HTTP IO timeout value programmable with PCD ab796d3e2a NetworkPkg: Add HTTP Additional Event Notifications b461d67639 OvmfPkg/ResetVector: move SEV specific code in a separate file 7f05102f65 OvmfPkg/ResetVector: add the macro to invoke MSR protocol based VMGEXIT dc485c556d OvmfPkg/ResetVector: add the macro to request guest termination f05eb2dfe5 OvmfPkg/AmdSev/SecretDxe: fix header comment to generic naming 35e267cb34 OvmfPkg/AmdSev: use GenericQemuLoadImageLib in AmdSev builds a26a08dc1f OvmfPkg: PlatformBootManagerLibGrub: Allow executing kernel via fw_cfg 0cb48007f7 OvmfPkg: add library class BlobVerifierLib with null implementation c73e31f54d OvmfPkg: add BlobVerifierLibNull to DSC 6bf5580a3d ArmVirtPkg: add BlobVerifierLibNull to DSC d10ad8444f OvmfPkg/QemuKernelLoaderFsDxe: call VerifyBlob after fetch from fw_cfg 5ace477f34 OvmfPkg/AmdSev/SecretPei: build hob for full page 0deeab36d1 OvmfPkg/AmdSev: reserve MEMFD space for for firmware config hashes 385b9d80a0 OvmfPkg/AmdSev: add BlobVerifierLibSevHashes 514b3aa08e OvmfPkg/AmdSev: Enforce hash verification of kernel blobs 8e6bb64fe4 EmbeddedPkg/VirtualRealTimeClockLib: Fix SetTime issues 610bcc69ed ArmVirtPkg: Remove meaningless comment 3445058aea MdeModulePkg/CapsuleApp: Fix typo in error message 2e1fb41339 build: Fix python3.10 threading DeprecationWarnings 0b1b0a9674 python: Replace distutils.utils.split_quotes with shlex.split fc50df0d8e BaseTools: Drop check for distutils.utils 03e77558d4 BaseTools: use shutil.copyfile instead shutil.copy2 2b47aaecef MdeModulePkg: Add BootDiscoveryPolicyUiLib. bb806a6e88 SecurityPkg: Create SecureBootVariableLib. 9732659698 SecurityPkg: Create library for enrolling Secure Boot variables. 12a4d0cb9d ArmVirtPkg: add SecureBootVariableLib class resolution 3d427c5f83 OvmfPkg: add SecureBootVariableLib class resolution b926956418 EmulatorPkg: add SecureBootVariableLib class resolution db959018b6 SecurityPkg: Remove duplicated functions from SecureBootConfigDxe. a97e9e327e ArmPlatformPkg: Create include file for default key content. 94e065582b SecurityPkg: Add SecureBootDefaultKeysDxe driver 19107590b6 SecurityPkg: Add EnrollFromDefaultKeys application. 45f3dd2ce9 SecurityPkg: Add new modules to Security package. 55266a9b8a SecurityPkg: Add option to reset secure boot keys. 6355287206 Maintainers.txt: Add new maintainer and reviewer to EmbeddedPkg/ 9abc60f9f7 EmbeddedPkg/libfdt: Add strcmp and strncpy to libfdt_env.h 0856cdc89e MdePkg: add definition of LINUX_EFI_INITRD_MEDIA_GUID 97fdcbda4e OvmfPkg: Remove Initrd LINUX_EFI_INITRD_MEDIA_GUID 4de77ae989 UefiCpuPkg/CpuCacheInfoLib: Sort CpuCacheInfo array 3c6107758b SecurityPkg: Fix GetSupportedAndActivePcrs counter calculation b40bdd6ecd UefiPayloadPkg: Add Fixed PCDs and use Macro to define the default value. d497eace3b UefiPayloadPkg: define some PCD as DynamicEX PCD ac6e5d6b41 UefiPayloadPkg: change the default value of some PCDs. 672bd1c711 UefiPayloadPkg: Add a macro to enable or diable the serial driver. d02dbb53cd UefiPayloadPkg: Fix the non-ascii character in UniversalPayloadEntry.c a7ddc7847c RedfishPkg/JsonLib: Add more JsonLib functions 5963ce5d28 MdePkg: Add ACPI 6.4 header file 4d7137f261 MdePkg: Increment FADT version d910e83299 MdePkg: Rename SBSA Generic Watchdog to Arm Generic Watchdog ad3dea9861 MdePkg: Update PMTT to ACPI 6.4 ced4cb7609 MdePkg: Add SPA Location Cookie field to SPA Range structure c82d6dd4a3 MdePkg: Remove DPPT table 357383bc4f MdePkg: Add flags and MinTransferSize to Generic Initiator 7b17bcd9a0 MdePkg: Add 'Type 5' PCC structure 0938f9235c MdePkg: Add Multiprocessor Wakeup structure 75c4a8e10d MdePkg: Add the Platform Health Assessment Table (PHAT) 1803757a9b MdePkg: Add Secure Access Components in the SDEV table 605c4a1ff2 MdePkg: Add Cache ID to PPTT 3d359ff905 MdePkg: Fix broken coding style in Acpi64.h 7311e96417 RedfishPkg/RefishCrtLib: Public RefishCrtLib 03e19e6bc8 ArmPkg/IndustryStandard: 32b/64b agnostic FF-A, Mm SVC and Std SMC IDs aee0098faf ArmPkg: prepare 32bit ARM build of StandaloneMmPkg ca1773878d GenFv: Arm: support images entered in Thumb mode b7f0226a46 StandaloneMmPkg: fix pointer/int casts against 32bit architectures a776bbabd9 StandaloneMmPkg: build for 32bit arm machines ac826886c9 MdeModulePkg/UefiSortLib:Add UefiSortLib unit test 6fdd1c13a7 MdeModulePkg PCD: Reinstall PCD service PPIS when memory available ef56f55d19 EmbeddedPkg/NonCoherentDmaLib: Avoid dereferencing unset Map field 8dd4fc5be6 UefiCpuPkg/CpuCacheInfoLib: Correct logical for identifying cache type 7b4a99be8a CryptoPkg: BaseCryptLib fix incorrect param order - Removed patches which are merged to mainline: ovmf-bsc1186151-fix-iscsi-overflows.patch ovmf-xen-relocate-shared_info_page-map.patch - Updated patches ovmf-fix-xen-s3-detection.patch -> ovmf-OvmfPkg-OvmfXen-set-PcdAcpiS3Enable-at-initializatio.patch ovmf-xen-add-qemu-kernel-loader-fs.patch -> ovmf-OvmfPkg-OvmfXen-add-QemuKernelLoaderFsDxe.patch - Added patches ovmf-OvmfPkg-OvmfXen-Fix-build-with-QemuKernelLoaderFsDxe.patch ++++ tar: - tests-skip-time01-on-32bit-time_t.patch: Add patch to skip test 'tests/time01.at' on platforms with 32-bit time_t for now. - tar.spec: Reference it. (%check): Output the testsuite.log in case the testsuite failed. ------------------------------------------------------------------ ------------------ 2021-10-13 - Oct 13 2021 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Create separate service for augenrules (bsc#1191614, bsc#1181400) * add create-augenrules-service.patch Remove ReadWritePaths=/etc/audit from auditd.service, also removes augenrules call from ExecStartPost. Create augenrules.service with the ReadWritePaths directive above. This makes /etc/audit only accessible by augenrules.service and let auditd.service (and daemon) to be sandboxed again. - Update audit-secondary.spec to accomodate the new service file. ++++ kernel-default: - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). The semantic changed in an incompatible way so invoking the macro now causes a build failure. - commit 3e55f55 - Linux 5.14.12 (stable-5.14.12). - commit 71639b1 - x86/hpet: Use another crystalball to evaluate HPET usability (stable-5.14.12). - dsa: tag_dsa: Fix mask for trunked packets (stable-5.14.12). - commit 3ac1b3f - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (stable-5.14.12). - powerpc/32s: Fix kuap_kernel_restore() (stable-5.14.12). - powerpc/64s: Fix unrecoverable MCE calling async handler from NMI (stable-5.14.12). - powerpc/traps: do not enable irqs in _exception (stable-5.14.12). - powerpc/64s: fix program check interrupt emergency stack path (stable-5.14.12). - powerpc/bpf ppc32: Fix BPF_SUB when imm == 0x80000000 (stable-5.14.12). - x86/Kconfig: Correct reference to MWINCHIP3D (stable-5.14.12). - x86/platform/olpc: Correct ifdef symbol to intended CONFIG_OLPC_XO15_SCI (stable-5.14.12). - x86/entry: Clear X86_FEATURE_SMAP when CONFIG_X86_SMAP=n (stable-5.14.12). - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0] (stable-5.14.12). - commit a271375 - blacklist.conf: remove entries to be backported via stable tree - commit be385b6 - sysfs: Rename struct bin_attribute member to f_mapping (jsc#SLE-19359). - commit 15c2f03 - sysfs: Invoke iomem_get_mapping() from the sysfs open callback (jsc#SLE-19359). - commit bbc08fc - thunderbolt: build kunit tests without structleak plugin (jsc#SLE-19359). - commit ac50a23 - powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC (bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477). - powerpc/security: Add a helper to query stf_barrier type (bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477). - powerpc/bpf: Validate branch ranges (bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477). - powerpc/lib: Add helper to check if offset is within conditional branch range (bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477). - commit fb48dfd - powerpc/bpf ppc32: Do not emit zero extend instruction for 64-bit BPF_END (stable-5.14.12). - powerpc/bpf ppc32: Fix JMP32_JSET_K (stable-5.14.12). - powerpc/bpf ppc32: Fix ALU32 BPF_ARSH operation (stable-5.14.12). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (stable-5.14.12). - powerpc/bpf: Fix BPF_MOD when imm == 1 (stable-5.14.12). - objtool: Make .altinstructions section entry size consistent (stable-5.14.12). - objtool: Remove reloc symbol type checks in get_alt_entry() (stable-5.14.12). - scsi: iscsi: Fix iscsi_task use after free (stable-5.14.12). - RISC-V: Include clone3() on rv32 (stable-5.14.12). - bpf, s390: Fix potential memory leak about jit_data (stable-5.14.12). - commit 0b7cd77 - powerpc/iommu: Report the correct most efficient DMA mask for PCI devices (stable-5.14.12). - riscv/vdso: make arch_setup_additional_pages wait for mmap_sem for write killable (stable-5.14.12). - riscv/vdso: Move vdso data page up front (stable-5.14.12). - riscv/vdso: Refactor asm/vdso.h (stable-5.14.12). - net: prefer socket bound to interface when not in VRF (stable-5.14.12). - iavf: fix double unlock of crit_lock (stable-5.14.12). - i40e: Fix freeing of uninitialized misc IRQ vector (stable-5.14.12). - i40e: fix endless loop under rtnl (stable-5.14.12). - RISC-V: Fix VDSO build for !MMU (stable-5.14.12). - riscv: explicitly use symbol offsets for VDSO (stable-5.14.12). - commit 13da5f1 - drm/nouveau/fifo/ga102: initialise chid on return from channel creation (stable-5.14.12). - ARM: defconfig: gemini: Restore framebuffer (stable-5.14.12). - perf jevents: Free the sys_event_tables list after processing entries (stable-5.14.12). - rtnetlink: fix if_nlmsg_stats_size() under estimation (stable-5.14.12). - net: stmmac: trigger PCS EEE to turn off on link down (stable-5.14.12). - net: pcs: xpcs: fix incorrect steps on disable EEE (stable-5.14.12). - netlink: annotate data races around nlk->bound (stable-5.14.12). - net: pcs: xpcs: fix incorrect CL37 AN sequence (stable-5.14.12). - net: sfp: Fix typo in state machine debug string (stable-5.14.12). - net/sched: sch_taprio: properly cancel timer from taprio_destroy() (stable-5.14.12). - commit 58adfed - drm/i915/tc: Fix TypeC port init/resume time sanitization (stable-5.14.12). - ARM: imx6: disable the GIC CPU interface before calling stby-poweroff sequence (stable-5.14.12). - arm64: dts: ls1028a: fix eSDHC2 node (stable-5.14.12). - arm64: dts: imx8mm-kontron-n801x-som: do not allow to switch off buck2 (stable-5.14.12). - afs: Fix afs_launder_page() to set correct start file position (stable-5.14.12). - netfs: Fix READ/WRITE confusion when calling iov_iter_xarray() (stable-5.14.12). - net: bridge: fix under estimation in br_get_linkxstats_size() (stable-5.14.12). - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (stable-5.14.12). - dt-bindings: drm/bridge: ti-sn65dsi86: Fix reg value (stable-5.14.12). - drm/i915/jsl: Add W/A 1409054076 for JSL (stable-5.14.12). - commit e19b658 - arm64: dts: imx8: change the spi-nor tx (stable-5.14.12). - ARM: dts: imx: change the spi-nor tx (stable-5.14.12). - powerpc/fsl/dts: Fix phy-connection-type for fm1mac3 (stable-5.14.12). - netfilter: nf_tables: honor NLM_F_CREATE and NLM_F_EXCL in event notification (stable-5.14.12). - net: stmmac: dwmac-rk: Fix ethernet on rk3399 based devices (stable-5.14.12). - net: mscc: ocelot: fix VCAP filters remaining active after being deleted (stable-5.14.12). - net_sched: fix NULL deref in fifo_set_limit() (stable-5.14.12). - net/mlx5e: Fix the presented RQ index in PTP stats (stable-5.14.12). - net/mlx5: Fix setting number of EQs of SFs (stable-5.14.12). - MIPS: Revert "add support for buggy MT7621S core detection" (stable-5.14.12). - commit 3909a87 - bpf, arm: Fix register clobbering in div/mod implementation (stable-5.14.12). - netfilter: nf_tables: reverse order in rule replacement expansion (stable-5.14.12). - netfilter: nf_tables: add position handle in event notification (stable-5.14.12). - netfilter: conntrack: fix boot failure with nf_conntrack.enable_hooks=1 (stable-5.14.12). - net/mlx5: Fix length of irq_index in chars (stable-5.14.12). - net/mlx5: Avoid generating event after PPS out in Real time mode (stable-5.14.12). - net/mlx5: Force round second at 1PPS out start time (stable-5.14.12). - net/mlx5: E-Switch, Fix double allocation of acl flow counter (stable-5.14.12). - net/mlx5e: Keep the value for maximum number of channels in-sync (stable-5.14.12). - net/mlx5e: IPSEC RX, enable checksum complete (stable-5.14.12). - commit bbb8378 - riscv: Flush current cpu icache before other cpus (stable-5.14.12). - xtensa: call irqchip_init only when CONFIG_USE_OF is selected (stable-5.14.12). - xtensa: use CONFIG_USE_OF instead of CONFIG_OF (stable-5.14.12). - ARM: dts: imx6qdl-pico: Fix Ethernet support (stable-5.14.12). - ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo (stable-5.14.12). - ARM: dts: imx: Add missing pinctrl-names for panel on M53Menlo (stable-5.14.12). - arm64: dts: qcom: pm8150: use qcom,pm8998-pon binding (stable-5.14.12). - Revert "arm64: dts: qcom: sc7280: Fixup the cpufreq node" (stable-5.14.12). - ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (stable-5.14.12). - ARM: at91: pm: do not panic if ram controllers are not enabled (stable-5.14.12). - commit 0497f48 - scsi: ufs: core: Fix task management completion (stable-5.14.12). - xen/balloon: fix cancelled balloon action (stable-5.14.12). - SUNRPC: fix sign error causing rpcsec_gss drops (stable-5.14.12). - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero (stable-5.14.12). - nfsd: fix error handling of register_pernet_subsys() in init_nfsd() (stable-5.14.12). - ARM: dts: omap3430-sdp: Fix NAND device node (stable-5.14.12). - ARM: dts: imx6dl-yapp4: Fix lp5562 LED driver probe (stable-5.14.12). - ARM: dts: qcom: apq8064: use compatible which contains chipid (stable-5.14.12). - ovl: fix IOCB_DIRECT if underlying fs doesn't support direct IO (stable-5.14.12). - ovl: fix missing negative dentry check in ovl_rename() (stable-5.14.12). - commit fd84f59 - xen/privcmd: fix error handling in mmap-resource processing (stable-5.14.12). - mmc: sdhci-of-at91: replace while loop with read_poll_timeout (stable-5.14.12). - drm/amd/display: Fix detection of 4 lane for DPALT (stable-5.14.12). - drm/amd/display: Limit display scaling to up to 4k for DCN 3.1 (stable-5.14.12). - drm/amdgpu: During s0ix don't wait to signal GFXOFF (stable-5.14.12). - drm/amd/display: USB4 bring up set correct address (stable-5.14.12). - drm/amd/display: Fix DCN3 B0 DP Alt Mapping (stable-5.14.12). - drm/amd/display: Fix B0 USB-C DP Alt mode (stable-5.14.12). - drm/nouveau/ga102-: support ttm buffer moves via copy engine (stable-5.14.12). - commit d9a85e7 - Update patch references for stable-5.14.12 - commit 5952e94 - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1190497). - commit 6c546c2 - supported.conf: Avoid wildcard use for wireless drivers The wildcard may put modules into the wrong subpackage unexpectedly. Expand and adjusted entries manually instead. - commit 83560a0 - Partially revert "usb: Kconfig: using select for USB_COMMON dependency" (git-fixes). - Update config files. - supported.conf: add usb-common - commit 0ea5896 - fbdev: simplefb: fix Kconfig dependencies (git-fixes). - Update config files. - commit 0c3a03c - USB: cdc-acm: fix break reporting (git-fixes). - USB: cdc-acm: fix racy tty buffer accesses (git-fixes). - usb: gadget: f_uac2: fixed EP-IN wMaxPacketSize (git-fixes). - usb: cdc-wdm: Fix check for WWAN (git-fixes). - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes). - usb: typec: tcpm: handle SRC_STARTUP state if cc changes (git-fixes). - video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes). - commit 65dd579 - platform/x86: intel_skl_int3472: Correct null check (git-fixes). - platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes). - platform/x86: dell: Make DELL_WMI_PRIVACY depend on DELL_WMI (git-fixes). - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes (git-fixes). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes). - usb: typec: tcpci: don't handle vSafe0V event if it's not enabled (git-fixes). - usb: typec: tipd: Remove dependency on "connector" child fwnode (git-fixes). - usb: xhci: tegra: mark PM functions as __maybe_unused (git-fixes). - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes). - commit 9b7e7bd - i2c: mlxcpld: Modify register setting for 400KHz frequency (git-fixes). - i2c: mlxcpld: Fix criteria for frequency setting (git-fixes). - i2c: mediatek: Add OFFSET_EXT_CONF setting back (git-fixes). - i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes). - mmc: sdhci-of-at91: wait for calibration done before proceed (git-fixes). - drm/amdgpu: handle the case of pci_channel_io_frozen only in amdgpu_pci_resume (git-fixes). - drm/amdkfd: fix a potential ttm->sg memory leak (git-fixes). - drm/nouveau/debugfs: fix file release memory leak (git-fixes). - drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes). - commit 479e4f9 - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - drm/nouveau: avoid a use-after-free when BO init fails (git-fixes). - drm/panel: abt-y030xx067a: yellow tint fix (git-fixes). - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (git-fixes). - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes). - drm/i915: Extend the async flip VT-d w/a to skl/bxt (git-fixes). - drm/i915/bdb: Fix version check (git-fixes). - drm/i915: Fix runtime pm handling in i915_gem_shrink (git-fixes). - drm/i915/audio: Use BIOS provided value for RKL HDA link (git-fixes). - commit eaddc65 ++++ ncurses: - Add patch bsc1190793-63ca9e06.patch to fix bsc#1190793 for CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo in captoinfo.c ++++ python3-core: - BuildRequire rpm-build-python: The provider to inject python(abi) has been moved there. rpm-build pulls rpm-build-python automatically in when building anything against python3-base, but this implies that the initial build of python3-base does not trigger the automatic installation. ++++ liburing2: - update to 2.1 (bsc#1193522): * Ignore spurious fadvise/madvise failures * build: add -D_GNU_SOURCE to all CPPFLAGS/CFLAGS. * man: clean up spelling * man/io_uring_enter.2: add notes about direct open/accept * io_uring.h: sync with 5.15 kernel * Fix IORING_REGISTER_IOWQ_MAX_WORKERS name * man: document new register/update API * liburing: add helpers for direct open/accept * liburing.h: correct max_worker name * Change IORING_REGISTER_IOWQ_MAX_UNBOUND_WORKERS * src/syscall.h: get rid of useless externs * man/io_uring_enter.2: document IORING_ENTER_EXT_ARG * Add io_uring_register_iowq_max_unbound() helper * Get rid of useless 'extern' on function declarations in liburing.h * Add (UN)REGISTER_IOWQ_AFF helpers * man/io_uring_register.2: note when MAX_UNBOUND became available * man/io_uring_register.2: add missing punctuation * man/io_uring_register.2: document IORING_REGISTER_IOWQ_MAX_UNBOUND * man/io_uring_enter.2: add IORING_OP_TIMEOUT clock sources * man/io_uring_enter.2: improve timeout entry * man/io_uring_enter.2: update SQE * man/io_uring_enter.2: note that not all requests support fixed files * man/io_uring_enter.2: add new 5.15 opcodes * man/io_uring_enter.2: note that cqe->flags is indeed used * man/io_uring_enter.2: add poll update and multishot mode * man/io_uring_register.2: add IORING_(UN)REGISTER_IOWQ * man: update notes on register quiesce * man: fix io_uring_sqe alignment * register: add tagging and buf update helpers * liburing.h: make header clean for implicit sign and size conversions * configure: document --cc and --cxx options * io_uring: update buffer update feature testing * liburing.h: dedup poll mask conversion * liburing.h: add a multipoll helper * Update io_uring.h * examples: disable ucontext-cp for elbrus (e2k) architecture * Update io_uring_setup.2 * man/io_uring_setup.2: document the two most recent FEAT flags * man/io_uring_setup.2: make sure FEAT flags are kernel versioned * correct syscall NR in mips * Fix 32-bit compile warnings * liburing.h: make all file/IO offset __u64 * src/queue: don't flush SQ ring for new wait interface * man/io_uring_enter.2: further clarify what cqe->res holds * Clarify information about error results * Refer to the accept_flags in io_uring_enter manual * Fix a bug due to the unreleased lock before function returns * debian/rules: add missing slash for relativelibdir * man/io_uring_enter.2: clarify io_uring_enter(2) SQPOLL return value * liburing.h: add linkat prep helper * io_uring.h: add linkat opcode * liburing.h: add symlinkat prep helper * io_uring.h: add symlinkat opcode * liburing.h: add mkdirat prep helper * update rsrc register/update ABI and tests * queue: clean up SQ flushing * io_uring_enter(2): Clarify how to read from and write to non-seekable files * clarify an edge case of IORING_SETUP_SQ_AFF * io_uring_enter(2): clarify OP_READ and OP_WRITE * sync io_uring.h API file with Linux 5.13 * man: Fix typo in man io_uring_queue_exit * examples/link-cp: fix a couple of strerror negations * src/setup: don't treat dummy ring init as failure * src/setup: add some documentation to the memlock helpers * examples/ucontext-cp.c: cope with variable SIGSTKSZ * setup: provide helpers to inquire about necessary mlock sizes * examples/io_uring-cp: wait for pending writes before exit copy loop * spec: add explicit build dependency on make * spec: bump version to 2.0 * man/io_uring_enter.2: note that -EBUSY can also happen for getevents ++++ pam_u2f: - Update to version 1.2.0 (released 2021-09-22) * Added support for EdDSA keys. * Added support for SSH ed25519-sk keys. * Added authenticator filtering based on user verification options. * Fixed an issue with privilege restoration on MacOS. * Fixed an issue where credentials created with pamu2fcfg 1.0.8 or earlier were not handled correctly if their origin and appid differed. * Miscellaneous improvements to the documentation. * Miscellaneous minor bug fixes found by fuzzing. - Fix for bsc#1190961 - Removed hardcoded library pathnames using %{_pam_moduledir} ++++ python3: - BuildRequire rpm-build-python: The provider to inject python(abi) has been moved there. rpm-build pulls rpm-build-python automatically in when building anything against python3-base, but this implies that the initial build of python3-base does not trigger the automatic installation. ++++ salt: - Fix issues with salt-ssh's extra-filerefs - Fix crash when calling manage.not_alive runners - Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446) - Added: * fix-crash-when-calling-manage.not_alive-runners.patch * 3003.3-do-not-consider-skipped-targets-as-failed-for.patch * fix-issues-with-salt-ssh-s-extra-filerefs.patch ++++ samba: - Enable samba-tool without ad dc. ------------------------------------------------------------------ ------------------ 2021-10-12 - Oct 12 2021 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 3.5.7 Various fixes affecting Salt support: - t-u: Don't squash stderr messages into stdout - t-u: Correctly handle case when the snapshot has been deleted due to using --drop-if-no-change: Don't show reboot messages and avoid an awk error message [bsc#1191475] - tukit: Make inotify handler less sensitive / ignore more directories [bsc#1191475] ++++ kernel-default: - scsi: be2iscsi: Fix use-after-free during IP updates (jsc#SLE-18973). - commit 5cfabf9 - Update patch reference for soc fix (CVE-2021-42252 bsc#1190479) - commit be54ca3 - blacklist.conf: Append 'drm/i915: Drop all references to DRM IRQ midlayer' - commit 3803dca - blacklist.conf: Append 'drm/i915: Use the correct IRQ during resume' - commit b057a8f ++++ bluez: - update to version 5.61 (JIRA-SLE-18497): * Fix issue with A2DP while waiting for command response. * Fix issue with A2DP when SetConfiguration fails. * Fix issue with device removal handling. * Fix issue with storing discoverable setting. * Add support for Central Address Resolution characteristic. * Add support for admin policy plugin. - fix bluez-auto-enable-devices subpackage (boo#1177845) - add bluez-test-2to3.diff to get rid of python2 dependency - remove notification message from bluez-deprecated package. also boo#1188660 - refresh other patches ++++ nvme-cli: - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_nvmf-connect@.service.patch ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#525 - Include the yast2-widget-demo package (bsc#1186426) - 16.57.1 - merge gh#openSUSE/installation-images#524 - adjust module config (bsc#1191309) - remove bind-libs from BuildRequires (jsc#SLE-21678) - 16.57.0 ++++ virt-manager: - bsc#1191358 - The Virtual Machine Manager shows disconnected after rebooting virtual machine in Xen mode in SLES15 SP3. virtman-init-viewer-on-reboot.patch ------------------------------------------------------------------ ------------------ 2021-10-11 - Oct 11 2021 ------------------- ------------------------------------------------------------------ ++++ drbd-utils: - Update to 9.19.0 * v9,events2: show changes of peer-client * v9: rr-conflict strategy auto-discard for protocol A * windrbd: various fixes including setting the systemd root * containers: switch to UBI8 * v9,wait-*: fix segfault - bsc#1191058, active UsrMerge to install in /usr Add patch usrmerge_move_lib_to_prefix_lib.patch - Remove patch fix-libdir-in-Makefile.patch Remove patch systemd-drbd-service-needs-network-online.patch (included) - Add drbd-utils.rpmlintrc for Error missing-call-to-setgroups-before-setuid - Add rpmlint-build-error.patch to fix rpmbuild build errors ++++ elfutils: - Enhance license fields: all the libraries actually have a different license to the tools. While the tools are GPL-3.0-or-later, the libraries are (LGPL-3.0-or-later OR GPL-2.0-or-later) SLE bug (for tracking the above) bsc#1191310 ++++ haveged: - Improvements on the linux kernel random subsystem have made the haveged service/daemon obsolete, remove the service files, initrd modules and udev rules, the other components are still useful. ++++ kernel-default: - x86/entry: Correct reference to intended CONFIG_64_BIT (bsc#1190497). - commit 731eb86 - posix-cpu-timers: Prevent spuriously armed 0-value itimer (git-fixes). - commit 5fa2839 - scsi: aacraid: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-19274). - scsi: aacraid: Remove an unused include (jsc#SLE-19274). - commit 68239cb - Enable CONFIG_RTW88_DEBUG and CONFIG_RTW89_DEBUG on debug flavors (bsc#1191321) - commit 7107a90 - rtw89: add Realtek 802.11ax driver (bsc#1191321). Update config files: enable CONFIG_RTW89 stuff supported.conf: Add rtw89_core and rtw89_pci for *-extra - commit 7208212 - blacklist.conf: 3958b9c34c27 x86/entry: Clear X86_FEATURE_SMAP when CONFIG_X86_SMAP=n - commit 55e9752 - blacklist.conf: 4758fd801f91 x86/platform/olpc: Correct ifdef symbol to intended CONFIG_OLPC_XO15_SCI - commit 6e23c1c - blacklist.conf: 225bac2dc5d1 x86/Kconfig: Correct reference to MWINCHIP3D - commit d1e905d - x86/fpu: Restore the masking out of reserved MXCSR bits (bsc#1190497). - commit 6d1278a - powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - commit 701e5f2 - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes). - commit 5f88b4e - x86/hyperv: Avoid erroneously sending IPI to 'self' (git-fixes). - hyper-v: Replace uuid.h with types.h (git-fixes). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (git-fixes). - commit 52eb8f6 ++++ linux-glibc-devel: - Update from current 15 SP4 kernel + linux-stable-version-update.patch (stable-5.14.11) + binder-fix-freeze-race.patch (stable-5.14.9) + bpf-Fix-a-typo-of-reuseport-map-in-bpf.h.patch (stable-5.14.4) + fq_codel-reject-silly-quantum-parameters.patch (stable-5.14.7) + habanalabs-add-in-device-creation-status.patch (stable-5.14.8) + serial-8250-Define-RX-trigger-levels-for-OxSemi-950-.patch (stable-5.14.6) + dmanegine-idxd-add-software-command-status.patch (jsc#SLE-18899) + dmaengine-idxd-fix-setting-up-priv-mode-for-dwq.patch (jsc#SLE-18899) + ethtool-add-two-link-extended-substates-of-bad-signa.patch (bsc#1190336) + ethtool-add-two-coalesce-attributes-for-CQE-mode.patch (jsc#SLE-19253) + msft-hv-2440-hyper-v-Replace-uuid.h-with-types.h.patch (git-fixes) + RDMA-mlx5-Add-DCS-offload-support.patch (jsc#SLE-19250) + remove-the-lightnvm-subsystem.patch (bsc#1190569) + scsi-fc-Add-EDC-ELS-definition.patch (bsc#1190576) + uapi-add-a-compatibility-layer-between-linux-uio-h-and-glibc (bsc#1053501) + md-display-timeout-error.patch (bsc#763402) ------------------------------------------------------------------ ------------------ 2021-10-10 - Oct 10 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: qedf: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-19003). - commit e885f50 - Update config files: only bumping version to 5.14.11 - commit c6fc8f2 - Linux 5.14.11 (stable-5.14.11). - commit 8054eea - Revert "ARM: imx6q: drop of_platform_default_populate() from init_machine" (stable-5.14.11). - perf/x86: Reset destroy callback on event init failure (stable-5.14.11). - KVM: x86: nSVM: restore int_vector in svm_clear_vintr (stable-5.14.11). - kvm: x86: Add AMD PMU MSRs to msrs_to_save_all[] (stable-5.14.11). - KVM: x86: reset pdptrs_from_userspace when exiting smm (stable-5.14.11). - KVM: do not shrink halt_poll_ns below grow_start (stable-5.14.11). - selftests: KVM: Align SMCCC call with the spec in steal_time (stable-5.14.11). - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (stable-5.14.11). - commit 575f27b - thermal/drivers/tsens: Fix wrong check for tzd in irq handlers (stable-5.14.11). - x86/insn, tools/x86: Fix undefined behavior due to potential unaligned accesses (stable-5.14.11). - irqchip/gic: Work around broken Renesas integration (stable-5.14.11). - kasan: always respect CONFIG_KASAN_STACK (stable-5.14.11). - tools/vm/page-types: remove dependency on opt_file for idle page tracking (stable-5.14.11). - scsi: ses: Retry failed Send/Receive Diagnostic commands (stable-5.14.11). - io_uring: allow conditional reschedule for intensive iterators (stable-5.14.11). - block: don't call rq_qos_ops->done_bio if the bio isn't tracked (stable-5.14.11). - nvme-fc: avoid race between time out and tear down (stable-5.14.11). - smb3: correct smb3 ACL security descriptor (stable-5.14.11). - commit 571e77c - nvme-fc: update hardware queues before using them (stable-5.14.11). - swiotlb-xen: ensure to issue well-formed XENMEM_exchange requests (stable-5.14.11). - Xen/gntdev: don't ignore kernel unmapping error (stable-5.14.11). - selftests: kvm: fix get_run_delay() ignoring fscanf() return warn (stable-5.14.11). - selftests: kvm: move get_run_delay() into lib/test_util (stable-5.14.11). - selftests:kvm: fix get_trans_hugepagesz() ignoring fscanf() return warn (stable-5.14.11). - selftests:kvm: fix get_warnings_count() ignoring fscanf() return warn (stable-5.14.11). - selftests: be sure to make khdr before other targets (stable-5.14.11). - habanalabs/gaudi: fix LBW RR configuration (stable-5.14.11). - habanalabs: fail collective wait when not supported (stable-5.14.11). - commit 3ac100a - scsi: elx: efct: Do not hold lock while calling fc_vport_terminate() (stable-5.14.11). - scsi: sd: Free scsi_disk device via put_device() (stable-5.14.11). - habanalabs/gaudi: use direct MSI in single mode (stable-5.14.11). - usb: dwc2: check return value after calling platform_get_resource() (stable-5.14.11). - usb: testusb: Fix for showing the connection speed (stable-5.14.11). - ext2: fix sleeping in atomic bugs on error (stable-5.14.11). - drm/amdkfd: fix svm_migrate_fini warning (stable-5.14.11). - drm/amdkfd: handle svm migrate init error (stable-5.14.11). - platform/x86: gigabyte-wmi: add support for B550I Aorus Pro AX (stable-5.14.11). - sparc64: fix pci_iounmap() when CONFIG_PCI is not set (stable-5.14.11). - commit 3e5fccd - btrfs: fix mount failure due to past and transient device flush error (stable-5.14.11). - btrfs: replace BUG_ON() in btrfs_csum_one_bio() with proper error handling (stable-5.14.11). - xen-netback: correct success/error reporting for the SKB-with-fraglist case (stable-5.14.11). - net: mdio: introduce a shutdown method to mdio device drivers (stable-5.14.11). - nfsd: back channel stuck in SEQ4_STATUS_CB_PATH_DOWN (stable-5.14.11). - platform/x86: touchscreen_dmi: Update info for the Chuwi Hi10 Plus (CWI527) tablet (stable-5.14.11). - platform/x86: touchscreen_dmi: Add info for the Chuwi HiBook (CWI514) tablet (stable-5.14.11). - afs: Add missing vnode validation checks (stable-5.14.11). - spi: rockchip: handle zero length transfers without timing out (stable-5.14.11). - commit 47ff1ab - Update patch references for stable-5.14.11 - commit 6437206 ------------------------------------------------------------------ ------------------ 2021-10-8 - Oct 8 2021 ------------------- ------------------------------------------------------------------ ++++ chrony: - boo#1190926: PrivateDevices is too strict, we might need to access the rtc and ptp devices. - Add back support to build chrony on SLE12. - Drop dependency on asciidoctor. It is only needed for building the HTML documentation which we don't package anyway. ++++ kernel-default: - scsi: qedi: Add support for fastpath doorbell recovery (jsc#SLE-19002). - scsi: qedi: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-19002). - commit 9d52484 - iwlwifi: Fix MODULE_FIRMWARE() for non-existing ucode version (boo#1191417). - commit 801c7c0 - bpf: Add ambient BPF runtime context stored in current (git-fixes). - commit 3687742 - soc: ti: omap-prm: Fix external abort for am335x pruss (git-fixes). - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes). - soc: qcom: socinfo: Fixed argument passed to platform_set_data() (git-fixes). - ptp_pch: Load module automatically if ID matches (git-fixes). - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15 (git-fixes). - iwlwifi: mvm: d3: missing unlock in iwl_mvm_wowlan_program_keys() (git-fixes). - iwlwifi: mvm: d3: Fix off by ones in iwl_mvm_wowlan_get_rsc_v5_data() (git-fixes). - iwlwifi: mvm: Fix possible NULL dereference (git-fixes). - phy: mdio: fix memory leak (git-fixes). - commit 1af3d9f - bus: ti-sysc: Use CLKDM_NOAUTO for dra7 dcan1 for errata i893 (git-fixes). - bus: ti-sysc: Add break in switch statement in sysc_init_soc() (git-fixes). - gve: report 64bit tx_bytes counter from gve_handle_report_stats() (git-fixes). - gve: fix gve_get_stats() (git-fixes). - gve: Properly handle errors in gve_assign_qpl (git-fixes). - gve: Avoid freeing NULL pointer (git-fixes). - gve: Correct available tx qpl check (git-fixes). - Revert "brcmfmac: use ISO3166 country code and 0 rev as fallback" (git-fixes). - ath5k: fix building with LEDS=m (git-fixes). - commit b513994 - libbpf: Fix memory leak in strset (git-fixes). - libbpf: Fix segfault in light skeleton for objects without BTF (git-fixes). - commit 08333f5 ++++ systemd: - Overwriting rootprefix= is only required when split-usr is enabled - Rename %usrmerged into %split_usr ++++ libvirt: - lxc: controller: Fix container launch on cgroup v1 1b9ce05c-lxc-fix-cgroupV1.patch boo#1183247 ++++ qemu: - Stable fixes from upstream * Patches added: block-introduce-max_hw_iov-for-use-in-sc.patch hmp-Unbreak-change-vnc.patch qemu-nbd-Change-default-cache-mode-to-wr.patch target-arm-Don-t-skip-M-profile-reset-en.patch vhost-vsock-fix-migration-issue-when-seq.patch virtio-mem-pci-Fix-memory-leak-when-crea.patch virtio-net-fix-use-after-unmap-free-for-.patch ++++ tar: - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: * bsc#1181131, CVE-2021-20193 * bsc#1120610 ------------------------------------------------------------------ ------------------ 2021-10-7 - Oct 7 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - bpf: Fix integer overflow in prealloc_elems_and_freelist() (bsc#1191317, CVE-2021-41864). - commit 52f3d1c - supported.conf: Fix micrel module entries The modules get split/renamed recently - commit 577c15c - Update config files: only versiom bump to 5.14.10 - commit a928c69 - Linux 5.14.10 (stable-5.14.10). - commit 0e61aee - objtool: print out the symbol type when complaining about it (stable-5.14.10). - netfilter: conntrack: serialize hash resizes and cleanups (stable-5.14.10). - netfilter: nf_tables: Fix oversized kvmalloc() calls (stable-5.14.10). - drivers: net: mhi: fix error path in mhi_net_newlink (stable-5.14.10). - KVM: x86: Handle SRCU initialization failure during page track init (stable-5.14.10). - HID: amd_sfh: Fix potential NULL pointer dereference - take 2 (stable-5.14.10). - crypto: aesni - xts_crypt() return if walk.nbytes is 0 (stable-5.14.10). - commit 317e73c - ext4: fix potential infinite loop in ext4_dx_readdir() (stable-5.14.10). - ext4: flush s_error_work before journal destroy in ext4_fill_super (stable-5.14.10). - net: udp: annotate data race around udp_sk(sk)->corkflag (stable-5.14.10). - netfilter: ipset: Fix oversized kvmalloc() calls (stable-5.14.10). - NIOS2: setup.c: drop unused variable 'dram_start' (stable-5.14.10). - HID: u2fzero: ignore incomplete packets without data (stable-5.14.10). - HID: betop: fix slab-out-of-bounds Write in betop_probe (stable-5.14.10). - HID: usbhid: free raw_report buffers in usbhid_stop (stable-5.14.10). - mm: don't allow oversized kvmalloc() calls (stable-5.14.10). - usb: hso: remove the bailout parameter (stable-5.14.10). - commit ca118a0 - ext4: fix loff_t overflow in ext4_max_bitmap_size() (stable-5.14.10). - ext4: fix reserved space counter leakage (stable-5.14.10). - ext4: limit the number of blocks in one ADD_RANGE TLV (stable-5.14.10). - ext4: add error checking to ext4_ext_replay_set_iblocks() (stable-5.14.10). - ipack: ipoctal: fix module reference leak (stable-5.14.10). - ipack: ipoctal: fix missing allocation-failure check (stable-5.14.10). - ipack: ipoctal: fix tty-registration error handling (stable-5.14.10). - ipack: ipoctal: fix tty registration race (stable-5.14.10). - ipack: ipoctal: fix stack information leak (stable-5.14.10). - debugfs: debugfs_create_file_size(): use IS_ERR to check for error (stable-5.14.10). - commit 80874ba - elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings (stable-5.14.10). - kvm: fix objtool relocation warning (stable-5.14.10). - perf/x86/intel: Update event constraints for ICX (stable-5.14.10). - objtool: Teach get_alt_entry() about more relocation types (stable-5.14.10). - nvme: add command id quirk for apple controllers (stable-5.14.10). - af_unix: fix races in sk_peer_pid and sk_peer_cred accesses (stable-5.14.10). - net: stmmac: fix EEE init issue when paired with EEE capable PHYs (stable-5.14.10). - net: sched: flower: protect fl_walk() with rcu (stable-5.14.10). - net: hns3: disable firmware compatible features when uninstall PF (stable-5.14.10). - net: hns3: fix always enable rx vlan filter problem after selftest (stable-5.14.10). - commit 83e2b3f - scsi: csiostor: Add module softdep on cxgb4 (stable-5.14.10). - Revert "block, bfq: honor already-setup queue merges" (stable-5.14.10). - net: hns3: fix show wrong state when add existing uc mac address (stable-5.14.10). - net: hns3: fix mixed flag HCLGE_FLAG_MQPRIO_ENABLE and HCLGE_FLAG_DCB_ENABLE (stable-5.14.10). - net: hns3: don't rollback when destroy mqprio fail (stable-5.14.10). - net: hns3: remove tc enable checking (stable-5.14.10). - net: hns3: do not allow call hns3_nic_net_open repeatedly (stable-5.14.10). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (stable-5.14.10). - ionic: fix gathering of debug stats (stable-5.14.10). - net: ks8851: fix link error (stable-5.14.10). - commit 35a71ee - bpf, x86: Fix bpf mapping of atomic fetch implementation (stable-5.14.10). - selftests, bpf: test_lwt_ip_encap: Really disable rp_filter (stable-5.14.10). - selftests, bpf: Fix makefile dependencies on libbpf (stable-5.14.10). - libbpf: Fix segfault in static linker for objects without BTF (stable-5.14.10). - bpf: Exempt CAP_BPF from checks against bpf_jit_limit (stable-5.14.10). - dsa: mv88e6xxx: Include tagger overhead when setting MTU for DSA and CPU ports (stable-5.14.10). - dsa: mv88e6xxx: Fix MTU definition (stable-5.14.10). - RDMA/hns: Add the check of the CQE size of the user space (stable-5.14.10). - RDMA/hns: Fix the size setting error when copying CQE in clean_cq() (stable-5.14.10). - RDMA/hfi1: Fix kernel pointer leak (stable-5.14.10). - commit d164e21 - dsa: mv88e6xxx: 6161: Use chip wide MAX MTU (stable-5.14.10). - netfilter: log: work around missing softdep backend module (stable-5.14.10). - netfilter: nf_tables: unlink table before deleting it (stable-5.14.10). - smsc95xx: fix stalled rx after link change (stable-5.14.10). - net: ipv4: Fix rtnexthop len when RTA_FLOW is present (stable-5.14.10). - net: enetc: fix the incorrect clearing of IF_MODE bits (stable-5.14.10). - mptcp: allow changing the 'backup' bit when no sockets are open (stable-5.14.10). - mptcp: don't return sockets in foreign netns (stable-5.14.10). - sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb (stable-5.14.10). - RDMA/hns: Work around broken constant propagation in gcc 8 (stable-5.14.10). - commit ea8e272 - drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (stable-5.14.10). - bpf, mips: Validate conditional branch offsets (stable-5.14.10). - bpf: Handle return value of BPF_PROG_TYPE_STRUCT_OPS prog (stable-5.14.10). - ipvs: check that ip_vs_conn_tab_bits is between 8 and 20 (stable-5.14.10). - RDMA/irdma: Report correct WC error when there are MW bind errors (stable-5.14.10). - RDMA/irdma: Report correct WC error when transport retry counter is exceeded (stable-5.14.10). - RDMA/irdma: Validate number of CQ entries on create CQ (stable-5.14.10). - RDMA/irdma: Skip CQP ring during a reset (stable-5.14.10). - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure (stable-5.14.10). - IB/cma: Do not send IGMP leaves for sendonly Multicast groups (stable-5.14.10). - commit e4a5822 - nbd: use shifts rather than multiplies (stable-5.14.10). - KVM: VMX: Fix a TSX_CTRL_CPUID_CLEAR field mask issue (stable-5.14.10). - drm/amdgpu: force exit gfxoff on sdma resume for rmb s0ix (stable-5.14.10). - drm/amdgpu: check tiling flags when creating FB on GFX8- (stable-5.14.10). - drm/amd/display: Pass PCI deviceid into DC (stable-5.14.10). - drm/amd/display: initialize backlight_ramping_override to false (stable-5.14.10). - drm/amd/display: Fix Display Flicker on embedded panels (stable-5.14.10). - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (stable-5.14.10). - RDMA/cma: Do not change route.addr.src_addr.ss_family (stable-5.14.10). - media: ir_toy: prevent device from hanging during transmit (stable-5.14.10). - commit 6f1de7d - KVM: x86: Swap order of CPUID entry "index" vs. "significant flag" checks (stable-5.14.10). - KVM: x86: nSVM: don't copy virt_ext from vmcb12 (stable-5.14.10). - KVM: nVMX: Filter out all unsupported controls when eVMCS was activated (stable-5.14.10). - KVM: SEV: Allow some commands for mirror VM (stable-5.14.10). - KVM: SEV: Update svm_vm_copy_asid_from for SEV-ES (stable-5.14.10). - KVM: nVMX: Fix nested bus lock VM exit (stable-5.14.10). - KVM: SEV: Pin guest memory for write for RECEIVE_UPDATE_DATA (stable-5.14.10). - KVM: SVM: fix missing sev_decommission in sev_receive_start (stable-5.14.10). - KVM: SEV: Acquire vcpu mutex when updating VMSA (stable-5.14.10). - KVM: x86: Clear KVM's cached guest CR3 at RESET/INIT (stable-5.14.10). - commit 8610d5e - hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field (stable-5.14.10). - hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field (stable-5.14.10). - hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field (stable-5.14.10). - scsi: ufs: Fix illegal offset in UPIU event trace (stable-5.14.10). - ptp: Fix ptp_kvm_getcrosststamp issue for x86 ptp_kvm (stable-5.14.10). - x86/kvmclock: Move this_cpu_pvti into kvmclock.h (stable-5.14.10). - gpio: pca953x: do not ignore i2c errors (stable-5.14.10). - fs-verity: fix signed integer overflow with i_size near S64_MAX (stable-5.14.10). - KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect() (stable-5.14.10). - platform/x86/intel: hid: Add DMI switches allow list (stable-5.14.10). - commit dbbd415 - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (stable-5.14.10). - commit 3809aa3 - perf iostat: Fix Segmentation fault from NULL 'struct perf_counts_values *' (stable-5.14.10). - perf iostat: Use system-wide mode if the target cpu_list is unspecified (stable-5.14.10). - scsi: ufs: ufs-pci: Fix Intel LKF link stability (stable-5.14.10). - cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory (stable-5.14.10). - drm/amdgpu: stop scheduler when calling hw_fini (v2) (stable-5.14.10). - drm/amdgpu: avoid over-handle of fence driver fini in s3 test (v2) (stable-5.14.10). - drm/amdgpu: adjust fence driver enable sequence (stable-5.14.10). - tty: Fix out-of-bound vmalloc access in imageblit (stable-5.14.10). - cpufreq: schedutil: Use kobject release() method to free sugov_tunables (stable-5.14.10). - commit 18d1b3f - m68k: Update ->thread.esp0 before calling syscall_trace() in ret_from_signal (stable-5.14.10). - NIOS2: fix kconfig unmet dependency warning for SERIAL_CORE_CONSOLE (stable-5.14.10). - perf test: Fix DWARF unwind for optimized builds (stable-5.14.10). - HID: amd_sfh: Fix potential NULL pointer dereference (stable-5.14.10). - kasan: fix Kconfig check of CC_HAS_WORKING_NOSANITIZE_ADDRESS (stable-5.14.10). - scsi: elx: efct: Fix void-pointer-to-enum-cast warning for efc_nport_topology (stable-5.14.10). - s390/qeth: fix deadlock during failing recovery (stable-5.14.10). - s390/qeth: Fix deadlock in remove_discipline (stable-5.14.10). - commit d01f68a - Move upstreamed ccp fix into sorted section also update the reference for stable-5.14.10 - commit 1753e80 - Update patch references for stable-5.14.10 - commit eaa4c68 - blacklist.conf: Add hso patch that has been already cherry-picked - commit 9e1c56c - net: phy: bcm7xxx: Fixed indirect MMD operations (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - phy: tegra: xusb: mark PM functions as __maybe_unused (git-fixes). - phy: marvell: phy-mvebu-a3700-comphy: Remove unsupported modes (git-fixes). - phy: marvell: phy-mvebu-a3700-comphy: Rename HS-SGMMI to 2500Base-X (git-fixes). - phy: marvell: phy-mvebu-cp110-comphy: Rename HS-SGMMI to 2500Base-X (git-fixes). - commit 4a6254c - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors (bsc#1190801). - commit 2dd628c ++++ util-linux: - ipcutils: Avoid potential memory allocation overflow (bsc#1188921, CVE-2021-37600, util-linux-ipcutils-overflow-CVE-2021-37600.patch). - Add bc to BuildRequires to run more complete testsuite, fix testsuite (bsc#1178236#c19, util-linux-ipcs-shmall-overflow-ts.patch). ++++ pcsc-lite: - version 1.9.4 * fix a memory leak when libusb is used for hotplug (i.e. non-Linux systems) ++++ libvirt: - tools: Fix virt-host-validate SEV detection 3f9c1a4b-fix-host-validate-sev.patch boo#1188715 ++++ systemd-presets-common-SUSE: - Haveged as a daemon is no longer required since kernel 5.6 do not enable by default. ++++ util-linux-systemd: - ipcutils: Avoid potential memory allocation overflow (bsc#1188921, CVE-2021-37600, util-linux-ipcutils-overflow-CVE-2021-37600.patch). - Add bc to BuildRequires to run more complete testsuite, fix testsuite (bsc#1178236#c19, util-linux-ipcs-shmall-overflow-ts.patch). ++++ virt-manager: - bsc#1191356 - virt-manager should not depend on gtk4 Modified files: virt-manager.spec virtman-dont-specify-gtksource-version.patch virtman-dont-specify-vte-version.patch ------------------------------------------------------------------ ------------------ 2021-10-6 - Oct 6 2021 ------------------- ------------------------------------------------------------------ ++++ containerd: - Update to containerd v1.4.11, to fix CVE-2021-41103. bsc#1191355 - Switch to Go 1.16.x compiler, in line with upstream. - Update to containerd v1.4.11, to fix CVE-2021-41103 bsc#1191121. bsc#1191355 - Switch to Go 1.16.x compiler, in line with upstream. ++++ docker: - Update to Docker 20.10.9-ce. See upstream changelog online at . bsc#1191355 CVE-2021-41089 bsc#1191015 CVE-2021-41091 bsc#1191434 CVE-2021-41092 bsc#1191334 CVE-2021-41103 bsc#1191121 - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch * 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch - Switch to Go 1.16.x compiler, in line with upstream. ++++ dracut: - Update to version 055+suse.129.g7d8c3ce3: * fix(kernel-modules): add blk_mq_alloc_disk and blk_cleanup_disk to blockfuncs (bsc#1190326) * docs: update SUSE maintainers doc * fix(suse): add 60-io-scheduler.rules (bsc#1188713) * revert: remove /sbin/installkernel script from dracut package * spec: modernize specfile constructs ++++ librsvg: - Update to version 2.52.1: + Fix ordering of tspan inside text elements for right-to-left languages. + Fix text-anchor positioning for right-to-left languages. + Fix regression in computing sizes when an SVG has only one of width/height and a viewBox. + Spec compliance - the writing-mode property applies only to text elements, no to individual tspan elements. + Fix build on big-endian platforms. + Clarify documentation for the rsvg_handle_write() / rsvg_handle_close() deprecated APIs. ++++ hwdata: - Update to version 0.352 (bsc#1191375): + Updated pci, usb and vendor ids. ++++ kernel-default: - supported.conf: adjust support status for int304x_thermal stuff (jsc#SLE-21166) Drop processor_thermal_device_pci_legacy for avoiding messy dependency Also drop int3406_thermal as non-standard - commit c5201d6 - iwlwifi: bump FW API to 66 for AX devices (jsc#SLE-19360). - iwlwifi: mvm: add rtnl_lock() in iwl_mvm_start_get_nvm() (jsc#SLE-19360). - intel: switch from 'pci_' to 'dma_' API (jsc#SLE-19360). - iwlwifi: mvm: don't use FW key ID in beacon protection (jsc#SLE-19360). - iwlwifi: mvm: support broadcast TWT alone (jsc#SLE-19360). - iwlwifi: mvm: introduce iwl_stored_beacon_notif_v3 (jsc#SLE-19360). - iwlwifi: mvm: add support for responder config command version 9 (jsc#SLE-19360). - iwlwifi: mvm: add support for range request command version 13 (jsc#SLE-19360). - commit fe22bed - iwlwifi: allow debug init in RF-kill (jsc#SLE-19360). - iwlwifi: yoyo: support for new DBGI_SRAM region (jsc#SLE-19360). - iwlwifi: add 'Rx control frame to MBSSID' HE capability (jsc#SLE-19360). - iwlwifi: fw: fix debug dump data declarations (jsc#SLE-19360). - iwlwifi: api: remove datamember from struct (jsc#SLE-19360). - iwlwifi: fix __percpu annotation (jsc#SLE-19360). - iwlwifi: pcie: avoid dma unmap/remap in crash dump (jsc#SLE-19360). - iwlwifi: acpi: fill in SAR tables with defaults (jsc#SLE-19360). - iwlwifi: acpi: fill in WGDS table with defaults (jsc#SLE-19360). - iwlwifi: bump FW API to 65 for AX devices (jsc#SLE-19360). - commit 71e2a5f - iwlwifi: acpi: support reading and storing WGDS revision 2 (jsc#SLE-19360). - iwlwifi: mvm: load regdomain at INIT stage (jsc#SLE-19360). - iwlwifi: mvm: Read the PPAG and SAR tables at INIT stage (jsc#SLE-19360). - iwlwifi: mvm: trigger WRT when no beacon heard (jsc#SLE-19360). - iwlwifi: mvm: support version 11 of wowlan statuses notification (jsc#SLE-19360). - iwlwifi: convert flat GEO profile table to a struct version (jsc#SLE-19360). - iwlwifi: remove unused ACPI_WGDS_TABLE_SIZE definition (jsc#SLE-19360). - iwlwifi: support reading and storing EWRD revisions 1 and 2 (jsc#SLE-19360). - iwlwifi: acpi: support reading and storing WRDS revision 1 and 2 (jsc#SLE-19360). - iwlwifi: pass number of chains and sub-bands to iwl_sar_set_profile() (jsc#SLE-19360). - commit d145b8a - iwlwifi: remove ACPI_SAR_NUM_TABLES definition (jsc#SLE-19360). - iwlwifi: convert flat SAR profile table to a struct version (jsc#SLE-19360). - iwlwifi: rename ACPI_SAR_NUM_CHAIN_LIMITS to ACPI_SAR_NUM_CHAINS (jsc#SLE-19360). - iwlwifi: mvm: Refactor setting of SSIDs for 6GHz scan (jsc#SLE-19360). - iwlwifi: mvm: silently drop encrypted frames for unknown station (jsc#SLE-19360). - iwlwifi: mvm: d3: implement RSC command version 5 (jsc#SLE-19360). - iwlwifi: mvm: d3: make key reprogramming iteration optional (jsc#SLE-19360). - iwlwifi: mvm: d3: add separate key iteration for GTK type (jsc#SLE-19360). - iwlwifi: mvm: d3: refactor TSC/RSC configuration (jsc#SLE-19360). - iwlwifi: mvm: d3: remove fixed cmd_flags argument (jsc#SLE-19360). - commit ca7f434 - iwlwifi: mvm: d3: separate TKIP data from key iteration (jsc#SLE-19360). - iwlwifi: mvm: simplify __iwl_mvm_set_sta_key() (jsc#SLE-19360). - iwlwifi: mvm: support new station key API (jsc#SLE-19360). - iwlwifi: pcie: implement Bz reset flow (jsc#SLE-19360). - iwlwifi: implement Bz NMI behaviour (jsc#SLE-19360). - iwlwifi: pcie: implement Bz device startup (jsc#SLE-19360). - iwlwifi: read MAC address from correct place on Bz (jsc#SLE-19360). - iwlwifi: give Bz devices their own name (jsc#SLE-19360). - iwlwifi: split off Bz devices into their own family (jsc#SLE-19360). - iwlwifi: yoyo: cleanup internal buffer allocation in D3 (jsc#SLE-19360). - commit 24443e3 - iwlwifi: mvm: treat MMPDUs in iwl_mvm_mac_tx() as bcast (jsc#SLE-19360). - iwlwifi: mvm: clean up number of HW queues (jsc#SLE-19360). - iwlwifi: use DEFINE_MUTEX() for mutex lock (jsc#SLE-19360). - iwlwifi: remove trailing semicolon in macro definition (jsc#SLE-19360). - iwlwifi: mvm: remove check for vif in iwl_mvm_vif_from_mac80211() (jsc#SLE-19360). - iwlwifi: pcie: remove spaces from queue names (jsc#SLE-19360). - iwlwifi: mvm: restrict FW SMPS request (jsc#SLE-19360). - iwlwifi: mvm: set replay counter on key install (jsc#SLE-19360). - iwlwifi: mvm: remove trigger EAPOL time event (jsc#SLE-19360). - iwlwifi: iwl-dbg-tlv: add info about loading external dbg bin (jsc#SLE-19360). - commit 17e4265 - iwlwifi: mvm: Add support for hidden network scan on 6GHz band (jsc#SLE-19360). - iwlwifi: print PNVM complete notification status in hexadecimal (jsc#SLE-19360). - iwlwifi: pcie: dump error on FW reset handshake failures (jsc#SLE-19360). - iwlwifi: prepare for synchronous error dumps (jsc#SLE-19360). - iwlwifi: pcie: optimise struct iwl_rx_mem_buffer layout (jsc#SLE-19360). - iwlwifi: mvm: avoid FW restart while shutting down (jsc#SLE-19360). - iwlwifi: nvm: enable IEEE80211_HE_PHY_CAP10_HE_MU_M1RU_MAX_LTF (jsc#SLE-19360). - iwlwifi: mvm: set BROADCAST_TWT_SUPPORTED in MAC policy (jsc#SLE-19360). - iwlwifi: iwl-nvm-parse: set STBC flags for HE phy capabilities (jsc#SLE-19360). - commit 63618db - Bluetooth: btusb: Remove WAKEUP_DISABLE and add WAKEUP_AUTOSUSPEND for Realtek devices (jsc#SLE-19360). - Bluetooth: btusb: Fix fall-through warnings (jsc#SLE-19360). - commit 6951c83 - Bluetooth: btintel: Combine setting up MSFT extension (jsc#SLE-19360). - Bluetooth: btintel: Fix the legacy bootloader returns tlv based version (jsc#SLE-19360). - Bluetooth: btintel: Clean the exported function to static (jsc#SLE-19360). - Bluetooth: btintel: Move hci quirks to setup routine (jsc#SLE-19360). - Bluetooth: btintel: Refactoring setup routine for bootloader devices (jsc#SLE-19360). - Bluetooth: btintel: Add combined set_diag functions (jsc#SLE-19360). - Bluetooth: btintel: Fix the LED is not turning off immediately (jsc#SLE-19360). - Bluetooth: btintel: Fix the first HCI command not work with ROM device (jsc#SLE-19360). - Bluetooth: btintel: Add btintel data struct (jsc#SLE-19360). - Bluetooth: btintel: Refactoring setup routine for legacy ROM sku (jsc#SLE-19360). - commit 17ca4db - Bluetooth: btintel: Add combined setup and shutdown functions (jsc#SLE-19360). - Bluetooth: Add support hdev to allocate private data (jsc#SLE-19360). - Bluetooth: btusb: Support Bluetooth Reset for Mediatek Chip(MT7921) (jsc#SLE-19360). - Bluetooth: btusb: Record debug log for Mediatek Chip (jsc#SLE-19360). - Bluetooth: btusb: Enable MSFT extension for Mediatek Chip (MT7921) (jsc#SLE-19360). - Bluetooth: btusb: Enable MSFT extension for Intel next generation controllers (jsc#SLE-19360). - Bluetooth: btusb: Enable MSFT extension for WCN6855 controller (jsc#SLE-19360). - Bluetooth: btusb: Load Broadcom firmware for Dell device 413c:8197 (jsc#SLE-19360). - Bluetooth: btusb: Add valid le states quirk (jsc#SLE-19360). - Bluetooth: btusb: Add support for LG LGSBWAC92/TWCM-K505D (jsc#SLE-19360). - commit 937299d - dmaengine: idxd: Add wq occupancy information to sysfs attribute (jsc#SLE-18899 jsc#SLE-18879). - commit e516bf5 - dmaengine: idxd: remove interrupt disable for dev_lock (jsc#SLE-18899). - dmaengine: idxd: remove interrupt disable for cmd_lock (jsc#SLE-18899). - dmaengine: idxd: fix setting up priv mode for dwq (jsc#SLE-18899). - dmaengine: idxd: set descriptor allocation size to threshold for swq (jsc#SLE-18899). - dmaengine: idxd: remove interrupt flag for completion list spinlock (jsc#SLE-18899). - commit 2bc689b - dmaengine: idxd: rotate portal address for better performance (jsc#SLE-18899). - Refresh patches.suse/dmaengine-idxd-make-submit-failure-path-consistent-o.patch. - commit 7bd460d - dmaengine: idxd: move dsa_drv support to compatible mode (jsc#SLE-18899). - Update config files. - supported.conf: - commit 7221e7b - dmaengine: idxd: make I/O interrupt handler one shot (jsc#SLE-18899). - dmaengine: idxd: add capability check for 'block on fault' attribute (jsc#SLE-18899). - dmaengine: idxd: Fix a possible NULL pointer dereference (jsc#SLE-18899). - dmanegine: idxd: add software command status (jsc#SLE-18899). - dmaengine: idxd: fix uninit var for alt_drv (jsc#SLE-18899). - dmaengine: idxd: Set defaults for GRPCFG traffic class (jsc#SLE-18899). - dmaengine: dsa: move dsa_bus_type out of idxd driver to standalone (jsc#SLE-18899). - dmaengine: idxd: create user driver for wq 'device' (jsc#SLE-18899). - commit 4e952b7 - dmaengine: idxd: fix bus_probe() and bus_remove() for dsa_bus (jsc#SLE-18899). - commit 17f971a - dmaengine: idxd: remove bus shutdown (jsc#SLE-18899). - commit f31b4c7 - dmaengine: idxd: move wq_disable() to device.c (jsc#SLE-18899). - commit 8c805eb - dmaengine: idxd: create dmaengine driver for wq 'device' (jsc#SLE-18899). - dmaengine: idxd: create idxd_device sub-driver (jsc#SLE-18899). - dmaengine: idxd: add type to driver in order to allow device matching (jsc#SLE-18899). - dmanegine: idxd: open code the dsa_drv registration (jsc#SLE-18899). - dmaengine: idxd: idxd: move remove() bits for idxd 'struct device' to device.c (jsc#SLE-18899). - dmaengine: idxd: move probe() bits for idxd 'struct device' to device.c (jsc#SLE-18899). - dmaengine: idxd: remove iax_bus_type prototype (jsc#SLE-18899). - commit de16d0c - dmaengine: idxd: add 'struct idxd_dev' as wrapper for conf_dev (jsc#SLE-18899). - commit a7597b1 - dmaengine: idxd: assign MSIX vectors to each WQ rather than roundrobin (jsc#SLE-18899). - commit 2cfacbf - dmaengine: idxd: move wq_enable() to device.c (jsc#SLE-18899). - dmaengine: idxd: remove IDXD_DEV_CONF_READY (jsc#SLE-18899). - dmaengine: idxd: add driver name (jsc#SLE-18899). - dmaengine: idxd: add driver register helper (jsc#SLE-18899). - dmaengine: idxd: Simplify code and axe the use of a deprecated API (jsc#SLE-18899). - commit a03dd8e - supported.conf: Mark int340x thermal modules as supported (jsc#SLE-21166) - commit 1722883 ++++ python3-core: - Due to conflicting demands of bsc#1183858 and platforms where Python 3.6 is only in interpreter+pip set we have to make complicated ugly construct about Sphinx BR. ++++ pam: - Corrected macros.pam entry for %_pam_moduledir Cleanup in pam.spec: * Replaced all references to ${_lib}/security in pam.spec by %{_pam_moduledir} * Removed definition of (unused) "amdir". ++++ python3: - Due to conflicting demands of bsc#1183858 and platforms where Python 3.6 is only in interpreter+pip set we have to make complicated ugly construct about Sphinx BR. ++++ rpm: - backport zstd detection fix [bsc#1187670] new patch: zstddetection.diff - backport ndb rofs support [bsc#1188548] new patch: ndbrofs.diff - backport pgp hardening changes from upstream [bsc#1185299] new patch: pgpharden.diff - fix deadlock when multiple rpm processes try tp acquire the database lock [bsc#1183659] new patch: deadlock.diff ++++ rpm-config-SUSE: - Support ZSTD compressed kernel modules [bsc#1190850, bsc1190850-support-zstd-compressed-kernel-modules.patch] ------------------------------------------------------------------ ------------------ 2021-10-5 - Oct 5 2021 ------------------- ------------------------------------------------------------------ ++++ libguestfs: - Update spec file licenses to GPL-2.0-or-later ++++ iproute2: - follow-up fixes backported from upstream (bsc#1191316): tree-wide-fix-some-typos-found-by-Lintian.patch configure-restore-backward-compatibility.patch man-ip-link-remove-double-of.patch mptcp-unbreak-JSON-endpoint-list.patch - upgrade to upstream version 5.14 (jsc#SLE-17360 jsc#SLE-18994 jsc#SLE-19271) * replace upstream tarball and signature * update specfile with changes from Factory package * drop mainline backports contained in 5.14: - Revert-bpf-replace-snprintf-with-asprintf-when-deali.patch - bpf-Fixes-a-snprintf-truncation-warning.patch - bpf-replace-snprintf-with-asprintf-when-dealing-with.patch - bridge-Deduplicate-vlan-show-functions.patch - bridge-Fix-BRIDGE_VLAN_TUNNEL-attribute-sizes.patch - bridge-Fix-output-with-empty-vlan-lists.patch - bridge-Fix-src_vni-argument-in-man-page.patch - bridge-Fix-tunnelshow-json-output.patch - bridge-Fix-typo-in-error-messages.patch - bridge-Fix-typo.patch - bridge-Fix-vni-printing.patch - bridge-fdb-show-fix-fdb-entry-state-output-for-json-.patch - bridge-fix-string-length-warning.patch - devlink-Add-a-new-time-stamp-format-for-health-repor.patch - devlink-Add-helper-for-left-justification-print.patch - devlink-Fix-fmsg-nesting-in-non-JSON-output.patch - devlink-Fix-inconsistency-between-command-input-and-.patch - devlink-Left-justification-on-FMSG-output.patch - devlink-Print-health-reporter-s-dump-time-stamp-in-a.patch - devlink-allow-full-range-of-resource-sizes.patch - devlink-always-check-strslashrsplit-return-value.patch - devlink-fix-uninitialized-warning.patch - devlink-require-resource-parameters.patch - erspan-fix-JSON-output.patch - erspan-set-erspan_ver-to-1-by-default.patch - f_u32-fix-compiler-gcc-10-compiler-warning.patch - introduce-print_masked_u16-and-print_masked_u32.patch - ip-add-support-for-alternative-name-addition-deletio.patch - ip-allow-to-use-alternative-names-as-handle.patch - ip-drop-2-char-command-assumption.patch - ip-fix-ip-route-show-json-output-for-multipath-nexth.patch - ip-fix-link-type-and-vlan-oneline-output.patch - ip-fix-oneline-output.patch - ip-iplink_ipoib.c-Remove-extra-spaces.patch - ip-link-Fix-indenting-in-help-text.patch - ip-link-xstats-fix-TX-IGMP-reports-string.patch - ip-link_gre-Do-not-send-ERSPAN-attributes-to-GRE-tun.patch - ip-route-ignore-ENOENT-during-save-if-RT_TABLE_MAIN-.patch - ip-xfrm-Fix-help-messages.patch - ip-xfrm-if_id-ve-value-is-error.patch - ip-xfrm-limit-the-length-of-the-security-context-nam.patch - ip-xfrm-update-man-page-on-setting-printing-XFRMA_IF.patch - ipmonitor-Fix-recvmsg-with-ancillary-data.patch - json_print-Remove-declaration-without-implementation.patch - lib-bpf-Fix-and-simplify-bpf_mnt_check_target.patch - lib-bpf_legacy-avoid-to-pass-invalid-argument-to-clo.patch - lib-bpf_legacy-fix-missing-socket-close-when-connect.patch - lib-bpf_legacy-treat-0-as-a-valid-file-descriptor.patch - lib-fs-avoid-double-call-to-mkdir-on-make_path.patch - lib-ll_map-cache-alternative-names.patch - lib-namespace-fix-ip-all-netns-return-code.patch - libnetlink-check-error-handler-is-present-before-a-c.patch - man-bridge-fix-the-typo-to-change-c-lor-into-c-olor-.patch - man-fix-syntax-for-ip-link-property.patch - nexthop-fix-error-reporting-in-filter-dump.patch - nexthop-fix-memory-leak-in-add_nh_group_attr.patch - q_cake-Fix-incorrect-printing-of-signed-values-in-cl.patch - rdma-Fix-statistics-bind-unbing-argument-handling.patch - rdma-stat-fix-return-code.patch - rdma-stat-initialize-ret-in-stat_qp_show_parse_cb.patch - ss-fix-end-of-line-printing-in-misc-ss.c.patch - ss-fix-fallback-to-procfs-for-raw-sockets.patch - tc-action-fix-time-values-output-in-JSON-format.patch - tc-fix-segmentation-fault-on-gact-action.patch - tc-fix-warning-in-tc-q_pie.c.patch - tc-flower-fix-output-for-ip-tos-and-ttl.patch - tc-fq_codel-fix-class-stat-deficit-is-signed-int.patch - tc-fq_codel-fix-missing-statistic-in-JSON-output.patch - tc-pie-add-dq_rate_estimator-option.patch - tc-u32-Fix-key-folding-in-sample-option.patch - tc_util-add-an-option-to-print-masked-numbers-with-w.patch - tc_util-add-functions-for-big-endian-masked-numbers.patch - tc_util-introduce-a-function-to-print-JSON-non-JSON-.patch - testsuite-Fix-line-count-test.patch - tipc-fixed-a-compile-warning-in-tipc-link.c.patch - xfrm-also-check-for-ipv6-state-in-xfrm_state_keep.patch - xfrm-not-try-to-delete-ipcomp-states-when-using-dele.patch * drop non-upstream patches obsoleted by rebase to 5.14: - sync-UAPI-header-copies-with-SLE15-SP2.patch - examples-fix-bashisms-in-example-script.patch * refresh remaining patches: - lib-bpf_legacy-fix-bpffs-mount-when-sys-fs-bpf-exist.patch - split-link-and-compile-steps-for-binaries.patch - tc-f_flower-fix-port-range-parsing.patch - xfrm-support-displaying-transformations-used-for-Mob.patch ++++ open-iscsi: - Fix possible systemd cycle by adding an "obsoletes" for the old libopeniscsiusr for older versions. ++++ kernel-default: - sched: Provide Kconfig support for default dynamic preempt mode (jsc#SLE-19284). - commit d005a21 - rpm: use _rpmmacrodir (boo#1191384) - commit e350c14 - dmaengine: ptdma: remove PT_OFFSET to avoid redefnition (jsc#SLE-21315). - dmaengine: ptdma: Add debugfs entries for PTDMA (jsc#SLE-21315). - dmaengine: ptdma: register PTDMA controller as a DMA resource (jsc#SLE-21315). - dmaengine: ptdma: Initial driver for the AMD PTDMA (jsc#SLE-21315). - Update config files. - supported.conf: add ptdma - commit 022131f - platform/x86/intel: pmc/core: Add GBE Package C10 fix for Alder Lake PCH (jsc#SLE-18901). - platform/x86/intel: pmc/core: Add Alder Lake low power mode support for pmc core (jsc#SLE-18901). - platform/x86/intel: pmc/core: Add Latency Tolerance Reporting (LTR) support to Alder Lake (jsc#SLE-18901). - platform/x86/intel: pmc/core: Add Alderlake support to pmc core driver (jsc#SLE-18901). - platform/x86: intel_pmc_core: Move to intel sub-directory (jsc#SLE-18901). - Update config files. - platform/x86: intel_pmc_core: Prevent possibile overflow (jsc#SLE-18901). - commit 3c79db0 - KVM: s390: Enable specification exception interpretation (jsc#SLE-18701). - commit 8842950 ++++ systemd: - No need to install upstream pam configuration file "systemd-user" It's overwritten by the SUSE version anyway. ++++ raspberrypi-firmware: - Update to b5257da58c (2021-09-30): * firmware: arm_loader: Allow non-optional reads of current clock See: #1619 * firmware: dispmanx: Demote null eptr from vcos_verify to no warning See: raspberrypi/linux#4592 * firmware: filesystem: sdcard: Probe FAT type in GPT ESD partitions * firmware: tvservice: Add check to warn when running with kms * firmware: filesystem: sdcard: Fix Hybrid GPT partitions See: #1465 * firmware: video_decode: Ensure all buffers are flushed before port disable completes * firmware: arm_loader: Allow hvs interrupt during SET_NOTIFY_DISPLAY_DONE * firmware: arm_display: Allow null buffer in successful call See: raspberrypi/linux#4540 ++++ raspberrypi-firmware-config: - Update to b5257da58c (2021-09-30): * firmware: arm_loader: Allow non-optional reads of current clock See: #1619 * firmware: dispmanx: Demote null eptr from vcos_verify to no warning See: raspberrypi/linux#4592 * firmware: filesystem: sdcard: Probe FAT type in GPT ESD partitions * firmware: tvservice: Add check to warn when running with kms * firmware: filesystem: sdcard: Fix Hybrid GPT partitions See: #1465 * firmware: video_decode: Ensure all buffers are flushed before port disable completes * firmware: arm_loader: Allow hvs interrupt during SET_NOTIFY_DISPLAY_DONE * firmware: arm_display: Allow null buffer in successful call See: raspberrypi/linux#4540 ++++ trousers: - update to new upstream version 0.3.15 (jira#SLE-18269): - Corrected mutliple security issues that existed if the tcsd is started by root instead of the tss user. CVE-2020-24332, CVE-2020-24330, CVE-2020-24331 - Replaced use of _no_optimize with asm memory barrier - Fixed multiple potential instances of use after free memory handling - Removed unused global variables which caused build issue on some distros - drop bsc1164472.patch: now contained in upstream tarball - adjusted %setup macro invocation which seemed to be wrong ++++ u-boot-rpiarm64: - Update to 2021.10 ------------------------------------------------------------------ ------------------ 2021-10-4 - Oct 4 2021 ------------------- ------------------------------------------------------------------ ++++ bash-completion: - Add patch boo1190929-9af4afd0.patch for boo#1190929 modinfo completion fails to recognize .ko.xz ++++ e2fsprogs: - Add references from old package: Autoreconf removed from the spec file, just without bsc reference (bsc#1183791) Fix po-remove-unnecessary-buggy-positional-parameter-spe.patch in 1.45.3 (bsc#1170964) Fix e2fsck-clarify-overflow-link-count-error-message.patch in 1.46.0 (bsc#1160979) Fix ext2fs-update-allocation-info-earlier-in-ext2fs_mkdi.patch in 1.46.0 (bsc#1160979) Fix ext2fs-implement-dir-entry-creation-in-htree-directo.patch in 1.46.0 (bsc#1160979) Fix tests-add-test-to-excercise-indexed-directories-with.patch in 1.46.0 (bsc#1160979) Fix tune2fs-update-dir-checksums-when-clearing-dir_index.patch in 1.46.0 (bsc#1160979) Fix e2fsck-abort-if-there-is-a-corrupted-directory-block.patch in 1.45.5 (bsc#1160571 CVE-2019-5188) Fix e2fsck-don-t-try-to-rehash-a-deleted-directory.patch in 1.45.5 (bsc#1160571 CVE-2019-5188) Fix resize2fs-Make-minimum-size-estimates-more-reliable.patch in 1.45.5 (bsc#1154295) Fix libsupport-add-checks-to-prevent-buffer-overrun-bugs.patch in 1.45.4 (bsc#1152101 CVE-2019-5094) Fix libext2fs-call-fsync-2-to-clear-stale-errors-for-a-n.patch in 1.44.3 (bsc#1145716) Fix e2fsck-check-and-fix-tails-of-all-bitmaps.patch in 1.45.1 (bsc#1128383) Fix libext2fs-Fix-fsync-2-detection.patch in 1.44.0 (bsc#1038194) Fix resize2fs-Fix-32-64-bit-overflow-when-multiplying-by-blocks-cl.patch in 1.42.12 (bsc#1009532) Fix libext2fs-fix-potential-buffer-overflow-in-closefs.patch in 1.42.13 (bsc#918346 CVE-2015-1572) Fix libext2fs-avoid-buffer-overflow-if-s_first_meta_bg-i.patch in 1.42.12 (bsc#915402 CVE-2015-0247) Got specfile fix through Factory (bsc#960273) Fix libext2fs-don-t-ignore-fsync-errors.patch in 1.43.4 (bsc#1038194) ++++ haproxy: - Update to version 2.4.7+git0.b5e51a5e2: * [RELEASE] Released version 2.4.7 * BUG/MEDIUM: http-ana: Clear request analyzers when applying redirect rule - Update to version 2.4.6+git0.d83fd76a1: * [RELEASE] Released version 2.4.6 * BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release ++++ iproute2: - follow-up fixes backported from upstream (bsc#1160242): ss-fix-end-of-line-printing-in-misc-ss.c.patch xfrm-also-check-for-ipv6-state-in-xfrm_state_keep.patch bridge-Fix-typo.patch bridge-Fix-output-with-empty-vlan-lists.patch tc-action-fix-time-values-output-in-JSON-format.patch Revert-bpf-replace-snprintf-with-asprintf-when-deali.patch bpf-Fixes-a-snprintf-truncation-warning.patch tipc-fixed-a-compile-warning-in-tipc-link.c.patch ip-xfrm-update-man-page-on-setting-printing-XFRMA_IF.patch bridge-fdb-show-fix-fdb-entry-state-output-for-json-.patch ip-link-Fix-indenting-in-help-text.patch ip-iplink_ipoib.c-Remove-extra-spaces.patch devlink-fix-uninitialized-warning.patch bridge-fix-string-length-warning.patch f_u32-fix-compiler-gcc-10-compiler-warning.patch rdma-Fix-statistics-bind-unbing-argument-handling.patch lib-namespace-fix-ip-all-netns-return-code.patch lib-bpf-Fix-and-simplify-bpf_mnt_check_target.patch lib-fs-avoid-double-call-to-mkdir-on-make_path.patch q_cake-Fix-incorrect-printing-of-signed-values-in-cl.patch ip-xfrm-limit-the-length-of-the-security-context-nam.patch erspan-fix-JSON-output.patch devlink-always-check-strslashrsplit-return-value.patch nexthop-fix-memory-leak-in-add_nh_group_attr.patch rdma-stat-initialize-ret-in-stat_qp_show_parse_cb.patch rdma-stat-fix-return-code.patch lib-bpf_legacy-treat-0-as-a-valid-file-descriptor.patch lib-bpf_legacy-fix-missing-socket-close-when-connect.patch ip-drop-2-char-command-assumption.patch man-fix-syntax-for-ip-link-property.patch lib-bpf_legacy-avoid-to-pass-invalid-argument-to-clo.patch ip-route-ignore-ENOENT-during-save-if-RT_TABLE_MAIN-.patch libnetlink-check-error-handler-is-present-before-a-c.patch ipmonitor-Fix-recvmsg-with-ancillary-data.patch tc-u32-Fix-key-folding-in-sample-option.patch man-bridge-fix-the-typo-to-change-c-lor-into-c-olor-.patch ss-fix-fallback-to-procfs-for-raw-sockets.patch iptuntap-fix-multi-queue-flag-display.patch tc-f_flower-fix-port-range-parsing.patch lib-bpf_legacy-fix-bpffs-mount-when-sys-fs-bpf-exist.patch - refresh: ip-link_gre-Do-not-send-ERSPAN-attributes-to-GRE-tun.patch tc-fq_codel-fix-class-stat-deficit-is-signed-int.patch ++++ kernel-default: - sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292). Update patch metadata only. - commit fafcc7b - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115 CVE-2021-3759). - commit c04a838 - sched/fair: Null terminate buffer when updating tunable_scaling (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Add ancestors of unthrottled undecayed cfs_rq (git fixes (sched)). - commit 543c3ae - powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729). - powerpc/perf: Use stack siar instead of mfspr (bsc#1065729). - commit cdeb3a8 - interconnect: qcom: sdm660: Correct NOC_QOS_PRIORITY shift and mask (git-fixes). - interconnect: qcom: sdm660: Fix id of slv_cnoc_mnoc_cfg (git-fixes). - net: mdiobus: Set FWNODE_FLAG_NEEDS_CHILD_BOUND_ON_ADD for mdiobus parents (git-fixes). - driver core: fw_devlink: Add support for FWNODE_FLAG_NEEDS_CHILD_BOUND_ON_ADD (git-fixes). - driver core: fw_devlink: Improve handling of cyclic dependencies (git-fixes). - commit aa09d6c - net: introduce and use lock_sock_fast_nested() (git-fixes). - commit b1f25e6 - net: core: Correct the sock::sk_lock.owned lockdep annotations (bsc#1189998). - Documentation: core-api/cpuhotplug: Rewrite the API section (bsc#1189998). - tracing: Add migrate-disabled counter to tracing output (bsc#1189998). - docs/core-api: Modify document layout (bsc#1189998). - debugobjects: Make them PREEMPT_RT aware (bsc#1189998). - eventfd: Make signal recursion protection a task bit (bsc#1189998). - commit 866a31a ++++ Mesa: - Fix build with LLVM 13: * U_gallivm-add-new-wrapper-around-Module.patch * U_gallivm-fix-FTBFS-on-i386-with-LLVM-13.patch ++++ lz4: - version 1.9.3 fixes also CVE-2021-3520 [bsc#1185438] ++++ libzypp: - Downloader does not respect checkExistsOnly flag (bsc#1190712) A missing check causes zyppng::Downloader to always download full files even if the checkExistsOnly flag is set. This patch adds the missing logic. - Fix kernel-*-livepatch removal in purge-kernels (bsc#1190815) The kernel-*-livepatch packages are supposed to serve as a stable handle for the ephemeral kernel livepatch packages. See FATE#320268 for details. As part of the kernel live patching ecosystem, kernel-*-livepatch packages should not block the purge-kernels step. - version 17.28.5 (22) ++++ opensc: - Update to OpenSC 0.22.0: * Removed changes in opensc-gcc11.patch already present in upstream. - See https://github.com/OpenSC/OpenSC/pull/2241/commits/e549e9c62eb4fcd2260800e2665071e4dd9bbbda * Removed some false positives from the openrc-rpmlintrc file. * Use standard paths for file cache on Linux (#2148) and OSX (#2214) * Various issues of memory/buffer handling in legacy drivers mostly reported by oss-fuzz and coverity (tcos, oberthur, isoapplet, iasecc, westcos, gpk, flex, dnie, mcrd, authentic, belpic) * Add threading test to `pkcs11-tool` (#2067) * Add support to generate generic secret keys (#2140) * `opensc-explorer`: Print information about LCS (Life cycle status byte) (#2195) * Add support for Apple's arm64 (M1) binaries, removed TokenD. A seperate installer with TokenD (and without arm64 binaries) will be available (#2179). * Support for gcc11 and its new strict aliasing rules (#2241, #2260) * Initial support for building with OpenSSL 3.0 (#2343) * pkcs15-tool: Write data objects in binary mode (#2324) * Avoid limited size of log messages (#2352) * Support for ECDSA verification (#2211) * Support for ECDSA with different SHA hashes (#2190) * Prevent issues in p11-kit by not returning unexpected return codes (#2207) * Add support for PKCS#11 3.0: The new interfaces, profile objects and functions (#2096, #2293) * Standardize the version 2 on 2.20 in the code (#2096) * Fix CKA_MODIFIABLE and CKA_EXTRACTABLE (#2176) * Copy arguments of C_Initialize (#2350) * Fix RSA-PSS signing (#2234) * Fix DO deletion (#2215) * Add support for (X)EdDSA keys (#1960) * Add support for applet version 3 and fix RSA-PSS mechanisms (#2205) * Add support for applet version 4 (#2332) * New configuration option for opensc.conf to disable pkcs1_padding (#2193) * Add support for ECDSA with different hashes (#2190) * Enable more mechanisms (#2178) * Fixed asking for a user pin when formatting a card (#1737) * Added support for French CPx Healthcare cards (#2217) * Added ATR for new CardOS 5.4 version (#2296) * Fixes security issues: * tcos: use after return (bsc#1192005, CVE-2021-42780) * oberthur: use after free (bsc#1191992, CVE-2021-42779) * oberthur: multiple heap buffer overflows (bsc#1192000, CVE-2021-42781) * multiple stack buffer overflow issues (bsc#1191957, CVE-2021-42782) ++++ salt: - Do not break master_tops for minion with version lower to 3003 - Support querying for JSON data in external sql pillar - Added: * do-not-break-master_tops-for-minion-with-version-low.patch * 3003.3-postgresql-json-support-in-pillar-423.patch - Update to Salt release version 3003.3 (jsc#SLE-22204) * See release notes: https://docs.saltstack.com/en/latest/topics/releases/3003.3.html - Added: * do-not-break-master_tops-for-minion-with-version-low.patch * support-transactional-systems-microos.patch * allow-vendor-change-option-with-zypper.patch * 3003.3-postgresql-json-support-in-pillar-423.patch * virt-enhancements.patch - Modified: * return-the-expected-powerpc-os-arch-bsc-1117995.patch * include-aliases-in-the-fqdns-grains.patch * do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch * do-not-monkey-patch-yaml-bsc-1177474.patch * improvements-on-ansiblegate-module-354.patch * better-handling-of-bad-public-keys-from-minions-bsc-.patch * fixes-56144-to-enable-hotadd-profile-support.patch * use-adler32-algorithm-to-compute-string-checksums.patch * enhance-openscap-module-add-xccdf_eval-call-386.patch * add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch * implementation-of-held-unheld-functions-for-state-pk.patch * x509-fixes-111.patch * parsing-epoch-out-of-version-provided-during-pkg-rem.patch * fix-wrong-test_mod_del_repo_multiline_values-test-af.patch * add-migrated-state-and-gpg-key-management-functions-.patch * figure-out-python-interpreter-to-use-inside-containe.patch * implementation-of-suse_ip-execution-module-bsc-10999.patch * templates-move-the-globals-up-to-the-environment-jin.patch * debian-info_installed-compatibility-50453.patch * add-missing-aarch64-to-rpm-package-architectures-405.patch * revert-fixing-a-use-case-when-multiple-inotify-beaco.patch * prevent-logging-deadlock-on-salt-api-subprocesses-bs.patch * add-astra-linux-common-edition-to-the-os-family-list.patch * fix-bsc-1065792.patch * adding-preliminary-support-for-rocky.-59682-391.patch * fix-exception-in-yumpkg.remove-for-not-installed-pac.patch * async-batch-implementation.patch * make-aptpkg.list_repos-compatible-on-enabled-disable.patch * adds-explicit-type-cast-for-port.patch * restore-default-behaviour-of-pkg-list-return.patch * add-custom-suse-capabilities-as-grains.patch * temporary-fix-extend-the-whitelist-of-allowed-comman.patch * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch * update-target-fix-for-salt-ssh-to-process-targets-li.patch * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch * early-feature-support-config.patch - Removed: * virt-pass-emulator-when-getting-domain-capabilities-.patch * fix-virt.update-with-cpu-defined-263.patch * fix-unit-tests-for-batch-async-after-refactor.patch * opensuse-3000.3-spacewalk-runner-parse-command-250.patch * python3.8-compatibility-pr-s-235.patch * support-for-btrfs-and-xfs-in-parted-and-mkfs.patch * fixed-bug-lvm-has-no-parttion-type.-the-scipt-later-.patch * do-not-break-repo-files-with-multiple-line-values-on.patch * fix-failing-unit-tests-for-batch-async.patch * prevent-command-injection-in-the-snapper-module-bsc-.patch * accumulated-changes-from-yomi-167.patch * add-docker-logout-237.patch * use-threadpool-from-multiprocessing.pool-to-avoid-le.patch * get-os_arch-also-without-rpm-package-installed.patch * loosen-azure-sdk-dependencies-in-azurearm-cloud-driv.patch * add-hold-unhold-functions.patch * fix-zypper-pkg.list_pkgs-expectation-and-dpkg-mockin.patch * improve-batch_async-to-release-consumed-memory-bsc-1.patch * support-config-non-root-permission-issues-fixes-u-50.patch * virt-use-dev-kvm-to-detect-kvm-383.patch * fix-unit-test-for-grains-core.patch * do-not-make-ansiblegate-to-crash-on-python3-minions.patch * open-suse-3002.2-xen-grub-316.patch * transactional_update-detect-recursion-in-the-executo.patch * fix-zypper.list_pkgs-to-be-aligned-with-pkg-state.patch * grains-master-can-read-grains.patch * remove-arch-from-name-when-pkg.list_pkgs-is-called-w.patch * fix-batch_async-obsolete-test.patch * remove-deprecated-usage-of-no_mock-and-no_mock_reaso.patch * backport-thread.is_alive-fix-390.patch * backport-virt-patches-from-3001-256.patch * fix-cve-2020-25592-and-add-tests-bsc-1178319.patch * handle-volumes-on-stopped-pools-in-virt.vm_info-373.patch * loop-fix-variable-names-for-until_no_eval.patch * add-saltssh-multi-version-support-across-python-inte.patch * do-not-raise-streamclosederror-traceback-but-only-lo.patch * add-new-custom-suse-capability-for-saltutil-state-mo.patch * exclude-the-full-path-of-a-download-url-to-prevent-i.patch * zypperpkg-filter-patterns-that-start-with-dot-244.patch * virt._get_domain-don-t-raise-an-exception-if-there-i.patch * add-batch_presence_ping_timeout-and-batch_presence_p.patch * ensure-virt.update-stop_on_reboot-is-updated-with-it.patch * opensuse-3000-virt-defined-states-222.patch * changed-imports-to-vendored-tornado.patch * add-virt.all_capabilities.patch * fix-for-some-cves-bsc1181550.patch * fix-grains.test_core-unit-test-277.patch * path-replace-functools.wraps-with-six.wraps-bsc-1177.patch * implement-network.fqdns-module-function-bsc-1134860-.patch * prevent-race-condition-on-sigterm-for-the-minion-bsc.patch * ansiblegate-take-care-of-failed-skipped-and-unreacha.patch * do-not-crash-when-there-are-ipv6-established-connect.patch * grains.extra-support-old-non-intel-kernels-bsc-11806.patch * fall-back-to-pymysql.patch * virt-uefi-fix-backport-312.patch * reintroducing-reverted-changes.patch * allow-extra_filerefs-as-sanitized-kwargs-for-ssh-cli.patch * virt-adding-kernel-boot-parameters-to-libvirt-xml-55.patch * calculate-fqdns-in-parallel-to-avoid-blockings-bsc-1.patch * batch_async-avoid-using-fnmatch-to-match-event-217.patch * fix-memory-leak-produced-by-batch-async-find_jobs-me.patch * make-profiles-a-package.patch * handle-master-tops-data-when-states-are-applied-by-t.patch * 3002.2-xen-spicevmc-dns-srv-records-backports-314.patch * sanitize-grains-loaded-from-roster_grains.json.patch * pkgrepo-support-python-2.7-function-call-295.patch * integration-of-msi-authentication-with-azurearm-clou.patch * fix-regression-on-cmd.run-when-passing-tuples-as-cmd.patch * opensuse-3000-libvirt-engine-fixes-251.patch * revert-add-patch-support-for-allow-vendor-change-opt.patch * allow-passing-kwargs-to-pkg.list_downloaded-bsc-1140.patch * prevent-import-errors-when-running-test_btrfs-unit-t.patch * transactional_update-unify-with-chroot.call.patch * batch-async-catch-exceptions-and-safety-unregister-a.patch * fix-novendorchange-option-284.patch * fix-async-batch-race-conditions.patch * regression-fix-of-salt-ssh-on-processing-targets-353.patch * move-vendor-change-logic-to-zypper-class-355.patch * fixes-cve-2018-15750-cve-2018-15751.patch * virt.network_update-handle-missing-ipv4-netmask-attr.patch * add-supportconfig-module-for-remote-calls-and-saltss.patch * use-current-ioloop-for-the-localclient-instance-of-b.patch * prevent-systemd-run-description-issue-when-running-a.patch * backport-a-few-virt-prs-272.patch * fix-issue-parsing-errors-in-ansiblegate-state-module.patch * fix-__mount_device-wrapper-254.patch * provide-the-missing-features-required-for-yomi-yet-o.patch * move-server_id-deprecation-warning-to-reduce-log-spa.patch * strip-trailing-from-repo.uri-when-comparing-repos-in.patch * xfs-do-not-fails-if-type-is-not-present.patch * add-cpe_name-for-osversion-grain-parsing-u-49946.patch * avoid-traceback-when-http.query-request-cannot-be-pe.patch * fix-a-wrong-rebase-in-test_core.py-180.patch * remove-vendored-backports-abc-from-requirements.patch * remove-deprecated-warning-that-breaks-miniion-execut.patch * re-adding-function-to-test-for-root.patch * fix-async-batch-multiple-done-events.patch * 3002-set-distro-requirement-to-oldest-supported-vers.patch * backport-of-upstream-pr59492-to-3002.2-404.patch * fix-error-handling-in-openscap-module-bsc-1188647-40.patch * accumulated-changes-required-for-yomi-165.patch * add-pkg.services_need_restart-302.patch * remove-unnecessary-yield-causing-badyielderror-bsc-1.patch * add-all_versions-parameter-to-include-all-installed-.patch * prevent-test_mod_del_repo_multiline_values-to-fail.patch * fix-for-temp-folder-definition-in-loader-unit-test.patch * opensuse-3000.2-virt-backports-236-257.patch * drop-wrong-mock-from-chroot-unit-test.patch * option-to-en-disable-force-refresh-in-zypper-215.patch * fix-failing-unit-tests-for-systemd.patch * fix-the-removed-six.itermitems-and-six.-_type-262.patch * fixing-streamclosed-issue.patch * fix-onlyif-unless-when-multiple-conditions-bsc-11808.patch * invalidate-file-list-cache-when-cache-file-modified-.patch * add-almalinux-and-alibaba-cloud-linux-to-the-os-fami.patch * allow-vendor-change-option-with-zypper-313.patch * xen-disk-fixes-264.patch * fix-git_pillar-merging-across-multiple-__env__-repos.patch * drop-wrong-virt-capabilities-code-after-rebasing-pat.patch * do-noop-for-services-states-when-running-systemd-in-.patch * open-suse-3002.2-bigvm-310.patch * fix-for-log-checking-in-x509-test.patch * open-suse-3002.2-virt-network-311.patch * async-batch-implementation-fix-320.patch * apply-patch-from-upstream-to-support-python-3.8.patch * add-multi-file-support-and-globbing-to-the-filetree-.patch * add-patch-support-for-allow-vendor-change-option-wit.patch * fix-ipv6-scope-bsc-1108557.patch * remove-msgpack-1.0.0-requirement-in-the-installed-me.patch * fix-aptpkg-systemd-call-bsc-1143301.patch * prevent-ansiblegate-unit-tests-to-fail-on-ubuntu.patch * support-transactional-systems-microos-271.patch - Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996) - Added: * exclude-the-full-path-of-a-download-url-to-prevent-i.patch ++++ rsync: - Update to 3.2.3 in SLE-15-SP4 [jsc#SLE-21252] * Rebase rsync-no-libattr.patch ++++ supportutils: - Installing to /usr/sbin instead of /sbin (bsc#1191096) - Added shared memory as a log directory for emergency use (bsc#1190943) ++++ suse-module-tools: - Update to version 15.4.5: * inkmp-script(postun): don't pass existing files to weak-modules2 (boo#1191200) * kernel-scriptlets: skip cert scriptlet on non-UEFI systems (boo#1191260) ++++ virt-manager: - jsc#SLE-20856 Dev: KVM: Enable vfio-ccw and vfio-ap in virt-* tools 965480e8-virt-install-add-mediated-device.patch ++++ yast2-trans: - Update to version 84.87.20210929.6d3a97ea50: * New POT for text domain 'nfs'. * New POT for text domain 'network'. * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * New POT for text domain 'cluster'. * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * New POT for text domain 'network'. * Translated using Weblate (Greek) * Translated using Weblate (Greek) * New POT for text domain 'add-on'. * Translated using Weblate (Czech) * New POT for text domain 'base'. * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * New POT for text domain 'packager'. * New POT for text domain 'online-update'. * New POT for text domain 'bootloader'. * New POT for text domain 'base'. * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) ------------------------------------------------------------------ ------------------ 2021-10-3 - Oct 3 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - hwmon: (pmbus/mp2975) Add missed POUT attribute for page 1 mp2975 controller (git-fixes). - hwmon: (occ) Fix P10 VRM temp sensors (git-fixes). - hwmon: (tmp421) fix rounding for negative values (git-fixes). - hwmon: (tmp421) report /PVLD condition as fault (git-fixes). - hwmon: (tmp421) handle I2C errors (git-fixes). - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes). - ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect (git-fixes). - drm/i915: Remove warning from the rps worker (git-fixes). - drm/i915/request: fix early tracepoints (git-fixes). - drm/i915/gvt: fix the usage of ww lock in gvt scheduler (git-fixes). - commit 303323b ------------------------------------------------------------------ ------------------ 2021-10-2 - Oct 2 2021 ------------------- ------------------------------------------------------------------ ++++ ca-certificates-mozilla: - updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added CAs: + HARICA Client ECC Root CA 2021 + HARICA Client RSA Root CA 2021 + HARICA TLS ECC Root CA 2021 + HARICA TLS RSA Root CA 2021 + TunTrust Root CA ++++ libsoup2: - Add libsoup2-extend-test-cert.patch to fix tests after 2027 (boo#1102840) ++++ xkeyboard-config: - U_Fix-media-keys-lag-on-ABNT2-keyboard.patch * fixes wrong keyboard mapping causing input delays with ABNT2 keyboards (bsc#1191242) ------------------------------------------------------------------ ------------------ 2021-10-1 - Oct 1 2021 ------------------- ------------------------------------------------------------------ ++++ containerd: - Install systemd service file as well (fixes bsc#1190826) ++++ haproxy: - Update to version 2.4.5+git0.e74a1b34b: * [RELEASE] Released version 2.4.5 * MINOR: tasks: catch TICK_ETERNITY with BUG_ON() in __task_queue() * BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input * BUG/MINOR: tcpcheck: Don't use arg list for default proxies during parsing * MINOR: arg: Be able to forbid unresolved args when building an argument list * BUG/MAJOR: lua: use task_wakeup() to properly run a task once * BUG/MEDIUM: lua: fix wakeup condition from sleep() * MINOR: Makefile: add MEMORY_POOLS to the list of DEBUG_xxx options * DOC: peers: fix doc "enable" statement on "peers" sections * BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send "trailers" * MINOR: stream-int: Notify mux when the buffer is not stuck when calling rcv_buf * BUG/MEDIUM: stream-int: Defrag HTX message in si_cs_recv() if necessary * MINOR: htx: Add a function to know if the free space wraps * MINOR: htx: Add an HTX flag to know when a message is fragmented * MINOR: stream-int: Set CO_RFL transient/persistent flags apart in si_cs_rcv() * BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM * BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data * BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer * BUG/MINOR: stats: use refcount to protect dynamic server on dump * MINOR: server: return the next srv instance on free_server * BUG/MINOR: server: do not use refcount in free_server in stopping mode * MINOR: global: define MODE_STOPPING * MINOR: server: implement a refcount for dynamic servers * BUG/MINOR: http-ana: increment internal_errors counter on response error * BUG/MINOR: h1-htx: Fix a typo when request parser is reset * BUG/MEDIUM: leastconn: fix rare possibility of divide by zero * BUG/MINOR: server: allow 'enable health' only if check configured * BUILD: threads: fix -Wundef for _POSIX_PRIORITY_SCHEDULING on libmusl * BUILD: halog: fix a -Wundef warning on non-glibc systems * BUILD: compiler: fixed a missing test on defined(__GNUC__) * BUILD: fix dragonfly build again on __read_mostly * BUG/MINOR: vars: do not talk about global section in CLI errors for set-var * BUG/MINOR: vars: truncate the variable name in error reports about scope. * BUG/MINOR: vars: properly set the argument parsing context in the expression * MINOR: sample: add missing ARGC_ entries * BUG/MINOR: vars: improve accuracy of the rules used to check expression validity * BUILD: tools: properly guard __GLIBC__ with defined() * BUILD: ssl: fix two remaining occurrences of #if USE_OPENSSL * BUILD: ssl: next round of build warnings on LIBRESSL_VERSION_NUMBER * BUILD/MINOR: regex: avoid a build warning on USE_PCRE2 with -Wundef * IMPORT: slz: silence a build warning with -Wundef * BUILD/MINOR: ssl: avoid a build warning on LIBRESSL_VERSION with -Wundef * BUILD/MINOR: defaults: eliminate warning on MAXHOSTNAMELEN with -Wundef * BUILD: activity: use #ifdef not #if on USE_MEMORY_PROFILING * MINOR: proc: setting the process to produce a core dump on FreeBSD. * MINOR: tools: add FreeBSD support to get_exec_path() * BUILD: tools: get the absolute path of the current binary on NetBSD. * BUG/MINOR: flt-trace: fix an infinite loop when random-parsing is set * BUG/MINOR: cli/payload: do not search for args inside payload * BUILD: ist: prevent gcc11 maybe-uninitialized warning on istalloc * BUG/MINOR: connection: prevent null deref on mux cleanup task allocation * DOC: management: certificate files must be sanitized before injection * BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check * BUG/MAJOR: mux-h1: Don't eval input data if an error was reported * MINOR: pools: use mallinfo2() when available instead of mallinfo() * MINOR: pools: automatically disable malloc_trim() with external allocators * CLEANUP: pools: factor all malloc_trim() calls into trim_all_pools() * BUG/MINOR: compat: make sure __WORDSIZE is always defined * BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached * CLEANUP: mux-h1: Remove condition rejecting upgrade requests with payload * MINOR: htx: Skip headers with no value when adding a header list to a message * BUG/MEDIUM: mux-h1: Remove "Upgrade:" header for requests with payload * BUG/MINOR: systemd: ExecStartPre must use -Ws * BUG/MINOR: filters: Set right FLT_END analyser depending on channel * BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set * BUG/MEDIUM: http-ana: Reset channels analysers when returning an error * BUG/MINOR: stream: Don't release a stream if FLT_END is still registered * BUG/MINOR: lua: Don't yield in channel.append() and channel.set() * BUG/MINOR: lua: Yield in channel functions only if lua context can yield * MINOR: lua: Add a flag on lua context to know the yield capability at run time ++++ hwinfo: - merge gh#openSUSE/hwinfo#105 - Use license file from gnu.org - Fix spelling - Add missing final newline - Trim excess whitespace - Simple maintenance improvements - 21.77 ++++ iproute2: - follow-up fixes backported from upstream (bsc#1160242): ip-link_gre-Do-not-send-ERSPAN-attributes-to-GRE-tun.patch tc-fq_codel-fix-class-stat-deficit-is-signed-int.patch ++++ kernel-default: - xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651). - commit 5a1c665 - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes). - commit d4c4fe4 - ALSA: usb-audio: Restrict rates for the shared clocks (bsc#1190418). - commit 0df1eba - bnxt_en: Fix TX timeout when TX ring size is set to the smallest (bsc#1190759). - commit 5e6a3d3 - bnxt_en: Clean up completion ring page arrays completely (bsc#1190759). - commit 67e479d - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (bsc#1190759). - commit 037de41 - bnxt_en: Fix error recovery regression (bsc#1190759). - commit 0614932 - Update config files: sync with 5.14.9 Inherit CONFIG_DMA_RESTRICTED_POOL=n for armv7hl/lpae - commit 991b5fa - crypto: ccp - Add support for new CCP/PSP device ID (bsc#1189584). - commit f0c9101 - mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes). - mac80211-hwsim: fix late beacon hrtimer handling (git-fixes). - mac80211: mesh: fix potentially unaligned access (git-fixes). - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes). - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes). - Revert "mac80211: do not use low data rates for data frames with no ack flag" (git-fixes). - ALSA: rawmidi: introduce SNDRV_RAWMIDI_IOCTL_USER_PVERSION (git-fixes). - ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes). - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes). - ASoC: fsl_xcvr: register platform component before registering cpu dai (git-fixes). - ASoC: fsl_spdif: register platform component before registering cpu dai (git-fixes). - ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes). - ASoC: fsl_esai: register platform component before registering cpu dai (git-fixes). - ASoC: fsl_sai: register platform component before registering cpu dai (git-fixes). - ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes). - pinctrl: qcom: spmi-gpio: correct parent irqspec translation (git-fixes). - mmc: renesas_sdhi: fix regression with hard reset on old SDHIs (git-fixes). - media: s5p-jpeg: rename JPEG marker constants to prevent build warnings (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: hantro: Fix check for single irq (git-fixes). - watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes). - ax88796: export ax_NS8390_init() hook (git-fixes). - commit 956c6bd - io_uring: ensure symmetry in handling iter types in loop_rw_iter() (bsc#1190664 CVE-2021-41073). - commit 1db2bac - cxl: Move cxl_core to new directory (stable-5.14.8). - commit 3d98823 - Drop the reverted xhci-mtk patch (git-fixes) Delete patches.suse/usb-xhci-mtk-Do-not-use-xhci-s-virt_dev-in-drop_endp.patch Update blacklist.conf - commit 974fa57 - Linux 5.14.9 (stable-5.14.9). - commit 0ae0ccf - thermal/drivers/int340x: Do not set a wrong tcc offset on resume (stable-5.14.9). - x86/setup: Call early_reserve_memory() earlier (stable-5.14.9). - irqchip/armada-370-xp: Fix ack/eoi breakage (stable-5.14.9). - xen/balloon: fix balloon kthread freezing (stable-5.14.9). - software node: balance refcount for managed software nodes (stable-5.14.9). - arm64: add MTE supported check to thread switching and syscall entry/exit (stable-5.14.9). - qnx4: work around gcc false positive warning bug (stable-5.14.9). - nvmet: fix a width vs precision bug in nvmet_subsys_attr_serial_show() (stable-5.14.9). - commit 7e63b4d - Revert drm/vc4 hdmi runtime PM changes (stable-5.14.9 bsc#1012628 bsc#1190469). - Delete patches.suse/drm-vc4-hdmi-Fix-HPD-GPIO-detection.patch. - commit 418827a - libperf evsel: Make use of FD robust (stable-5.14.9). - spi: Fix tegra20 build with CONFIG_PM=n (stable-5.14.9). - net: 6pack: Fix tx timeout and slot time (stable-5.14.9). - commit 210d72b - cpufreq: intel_pstate: Override parameters if HWP forced by BIOS (stable-5.14.9). - sparc32: page align size in arch_dma_alloc (stable-5.14.9). - blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (stable-5.14.9). - block: flush the integrity workqueue in blk_integrity_unregister (stable-5.14.9). - block: check if a profile is actually registered in blk_integrity_unregister (stable-5.14.9). - arm64: Mark __stack_chk_guard as __ro_after_init (stable-5.14.9). - xen/balloon: use a kernel thread instead a workqueue (stable-5.14.9). - amd/display: enable panel orientation quirks (stable-5.14.9). - drm/amd/display: Link training retry fix for abort case (stable-5.14.9). - drm/amd/display: Fix unstable HPCP compliance on Chrome Barcelo (stable-5.14.9). - drm/amdkfd: make needs_pcie_atomics FW-version dependent (stable-5.14.9). - amd/display: downgrade validation failure log level (stable-5.14.9). - bpf: Add oversize check before call kvcalloc() (stable-5.14.9). - alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile (stable-5.14.9). - parisc: Use absolute_pointer() to define PAGE0 (stable-5.14.9). - qnx4: avoid stringop-overread errors (stable-5.14.9). - sparc: avoid stringop-overread errors (stable-5.14.9). - net: i825xx: Use absolute_pointer for memcpy from fixed memory location (stable-5.14.9). - compiler.h: Introduce absolute_pointer macro (stable-5.14.9). - drm/ttm: fix type mismatch error on sparc64 (stable-5.14.9). - commit 8aef947 - irqchip/gic-v3-its: Fix potential VPE leak on error (stable-5.14.9). - irqchip/goldfish-pic: Select GENERIC_IRQ_CHIP to fix build (stable-5.14.9). - scsi: qla2xxx: Restore initiator in dual mode (stable-5.14.9). - scsi: ufs: core: Unbreak the reset handler (stable-5.14.9). - scsi: sd_zbc: Support disks with more than 2**32 logical blocks (stable-5.14.9). - io_uring: don't punt files update to io-wq unconditionally (stable-5.14.9). - io_uring: put provided buffer meta data under memcg accounting (stable-5.14.9). - io_uring: fix missing set of EPOLLONESHOT for CQ ring overflow (stable-5.14.9). - io_uring: fix race between poll completion and cancel_hash insertion (stable-5.14.9). - blktrace: Fix uaf in blk_trace access after removing by sysfs (stable-5.14.9). - md: fix a lock order reversal in md_alloc (stable-5.14.9). - dma-debug: prevent an error message from causing runtime problems (stable-5.14.9). - blk-mq: avoid to iterate over stale request (stable-5.14.9). - ipv6: delay fib6_sernum increase in fib6_add (stable-5.14.9). - net: stmmac: allow CSR clock of 300MHz (stable-5.14.9). - net: macb: fix use after free on rmmod (stable-5.14.9). - net: phylink: Update SFP selected interface on advertising changes (stable-5.14.9). - m68k: Double cast io functions to unsigned long (stable-5.14.9). - scsi: ufs: Retry aborted SCSI commands instead of completing these successfully (stable-5.14.9). - scsi: ufs: Revert "Utilize Transfer Request List Completion Notification Register" (stable-5.14.9). - commit ddbbf24 - nvme: keep ctrl->namespaces ordered (stable-5.14.9). - commit 76532bc - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (stable-5.14.9). - scsi: target: Fix the pgr/alua_support_store functions (stable-5.14.9). - scsi: iscsi: Adjust iface sysfs attr detection (stable-5.14.9). - nvme-tcp: fix incorrect h2cdata pdu offset accounting (stable-5.14.9). - cifs: fix a sign extension bug (stable-5.14.9). - fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (stable-5.14.9). - fpga: machxo2-spi: Return an error on failure (stable-5.14.9). - tty: synclink_gt: rename a conflicting function name (stable-5.14.9). - gpio: uniphier: Fix void functions to remove return value (stable-5.14.9). - gpiolib: acpi: Make set-debounce-timeout failures non fatal (stable-5.14.9). - drm/amdkfd: fix dma mapping leaking warning (stable-5.14.9). - atlantic: Fix issue in the pm resume flow (stable-5.14.9). - net: mscc: ocelot: fix forwarding from BLOCKING ports remaining enabled (stable-5.14.9). - net: ethernet: mtk_eth_soc: avoid creating duplicate offload entries (stable-5.14.9). - nfc: st-nci: Add SPI ID matching DT compatible (stable-5.14.9). - nexthop: Fix memory leaks in nexthop notification chain listeners (stable-5.14.9). - mptcp: ensure tx skbs always have the MPTCP ext (stable-5.14.9). - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (stable-5.14.9). - drm/amdkfd: map SVM range with correct access permission (stable-5.14.9). - commit 71a64f5 - kselftest/arm64: signal: Skip tests if required features are missing (stable-5.14.9). - net: dsa: realtek: register the MDIO bus under devres (stable-5.14.9). - net: dsa: don't allocate the slave_mii_bus using devres (stable-5.14.9). - net: dsa: fix dsa_tree_setup error path (stable-5.14.9). - net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work (stable-5.14.9). - net/smc: add missing error check in smc_clc_prfx_set() (stable-5.14.9). - bnxt_en: Fix TX timeout when TX ring size is set to the smallest (stable-5.14.9). - napi: fix race inside napi_enable (stable-5.14.9). - net: bgmac-bcma: handle deferred probe error due to mac-address (stable-5.14.9). - net: dsa: tear down devlink port regions when tearing down the devlink port on error (stable-5.14.9). - enetc: Fix uninitialized struct dim_sample field usage (stable-5.14.9). - enetc: Fix illegal access when reading affinity_hint (stable-5.14.9). - virtio-net: fix pages leaking when building skb in big mode (stable-5.14.9). - spi: Revert modalias changes (stable-5.14.9). - NLM: Fix svcxdr_encode_owner() (stable-5.14.9). - platform/x86/intel: punit_ipc: Drop wrong use of ACPI_PTR() (stable-5.14.9). - afs: Fix updating of i_blocks on file/dir extension (stable-5.14.9). - afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server (stable-5.14.9). - regulator: max14577: Revert "regulator: max14577: Add proper module aliases strings" (stable-5.14.9). - kselftest/arm64: signal: Add SVE to the set of features we can check for (stable-5.14.9). - commit a1d6db7 - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (stable-5.14.9). - comedi: Fix memory leak in compat_insnlist() (stable-5.14.9). - misc: bcm-vk: fix tty registration race (stable-5.14.9). - mcb: fix error handling in mcb_alloc_bus() (stable-5.14.9). - misc: genwqe: Fixes DMA mask setting (stable-5.14.9). - serial: mvebu-uart: fix driver's tx_empty callback (stable-5.14.9). - serial: 8250: 8250_omap: Fix RX_LVL register offset (stable-5.14.9). - USB: serial: option: add device id for Foxconn T99W265 (stable-5.14.9). - xhci: Set HCD flag to defer primary roothub registration (stable-5.14.9). - arm64: Restore forced disabling of KPTI on ThunderX (stable-5.14.9). - arm64: Mitigate MTE issues with str{n}cmp() (stable-5.14.9). - drm/amd/pm: Update intermediate power state for SI (stable-5.14.9). - btrfs: prevent __btrfs_dump_space_info() to underflow its free space (stable-5.14.9). - KVM: rseq: Update rseq when processing NOTIFY_RESUME on xfer to KVM guest (stable-5.14.9). - nexthop: Fix division by zero while replacing a resilient group (stable-5.14.9). - net: hso: fix muxed tty registration (stable-5.14.9). - platform/x86: amd-pmc: Increase the response register timeout (stable-5.14.9). - afs: Fix incorrect triggering of sillyrename on 3rd-party invalidation (stable-5.14.9). - afs: Fix page leak (stable-5.14.9). - regulator: qcom-rpmh-regulator: fix pm8009-1 ldo7 resource name (stable-5.14.9). - commit b27b123 - mm: fix uninitialized use in overcommit_policy_handler (stable-5.14.9). - mm/debug: sync up MR_CONTIG_RANGE and MR_LONGTERM_PIN (stable-5.14.9). - ocfs2: drop acl cache for directories too (stable-5.14.9). - mm, hwpoison: add is_free_buddy_page() in HWPoisonHandlable() (stable-5.14.9). - xen/x86: fix PV trap handling on secondary processors (stable-5.14.9). - cifs: fix incorrect check for null pointer in header_assemble (stable-5.14.9). - binder: make sure fd closes complete (stable-5.14.9). - binder: fix freeze race (stable-5.14.9). - staging: greybus: uart: fix tty use after free (stable-5.14.9). - USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (stable-5.14.9). - USB: serial: option: add Telit LN920 compositions (stable-5.14.9). - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (stable-5.14.9). - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (stable-5.14.9). - usb: core: hcd: Add support for deferring roothub registration (stable-5.14.9). - usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (stable-5.14.9). - usb: gadget: u_audio: EP-OUT bInterval in fback frequency (stable-5.14.9). - cifs: Not to defer close on file when lock is set (stable-5.14.9). - cifs: Fix soft lockup during fsstress (stable-5.14.9). - usb: isp1760: do not sleep in field register poll (stable-5.14.9). - commit 5fcd542 - Update patch references for stable-5.14.9 - commit dcab111 - Linux 5.14.8 (stable-5.14.8). - commit f8422cd - selinux,smack: fix subjective/objective credential use mixups (stable-5.14.8). - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (stable-5.14.8). - cifs: properly invalidate cached root handle when closing it (stable-5.14.8). - io_uring: fix off-by-one in BUILD_BUG_ON check of __REQ_F_LAST_BIT (stable-5.14.8). - rtc: rx8010: select REGMAP_I2C (stable-5.14.8). - commit c36baa4 - blk-mq: allow 4x BLK_MAX_REQUEST_COUNT at blk_plug for multiple_queues (stable-5.14.8). - nvmet: fixup buffer overrun in nvmet_subsys_attr_serial() (stable-5.14.8). - blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() (stable-5.14.8). - block: genhd: don't call blkdev_show() with major_names_lock held (stable-5.14.8). - pwm: stm32-lp: Don't modify HW state in .remove() callback (stable-5.14.8). - pwm: rockchip: Don't modify HW state in .remove() callback (stable-5.14.8). - pwm: img: Don't modify HW state in .remove() callback (stable-5.14.8). - thermal/drivers/rcar_gen3_thermal: Store TSC id as unsigned int (stable-5.14.8). - habanalabs: cannot sleep while holding spinlock (stable-5.14.8). - habanalabs: add "in device creation" status (stable-5.14.8). - habanalabs: fix mmu node address resolution in debugfs (stable-5.14.8). - habanalabs: add validity check for event ID received from F/W (stable-5.14.8). - habanalabs: fix nullifying of destroyed mmu pgt pool (stable-5.14.8). - drm/amdgpu: fix fdinfo race with process exit (stable-5.14.8). - drm/amd/display: Fix memory leak reported by coverity (stable-5.14.8). - drm/amdgpu: Fixes to returning VBIOS RAS EEPROM address (stable-5.14.8). - nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group (stable-5.14.8). - nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group (stable-5.14.8). - nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group (stable-5.14.8). - nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group (stable-5.14.8). - commit 2584d78 - btrfs: fix lockdep warning while mounting sprout fs (stable-5.14.8). - btrfs: delay blkdev_put until after the device remove (stable-5.14.8). - btrfs: update the bdev time directly when closing (stable-5.14.8). - s390: add kmemleak annotation in stack_alloc() (stable-5.14.8). - ACPI: PM: s2idle: Run both AMD and Microsoft methods if both are supported (stable-5.14.8). - ceph: lockdep annotations for try_nonblocking_invalidate (stable-5.14.8). - ceph: remove the capsnaps when removing caps (stable-5.14.8). - ceph: request Fw caps before updating the mtime in ceph_write_iter (stable-5.14.8). - nilfs2: fix NULL pointer in nilfs_##name##_attr_release (stable-5.14.8). - nilfs2: fix memory leak in nilfs_sysfs_create_device_group (stable-5.14.8). - commit 334bd6c - riscv: dts: microchip: mpfs-icicle: Fix serial console (stable-5.14.8). - arm64: mm: limit linear region to 51 bits for KVM in nVHE mode (stable-5.14.8). - iommu/vt-d: Fix a deadlock in intel_svm_drain_prq() (stable-5.14.8). - iommu/vt-d: Fix PASID leak in intel_svm_unbind_mm() (stable-5.14.8). - cxl/pci: Introduce cdevm_file_operations (stable-5.14.8). - dmaengine: xilinx_dma: Set DMA mask for coherent APIs (stable-5.14.8). - dmaengine: ioat: depends on !UML (stable-5.14.8). - dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (stable-5.14.8). - dmaengine: idxd: depends on !UML (stable-5.14.8). - commit 56c090b - perf tools: Allow build-id with trailing zeros (stable-5.14.8). - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (stable-5.14.8). - n64cart: fix return value check in n64cart_probe() (stable-5.14.8). - iommu/amd: Relocate GAMSup check to early_enable_iommus (stable-5.14.8). - um: fix stub location calculation (stable-5.14.8). - um: virtio_uml: fix memory leak on init failures (stable-5.14.8). - tools/bootconfig: Fix tracing_on option checking in ftrace2bconf.sh (stable-5.14.8). - s390/entry: make oklabel within CHKSTG macro local (stable-5.14.8). - platform/chrome: cros_ec_trace: Fix format warnings (stable-5.14.8). - platform/chrome: sensorhub: Add trace events for sample (stable-5.14.8). - 9p/trans_virtio: Remove sysfs file on probe failure (stable-5.14.8). - Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH (stable-5.14.8). - prctl: allow to setup brk for et_dyn executables (stable-5.14.8). - coredump: fix memleak in dump_vma_snapshot() (stable-5.14.8). - nilfs2: use refcount_dec_and_lock() to fix potential UAF (stable-5.14.8). - init: move usermodehelper_enable() to populate_rootfs() (stable-5.14.8). - math: RATIONAL_KUNIT_TEST should depend on RATIONAL instead of selecting it (stable-5.14.8). - profiling: fix shift-out-of-bounds bugs (stable-5.14.8). - console: consume APC, DM, DCS (stable-5.14.8). - commit 62f2d62 - Update patch references for stable-5.14.8 - commit 9dc95d5 - Linux 5.14.7 (stable-5.14.7). - commit f76fd66 - net: dsa: bcm_sf2: Fix array overrun in bcm_sf2_num_active_ports() (stable-5.14.7). - commit 5fb540e - s390/bpf: Fix optimizing out zero-extensions (stable-5.14.7). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (stable-5.14.7). - s390/bpf: Fix branch shortening during codegen pass (stable-5.14.7). - bnxt_en: Fix error recovery regression (stable-5.14.7). - net: renesas: sh_eth: Fix freeing wrong tx descriptor (stable-5.14.7). - cxgb3: fix oops on module removal (stable-5.14.7). - ip6_gre: Revert "ip6_gre: add validation for csum_start" (stable-5.14.7). - net: dsa: b53: Fix IMP port setup on BCM5301x (stable-5.14.7). - ip_gre: validate csum_start only on pull (stable-5.14.7). - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (stable-5.14.7). - fq_codel: reject silly quantum parameters (stable-5.14.7). - netfilter: socket: icmp6: fix use-after-scope (stable-5.14.7). - mptcp: Only send extra TCP acks in eligible socket states (stable-5.14.7). - net: dsa: b53: Set correct number of ports in the DSA struct (stable-5.14.7). - net: dsa: b53: Fix calculating number of switch ports (stable-5.14.7). - net: hso: add failure handler for add_net_device (stable-5.14.7). - selftests: mptcp: clean tmp files in simult_flows (stable-5.14.7). - mptcp: fix possible divide by zero (stable-5.14.7). - net: dsa: tag_rtl4_a: Fix egress tags (stable-5.14.7). - io_uring: retry in case of short read on block device (stable-5.14.7). - tools build: Fix feature detect clean for out of source builds (stable-5.14.7). - ARC: export clear_user_page() for modules (stable-5.14.7). - commit c150c07 - PCI: j721e: Add PCIe support for AM64 (stable-5.14.7). - PCI: j721e: Add PCIe support for J7200 (stable-5.14.7). - PCI: Add ACS quirks for Cavium multi-function devices (stable-5.14.7). - PCI: ibmphp: Fix double unmap of io_mem (stable-5.14.7). - net: phylink: add suspend/resume support (stable-5.14.7). - stmmac: dwmac-loongson:Fix missing return value (stable-5.14.7). - ethtool: Fix an error code in cxgb2.c (stable-5.14.7). - netfilter: nft_ct: protect nft_ct_pcpu_template_refcnt with mutex (stable-5.14.7). - net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 (stable-5.14.7). - flow: fix object-size-mismatch warning in flowi{4,6}_to_flowi_common() (stable-5.14.7). - Set fc_nlinfo in nh_create_ipv4, nh_create_ipv6 (stable-5.14.7). - octeontx2-af: Add additional register check to rvu_poll_reg() (stable-5.14.7). - watchdog: Start watchdog in watchdog_set_last_hw_keepalive only if appropriate (stable-5.14.7). - KVM: arm64: Handle PSCI resets before userspace touches vCPU state (stable-5.14.7). - KVM: arm64: Fix read-side race on updates to vcpu reset state (stable-5.14.7). - KVM: arm64: Restrict IPA size to maximum 48 bits on 4K and 16K page size (stable-5.14.7). - NTB: perf: Fix an error code in perf_setup_inbuf() (stable-5.14.7). - NTB: Fix an error code in ntb_msit_probe() (stable-5.14.7). - loop: reduce the loop_ctl_mutex scope (stable-5.14.7). - block, bfq: honor already-setup queue merges (stable-5.14.7). - commit 05c7f1d - blkcg: fix memory leak in blk_iolatency_init (stable-5.14.7). - mlxbf_gige: clear valid_polarity upon open (stable-5.14.7). - net: dsa: flush switchdev workqueue before tearing down CPU/DSA ports (stable-5.14.7). - net: dsa: lantiq_gswip: Add 200ms assert delay (stable-5.14.7). - net: dsa: qca8k: fix kernel panic with legacy mdio mapping (stable-5.14.7). - PCI: tegra194: Fix MSI-X programming (stable-5.14.7). - PCI: tegra194: Fix handling BME_CHGED event (stable-5.14.7). - PCI: tegra: Fix OF node reference leak (stable-5.14.7). - PCI: rcar: Fix runtime PM imbalance in rcar_pcie_ep_probe() (stable-5.14.7). - PCI: cadence: Add quirk flag to set minimum delay in LTSSM Detect.Quiet state (stable-5.14.7). - PCI: cadence: Use bitfield for *quirk_retrain_flag* instead of bool (stable-5.14.7). - PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (stable-5.14.7). - KVM: arm64: Make hyp_panic() more robust when protected mode is enabled (stable-5.14.7). - remoteproc: qcom: wcnss: Fix race with iris probe (stable-5.14.7). - mfd: Don't use irq_create_mapping() to resolve a mapping (stable-5.14.7). - mfd: db8500-prcmu: Adjust map to reality (stable-5.14.7). - fuse: fix use after free in fuse_read_interrupt() (stable-5.14.7). - tracing/probes: Reject events which have the same name of existing one (stable-5.14.7). - riscv: fix the global name pfn_base confliction error (stable-5.14.7). - dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation (stable-5.14.7). - commit db28dfb - events: Reuse value read using READ_ONCE instead of re-reading it (stable-5.14.7). - powerpc/mce: Fix access error in mce handler (stable-5.14.7). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (stable-5.14.7). - powerpc/64s: system call rfscv workaround for TM bugs (stable-5.14.7). - powerpc/64s: system call scv tabort fix for corrupt irq soft-mask state (stable-5.14.7). - gen_compile_commands: fix missing 'sys' package (stable-5.14.7). - perf machine: Initialize srcline string member in add_location struct (stable-5.14.7). - s390/pci_mmio: fully validate the VMA before calling follow_pte() (stable-5.14.7). - dt-bindings: arm: Fix Toradex compatible typo (stable-5.14.7). - net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup (stable-5.14.7). - tcp: fix tp->undo_retrans accounting in tcp_sacktag_one() (stable-5.14.7). - tipc: increase timeout in tipc_sk_enqueue() (stable-5.14.7). - udp_tunnel: Fix udp_tunnel_nic work-queue type (stable-5.14.7). - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (stable-5.14.7). - selftest: net: fix typo in altname test (stable-5.14.7). - net: stmmac: platform: fix build warning when with !CONFIG_PM_SLEEP (stable-5.14.7). - net/af_unix: fix a data-race in unix_dgram_poll (stable-5.14.7). - vhost_net: fix OoB on sendmsg() failure (stable-5.14.7). - net: stmmac: fix system hang caused by eee_ctrl_timer during suspend/resume (stable-5.14.7). - net: ipa: initialize all filter table slots (stable-5.14.7). - commit 91ad14c - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (stable-5.14.7). - s390/sclp: fix Secure-IPL facility detection (stable-5.14.7). - io_uring: allow retry for O_NONBLOCK if async is supported (stable-5.14.7). - drm/radeon: pass drm dev radeon_agp_head_init directly (stable-5.14.7). - drm/etnaviv: add missing MMU context put when reaping MMU mapping (stable-5.14.7). - drm/etnaviv: reference MMU context when setting up hardware state (stable-5.14.7). - drm/etnaviv: fix MMU context leak on GPU reset (stable-5.14.7). - drm/etnaviv: exec and MMU state is lost when resetting the GPU (stable-5.14.7). - drm/etnaviv: keep MMU context across runtime suspend/resume (stable-5.14.7). - drm/etnaviv: stop abusing mmu_context as FE running marker (stable-5.14.7). - drm/etnaviv: put submit prev MMU context when it exists (stable-5.14.7). - drm/etnaviv: return context from etnaviv_iommu_context_get (stable-5.14.7). - ptp: dp83640: don't define PAGE0 (stable-5.14.7). - net-caif: avoid user-triggerable WARN_ON(1) (stable-5.14.7). - r6040: Restore MDIO clock frequency after MAC reset (stable-5.14.7). - net/l2tp: Fix reference count leak in l2tp_udp_recv_core (stable-5.14.7). - dccp: don't duplicate ccid when cloning dccp sock (stable-5.14.7). - net: remove the unnecessary check in cipso_v4_doi_free (stable-5.14.7). - ethtool: Fix rxnfc copy to user buffer overflow (stable-5.14.7). - tipc: fix an use-after-free issue in tipc_recvmsg (stable-5.14.7). - commit aff07e4 - PCI: Add AMD GPU multi-function power dependencies (stable-5.14.7). - io_uring: ensure symmetry in handling iter types in loop_rw_iter() (stable-5.14.7). - arm64/sve: Use correct size when reinitialising SVE state (stable-5.14.7). - swiotlb-xen: fix late init retry (stable-5.14.7). - swiotlb-xen: avoid double free (stable-5.14.7). - xen: fix usage of pmd_populate in mremap for pv guests (stable-5.14.7). - xen: reset legacy rtc flag for PV domU (stable-5.14.7). - PM: base: power: don't try to use non-existing RTC for storing data (stable-5.14.7). - drm/amd/pm: fix runpm hang when amdgpu loaded prior to sound driver (stable-5.14.7). - drm/amdgpu: move iommu_resume before ip init/resume (stable-5.14.7). - drm/amdgpu: add amdgpu_amdkfd_resume_iommu (stable-5.14.7). - drm/amdkfd: separate kfd_iommu_resume from kfd_resume (stable-5.14.7). - drm/amd/display: dsc mst 2 4K displays go dark with 2 lane HBR3 (stable-5.14.7). - drm/amd/display: Get backlight from PWM if DMCU is not initialized (stable-5.14.7). - drm/amdgpu: use IS_ERR for debugfs APIs (stable-5.14.7). - drm/amd/pm: fix the issue of uploading powerplay table (stable-5.14.7). - drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10 (stable-5.14.7). - bnx2x: Fix enabling network interfaces without VFs (stable-5.14.7). - net: stmmac: fix MAC not working when system resume back with WoL active (stable-5.14.7). - commit 4f1492a - Update patch references for stable-5.14.7 - commit b078c9d - Linux 5.14.6 (stable-5.14.6). - commit 640a3f2 - drm/panfrost: Clamp lock region to Bifrost minimum (stable-5.14.6). - drm/amd/display: setup system context for APUs (stable-5.14.6). - drm/amdgpu: Enable S/G for Yellow Carp (stable-5.14.6). - s390/topology: fix topology information when calling cpu hotplug notifiers (stable-5.14.6). - libnvdimm/pmem: Fix crash triggered when I/O in-flight during unbind (stable-5.14.6). - mm/hugetlb: initialize hugetlb_usage in mm_init (stable-5.14.6). - mm/hmm: bypass devmap pte when all pfn requested flags are fulfilled (stable-5.14.6). - platform/chrome: cros_ec_proto: Send command again when timeout occurs (stable-5.14.6). - net: stmmac: Fix overall budget calculation for rxtx_napi (stable-5.14.6). - net: dsa: lantiq_gswip: fix maximum frame length (stable-5.14.6). - cpufreq: powernv: Fix init_chip_info initialization in numa=off (stable-5.14.6). - mm: fix panic caused by __page_handle_poison() (stable-5.14.6). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (stable-5.14.6). - scsi: qla2xxx: Changes to support kdump kernel (stable-5.14.6). - scsi: BusLogic: Fix missing pr_cont() use (stable-5.14.6). - parisc: fix crash with signals and alloca (stable-5.14.6). - parisc: Fix compile failure when building 64-bit kernel natively (stable-5.14.6). - ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup() (stable-5.14.6). - drm/amd/display: Update bounding box states (v2) (stable-5.14.6). - drm/amd/display: Update number of DCN3 clock states (stable-5.14.6). - drm/amdgpu: Fix BUG_ON assert (stable-5.14.6). - net: w5100: check return value after calling platform_get_resource() (stable-5.14.6). - fix array-index-out-of-bounds in taprio_change (stable-5.14.6). - net: fix NULL pointer reference in cipso_v4_doi_free (stable-5.14.6). - ath9k: fix sleeping in atomic context (stable-5.14.6). - ath9k: fix OOB read ar9300_eeprom_restore_internal (stable-5.14.6). - commit b17799d - drm/amdkfd: Account for SH/SE count when setting up cu masks (stable-5.14.6). - usb: isp1760: otg control register access (stable-5.14.6). - usb: isp1760: use the right irq status bit (stable-5.14.6). - usb: isp1760: write to status and address register (stable-5.14.6). - usb: isp1760: fix qtd fill length (stable-5.14.6). - usb: isp1760: fix memory pool initialization (stable-5.14.6). - parport: remove non-zero check on count (stable-5.14.6). - selftests/bpf: Fix potential unreleased lock (stable-5.14.6). - iwlwifi: mvm: Fix scan channel flags settings (stable-5.14.6). - iwlwifi: mvm: don't schedule the roc_done_wk if it is already running (stable-5.14.6). - iwlwifi: fw: correctly limit to monitor dump (stable-5.14.6). - iwlwifi: mvm: fix access to BSS elements (stable-5.14.6). - iwlwifi: mvm: Fix umac scan request probe parameters (stable-5.14.6). - iwlwifi: mvm: avoid static queue number aliasing (stable-5.14.6). - iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (stable-5.14.6). - iwlwifi: mvm: Do not use full SSIDs in 6GHz scan (stable-5.14.6). - iwlwifi: pcie: free RBs during configure (stable-5.14.6). - wcn36xx: Fix missing frame timestamp for beacon/probe-resp (stable-5.14.6). - nfsd: fix crash on LOCKT on reexported NFSv3 (stable-5.14.6). - nfs: don't atempt blocking locks on nfs reexports (stable-5.14.6). - commit e7bd511 - ASoC: soc-pcm: protect BE dailink state changes in trigger (stable-5.14.6). - ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (stable-5.14.6). - ASoC: rockchip: i2s: Fix regmap_ops hang (stable-5.14.6). - usb: xhci-mtk: fix use-after-free of mtk->hcd (stable-5.14.6). - usbip:vhci_hcd USB port can get stuck in the disabled state (stable-5.14.6). - usbip: give back URBs for unsent unlink requests during cleanup (stable-5.14.6). - usb: musb: musb_dsps: request_irq() after initializing musb (stable-5.14.6). - usb: dwc3: imx8mp: request irq after initializing dwc3 (stable-5.14.6). - usb: xhci-mtk: Do not use xhci's virt_dev in drop_endpoint (stable-5.14.6). - selftests/bpf: Enlarge select() timeout for test_maps (stable-5.14.6). - samples: pktgen: fix to print when terminated normally (stable-5.14.6). - octeontx2-pf: cleanup transmit link deriving logic (stable-5.14.6). - mmc: core: Return correct emmc response in case of ioctl error (stable-5.14.6). - mmc: rtsx_pci: Fix long reads when clock is prescaled (stable-5.14.6). - mmc: core: Avoid hogging the CPU while polling for busy after I/O writes (stable-5.14.6). - mmc: core: Avoid hogging the CPU while polling for busy for mmc ioctls (stable-5.14.6). - mmc: core: Avoid hogging the CPU while polling for busy in the I/O err path (stable-5.14.6). - mmc: sdhci-of-arasan: Check return value of non-void funtions (stable-5.14.6). - mmc: sdhci-of-arasan: Modified SD default speed to 19MHz for ZynqMP (stable-5.14.6). - cifs: fix wrong release in sess_alloc_buffer() failed path (stable-5.14.6). - commit d8d2da1 - of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS (stable-5.14.6). - m68knommu: only set CONFIG_ISA_DMA_API for ColdFire sub-arch (stable-5.14.6). - kselftest/arm64: pac: Fix skipping of tests on systems without PAC (stable-5.14.6). - kselftest/arm64: mte: Fix misleading output when skipping tests (stable-5.14.6). - drm/exynos: Always initialize mapping in exynos_drm_register_dma() (stable-5.14.6). - ASoC: Intel: Skylake: Fix passing loadable flag for module (stable-5.14.6). - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER (stable-5.14.6). - ASoC: rsnd: adg: clearly handle clock error / NULL case (stable-5.14.6). - usb: chipidea: host: fix port index underflow and UBSAN complains (stable-5.14.6). - soundwire: intel: fix potential race condition during power down (stable-5.14.6). - rtw88: wow: fix size access error of probe request (stable-5.14.6). - rtw88: wow: build wow function only if CONFIG_PM is on (stable-5.14.6). - rtw88: use read_poll_timeout instead of fixed sleep (stable-5.14.6). - rtl8xxxu: Fix the handling of TX A-MPDU aggregation (stable-5.14.6). - octeontx2-pf: Fix NIX1_RX interface backpressure (stable-5.14.6). - net: Fix offloading indirect devices dependency on qdisc order creation (stable-5.14.6). - lockd: lockd server-side shouldn't set fl_ops (stable-5.14.6). - gfs2: Don't call dlm after protocol is unmounted (stable-5.14.6). - btrfs: tree-log: check btrfs_lookup_data_extent return value (stable-5.14.6). - btrfs: remove racy and unnecessary inode transaction update when using no-holes (stable-5.14.6). - commit 0fa86f9 - arm64: dts: ls1046a: fix eeprom entries (stable-5.14.6). - arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS (stable-5.14.6). - arm64: dts: imx8mm-venice-gw700x: fix invalid pmic pin config (stable-5.14.6). - arm64: dts: imx8mm-venice-gw700x: fix mp5416 pmic config (stable-5.14.6). - arm64: tegra: Fix compatible string for Tegra132 CPUs (stable-5.14.6). - ARM: tegra: tamonten: Fix UART pad setting (stable-5.14.6). - ARM: tegra: acer-a500: Remove bogus USB VBUS regulators (stable-5.14.6). - serial: sh-sci: fix break handling for sysrq (stable-5.14.6). - staging: rts5208: Fix get_ms_information() heap buffer size (stable-5.14.6). - selftests/bpf: Fix flaky send_signal test (stable-5.14.6). - selftests/bpf: Correctly display subtest skip status (stable-5.14.6). - Bluetooth: Fix race condition in handling NOP command (stable-5.14.6). - Bluetooth: Fix handling of LE Enhanced Connection Complete (stable-5.14.6). - selftests: nci: Fix the wrong condition (stable-5.14.6). - selftests: nci: Fix the code for next nlattr offset (stable-5.14.6). - tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD (stable-5.14.6). - hwmon: (pmbus/ibm-cffps) Fix write bits for LED control (stable-5.14.6). - opp: Don't print an error if required-opps is missing (stable-5.14.6). - iomap: pass writeback errors to the mapping (stable-5.14.6). - rpc: fix gss_svc_init cleanup on failure (stable-5.14.6). - commit cdc2c57 - arm64: dts: qcom: sm8250: Fix epss_l3 unit address (stable-5.14.6). - ARM: dts: ixp4xx: Fix up bad interrupt flags (stable-5.14.6). - drm/display: fix possible null-pointer dereference in dcn10_set_clock() (stable-5.14.6). - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (stable-5.14.6). - drm/amd/display: fix incorrect CM/TF programming sequence in dwb (stable-5.14.6). - drm/amd/display: fix missing writeback disablement if plane is removed (stable-5.14.6). - drm/msm/dp: do not end dp link training until video is ready (stable-5.14.6). - drm/msm/dp: return correct edid checksum after corrupted edid checksum read (stable-5.14.6). - drm/msm/dp: reset aux controller after dp_aux_cmd_fifo_tx() failed (stable-5.14.6). - drm/msm/dp: reduce link rate if failed at link training 1 (stable-5.14.6). - drm/msm/dsi: Fix DSI and DSI PHY regulator config from SDM660 (stable-5.14.6). - drm/msm: mdp4: drop vblank get/put from prepare/complete_commit (stable-5.14.6). - drm/vmwgfx: fix potential UAF in vmwgfx_surface.c (stable-5.14.6). - drm: xlnx: zynqmp: release reset to DP controller before accessing DP registers (stable-5.14.6). - drm: xlnx: zynqmp_dpsub: Call pm_runtime_get_sync before setting pixel clock (stable-5.14.6). - staging: rtl8723bs: fix right side of condition (stable-5.14.6). - nvmem: qfprom: Fix up qfprom_disable_fuse_blowing() ordering (stable-5.14.6). - mac80211: Fix monitor MTU limit so that A-MSDUs get through (stable-5.14.6). - selftests/bpf: Fix xdp_tx.c prog section name (stable-5.14.6). - net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe() (stable-5.14.6). - commit 6c83488 - arm64: dts: qcom: msm8996: don't use underscore in node name (stable-5.14.6). - arm64: dts: qcom: msm8994: don't use underscore in node name (stable-5.14.6). - arm64: dts: qcom: sdm630: don't use underscore in node name (stable-5.14.6). - arm64: dts: qcom: ipq6018: drop '0x' from unit address (stable-5.14.6). - arm64: dts: qcom: sdm660: use reg value for memory node (stable-5.14.6). - arm64: dts: qcom: ipq8074: fix pci node reg property (stable-5.14.6). - arm64: dts: qcom: sdm630: Fix TLMM node and pinctrl configuration (stable-5.14.6). - arm64: dts: qcom: sdm630: Rewrite memory map (stable-5.14.6). - media: tegra-cec: Handle errors of clk_prepare_enable() (stable-5.14.6). - media: TDA1997x: fix tda1997x_query_dv_timings() return value (stable-5.14.6). - media: v4l2-dv-timings.c: fix wrong condition in two for-loops (stable-5.14.6). - media: imx: imx7-media-csi: Fix buffer return upon stream start failure (stable-5.14.6). - media: imx258: Limit the max analogue gain to 480 (stable-5.14.6). - media: imx258: Rectify mismatch of VTS value (stable-5.14.6). - serial: 8250_omap: Handle optional overrun-throttle-ms property (stable-5.14.6). - ARM: dts: imx53-ppd: Fix ACHC entry (stable-5.14.6). - misc: sram: Only map reserved areas in Tegra SYSRAM (stable-5.14.6). - net: ipa: fix IPA v4.9 interconnects (stable-5.14.6). - dpaa2-switch: do not enable the DPSW at probe time (stable-5.14.6). - gfs2: Fix glock recursion in freeze_go_xmote_bh (stable-5.14.6). - commit 5fdcfa8 - ARM: dts: stm32: Update AV96 adv7513 node per dtbs_check (stable-5.14.6). - ARM: dts: stm32: Set {bitclock,frame}-master phandles on ST DKx (stable-5.14.6). - ARM: dts: stm32: Set {bitclock,frame}-master phandles on DHCOM SoM (stable-5.14.6). - ARM: dts: at91: use the right property for shutdown controller (stable-5.14.6). - drm/msm/a6xx: Fix llcc configuration for a660 gpu (stable-5.14.6). - drm/amd/display: Fix PSR command version (stable-5.14.6). - drm: rcar-du: Shutdown the display on system shutdown (stable-5.14.6). - ASoC: Intel: update sof_pcm512x quirks (stable-5.14.6). - ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output (stable-5.14.6). - vt: keyboard.c: make console an unsigned int (stable-5.14.6). - serial: 8250_pci: make setup_port() parameters explicitly unsigned (stable-5.14.6). - hvsi: don't panic on tty_register_driver failure (stable-5.14.6). - staging: ks7010: Fix the initialization of the 'sleep_status' structure (stable-5.14.6). - Bluetooth: Fix not generating RPA when required (stable-5.14.6). - Bluetooth: skip invalid hci_sync_conn_complete_evt (stable-5.14.6). - netfilter: nft_compat: use nfnetlink_unicast() (stable-5.14.6). - bonding: 3ad: fix the concurrency between __bond_release_one() and bond_3ad_state_machine_handler() (stable-5.14.6). - libbpf: Fix race when pinning maps in parallel (stable-5.14.6). - samples: bpf: Fix tracex7 error raised on the missing argument (stable-5.14.6). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (stable-5.14.6). - commit d1fb25d - ethtool: improve compat ioctl handling (stable-5.14.6). - Refresh patches.suse/ethtool-extend-coalesce-setting-uAPI-with-CQE-mode.patch. - commit 65d28b7 - arm64: dts: allwinner: h6: tanix-tx6: Fix regulator node names (stable-5.14.6). - drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (stable-5.14.6). - drm/amdgpu: Fix a printing message (stable-5.14.6). - drm/amd/display: Fixed hardware power down bypass during headless boot (stable-5.14.6). - video: fbdev: riva: Error out if 'pixclock' equals zero (stable-5.14.6). - video: fbdev: kyro: Error out if 'pixclock' equals zero (stable-5.14.6). - video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (stable-5.14.6). - drm/bridge: nwl-dsi: Avoid potential multiplication overflow on 32-bit (stable-5.14.6). - xtensa: ISS: don't panic in rs_init (stable-5.14.6). - serial: max310x: Use clock-names property matching to recognize EXTCLK (stable-5.14.6). - serial: 8250: Define RX trigger levels for OxSemi 950 devices (stable-5.14.6). - bpf/tests: Do not PASS tests without actually testing the result (stable-5.14.6). - bpf/tests: Fix copy-and-paste error in double word test (stable-5.14.6). - flow_dissector: Fix out-of-bounds warnings (stable-5.14.6). - ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs() (stable-5.14.6). - net: ipa: always validate filter and route tables (stable-5.14.6). - net: ipa: fix ipa_cmd_table_valid() (stable-5.14.6). - s390: make PCI mio support a machine flag (stable-5.14.6). - s390/jump_label: print real address in a case of a jump label bug (stable-5.14.6). - commit 36d2210 - drm/amd/display: Fix timer_per_pixel unit error (stable-5.14.6). - drm: protect drm_master pointers in drm_lease.c (stable-5.14.6). - media: atomisp: pci: fix error return code in atomisp_pci_probe() (stable-5.14.6). - media: atomisp: Fix runtime PM imbalance in atomisp_pci_probe (stable-5.14.6). - media: platform: stm32: unprepare clocks at handling errors in probe (stable-5.14.6). - media: hantro: vp8: Move noisy WARN_ON to vpu_debug (stable-5.14.6). - usb: gadget: composite: Allow bMaxPower=0 if self-powered (stable-5.14.6). - USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (stable-5.14.6). - usb: gadget: u_ether: fix a potential null pointer dereference (stable-5.14.6). - usb: host: fotg210: fix the actual_length of an iso packet (stable-5.14.6). - usb: host: fotg210: fix the endpoint's transactional opportunities calculation (stable-5.14.6). - tty: serial: jsm: hold port lock when reporting modem line changes (stable-5.14.6). - staging: hisilicon,hi6421-spmi-pmic.yaml: fix patternProperties (stable-5.14.6). - staging: board: Fix uninitialized spinlock when attaching genpd (stable-5.14.6). - selftests: firmware: Fix ignored return val of asprintf() warn (stable-5.14.6). - misc/pvpanic-pci: Allow automatic loading (stable-5.14.6). - bus: fsl-mc: fix mmio base address for child DPRCs (stable-5.14.6). - bus: fsl-mc: fix arg in call to dprc_scan_objects() (stable-5.14.6). - nfp: fix return statement in nfp_net_parse_meta() (stable-5.14.6). - rcu: Fix macro name CONFIG_TASKS_RCU_TRACE (stable-5.14.6). - commit 95cbbcb - arm64: dts: qcom: Fix usb entries for SA8155p adp board (stable-5.14.6). - ARM: dts: qcom: apq8064: correct clock names (stable-5.14.6). - drm: serialize drm_file.master with a new spinlock (stable-5.14.6). - drm: avoid blocking in drm_clients_info's rcu section (stable-5.14.6). - drm/ast: Disable fast reset after DRAM initial (stable-5.14.6). - video: fbdev: kyro: fix a DoS bug by restricting user input (stable-5.14.6). - drm/vkms: Let shadow-plane helpers prepare the plane's FB (stable-5.14.6). - media: ti-vpe: cal: fix queuing of the initial buffer (stable-5.14.6). - media: ti-vpe: cal: fix error handling in cal_camerarx_create (stable-5.14.6). - media: dib8000: rewrite the init prbs logic (stable-5.14.6). - ASoC: ti: davinci-mcasp: Fix DIT mode support (stable-5.14.6). - ASoC: atmel: ATMEL drivers don't need HAS_DMA (stable-5.14.6). - iio: dac: ad5624r: Fix incorrect handling of an optional regulator (stable-5.14.6). - net: ipa: fix IPA v4.11 interconnect data (stable-5.14.6). - netlink: Deal with ESRCH error in nlmsg_notify() (stable-5.14.6). - net: phy: Fix data type in DP83822 dp8382x_disable_wol() (stable-5.14.6). - tipc: keep the skb in rcv queue until the whole data is read (stable-5.14.6). - libbpf: Fix reuse of pinned map on older kernel (stable-5.14.6). - Smack: Fix wrong semantics in smk_access_entry() (stable-5.14.6). - crypto: mxs-dcp - Use sg_mapping_iter to copy data (stable-5.14.6). - commit 36873c2 - f2fs: should put a page beyond EOF when preparing a write (stable-5.14.6). - f2fs: deallocate compressed pages when error happens (stable-5.14.6). - f2fs: fix to unmap pages from userspace process in punch_hole() (stable-5.14.6). - f2fs: fix unexpected ENOENT comes from f2fs_map_blocks() (stable-5.14.6). - f2fs: fix to account missing .skipped_gc_rwsem (stable-5.14.6). - kbuild: Fix 'no symbols' warning when CONFIG_TRIM_UNUSD_KSYMS=y (stable-5.14.6). - KVM: PPC: Fix clearing never mapped TCEs in realmode (stable-5.14.6). - MIPS: Malta: fix alignment of the devicetree buffer (stable-5.14.6). - userfaultfd: prevent concurrent API initialization (stable-5.14.6). - fscache: Fix cookie key hashing (stable-5.14.6). - drm/amdgpu: Fix koops when accessing RAS EEPROM (stable-5.14.6). - drm/amdgpu: Fix amdgpu_ras_eeprom_init() (stable-5.14.6). - drm/panel: Fix up DT bindings for Samsung lms397kf04 (stable-5.14.6). - dma-buf: fix dma_resv_test_signaled test_all handling v2 (stable-5.14.6). - drm: vc4: Fix pixel-wrap issue with DVP teardown (stable-5.14.6). - drm/omap: Follow implicit fencing in prepare_fb (stable-5.14.6). - drm/ttm: Fix multihop assert on eviction (stable-5.14.6). - drm/vc4: hdmi: Set HD_CTL_WHOLSMP and HD_CTL_CHALIGN_SET (stable-5.14.6). - drm/vmwgfx: Fix some static checker warnings (stable-5.14.6). - drm/vmwgfx: Fix subresource updates with new contexts (stable-5.14.6). - commit 2eb74d8 - f2fs: fix to keep compatibility of fault injection interface (stable-5.14.6). - sunrpc: Fix return value of get_srcport() (stable-5.14.6). - SUNRPC/xprtrdma: Fix reconnection locking (stable-5.14.6). - NFSv4/pnfs: The layout barrier indicate a minimal value for the seqid (stable-5.14.6). - NFSv4/pNFS: Always allow update of a zero valued layout barrier (stable-5.14.6). - powerpc/smp: Update cpu_core_map on all PowerPc systems (stable-5.14.6). - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2 (stable-5.14.6). - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (stable-5.14.6). - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (stable-5.14.6). - powerpc/perf: Fix the check for SIAR value (stable-5.14.6). - powerpc/config: Renable MTD_PHYSMAP_OF (stable-5.14.6). - powerpc/config: Fix IPV6 warning in mpc855_ads (stable-5.14.6). - iommu/vt-d: Update the virtual command related registers (stable-5.14.6). - scsi: ufs: ufs-exynos: Fix static checker warning (stable-5.14.6). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (stable-5.14.6). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (stable-5.14.6). - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (stable-5.14.6). - scsi: fdomain: Fix error return code in fdomain_probe() (stable-5.14.6). - scsi: ufshcd: Fix device links when BOOT WLUN fails to probe (stable-5.14.6). - scsi: ufs: Fix unsigned int compared with less than zero (stable-5.14.6). - commit 907f956 - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (stable-5.14.6). - PCI: aardvark: Configure PCIe resources from 'ranges' DT property (stable-5.14.6). - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (stable-5.14.6). - f2fs: fix to do sanity check for sb/cp fields correctly (stable-5.14.6). - f2fs: reduce the scope of setting fsck tag when de->name_len is zero (stable-5.14.6). - f2fs: fix wrong checkpoint_changed value in f2fs_remount() (stable-5.14.6). - f2fs: turn back remapped address in compressed page endio (stable-5.14.6). - f2fs: do not submit NEW_ADDR to read node block (stable-5.14.6). - f2fs: quota: fix potential deadlock (stable-5.14.6). - f2fs: let's keep writing IOs on SBI_NEED_FSCK (stable-5.14.6). - f2fs: compress: fix to set zstd compress level correctly (stable-5.14.6). - xprtrdma: Put rpcrdma_reps before waking the tear-down completion (stable-5.14.6). - cpuidle: pseries: Mark pseries_idle_proble() as __init (stable-5.14.6). - openrisc: don't printk() unconditionally (stable-5.14.6). - scsi: ufs: Fix the SCSI abort handler (stable-5.14.6). - scsi: ufs: Use DECLARE_COMPLETION_ONSTACK() where appropriate (stable-5.14.6). - scsi: ufs: Fix memory corruption by ufshcd_read_desc_param() (stable-5.14.6). - scsi: BusLogic: Use %X for u32 sized integer rather than %lX (stable-5.14.6). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (stable-5.14.6). - dma-debug: fix debugfs initialization order (stable-5.14.6). - commit 49345c5 - tools/thermal/tmon: Add cross compiling support (stable-5.14.6). - Input: elan_i2c - reduce the resume time for controller in Whitebox (stable-5.14.6). - ARM: 9105/1: atags_to_fdt: don't warn about stack size (stable-5.14.6). - 9p/xen: Fix end of loop tests for list_for_each_entry (stable-5.14.6). - arm64: Move .hyp.rodata outside of the _sdata.._edata range (stable-5.14.6). - selftests/ftrace: Fix requirement check of README file (stable-5.14.6). - powerpc/perf/hv-gpci: Fix counter value parsing (stable-5.14.6). - xen: fix setting of max_pfn in shared_info (stable-5.14.6). - arm64: Do not trap PMSNEVFR_EL1 (stable-5.14.6). - arm64: head: avoid over-mapping in map_memory (stable-5.14.6). - arm64: mm: Fix TLBI vs ASID rollover (stable-5.14.6). - media: rc-loopback: return number of emitters rather than error (stable-5.14.6). - media: uvc: don't do DMA on stack (stable-5.14.6). - nvmem: core: fix error handling while validating keepout regions (stable-5.14.6). - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (stable-5.14.6). - block: bfq: fix bfq_set_next_ioprio_data() (stable-5.14.6). - s390/qdio: cancel the ESTABLISH ccw after timeout (stable-5.14.6). - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (stable-5.14.6). - crypto: public_key: fix overflow during implicit conversion (stable-5.14.6). - spi: fsi: Reduce max transfer size to 8 bytes (stable-5.14.6). - commit 9f9c9db - rtc: tps65910: Correct driver module alias (stable-5.14.6). - btrfs: zoned: fix double counting of split ordered extent (stable-5.14.6). - btrfs: fix upper limit for max_inline for page size 64K (stable-5.14.6). - Makefile: use -Wno-main in the full kernel tree (stable-5.14.6). - io-wq: fix race between adding work and activating a free worker (stable-5.14.6). - btrfs: reset replace target device to allocation state on close (stable-5.14.6). - btrfs: do not do preemptive flushing if the majority is global rsv (stable-5.14.6). - btrfs: reduce the preemptive flushing threshold to 90% (stable-5.14.6). - btrfs: zoned: fix block group alloc_offset calculation (stable-5.14.6). - btrfs: zoned: suppress reclaim error message on EAGAIN (stable-5.14.6). - btrfs: wait on async extents when flushing delalloc (stable-5.14.6). - btrfs: use delalloc_bytes to determine flush amount for shrink_delalloc (stable-5.14.6). - btrfs: wake up async_delalloc_pages waiters after submit (stable-5.14.6). - io-wq: fix wakeup race when adding new work (stable-5.14.6). - io_uring: fix io_try_cancel_userdata race for iowq (stable-5.14.6). - io_uring: add ->splice_fd_in checks (stable-5.14.6). - io_uring: place fixed tables under memcg limits (stable-5.14.6). - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (stable-5.14.6). - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN (stable-5.14.6). - commit 926292c - Update patch references for stable-5.14.6 - commit 4fca6a0 ++++ kernel-default-base: - Add nls_utf8 module (boo#1190797) ++++ libvirt: - Update to libvirt 7.8.0 - jsc#SLE-18260 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html - Dropped patches: b75a16ae-libxl-improve-die-id.patch, 65fab900-libxl-fix-driver-reload.patch, 51eb680b-libxl-dont-autostart-on-reload.patch ++++ podman: - Update to version 3.4.0: * Features - Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: "always", which always run before the pod is started, and "once", which only run the first time the pod starts and are subsequently removed. They can be added using the podman create command's --init-ctr option. - Support for init containers has also been added to podman play kube and podman generate kube - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created. - The podman play kube command now supports building images. If the --build option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container. - The podman play kube command now supports a new option, --teardown, which removes any pods and containers created by the given Kubernetes YAML. - The podman generate kube command now generates annotations for SELinux mount options on volume (:z and :Z) that are respected by the podman play kube command. - A new command has been added, podman pod logs, to return logs for all containers in a pod at the same time. - Two new commands have been added, podman volume export (to export a volume to a tar file) and podman volume import) (to populate a volume from a given tar file). - The podman auto-update command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again. - Pods now share their user namespace by default, and the podman pod create command now supports the --userns option. This allows rootless pods to be created with the --userns=keep-id option. - The podman pod ps command now supports a new filter with its --filter option, until, which returns pods created before a given timestamp. - The podman image scp command has been added. This command allows images to be transferred between different hosts. - The podman stats command supports a new option, --interval, to specify the amount of time before the information is refreshed. - The podman inspect command now includes ports exposed (but not published) by containers (e.g. ports from --expose when --publish-all is not specified). - The podman inspect command now has a new boolean value, Checkpointed, which indicates that a container was stopped as a result of a podman container checkpoint operation. - Volumes created by podman volume create now support setting quotas when run atop XFS. The size and inode options allow the maximum size and maximum number of inodes consumed by a volume to be limited. - The podman info command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265). - The podman info command now outputs the current log driver in use, and the variant and codename of the distribution in use. - The parameters of the VM created by podman machine init (amount of disk space, memory, CPUs) can now be set in containers.conf. - The podman machine ls command now shows additional information (CPUs, memory, disk size) about VMs managed by podman machine. - The podman ps command now includes healthcheck status in container state for containers that have healthchecks (#11527). * Changes - The podman build command has a new alias, podman buildx, to improve compatibility with Docker. We have already added support for many docker buildx flags to podman build and aim to continue to do so. - Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages. - The default log driver has been changed from file to journald. The file driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file. - Podman no longer depends on ip for removing networks (#11403). - The deprecated --macvlan flag to podman network create now warns when it is used. It will be removed entirely in the Podman 4.0 release. - The podman machine start command now prints a message when the VM is successfully started. - The podman stats command can now be used on containers that are paused. - The podman unshare command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run). - Successful healthchecks will no longer add a healthy line to the system log to reduce log spam. - As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by podman machine now default to only using the docker.io registry. * Bugfixes - Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in containers.conf) would cause them to be parsed incorrectly. - Fixed a bug where the Windows remote client improperly validated volume paths (#10900). - Fixed a bug where the first line of logs from a container run with the journald log driver could be skipped. - Fixed a bug where images created by podman commit did not include ports exposed by the container. - Fixed a bug where the podman auto-update command would ignore the io.containers.autoupdate.authfile label when pulling images (#11171). - Fixed a bug where the --workdir option to podman create and podman run could not be set to a directory where a volume was mounted (#11352). - Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers (#10443). - Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container. - Fixed a bug where rootless containers could fail to start the rootlessport port-forwarding service when XDG_RUNTIME_DIR was set to a long path. - Fixed a bug where arguments to the --systemd option to podman create and podman run were case-sensitive (#11387). - Fixed a bug where the podman manifest rm command would also remove images referenced by the manifest, not just the manifest itself (#11344). - Fixed a bug where the Podman remote client on OS X would not function properly if the TMPDIR environment variable was not set (#11418). - Fixed a bug where the /etc/hosts file was not guaranteed to contain an entry for localhost (this is still not guaranteed if --net=host is used; such containers will exactly match the host's /etc/hosts) (#11411). - Fixed a bug where the podman machine start command could print warnings about unsupported CPU features (#11421). - Fixed a bug where the podman info command could segfault when accessing cgroup information. - Fixed a bug where the podman logs -f command could hang when a container exited (#11461). - Fixed a bug where the podman generate systemd command could not be used on containers that specified a restart policy (#11438). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the context directory was a symlink (#11732). - Fixed a bug where the --network flag to podman play kube was not properly parsed when a non-bridge network configuration was specified. - Fixed a bug where the podman inspect command could error when the container being inspected was removed as it was being inspected (#11392). - Fixed a bug where the podman play kube command ignored the default pod infra image specified in containers.conf. - Fixed a bug where the --format option to podman inspect was nonfunctional under some circumstances (#8785). - Fixed a bug where the remote Podman client's podman run and podman exec commands could skip a byte of output every 8192 bytes (#11496). - Fixed a bug where the podman stats command would print nonsensical results if the container restarted while it was running (#11469). - Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client (#11444). - Fixed a bug where the podman run command could return 0 when the application in the container exited with 125 (#11540). - Fixed a bug where containers with --restart=always set using the rootlessport port-forwarding service could not be restarted automatically. - Fixed a bug where the --cgroups=split option to podman create and podman run was silently discarded if the container was part of a pod. - Fixed a bug where the podman container runlabel command could fail if the image name given included a tag. - Fixed a bug where Podman could add an extra 127.0.0.1 entry to /etc/hosts under some circumstances (#11596). - Fixed a bug where the remote Podman client's podman untag command did not properly handle tags including a digest (#11557). - Fixed a bug where the --format option to podman ps did not properly support the table argument for tabular output. - Fixed a bug where the --filter option to podman ps did not properly handle filtering by healthcheck status (#11687). - Fixed a bug where the podman run and podman start --attach commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an external podman rm -f) (#11633). - Fixed a bug where the podman generate kube command would add default environment variables to generated YAML. - Fixed a bug where the podman generate kube command would add the default CMD from the image to generated YAML (#11672). - Fixed a bug where the podman rm --storage command could fail to remove containers under some circumstances (#11207). - Fixed a bug where the podman machine ssh command could fail when run on Linux (#11731). - Fixed a bug where the podman stop command would error when used on a container that was already stopped (#11740). - Fixed a bug where renaming a container in a pod using the podman rename command, then removing the pod using podman pod rm, could cause Podman to believe the new name of the container was permanently in use, despite the container being removed (#11750). * API - The Libpod Pull endpoint for Images now has a new query parameter, quiet, which (when set to true) suppresses image pull progress reports (#10612). - The Compat Events endpoint now includes several deprecated fields from the Docker v1.21 API for improved compatibility with older clients. - The Compat List and Inspect endpoints for Images now prefix image IDs with sha256: for improved Docker compatibility (#11623). - The Compat Create endpoint for Containers now properly sets defaults for healthcheck-related fields (#11225). - The Compat Create endpoint for Containers now supports volume options provided by the Mounts field (#10831). - The Compat List endpoint for Secrets now supports a new query parameter, filter, which allows returned results to be filtered. - The Compat Auth endpoint now returns the correct response code (500 instead of 400) when logging into a registry fails. - The Version endpoint now includes information about the OCI runtime and Conmon in use (#11227). - Fixed a bug where the X-Registry-Config header was not properly handled, leading to errors when pulling images (#11235). - Fixed a bug where invalid query parameters could cause a null pointer dereference when creating error messages. - Logging of API requests and responses at trace level has been greatly improved, including the addition of an X-Reference-Id header to correlate requests and responses (#10053). * Misc - Updated Buildah to v1.23.0 - Updated the containers/storage library to v1.36.0 - Updated the containers/image library to v5.16.0 - Updated the containers/common library to v0.44.0 ++++ python-libvirt-python: - Update to 7.8.0 - Add all new APIs and constants in libvirt 7.8.0 - jsc#SLE-18260 ++++ suse-module-tools: - Update to version 15.4.4: * Import kernel scriptlets from kernel-source (bsc#1189841, bsc#1190598) * Provide "suse-kernel-rpm-scriptlets" ++++ wicked: - version 0.6.67 - dbus: install bus config in /usr (bsc#1183407,jsc#SLE-9750) - logging: log reaped sub-process command and as debug, not error - ifstatus: Don't show link as "up" without RUNNING flag set - firewalld: Make the zone assignment permanent (boo#1189560) - fsm: cleanup and improve ifconfig and ifpolicy access utils - dbus: cleanup the dbus-service.h file and unused property macros - cleanup: applied code-spell run typo corrections - dracut: initial fixes and improved option handling (boo#1182227) ------------------------------------------------------------------ ------------------ 2021-9-30 - Sep 30 2021 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library. This is done with the patches * git-41-f00ca2600331602241954533a1b1610d1da57edf.patch * git-42-f39a8d18719c3b34373e0e36098f0f404121b5c5.patch before the changed patch git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch rename it to git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch and also add the patches * git-44-425f3e9b44ba9ead865d70ff6690d5f2869442dc.patch * git-45-bf0a31597d0ed3562bfc5e6be0ade2fe5dc1f7a1.patch ++++ blog: - Move to /usr for UsrMerge (boo#1191057) ++++ dracut: - Update to version 055+suse.119.g6c4187af: * fix(suse-initrd): handle cases with zero modprobe.d files (bsc#1189895) ++++ e2fsprogs: - quota-Add-support-to-version-0-quota-format.patch: quota: Add support to version 0 quota format (jsc#SLE-17360) quota-Fold-quota_read_all_dquots-into-quota_update_l.patch: quota: Fold quota_read_all_dquots() into quota_update_limits() (jsc#SLE-17360) quota-Rename-quota_update_limits-to-quota_read_all_d.patch: quota: Rename quota_update_limits() to quota_read_all_dquots() (jsc#SLE-17360) tune2fs-Fix-conversion-of-quota-files.patch: tune2fs: Fix conversion of quota files (jsc#SLE-17360) e2fsck-Do-not-trash-user-limits-when-processing-orph.patch: e2fsck: Do not trash user limits when processing orphan list (jsc#SLE-17360) debugfs-Fix-headers-for-quota-commands.patch: debugfs: Fix headers for quota commands (jsc#SLE-17360) quota-Drop-dead-code.patch: quota: Drop dead code (jsc#SLE-17360) - add these not yet released fixes to e2fsprogs package so that SLE15-SP4 ships with them ++++ open-iscsi: - Update to latest from upstream, fixing: * Moving the executables from /sbin to /usr/sbin (bsc#1191054) * Remove default dependencies from iscsi-init.service (bsc#1187190) ++++ kernel-default: - arm64: Update config files. (bsc#1185927) Set PINCTRL_ZYNQMP to build-in. - commit 3c3ff54 ++++ kernel-firmware: - Update to version 20210928 (git commit 7a30050592e2): * brcm: Add 43455 based AP6255 NVRAM for the ACEPC T8 Mini PC * linux-firmware: Update firmware file for Intel Bluetooth 9462 * amdgpu: update VCN firmware for dimgrey cavefish * amdgpu: update VCN firmware for navy flounder * amdgpu: update VCN firmware for sienna cichlid * amdgpu: update VCN firmware for vangogh * amdgpu: update VCN firmware for renoir * amdgpu: update VCN firmware for picasso * amdgpu: update VCN firmware for raven2 * amdgpu: update VCN firmware for raven * amdgpu: Add initial firmware for Beige Goby * cxgb4: Update firmware to revision 1.26.2.0 * linux-firmware: update frimware for mediatek bluetooth chip (MT7921) * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * qed: Add firmware 8.59.1.0 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update firmware file for Intel Bluetooth 8265 * iwlwifi: add FWs for new So device types with multiple RF modules * amdgpu: add initial firmware for Yellow Carp * i915: Update ADLP DMC v2.12 * linux-firmware: add frimware for mediatek bluetooth chip (MT7922) * linux-firmware: Update AMD SEV firmware (bsc#1186938) * Revert "iwlwifi: add FW for new So/Gf device type" - Update aliases ++++ fuse3: - Update fuse3 to the version >= 3.9.1 (jsc#SLE-21826) ++++ Mesa: - update to 21.2.3 * third bugfix release ++++ samba: - Adjust spec to use pam macros; (bsc#1191046). ++++ u-boot-rpiarm64: Fix Grub loading slowdown when connecting USB keyboard (bsc#1171222). Enable BTRFS for Risc-V. Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10 * Patches added: 0013-riscv-enable-CMD_BTRFS.patch 0014-Disable-timer-check-in-file-loading.patch ------------------------------------------------------------------ ------------------ 2021-9-29 - Sep 29 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18121). - scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18121). - scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18121). - commit c13c871 - EDAC/i10nm: Retrieve and print retry_rd_err_log registers (jsc#SLE-21874). - commit 6ea02d1 - cpuidle: pseries: Do not cap the CEDE0 latency in fixup_cede0_latency() (bsc#1185550 ltc#192610 git-fixes jsc#SLE-18128). - commit ae6623e - Refresh patches.suse/ibmvnic-check-failover_pending-in-login-response.patch. - Refresh patches.suse/nvme-avoid-race-in-shutdown-namespace-removal.patch. - Refresh patches.suse/nvme-multipath-fix-ANA-state-updates-when-a-namespac.patch. - Refresh patches.suse/nvme-rdma-destroy-cm-id-before-destroy-qp-to-avoid-u.patch. - Refresh patches.suse/nvme-tcp-fix-io_work-priority-inversion.patch. - Refresh patches.suse/scsi-lpfc-Fix-CPU-to-from-endian-warnings-introduced.patch. - Refresh patches.suse/scsi-lpfc-Fix-compilation-errors-on-kernels-with-no-.patch. - Refresh patches.suse/scsi-lpfc-Fix-gcc-Wstringop-overread-warning-again.patch. - Refresh patches.suse/scsi-lpfc-Fix-sprintf-overflow-in-lpfc_display_fpin_.patch. - Refresh patches.suse/scsi-lpfc-Remove-unneeded-variable.patch. - Refresh patches.suse/scsi-lpfc-Use-correct-scnprintf-limit.patch. Update metadata - commit d26e910 - dt-bindings: clock: qcom: Update license for GCC SC7280 (git-fixes). - commit 112906f - SUNRPC: Simplify socket shutdown when not reusing TCP ports (git-fixes). - SUNRPC: Fix potential memory corruption (git-fixes). - NFSv4/pNFS: Fix a layoutget livelock loop (git-fixes). - commit 54a3b6b ++++ libjpeg-turbo: - previous version updates fixes following bugs: CVE-2014-9092, CVE-2018-14498, CVE-2019-2201, CVE-2020-17541 (bsc#1128712, bsc#1186764, bsc#807183, bsc#906761) ++++ libsoup2: - Add Provides: libsoup2 to the library, so that the lang package is installable. - Remove the left-over provides/obsoltes for libsoup (which is now libsoup 3). ++++ systemd: - Predictable network interface names: fix slot based network names on s390 (backward incompatible change) (jsc#SLE-18514) The default predictable naming scheme used by SLE ("v238") have been improved with the two following changes: o PCI hotplug slot names for the s390 PCI driver are a hexadecimal representation of the function_id device attribute. This attribute is now used to build the ID_NET_NAME_SLOT. Before that, all slot names were parsed as decimal numbers, which could either result in an incorrect value of the ID_NET_NAME_SLOT property or none at all. o Some firmware and hypervisor implementations report unreasonable high numbers for the onboard index. To prevent the generation of bogus onbard interface names, index numbers greater than 16381 (2^14-1) were ignored. For s390 PCI devices index values up to 65535 (2^16-1) are valid. To account for that, the limit is increased to now 65535. To reflect these backward incompatible changes, the naming scheme version has been renamed "sle15-sp4". - Import commit 2f8e2ef85dfbe8e10a21e0e1bd5e356ff8ed6c5a 4c4e642712 meson: allow extra net naming schemes to be defined during configuration (jsc#SLE-18514) 78466e4464 meson: drop the list of valid net naming schemes b9a2098f9d netif-naming: inline one iterator variable d7fbbc5e74 Add remaining supported schemes as options for default-net-naming-scheme ++++ samba: - Adjust spec for size * allow some Recommends instead Requires to be configured for cifs-utils, samba-libs-python3 & samba-gpupdate; (bsc#1182847). * remove fam, undocumented and unneeded. ------------------------------------------------------------------ ------------------ 2021-9-28 - Sep 28 2021 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - Avoid race confition with ca-certificates (bsc#1189362) + Make the service run after ca-sertificates is done + Attempt multiple times to update the trust chain ++++ lvm2-device-mapper: - vgextend crash when extending VG with missing PV (bsc#1191019) + bug-1191019_vgextend-check-missing-device-during-block-size-chec.patch ++++ jitterentropy: - Trim conjecture from descriptions. ++++ kernel-default: - x86/fault: Fix wrong signal when vsyscall fails with pkey (bsc#1190497). - commit f05d0ae - ethtool: add two link extended substates of bad signal integrity (bsc#1190336). - page_pool: add frag page recycling support in page pool (bsc#1190336). - page_pool: add interface to manipulate frag count in page pool (bsc#1190336). - page_pool: keep pp info as long as page pool owns the page (bsc#1190336). - commit 296b073 - x86/asm: Fix SETZ size enqcmds() build failure (bsc#1190497). - commit e2f2c95 - ethernet: fix PTP_1588_CLOCK dependencies (jsc#SLE-19253). - Update config files. - commit 174a183 - scsi: core: Introduce scsi_get_sector() (jsc#SLE-19249). - Refresh patches.suse/scsi-core-Add-helper-to-return-number-of-logical-blo.patch. - commit 240f3ea - net/mlx5: Lag, Create shared FDB when in switchdev mode (jsc#SLE-19253). - Refresh patches.suse/net-mlx5-Lag-fix-multipath-lag-activation.patch. - commit 62f89bb - net/mlx4_en: Don't allow aRFS for encapsulated packets (jsc#SLE-19256). - qed: rdma - don't wait for resources under hw error recovery flow (jsc#SLE-19001). - net: hns3: fix a return value error in hclge_get_reset_status() (bsc#1190336). - net: hns3: check vlan id before using it (bsc#1190336). - net: hns3: check queue id range before using (bsc#1190336). - net: hns3: fix misuse vf id and vport id in some logs (bsc#1190336). - net: hns3: fix inconsistent vf id print (bsc#1190336). - net: hns3: fix change RSS 'hfunc' ineffective issue (bsc#1190336). - net/mlx4_en: Resolve bad operstate value (jsc#SLE-19256). - igc: fix tunnel offloading (jsc#SLE-18377). - net/{mlx5|nfp|bnxt}: Remove unnecessary RTNL lock assert (jsc#SLE-19253). - net: hns3: fix the timing issue of VF clearing interrupt sources (bsc#1190336). - net: hns3: fix the exception when query imp info (bsc#1190336). - net: hns3: disable mac in flr process (bsc#1190336). - net: hns3: change affinity_mask to numa node range (bsc#1190336). - net: hns3: pad the short tunnel frame before sending to hardware (bsc#1190336). - net: hns3: add option to turn off page pool feature (bsc#1190336). - qed: Handle management FW error (jsc#SLE-19001). - ice: Correctly deal with PFs that do not support RDMA (jsc#SLE-18375). - net/mlx5e: Fix condition when retrieving PTP-rqn (jsc#SLE-19253). - net/mlx5e: Fix mutual exclusion between CQE compression and HW TS (jsc#SLE-19253). - net/mlx5: Fix potential sleeping in atomic context (jsc#SLE-19253). - net/mlx5: FWTrace, cancel work on alloc pd error flow (jsc#SLE-19253). - net/mlx5: Lag, don't update lag if lag isn't supported (jsc#SLE-19253). - net/mlx5: Fix rdma aux device on devlink reload (jsc#SLE-19253). - net/mlx5: Bridge, fix uninitialized variable usage (jsc#SLE-19253). - IB/hfi1: make hist static (jsc#SLE-19242). - RDMA/bnxt_re: Prefer kcalloc over open coded arithmetic (jsc#SLE-18977). - IB/qib: Fix null pointer subtraction compiler warning (jsc#SLE-19249). - RDMA/mlx5: Fix xlt_chunk_align calculation (jsc#SLE-19250). - net: hns3: make hclgevf_cmd_caps_bit_map0 and hclge_cmd_caps_bit_map0 static (bsc#1190336). - ionic: fix a sleeping in atomic bug (jsc#SLE-19282). - ionic: fix double use of queue-lock (jsc#SLE-19282). - scsi: RDMA/srp: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-19249). - scsi: RDMA/iser: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-19249). - scsi: iser: Use scsi_get_sector() instead of scsi_get_lba() (jsc#SLE-19249). - RDMA: Use the sg_table directly and remove the opencoded version from umem (jsc#SLE-19249). - lib/scatterlist: Fix wrong update of orig_nents (jsc#SLE-19249). - lib/scatterlist: Provide a dedicated function to support table append (jsc#SLE-19249). - RDMA/mlx5: Relax DCS QP creation checks (jsc#SLE-19250). - RDMA/hns: Delete unnecessary blank lines (bsc#1190336). - RDMA/hns: Encapsulate the qp db as a function (bsc#1190336). - RDMA/hns: Adjust the order in which irq are requested and enabled (bsc#1190336). - RDMA/hns: Remove RST2RST error prints for hw v1 (bsc#1190336). - RDMA/hns: Remove dqpn filling when modify qp from Init to Init (bsc#1190336). - RDMA/hns: Fix QP's resp incomplete assignment (bsc#1190336). - RDMA/hns: Fix query destination qpn (bsc#1190336). - RDMA/hfi1: Convert to SPDX identifier (jsc#SLE-19242). - IB/rdmavt: Convert to SPDX identifier (jsc#SLE-19242). - RDMA/hns: Bugfix for incorrect association between dip_idx and dgid (bsc#1190336). - RDMA/hns: Bugfix for the missing assignment for dip_idx (bsc#1190336). - RDMA/hns: Bugfix for data type of dip_idx (bsc#1190336). - RDMA/hns: Fix incorrect lsn field (bsc#1190336). - RDMA/irdma: Remove the repeated declaration (jsc#SLE-18383). - RDMA/core/sa_query: Retry SA queries (jsc#SLE-19249). - RDMA/hns: Delete unused hns bitmap interface (bsc#1190336). - RDMA/hns: Use IDA interface to manage srq index (bsc#1190336). - RDMA/hns: Use IDA interface to manage uar index (bsc#1190336). - RDMA/hns: Ownerbit mode add control field (bsc#1190336). - RDMA/hns: Enable stash feature of HIP09 (bsc#1190336). - RDMA/hns: Remove unsupport cmdq mode (bsc#1190336). - RDMA: switch from 'pci_' to 'dma_' API (jsc#SLE-19249). - IB/core: Remove deprecated current_seq comments (jsc#SLE-19249). - RDMA/efa: Rename vector field in efa_irq struct to irqn (jsc#SLE-19249). - RDMA/efa: Remove unused cpu field from irq struct (jsc#SLE-19249). - RDMA/rtrs: Remove (void) casting for functions (jsc#SLE-19249). - RDMA/rtrs-clt: Fix counting inflight IO (jsc#SLE-19249). - RDMA/rtrs: Remove all likely and unlikely (jsc#SLE-19249). - RDMA/rtrs: Remove unused functions (jsc#SLE-19249). - RDMA/rtrs-clt: During add_path change for_new_clt according to path_num (jsc#SLE-19249). - RDMA/core/sa_query: Remove unused function (jsc#SLE-19249). - RDMA/qedr: Move variables reset to qedr_set_common_qp_params() (jsc#SLE-18998). - RDMA/hfi1: Stop using seq_get_buf in _driver_stats_seq_show (jsc#SLE-19242). - RDMA/rtrs: Remove a useless kfree() (jsc#SLE-19249). - RDMA/hns: Fix return in hns_roce_rereg_user_mr() (bsc#1190336). - RDMA/core: Create clean QP creations interface for uverbs (jsc#SLE-19249). - RDMA/core: Properly increment and decrement QP usecnts (jsc#SLE-19249). - RDMA/core: Configure selinux QP during creation (jsc#SLE-19249). - RDMA/core: Reorganize create QP low-level functions (jsc#SLE-19249). - RDMA/core: Remove protection from wrong in-kernel API usage (jsc#SLE-19249). - RDMA/core: Delete duplicated and unreachable code (jsc#SLE-19249). - RDMA/mlx5: Delete not-available udata check (jsc#SLE-19250). - RDMA/mlx5: Drop in-driver verbs object creations (jsc#SLE-19250). - RDMA: Globally allocate and release QP memory (jsc#SLE-19249). - RDMA/rdmavt: Decouple QP and SGE lists allocations (jsc#SLE-19249). - RDMA/mlx5: Rework custom driver QP type creation (jsc#SLE-19250). - RDMA/mlx5: Delete device resource mutex that didn't protect anything (jsc#SLE-19250). - RDMA/mlx5: Cancel pkey work before destroying device resources (jsc#SLE-19250). - RDMA/efa: Remove double QP type assignment (jsc#SLE-19249). - RDMA/hns: Don't overwrite supplied QP attributes (bsc#1190336). - RDMA/hns: Don't skip IB creation flow for regular RC QP (bsc#1190336). - RDMA/qedr: Improve error logs for rdma_alloc_tid error return (jsc#SLE-18998). - RDMA/qed: Use accurate error num in qed_cxt_dynamic_ilt_alloc (jsc#SLE-19001). - RDMA/hfi1: Fix typo in comments (jsc#SLE-19242). - RDMA/iwpm: Rely on the rdma_nl_register() to ensure that requests are valid (jsc#SLE-19249). - RDMA/iwpm: Remove not-needed reference counting (jsc#SLE-19249). - RDMA/iwcm: Release resources if iw_cm module initialization fails (jsc#SLE-19249). - RDMA/hfi1: Convert from atomic_t to refcount_t on hfi1_devdata->user_refcount (jsc#SLE-19242). - IB/hfi1: Adjust pkey entry in index 0 (jsc#SLE-19242). - IB/hfi1: Indicate DMA wait when txq is queued for wakeup (jsc#SLE-19242). - RDMA/mlx5: Add DCS offload support (jsc#SLE-19250). - RDMA/mlx5: Separate DCI QP creation logic (jsc#SLE-19250). - RDMA/rxe: Fix types in rxe_icrc.c (jsc#SLE-19249). - RDMA/rxe: Add kernel-doc comments to rxe_icrc.c (jsc#SLE-19249). - RDMA/rxe: Move crc32 init code to rxe_icrc.c (jsc#SLE-19249). - RDMA/rxe: Fixup rxe_icrc_hdr (jsc#SLE-19249). - RDMA/rxe: Move rxe_crc32 to a subroutine (jsc#SLE-19249). - RDMA/rxe: Move ICRC generation to a subroutine (jsc#SLE-19249). - RDMA/rxe: Fixup rxe_send and rxe_loopback (jsc#SLE-19249). - RDMA/rxe: Move rxe_xmit_packet to a subroutine (jsc#SLE-19249). - RDMA/rxe: Move ICRC checking to a subroutine (jsc#SLE-19249). - IB/core: Read subnet_prefix in ib_query_port via cache (jsc#SLE-19249). - IB/core: Shifting initialization of device->cache_lock (jsc#SLE-19249). - IB/core: Updating cache for subnet_prefix in config_non_roce_gid_cache() (jsc#SLE-19249). - RDMA/efa: Split hardware stats to device and port stats (jsc#SLE-19249). - RDMA/rxe: Remove the repeated 'mr->umem = umem' (jsc#SLE-19249). - RDMA/siw: Convert siw_tx_hdt() to kmap_local_page() (jsc#SLE-19249). - RDMA/siw: Remove kmap() (jsc#SLE-19249). - RDMA/rtrs: Move sq_wr_avail to rtrs_con (jsc#SLE-19249). - RDMA/rtrs: Remove unused flags parameter (jsc#SLE-19249). - RDMA/rtrs: Make rtrs_post_rdma_write_imm_empty static (jsc#SLE-19249). - RDMA/rtrs: Enable the same selective signal for heartbeat and IO (jsc#SLE-19249). - RDMA/rtrs: move wr_cnt from rtrs_srv_con to rtrs_con (jsc#SLE-19249). - RDMA/rtrs: Add error messages for failed operations (jsc#SLE-19249). - ice: remove dead code for allocating pin_config (jsc#SLE-18375). - net/mlx5: DR, fix a potential use-after-free bug (jsc#SLE-19253). - net: hns3: remove unnecessary spaces (bsc#1190336). - net: hns3: add some required spaces (bsc#1190336). - net: hns3: clean up a type mismatch warning (bsc#1190336). - net: hns3: refine function hns3_set_default_feature() (bsc#1190336). - net: hns3: uniform parameter name of hclge_ptp_clean_tx_hwts() (bsc#1190336). - net: hnss3: use max() to simplify code (bsc#1190336). - net: hns3: modify a print format of hns3_dbg_queue_map() (bsc#1190336). - net: hns3: refine function hclge_dbg_dump_tm_pri() (bsc#1190336). - net: hns3: reconstruct function hclge_ets_validate() (bsc#1190336). - net: hns3: reconstruct function hns3_self_test (bsc#1190336). - net: hns3: initialize each member of structure array on a separate line (bsc#1190336). - igc: Add support for CBS offloading (jsc#SLE-18377). - igc: Simplify TSN flags handling (jsc#SLE-18377). - igc: Use default cycle 'start' and 'end' values for queues (jsc#SLE-18377). - ionic: recreate hwstamp queues on ifup (jsc#SLE-19282). - ionic: pull hwstamp queue_lock up a level (jsc#SLE-19282). - ionic: add queue lock around open and stop (jsc#SLE-19282). - ionic: fill mac addr earlier in add_addr (jsc#SLE-19282). - ionic: squelch unnecessary fw halted message (jsc#SLE-19282). - ionic: fire watchdog again after fw_down (jsc#SLE-19282). - net: hns3: add required space in comment (bsc#1190336). - net: hns3: remove unnecessary "static" of local variables in function (bsc#1190336). - net: hns3: don't config TM DWRR twice when set ETS (bsc#1190336). - net: hns3: add new function hclge_get_speed_bit() (bsc#1190336). - net: hns3: refactor function hclgevf_parse_capability() (bsc#1190336). - net: hns3: refactor function hclge_parse_capability() (bsc#1190336). - net: hns3: add trace event in hclge_gen_resp_to_vf() (bsc#1190336). - net: hns3: uniform type of function parameter cmd (bsc#1190336). - net: hns3: merge some repetitive macros (bsc#1190336). - net: hns3: package new functions to simplify hclgevf_mbx_handler code (bsc#1190336). - net: hns3: remove redundant param to simplify code (bsc#1190336). - net: hns3: use memcpy to simplify code (bsc#1190336). - net: hns3: remove redundant param mbx_event_pending (bsc#1190336). - net: hns3: add hns3_state_init() to do state initialization (bsc#1190336). - net: hns3: add macros for mac speeds of firmware command (bsc#1190336). - net/mlx5: DR, Add support for update FTE (jsc#SLE-19253). - net/mlx5: DR, Improve rule tracking memory consumption (jsc#SLE-19253). - net/mlx5: DR, Remove rehash ctrl struct from dr_htbl (jsc#SLE-19253). - net/mlx5: DR, Remove HW specific STE type from nic domain (jsc#SLE-19253). - net/mlx5: DR, Merge DR_STE_SIZE enums (jsc#SLE-19253). - net/mlx5: DR, Skip source port matching on FDB RX domain (jsc#SLE-19253). - net/mlx5: DR, Add ignore_flow_level support for multi-dest flow tables (jsc#SLE-19253). - net/mlx5: DR, Use FW API when updating FW-owned flow table (jsc#SLE-19253). - net/mlx5: DR, replace uintN_t with kernel-style types (jsc#SLE-19253). - net/mlx5: DR, Support IPv6 matching on flow label for STEv0 (jsc#SLE-19253). - net/mlx5: DR, Reduce print level for FT chaining level check (jsc#SLE-19253). - net/mlx5: DR, Warn and ignore SW steering rule insertion on QP err (jsc#SLE-19253). - net/mlx5: DR, Improve error flow in actions_build_ste_arr (jsc#SLE-19253). - net/mlx5: DR, Enable QP retransmission (jsc#SLE-19253). - net/mlx5: DR, Enable VLAN pop on TX and VLAN push on RX (jsc#SLE-19253). - net/mlx5: DR, Split modify VLAN state to separate pop/push states (jsc#SLE-19253). - net/mlx5: DR, Added support for REMOVE_HEADER packet reformat (jsc#SLE-19253). - ionic: handle mac filter overflow (jsc#SLE-19282). - ionic: refactor ionic_lif_addr to remove a layer (jsc#SLE-19282). - ionic: sync the filters in the work task (jsc#SLE-19282). - ionic: flatten calls to set-rx-mode (jsc#SLE-19282). - ionic: remove old work task types (jsc#SLE-19282). - igc: Add support for PTP getcrosststamp() (jsc#SLE-18377). - igc: Enable PCIe PTM (jsc#SLE-18377). - PCI: Add pcie_ptm_enabled() (jsc#SLE-18377). - Revert "PCI: Make pci_enable_ptm() private" (jsc#SLE-18377). - net: hns3: add ethtool support for CQE/EQE mode configuration (bsc#1190336). - net: hns3: add support for EQE/CQE mode configuration (bsc#1190336). - ethtool: extend coalesce setting uAPI with CQE mode (jsc#SLE-19253). - ethtool: add two coalesce attributes for CQE mode (jsc#SLE-19253). - net/mellanox: switch from 'pci_' to 'dma_' API (jsc#SLE-19253). - net/mlx5: E-switch, Add QoS tracepoints (jsc#SLE-19253). - net/mlx5: E-switch, Allow to add vports to rate groups (jsc#SLE-19253). - net/mlx5: E-switch, Allow setting share/max tx rate limits of rate groups (jsc#SLE-19253). - net/mlx5: E-switch, Introduce rate limiting groups API (jsc#SLE-19253). - net/mlx5: E-switch, Enable devlink port tx_{share|max} rate control (jsc#SLE-19253). - net/mlx5: E-switch, Move QoS related code to dedicated file (jsc#SLE-19253). - net/mlx5e: TC, Support sample offload action for tunneled traffic (jsc#SLE-19253). - net/mlx5e: TC, Restore tunnel info for sample offload (jsc#SLE-19253). - net/mlx5e: TC, Remove CONFIG_NET_TC_SKB_EXT dependency when restoring tunnel (jsc#SLE-19253). - net/mlx5e: Refactor ct to use post action infrastructure (jsc#SLE-19253). - net/mlx5e: Introduce post action infrastructure (jsc#SLE-19253). - net/mlx5e: CT, Use xarray to manage fte ids (jsc#SLE-19253). - net/mlx5e: Move sample attribute to flow attribute (jsc#SLE-19253). - net/mlx5e: Move esw/sample to en/tc/sample (jsc#SLE-19253). - net/mlx5e: Remove mlx5e dependency from E-Switch sample (jsc#SLE-19253). - net: hns3: make array spec_opcode static const, makes object smaller (bsc#1190336). - net/mlx4: Use ARRAY_SIZE to get an array's size (jsc#SLE-19256). - i40e: Fix spelling mistake "dissable" -> "disable" (jsc#SLE-18378). - iavf: use mutexes for locking of critical sections (jsc#SLE-18385). - net/mlx5: Bridge, support LAG (jsc#SLE-19253). - net/mlx5: Bridge, allow merged eswitch connectivity (jsc#SLE-19253). - net/mlx5: Bridge, extract FDB delete notification to function (jsc#SLE-19253). - net/mlx5: Bridge, identify port by vport_num+esw_owner_vhca_id pair (jsc#SLE-19253). - net/mlx5: Bridge, obtain core device from eswitch instead of priv (jsc#SLE-19253). - net/mlx5: Bridge, release bridge in same function where it is taken (jsc#SLE-19253). - net/mlx5e: Support MQPRIO channel mode (jsc#SLE-19253). - net/mlx5e: Handle errors of netdev_set_num_tc() (jsc#SLE-19253). - net/mlx5e: Maintain MQPRIO mode parameter (jsc#SLE-19253). - net/mlx5e: Abstract MQPRIO params (jsc#SLE-19253). - net/mlx5e: Support flow classification into RSS contexts (jsc#SLE-19253). - net/mlx5e: Support multiple RSS contexts (jsc#SLE-19253). - net/mlx5e: Dynamically allocate TIRs in RSS contexts (jsc#SLE-19253). - net/mlx5e: Convert RSS to a dedicated object (jsc#SLE-19253). - net/mlx5e: Introduce abstraction of RSS context (jsc#SLE-19253). - net/mlx5e: Introduce TIR create/destroy API in rx_res (jsc#SLE-19253). - net/mlx5e: Do not try enable RSS when resetting indir table (jsc#SLE-19253). - net: hns3: add support ethtool extended link state (bsc#1190336). - net: hns3: add header file hns3_ethtoo.h (bsc#1190336). - net: hns3: remove always exist devlink pointer check (bsc#1190336). - net/mlx5e: Make use of netdev_warn() (jsc#SLE-19253). - net/mlx5: Fix variable type to match 64bit (jsc#SLE-19253). - net/mlx5: Initialize numa node for all core devices (jsc#SLE-19253). - net/mlx5: Allocate individual capability (jsc#SLE-19253). - net/mlx5: Reorganize current and maximal capabilities to be per-type (jsc#SLE-19253). - net/mlx5: SF, use recent sysfs api (jsc#SLE-19253). - net/mlx5: Refcount mlx5_irq with integer (jsc#SLE-19253). - net/mlx5: Change SF missing dedicated MSI-X err message to dbg (jsc#SLE-19253). - net/mlx5: Align mlx5_irq structure (jsc#SLE-19253). - net/mlx5: Delete impossible dev->state checks (jsc#SLE-19253). - net/mlx5: Fix inner TTC table creation (jsc#SLE-19253). - net/mlx5: Fix typo in comments (jsc#SLE-19253). - net: hns3: add support for triggering reset by ethtool (bsc#1190336). - net/mlx5: Support enable_vnet devlink dev param (jsc#SLE-19253). - net/mlx5: Support enable_rdma devlink dev param (jsc#SLE-19253). - net/mlx5: Support enable_eth devlink dev param (jsc#SLE-19253). - devlink: Add APIs to publish, unpublish individual parameter (jsc#SLE-19253). - devlink: Add API to register and unregister single parameter (jsc#SLE-19253). - devlink: Create a helper function for one parameter registration (jsc#SLE-19253). - devlink: Add new "enable_vnet" generic device param (jsc#SLE-19253). - devlink: Add new "enable_rdma" generic device param (jsc#SLE-19253). - devlink: Add new "enable_eth" generic device param (jsc#SLE-19253). - net/mlx5: E-Switch, add logic to enable shared FDB (jsc#SLE-19253). - net/mlx5: Lag, move lag destruction to a workqueue (jsc#SLE-19253). - net/mlx5: Lag, properly lock eswitch if needed (jsc#SLE-19253). - net/mlx5: Add send to vport rules on paired device (jsc#SLE-19253). - net/mlx5: E-Switch, Add event callback for representors (jsc#SLE-19253). - net/mlx5e: Use shared mappings for restoring from metadata (jsc#SLE-19253). - net/mlx5e: Add an option to create a shared mapping (jsc#SLE-19253). - net/mlx5: E-Switch, set flow source for send to uplink rule (jsc#SLE-19253). - RDMA/mlx5: Add shared FDB support (jsc#SLE-19250). - {net, RDMA}/mlx5: Extend send to vport rules (jsc#SLE-19253). - RDMA/mlx5: Fill port info based on the relevant eswitch (jsc#SLE-19250). - net/mlx5: Lag, add initial logic for shared FDB (jsc#SLE-19253). - net/mlx5: Return mdev from eswitch (jsc#SLE-19253). - IB/mlx5: Rename is_apu_thread_cq function to is_apu_cq (jsc#SLE-19253). - net/mlx5: Add DCS caps & fields support (jsc#SLE-19250). - net: hns3: support skb's frag page recycling based on page pool (bsc#1190336). - devlink: Simplify devlink port API calls (jsc#SLE-19253). - qed: Remove duplicated include of kernel.h (jsc#SLE-19001). - qed: Remove redundant prints from the iWARP SYN handling (jsc#SLE-19001). - qed: Skip DORQ attention handling during recovery (jsc#SLE-19001). - qed: Avoid db_recovery during recovery (jsc#SLE-19001). - net/mlx5e: Return -EOPNOTSUPP if more relevant when parsing tc actions (jsc#SLE-19253). - net/mlx5e: Remove redundant assignment of counter to null (jsc#SLE-19253). - net/mlx5e: Remove redundant parse_attr arg (jsc#SLE-19253). - net/mlx5e: Remove redundant cap check for flow counter (jsc#SLE-19253). - net/mlx5e: Remove redundant filter_dev arg from parse_tc_fdb_actions() (jsc#SLE-19253). - net/mlx5e: Remove redundant tc act includes (jsc#SLE-19253). - net/mlx5: Embed mlx5_ttc_table (jsc#SLE-19253). - net/mlx5: Move TTC logic to fs_ttc (jsc#SLE-19253). - net/mlx5e: Decouple TTC logic from mlx5e (jsc#SLE-19253). - net/mlx5e: Rename some related TTC args and functions (jsc#SLE-19253). - net/mlx5e: Rename traffic type enums (jsc#SLE-19253). - net/mlx5e: Allocate the array of channels according to the real max_nch (jsc#SLE-19253). - net/mlx5e: Hide all implementation details of mlx5e_rx_res (jsc#SLE-19253). - net/mlx5e: Introduce mlx5e_channels API to get RQNs (jsc#SLE-19253). - net/mlx5e: Use a new initializer to build uniform indir table (jsc#SLE-19253). - net/mlx4: make the array states static const, makes object smaller (jsc#SLE-19256). - qede: Remove the qede module version (jsc#SLE-19001). - qed: Remove the qed module version (jsc#SLE-19001). - net/mlx5: Don't rely on always true registered field (jsc#SLE-19253). - ionic: add function tag to debug string (jsc#SLE-19282). - ionic: enable rxhash only with multiple queues (jsc#SLE-19282). - ionic: block some ethtool operations when fw in reset (jsc#SLE-19282). - ionic: remove unneeded comp union fields (jsc#SLE-19282). - ionic: increment num-vfs before configure (jsc#SLE-19282). - ionic: use fewer inits on the buf_info struct (jsc#SLE-19282). - ionic: init reconfig err to 0 (jsc#SLE-19282). - ionic: print firmware version on identify (jsc#SLE-19282). - ionic: monitor fw status generation (jsc#SLE-19282). - ionic: minimize resources when under kdump (jsc#SLE-19282). - net: qed: remove unneeded return variables (jsc#SLE-19001). - net/mlx5e: Use the new TIR API for kTLS (jsc#SLE-19253). - net/mlx5e: Move management of indir traffic types to rx_res (jsc#SLE-19253). - net/mlx5e: Convert TIR to a dedicated object (jsc#SLE-19253). - net/mlx5e: Create struct mlx5e_rss_params_hash (jsc#SLE-19253). - net/mlx5e: Remove mdev from mlx5e_build_indir_tir_ctx_common() (jsc#SLE-19253). - net/mlx5e: Remove lro_param from mlx5e_build_indir_tir_ctx_common() (jsc#SLE-19253). - net/mlx5e: Remove mlx5e_priv usage from mlx5e_build_*tir_ctx*() (jsc#SLE-19253). - net/mlx5e: Use mlx5e_rqt_get_rqtn to access RQT hardware id (jsc#SLE-19253). - net/mlx5e: Take RQT out of TIR and group RX resources (jsc#SLE-19253). - net/mlx5e: Move RX resources to a separate struct (jsc#SLE-19253). - net/mlx5e: Move mlx5e_build_rss_params() call to init_rx (jsc#SLE-19253). - net/mlx5e: Convert RQT to a dedicated object (jsc#SLE-19253). - net/mlx5e: Check if inner FT is supported outside of create/destroy functions (jsc#SLE-19253). - net/mlx5: Take TIR destruction out of the TIR list lock (jsc#SLE-19253). - net: hns3: add devlink reload support for VF (bsc#1190336). - net: hns3: add devlink reload support for PF (bsc#1190336). - net: hns3: add support for devlink get info for VF (bsc#1190336). - net: hns3: add support for devlink get info for PF (bsc#1190336). - net: hns3: add support for registering devlink for VF (bsc#1190336). - net: hns3: add support for registering devlink for PF (bsc#1190336). - ionic: drop useless check of PCI driver data validity (jsc#SLE-19282). - i40e: add support for PTP external synchronization clock (jsc#SLE-18378). - igc: Increase timeout value for Speed 100/1000/2500 (jsc#SLE-18377). - igc: Set QBVCYCLET_S to 0 for TSN Basic Scheduling (jsc#SLE-18377). - igc: Remove phy->type checking (jsc#SLE-18377). - igc: Remove _I_PHY_ID checking (jsc#SLE-18377). - igc: Check if num of q_vectors is smaller than max before array access (jsc#SLE-18377). - iavf: fix locking of critical sections (jsc#SLE-18385). - iavf: do not override the adapter state in the watchdog task (jsc#SLE-18385). - igc: Make flex filter more flexible (jsc#SLE-18377). - igc: Allow for Flex Filters to be installed (jsc#SLE-18377). - igc: Integrate flex filter into ethtool ops (jsc#SLE-18377). - igc: Add possibility to add flex filter (jsc#SLE-18377). - commit 965eeec - usb: mtu3: return successful suspend status (git-fixes). - commit dda04d7 - perf tools: Fix hybrid config terms list corruption (git-fixes). - commit f3f3684 - perf symbol: Look for ImageBase in PE file to compute .text offset (git-fixes). - commit 5059767 - perf test: Fix bpf test sample mismatch reporting (git-fixes). - commit 7313cb0 - perf bench inject-buildid: Handle writen() errors (git-fixes). - commit 2106974 - perf unwind: Do not overwrite FEATURE_CHECK_LDFLAGS-libunwind-{x86,aarch64} (git-fixes). - commit bd9b092 - perf config: Fix caching and memory leak in perf_home_perfconfig() (git-fixes). - commit deeda41 - perf script: Fix --list-dlfilters documentation (git-fixes). - commit 96f4c7b - x86/pat: Pass valid address to sanitize_phys() (git-fixes). - commit b8bf633 - x86/uaccess: Fix 32-bit __get_user_asm_u64() when CC_HAS_ASM_GOTO_OUTPUT=y (git-fixes). - commit 2c793c4 - arm64: pmu: update config for CCI and CCN drivers References: bsc#1191026 - commit 8a848d9 - iwlwifi: pnvm: Fix a memory leak in 'iwl_pnvm_get_from_fs()' (git-fixes). - commit 6af3083 - iwlwifi: move get pnvm file name to a separate function (git-fixes). - commit 9e06ce6 - arm64: pmu: enable support for cmn-600 driver References: jsc#SLE-19035 - commit f95bbc2 - platform/x86: dell: fix DELL_WMI_PRIVACY dependencies & build error (git-fixes). - commit e623b17 - usb: gadget: u_audio: add bi-directional volume and mute support (git-fixes). - commit f29fe94 - arm64: tegra: enable quad spi controller driver References: jsc#SLE-20497 - commit 8fbdd0b - arm64: tegra194: p2888: Correct interrupt trigger type of temperature sensor (jsc#SLE-20498). - arm64: tegra: Fix Tegra194 PCIe EP compatible string (jsc#SLE-20498). - commit 0b16cd5 - usb: audio-v2: add ability to define feature unit descriptor (git-fixes). - commit 468bd08 - arm64: tegra: Add missing interconnects property for USB on Tegra186 (jsc#SLE-20498). - arm64: tegra: Add PWM nodes on Tegra186 (jsc#SLE-20498). - commit c75528c ++++ libcap: - update to 2.59: * Fixed a potential libcap memory leak by adding a destructor * Major improvement is that there is a path for Linux-PAM compliant applications to support setting Ambient vector Capabilities via pam_cap.so now * Added libcap cap_proc_root() API function * Added color support to captree * Fixed contrib/sucap/su to correctly handle the Inheritable flag * capsh enhancements * getcap -r / now generates readable output * The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now runnable as standalone binaries * The module pam_cap.so now contains support for a default= module argument * Enhanced capsh --suggest to also compare against the capability value names and not just their descriptions * Added capsh --current support * Added a contrib/sucap/su.c pure-capabilities PAM implementation of su * Fix for a corner case infinite loop handling long strings * Added libcap cap_iab_compare() and cap_iab_get_pid() APIs * Added a Go utility, captree, to display the process (and thread) graph along with the POSIX.1e and IAB capabilities of each PID{TID} tree. ++++ lvm2: - vgextend crash when extending VG with missing PV (bsc#1191019) + bug-1191019_vgextend-check-missing-device-during-block-size-chec.patch ++++ libpwquality: - Use %_pam_moduledir instead of hardcoding %{_lib}/security (boo#1191042). ++++ selinux-policy: - Fix auditd service start with systemd hardening directives (boo#1190918) * add fix_auditd.patch ++++ u-boot-rpiarm64: - Update to 2021.10-rc5 - Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10 * Patches dropped (upstreamed): 0013-configs-rpi-Enable-SMBIOS-sysinfo-d.patch - Add hack to allow enabling CONFIG_CMD_BTRFS on riscv64 ------------------------------------------------------------------ ------------------ 2021-9-27 - Sep 27 2021 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - Deleted upstreamed patches for upgrade: - fate#325871 * 0001-btrfs-progs-Add-support-for-metadata_uuid-field.patch * 0002-btrfs-progs-btrfstune-Add-support-for-changing-the-u.patch * 0003-btrfs-progs-Remove-fsid-metdata_uuid-fields-from-fs_.patch * 0004-btrfs-progs-Remove-btrfs_fs_info-new_fsid.patch * 0005-btrfs-progs-Directly-pass-root-to-change_devices_uui.patch - btrfs-progs: check: fixup_extent_flags needs to deal with non-skinny metadata (bsc#1131334). * btrfs-progs-check-fixup_extent_flags-needs-to-deal-with-non-skinny-metadata.patch - btrfs-progs: check: fix segfault with -Q (bsc#1158560) * btrfs-progs-check-initialize-qgroup_item_count-in-ea.patch - Enqueue feature to wait for exclusive operation to finish (JSC#SLE-15234) * 0001-btrfs-progs-add-get_fsid_fd-for-getting-fsid-using-f.patch * 0002-btrfs-progs-add-sysfs-file-reading-helpers.patch * 0003-btrfs-progs-add-helpers-for-parsing-filesystem-exclu.patch * 0004-btrfs-progs-check-for-exclusive-operation-before-iss.patch * 0005-btrfs-progs-add-helper-to-check-or-wait-for-exclusiv.patch * 0006-btrfs-progs-add-enqueue-parameter-for-exclusive-ops.patch - Correct check_running_fs_exclop() return value (bsc#1184481) * btrfs-progs-Correct-check_running_fs_exclop-return-v.patch ++++ keepalived: - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_keepalived.service.patch ++++ kernel-default: - USB: serial: cp210x: fix dropped characters with CP2102 (git-fixes). - commit 2dc5263 - USB: serial: cp210x: determine fw version for CP2105 and CP2108 (git-fixes). - commit 8e35b9a - USB: serial: cp210x: clean up type detection (git-fixes). - commit a0ffe11 - USB: serial: cp210x: clean up set-chars request (git-fixes). - commit e54e383 - USB: serial: option: remove duplicate USB device ID (git-fixes). - commit b897cec - USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes). - commit 29113f1 - usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes). - commit 6145880 - usb: gadget: f_uac2: Populate SS descriptors' wBytesPerInterval (git-fixes). - commit a48db15 - usb: gadget: f_uac2: Add missing companion descriptor for feedback EP (git-fixes). - commit fc73a75 - usb: gadget: f_uac2: remove redundant assignments to pointer i_feature (git-fixes). - commit 95d4917 - usb: gadget: f_uac2: add volume and mute support (git-fixes). - commit 88a1f08 - usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes). - commit e2b14cb - usb: dwc3: core: balance phy init and exit (git-fixes). - commit 0faa08d - Revert "USB: bcma: Add a check for devm_gpiod_get" (git-fixes). - commit 631e099 - erofs: fix up erofs_lookup tracepoint (git-fixes). - commit 7b14405 - arm64: tegra: Update HDA card name on Jetson TX2 NX (jsc#SLE-20498). - arm64: tegra: Audio graph sound card for Jetson TX2 NX (jsc#SLE-20498). - ASoC: Fix warning related to 'sound-name-prefix' binding (jsc#SLE-20498). - ASoC: tegra: Add Tegra210 based Mixer driver (jsc#SLE-20498). - ASoC: tegra: Add Tegra210 based ADX driver (jsc#SLE-20498). - ASoC: tegra: Add Tegra210 based AMX driver (jsc#SLE-20498). - ASoC: tegra: Add Tegra210 based SFC driver (jsc#SLE-20498). - ASoC: tegra: Add Tegra210 based MVC driver (jsc#SLE-20498). - ASoC: tegra: Add routes for few AHUB modules (jsc#SLE-20498). - ASoC: dt-bindings: tegra: Few more Tegra210 AHUB modules (jsc#SLE-20498). - ASoC: audio-graph: Fixup CPU endpoint hw_params in a BE<->BE link (jsc#SLE-20498). - ASoC: simple-card-utils: Increase maximum DAI links limit to 512 (jsc#SLE-20498). - ASoC: soc-pcm: Don't reconnect an already active BE (jsc#SLE-20498). - ASoC: Remove name-prefix.txt (jsc#SLE-20498). - ASoC: Use schema reference for sound-name-prefix (jsc#SLE-20498). - ASoC: Add json-schema documentation for sound-name-prefix (jsc#SLE-20498). - ASoC: audio-graph: respawn Platform Support (jsc#SLE-20498). - arm64: tegra: Add NVIDIA Jetson TX2 NX Developer Kit support (jsc#SLE-20498). - commit 927034b - tracing/boot: Fix to loop on only subkeys (git-fixes). - commit 33a4689 - tracing/osnoise: Fix missed cpus_read_unlock() in start_per_cpu_kthreads() (git-fixes). - commit 357291e - arm64: tegra: enable audio support References: jsc#SLE-20498 - commit fdd0448 - cpufreq: intel_pstate: Revert upstream default governor selection for no-HWP, use "powersave" (bsc#1190923). - commit c8873b1 - EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1190497). - commit e8257df - USB: cdc-acm: fix minor-number release (git-fixes). - commit 478fffd - usb: cdns3: fix race condition before setting doorbell (git-fixes). - commit 11af174 - usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes). - commit 8f7d7ce - supported.conf: mark 'xxhash_generic' as supported (jsc#SLE-21213) The tcrypt.ko inserted as part of the FIPS boot-time testing now has a test for "xxhash64" and failing ->fips_allowed tests cause a kernel panic in FIPS mode. Make the xxhash_genric implementation universally available by marking it as supported. - commit 00fcd27 - EDAC/dmc520: Assign the proper type to dimm->edac_mode (bsc#1190497). - commit 27f4b5e - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - commit 6c24533 - pci: mobiveil: drop support for lx2160 rev1 References: jsc#SLE-17153 - Delete patches.suse/PCI-mobiveil-ls_pcie_g4-add-Workaround-for-A-011451.patch. - Delete patches.suse/PCI-mobiveil-ls_pcie_g4-add-Workaround-for-A-011577.patch. - Delete patches.suse/PCI-mobiveil-ls_pcie_g4-fix-SError-when-accessing-co.patch. - Delete patches.suse/revert-PCI-mobiveil-Remove-unused-readl-and-writel-functions.patch. - commit 04af26e - rpm/modules.fips: cleanup and update (jsc#SLE-21213,bsc#1191269) rpm/modules.fips serves as a basis for dracut's /etc/fipsmodules stored in initrds. The dracut FIPS handling code loads all the kernel modules from that list and runs a tcrypt afterwards. Update rpm/modules.fips: - Remove all crypto modules not registering any ->fips_allowed algorithm. The resp. algorithm implementations won't ever reach the CRYPTO_ALG_TESTED state in FIPS mode anyway and thus, won't be accesible. There's no point in loading the modules at boot. - Add all enabled kernel modules providing implementations of - >fips_allowed algorithms tuned for a specific CPU extension (neon, avx, etc) or instruction set. Note that in "normal" operation, i.e. without that explicit kernel module insertion as done by the dracut fips module, the kernel's crypto API would issue a request_module("crypto-") upon encountering a request for some crypto algorithm it hasn't got any implementation registered for yet. This would load *all* kernel modules providing a matching implementation and the one with the highest priority would henceforth serve all requests. Now, if we were to explicitly load only the resp. generic implementations at boot, the kernel would always find a suitable match and never issue such a request_module(). Thus, add all tuned implementations to modules.fips so that they are all being made available at boot. - Consistently list all enabled modules providing implementations of - >fips_allowed algorithms, independent of whether the corresponding Kconfig symbol is set to =y or =m. - Add the core cryptomgr, cryptd, crypto_simd, crypto_user and tcrypt kernel modules. The former three should not be needed, but are still being kept on the list for completeness and consistency. - cryptomgr is built-in. - cryptd as well as crypto_simd don't register any algorithms by themselves, but provide some common functionality to the other modules. These should get added to the initrd images as needed via kernel module dependencies already. - crypto_user is needed as a dependency of the libkcapi based fipscheck/sha512mac utility invoked at boot for kernel integrity verification. List it in modules.fips so that it will get included in the generated initrds. - List the required tcrypt kernel module so that dracut will add it to the generated initrds. The rationale for including e.g. compression algorithms or non-cryptographic hashes with associated ->fips_allowed tests to the list is that 1.) Some of them are required by tcrypt such as crc32, crc32c, xxhash64, deflate, lzo etc.. If not available, the system will panic. 2.) In FIPS mode any failing ->fips_allowed test will panic the system. Insmodding those modules early at boot will avoid surprises later on. - commit 8b85943 ++++ libdrm: - covers jira#SLE/SLE-18743 ++++ libepoxy: - needed for jira#SLE/SLE-19965, jira#SLE/SLE-19964, jira#SLE/SLE-18653 ++++ Mesa: - covers jira#SLE/SLE-18743 ++++ libglvnd: - covers jira#SLE/SLE-18743 ------------------------------------------------------------------ ------------------ 2021-9-26 - Sep 26 2021 ------------------- ------------------------------------------------------------------ ++++ librsvg: - Disable testsuite run on ix86 and arm. ++++ hivex: - move all ocaml libraries to devel package to align with our OCaml packaging ------------------------------------------------------------------ ------------------ 2021-9-25 - Sep 25 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - rpm/config.sh: Compress modules with zstd (jsc#SLE-21256). https://github.com/openSUSE/installation-images/issues/537 - rpm/config.sh: Compress modules with zstd (jsc#SLE-21256). - commit 33519d9 ++++ libsolv: - fix misparsing of '&' in attributes with libxml2 - choice rules: treat orphaned packages as newest [bsc#1190465] - fix compatibility with Python 3.10 - new SOLVER_EXCLUDEFROMWEAK job type - support for environments in comps parser - bump version to 0.7.20 ------------------------------------------------------------------ ------------------ 2021-9-24 - Sep 24 2021 ------------------- ------------------------------------------------------------------ ++++ ca-certificates-mozilla: - remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021. (bsc#1190858) ++++ conmon: - Update to version 2.0.30: * Remove unreachable code path * exit: report if the exit command was killed * exit: fix race zombie reaper * conn_sock: allow watchdog messages through the notify socket proxy * seccomp: add support for seccomp notify ++++ crypto-policies: - Remove the scripts and documentation regarding fips-finish-install and test-fips-setup * Add crypto-policies-FIPS.patch - Update to version 20210917.c9d86d1: * openssl: fix disabling ChaCha20 * pacify pylint 2.11: use format strings * pacify pylint 2.11: specify explicit encoding * fix minor things found by new pylint * update-crypto-policies: --check against regenerated * update-crypto-policies: fix --check's walking order * policygenerators/gnutls: revert disabling DTLS0.9... * policygenerators/java: add javasystem backend * LEGACY: bump 1023 key size to 1024 * cryptopolicies: fix 'and' in deprecation warnings * *ssh: condition ecdh-sha2-nistp384 on SECP384R1 * nss: hopefully the last fix for nss sigalgs check * cryptopolicies: Python 3.10 compatibility * nss: postponing check + testing at least something * Rename 'policy modules' to 'subpolicies' * validation.rules: fix a missing word in error * cryptopolicies: raise errors right after warnings * update-crypto-policies: capitalize warnings * cryptopolicies: syntax-precheck scope errors * .gitlab-ci.yml, Makefile: enable codespell * all: fix several typos * docs: don't leave zero TLS/DTLS protocols on * openssl: separate TLS/DTLS MinProtocol/MaxProtocol * alg_lists: order protocols new-to-old for consistency * alg_lists: max_{d,}tls_version * update-crypto-policies: fix pregenerated + local.d * openssh: allow validation with pre-8.5 * .gitlab-ci.yml: run commit-range against upstream * openssh: Use the new name for PubkeyAcceptedKeyTypes * sha1_in_dnssec: deprecate * .gitlab-ci.yml: test commit ranges * FIPS:OSPP: sign = -*-SHA2-224 * scoped policies: documentation update * scoped policies: use new features to the fullest... * scoped policies: rewrite + minimal policy changes * scoped policies: rewrite preparations * nss: postponing the version check again, to 3.64 - Remove patches fixed upstream: crypto-policies-typos.patch - Rebase: crypto-policies-test_supported_modules_only.patch - Merge crypto-policies-asciidoc.patch into crypto-policies-no-build-manpages.patch ++++ kernel-default: - locking/rwbase: Take care of ordering guarantee for fastpath reader (bsc#1190137 bsc#1189998). - locking/rwbase: Extract __rwbase_write_trylock() (bsc#1190137 bsc#1189998). - locking/rwbase: Properly match set_and_save_state() to restore_state() (bsc#1190137 bsc#1189998). - commit ac55e1c - Restore missing CVE/bsc references from SLE15-SP3, that have already been fixed with the v5.14 kernel. (bsc#1190412, bsc#1181006, bsc#1135481, bsc#1171420, CVE-2020-12770, bsc#1188983, bsc#1188985, CVE-2021-34556, CVE-2021-35477, bsc#1189872, bsc#1190181, bsc#1190131, bsc#1190117, CVE-2021-38160, bsc#1188616, bsc#1189760, bsc#1187211, bsc#1187619, bsc#1189870, bsc#1189762, bsc#1175543, bsc#1188412, bsc#1188700, bsc#1135481). - commit 24dfde2 ++++ kmod: - Enable ZSTD on 15.4 (jsc#SLE-21256). ++++ systemd: - Enable support for Portable Services (jsc#SLE-21695) Will be released in Leap only. ------------------------------------------------------------------ ------------------ 2021-9-23 - Sep 23 2021 ------------------- ------------------------------------------------------------------ ++++ curl: - Update to 7.79.1 in SLE-15-SP4 [jsc#SLE-21047] * Deleted patches fixed in the update: curl-CVE-2020-8284.patch curl-CVE-2020-8285.patch curl-CVE-2020-8286.patch curl-CVE-2020-8231.patch curl-CVE-2020-8177.patch curl-CVE-2020-8169.patch curl-CVE-2021-22947.patch curl-CVE-2021-22946.patch curl-CVE-2021-22898.patch curl-CVE-2021-22924.patch curl-CVE-2021-22925.patch curl-CVE-2021-22876.patch curl-CVE-2021-22890.patch curl-X509_V_FLAG_PARTIAL_CHAIN.patch * Rebased patches: curl-disabled-redirect-protocol-message.patch curl-secure-getenv.patch libcurl-ocloexec.patch ++++ dnsmasq: - jsc#SLE-17936: Sync this state from Factory to SLE-15-SP1. - SLE bugs that got fixed upstream between 2.79 and 2.86, but for which we need to keep references when syncing: * bsc#1176076: dnsmasq-servfail.patch * bsc#1156543: dnsmasq-siocgstamp.patch * bsc#1138743: dnsmasq-cache-size.patch * bsc#1076958: CVE-2017-15107, dnsmasq-CVE-2017-15107.patch * bsc#1180914: Open inotify socket only when used. * removed dnsmasq-dnspooq.patch - bsc#1173646, CVE-2020-14312: Set --local-service by default. ++++ transactional-update: - Version 3.5.6 - tukit: Add S/390 bootloader support [bsc#1189807] - t-u: support purge-kernels with t-u patch [bsc#1190788] ++++ kernel-default: - pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523). - commit 74fb457 - powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498). - commit ab4abcd - blacklist.conf: Append 'drm/amdgpu: Drop inline from amdgpu_ras_eeprom_max_record_count' - commit 9136740 - drm/amd/display: Fix white screen page fault for gpuvm (bsc#1190786) - commit 5a5310f - drm/amdgpu: fix use after free during BO move (bsc#1190786) - commit 00873de - drm/i915/guc: drop guc_communication_enabled (bsc#1190497) - commit 0276532 - Update "drm/i915/dp: Use max params for panels < eDP 1.4" for mainline - commit fc431a0 - drm/i915/dp: return proper DPRX link training result (bsc#1190497) - commit 481953b - drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume __maybe_unused (bsc#1190497) - commit 60860cd - blacklist.conf: Append 'drm/amd/display: Use DCN30 watermark calc for DCN301' - commit 16c2f09 - blacklist.conf: Append 'Revert "drm/amd/pm: fix workload mismatch on vega10"' - commit f2c08b6 - blacklist.conf: Append 'drm/amdgpu: handle VCN instances when harvesting (v2)' - commit 810d2a0 - blacklist.conf: Append 'drm/msm/dp: use dp_ctrl_off_link_stream during PHY compliance test run' - commit 35e02ff - blacklist.conf: Append 'drm/i915: Correct SFC_DONE register offset' - commit ae4ac24 - blacklist.conf: Append 'drm/i915/display: split DISPLAY_VER 9 and 10 in intel_setup_outputs()' - commit 622cb45 - blacklist.conf: Append 'drm/i915: fix not reading DSC disable fuse in GLK' - commit 58119c7 - blacklist.conf: Append 'drm/i915/bios: Fix ports mask' - commit 7b529fa - blacklist.conf: Append 'drm/i915: Call i915_globals_exit() if pci_register_device() fails' - commit 72f2dda - blacklist.conf: Append 'Revert "drm/i915: Propagate errors on awaiting already signaled fences"' - commit 4a3ec7f - blacklist.conf: Append 'drm/i915: Revert "drm/i915/gem: Asynchronous cmdparser"' - commit 665dea6 - blacklist.conf: Append 'drm/i915/gtt: drop the page table optimisation' - commit f86a67e - blacklist.conf: Append 'drm/i915/gt: Fix -EDEADLK handling regression' - commit c481288 - blacklist.conf: Append 'drm/i915: Reinstate the mmap ioctl for some platforms' - commit d268fa0 - blacklist.conf: Append 'drm/i915/selftests: Reorder tasklet_disable vs local_bh_disable' - commit 45e22b5 - blacklist.conf: Append 'drm/amd/pm: Fix a memory leak in an error handling path in 'vangogh_tables_init()'' - commit 397440b - blacklist.conf: Append 'drm/amdgpu: fix checking pmops when PM_SLEEP is not enabled' - commit cb9f3d9 - drm/bridge: ti-sn65dsi86: Add some 100 us delays (bsc#1190786) Backporting changes: * context changes - commit 2694241 - blacklist.conf: Append 'drm/amd/display: Fix 10bit 4K display on CIK GPUs' - commit bba53d5 - blacklist.conf: Append 'drm/amdkfd: Allow CPU access for all VRAM BOs' - commit 7b697e2 - blacklist.conf: Append 'drm/amdgpu: Return error if no RAS' - commit 5b9cb39 - drm/amdgpu: add license to umc_8_7_0_sh_mask.h (bsc#1190497) Backporting changes: * context changes - commit d555363 - blacklist.conf: Append 'drm/radeon: Fix NULL dereference when updating memory stats' - commit 8525d78 - blacklist.conf: Append 'drm/amdgpu: fix amdgpu_preempt_mgr_new()' - commit eb8e3ce ++++ python3-core: - Make python36 primary interpreter on SLE-15 - Make build working even on older SLEs. ++++ libvirt: - spec: Fix hangs during package update bsc#1177902, bsc#1190693 - spec: Don't add --timeout arg to /etc/sysconfig/libvirtd when running in traditional mode without socket activation bsc#1190695 ++++ python3: - Make python36 primary interpreter on SLE-15 - Make build working even on older SLEs. ++++ samba: - Add missing build dependency on bison when building with the embedded Heimdal Kerberos ------------------------------------------------------------------ ------------------ 2021-9-22 - Sep 22 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.32.12: + Fix wrong order of addresses when restarting NetworkManager. + Preserve the IPv6 ff00::/8 route added by kernel in the local table, necessary for multicast communication. + Fix emitting the signal for changed metered status of devices. + Fix applying the ethtool autonegotiation and speed settings. + initrd: fix crash parsing plain '=' without key. + cloud-setup: use suppress_prefixlength rule to honor non-default-routes in the main table. - Drop nm-add-CAP_CHOWN-capability.patch: This solution was denied by upstream maintainers. ++++ curl: - Update to 7.79.1: * Bugfixes: - Curl_http2_setup: don't change connection data on repeat invokes - curl_multi_fdset: make FD_SET() not operate on sockets out of range - dist: provide lib/.checksrc in the tarball - FAQ: add GOPHERS + curl works on data, not files - hsts: CURLSTS_FAIL from hsts read callback should fail transfer - hsts: handle unlimited expiry - http: fix the broken >3 digit response code detection - strerror: use sys_errlist instead of strerror on Windows - test1184: disable: https://github.com/curl/curl/issues/7725 - tests/sshserver.pl: make it work with openssh-8.7p1 ++++ grub2: - Improve support for SLE Micro 5.1 on s390x. (bsc#1190395) * amend grub2-s390x-04-grub2-install.patch * refresh grub2-s390x-11-secureboot.patch ++++ iputils: - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_rdisc.service.patch ++++ kernel-default: - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ("rpm: Abolish scritplet templating (bsc#1189841).") - commit e082fbf - usb: mtu3: support suspend/resume for dual-role mode (git-fixes). - commit b1108c1 - usb: common: add helper to get role-switch-default-mode (git-fixes). - commit 58fa9a8 - blacklist.conf: Append 'drm/vmwgfx: Fix a bad merge in otable batch takedown' - commit 35d7947 - blacklist.conf: Append 'drm/vmwgfx: Fix a 64bit regression on svga3' - commit abdbf03 - blacklist.conf: Append 'drm/vmwgfx: Fix implicit declaration error' - commit dc9101c - blacklist.conf: Append 'drm/i915/display/dg1: Correctly map DPLLs during state readout' - commit 78f38ca - blacklist.conf: Append 'drm/i915/dsc: abstract helpers to get bigjoiner primary/secondary crtc' - commit ce4db17 - blacklist.conf: Append 'drm/i915/display: Do not zero past infoframes.vsc' - commit e28310d - PCI/VPD: Treat initial 0xff as missing EEPROM (jsc#SLE-19358). - commit a01d2f0 - net: mana: Prefer struct_size over open coded arithmetic (git-fixes). - x86/hyperv: remove on-stack cpumask from hv_send_ipi_mask_allbutself (git-fixes). - asm-generic/hyperv: provide cpumask_to_vpset_noself (git-fixes). - Drivers: hv: vmbus: Fix kernel crash upon unbinding a device from uio_hv_generic driver (git-fixes). - commit 57a85dd - PCI/VPD: Check Resource Item Names against those valid for type (jsc#SLE-19358). - commit db901ad - PCI/VPD: Correct diagnostic for VPD read failure (jsc#SLE-19358). - commit 91d294d - scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576). - scsi: lpfc: Use correct scnprintf() limit (bsc#1190576). - scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576). - scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576). - scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576). - scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576). - scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576). - scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576). - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576). - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576). - scsi: lpfc: Don't remove ndlp on PRLI errors in P2P mode (bsc#1190576). - scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576). - scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576). - scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576). - scsi: lpfc: Don't release final kref on Fport node while ABTS outstanding (bsc#1190576). - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576). - scsi: lpfc: Remove unneeded variable (bsc#1190576). - scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576). - scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576). - commit 439786d - PCI: Correct the pci_iomap.h header guard #endif comment (git-fixes). - commit df53f34 - usb: mtu3: fix random remote wakeup (git-fixes). - commit d8913af - usb: mtu3: support suspend/resume for device mode (git-fixes). - commit 30e43b1 - usb: mtu3: support property role-switch-default-mode (git-fixes). - commit d01a5c9 - usb: mtu3: add new helpers for host suspend/resume (git-fixes). - commit f78b62b - usb: mtu3: support option to disable usb2 ports (git-fixes). - commit 449cb7e - usb: mtu3: add helper to power on/down device (git-fixes). - commit c761898 - usb: mtu3: support runtime PM for host mode (git-fixes). - commit 856e4b0 - docs: Fix infiniband uverbs minor number (git-fixes). - commit f82742c - ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943). - ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943). - ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943). - ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943). - ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943). - commit 5ff0106 ++++ systemd: - Import commit 48cec2f159dd8fd15d0baf9a1ffe2d762ecf769c 8d65ec4a66 test: wc is needed by test/units/testsuite-50.sh 1527bcc5dd test: make the installation of the debug tools optional in the image f4e6bf0b37 journalctl: never fail at flushing when the flushed flag is set (bsc#1188588) 3b1aa2f79f manager: reexecute on SIGRTMIN+25, user instances only fd46c81922 test: make sure to include all haveged unit files - Update the dependencies of the testsuite package The debug tools are optional thus no more required. OTOH strip(1) is needed when building the test image and nc(1) is needed by some tests. ++++ openssl: - Update to 1.1.1l release for SLE-15-SP4 ++++ sudo: - update to 1.9.8p2 * Fixed a potential out-of-bounds read with "sudo -i" when the target user's shell is bash. This is a regression introduced in sudo 1.9.8. Bug #998. * sudo_logsrvd now only sends a log ID for first command of a session. There is no need to send the log ID for each sub-command. * Fixed a few minor memory leaks in intercept mode. * Fixed a problem with sudo_logsrvd in relay mode if "store_first" was enabled when handling sub-commands. A new zero-length journal file was created for each sub-command instead of simply using the existing journal file. - update to 1.9.8p1 * Fixed support for passing a prompt (sudo -p) or a login class (sudo -l) on the command line. This is a regression introduced in sudo 1.9.8. Bug #993. * Fixed a crash with "sudo ALL" rules in the LDAP and SSSD back-ends. This is a regression introduced in sudo 1.9.8. Bug #994. * Fixed a compilation error when the --enable-static-sudoers configure option was specified. This is a regression introduced in sudo 1.9.8 caused by a symbol clash with the intercept and log server protobuf functions. * It is now possible to transparently intercepting sub-commands executed by the original command run via sudo. Intercept support is implemented using LD_PRELOAD (or the equivalent supported by the system) and so has some limitations. The two main limitations are that only dynamic executables are supported and only the execl, execle, execlp, execv, execve, execvp, and execvpe library functions are currently intercepted. Its main use case is to support restricting privileged shells run via sudo. To support this, there is a new "intercept" Defaults setting and an INTERCEPT command tag that can be used in sudoers. For example: Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh Defaults!SHELLS intercept would cause sudo to run the listed shells in intercept mode. This can also be set on a per-rule basis. For example: Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh chuck ALL = INTERCEPT: SHELLS would only apply intercept mode to user "chuck" when running one of the listed shells. In intercept mode, sudo will not prompt for a password before running a sub-command and will not allow a set-user-ID or set-group-ID program to be run by default. The new intercept_authenticate and intercept_allow_setid sudoers settings can be used to change this behavior. * The new "log_subcmds" sudoers setting can be used to log additional commands run in a privileged shell. It uses the same mechanism as the intercept support described above and has the same limitations. * The new "log_exit_status" sudoers setting can be used to log the exit status commands run via sudo. This is also a corresponding "log_exit" setting in the sudo_logsrvd.conf eventlog stanza. * Support for logging sudo_logsrvd errors via syslog or to a file. Previously, most sudo_logsrvd errors were only visible in the debug log. * Better diagnostics when there is a TLS certificate validation error. * Using the "+=" or "-=" operators in a Defaults setting that takes a string, not a list, now produces a warning from sudo and a syntax error from inside visudo. * Fixed a bug where the "iolog_mode" setting in sudoers and sudo_logsrvd had no effect when creating I/O log parent directories if the I/O log file name ended with the string "XXXXXX". * Fixed a bug in the sudoers custom prompt code where the size parameter that was passed to the strlcpy() function was incorrect. No overflow was possible since the correct amount of memory was already pre-allocated. * The mksigname and mksiglist helper programs are now built with the host compiler, not the target compiler, when cross-compiling. Bug #989. * Fixed compilation error when the --enable-static-sudoers configure option was specified. This was due to a typo introduced in sudo 1.9.7. GitHub PR #113. - pack /usr/libexec/sudo/sudo/sudo_intercept.so ------------------------------------------------------------------ ------------------ 2021-9-21 - Sep 21 2021 ------------------- ------------------------------------------------------------------ ++++ jitterentropy: - add a userspace jitter entropy generator library ++++ kernel-default: - blacklist.conf: a47f6a5806da drm/amdgpu: Fix build with missing pm_suspend_target_state module export - commit c31b76d - vmxnet3: update to version 6 (bsc#1190406). - commit 12c934a - vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406). - commit 41711f1 - vmxnet3: set correct hash type based on rss information (bsc#1190406). - commit 50ba224 - x86/mce: Avoid infinite loop for copy from user recovery (bsc#1190497). - commit dad2a98 - vmxnet3: add support for ESP IPv6 RSS (bsc#1190406). - commit bfd5a34 - vmxnet3: remove power of 2 limitation on the queues (bsc#1190406). - commit c70fd90 - vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406). - commit b67474b - vmxnet3: prepare for version 6 changes (bsc#1190406). - commit 9afdd26 ++++ multipath-tools: - Add a versioned dependency of multipath-tools on libmpath0 (bsc#1190622) ++++ Mesa: - update to 21.2.2 * second bugfix release: a ton of work went into panfrost, getting it closer to being conformant (it is conformant on 21.3!); fixes for ir3, croccus, nir, utils, llvmpipe, gallivm, zink, glsl, v3d, vc4, intel, mesa, aco, iris, radv, and even osmesa. ++++ libgcrypt: - FIPS: Provide a module name/identifier and version that can be mapped to the validation records. [bsc#1190706] * Add libgcrypt-FIPS-module-version.patch * Upstream task: https://dev.gnupg.org/T5600 - FIPS: Enable hardware support also in FIPS mode [bsc#1187110] * Add libgcrypt-FIPS-hw-optimizations.patch * Upstream task: https://dev.gnupg.org/T5508 ------------------------------------------------------------------ ------------------ 2021-9-20 - Sep 20 2021 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Fix hardened auditd.service (bsc#1181400) * add fix-hardened-service.patch Make /etc/audit read-write from the service. Remove PrivateDevices=true to expose /dev/* to auditd.service. - Enable stop rules for audit.service (cf. bsc#1190227) * add enable-stop-rules.patch ++++ docker: - Add patch to return ENOSYS for clone3 to avoid breaking glibc again. bsc#1190670 + 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch ++++ kernel-default: - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - commit b81363d - scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576). - scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576). - scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576). - scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576). - scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576). - scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576). - scsi: lpfc: Add rx monitoring statistics (bsc#1190576). - scsi: lpfc: Add support for the CM framework (bsc#1190576). - scsi: lpfc: Add cmfsync WQE support (bsc#1190576). - scsi: lpfc: Add support for cm enablement buffer (bsc#1190576). - scsi: lpfc: Add cm statistics buffer support (bsc#1190576). - scsi: lpfc: Add EDC ELS support (bsc#1190576). - scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576). - scsi: lpfc: Add MIB feature enablement support (bsc#1190576). - scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576). - scsi: fc: Add EDC ELS definition (bsc#1190576). - scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576). - scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576). - scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576). - commit 5302a17 - Refresh patches.suse/vfs-add-super_operations-get_inode_dev (bsc#1190661). - commit df194f3 - Refresh patches.suse/cpufreq-intel_pstate-Temporarily-boost-P-state-when-.patch. - commit 47a2292 - Refresh patches.suse/cpufreq-intel_pstate-Ramp-up-frequency-faster-when-u.patch. - commit d4fd8bd - Refresh patches.suse/cpufreq-intel_pstate-Revert-upstream-changes-to-iowa.patch. - commit b054935 - drm/vc4: hdmi: Fix HPD GPIO detection (bsc#1190469). - commit b20bd6a ++++ open-lldp: - Update to version v1.1+44.0f781b4162d3: * agent: reset frame status on message delete * Avoiding null pointer dereference ++++ ceph: - Update to Version: 16.2.6.45+g8fda9838398: + rebased on top of upstream commit SHA1 dbc87327c37d0f305c2107e487cb98a072ae858b upstream 16.2.6 release https://ceph.io/releases/v16-2-6-pacific-released/ ++++ python-gobject: - Update to version 3.42.0: + meson: Bump minimum meson_version to 0.47.0. + Expose GObject.Object.run_dispose(). + docs: document Gtk.Template. + dev: Add poetry support. + meson: use main branch for glib subproject. + Fix some small memory leaks. ++++ samba: - Update to 4.15.0 * Removed SMB development dialects SMB2_22, SMB2_24 and SMB3_10 * VFS layer modernized. * Add the ability to set allow/deny lists for zone transfer clients in Bind DLZ plugin * Server multi-channel support no longer experimental * Improved command line user experience, unifying the options in different commands * Winbindd no longer scans trusted domains on startup and will use enterprise principals by default. * The net utility is now able to support the offline domain join feature * New options for 'samba-tool dns zoneoptions' for aging control and to mark old records as static or dynamic * DNS tombstones are now deleted as appropriate and use a consistent timestamp format * The 'samba-tool dns update' command validates and rejects now malformed IPv4 and IPv6 addresses * The 'samba-tool domain backup' command correctly takes out locks against concurrent modification during backup when using the LMDB backend * TruACL support has been removed * NIS support has been removed ------------------------------------------------------------------ ------------------ 2021-9-19 - Sep 19 2021 ------------------- ------------------------------------------------------------------ ++++ at-spi2-core: - Update to version 2.42.0: + Set X root property when Xwayland starts on demand. + Several dbus introspection fixes. ++++ gsettings-desktop-schemas: - Update to version 41.0: + Updated translations. ------------------------------------------------------------------ ------------------ 2021-9-18 - Sep 18 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - lessopen.sh profile: allow reading files that live on NFS over UDP (added to apparmor-lessopen-nfs-workaround.diff) (boo#1190552) ++++ libapparmor: - lessopen.sh profile: allow reading files that live on NFS over UDP (added to apparmor-lessopen-nfs-workaround.diff) (boo#1190552) ++++ harfbuzz: - harfbuzz 3.0.0: + Unicode 14.0 support + hb-subset API and harfbuzz-subset ABI now declared stable + hb-style API is now stable ------------------------------------------------------------------ ------------------ 2021-9-17 - Sep 17 2021 ------------------- ------------------------------------------------------------------ ++++ dnsmasq: - Update to 2.86: * Handle DHCPREBIND requests in the DHCPv6 server code. * Fix bug which caused dnsmasq to lose track of processes forked to handle TCP DNS connections under heavy load. * Major rewrite of the DNS server and domain handling code. This should be largely transparent, but it drastically improves performance and reduces memory foot-print when configuring large numbers of domains. * Revise resource handling for number of concurrent DNS queries. * Improve efficiency of DNSSEC. * Connection track mark based DNS query filtering. * Allow smaller than 64 prefix lengths in synth-domain, with caveats. - -synth-domain=1234:4567::/56,example.com is now valid. * Make domains generated by --synth-domain appear in replies when in authoritative mode. * Ensure CAP_NET_ADMIN capability is available when conntrack is configured. * When --dhcp-hostsfile --dhcp-optsfile and --addn-hosts are given a directory as argument, define the order in which files within that directory are read (alphabetical order of filename). ++++ transactional-update: - Version 3.5.5 - t-u: Use tukit for SUSEConnect call [bsc#1190574] Correctly registers repositories ++++ drbd-utils: - bsc#1190591, fail to start due to lack of /usr/var/run/drbd ++++ librsvg: - Update to version 2.52.0: + The biggest user-visible change is that rsvg-convert has been ported to Rust. + rsvg-convert is now aware of physical units, and fixes a bug where PDFs were created at the wrong size. + Support for Accept-Language. + rsvg-convert's default DPI is now 96, to better match W3C standards. + SVG2/CSS3 features: - Transform property from SVG2; previously librsvg only supported the transform attribute from SVG1.1, which has different syntax. - context-fill and context-stroke for and elements. - markers now support orient="auto-start-reverse". - paint-order for text elements. - "auto" values for the width and height attributes of the , , and elements. - All the types from the Filter Effects Module Level 1 specification: blur(), brightness(), contrast(), drop-shadow(), grayscale(), hue-rotate(), invert(), opacity(), sepia(), saturate(). - The filter property now supports chains of uri() filters or shortcuts. - Support CSS selectors for attribute matching, like rect[attr^="prefix"] + New APIs: See the HTML documentation for details. - Drop -lang package: there are no translations available anymore. ++++ gobject-introspection: - Update to version 1.70.0: + Update the GIR data for GLib, GObject, and GIO. ++++ glib-networking: - Update to version 2.70.0: + Updated translations. ++++ glib2: - Update to version 2.70.0: + Bug fixed: ci: Replace FreeBSD 11 with FreeBSD 13. + Updated translations. ++++ kernel-default: - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - commit bdc323e - Revert "rpm/kernel-binary.spec: Use only non-empty certificates." This reverts commit 30360abfb58aec2c9ee7b6a27edebe875c90029d. - commit 413e05b - rpm/kernel-binary.spec: Use only non-empty certificates. - commit 30360ab ++++ krb5: - Update to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. - Changes from 1.19.1 * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. - Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the "password" and "verify" options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). - Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. - Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. - Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports "service@" as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. - Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with ".rcache2" by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an "enforce_ok_as_delegate" krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ("draft 9") variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for "dns_canonicalize_hostname=fallback", causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a "qualify_shortname" krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. - Changes from 1.17.1 * Fix a bug preventing "addprinc -randkey -kvno" from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. - Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * "kdb5_util dump" will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Replace old $RPM_* shell vars - Removal of SuSEfirewall2 service since SuSEfirewall2 has been replaced by firewalld - Remove cruft to support distributions older than SLE 12 - Use macros where applicable - Switch to pkgconfig style dependencies - Use %_tmpfilesdir instead of the wrong %_libexecdir/tmpfiles.d notation: libexecdir is likely changing away from /usr/lib to /usr/libexec - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. - Removed patches: * 0007-krb5-1.12-ksu-path.patch * 0010-Add-recursion-limit-for-ASN.1-indefinite-lengths.patch * 0011-Fix-KDC-null-deref-on-bad-encrypted-challenge.patch - Renamed patches: * 0001-krb5-1.12-pam.patch => 0001-ksu-pam-integration.patch * 0003-krb5-1.12-buildconf.patch => 0003-Adjust-build-configuration.patch * 0008-krb5-1.12-selinux-label.patch => 0007-SELinux-integration.patch * 0009-krb5-1.9-debuginfo.patch => 0008-krb5-1.9-debuginfo.patch * 0012-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch => 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch ++++ libcontainers-common: - Update common to 0.44.0 0.42.3: * (*libimage.Image).HasDifferentDigest: add authentication 0.42.2: Backports for Podman 3.3.2 Fix the fallback runtime path Switch default Rootless Networking to "CNI" for OSX libimage: disk usage: catch corrupted images set GOPROXY=https://proxy.golang.org 0.44.0: Add HelperBinariesDir field to engine config Add space trimming check in sysctl.Validate Cirrus: Use fresher VM images Fix `pkg/sysctl` path typo Fix the fallback runtime path Switch default Rootless Networking to "CNI" for OSX Update pkg/sysctl/sysctl.go add some cni plugin paths build(deps): bump github.com/containers/image/v5 from 5.15.0 to 5.16.0 build(deps): bump github.com/containers/storage from 1.34.0 to 1.35.0 build(deps): bump github.com/onsi/gomega from 1.15.0 to 1.16.0 build(deps): bump github.com/opencontainers/runc from 1.0.1 to 1.0.2 build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5 docs/containers.conf.5.md: Fix manpage section fix untag + v0.43.2 libimage: disk usage: catch corrupted images libimage: relax untag by digest checks path: dest paths inside container should always be treated as *nix type remove-image: Add optional `LookupManifest` to RemoveImagesOptions. runtime: Add ReturnManifestIfPresent to LookupImageOptions runtime: Add `ManifestList` to `LookupImageOptions` seccomp: allow memfd_secret 0.43.2: * libimage: relax untag by digest checks * path: dest paths inside container should always be treated as *nix type 0.43.1: Fix spelling mistakes Fix examples in containers.conf 0.43.0: Add documentation for Containerfile and Dockerfile Remove no_libsubid flag Add machine_image to containers.conf build(deps): bump github.com/containers/storage from 1.33.1 to 1.34.0 build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.4 Add machine_image to containers.conf Switch default logdriver and eventslogger to journald, if root build(deps): bump github.com/BurntSushi/toml from 0.3.1 to 0.4.1 build(deps): bump github.com/onsi/gomega from 1.14.0 to 1.15.0 libimage: {un}tag: reject digests build(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.8+incompatible style: complete containers#556 to-do list part 4 build(deps): bump github.com/containers/image/v5 from 5.14.0 to 5.15.0 set GOPROXY=https://proxy.golang.org 0.42.1: * pull: fallthrough for registry parsing errors 0.42.0: * Remove --accept-repositories flag * pull policy: support camel cases * Use authfile in options to search image * vendor in containers/storage v1.33.0 * config: split arguments in DBUS_SESSION_BUS_ADDRESS * pkg/seccomp: avoid DefaultErrnoRet: null * Add and use libimage.Runtime.imageIDsForManifest() * Add libimage/manifests.LockerForImage() * Add support for path based registry in login/logout * libimage: pull: normalize docker-daemon * libimage: report all removed images * libruntime: layer tree: handle empty images * refine dangling filters * libimage.RuntimeFromStore(): stop overriding the BlobInfoCache location * build(deps): bump github.com/opencontainers/runc from 1.0.0 to 1.0.1 * pull with custom platform: handle "localhost/" * User option to prepare container after creation for volume copy-up. Docker does this by default. * add config option for ChownCopiedFiles * build(deps): bump github.com/containers/storage from 1.32.5 to 1.32.6 * libimage: image tree: fix nil deref - Update podman to 3.3.1 3.3.1: [#]## Bugfixes - Fixed a bug where unit files created by `podman generate systemd` could not cleanup shut down containers when stopped by `systemctl stop` ([#11304](https://github.com/containers/podman/issues/11304)). - Fixed a bug where `podman machine` commands would not properly locate the `gvproxy` binary in some circumstances. - Fixed a bug where containers created as part of a pod using the `--pod-id-file` option would not join the pod's network namespace ([#11303](https://github.com/containers/podman/issues/11303)). - Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions. - Fixed a bug where the `until` filter to `podman logs` and `podman events` was improperly handled, requiring input to be negated ([#11158](https://github.com/containers/podman/issues/11158)). - Fixed a bug where rootless containers using CNI networking run on systems using `systemd-resolved` for DNS would fail to start if resolved symlinked `/etc/resolv.conf` to an absolute path ([#11358](https://github.com/containers/podman/issues/11358)). [#]## API - A large number of potential file descriptor leaks from improperly closing client connections have been fixed. 3.3.0: [#]## Features - Containers inside VMs created by `podman machine` will now automatically handle port forwarding - containers in `podman machine` VMs that publish ports via `--publish` or `--publish-all` will have these ports not just forwarded on the VM, but also on the host system. - The `podman play kube` command's `--network` option now accepts advanced network options (e.g. `--network slirp4netns:port_handler=slirp4netns`) ([#10807](https://github.com/containers/podman/issues/10807)). - The `podman play kube` commmand now supports Kubernetes liveness probes, which will be created as Podman healthchecks. - Podman now provides a systemd unit, `podman-restart.service`, which, when enabled, will restart all containers that were started with `--restart=always` after the system reboots. - Rootless Podman can now be configured to use CNI networking by default by using the `rootless_networking` option in `containers.conf`. - Images can now be pulled using `image:tag@digest` syntax (e.g. `podman pull fedora:34@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a`) ([#6721](https://github.com/containers/podman/issues/6721)). - The `podman container checkpoint` and `podman container restore` commands can now be used to checkpoint containers that are in pods, and restore those containers into pods. - The `podman container restore` command now features a new option, `--publish`, to change the ports that are forwarded to a container that is being restored from an exported checkpoint. - The `podman container checkpoint` command now features a new option, `--compress`, to specify the compression algorithm that will be used on the generated checkpoint. - The `podman pull` command can now pull multiple images at once (e.g. `podman pull fedora:34 ubi8:latest` will pull both specified images). - THe `podman cp` command can now copy files from one container into another directly (e.g. `podman cp containera:/etc/hosts containerb:/etc/`) ([#7370](https://github.com/containers/podman/issues/7370)). - The `podman cp` command now supports a new option, `--archive`, which controls whether copied files will be chown'd to the UID and GID of the user of the destination container. - The `podman stats` command now provides two additional metrics: Average CPU, and CPU time. - The `podman pod create` command supports a new flag, `--pid`, to specify the PID namespace of the pod. If specified, containers that join the pod will automatically share its PID namespace. - The `podman pod create` command supports a new flag, `--infra-name`, which allows the name of the pod's infra container to be set ([#10794](https://github.com/containers/podman/issues/10794)). - The `podman auto-update` command has had its output reformatted - it is now much clearer what images were pulled and what containers were updated. - The `podman auto-update` command now supports a new option, `--dry-run`, which reports what would be updated but does not actually perform the update ([#9949](https://github.com/containers/podman/issues/9949)). - The `podman build` command now supports a new option, `--secret`, to mount secrets into build containers. - The `podman manifest remove` command now has a new alias, `podman manifest rm`. - The `podman login` command now supports a new option, `--verbose`, to print detailed information about where the credentials entered were stored. - The `podman events` command now supports a new event, `exec_died`, which is produced when an exec session exits, and includes the exit code of the exec session. - The `podman system connection add` command now supports adding connections that connect using the `tcp://` and `unix://` URL schemes. - The `podman system connection list` command now supports a new flag, `--format`, to determine how the output is printed. - The `podman volume prune` and `podman volume ls` commands' `--filter` option now support a new filter, `until`, that matches volumes created before a certain time ([#10579](https://github.com/containers/podman/issues/10579)). - The `podman ps --filter` option's `network` filter now accepts a new value: `container:`, which matches containers that share a network namespace with a specific container ([#10361](https://github.com/containers/podman/issues/10361)). - The `podman diff` command can now accept two arguments, allowing two images or two containers to be specified; the diff between the two will be printed ([#10649](https://github.com/containers/podman/issues/10649)). - Podman can now optionally copy-up content from containers into volumes mounted into those containers earlier (at creation time, instead of at runtime) via the `prepare_on_create` option in `containers.conf` ([#10262](https://github.com/containers/podman/issues/10262)). - A new option, `--gpus`, has been added to `podman create` and `podman run` as a no-op for better compatibility with Docker. If the nvidia-container-runtime package is installed, GPUs should be automatically added to containers without using the flag. - If an invalid subcommand is provided, similar commands to try will now be suggested in the error message. [#]## Changes - The `podman system reset` command now removes non-Podman (e.g. Buildah and CRI-O) containers as well. - The new port forwarding offered by `podman machine` requires [gvproxy](https://github.com/containers/gvisor-tap-vsock) in order to function. - Podman will now automatically create the default CNI network if it does not exist, for both root and rootless users. This will only be done once per user - if the network is subsequently removed, it will not be recreated. - The `install.cni` makefile option has been removed. It is no longer required to distribute the default `87-podman.conflist` CNI configuration file, as Podman will now automatically create it. - The `--root` option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using `--storage-opt` ([#10393](https://github.com/containers/podman/issues/10393)). - The output of `podman system connection list` is now deterministic, with connections being sorted alpabetically by their name. - The auto-update service (`podman-auto-update.service`) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once. - Systemd unit files generated by `podman generate systemd` now depend on `network-online.target` by default ([#10655](https://github.com/containers/podman/issues/10655)). - Systemd unit files generated by `podman generate systemd` now use `Type=notify` by default, instead of using PID files. - The `podman info` command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster. [#]## Bugfixes - Fixed a bug where the `podman play kube` command did not perform SELinux relabelling of volumes specified with a `mountPath` that included the `:z` or `:Z` options ([#9371](https://github.com/containers/podman/issues/9371)). - Fixed a bug where the `podman play kube` command would ignore the `USER` and `EXPOSE` directives in images ([#9609](https://github.com/containers/podman/issues/9609)). - Fixed a bug where the `podman play kube` command would only accept lowercase pull policies. - Fixed a bug where named volumes mounted into containers with the `:z` or `:Z` options were not appropriately relabelled for access from the container ([#10273](https://github.com/containers/podman/issues/10273)). - Fixed a bug where the `podman logs -f` command, with the `journald` log driver, could sometimes fail to pick up the last line of output from a container ([#10323](https://github.com/containers/podman/issues/10323)). - Fixed a bug where running `podman rm` on a container created with the `--rm` option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed. - Fixed a bug where starting a Podman container would segfault if the `LISTEN_PID` and `LISTEN_FDS` environment variables were set, but `LISTEN_FDNAMES` was not ([#10435](https://github.com/containers/podman/issues/10435)). - Fixed a bug where exec sessions in containers were sometimes not cleaned up when run without `-d` and when the associated `podman exec` process was killed before completion. - Fixed a bug where `podman system service` could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up. - Fixed a bug where containers run using the REST API using the `slirp4netns` network mode would leave zombie processes that were not cleaned up until `podman system service` exited ([#9777](https://github.com/containers/podman/issues/9777)). - Fixed a bug where the `podman system service` command would leave zombie processes after its initial launch that were not cleaned up until it exited ([#10575](https://github.com/containers/podman/issues/10575)). - Fixed a bug where VMs created by `podman machine` could not be started after the host system restarted ([#10824](https://github.com/containers/podman/issues/10824)). - Fixed a bug where the `podman pod ps` command would not show headers for optional information (e.g. container names when the `--ctr-names` option was given). - Fixed a bug where the remote Podman client's `podman create` and `podman run` commands would ignore timezone configuration from the server's `containers.conf` file ([#11124](https://github.com/containers/podman/issues/11124)). - Fixed a bug where the remote Podman client's `podman build` command would only respect `.containerignore` and not `.dockerignore` files (when both are present, `.containerignore` will be preferred) ([#10907](https://github.com/containers/podman/issues/10907)). - Fixed a bug where the remote Podman client's `podman build` command would fail to send the Dockerfile being built to the server when it was excluded by the `.dockerignore` file, resulting in an error ([#9867](https://github.com/containers/podman/issues/9867)). - Fixed a bug where the remote Podman client's `podman build` command could unexpectedly stop streaming the output of the build ([#10154](https://github.com/containers/podman/issues/10154)). - Fixed a bug where the remote Podman client's `podman build` command would fail to build when run on Windows ([#11259](https://github.com/containers/podman/issues/11259)). - Fixed a bug where the `podman manifest create` command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest). - Fixed a bug where named volumes would not be properly chowned to the UID and GID of the directory they were mounted over when first mounted into a container ([#10776](https://github.com/containers/podman/issues/10776)). - Fixed a bug where named volumes created using a volume plugin would be removed from Podman, even if the plugin reported a failure to remove the volume ([#11214](https://github.com/containers/podman/issues/11214)). - Fixed a bug where the remote Podman client's `podman exec -i` command would hang when input was provided via shell redirection (e.g. `podman --remote exec -i foo cat <<<"hello"`) ([#7360](https://github.com/containers/podman/issues/7360)). - Fixed a bug where containers created with `--rm` were not immediately removed after being started by `podman start` if they failed to start ([#10935](https://github.com/containers/podman/issues/10935)). - Fixed a bug where the `--storage-opt` flag to `podman create` and `podman run` was nonfunctional ([#10264](https://github.com/containers/podman/issues/10264)). - Fixed a bug where the `--device-cgroup-rule` option to `podman create` and `podman run` was nonfunctional ([#10302](https://github.com/containers/podman/issues/10302)). - Fixed a bug where the `--tls-verify` option to `podman manifest push` was nonfunctional. - Fixed a bug where the `podman import` command could, in some circumstances, produce empty images ([#10994](https://github.com/containers/podman/issues/10994)). - Fixed a bug where images pulled using the `docker-daemon:` transport had the wrong registry (`localhost` instead of `docker.io/library`) ([#10998](https://github.com/containers/podman/issues/10998)). - Fixed a bug where operations that pruned images (`podman image prune` and `podman system prune`) would prune untagged images with children ([#10832](https://github.com/containers/podman/issues/10832)). - Fixed a bug where dual-stack networks created by `podman network create` did not properly auto-assign an IPv4 subnet when one was not explicitly specified ([#11032](https://github.com/containers/podman/issues/11032)). - Fixed a bug where port forwarding using the `rootlessport` port forwarder would break when a network was disconnected and then reconnected ([#10052](https://github.com/containers/podman/issues/10052)). - Fixed a bug where Podman would ignore user-specified SELinux policies for containers using the Kata OCI runtime, or containers using systemd as PID 1 ([#11100](https://github.com/containers/podman/issues/11100)). - Fixed a bug where Podman containers created using `--net=host` would add an entry to `/etc/hosts` for the container's hostname pointing to `127.0.1.1` ([#10319](https://github.com/containers/podman/issues/10319)). - Fixed a bug where the `podman unpause --all` command would throw an error for every container that was not paused ([#11098](https://github.com/containers/podman/issues/11098)). - Fixed a bug where timestamps for the `since` and `until` filters using Unix timestamps with a nanoseconds portion could not be parsed ([#11131](https://github.com/containers/podman/issues/11131)). - Fixed a bug where the `podman info` command would sometimes print the wrong path for the `slirp4netns` binary. - Fixed a bug where rootless Podman containers joined to a CNI network would not have functional DNS when the host used systemd-resolved without the resolved stub resolver being enabled ([#11222](https://github.com/containers/podman/issues/11222)). - Fixed a bug where `podman network connect` and `podman network disconnect` of rootless containers could sometimes break port forwarding to the container ([#11248](https://github.com/containers/podman/issues/11248)). - Fixed a bug where joining a container to a CNI network by ID and adding network aliases to this network would cause the container to fail to start ([#11285](https://github.com/containers/podman/issues/11285)). [#]## API - Fixed a bug where the Compat List endpoint for Containers included healthcheck information for all containers, even those that did not have a configured healthcheck. - Fixed a bug where the Compat Create endpoint for Containers would fail to create containers with the `NetworkMode` parameter set to `default` ([#10569](https://github.com/containers/podman/issues/10569)). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle healthcheck commands ([#10617](https://github.com/containers/podman/issues/10617)). - Fixed a bug where the Compat Wait endpoint for Containers would always send an empty string error message when no error occurred. - Fixed a bug where the Libpod Stats endpoint for Containers would not error when run on rootless containers on cgroups v1 systems (nonsensical results would be returned, as this configuration cannot be supportable). - Fixed a bug where the Compat List endpoint for Images omitted the `ContainerConfig` field ([#10795](https://github.com/containers/podman/issues/10795)). - Fixed a bug where the Compat Build endpoint for Images was too strict when validating the `Content-Type` header, rejecting content that Docker would have accepted ([#11022](https://github.com/containers/podman/issues/11012)). - Fixed a bug where the Compat Pull endpoint for Images could fail, but return a 200 status code, if an image name that could not be parsed was provided. - Fixed a bug where the Compat Pull endpoint for Images would continue to pull images after the client disconnected. - Fixed a bug where the Compat List endpoint for Networks would fail for non-bridge (e.g. macvlan) networks ([#10266](https://github.com/containers/podman/issues/10266)). - Fixed a bug where the Libpod List endpoint for Networks would return nil, instead of an empty list, when no networks were present ([#10495](https://github.com/containers/podman/issues/10495)). - The Compat and Libpod Logs endpoints for Containers now support the `until` query parameter ([#10859](https://github.com/containers/podman/issues/10859)). - The Compat Import endpoint for Images now supports the `platform`, `message`, and `repo` query parameters. - The Compat Pull endpoint for Images now supports the `platform` query parameter. [#]## Misc - Updated Buildah to v1.22.3 - Updated the containers/storage library to v1.34.1 - Updated the containers/image library to v5.15.2 - Updated the containers/common library to v0.42.1 3.3.0-RC3: This is the third release candidate of Podman v3.3.0 Preliminary release notes follow: [#]## Features - Containers inside VMs created by `podman machine` will now automatically handle port forwarding - containers in `podman machine` VMs that publish ports via `--publish` or `--publish-all` will have these ports not just forwarded on the VM, but also on the host system. - The `podman play kube` command's `--network` option now accepts advanced network options (e.g. `--network slirp4netns:port_handler=slirp4netns`) ([#10807](https://github.com/containers/podman/issues/10807)). - The `podman play kube` commmand now supports Kubernetes liveness probes, which will be created as Podman healthchecks. - Podman now provides a systemd unit, `podman-restart.service`, which, when enabled, will restart all containers that were started with `--restart=always` after the system reboots. - Rootless Podman can now be configured to use CNI networking by default by using the `rootless_networking` option in `containers.conf`. - Images can now be pulled using `image:tag@digest` syntax (e.g. `podman pull fedora:34@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a`) ([#6721](https://github.com/containers/podman/issues/6721)). - The `podman container checkpoint` and `podman container restore` commands can now be used to checkpoint containers that are in pods, and restore those containers into pods. - The `podman container restore` command now features a new option, `--publish`, to change the ports that are forwarded to a container that is being restored from an exported checkpoint. - The `podman container checkpoint` command now features a new option, `--compress`, to specify the compression algorithm that will be used on the generated checkpoint. - The `podman pull` command can now pull multiple images at once (e.g. `podman pull fedora:34 ubi8:latest` will pull both specified images). - THe `podman cp` command can now copy files from one container into another directly (e.g. `podman cp containera:/etc/hosts containerb:/etc/`) ([#7370](https://github.com/containers/podman/issues/7370)). - The `podman cp` command now supports a new option, `--archive`, which controls whether copied files will be chown'd to the UID and GID of the user of the destination container. - The `podman stats` command now provides two additional metrics: Average CPU, and CPU time. - The `podman pod create` command supports a new flag, `--pid`, to specify the PID namespace of the pod. If specified, containers that join the pod will automatically share its PID namespace. - The `podman pod create` command supports a new flag, `--infra-name`, which allows the name of the pod's infra container to be set ([#10794](https://github.com/containers/podman/issues/10794)). - The `podman auto-update` command has had its output reformatted - it is now much clearer what images were pulled and what containers were updated. - The `podman auto-update` command now supports a new option, `--dry-run`, which reports what would be updated but does not actually perform the update ([#9949](https://github.com/containers/podman/issues/9949)). - The `podman build` command now supports a new option, `--secret`, to mount secrets into build containers. - The `podman manifest remove` command now has a new alias, `podman manifest rm`. - The `podman login` command now supports a new option, `--verbose`, to print detailed information about where the credentials entered were stored. - The `podman events` command now supports a new event, `exec_died`, which is produced when an exec session exits, and includes the exit code of the exec session. - The `podman system connection add` command now supports adding connections that connect using the `tcp://` and `unix://` URL schemes. - The `podman system connection list` command now supports a new flag, `--format`, to determine how the output is printed. - The `podman volume prune` and `podman volume ls` commands' `--filter` option now support a new filter, `until`, that matches volumes created before a certain time ([#10579](https://github.com/containers/podman/issues/10579)). - The `podman ps --filter` option's `network` filter now accepts a new value: `container:`, which matches containers that share a network namespace with a specific container ([#10361](https://github.com/containers/podman/issues/10361)). - The `podman diff` command can now accept two arguments, allowing two images or two containers to be specified; the diff between the two will be printed ([#10649](https://github.com/containers/podman/issues/10649)). - Podman can now optionally copy-up content from containers into volumes mounted into those containers earlier (at creation time, instead of at runtime) via the `prepare_on_create` option in `containers.conf` ([#10262](https://github.com/containers/podman/issues/10262)). - A new option, `--gpus`, has been added to `podman create` and `podman run` as a no-op for better compatibility with Docker. If the nvidia-container-runtime package is installed, GPUs should be automatically added to containers without using the flag. - If an invalid subcommand is provided, similar commands to try will now be suggested in the error message. [#]## Changes - The `podman system reset` command now removes non-Podman (e.g. Buildah and CRI-O) containers as well. - The new port forwarding offered by `podman machine` requires [gvproxy](https://github.com/containers/gvisor-tap-vsock) in order to function. - Podman will now automatically create the default CNI network if it does not exist, for both root and rootless users. This will only be done once per user - if the network is subsequently removed, it will not be recreated. - The `install.cni` makefile option has been removed. It is no longer required to distribute the default `87-podman.conflist` CNI configuration file, as Podman will now automatically create it. - The `--root` option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using `--storage-opt` ([#10393](https://github.com/containers/podman/issues/10393)). - The output of `podman system connection list` is now deterministic, with connections being sorted alpabetically by their name. - The auto-update service (`podman-auto-update.service`) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once. - Systemd unit files generated by `podman generate systemd` now depend on `network-online.target` by default ([#10655](https://github.com/containers/podman/issues/10655)). - The `podman info` command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster. [#]## Bugfixes - Fixed a bug where the `podman play kube` command did not perform SELinux relabelling of volumes specified with a `mountPath` that included the `:z` or `:Z` options ([#9371](https://github.com/containers/podman/issues/9371)). - Fixed a bug where the `podman play kube` command would ignore the `USER` and `EXPOSE` directives in images ([#9609](https://github.com/containers/podman/issues/9609)). - Fixed a bug where the `podman play kube` command would only accept lowercase pull policies. - Fixed a bug where named volumes mounted into containers with the `:z` or `:Z` options were not appropriately relabelled for access from the container ([#10273](https://github.com/containers/podman/issues/10273)). - Fixed a bug where the `podman logs -f` command, with the `journald` log driver, could sometimes fail to pick up the last line of output from a container ([#10323](https://github.com/containers/podman/issues/10323)). - Fixed a bug where running `podman rm` on a container created with the `--rm` option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed. - Fixed a bug where starting a Podman container would segfault if the `LISTEN_PID` and `LISTEN_FDS` environment variables were set, but `LISTEN_FDNAMES` was not ([#10435](https://github.com/containers/podman/issues/10435)). - Fixed a bug where exec sessions in containers were sometimes not cleaned up when run without `-d` and when the associated `podman exec` process was killed before completion. - Fixed a bug where `podman system service` could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up. - Fixed a bug where containers run using the REST API using the `slirp4netns` network mode would leave zombie processes that were not cleaned up until `podman system service` exited ([#9777](https://github.com/containers/podman/issues/9777)). - Fixed a bug where the `podman system service` command would leave zombie processes after its initial launch that were not cleaned up until it exited ([#10575](https://github.com/containers/podman/issues/10575)). - Fixed a bug where VMs created by `podman machine` could not be started after the host system restarted ([#10824](https://github.com/containers/podman/issues/10824)). - Fixed a bug where the `podman pod ps` command would not show headers for optional information (e.g. container names when the `--ctr-names` option was given). - Fixed a bug where the remote Podman client's `podman create` and `podman run` commands would ignore timezone configuration from the server's `containers.conf` file ([#11124](https://github.com/containers/podman/issues/11124)). - Fixed a bug where the remote Podman client's `podman build` command would only respect `.containerignore` and not `.dockerignore` files (when both are present, `.containerignore` will be preferred) ([#10907](https://github.com/containers/podman/issues/10907)). - Fixed a bug where the remote Podman client's `podman build` command would fail to send the Dockerfile being built to the server when it was excluded by the `.dockerignore` file, resulting in an error ([#9867](https://github.com/containers/podman/issues/9867)). - Fixed a bug where the remote Podman client's `podman build` command could unexpectedly stop streaming the output of the build ([#10154](https://github.com/containers/podman/issues/10154)). - Fixed a bug where the `podman manifest create` command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest). - Fixed a bug where named volumes would not be properly chowned to the UID and GID of the directory they were mounted over when first mounted into a container ([#10776](https://github.com/containers/podman/issues/10776)). - Fixed a bug where the remote Podman client's `podman exec -i` command would hang when input was provided via shell redirection (e.g. `podman --remote exec -i foo cat <<<"hello"`) ([#7360](https://github.com/containers/podman/issues/7360)). - Fixed a bug where containers created with `--rm` were not immediately removed after being started by `podman start` if they failed to start ([#10935](https://github.com/containers/podman/issues/10935)). - Fixed a bug where the `--storage-opt` flag to `podman create` and `podman run` was nonfunctional ([#10264](https://github.com/containers/podman/issues/10264)). - Fixed a bug where the `--device-cgroup-rule` option to `podman create` and `podman run` was nonfunctional ([#10302](https://github.com/containers/podman/issues/10302)). - Fixed a bug where the `--tls-verify` option to `podman manifest push` was nonfunctional. - Fixed a bug where the `podman import` command could, in some circumstances, produce empty images ([#10994](https://github.com/containers/podman/issues/10994)). - Fixed a bug where images pulled using the `docker-daemon:` transport had the wrong registry (`localhost` instead of `docker.io/library`) ([#10998](https://github.com/containers/podman/issues/10998)). - Fixed a bug where operations that pruned images (`podman image prune` and `podman system prune`) would prune untagged images with children ([#10832](https://github.com/containers/podman/issues/10832)). - Fixed a bug where dual-stack networks created by `podman network create` did not properly auto-assign an IPv4 subnet when one was not explicitly specified ([#11032](https://github.com/containers/podman/issues/11032)). - Fixed a bug where port forwarding using the `rootlessport` port forwarder would break when a network was disconnected and then reconnected ([#10052](https://github.com/containers/podman/issues/10052)). - Fixed a bug where Podman would ignore user-specified SELinux policies for containers using the Kata OCI runtime, or containers using systemd as PID 1 ([#11100](https://github.com/containers/podman/issues/11100)). - Fixed a bug where Podman containers created using `--net=host` would add an entry to `/etc/hosts` for the container's hostname pointing to `127.0.1.1` ([#10319](https://github.com/containers/podman/issues/10319)). - Fixed a bug where the `podman unpause --all` command would throw an error for every container that was not paused ([#11098](https://github.com/containers/podman/issues/11098)). - Fixed a bug where timestamps for the `since` and `until` filters using Unix timestamps with a nanoseconds portion could not be parsed ([#11131](https://github.com/containers/podman/issues/11131)). - Fixed a bug where the `podman info` command would sometimes print the wrong path for the `slirp4netns` binary. [#]## API - Fixed a bug where the Compat List endpoint for Containers included healthcheck information for all containers, even those that did not have a configured healthcheck. - Fixed a bug where the Compat Create endpoint for Containers would fail to create containers with the `NetworkMode` parameter set to `default` ([#10569](https://github.com/containers/podman/issues/10569)). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle healthcheck commands ([#10617](https://github.com/containers/podman/issues/10617)). - Fixed a bug where the Compat Wait endpoint for Containers would always send an empty string error message when no error occurred. - Fixed a bug where the Libpod Stats endpoint for Containers would not error when run on rootless containers on cgroups v1 systems (nonsensical results would be returned, as this configuration cannot be supportable). - Fixed a bug where the Compat List endpoint for Images omitted the `ContainerConfig` field ([#10795](https://github.com/containers/podman/issues/10795)). - Fixed a bug where the Compat Pull endpoint for Images could fail, but return a 200 status code, if an image name that could not be parsed was provided. - Fixed a bug where the Compat Pull endpoint for Images would continue to pull images after the client disconnected. - Fixed a bug where the Compat List endpoint for Networks would fail for non-bridge (e.g. macvlan) networks ([#10266](https://github.com/containers/podman/issues/10266)). - Fixed a bug where the Libpod List endpoint for Networks would return nil, instead of an empty list, when no networks were present ([#10495](https://github.com/containers/podman/issues/10495)). - The Compat and Libpod Logs endpoints for Containers now support the `until` query parameter ([#10859](https://github.com/containers/podman/issues/10859)). - The Compat Import endpoint for Images now supports the `platform`, `message`, and `repo` query parameters. - The Compat Pull endpoint for Images now supports the `platform` query parameter. [#]## Misc - Updated Buildah to v1.22.0 - Updated the containers/storage library to v1.34.1 - Updated the containers/image library to v5.15.1 - Updated the containers/common library to v0.42.1 3.3.0-RC2: [#]## Features - Containers inside VMs created by `podman machine` will now automatically handle port forwarding - containers in `podman machine` VMs that publish ports via `--publish` or `--publish-all` will have these ports not just forwarded on the VM, but also on the host system. - The `podman play kube` command's `--network` option now accepts advanced network options (e.g. `--network slirp4netns:port_handler=slirp4netns`) ([#10807](https://github.com/containers/podman/issues/10807)). - The `podman play kube` commmand now supports Kubernetes liveness probes, which will be created as Podman healthchecks. - Podman now provides a systemd unit, `podman-restart.service`, which, when enabled, will restart all containers that were started with `--restart=always` after the system reboots. - Rootless Podman can now be configured to use CNI networking by default by using the `rootless_networking` option in `containers.conf`. - Images can now be pulled using `image:tag@digest` syntax (e.g. `podman pull fedora:34@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a`) ([#6721](https://github.com/containers/podman/issues/6721)). - The `podman container checkpoint` and `podman container restore` commands can now be used to checkpoint containers that are in pods, and restore those containers into pods. - The `podman container restore` command now features a new option, `--publish`, to change the ports that are forwarded to a container that is being restored from an exported checkpoint. - The `podman container checkpoint` command now features a new option, `--compress`, to specify the compression algorithm that will be used on the generated checkpoint. - The `podman pull` command can now pull multiple images at once (e.g. `podman pull fedora:34 ubi8:latest` will pull both specified images). - THe `podman cp` command can now copy files from one container into another directly (e.g. `podman cp containera:/etc/hosts containerb:/etc/`) ([#7370](https://github.com/containers/podman/issues/7370)). - The `podman cp` command now supports a new option, `--archive`, which controls whether copied files will be chown'd to the UID and GID of the user of the destination container. - The `podman stats` command now provides two additional metrics: Average CPU, and CPU time. - The `podman pod create` command supports a new flag, `--pid`, to specify the PID namespace of the pod. If specified, containers that join the pod will automatically share its PID namespace. - The `podman pod create` command supports a new flag, `--infra-name`, which allows the name of the pod's infra container to be set ([#10794](https://github.com/containers/podman/issues/10794)). - The `podman auto-update` command has had its output reformatted - it is now much clearer what images were pulled and what containers were updated. - The `podman auto-update` command now supports a new option, `--dry-run`, which reports what would be updated but does not actually perform the update ([#9949](https://github.com/containers/podman/issues/9949)). - The `podman build` command now supports a new option, `--secret`, to mount secrets into build containers. - The `podman manifest remove` command now has a new alias, `podman manifest rm`. - The `podman login` command now supports a new option, `--verbose`, to print detailed information about where the credentials entered were stored. - The `podman events` command now supports a new event, `exec_died`, which is produced when an exec session exits, and includes the exit code of the exec session. - The `podman system connection add` command now supports adding connections that connect using the `tcp://` and `unix://` URL schemes. - The `podman system connection list` command now supports a new flag, `--format`, to determine how the output is printed. - The `podman volume prune` and `podman volume ls` commands' `--filter` option now support a new filter, `until`, that matches volumes created before a certain time ([#10579](https://github.com/containers/podman/issues/10579)). - The `podman ps --filter` option's `network` filter now accepts a new value: `container:`, which matches containers that share a network namespace with a specific container ([#10361](https://github.com/containers/podman/issues/10361)). - The `podman diff` command can now accept two arguments, allowing two images or two containers to be specified; the diff between the two will be printed ([#10649](https://github.com/containers/podman/issues/10649)). - Podman can now optionally copy-up content from containers into volumes mounted into those containers earlier (at creation time, instead of at runtime) via the `prepare_on_create` option in `containers.conf` ([#10262](https://github.com/containers/podman/issues/10262)). - A new option, `--gpus`, has been added to `podman create` and `podman run` as a no-op for better compatibility with Docker. If the nvidia-container-runtime package is installed, GPUs should be automatically added to containers without using the flag. - If an invalid subcommand is provided, similar commands to try will now be suggested in the error message. [#]## Changes - The `podman system reset` command now removes non-Podman (e.g. Buildah and CRI-O) containers as well. - The new port forwarding offered by `podman machine` requires [gvproxy](https://github.com/containers/gvisor-tap-vsock) in order to function. - Podman will now automatically create the default CNI network if it does not exist, for both root and rootless users. This will only be done once per user - if the network is subsequently removed, it will not be recreated. - The `install.cni` makefile option has been removed. It is no longer required to distribute the default `87-podman.conflist` CNI configuration file, as Podman will now automatically create it. - The `--root` option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using `--storage-opt` ([#10393](https://github.com/containers/podman/issues/10393)). - The output of `podman system connection list` is now deterministic, with connections being sorted alpabetically by their name. - The auto-update service (`podman-auto-update.service`) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once. - Systemd unit files generated by `podman generate systemd` now depend on `network-online.target` by default ([#10655](https://github.com/containers/podman/issues/10655)). - The `podman info` command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster. [#]## Bugfixes - Fixed a bug where the `podman play kube` command did not perform SELinux relabelling of volumes specified with a `mountPath` that included the `:z` or `:Z` options ([#9371](https://github.com/containers/podman/issues/9371)). - Fixed a bug where the `podman play kube` command would ignore the `USER` and `EXPOSE` directives in images ([#9609](https://github.com/containers/podman/issues/9609)). - Fixed a bug where the `podman play kube` command would only accept lowercase pull policies. - Fixed a bug where named volumes mounted into containers with the `:z` or `:Z` options were not appropriately relabelled for access from the container ([#10273](https://github.com/containers/podman/issues/10273)). - Fixed a bug where the `podman logs -f` command, with the `journald` log driver, could sometimes fail to pick up the last line of output from a container ([#10323](https://github.com/containers/podman/issues/10323)). - Fixed a bug where running `podman rm` on a container created with the `--rm` option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed. - Fixed a bug where starting a Podman container would segfault if the `LISTEN_PID` and `LISTEN_FDS` environment variables were set, but `LISTEN_FDNAMES` was not ([#10435](https://github.com/containers/podman/issues/10435)). - Fixed a bug where exec sessions in containers were sometimes not cleaned up when run without `-d` and when the associated `podman exec` process was killed before completion. - Fixed a bug where `podman system service` could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up. - Fixed a bug where containers run using the REST API using the `slirp4netns` network mode would leave zombie processes that were not cleaned up until `podman system service` exited ([#9777](https://github.com/containers/podman/issues/9777)). - Fixed a bug where the `podman system service` command would leave zombie processes after its initial launch that were not cleaned up until it exited ([#10575](https://github.com/containers/podman/issues/10575)). - Fixed a bug where VMs created by `podman machine` could not be started after the host system restarted ([#10824](https://github.com/containers/podman/issues/10824)). - Fixed a bug where the `podman pod ps` command would not show headers for optional information (e.g. container names when the `--ctr-names` option was given). - Fixed a bug where the remote Podman client's `podman create` and `podman run` commands would ignore timezone configuration from the server's `containers.conf` file ([#11124](https://github.com/containers/podman/issues/11124)). - Fixed a bug where the remote Podman client's `podman build` command would only respect `.containerignore` and not `.dockerignore` files (when both are present, `.containerignore` will be preferred) ([#10907](https://github.com/containers/podman/issues/10907)). - Fixed a bug where the remote Podman client's `podman build` command would fail to send the Dockerfile being built to the server when it was excluded by the `.dockerignore` file, resulting in an error ([#9867](https://github.com/containers/podman/issues/9867)). - Fixed a bug where the remote Podman client's `podman build` command could unexpectedly stop streaming the output of the build ([#10154](https://github.com/containers/podman/issues/10154)). - Fixed a bug where the `podman manifest create` command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest). - Fixed a bug where named volumes would not be properly chowned to the UID and GID of the directory they were mounted over when first mounted into a container ([#10776](https://github.com/containers/podman/issues/10776)). - Fixed a bug where the remote Podman client's `podman exec -i` command would hang when input was provided via shell redirection (e.g. `podman --remote exec -i foo cat <<<"hello"`) ([#7360](https://github.com/containers/podman/issues/7360)). - Fixed a bug where containers created with `--rm` were not immediately removed after being started by `podman start` if they failed to start ([#10935](https://github.com/containers/podman/issues/10935)). - Fixed a bug where the `--storage-opt` flag to `podman create` and `podman run` was nonfunctional ([#10264](https://github.com/containers/podman/issues/10264)). - Fixed a bug where the `--device-cgroup-rule` option to `podman create` and `podman run` was nonfunctional ([#10302](https://github.com/containers/podman/issues/10302)). - Fixed a bug where the `--tls-verify` option to `podman manifest push` was nonfunctional. - Fixed a bug where the `podman import` command could, in some circumstances, produce empty images ([#10994](https://github.com/containers/podman/issues/10994)). - Fixed a bug where images pulled using the `docker-daemon:` transport had the wrong registry (`localhost` instead of `docker.io/library`) ([#10998](https://github.com/containers/podman/issues/10998)). - Fixed a bug where operations that pruned images (`podman image prune` and `podman system prune`) would prune untagged images with children ([#10832](https://github.com/containers/podman/issues/10832)). - Fixed a bug where dual-stack networks created by `podman network create` did not properly auto-assign an IPv4 subnet when one was not explicitly specified ([#11032](https://github.com/containers/podman/issues/11032)). - Fixed a bug where port forwarding using the `rootlessport` port forwarder would break when a network was disconnected and then reconnected ([#10052](https://github.com/containers/podman/issues/10052)). - Fixed a bug where Podman would ignore user-specified SELinux policies for containers using the Kata OCI runtime, or containers using systemd as PID 1 ([#11100](https://github.com/containers/podman/issues/11100)). - Fixed a bug where Podman containers created using `--net=host` would add an entry to `/etc/hosts` for the container's hostname pointing to `127.0.1.1` ([#10319](https://github.com/containers/podman/issues/10319)). - Fixed a bug where the `podman unpause --all` command would throw an error for every container that was not paused ([#11098](https://github.com/containers/podman/issues/11098)). - Fixed a bug where timestamps for the `since` and `until` filters using Unix timestamps with a nanoseconds portion could not be parsed ([#11131](https://github.com/containers/podman/issues/11131)). - Fixed a bug where the `podman info` command would sometimes print the wrong path for the `slirp4netns` binary. [#]## API - Fixed a bug where the Compat List endpoint for Containers included healthcheck information for all containers, even those that did not have a configured healthcheck. - Fixed a bug where the Compat Create endpoint for Containers would fail to create containers with the `NetworkMode` parameter set to `default` ([#10569](https://github.com/containers/podman/issues/10569)). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle healthcheck commands ([#10617](https://github.com/containers/podman/issues/10617)). - Fixed a bug where the Compat Wait endpoint for Containers would always send an empty string error message when no error occurred. - Fixed a bug where the Libpod Stats endpoint for Containers would not error when run on rootless containers on cgroups v1 systems (nonsensical results would be returned, as this configuration cannot be supportable). - Fixed a bug where the Compat List endpoint for Images omitted the `ContainerConfig` field ([#10795](https://github.com/containers/podman/issues/10795)). - Fixed a bug where the Compat Pull endpoint for Images could fail, but return a 200 status code, if an image name that could not be parsed was provided. - Fixed a bug where the Compat Pull endpoint for Images would continue to pull images after the client disconnected. - Fixed a bug where the Compat List endpoint for Networks would fail for non-bridge (e.g. macvlan) networks ([#10266](https://github.com/containers/podman/issues/10266)). - Fixed a bug where the Libpod List endpoint for Networks would return nil, instead of an empty list, when no networks were present ([#10495](https://github.com/containers/podman/issues/10495)). - The Compat and Libpod Logs endpoints for Containers now support the `until` query parameter ([#10859](https://github.com/containers/podman/issues/10859)). - The Compat Import endpoint for Images now supports the `platform`, `message`, and `repo` query parameters. - The Compat Pull endpoint for Images now supports the `platform` query parameter. [#]## Misc - Updated Buildah to v1.22.0 - Updated the containers/storage library to v1.33.1 - Updated the containers/image library to v5.15.0 - Updated the containers/common library to v0.42.1 - Update storage to 1.36.0 1.36.0: (*Store)Layer(): fix race when loading layers Add Inodes to OverlayOptionsConfig build(deps): bump github.com/Microsoft/hcsshim from 0.8.20 to 0.8.22 build(deps): bump github.com/containerd/stargz-snapshotter/estargz build(deps): bump github.com/klauspost/compress from 1.13.4 to 1.13.5 build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5 chunked: cache all the files with the same digest chunked: do not store the digest if it is empty chunked: estargz support chunked: fix linkat for rootless chunked: restrict dedup with hard links 1.35.0: chunked: add new pull options use_hard_links and enable_partial_images build(deps): bump github.com/vbatts/tar-split from 0.11.1 to 0.11.2 build(deps): bump github.com/opencontainers/runc from 1.0.1 to 1.0.2 Update golang.org/x/sys Add LayerOptions.OriginalDigest and LayerOptions.UncompressedDigest Separate the IDMappingOptions logic from other LayerOptions work Reorganize uncompressedCounter Only compute {un,}compressedDigester.Digest() once Reorganize the "defragmented" reader construction a bit. Rename {un,}compressedDigest to {un,}compressedDigester Have NewReadCloserWrapper pass through io.WriterTo chunked: remove unused args chunked: fix fd leak on error chunked: remove unused argument missingDirsMode chunked: add new pull option use_hard_links chunked: allow to disable partial images feature 1.34.1: types: on error fallback to filepath.Clean() build(deps): bump github.com/klauspost/compress from 1.13.3 to 1.13.4 Add codespell fixes ApplyDiff: compress saved headers without concurrency build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4 1.34.0: overlay: check for aufs-style whiteout at startup Invert libsubid tag 1.33.2: build(deps): bump github.com/BurntSushi/toml from 0.3.1 to 0.4.1 Follow symlinks if they exists idtools: add support for libsubid Makefile: use buildtags for golangci-lint Cirrus: Use fresh VM & Container images build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3 build(deps): bump github.com/klauspost/compress from 1.13.1 to 1.13.3 1.33.1: Fix handling of quota on volumes 1.33.0: Add inode support to quota Creating fifo files while non root should be supported Revert #952, we don't want to use /run/user on non systemd systems Split pkg/chunked.ZstdCompressor into a separate subpackage Update docs/containers-storage.conf.5.md build(deps): bump github.com/opencontainers/runc from 1.0.0 to 1.0.1 overlay: check if we can mknod() kernel whiteout - Update image to 5.16.0 v0.44.0: * Add HelperBinariesDir field to engine config * Add space trimming check in sysctl.Validate * Cirrus: Use fresher VM images * Fix `pkg/sysctl` path typo * Fix the fallback runtime path * Switch default Rootless Networking to "CNI" for OSX * Update pkg/sysctl/sysctl.go * add some cni plugin paths * build(deps): bump github.com/containers/image/v5 from 5.15.0 to 5.16.0 * build(deps): bump github.com/containers/storage from 1.34.0 to 1.35.0 * build(deps): bump github.com/onsi/gomega from 1.15.0 to 1.16.0 * build(deps): bump github.com/opencontainers/runc from 1.0.1 to 1.0.2 * build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5 * docs/containers.conf.5.md: Fix manpage section * fix untag + v0.43.2 * libimage: disk usage: catch corrupted images * libimage: relax untag by digest checks * path: dest paths inside container should always be treated as *nix type * remove-image: Add optional `LookupManifest` to RemoveImagesOptions. * runtime: Add ReturnManifestIfPresent to LookupImageOptions * runtime: Add `ManifestList` to `LookupImageOptions` * seccomp: allow memfd_secret v0.43.2: * libimage: relax untag by digest checks * path: dest paths inside container should always be treated as *nix type v0.43.1: * Fix spelling mistakes * Fix examples in containers.conf v0.43.0: * Add documentation for Containerfile and Dockerfile * Remove no_libsubid flag * Add machine_image to containers.conf * build(deps): bump github.com/containers/storage from 1.33.1 to 1.34.0 * build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.4 * Add machine_image to containers.conf * Switch default logdriver and eventslogger to journald, if root * build(deps): bump github.com/BurntSushi/toml from 0.3.1 to 0.4.1 * build(deps): bump github.com/onsi/gomega from 1.14.0 to 1.15.0 * libimage: {un}tag: reject digests * build(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.8+incompatible * style: complete containers#556 to-do list part 4 * build(deps): bump github.com/containers/image/v5 from 5.14.0 to 5.15.0 * set GOPROXY=https://proxy.golang.org v0.42.1: * pull: fallthrough for registry parsing errors v0.42.0: * Remove --accept-repositories flag * pull policy: support camel cases * Use authfile in options to search image * vendor in containers/storage v1.33.0 * config: split arguments in DBUS_SESSION_BUS_ADDRESS * pkg/seccomp: avoid DefaultErrnoRet: null * Add and use libimage.Runtime.imageIDsForManifest() * Add libimage/manifests.LockerForImage() * Add support for path based registry in login/logout * libimage: pull: normalize docker-daemon * libimage: report all removed images * libruntime: layer tree: handle empty images * refine dangling filters * libimage.RuntimeFromStore(): stop overriding the BlobInfoCache location * build(deps): bump github.com/opencontainers/runc from 1.0.0 to 1.0.1 * pull with custom platform: handle "localhost/" * User option to prepare container after creation for volume copy-up. Docker does this by default. * add config option for ChownCopiedFiles * build(deps): bump github.com/containers/storage from 1.32.5 to 1.32.6 * libimage: image tree: fix nil deref - Comment out ostree_repo if it's blank [boo#1189893] ++++ ldb: - Update to version 2.4.0 + Improve calculate_popt_array_length() + Use C99 initializers for builtin_popt_options[] + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + pyldb: fix a typo + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests + Add missing break in switch statement ++++ talloc: - Update to 2.3.3 + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL;(bso#9931); ++++ tdb: - Update to version 1.4.4 + Fix a memory leak on error + python: remove all 'from __future__ import print_function' + Fix CID 1471761 String not null terminated + Use hex_byte() in parse_hex() + Use hex_byte() in read_data() + fix studio compiler build + Fix some signed/unsigned comparisons + also use __has_attribute macro to check for attribute support + Fix clang 9 missing-field-initializer warnings + pytdb tests: add test for storev() + pytdb: add python binding for storev() + tdbtorture: Use ARRAY_DEL_ELEMENT() + py3: Remove #define PyInt_FromLong PyLong_FromLong + py3: Remove #define PyInt_AsLong PyLong_AsLong + py3: Remove #define PyInt_Check PyLong_Check + tdb: Align integer types - Drop obsolete patch ignore-tdb1-run-transaction-expand.diff - Fix header file using undefined function visibility macro; Add patch 0001-tdb-Fix-invalid-syntax-in-tdb.h.patch; (bso#14762); - Update to version 0.11.0 + Other minor build fixes; (bso#14526); + Add custom tag to events + Add event trace api ++++ libzypp: - Make sure to keep states alives while transitioning (bsc#1190199) - May set techpreview variables for testing in /etc/zypp/zypp.conf. If environment variables are unhandy one may enable the desired techpreview in zypp.conf as well: [main] techpreview.ZYPP_SINGLE_RPMTRANS=1 techpreview.ZYPP_MEDIANETWORK=1 - version 17.28.4 (22) ++++ raspberrypi-firmware-dt: - Update to 2425833c7ff5 (2021-09-17) * Switch to 5.14 branch * Drop upstream-overlay-rpi-poe.patch ++++ tuned: - plugin_script: Execute all scripts regardless of errors found by review for SLE 15 SP4 (jsc#SLE-20335) A plugin_script-Execute-all-scripts-regardless-of-errors.patch ------------------------------------------------------------------ ------------------ 2021-9-16 - Sep 16 2021 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Change default log_format from ENRICHED to RAW (bsc#1190500): * add change-default-log_format.patch (SUSE-specific patch) - Update to version 3.0.5: * In auditd, flush uid/gid caches when user/group added/deleted/modified * Fixed various issues when dealing with corrupted logs * In auditd, check if log_file is valid before closing handle - Include fixed from 3.0.4: * Apply performance speedups to auparse library * Optimize rule loading in auditctl * Fix an auparse memory leak caused by glibc-2.33 by replacing realpath * Update syscall table to the 5.14 kernel * Fixed various issues when dealing with corrupted logs ++++ avahi: - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ++++ catatonit: - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). - Update catatonit-rpmlintrc in order to cover that static binaries are now an error not a warning. ++++ cryptsetup: - cryptsetup 2.4.1 * Fix compilation for libc implementations without dlvsym(). * Fix compilation and tests on systems with non-standard libraries * Try to workaround some issues on systems without udev support. * Fixes for OpenSSL3 crypto backend (including FIPS mode). * Print error message when assigning a token to an inactive keyslot. * Fix offset bug in LUKS2 encryption code if --offset option was used. * Do not allow LUKS2 decryption for devices with data offset. * Fix LUKS1 cryptsetup repair command for some specific problems. ++++ gdk-pixbuf: - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ++++ glib-networking: - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ++++ glib2: - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ++++ gsettings-desktop-schemas: - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ++++ gstreamer: - Stop building doc sub-package, we will in the future use upstreams own standalone doc package. Following this: Drop fdupes, gtk-doc and hotdoc BuildRequires, and fdupes call, no longer needed nor usefull. - Refresh patches with quilt. - Remove obsolete translation-update-upstream and gnome-patch-translation support (jsc#SLE-21105). ++++ gstreamer-plugins-base: - Stop building doc sub-package, we will in the future use upstreams own standalone doc package. Following this: Drop fdupes, gtk-doc and hotdoc BuildRequires, and fdupes call, no longer needed nor usefull. - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ++++ gtk3: - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ++++ kernel-default: - Drop a time patch (stable-5.14.5) Stable 5.14.5 upstream reverted two commits that have been added in 5.14.4. One of them, the posix-cpu-timer patch, has been already backported for bsc#1190366, so we keep it, while dropping another one for time patch. Deleted: patches.suse/time-Handle-negative-seconds-correctly-in-timespec64.patch - commit 9b22453 - Linux 5.14.5 (stable-5.14.5). - commit 3b35843 - nvme-tcp: fix io_work priority inversion (bsc#1190569). - nvme-rdma: destroy cm id before destroy qp to avoid use after free (bsc#1190569). - nvme-multipath: fix ANA state updates when a namespace is not present (bsc#1190569). - nvme: avoid race in shutdown namespace removal (bsc#1190569 bsc#1188067). - nvme: only call synchronize_srcu when clearing current path (bsc#1190569 bsc#1188067). - nvme: update keep alive interval when kato is modified (bsc#1190569). - nvme-tcp: Do not reset transport on data digest errors (bsc#1190569 bsc#1188418). - nvme-multipath: set QUEUE_FLAG_NOWAIT (bsc#1190569). - nvme: remove nvm_ndev from ns (bsc#1190569). - nvme: Have NVME_FABRICS select NVME_CORE instead of transport drivers (bsc#1190569). - nvme-tcp: pair send_mutex init with destroy (bsc#1190569). - nvme: allow user toggling hmb usage (bsc#1190569). - nvme-pci: disable hmb on idle suspend (bsc#1190569). - nvme: add set feature tracing support (bsc#1190569). - nvme-fabrics: remove superfluous nvmf_host_put in nvmf_parse_options (bsc#1190569). - nvme-pci: cmb sysfs: one file, one value (bsc#1190569). - nvme-pci: use attribute group for cmb sysfs (bsc#1190569). - remove the lightnvm subsystem (bsc#1190569). - nvme: use blk_mq_alloc_disk (bsc#1190569). - commit 778e572 - fsnotify: fix sb_connectors leak (git fixes (fsnotify)). - commit 3cf1b5e - crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (bsc#1189884 CVE-2021-3744 bsc#1190534 CVE-2021-3764). - commit a76d86f - PCI: hv: Turn on the host bridge probing on ARM64 (jsc#SLE-17855,bsc#1186071). - PCI: hv: Set up MSI domain at bridge probing time (jsc#SLE-17855,bsc#1186071). - PCI: hv: Set ->domain_nr of pci_host_bridge at probing time (jsc#SLE-17855,bsc#1186071). - PCI: hv: Generify PCI probing (jsc#SLE-17855,bsc#1186071). - PCI: Support populating MSI domains of root buses via bridges (jsc#SLE-17855,bsc#1186071). - PCI: Introduce domain_nr in pci_host_bridge (jsc#SLE-17855,bsc#1186071). - PCI: hv: Support for create interrupt v3 (jsc#SLE-17855,bsc#1186071). - PCI: Allow PASID on fake PCIe devices without TLP prefixes (jsc#SLE-17855,bsc#1186071). - Drivers: hv: Enable Hyper-V code to be built on ARM64 (jsc#SLE-17855,bsc#1186071). - arm64: efi: Export screen_info (jsc#SLE-17855,bsc#1186071). - arm64: hyperv: Initialize hypervisor on boot (jsc#SLE-17855,bsc#1186071). - arm64: hyperv: Add panic handler (jsc#SLE-17855,bsc#1186071). - arm64: hyperv: Add Hyper-V hypercall and register access utilities (jsc#SLE-17855,bsc#1186071). - x86/hyperv: fix root partition faults when writing to VP assist page MSR (jsc#SLE-17855,bsc#1186071). - hv: hyperv.h: Remove unused inline functions (jsc#SLE-17855,bsc#1186071). - drivers: hv: Decouple Hyper-V clock/timer code from VMbus drivers (jsc#SLE-17855,bsc#1186071). - x86/hyperv: add comment describing TSC_INVARIANT_CONTROL MSR setting bit 0 (jsc#SLE-17855,bsc#1186071). - Drivers: hv: Move Hyper-V misc functionality to arch-neutral code (jsc#SLE-17855,bsc#1186071). - Drivers: hv: Add arch independent default functions for some Hyper-V handlers (jsc#SLE-17855,bsc#1186071). - Drivers: hv: Make portions of Hyper-V init code be arch neutral (jsc#SLE-17855,bsc#1186071). - x86/hyperv: fix for unwanted manipulation of sched_clock when TSC marked unstable (jsc#SLE-17855,bsc#1186071). - asm-generic/hyperv: Add missing #include of nmi.h (jsc#SLE-17855,bsc#1186071). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-17900). - net: mana: Add support for EQ sharing (jsc#SLE-17900). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-17900). - commit f6cd12b - swiotlb: use depends on for DMA_RESTRICTED_POOL (git-fixes). - commit eafc3ac - s390/pv: fix the forcing of the swiotlb (git-fixes). - commit 4a90678 - powerpc/numa: Consider the max NUMA node for migratable LPAR (bsc#1190544 ltc#194520). - commit e52f63e - rtc: cmos: Disable irq around direct invocation of cmos_interrupt() (git-fixes). - swiotlb: use depends on for DMA_RESTRICTED_POOL (git-fixes). - commit 70087fe ++++ less: - Add missing runtime dependency on which, which it is used by lessopen.sh. Fix bsc#1190552. ++++ atk: - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ++++ audit: - Update to version 3.0.5: * In auditd, flush uid/gid caches when user/group added/deleted/modified * Fixed various issues when dealing with corrupted logs * In auditd, check if log_file is valid before closing handle - Include fixed from 3.0.4: * Apply performance speedups to auparse library * Optimize rule loading in auditctl * Fix an auparse memory leak caused by glibc-2.33 by replacing realpath * Update syscall table to the 5.14 kernel * Fixed various issues when dealing with corrupted logs ++++ json-glib: - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ++++ perl-Bootloader: - merge gh#openSUSE/perl-bootloader#136 - report error if config file could not be updated (bsc#1188768) - 0.936 ++++ qemu: - Fix testsuite dependencies (bsc#1190573) * Patches added: modules-quick-fix-a-fundamental-error-in.patch ++++ shared-mime-info: - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ++++ u-boot-rpiarm64: - Add sifiveunmatched flavor ++++ yast2: - Fixed losing the current product and package selection during installation, caused by unnecessary reloading of repositories (bsc#1190228) - 4.4.20 ------------------------------------------------------------------ ------------------ 2021-9-15 - Sep 15 2021 ------------------- ------------------------------------------------------------------ ++++ curl: - Temporarily disable flaky test 1184 * See https://github.com/curl/curl/issues/7725 - Update to 7.79.0: [bsc#1190213, CVE-2021-22945] [bsc#1190373, CVE-2021-22946] [bsc#1190374, CVE-2021-22947] * Changes: - bearssl: support CURLOPT_CAINFO_BLOB - http: consider cookies over localhost to be secure - secure transport: support CURLINFO_CERTINFO * Bugfixes: - CVE-2021-22945: clear the leftovers pointer when sending succeeds - CVE-2021-22946: do not ignore --ssl-reqd - CVE-2021-22947: reject STARTTLS server response pipelining - auth: do not append zero-terminator to authorisation id in kerberos - auth: properly handle byte order in kerberos security message - auth: use sasl authzid option in kerberos - auth: we do not support a security layer after kerberos authentication - c-hyper: deal with Expect: 100-continue combined with POSTFIELDS - c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection - c-hyper: initial step for 100-continue support - c-hyper: initial support for "dumping" 1xx HTTP responses - curl-openssl.m4: show correct output for OpenSSL v3 - docs/MQTT: update state of username/password support - docs: the security list is reached at security at curl.se now - getparameter: fix the --local-port number parser - hostip: Make Curl_ipv6works function independent of getaddrinfo - http_proxy: fix the User-Agent inclusion in CONNECT - http_proxy: fix user-agent and custom headers for CONNECT with hyper - http_proxy: only wait for writable socket while sending request - mailing lists: move from cool.haxx.se to lists.haxx.se - mbedtls: avoid using a large buffer on the stack - mbedTLS: initial 3.0.0 support - ngtcp2: remove the acked_crypto_offset struct field init - ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read - ngtcp2: reset the oustanding send buffer again when drained - ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream - ngtcp2: stop buffering crypto data - ngtcp2: utilize crypto API functions to simplify - openssl: when creating a new context, there cannot be an old one - scripts: invoke interpreters through /usr/bin/env - tests/runtests.pl: cleanup copy&paste mistakes and unused code - tests: be explicit about using 'python3' instead of 'python' - tool/tests: fix potential year 2038 issues - tool_operate: Fix --fail-early with parallel transfers - x509asn1: fix heap over-read when parsing x509 certificates * Rebase libcurl-ocloexec.patch ++++ e2fsprogs: - Update to 1.46.4: * Default to 256-byte inodes for all filesystems, not only larger ones * Bigalloc is considered supported now for small cluster sizes * E2fsck and e2image fixes for quota feature * Fix mke2fs creation of filesystem into non-existent file - libss-add-newer-libreadline.so.8-to-dlopen-path.patch: libss: add newer libreadline.so.8 to dlopen path (bsc#1189453) ++++ gstreamer: - Update to version 1.18.5: + aggregator: - Release the SRC lock while querying latency - Release pads' peeked buffer when removing the pad or finalizing it + basesink: Don't swap rstart/rstop when stepping + basesrc: Print segments with GST_SEGMENT_FORMAT and not GST_PTR_FORMAT + childproxy: init value in gst_child_proxy_get_property() if needed + clocksync: Fix providing system clock by default + concat: - Properly propagate seqnum of segment events - adjust running time offsets on downstream events - fix locking in SEGMENT event handler + downloadbuffer/sparsefile: several fixes for win32 + element: NULL the lists of contexts in dispose() + multiqueue: - Use running time of gap events for wakeups. - Ensure peer pad exists when iterating internal links + pad: - Keep IDLE probe hook alive during immediate callback - Ensure last flow return is set on sink pads in push mode - Don't spam the debug log at INFO level when default-chaining a buffer list - clear probes holding mutex + parse-launch: - Fix a critical when using the : operator. + Don't do delayed property setting for top-level properties. + plugin: load plugins with unknown license strings + ptpclock: Don't leak the GList + queue2: Refuse all serialized queries when posting buffering messages + systemclock: Update monotonic reference time when re-scheduling + High CPU usage in 1.18 (but not master) when pausing playback in gnome-music + Don't use volatile to mean atomic (fixes compiler warnings with gcc 11) ++++ gstreamer-plugins-base: - Update to version 1.18.5: + appsrc: Don't leak buffer list while wrongly unreffing buffer on EOS/flushing + audioaggregator: - Don't overwrite already written samples - Resync on the next buffer when dropping a buffer on discont resyncing + audiobasesink: Fix of double lock release + audiobasesrc: Fix divide by zero assertion + clockoverlay: Fix broken string formatting by strftime() on Windows + compositor: Fix NV12 blend operation + giosrc: Don't leak scheme string in gst_gio_src_query() + giobasesink: Handle incomplete writes in gst_gio_base_sink_render() + gl/wayland: - Use consistent wl_display when creating work queue for proxy wrapper - Provide a dummy global_remove function + gl: Fix build when Meson >= 0.58.0rc1 + playbin2: fix base_time selection when flush seeking live (such as with RTSP) + rtspconnection: - Add IPv6 support for tunneled mode - Consistently translate GIOError to GstRTSPResult (for rtspsrc) + rawbaseparse: check destination format correctly + uridecodebin: Don't force floating reference for future reusable decodebin + parsebin: Put stream flags in GstStream + splitmuxsink: always use factory property when set + video-converter: Set up matrix tables only once. + videoscale: Performance degradation from 1.16.2 -> 1.18.4 + videotestsrc: Fix a leak when computing alpha caps + audio/video-converter: Plug some minor leaks + audio,video-format: Make generate_raw_formats idempotent for assertions + Don't use volatile to mean atomic (fixes compiler warnings with gcc 11) + Fix build issue on MinGW64 - Drop 90903917.patch: Fixed upstream. ++++ libguestfs: - bsc#1190501 - virt-builder fails to install packages when building an image 9db0c98c-appliance-enable-bashs-Process-Substitution-feature.patch - Upstream bug fixes c0de4de9-appliance-add-reboot-and-netconfig-for-SUSE.patch f47e0bb6-appliance-reorder-mounting-of-special-filesystems-in-init.patch ++++ kernel-default: - Revert "rpm: Abolish scritplet templating (bsc#1189841)." This reverts commit e98096d5cf85dbe90f74a930eb1f0e3fe4a70c7f. This requires the update of suse-module-tools for external scripts but those aren't available yet, which breaks the builds on BS. Let's revert temporarily. It can be re-applied later on. - commit eebdae7 - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - commit 085f984 - swiotlb: Convert io_default_tlb_mem to static allocation (git-fixes). - commit fa8e4f7 - swiotlb: Update is_swiotlb_buffer to add a struct device argument (git-fixes). - commit 4ac85f1 - swiotlb: Add restricted DMA pool initialization (jsc#SLE-19358). - Update config files. - commit f52c750 - swiotlb: Add restricted DMA alloc/free support (git-fixes). - commit 3c5a096 - swiotlb: Refactor swiotlb_tbl_unmap_single (git-fixes). - commit 89af24c - swiotlb: Move alloc_size to swiotlb_find_slots (git-fixes). - commit 834e9fa - swiotlb: Refactor swiotlb_create_debugfs (git-fixes). - commit fcbe10c - swiotlb: Use is_swiotlb_force_bounce for swiotlb data bouncing (git-fixes). - commit 7aa7848 - swiotlb: Refactor swiotlb init functions (git-fixes). - commit becfe5a - net: qrtr: revert check in qrtr_endpoint_post() (git-fixes). - commit c715657 - Linux 5.14.4 (stable-5.14.4). - commit 49b16de - bootconfig: Fix missing return check of xbc_node_compose_key function (stable-5.14.4). - RDMA/mlx5: Fix number of allocated XLT entries (stable-5.14.4). - backlight: pwm_bl: Improve bootloader/kernel device handover (stable-5.14.4). - parisc: Fix unaligned-access crash in bootloader (stable-5.14.4). - devlink: Break parameter notification sequence to be before/after unload/load driver (stable-5.14.4). - commit efea9ae - fbmem: don't allow too huge resolutions (stable-5.14.4). - KVM: arm64: Unregister HYP sections from kmemleak in protected mode (stable-5.14.4). - KVM: arm64: vgic: Resample HW pending state on deactivation (stable-5.14.4). - fuse: wait for writepages in syncfs (stable-5.14.4). - fuse: flush extending writes (stable-5.14.4). - fuse: truncate pagecache on atomic_o_trunc (stable-5.14.4). - IMA: remove the dependency on CRYPTO_MD5 (stable-5.14.4). - ARM: dts: at91: add pinctrl-{names, 0} for all gpios (stable-5.14.4). - io-wq: check max_worker limits if a worker transitions bound state (stable-5.14.4). - md/raid10: Remove unnecessary rcu_dereference in raid10_handle_discard (stable-5.14.4). - commit 4c736f8 - KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted (stable-5.14.4). - KVM: s390: index kvm->arch.idle_mask by vcpu_idx (stable-5.14.4). - Revert "KVM: x86: mmu: Add guest physical address check in translate_gpa()" (stable-5.14.4). - KVM: VMX: avoid running vmx_handle_exit_irqoff in case of emulation (stable-5.14.4). - KVM: x86: clamp host mapping level to max_level in kvm_mmu_max_mapping_level (stable-5.14.4). - KVM: x86/mmu: Avoid collision with !PRESENT SPTEs in TDP MMU lpage stats (stable-5.14.4). - KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (stable-5.14.4). - tty: Fix data race between tiocsti() and flush_to_ldisc() (stable-5.14.4). - smb3: fix posix extensions mount option (stable-5.14.4). - perf/x86/intel/uncore: Fix IIO cleanup mapping procedure for SNR/ICX (stable-5.14.4). - commit f923c2d - io_uring: fail links of cancelled timeouts (stable-5.14.4). - iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha (stable-5.14.4). - io_uring: io_uring_complete() trace should take an integer (stable-5.14.4). - io_uring: IORING_OP_WRITE needs hash_reg_file set (stable-5.14.4). - f2fs: guarantee to write dirty data when enabling checkpoint back (stable-5.14.4). - ipv4: fix endianness issue in inet_rtm_getroute_build_skb() (stable-5.14.4). - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (stable-5.14.4). - io_uring: limit fixed table size by RLIMIT_NOFILE (stable-5.14.4). - raid1: ensure write behind bio has less than BIO_MAX_VECS sectors (stable-5.14.4). - bio: fix page leak bio_add_hw_page failure (stable-5.14.4). - commit e7826b9 - octeontx2-af: Set proper errorcode for IPv4 checksum errors (stable-5.14.4). - octeontx2-af: Fix static code analyzer reported issues (stable-5.14.4). - octeontx2-af: Fix mailbox errors in nix_rss_flowkey_cfg (stable-5.14.4). - octeontx2-af: Fix loop in free and unmap counter (stable-5.14.4). - net: qualcomm: fix QCA7000 checksum handling (stable-5.14.4). - net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed (stable-5.14.4). - sch_htb: Fix inconsistency when leaf qdisc creation fails (stable-5.14.4). - net: qrtr: make checks in qrtr_endpoint_post() stricter (stable-5.14.4). - ipv4: make exception cache less predictible (stable-5.14.4). - ipv6: make exception cache less predictible (stable-5.14.4). - commit df64b63 - ice: Only lock to update netdev dev_addr (stable-5.14.4). - ice: restart periodic outputs around time changes (stable-5.14.4). - ice: add lock around Tx timestamp tracker flush (stable-5.14.4). - ice: fix Tx queue iteration for Tx timestamp enablement (stable-5.14.4). - net: phy: marvell10g: fix broken PHY interrupts for anyone after us in the driver probe list (stable-5.14.4). - net/mlx5e: Use correct eswitch for stack devices with lag (stable-5.14.4). - net/mlx5: E-Switch, Set vhca id valid flag when creating indir fwd group (stable-5.14.4). - net/mlx5e: Fix possible use-after-free deleting fdb rule (stable-5.14.4). - net/mlx5: Remove all auxiliary devices at the unregister event (stable-5.14.4). - net/mlx5: Lag, fix multipath lag activation (stable-5.14.4). - commit 3b3e2c6 - m68k: coldfire: return success for clk_enable(NULL) (stable-5.14.4). - hv_utils: Set the maximum packet size for VSS driver to the length of the receive buffer (stable-5.14.4). - bpf: Fix possible out of bound write in narrow load handling (stable-5.14.4). - octeontx2-pf: cn10k: Fix error return code in otx2_set_flowkey_cfg() (stable-5.14.4). - octeontx2-af: cn10k: Use FLIT0 register instead of FLIT1 (stable-5.14.4). - octeontx2-pf: Fix algorithm index in MCAM rules with RSS action (stable-5.14.4). - octeontx2-pf: Don't install VLAN offload rule if netdev is down (stable-5.14.4). - octeontx2-af: Check capability flag while freeing ipolicer memory (stable-5.14.4). - octeontx2-pf: send correct vlan priority mask to npc_install_flow_req (stable-5.14.4). - CIFS: Fix a potencially linear read overflow (stable-5.14.4). - commit 609b85e - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (stable-5.14.4). - lkdtm: replace SCSI_DISPATCH_CMD with SCSI_QUEUE_RQ (stable-5.14.4). - libbpf: Re-build libbpf.so when libbpf.map changes (stable-5.14.4). - octeontx2-af: cn10k: Fix SDP base channel number (stable-5.14.4). - hwmon: (pmbus/bpa-rs600) Don't use rated limits as warn limits (stable-5.14.4). - mm/swap: consider max pages in iomap_swapfile_add_extent (stable-5.14.4). - nfsd4: Fix forced-expiry locking (stable-5.14.4). - SUNRPC: Fix a NULL pointer deref in trace_svc_stats_latency() (stable-5.14.4). - lockd: Fix invalid lockowner cast after vfs_test_lock (stable-5.14.4). - gfs2: init system threads before freeze lock (stable-5.14.4). - commit d2237ba - arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7 (stable-5.14.4). - drm/msm/mdp4: move HW revision detection to earlier phase (stable-5.14.4). - drm/msm/mdp4: refactor HW revision detection into read_mdp_hw_revision (stable-5.14.4). - selftests/bpf: Fix test_core_autosize on big-endian machines (stable-5.14.4). - net: stmmac: fix INTR TBU status affecting irq count statistic (stable-5.14.4). - samples: pktgen: add missing IPv6 option to pktgen scripts (stable-5.14.4). - devlink: Clear whole devlink_flash_notify struct (stable-5.14.4). - net/mlx5: Fix unpublish devlink parameters (stable-5.14.4). - selftests/bpf: Fix bpf-iter-tcp4 test to print correctly the dest IP (stable-5.14.4). - net: dsa: don't disable multicast flooding to the CPU even without an IGMP querier (stable-5.14.4). - commit 02e5f3f - arm64: dts: qcom: sm8350: fix IPA interconnects (stable-5.14.4). - arm64: dts: qcom: sc7280: Fixup the cpufreq node (stable-5.14.4). - debugfs: Return error during {full/open}_proxy_open() on rmmod (stable-5.14.4). - bpf, samples: Add missing mprog-disable to xdp_redirect_cpu's optstring (stable-5.14.4). - net: dsa: mt7530: remove the .port_set_mrouter implementation (stable-5.14.4). - net: dsa: stop syncing the bridge mcast_router attribute at join time (stable-5.14.4). - net: ti: am65-cpsw-nuss: fix RX IRQ state after .ndo_stop() (stable-5.14.4). - net: dsa: tag_sja1105: optionally build as module when switch driver is module if PTP is enabled (stable-5.14.4). - net/mlx5: Fix missing return value in mlx5_devlink_eswitch_inline_mode_set() (stable-5.14.4). - net: dsa: build tag_8021q.c as part of DSA core (stable-5.14.4). - commit 3916715 - ARM: dts: meson8b: ec100: Fix the pwm regulator supply properties (stable-5.14.4). - ARM: dts: meson8b: mxq: Fix the pwm regulator supply properties (stable-5.14.4). - ARM: dts: meson8b: odroidc1: Fix the pwm regulator supply properties (stable-5.14.4). - arm64: dts: renesas: hihope-rzg2-ex: Add EtherAVB internal rx delay (stable-5.14.4). - tools: Free BTF objects at various locations (stable-5.14.4). - libbpf: Return non-null error on failures in libbpf_find_prog_btf_id() (stable-5.14.4). - net: ti: am65-cpsw-nuss: fix wrong devlink release order (stable-5.14.4). - net: cipso: fix warnings in netlbl_cipsov4_add_std (stable-5.14.4). - net/mlx5e: Block LRO if firmware asks for tunneled LRO (stable-5.14.4). - net/mlx5e: Prohibit inner indir TIRs in IPoIB (stable-5.14.4). - commit c4ed0bf - arm64: dts: qcom: sm8250: fix usb2 qmp phy node (stable-5.14.4). - arm64: dts: qcom: sc7180: Set adau wakeup delay to 80 ms (stable-5.14.4). - ARM: dts: meson8: Use a higher default GPU clock frequency (stable-5.14.4). - 6lowpan: iphc: Fix an off-by-one check of array index (stable-5.14.4). - tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos (stable-5.14.4). - bpf, selftests: Fix test_maps now that sockmap supports UDP (stable-5.14.4). - libbpf: Fix removal of inner map in bpf_object__create_map (stable-5.14.4). - ionic: cleanly release devlink instance (stable-5.14.4). - gfs2: Fix memory leak of object lsi on error return path (stable-5.14.4). - commit 7d1d494 - ARM: dts: everest: Add phase corrections for eMMC (stable-5.14.4). - ARM: dts: aspeed-g6: Fix HVI3C function-group in pinctrl dtsi (stable-5.14.4). - arm64: dts: renesas: r8a77995: draak: Remove bogus adv7511w properties (stable-5.14.4). - libbpf: Fix the possible memory leak on error (stable-5.14.4). - i40e: improve locking of mac_filter_hash (stable-5.14.4). - bpf: Fix potential memleak and UAF in the verifier (stable-5.14.4). - bpf: Fix a typo of reuseport map in bpf.h (stable-5.14.4). - blk-crypto: fix check for too-large dun_bytes (stable-5.14.4). - x86/mce: Defer processing of early errors (stable-5.14.4). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (stable-5.14.4). - commit 02d828d - block: nbd: add sanity check for first_minor (stable-5.14.4). - nbd: do del_gendisk() asynchronously for NBD_DESTROY_ON_DISCONNECT (stable-5.14.4). - block: return ELEVATOR_DISCARD_MERGE if possible (stable-5.14.4). - genirq/timings: Fix error return code in irq_timings_test_irqs() (stable-5.14.4). - m68k: Fix asm register constraints for atomic ops (stable-5.14.4). - m68k: Fix invalid RMW_INSNS on CPUs that lack CAS (stable-5.14.4). - m68k: emu: Fix invalid free in nfeth_cleanup() (stable-5.14.4). - rcu: Fix stall-warning deadlock due to non-release of rcu_node - >lock (stable-5.14.4). - rcu: Fix to include first blocked task in stall warning (stable-5.14.4). - certs: Trigger creation of RSA module signing key if it's not an RSA key (stable-5.14.4). - commit a511576 - io-wq: remove GFP_ATOMIC allocation off schedule out path (stable-5.14.4). - s390/smp: enable DAT before CPU restart callback is called (stable-5.14.4). - s390/ap: fix state machine hang after failure to enable irq (stable-5.14.4). - s390/debug: fix debug area life cycle (stable-5.14.4). - s390/debug: keep debug data on resize (stable-5.14.4). - s390/pci: fix misleading rc in clp_set_pci_fn() (stable-5.14.4). - s390/kasan: fix large PMD pages address alignment check (stable-5.14.4). - fcntl: fix potential deadlock for &fasync_struct.fa_lock (stable-5.14.4). - fcntl: fix potential deadlocks for &fown_struct.lock (stable-5.14.4). - udf_get_extendedattr() had no boundary checks (stable-5.14.4). - commit ae103e9 - libata: fix ata_host_start() (stable-5.14.4). - crypto: tcrypt - Fix missing return value check (stable-5.14.4). - crypto: hisilicon/sec - modify the hardware endian configuration (stable-5.14.4). - crypto: hisilicon/sec - fix the abnormal exiting process (stable-5.14.4). - crypto: qat - do not export adf_iov_putmsg() (stable-5.14.4). - crypto: qat - fix naming for init/shutdown VF to PF notifications (stable-5.14.4). - crypto: qat - fix reuse of completion variable (stable-5.14.4). - crypto: qat - handle both source of interrupt in VF ISR (stable-5.14.4). - crypto: qat - do not ignore errors from enable_vf2pf_comms() (stable-5.14.4). - crypto: omap - Fix inconsistent locking of device lists (stable-5.14.4). - commit d5ab179 - nvmet: pass back cntlid on successful completion (stable-5.14.4). - nvme-rdma: don't update queue count when failing to set io queues (stable-5.14.4). - nvme-tcp: don't update queue count when failing to set io queues (stable-5.14.4). - nbd: add the check to prevent overflow in __nbd_ioctl() (stable-5.14.4). - blk-throtl: optimize IOPS throttle for large IO scenarios (stable-5.14.4). - bcache: add proper error unwinding in bcache_device_init (stable-5.14.4). - s390/zcrypt: fix wrong offset index for APKA master key valid state (stable-5.14.4). - s390/cio: add dev_busid sysfs entry for each subchannel (stable-5.14.4). - power: supply: max17042_battery: fix typo in MAx17042_TOFF (stable-5.14.4). - power: supply: smb347-charger: Add missing pin control activation (stable-5.14.4). - commit a330acc - crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop() (stable-5.14.4). - crypto: mxs-dcp - Check for DMA mapping errors (stable-5.14.4). - rcu/tree: Handle VM stoppage in stall detection (stable-5.14.4). - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (stable-5.14.4). - regulator: tps65910: Silence deferred probe error (stable-5.14.4). - regmap: fix the offset of register error log (stable-5.14.4). - isofs: joliet: Fix iocharset=utf8 mount option (stable-5.14.4). - udf: Fix iocharset=utf8 mount option (stable-5.14.4). - udf: Check LVID earlier (stable-5.14.4). - commit 238527c - Move already upstreamed patches into sorted section - commit caad71f - Update patch references for stable-5.14.4 - commit 7af61be - drm/i915/dp: Use max params for panels < eDP 1.4 (bsc#1190506). - commit 4fe7ae1 ++++ python3-core: - Update to 3.6.15: - bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. Library - bpo-45001: Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee. Tests - bpo-38965: Fix test_faulthandler on GCC 10. Use the “volatile” keyword in faulthandler._stack_overflow() to prevent tail call optimization on any compiler, rather than relying on compiler specific pragma. - Remove upstreamed patches: - faulthandler_stack_overflow_on_GCC10.patch ++++ python3: - Update to 3.6.15: - bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. Library - bpo-45001: Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee. Tests - bpo-38965: Fix test_faulthandler on GCC 10. Use the “volatile” keyword in faulthandler._stack_overflow() to prevent tail call optimization on any compiler, rather than relying on compiler specific pragma. - Remove upstreamed patches: - faulthandler_stack_overflow_on_GCC10.patch ++++ u-boot-rpiarm64: - Update to 2021.10-rc4 - Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10 * Patches dropped: 0014-btrfs-Use-default-subvolume-as-file.patch ++++ yast2: - Added infrastructure for installing missing UI extension plug-ins (jsc#SLE-20346, jsc#SLE-20462) - 4.4.19 - Add Y2Issues::WithIssues mixin to make easier to work with a list of issues (needed for jsc#SLE-20563). - 4.4.18 ------------------------------------------------------------------ ------------------ 2021-9-14 - Sep 14 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ++++ dnsmasq: - Added hardening to systemd service(s) (bsc#1181400). ++++ e2fsprogs: - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_e2scrub@.service.patch * harden_e2scrub_all.service.patch * harden_e2scrub_fail@.service.patch * harden_e2scrub_reap.service.patch ++++ kernel-default: - EDAC/i10nm: Fix NVDIMM detection (bsc#1190497). - commit 85a63fd - parisc: Move pci_dev_is_behind_card_dino to where it is used (git-fixes). - commit 49bc8a4 - dma-buf: DMABUF_DEBUG should depend on DMA_SHARED_BUFFER (git-fixes). - commit 50dc18d - dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER (git-fixes). - commit b57b42f - Refresh patches.suse/sched-nohz-Avoid-disabling-the-tick-for-very-short-durations.patch. Explain why the patch is still disabled. - commit 7ae8115 - Refresh patches.suse/cpuidle-Poll-for-a-minimum-of-30ns-and-poll-for-a-tick-if-lower-c-states-are-disabled.patch. Explain why the patch is still disabled. - commit 847d537 - Refresh patches.suse/cpufreq-ondemand-set-default-up_threshold-to-30-on-multi-core-systems.patch. Explain why the patch is still disabled. - commit 1e928cb - SUNRPC: don't pause on incomplete allocation (git fixes (net/sunrpc)). - commit 3ed8811 - swiotlb: Set dev->dma_io_tlb_mem to the swiotlb pool used (jsc#SLE-19358). - commit 193178b - of: property: Disable fw_devlink DT support for X86 (git-fixes). - pwm: mxs: Don't modify HW state in .probe() after the PWM chip was registered (git-fixes). - thermal/drivers/qcom/spmi-adc-tm5: Don't abort probing if a sensor is not used (git-fixes). - thermal/core: Fix thermal_cooling_device_register() prototype (git-fixes). - thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() (git-fixes). - clk: ralink: avoid to set 'CLK_IS_CRITICAL' flag for gates (git-fixes). - clk: renesas: rzg2l: Fix off-by-one check in rzg2l_cpg_clk_src_twocell_get() (git-fixes). - clk: renesas: rzg2l: Fix a double free on error (git-fixes). - clk: socfpga: agilex: add the bypass register for s2f_usr0 clock (git-fixes). - clk: socfpga: agilex: fix up s2f_user0_clk representation (git-fixes). - clk: socfpga: agilex: fix the parents of the psi_ref_clk (git-fixes). - mailbox: sti: quieten kernel-doc warnings (git-fixes). - commit 9555884 - pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was registered (git-fixes). - pwm: ab8500: Fix register offset calculation to not depend on probe order (git-fixes). - clk: zynqmp: fix kernel doc (git-fixes). - clk: imx8m: fix clock tree update of TF-A managed clocks (git-fixes). - clk: imx8mm: use correct mux type for clkout path (git-fixes). - clk: kirkwood: Fix a clocking boot regression (git-fixes). - clk: at91: clk-generated: Limit the requested rate to our range (git-fixes). - clk: rockchip: drop GRF dependency for rk3328/rk3036 pll types (git-fixes). - IMA: remove -Wmissing-prototypes warning (git-fixes). - commit 3ddd71a ++++ libvirt: - libxl: Improve reporting of die_id in capabilities b75a16ae-libxl-improve-die-id.patch boo#1190493 - libxl: Fix driver reload 65fab900-libxl-fix-driver-reload.patch, 51eb680b-libxl-dont-autostart-on-reload.patch bsc#1190420 ++++ qemu: - Replace patch to fix hardcoded binfmt handler (bsc#1186256) * Patches dropped: qemu-binfmt-conf.sh-allow-overriding-SUS.patch * Patches added: qemu-binfmt-conf.sh-should-use-F-as-shor.patch - Stable fixes from upstream * Patches added: 9pfs-fix-crash-in-v9fs_walk.patch i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch plugins-do-not-limit-exported-symbols-if.patch plugins-execlog-removed-unintended-s-at-.patch qemu-sockets-fix-unix-socket-path-copy-a.patch target-i386-add-missing-bits-to-CR4_RESE.patch virtio-balloon-don-t-start-free-page-hin.patch ++++ raspberrypi-firmware: - Update to b80f36b3fb (2021-09-13): * firmware: hdmi_2711: Use HDMI block REPEAT_PIXEL instead of PV See: https://forum.libreelec.tv/thread/24415-le-10-beta-for-i4-force-hdmi-resolution * firmware: DSI display autodetection for kms * firmware: arm_dt: Load overlays for detected cameras * firmware: Make more use of the user-warnings DT property * firmware: arm_loader: Consider required flags from GET_CLOCK_RATE See: #1598 * firmware: arm_loader: Make most arm clock requests required See: #1598 * firmware: firmware: Disable VLL loading from file system See: #1605 * firmware: video_decode: Use the ISP instead of vc_image_convert * firmware: video_decode: Correct support for YVU formats using ISP * firmware: arm_dt: Limit CMA to 256MB if total_mem < 2GB or gpu_mem > 256MB See: #1603 * firmware: hdmi_cec: Remove TX/RX SW_INIT on power_on See: Hexxeh/rpi-firmware#267 See: https://www.raspberrypi.org/forums/viewtopic.php?p=1895082#p1895082 * firmware: cec: Avoid sending messages with kms See: raspberrypi/linux#4460 * firmware: Revert: video_decode: Use the ISP instead of vc_image_convert * firmware: isp: Set the YUV420/YVU420 format stride to 64 byte * arm_loader: Add message to release firmware framebuffer * firmware: video_decode: Use the ISP instead of vc_image_convert * firmware: hdmi-2711: Wait for HDMI hardware scheduler to activate in HDMI mode * firmware: bcm_host: Recognise all Pi 4 variants, add BCM2711 See: raspberrypi/userland#695 * firmware: PoE+ HAT support See: raspberrypi/linux#4367 * firmware: arm_loader: Use Pi4 bootloader MAC_ADDRESS if set * firmware: platform: Apply ARM thermal throttling rules on BCM2711 * firmware: dt-blob.dts: Correct HDMI HPD and EMMC_ENABLE for CM4 See: https://www.raspberrypi.org/forums/viewtopic.php?f=29&p=1858516 * firmware: vcfw/hdmi: CUSTOM modes used for FKMS didn't set RGB quant range correctly See: #1580 * firmware: platform: Remove build-time constant for MICROVOLTS_PER_PIP * firmware: Pi400: Reduce MII clock freq when probing ethernet PHY * firmware: isp: Ensure the VRF is locked when setting up video colour denoise See: raspberrypi/libcamera-apps#19 * firmware: isp: Remove custom EV mappings from camera tunings * firmware: Add support for board-type=0xXX conditional filters in bootloader, bootcode and firmware * firmware: Two UART1 patches See: #1566 * firmware: arm_loader: kernel_old=1 should force kernel_address=0 See: #1561 * firmware: scalerlib: Fix offset applied to x coordinate of YUV10COL image See: https://forum.kodi.tv/showthread.php?tid=361164&pid=3024654#pid3024654 * firmware: vcfw/power: Add a new latch for power_pad_control See: #1552 * firmware: board-info: Fix memsize on 3B+ * firmware: Move core to PLLA and support accurate clk108 See: xbmc/xbmc#19263 * firmware: board_info: Separate memory size from OTP field encoding * firmware: power: Swap DA9090 ADC assignments to match XR77004 * firmware: vl805: Remove redundant log statement and fix warning * firmware: power: Fix DA9090 ADC1 register definition * firmware: arm_loader: Only report clocks arm has set, not siblings * firmware: arm_loader: Don't report clocks set as turbo side effect of arm clock * firmware: arm_loader: 2711: gpu clocks are not dependant * firmware: platform: Need to clear cached versions of get_max_clock_internal vars * firmware: video_decode: For VC1/WMV with no signalled header bytes, use start of 1st buffer See: raspberrypi/linux#4113 ++++ raspberrypi-firmware-config: - Update to b80f36b3fb (2021-09-13): * firmware: hdmi_2711: Use HDMI block REPEAT_PIXEL instead of PV See: https://forum.libreelec.tv/thread/24415-le-10-beta-for-i4-force-hdmi-resolution * firmware: DSI display autodetection for kms * firmware: arm_dt: Load overlays for detected cameras * firmware: Make more use of the user-warnings DT property * firmware: arm_loader: Consider required flags from GET_CLOCK_RATE See: #1598 * firmware: arm_loader: Make most arm clock requests required See: #1598 * firmware: firmware: Disable VLL loading from file system See: #1605 * firmware: video_decode: Use the ISP instead of vc_image_convert * firmware: video_decode: Correct support for YVU formats using ISP * firmware: arm_dt: Limit CMA to 256MB if total_mem < 2GB or gpu_mem > 256MB See: #1603 * firmware: hdmi_cec: Remove TX/RX SW_INIT on power_on See: Hexxeh/rpi-firmware#267 See: https://www.raspberrypi.org/forums/viewtopic.php?p=1895082#p1895082 * firmware: cec: Avoid sending messages with kms See: raspberrypi/linux#4460 * firmware: Revert: video_decode: Use the ISP instead of vc_image_convert * firmware: isp: Set the YUV420/YVU420 format stride to 64 byte * arm_loader: Add message to release firmware framebuffer * firmware: video_decode: Use the ISP instead of vc_image_convert * firmware: hdmi-2711: Wait for HDMI hardware scheduler to activate in HDMI mode * firmware: bcm_host: Recognise all Pi 4 variants, add BCM2711 See: raspberrypi/userland#695 * firmware: PoE+ HAT support See: raspberrypi/linux#4367 * firmware: arm_loader: Use Pi4 bootloader MAC_ADDRESS if set * firmware: platform: Apply ARM thermal throttling rules on BCM2711 * firmware: dt-blob.dts: Correct HDMI HPD and EMMC_ENABLE for CM4 See: https://www.raspberrypi.org/forums/viewtopic.php?f=29&p=1858516 * firmware: vcfw/hdmi: CUSTOM modes used for FKMS didn't set RGB quant range correctly See: #1580 * firmware: platform: Remove build-time constant for MICROVOLTS_PER_PIP * firmware: Pi400: Reduce MII clock freq when probing ethernet PHY * firmware: isp: Ensure the VRF is locked when setting up video colour denoise See: raspberrypi/libcamera-apps#19 * firmware: isp: Remove custom EV mappings from camera tunings * firmware: Add support for board-type=0xXX conditional filters in bootloader, bootcode and firmware * firmware: Two UART1 patches See: #1566 * firmware: arm_loader: kernel_old=1 should force kernel_address=0 See: #1561 * firmware: scalerlib: Fix offset applied to x coordinate of YUV10COL image See: https://forum.kodi.tv/showthread.php?tid=361164&pid=3024654#pid3024654 * firmware: vcfw/power: Add a new latch for power_pad_control See: #1552 * firmware: board-info: Fix memsize on 3B+ * firmware: Move core to PLLA and support accurate clk108 See: xbmc/xbmc#19263 * firmware: board_info: Separate memory size from OTP field encoding * firmware: power: Swap DA9090 ADC assignments to match XR77004 * firmware: vl805: Remove redundant log statement and fix warning * firmware: power: Fix DA9090 ADC1 register definition * firmware: arm_loader: Only report clocks arm has set, not siblings * firmware: arm_loader: Don't report clocks set as turbo side effect of arm clock * firmware: arm_loader: 2711: gpu clocks are not dependant * firmware: platform: Need to clear cached versions of get_max_clock_internal vars * firmware: video_decode: For VC1/WMV with no signalled header bytes, use start of 1st buffer See: raspberrypi/linux#4113 ++++ yast2-trans: - Update to version 84.87.20210914.a5d6b81b64: * New POT for text domain 'control-center'. * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * New POT for text domain 'installation'. * Translated using Weblate (Czech) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'update'. * New POT for text domain 'kdump'. * New POT for text domain 'country'. * New POT for text domain 'services-manager'. * Translated using Weblate (Finnish) * New POT for text domain 'add-on'. ------------------------------------------------------------------ ------------------ 2021-9-13 - Sep 13 2021 ------------------- ------------------------------------------------------------------ ++++ curl: - Security fix: [bsc#1190374, CVE-2021-22947] * STARTTLS protocol injection via MITM * Add curl-CVE-2021-22947.patch - Security fix: [bsc#1190373, CVE-2021-22946] * Protocol downgrade required TLS bypassed * Add curl-CVE-2021-22946.patch ++++ drbd: - bsc#1190359, update to 9.0.30 * fix a crash when drbd-9 node gets connected to a drbd-8.4 node, the regression was introduced between 9.0.25 and 9.0.26 * A improved approach to serialize rsyncs from multiple sources; the previous one could cause wrong accounting for online verify * fix a race condition that could cause resync operations to stall when the completion of one resync allows another one to proceed * fix a race condition that could cause an online verify operation to not terminate under specific conditions (corking enabled no other IO) * fix locking of drbd_devices idr that caused (very rarely) create/remove minor to fail - Add patch convert_to_blk_alloc_disk.patch (kernel b647ad024) - Remove patch Revert-drbd-serialize-syncs-from-multiple-sources.patch Remove patch drbd-fix-race-condition-resetting-resync_next_bit.patch Remove patch drbd-Fix-a-possible-NULL-deref-found-with-gcc-11-fan.patch Remove patch drbd-change-to-L_VERIFY_S-after-peer-is-L_VERIFY_T.patch Remove patch drbd-fix-termination-of-verify-with-stop-sector.patch Remove patch drbd-remove-device_to_minor.patch Remove patch drbd-use-DEFINE_MUTEX-insteadm-of-mutex_init.patch Remove patch drbd-Fix-locking-for-the-drbd_devices-idr.patch Remove patch drbd-fix-protocol-compatibility-with-drbd-8.4-state.patch - Disable rt build for x86_64 temporarily due to not kernel-rt still in 5.3.18 ++++ libguestfs: - Newer cpio versions must be told to extract over symlinks libguestfs.test.simple.create-opensuse-guest-crypt-on-lvm.sh libguestfs.test.simple.create-opensuse-guest.sh libguestfs.test.simple.create-sles12-guest-crypt-on-lvm.sh libguestfs.test.simple.create-sles12-guest.sh - Allow the use busybox dhcp client appliance.patch netconfig.patch - Update to version 1.44.2 makefile-ocaml-find-guestfs.patch * Port libguestfs to use pcre2 instead of pcre * inspection: More reliable detection of Linux split /usr configurations * python: Relicense setup.py to LGPLv2+ (originally GPLv2+) * lib: qemu: Don't use -enable-fips option. * rust: Fix deprecated use of panic!(format!(...)) * point users to Libera Chat rather than FreeNode * python: Don't leak fields when creating Python structs * appliance: Add IBM850 iconv converter for syslinux * launch: board model for RISC-V * lib: Add osinfo information for Windows Server 2022 Datacenter * lib: Autodetect backing format for qemu-img create -b * appliance: Fix searching for shared libraries on usr-merged Debian systems * appliance: Add mount package for Debian * m4/guestfs-appliance.m4: Add support for Alma and Cloud Linux * daemon/luks.c: Ignore bogus GCC -fanalyzer double-free warning * daemon/xattr.c: Increase size of temporary buffer for %zu * daemon/utils.c: Fix potential unbounded stack usage * Various other bug fixes - Upstream bug fixes post 1.44.2 e26cfa44-daemon-Build-with--pthread.patch 489b14b7-ocaml-examples-Link-examples-to-gnulib.patch 68a02c2f-customize--resize--sparsify--sysprep-Link-explicitly-with-pthread.patch ++++ kernel-default: - futex: Remove unused variable 'vpid' in futex_proxy_trylock_atomic() (bsc#1190137 bsc#1189998). - futex: Avoid redundant task lookup (bsc#1190137 bsc#1189998). - futex: Clarify comment for requeue_pi_wake_futex() (bsc#1190137 bsc#1189998). - futex: Prevent inconsistent state and exit race (bsc#1190137 bsc#1189998). - futex: Return error code instead of assigning it without effect (bsc#1190137 bsc#1189998). - commit feb090a - locking/rtmutex: Fix ww_mutex deadlock check (bsc#1190137 bsc#1189998). - locking/rwsem: Add missing __init_rwsem() for PREEMPT_RT (bsc#1190137 bsc#1189998). - ipc: replace costly bailout check in sysvipc_find_ipc() (bsc#1190187). - clocksource: Make clocksource watchdog test safe for slow-HZ systems (bsc#1190366). - hrtimer: Unbreak hrtimer_force_reprogram() (bsc#1190366). - hrtimer: Use raw_cpu_ptr() in clock_was_set() (bsc#1190366). - hrtimer: Avoid more SMP function calls in clock_was_set() (bsc#1190366). - hrtimer: Avoid unnecessary SMP function calls in clock_was_set() (bsc#1190366). - hrtimer: Add bases argument to clock_was_set() (bsc#1190366). - time/timekeeping: Avoid invoking clock_was_set() twice (bsc#1190366). - timekeeping: Distangle resume and clock-was-set events (bsc#1190366). - timerfd: Provide timerfd_resume() (bsc#1190366). - hrtimer: Force clock_was_set() handling for the HIGHRES=n, NOHZ=y case (bsc#1190366). - hrtimer: Ensure timerfd notification for HIGHRES=n (bsc#1190366). - hrtimer: Consolidate reprogramming code (bsc#1190366). - hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns() (bsc#1190366). - posix-cpu-timers: Recalc next expiration when timer_settime() ends up not queueing (bsc#1190366). - posix-cpu-timers: Consolidate timer base accessor (bsc#1190366). - posix-cpu-timers: Remove confusing return value override (bsc#1190366). - posix-cpu-timers: Force next expiration recalc after itimer reset (bsc#1190366). - posix-cpu-timers: Force next_expiration recalc after timer deletion (bsc#1190366). - posix-cpu-timers: Assert task sighand is locked while starting cputime counter (bsc#1190366). - posix-timers: Remove redundant initialization of variable ret (bsc#1190366). - commit 011c676 - ceph: fix dereference of null pointer cf (bsc#1190451). - ceph: cancel delayed work instead of flushing on mdsc teardown (bsc#1190450). - ceph: fix memory leak on decode error in ceph_handle_caps (bsc#1190449). - commit 88b4fb8 - sched: Prevent balance_push() on remote runqueues (bsc#1189998 (PREEMPT_RT prerequisite backports)). - sched/idle: Make the idle timer expire in hard interrupt context (bsc#1189998 (PREEMPT_RT prerequisite backports)). - locking/rtmutex: Fix ww_mutex deadlock check (bsc#1189998 (PREEMPT_RT prerequisite backports)). - commit 49ddff0 - KVM: SVM: Add 5-level page table support for SVM (jsc#SLE-19031). - commit 0f049f1 - KVM: x86/mmu: Support shadowing NPT when 5-level paging is enabled in host (jsc#SLE-19031). - commit e29bb21 - PCI: Refactor pci_ioremap_bar() and pci_ioremap_wc_bar() (jsc#SLE-19358). - commit ecdcb3d - PCI: Use pci_update_current_state() in pci_enable_device_flags() (jsc#SLE-19359). - commit a7e5f38 - swiotlb: Update is_swiotlb_active to add a struct device argument (jsc#SLE-19358). - commit 57a468f - time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes). - commit 9143783 - KVM: x86: Allow CPU to force vendor-specific TDP level (jsc#SLE-19031). - commit 7c5fbaa - Update patch reference for a BT fix (bsc#1190424) - commit cbd9338 - HID: usbhid: Simplify code in hid_submit_ctrl() (git-fixes). - commit e2aa05b - auxdisplay: hd44780: Fix oops on module unloading (git-fixes). - net: dsa: mt7530: fix VLAN traffic leaks again (stable-5.14.1). - commit 4d90932 - fixup "rpm: support gz and zst compression methods" once more (bsc#1190428, bsc#1190358) Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods") Fixes: 23510fce36ec ("fixup "rpm: support gz and zst compression methods"") - commit 165378a - Linux 5.14.3 (stable-5.14.3). - commit 6323b14 - ALSA: usb-audio: Add registration quirk for JBL Quantum 800 (stable-5.14.3). - cxl/pci: Fix debug message in cxl_probe_regs() (stable-5.14.3). - cxl/pci: Fix lockdown level (stable-5.14.3). - cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports (stable-5.14.3). - Bluetooth: Add additional Bluetooth part for Realtek 8852AE (stable-5.14.3). - igmp: Add ip_mc_list lock in ip_check_mc_rcu (stable-5.14.3). - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (stable-5.14.3). - Revert "r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM" (stable-5.14.3). - commit da9501b - Update patch reference for stable-5.14.3 - commit d3527b2 - fs: dlm: fix return -EINTR on recovery stopped (bsc#1190378). - commit a5b8aec ++++ libseccomp: - Skip 11-basic-basic_errors test on qemu linux-user emulation ++++ system-users: - system-user-tss.conf: Remove group entry, not needed and did contain syntax errors (bsc#1190401). ------------------------------------------------------------------ ------------------ 2021-9-12 - Sep 12 2021 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - Update to 5.14 * convert: * new option --uuid to copy, generate or set a given uuid * improve output * mkfs: * allow to create degenerate raid0 (on 1 device) and raid10 (on 2 devices) * image: * improved error messages * fix some alignment of restored image * subvol delete: allow to delete by id when path is not resolvable * check: * require alignment of nodesize for 64k page systems * detect and fix invalid block groups * libbtrfs (deprecated): * remove most exported symbols, leave only a few that are used by snapper * no version change (still 0.1) * remove btrfs-list.h, btrfsck.h * fixes: * reset generation of space v1 if v2 is used * fi us: don't wrongly report missing device size when partition is not readable * other: * build: experimental features * build: better detection of 64bit timestamp support for ext4 * corrupt-block: block group items * new and updated tests * refactoring * experimental features: * new image dump format, with data ++++ kernel-default: - fixup "rpm: support gz and zst compression methods" once more Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods") Fixes: 23510fce36ec ("fixup "rpm: support gz and zst compression methods"") - commit 34e68f4 - Avoid double printing SUSE specific flags in mod->taint (bsc#1190413). - commit 05a7926 - fixup "rpm: support gz and zst compression methods" Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods") - commit 23510fc ++++ harfbuzz: - harfbuzz 2.9.1: + Subsetter API close to stable + Various fuzzer-found bug fixes + hb_buffer_append() now handles the pre- and post-context which previously were left unchanged in the destination buffer + hb-view / hb-shape now accept following new arguments: - -unicodes: takes a list of hex numbers that represent Unicode codepoints. + Undeprecated API: hb_set_invert() - includes changes from 2.9.0: + Support multiple variation axes with same tag, aka HOI + The coretext testing shaper now passes font variations to CoreText + hb-shape/hb-view does not break line at new lines unless text is read from file + hb-view and hb-subset has a --batch now, similar to hb-shape + The --batch mode now uses ; as argument separator instead of : used previously + The --batch in hb-shape does not expect 0th argument anymore. That is, the lines read are interpreted as argv[1:], instead of argv[0:]. + The --batch option has been undocumented. We are ready to document it; send feedback if you find it useful + hb-subset got arguments revamps. Added much-requested - -gids-file, --glyphs, --glyphs-file, --unicodes-file, supporting ranges in --unicodes. + Various bug fixes ++++ openssl-1_1: - Update to openssl-1.1.1l ('L' as in 'Lima') for SUSE-SLE-15-SP4 * jsc#SLE-19640, jsc#PM-2816 - Changes in 1.1.1l: * [bsc#1189520, CVE-2021-3711] Fixed an SM2 Decryption Buffer Overflow. * [bsc#1189521, CVE-2021-3712] Fixed various read buffer overruns processing ASN.1 strings - Changes in 1.1.1k * Fixed a problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag. This flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. ([CVE-2021-3450]) [bsc#1183851] * Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. ([CVE-2021-3449]) [bsc#1183852] - Changes in 1.1.1j * Fixed the X509_issuer_and_serial_hash() function. It attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it was failing to correctly handle any errors that may occur while parsing the issuer field [bsc#1182331, CVE-2021-23841] * Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING padding mode to correctly check for rollback attacks. * Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate functions. Previously they could overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call would be 1 (indicating success), but the output length value would be negative. This could cause applications to behave incorrectly or crash. [bsc#1182333, CVE-2021-23840] * Fixed SRP_Calc_client_key so that it runs in constant time. The previous implementation called BN_mod_exp without setting BN_FLG_CONSTTIME. This could be exploited in a side channel attack to recover the password. Since the attack is local host only this is outside of the current OpenSSL threat model and therefore no CVE is assigned. - Changes in 1.1.1i * Fixed NULL pointer deref in GENERAL_NAME_cmp * bsc#1179491, CVE-2020-1971 - Changes in 1.1.1h * Disallow explicit curve parameters in verifications chains when X509_V_FLAG_X509_STRICT is used * Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS contexts - Changes in 1.1.1g * Fixed segmentation fault in SSL_check_chain (CVE-2020-1967, bsc#1169407) Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. * Added AES consttime code for no-asm configurations an optional constant time support for AES was added when building openssl for no-asm. - Changes in 1.1.1f * Revert the unexpected EOF reporting via SSL_ERROR_SSL - Changes in 1.1.1e * Properly detect EOF while reading in libssl. Previously if we hit an EOF while reading in libssl then we would report an error back to the application (SSL_ERROR_SYSCALL) but errno would be 0. We now add an error to the stack (which means we instead return SSL_ERROR_SSL) and therefore give a hint as to what went wrong. * Check that ed25519 and ed448 are allowed by the security level. Previously signature algorithms not using an MD were not being checked that they were allowed by the security level. * Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername() was not quite right. The behaviour was not consistent between resumption and normal handshakes, and also not quite consistent with historical behaviour. The behaviour in various scenarios has been clarified and it has been updated to make it match historical behaviour as closely as possible. * Corrected the documentation of the return values from the EVP_DigestSign* set of functions. The documentation mentioned negative values for some errors, but this was never the case, so the mention of negative values was removed. * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. The presence of this system service is determined at run-time. * Added newline escaping functionality to a filename when using openssl dgst. This output format is to replicate the output format found in the '*sum' checksum programs. This aims to preserve backward compatibility. * Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just the first value. - Dropped the following patches: * openssl-1_1-CVE-2019-1551.patch * openssl-fips-dont_run_FIPS_module_installed.patch * openssl-fips_fix_selftests_return_value.patch * openssl-CVE-2020-1967.patch * openssl-CVE-2020-1967-test1.patch * openssl-CVE-2020-1967-test2.patch * openssl-CVE-2020-1967-test3.patch * openssl-CVE-2020-1971.patch * openssl-CVE-2021-23840.patch * openssl-CVE-2021-23841.patch * openssl-1_1-CVE-2021-3449-NULL_pointer_deref_in_signature_algorithms.patch * openssl-1.1.1-fips_list_ciphers.patch * CVE-2021-3711-1-Correctly-calculate-the-length-of-SM2-plaintext-give.patch * CVE-2021-3711-2-Extend-tests-for-SM2-decryption.patch * CVE-2021-3711-3-Check-the-plaintext-buffer-is-large-enough-when-decr.patch * CVE-2021-3712-Fix-read-buffer-overrun-in-X509_aux_print.patch * CVE-2021-3712-other-ASN1_STRING-issues.patch - Rebased the following patches: * 0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch * 0003-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch * openssl-1.1.0-issuer-hash.patch * openssl-1.1.0-no-html.patch * openssl-1.1.1-evp-kdf.patch * openssl-1.1.1-fips-crng-test.patch * openssl-1.1.1-fips-post-rand.patch * openssl-1.1.1-fips.patch * openssl-1.1.1-ssh-kdf.patch * openssl-DH.patch * openssl-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch * openssl-assembly-pack-accelerate-scalar-multiplication.patch * openssl-fips_selftest_upstream_drbg.patch * openssl-kdf-selftest.patch * openssl-kdf-ssh-selftest.patch * openssl-kdf-tls-selftest.patch * openssl-s390x-assembly-pack-accelerate-ECDSA.patch * openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch * openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch * openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch ++++ pango: - Update to version 1.48.10: + Fix a crash in strikethrough drawing. + pango-view: - Support antialiasing freetype. - Use GraphicsMagick. ++++ supermin: - Restore ExclusiveArch, continue to follow libguestfs The 'almost' below is the reason. ------------------------------------------------------------------ ------------------ 2021-9-11 - Sep 11 2021 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 3.5.4 - tukit: Fix resolved support [boo#1190383] ++++ kernel-default: - ACPI: PRM: Find PRMT table before parsing it (git-fixes). - PM: sleep: core: Avoid setting power.must_resume to false (git-fixes). - drm/ttm: Fix a deadlock if the target BO is not idle during swap (git-fixes). - drm/ttm: Fix ttm_bo_move_memcpy() for subclassed struct ttm_resource (git-fixes). - drm/panfrost: Use u64 for size in lock_region (git-fixes). - drm/panfrost: Simplify lock_region calculation (git-fixes). - drm/ttm: ttm_bo_device is now ttm_device (git-fixes). - drm/amdkfd: drop process ref count when xnack disable (git-fixes). - drm/amdgpu: Fix a deadlock if previous GEM object allocation fails (git-fixes). - drm/amdgpu: Disable PCIE_DPM on Intel RKL Platform (git-fixes). - commit ffccbd5 ------------------------------------------------------------------ ------------------ 2021-9-10 - Sep 10 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#1189841).") - commit 8684de8 - atlantic: Fix driver resume flow (jsc#SLE-19855). - commit 78d21a0 - net: atlantic: switch from 'pci_' to 'dma_' API (jsc#SLE-19855). - commit 65338ab - qed: Enable automatic recovery on error condition (jsc#SLE-19875). - commit 635baf8 - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead. - commit 5d1f677 - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - commit d7d2e6e - dmaengine: idxd: make submit failure path consistent on desc freeing (git-fixes). - commit 8c1c92b - blacklist.conf: Add an already cherry-picked dmaengine/idxd entry - commit 6a92e25 - dmaengine: idxd: add missing percpu ref put on failure (git-fixes). - commit e15bd69 - dmaengine: idxd: Remove unused status variable in irq_process_work_list() (git-fixes). - dmaengine: idxd: remove fault processing code (git-fixes). - commit 9340fe2 - dmaengine: acpi: Avoid comparison GSI with Linux vIRQ (git-fixes). - dmaengine: idxd: clear block on fault flag when clear wq (git-fixes). - dmaengine: dw: Remove error message from DT parsing code (git-fixes). - dmaengine: idxd: fix abort status check (git-fixes). - dmaengine: idxd: fix wq slot allocation index check (git-fixes). - dmaengine: idxd: have command status always set (git-fixes). - dmanegine: idxd: cleanup all device related bits after disabling device (git-fixes). - commit 3b93958 ++++ multipath-tools: - Update to version 0.8.7+14+suse.5a09bfa1: * Fix possible string overflows (bsc#1188148) - Upstream fixes / changes * better string handling * multipath: print warning if multipathd isn't running * mpathpersist: better error msg when no usable paths exist * fixes from 0.8.6+32+suse.f11c192 merged upstream ++++ systemd: - SLEtify This forward port most of the SLE stuff from SLE15-SP2 to this Factory snapshot making this version good enough for starting testing the version that will be shipped in SLE15-SP3. Add 1001-udev-use-lock-when-selecting-the-highest-priority-de.patch (bsc#1181192 bsc#1184238 bsc#1184254 bsc#1184859 bsc#1185828) Add 1002-udev-add-option-to-generate-old-buggy-SCSI-serials.patch Add 1003-logind-store-a-timestamp-when-the-ACPI-power-button-.patch (bsc#981830 bsc#888612 bsc#1072933) Add 1004-udev-don-t-create-by-partlabel-primary-and-.-logical.patch (bsc#1178023 bsc#1183702) Add 1005-udev-optionally-disable-the-generation-of-the-partla.patch (bsc#1089761) Add 1006-logind-keep-backward-compatibility-with-UserTasksMax.patch Add 1007-Restore-support-for-halt.local.patch Add 1008-login-mark-again-framebuffer-devices-as-master-of-se.patch (bsc#1187154) merge compats/persistent-nic-names (bsc#1061883 bsc#1083158 bsc#1178561) merge compats/udev-compat-symlinks networkd is kept enabled as it's shipped in Leap distros (bsc#1071311) The following udev rules are no more kept by the systemd package 60-io-scheduler.rules (bsc#1165579 bsc#1164717 bsc#1134353 bsc#1177490 bsc#1184994 bsc#1188713) 80-acpi-container-hotplug.rules (bsc#1082485 bsc#1040800 bsc#1078358 bsc#1081170 bsc#1075743) 80-hotplug-cpu-mem.rules (bsc#1076696 bsc#1127557) 99-wakeup-from-idle.rules Move systemd-sysv-convert back from /usr/lib/systemd to /usr/sbin (bsc#1178156) Add conversion script for moving legacy collect based udev rules to chzdev based ones (bsc#1183984) SLE systemd default settings are hold by systemd-default-settings-branding-SLE (bsc#1065301 jsc#SLE-10123) Don't mount /tmp as tmpfs by default Set the version of the net naming scheme to 'v238' Set the default cgroup hierarchy to 'hybrid' Create /run/lock/subsys again (bsc#1187292) Restore "Provides/Obsoletes: systemd-bash-completion" - Drop git internal files from the testsuite sub-package - Adjust pam macros ------------------------------------------------------------------ ------------------ 2021-9-9 - Sep 9 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Refresh patches.suse/nvme-multipath-revalidate-paths-during-rescan.patch. Update commit hash. - commit eab59ce - Refresh patches.suse/cpuidle-pseries-Fixup-CEDE0-latency-only-for-POWER10.patch Update patch metadata. - commit 28383a8 - bnxt_en: Fix possible unintended driver initiated error recovery (jsc#SLE-19704). - commit 63dcc3d - bnxt_en: Fix UDP tunnel logic (jsc#SLE-19704). - commit 4526d43 - bnxt_en: Fix asic.rev in devlink dev info command (jsc#SLE-19704). - commit e65f870 - bnxt_en: fix read of stored FW_PSID version on P5 devices (jsc#SLE-19704). - commit 8b9353d - bnxt_en: fix stored FW_PSID version masks (jsc#SLE-19704). - commit 02da0ca - bnxt_en: fix kernel doc warnings in bnxt_hwrm.c (jsc#SLE-19704). - commit 4e81dc5 - Refresh patches.suse/mm-page_alloc.c-avoid-accessing-uninitialized-pcp-page-migratetype.patch. Update metadata and move to the sorted section. - commit adb2477 - Enable MQ channelization by default for ibmvfc (jsc#SLE-20056). Delete patches.suse/ibmvfc-disable-MQ-channelization-by-default.patch. - commit fef44f6 - Remove obsolete non-mainline patches (bsc#1178366). - Delete patches.suse/ext4-show-the-dax-option-in-mount-options.patch. - Delete patches.suse/xfs-show-the-dax-option-in-mount-options.patch. - commit 1a3b5af - mm/mempolicy: fix a race between offset_il_node and mpol_rebind_task (bsc#1190208 (MM functional and performance backports)). - mm,vmscan: fix divide by zero in get_scan_count (bsc#1190208 (MM functional and performance backports)). - mm: migrate: change to use bool type for 'page_was_mapped' (bsc#1190208 (MM functional and performance backports)). - mm: migrate: fix the incorrect function name in comments (bsc#1190208 (MM functional and performance backports)). - mm: migrate: introduce a local variable to get the number of pages (bsc#1190208 (MM functional and performance backports)). - mm/workingset: correct kernel-doc notations (bsc#1190208 (MM functional and performance backports)). - fs/epoll: use a per-cpu counter for user's watches count (bsc#1190208 (MM functional and performance backports)). - mm: introduce PAGEFLAGS_MASK to replace ((1UL << NR_PAGEFLAGS) - 1) (bsc#1190208 (MM functional and performance backports)). - mm: in_irq() cleanup (bsc#1190208 (MM functional and performance backports)). - mm: remove redundant compound_head() calling (bsc#1190208 (MM functional and performance backports)). - mm: memory_hotplug: cleanup after removal of pfn_valid_within() (bsc#1190208 (MM functional and performance backports)). - mm: remove pfn_valid_within() and CONFIG_HOLES_IN_ZONE (bsc#1190208 (MM functional and performance backports)). - memory-hotplug.rst: complete admin-guide overhaul (bsc#1190208 (MM functional and performance backports)). - memory-hotplug.rst: remove locking details from admin-guide (bsc#1190208 (MM functional and performance backports)). - commit 06dd188 - mm/memory_hotplug: remove nid parameter from remove_memory() and friends (git fixes (mm/hotplug)). - mm/memory_hotplug: remove nid parameter from arch_remove_memory() (git fixes (mm/hotplug)). - mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range() (git fixes (mm/hotplug)). - commit 3108871 - mm/vmstat: protect per cpu variables with preempt disable on RT (bsc#1189998 (PREEMPT_RT prerequisite backports)). - highmem: don't disable preemption on RT in kmap_atomic() (bsc#1189998 (PREEMPT_RT prerequisite backports)). - mm/madvise: add MADV_WILLNEED to process_madvise() (bsc#1190208 (MM functional and performance backports)). - mm/vmstat: remove unneeded return value (bsc#1190208 (MM functional and performance backports)). - mm/vmstat: simplify the array size calculation (bsc#1190208 (MM functional and performance backports)). - mm/vmstat: correct some wrong comments (bsc#1190208 (MM functional and performance backports)). - mm/percpu,c: remove obsolete comments of pcpu_chunk_populated() (bsc#1190208 (MM functional and performance backports)). - mm/mempolicy.c: use in_task() in mempolicy_slab_node() (bsc#1190208 (MM functional and performance backports)). - mm/mempolicy: use readable NUMA_NO_NODE macro instead of magic number (bsc#1190208 (MM functional and performance backports)). - mm: compaction: optimize proactive compaction deferrals (bsc#1190208 (MM functional and performance backports)). - mm/vmpressure: replace vmpressure_to_css() with vmpressure_to_memcg() (bsc#1190208 (MM functional and performance backports)). - hugetlb: fix hugetlb cgroup refcounting during vma split (bsc#1190208 (MM functional and performance backports)). - hugetlb: before freeing hugetlb page set dtor to appropriate value (bsc#1190208 (MM functional and performance backports)). - hugetlb: drop ref count earlier after page allocation (bsc#1190208 (MM functional and performance backports)). - hugetlb: simplify prep_compound_gigantic_page ref count racing code (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc.c: use in_task() (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc: make alloc_node_mem_map() __init rather than __ref (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc.c: fix 'zone_id' may be used uninitialized in this function warning (bsc#1190208 (MM functional and performance backports)). - memblock: stop poisoning raw allocations (bsc#1190208 (MM functional and performance backports)). - mm: introduce memmap_alloc() to unify memory map allocation (bsc#1190208 (MM functional and performance backports)). - microblaze: simplify pte_alloc_one_kernel() (bsc#1190208 (MM functional and performance backports)). - mm/page_alloc: always initialize memory map for the holes (bsc#1190208 (MM functional and performance backports)). - mm/vmalloc: fix wrong behavior in vread (git fixes (mm)). - mm/vmalloc: remove gfpflags_allow_blocking() check (bsc#1190208 (MM functional and performance backports)). - mm/vmalloc: use batched page requests in bulk-allocator (bsc#1190208 (MM functional and performance backports)). - include/linux/mmzone.h: avoid a warning in sparse memory support (bsc#1190208 (MM functional and performance backports)). - mm/sparse: set SECTION_NID_SHIFT to 6 (bsc#1190208 (MM functional and performance backports)). - mm: sparse: remove __section_nr() function (bsc#1190208 (MM functional and performance backports)). - mm: sparse: pass section_nr to find_memory_block (bsc#1190208 (MM functional and performance backports)). - mm: sparse: pass section_nr to section_mark_present (bsc#1190208 (MM functional and performance backports)). - mm/bootmem_info.c: mark __init on register_page_bootmem_info_section (bsc#1190208 (MM functional and performance backports)). - mm/mremap: fix memory account on do_munmap() failure (git fixes (mm)). - remap_file_pages: Use vma_lookup() instead of find_vma() (bsc#1190208 (MM functional and performance backports)). - mm/pagemap: add mmap_assert_locked() annotations to find_vma*() (bsc#1190208 (MM functional and performance backports)). - mm: change fault_in_pages_* to have an unsigned size parameter (bsc#1190208 (MM functional and performance backports)). - mm,do_huge_pmd_numa_page: remove unnecessary TLB flushing code (bsc#1190208 (MM functional and performance backports)). - mm: remove flush_kernel_dcache_page (bsc#1190208 (MM functional and performance backports)). - scatterlist: replace flush_kernel_dcache_page with flush_dcache_page (bsc#1190208 (MM functional and performance backports)). - mmc: mmc_spi: replace flush_kernel_dcache_page with flush_dcache_page (bsc#1190208 (MM functional and performance backports)). - mm: memcontrol: set the correct memcg swappiness restriction (git fixes (mm)). - memcg: enable accounting for pids in nested pid namespaces (git fixes (mm)). - mm, memcg: inline swap-related functions to improve disabled memcg config (bsc#1190208 (MM functional and performance backports)). - mm, memcg: inline mem_cgroup_{charge/uncharge} to improve disabled memcg config (bsc#1190208 (MM functional and performance backports)). - mm, memcg: add mem_cgroup_disabled checks in vmpressure and swap-related functions (bsc#1190208 (MM functional and performance backports)). - shmem: shmem_writepage() split unlikely i915 THP (bsc#1190208 (MM functional and performance backports)). - huge tmpfs: decide stat.st_blksize by shmem_is_huge() (bsc#1190208 (MM functional and performance backports)). - huge tmpfs: shmem_is_huge(vma, inode, index) (bsc#1190208 (MM functional and performance backports)). - huge tmpfs: SGP_NOALLOC to stop collapse_file() on race (bsc#1190208 (MM functional and performance backports)). - huge tmpfs: move shmem_huge_enabled() upwards (bsc#1190208 (MM functional and performance backports)). - huge tmpfs: revert shmem's use of transhuge_vma_enabled() (bsc#1190208 (MM functional and performance backports)). - huge tmpfs: remove shrinklist addition from shmem_setattr() (git fixes (mm/shmem)). - huge tmpfs: fix split_huge_page() after FALLOC_FL_KEEP_SIZE (git fixes (mm/shmem)). - huge tmpfs: fix fallocate(vanilla) advance over huge pages (git fixes (mm/shmem)). - shmem: include header file to declare swap_info (bsc#1190208 (MM functional and performance backports)). - shmem: remove unneeded function forward declaration (bsc#1190208 (MM functional and performance backports)). - shmem: remove unneeded header file (bsc#1190208 (MM functional and performance backports)). - shmem: remove unneeded variable ret (bsc#1190208 (MM functional and performance backports)). - shmem: use raw_spinlock_t for ->stat_lock (bsc#1189998 (PREEMPT_RT prerequisite backports)). - mm: delete unused get_kernel_page() (bsc#1190208 (MM functional and performance backports)). - fs, mm: fix race in unlinking swapfile (git fixes (mm)). - mm/gup: small refactoring: simplify try_grab_page() (bsc#1190208 (MM functional and performance backports)). - mm/gup: documentation corrections for gup/pup (bsc#1190208 (MM functional and performance backports)). - mm: gup: use helper PAGE_ALIGNED in populate_vma_page_range() (git fixes (mm)). - mm: gup: fix potential pgmap refcnt leak in __gup_device_huge() (git fixes (mm)). - mm: gup: remove useless BUG_ON in __get_user_pages() (git fixes (mm)). - mm: gup: remove unneed local variable orig_refs (git fixes (mm)). - mm: gup: remove set but unused local variable major (git fixes (mm)). - writeback: use READ_ONCE for unlocked reads of writeback stats (bsc#1190209 (VM/FS functional and performance backports)). - writeback: rename domain_update_bandwidth() (bsc#1190209 (VM/FS functional and performance backports)). - writeback: fix bandwidth estimate for spiky workload (bsc#1190209 (VM/FS functional and performance backports)). - writeback: reliably update bandwidth estimation (bsc#1190209 (VM/FS functional and performance backports)). - writeback: track number of inodes under writeback (bsc#1190209 (VM/FS functional and performance backports)). - mm: report a more useful address for reclaim acquisition (bsc#1190208 (MM functional and performance backports)). - fsnotify: optimize the case of no marks of any type (bsc#1190120 (Fsnotify functional and performance backports)). - fsnotify: count all objects with attached connectors (bsc#1190120 (Fsnotify functional and performance backports)). - fsnotify: count s_fsnotify_inode_refs for attached connectors (bsc#1190120 (Fsnotify functional and performance backports)). - fsnotify: replace igrab() with ihold() on attach connector (bsc#1190120 (Fsnotify functional and performance backports)). - commit 87371a8 - mm, slub: convert kmem_cpu_slab protection to local_lock (bsc#1189998). - mm, slub: use migrate_disable() on PREEMPT_RT (bsc#1189998). - mm, slub: protect put_cpu_partial() with disabled irqs instead of cmpxchg (bsc#1189998). - mm, slub: make slab_lock() disable irqs with PREEMPT_RT (bsc#1189998). - mm: slub: make object_map_lock a raw_spinlock_t (bsc#1189998). - mm: slub: move flush_cpu_slab() invocations __free_slab() invocations out of IRQ context (bsc#1189998). - mm, slab: split out the cpu offline variant of flush_slab() (bsc#1189998). - mm, slub: don't disable irqs in slub_cpu_dead() (bsc#1189998). - mm, slub: only disable irq with spin_lock in __unfreeze_partials() (bsc#1189998). - mm, slub: separate detaching of partial list in unfreeze_partials() from unfreezing (bsc#1189998). - mm, slub: detach whole partial list at once in unfreeze_partials() (bsc#1189998). - mm, slub: discard slabs in unfreeze_partials() without irqs disabled (bsc#1189998). - mm, slub: move irq control into unfreeze_partials() (bsc#1189998). - mm, slub: call deactivate_slab() without disabling irqs (bsc#1189998). - mm, slub: make locking in deactivate_slab() irq-safe (bsc#1189998). - mm, slub: move reset of c->page and freelist out of deactivate_slab() (bsc#1189998). - mm, slub: stop disabling irqs around get_partial() (bsc#1189998). - mm, slub: check new pages with restored irqs (bsc#1189998). - mm, slub: validate slab from partial list or page allocator before making it cpu slab (bsc#1189998). - mm, slub: restore irqs around calling new_slab() (bsc#1189998). - mm, slub: move disabling irqs closer to get_partial() in ___slab_alloc() (bsc#1189998). - mm, slub: do initial checks in ___slab_alloc() with irqs enabled (bsc#1189998). - mm, slub: move disabling/enabling irqs to ___slab_alloc() (bsc#1189998). - mm, slub: simplify kmem_cache_cpu and tid setup (bsc#1189998). - mm, slub: restructure new page checks in ___slab_alloc() (bsc#1189998). - mm, slub: return slab page from get_partial() and set c->page afterwards (bsc#1189998). - mm, slub: dissolve new_slab_objects() into ___slab_alloc() (bsc#1189998). - mm, slub: extract get_partial() from new_slab_objects() (bsc#1189998). - mm, slub: remove redundant unfreeze_partials() from put_cpu_partial() (bsc#1189998). - mm, slub: don't disable irq for debug_check_no_locks_freed() (bsc#1189998). - mm, slub: allocate private object map for validate_slab_cache() (bsc#1189998). - mm, slub: allocate private object map for debugfs listings (bsc#1189998). - mm, slub: don't call flush_all() from slab_debug_trace_open() (bsc#1189998). - commit ba105d1 - ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17 (stable-5.14.2). - commit 48ec4ff - SUNRPC: improve error response to over-size gss credential (bsc#1190022). - commit 88072cd ++++ c-ares: - new upstream website - drop multibuild - tests do not require static library anymore - spec file cleanup - drop sources that were re-added to upstream distibution (c-ares-config.cmake.in ares_dns.h libcares.pc.cmake) ++++ microos-tools: - Update to version 2.12 - Remove special MicroOS firstboot script - Remove locale-check, replaced by another aaa_base implementation ++++ patterns-microos: - added the FIPS pattern (matching the one from SLES) ++++ samba: - Fix 'net rpc' authentication when using the machine account; (bsc#1189017); (bso#14796); ++++ supermin: - arm32 may have a kernel named /boot/zImage - Remove arch exclusion, almost all of them build. ------------------------------------------------------------------ ------------------ 2021-9-8 - Sep 8 2021 ------------------- ------------------------------------------------------------------ ++++ irqbalance: - Update to version 1.8.0.18.git+2435e8d: * fix unsigned integer subtraction sign overflow * fix opendir fails in check_platform_device * irqbalance: Check validity of numa_node * configure.ac: use pkg-config to find numa * Disable the communication socket when UI is disabled * Fix comma typo in ui.c * drop NoNewPrivs from irqbalance service * remove no existing irq in banned_irqs * Fix compile issue with none AARCH64 builds - Fixes integrated mainline: * bsc#1119461 * bsc#1138190 * bsc#1154905 * bsc#1178477 bsc#1183405 (removed patches due to mainline integration): procinterrupts-check-xen-dyn-event-more-flexible.patch * bsc#1182254 bsc#1156315 (removed patches due to mainline integration): fix-ambiguous-parsing-of-node-entries-in-sys.patch * bsc#1183157 also-fetch-node-info-for-non-PCI-devices.patch ++++ open-iscsi: - Updated to latest upstream 2.1.5 as 2.1.5-suse, which contains these changes not already present: * Handle IPv6 interfaces correctly. (bsc#1187958) * Handle qedi correctly in NPAR mode (bsc#1187958) * Update iscsiadm man page (bsc#1187958) * Update iface.example for ipv6 * Change iscsi IP type from defines to enum. * Handle recv() returning 0 in iscsid_response() ++++ kernel-default: - Delete patches.suse/mdraid-fix-read-write-bytes-accounting.patch. This was resolved differently upstream across several releases. - commit afcd1d0 - SLE15-SP4: refresh and re-enable btrfs per-subvolume dev_t series - commit a4a75e4 - bnxt_en: Fix 64-bit doorbell operation on 32-bit kernels (jsc#SLE-19704). - commit a9396a0 - bnxt_en: support multiple HWRM commands in flight (jsc#SLE-19704). - commit 4f57dd9 - bnxt_en: remove legacy HWRM interface (jsc#SLE-19704). - commit 4d87f72 - bnxt_en: update all firmware calls to use the new APIs (jsc#SLE-19704). - commit 02d32b7 - bnxt_en: use link_lock instead of hwrm_cmd_lock to protect link_info (jsc#SLE-19704). - commit 5933450 - bnxt_en: add support for HWRM request slices (jsc#SLE-19704). - commit 4fdb6f3 - bnxt_en: add HWRM request assignment API (jsc#SLE-19704). - commit 6aee5ab - bnxt_en: discard out of sequence HWRM responses (jsc#SLE-19704). - commit aae7bc0 - bnxt_en: introduce new firmware message API based on DMA pools (jsc#SLE-19704). - commit fbdf313 - bnxt_en: move HWRM API implementation into separate file (jsc#SLE-19704). - commit 95f1cd5 - bnxt_en: Refactor the HWRM_VER_GET firmware calls (jsc#SLE-19704). - commit c191d10 - Update patch metadata for patches.suse/setuid-dumpable-wrongdir. - commit 30e1cd3 - bnxt_en: remove DMA mapping for KONG response (jsc#SLE-19704). - commit 19dfdb7 - bnxt: count discards due to memory allocation errors (jsc#SLE-19704). - commit 706770f - bnxt: count packets discarded because of netpoll (jsc#SLE-19704). - commit 868a0a6 - net: broadcom: switch from 'pci_' to 'dma_' API (jsc#SLE-19704). - commit 9106d4f - bnxt_en: Increase maximum RX ring size if jumbo ring is not used (jsc#SLE-19704). - commit dc9af50 - bnxt_en: Don't use static arrays for completion ring pages (jsc#SLE-19704). - commit fa8eb9d - bnxt_en: Log if an invalid signal detected on TSIO pin (jsc#SLE-19704). - commit 9a9a0cc - bnxt_en: Event handler for PPS events (jsc#SLE-19704). - commit 7dfe276 - bnxt_en: 1PPS functions to configure TSIO pins (jsc#SLE-19704). - commit a03bb08 - bnxt_en: 1PPS support for 5750X family chips (jsc#SLE-19704). - commit 722655d - bnxt_en: Do not read the PTP PHC during chip reset (jsc#SLE-19704). - commit d9d4cdc - bnxt_en: Move bnxt_ptp_init() from bnxt_open() back to bnxt_init_one() (jsc#SLE-19704). - commit bb87ff1 - Bluetooth: schedule SCO timeouts with delayed_work (CVE-2021-3640 bsc#1188172). - Refresh patches.suse/Bluetooth-fix-repeated-calls-to-sco_sock_kill.patch. - Refresh patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch. - commit d68ed34 - rpm/kernel-source.spec.in: do some more for vanilla_only Make sure: * sources are NOT executable * env is not used as interpreter * timestamps are correct We do all this for normal kernel builds, but not for vanilla_only kernels (linux-next and vanilla). - commit b41e4fd - mm/page_alloc: Use accumulated load when building node fallback list (git fixes (mm/pgalloc)). - mm/page_alloc: Print node fallback order (git fixes (mm/pgalloc)). - commit 4503c46 - mm/page_alloc.c: avoid accessing uninitialized pcp page migratetype (git fixes (mm/pgalloc)). - commit a609347 - Revert "memcg: enable accounting for file lock caches (bsc#1190115)." This reverts commit 78b761616bfb31a0d54806624e7c8db23fbeda9c. It's effectively upstream commit 3754707bcc3e190e5dadc978d172b61e809cb3bd applied to kernel-source (to avoid proliferation of patches). Make a note in blacklist.conf too. - commit 922c6d5 - net/iucv: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - net: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - virtio_net: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - workqueue: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - hwmon: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - ACPI: processor: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - powercap: intel_rapl: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - PM: sleep: s2idle: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - cpufreq: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - clocksource: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - genirq/affinity: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - static_call: Update API documentation (bsc#1189998 (PREEMPT_RT prerequisite backports)). - mm: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - md/raid5: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - Documentation: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - smpboot: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - perf/hw_breakpoint: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - perf/x86/intel: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - x86/mce/inject: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - x86/microcode: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - x86/mtrr: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - x86/mmiotrace: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - s390/sclp: replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - s390: replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - padata: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - crypto: virtio - Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - torture: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - rcu: Replace deprecated CPU-hotplug functions (bsc#1189998 (PREEMPT_RT prerequisite backports)). - commit 8db1640 - Linux 5.14.2 (stable-5.14.2). - commit 0b343f1 - HID: usbhid: Fix warning caused by 0-length input reports (stable-5.14.2). - xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG (stable-5.14.2). - ext4: fix race writing to an inline_data file while its xattrs are changing (stable-5.14.2). - ext4: fix e2fsprogs checksum failure for mounted filesystem (stable-5.14.2). - ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup (stable-5.14.2). - commit 003e8d3 - cgroup: Avoid compiler warnings with no subsystems (bsc#1190050 (Cgroup functional and performance backports)). - cgroup/cpuset: Avoid memory migration when nodemasks match (bsc#1190050 (Cgroup functional and performance backports)). - cgroup/cpuset: Enable memory migration for cpuset v2 (bsc#1190050 (Cgroup functional and performance backports)). - cgroup/cpuset: Enable event notification when partition state changes (bsc#1190050 (Cgroup functional and performance backports)). - cgroup: cgroup-v1: clean up kernel-doc notation (bsc#1190050 (Cgroup functional and performance backports)). - cgroup: Replace deprecated CPU-hotplug functions (bsc#1190050 (Cgroup functional and performance backports)). - cgroup/cpuset: Fix violation of cpuset locking rule (bsc#1190050 (Cgroup functional and performance backports)). - cgroup/cpuset: Fix a partition bug with hotplug (bsc#1190050 (Cgroup functional and performance backports)). - cgroup/cpuset: Miscellaneous code cleanup (bsc#1190050 (Cgroup functional and performance backports)). - cgroup: remove cgroup_mount from comments (bsc#1190050 (Cgroup functional and performance backports)). - commit 985c1b6 - Update patch references for already backported stable-5.14.2 patches - commit 8736f45 - sched/topology: Skip updating masks for non-online nodes (bsc#1189999 (Scheduler functional and performance backports)). - sched: Replace deprecated CPU-hotplug functions (bsc#1189999 (Scheduler functional and performance backports)). - sched: Skip priority checks with SCHED_FLAG_KEEP_PARAMS (bsc#1189999 (Scheduler functional and performance backports)). - sched/deadline: Fix missing clock update in migrate_task_rq_dl() (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Avoid a second scan of target in select_idle_cpu (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Use prev instead of new target as recent_used_cpu (bsc#1189999 (Scheduler functional and performance backports)). - sched: Don't report SCHED_FLAG_SUGOV in sched_getattr() (bsc#1189999 (Scheduler functional and performance backports)). - sched/deadline: Fix reset_on_fork reporting of DL tasks (bsc#1189999 (Scheduler functional and performance backports)). - sched: remove redundant on_rq status change (bsc#1189999 (Scheduler functional and performance backports)). - sched: Optimize housekeeping_cpumask() in for_each_cpu_and() (bsc#1189999 (Scheduler functional and performance backports)). - sched/sysctl: Move extern sysctl declarations to sched.h (bsc#1189999 (Scheduler functional and performance backports)). - wait: use LIST_HEAD_INIT() to initialize wait_queue_head (bsc#1189999 (Scheduler functional and performance backports)). - commit 4fafa6d - Update config files. Version bump 5.14.1 and a cleanup in armv7hl - commit dcc91b9 - PCI: controller: PCI_IXP4XX should depend on ARCH_IXP4XX (git-fixes). - PCI: xilinx-nwl: Enable the clock through CCF (git-fixes). - PCI: iproc: Fix BCMA probe resource handling (git-fixes). - watchdog: iTCO_wdt: Fix detection of SMI-off case (git-fixes). - remoteproc: fix kernel doc for struct rproc_ops (git-fixes). - remoteproc: fix an typo in fw_elf_get_class code comments (git-fixes). - commit e8fec37 - PCI: of: Don't fail devm_pci_alloc_host_bridge() on missing 'ranges' (git-fixes). - PCI: aardvark: Fix reporting CRS value (git-fixes). - PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes). - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes). - PCI: aardvark: Fix checking for PIO status (git-fixes). - PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n (git-fixes). - PCI/PTM: Remove error message at boot (git-fixes). - PCI: Fix pci_dev_str_match_path() alloc while atomic bug (git-fixes). - PCI/portdrv: Enable Bandwidth Notification only if port supports it (git-fixes). - PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure (git-fixes). - PCI: Call Max Payload Size-related fixup quirks early (git-fixes). - mfd: lpc_sch: Rename GPIOBASE to prevent build error (git-fixes). - mfd: tqmx86: Clear GPIO IRQ resource when no IRQ is set (git-fixes). - commit d618f96 - can: c_can: fix null-ptr-deref on ioctl() (git-fixes). - iwlwifi: fix printk format warnings in uefi.c (git-fixes). - firmware: dmi: Move product_sku info to the end of the modalias (git-fixes). - backlight: ktd253: Stabilize backlight (git-fixes). - mfd: axp20x: Update AXP288 volatile ranges (git-fixes). - gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes). - gpio: mpc8xxx: Fix a potential double iounmap call in 'mpc8xxx_probe()' (git-fixes). - gpio: mpc8xxx: Fix a resources leak in the error handling path of 'mpc8xxx_probe()' (git-fixes). - commit bef14d8 - Linux 5.14.1 (stable-5.14.1). - commit df45c6c - Move upstreamed patches into sorted section - commit 0a347d9 - locking/atomic: add generic arch_*() bitops (bsc#1190282). - locking/atomic: add arch_atomic_long*() (bsc#1190282). - locking/atomic: centralize generated headers (bsc#1190282). - locking/atomic: remove ARCH_ATOMIC remanants (bsc#1190282). - locking/atomic: simplify ifdef generation (bsc#1190282). - commit b0a0a9d - workqueue: Remove unused WORK_NO_COLOR (bsc#1190232). - workqueue: Assign a color to barrier work items (bsc#1190232). - workqueue: Mark barrier work with WORK_STRUCT_INACTIVE (bsc#1190232). - workqueue: Change the code of calculating work_flags in (bsc#1190232). - workqueue: Change arguement of pwq_dec_nr_in_flight() (bsc#1190232). - workqueue: Rename "delayed" (delayed by active (bsc#1190232). - workqueue: Replace deprecated ida_simple_*() with (bsc#1190232). - workqueue: Fix typo in comments (bsc#1190232). - workqueue: Fix possible memory leaks in wq_numa_init() (bsc#1190232). - commit 380dfb2 ++++ c-ares: - 5c995d5.patch: augment input validation on hostnames to allow _ as part of DNS response (bsc#1190225) ++++ systemd: - Don't reexecute user manager instances on package update yet This can't be done until users have their user instance updated to the new version that supports reexecuting with SIGRTMIN+25 because this signal terminates the user managers for the previous versions. - Import commit ec72db9ee0f8ce061f83624d7148ff38a5993b11 3b1aa2f79f manager: reexecute on SIGRTMIN+25, user instances only fd46c81922 test: make sure to include all haveged unit files - systemd.spec: reexec user manager instances on package updates ++++ qemu: - Fix qemu build on ARMv7 (bsc#1190211) * Patches added: tcg-arm-Fix-tcg_out_vec_op-function-sign.patch - Update supported file for ARM machines. ++++ supportutils: - Fixed cron package for RPM validation (bsc#1190315) - Updated spec file with correct URL ++++ sysuser-tools: - Add support for new shell field [bsc#1189518] ++++ virt-manager: - bsc#1190215 - [virt-install] No Support for SUSE Product SLE-HPC virtinst-add-sle-hpc-support.patch ------------------------------------------------------------------ ------------------ 2021-9-7 - Sep 7 2021 ------------------- ------------------------------------------------------------------ ++++ file: - Add patch bsc1189996-9fbe768a.patch to fix bsc#1189996 ++++ glib2: - desktop-file-utils: add Pantheon desktop environment - Update to version 2.69.3: + g_settings_schema_key_range_check() misbehaves for int versus bool. + Compiling anything with GCC <4.6 spews deprecation warnings. + `g_invoke_closure` bindings API break.. + GPowerProfileMonitorPortal does not notice initial power-saver-enabled status. + doc: Explicitly said, that no null term. is needed. + ci: Use C.UTF-8 locale on FreeBSD 12. + gio: Fix conditions in memory-monitor test. + Updated translations. ++++ grub2: - Follow usr merge for looking up kernel config (bsc#1189782) (bsc#1190061) * 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch ++++ haproxy: - Update to version 2.4.4+git0.acb1d0bea: CVE-2021-40346 (boo#1189877) * [RELEASE] Released version 2.4.4 * Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive" * BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer * CLEANUP: htx: remove comments about "must be < 256 MB" * BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB * DOC: configuration: remove wrong tcp-request examples in tcp-response * BUG/MINOR: vars: fix set-var/unset-var exclusivity in the keyword parser * CLEANUP: Add missing include guard to signal.h * BUG/MINOR: tools: Fix loop condition in dump_text() * BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time * BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long * MINOR: time: add report_idle() to report process-wide idle time * BUG/MINOR: time: fix idle time computation for long sleeps * BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords * MINOR: compiler: implement an ONLY_ONCE() macro * BUG/MINOR: base64: base64urldec() ignores padding in output size check * BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec} * BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions * MINOR: hlua: take the global Lua lock inside a global function * REGTESTS: abortonclose: after retries, 503 is expected, not close * REGTESTS: http_upgrade: fix incorrect expectation on TCP->H1->H2 * BUG/MEDIUM: h2: match absolute-path not path-absolute for :path ++++ kernel-default: - config: update CMA_AREAS to reflect new default (bsc#1189685). - config: sync config for removal of printk NMI tracking - commit 8d3b4c2 - Delete patches.suse/Revert-netfilter-conntrack-remove-helper-hook-again.patch (bsc#1189964) The regression addressed by this revert was fixed properly by mainline commit ee04805ff54a ("netfilter: conntrack: make conntrack userspace helpers work again") in 5.7. - commit e86af82 - tracing/boot: Fix a hist trigger dependency for boot time tracing (git-fixes). The fix is not strictly needed in SLES because we have CONFIG_HIST_TRIGGERS=y for all supported architectures. However, armv7hl disables it and we may share the kernel with Leap one day, so better be safe. - commit fdfc9e3 - mm, vmscan: guarantee drop_slab_node() termination (VM Functionality, bsc#1189301). - commit 6376013 - thunderbolt: test: split up test cases in tb_test_credit_alloc_all (jsc#SLE-19359 jsc#SLE-20163). - commit 785e4a8 - thunderbolt: Fix port linking by checking all adapters (jsc#SLE-19355). - commit 6658ec3 - thunderbolt: Do not read control adapter config space (jsc#SLE-19359 jsc#SLE-20163). - commit 3d51d0d - EDAC/mce_amd: Do not load edac_mce_amd module on guests (bsc#1190138). - commit 34aa35b - vfio/mbochs: Fix missing error unwind of mbochs_used_mbytes (git-fixes). - vfio/samples: Remove module get/put (git-fixes). - commit 5d9f639 - pinctrl: samsung: Fix pinctrl bank pin count (git-fixes). - pinctrl: zynqmp: Drop pinctrl_unregister for devm_ registered device (git-fixes). - soc: mediatek: cmdq: add address shift in jump (git-fixes). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - platform/x86: ISST: Fix optimization with use of numa (git-fixes). - vfio/pci: Make vfio_pci_regops->rw() return ssize_t (git-fixes). - vfio: Use config not menuconfig for VFIO_NOIOMMU (git-fixes). - speakup: use C99 syntax for array initializers (git-fixes). - PM: EM: Increase energy calculation precision (git-fixes). - PM: cpu: Make notifier chain use a raw_spinlock_t (git-fixes). - commit 94af1da - pinctrl: ingenic: Fix bias config for X2000(E) (git-fixes). - pinctrl: ingenic: Fix incorrect pull up/down info (git-fixes). - pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast (git-fixes). - pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() (git-fixes). - pinctrl: mediatek: fix platform_no_drv_owner.cocci warnings (git-fixes). - pinctrl: armada-37xx: Correct PWM pins definitions (git-fixes). - lib/test_stackinit: Fix static initializer test (git-fixes). - media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes). - net: usb: asix: ax88772: add missing stop (git-fixes). - irqchip/gic-v3: Fix priority comparison when non-secure priorities are used (git-fixes). - commit e822cd7 - libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs (git-fixes). - HID: usbhid: Fix flood of "control queue full" messages (git-fixes). - HID: input: do not report stylus battery state as "full" (git-fixes). - HID: amd_sfh: Fix period data field to enable sensor (git-fixes). - HID: thrustmaster: clean up Makefile and adapt quirks (git-fixes). - HID: i2c-hid: Fix Elan touchpad regression (git-fixes). - brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes). - irqchip/apple-aic: Fix irq_disable from within irq handlers (git-fixes). - irqchip/loongson-pch-pic: Improve edge triggered interrupt support (git-fixes). - commit d828469 ++++ expat: - Update to 2.4.1 in SLE-15-SP4 [jsc#SLE-21253] * Remove expat-CVE-2018-20843.patch upstream ------------------------------------------------------------------ ------------------ 2021-9-6 - Sep 6 2021 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 3.5.3 - t-u: Purge kernels as part of package operations Required for live patching support [bsc#1189728] ++++ kernel-default: - memcg: enable accounting of ipc resources (bsc#1190115 CVE-2021-3759). - memcg: enable accounting for file lock caches (bsc#1190115). - commit cac2650 - USB: EHCI: Add alias for Broadcom INSNREG (git-fixes). - commit 19a3422 - USB: EHCI: Add register array bounds to HCS ports (git-fixes). - commit ec4d52a - xhci: Add bus number to some debug messages (jsc#SLE-20163). - commit 366daea - xhci: Add additional dynamic debug to follow URBs in cancel and error cases (jsc#SLE-20163). - commit 89e620e - Update patches.suse/xhci-Fix-failure-to-give-back-some-cached-cancelled-.patch (jsc#SLE-20163). - commit d237ca8 - xhci: fix even more unsafe memory usage in xhci tracing (jsc#SLE-20163). - commit cea4b08 - xhci: fix unsafe memory usage in xhci tracing (jsc#SLE-20163). - commit a271851 - thunderbolt: Handle ring interrupt by reading interrupt status register (jsc#SLE-20163). - commit 8815f0d - usb: typec: tcpm: Support non-PD mode (jsc#SLE-20163). - commit 984cb96 - sched: Fix UCLAMP_FLAG_IDLE setting (git fixes (sched)). - sched/numa: Fix is_core_idle() (git fixes (sched)). - sched/debug: Don't update sched_domain debug directories before sched_debug_init() (git fixes (sched)). - commit 0e8b960 - thunderbolt: Add vendor specific NHI quirk for auto-clearing interrupt status (jsc#SLE-19355 jsc#SLE-19359). - commit 3795602 - thunderbolt: Add authorized value to the KOBJ_CHANGE uevent (jsc#SLE-19359). - commit f5a190c - bus: Make remove callback return void (jsc#SLE19359). - commit 4f51634 - PCI: endpoint: Make struct pci_epf_driver::remove return void (jsc#SLE-19359). - commit b206fb1 - s390/ccwgroup: Drop if with an always false condition (jsc#SLE-19359). - commit 7adc17d - s390/scm: Make struct scm_driver::remove return void (jsc#SLE-19359). - commit 22a6edf - s390/cio: Make struct css_driver::remove return void (jsc#SLE-19359). - commit af06902 - rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841). These are unchanged since 2011 when they were introduced. No need to track them separately. - commit 692d38b - rpm: Abolish image suffix (bsc#1189841). This is used only with vanilla kernel which is not supported in any way. The only effect is has is that the image and initrd symlinks are created with this suffix. These symlinks are not used except on s390 where the unsuffixed symlinks are used by zipl. There is no reason why a vanilla kernel could not be used with zipl as well as it's quite unexpected to not be able to boot when only a vanilla kernel is installed. Finally we now have a backup zipl kernel so if the vanilla kernel is indeed unsuitable the backup kernel can be used. - commit e2f37db - kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - commit e602b0f - rpm: Define $certs as rpm macro (bsc#1189841). Also pass around only the shortened hash rather than full filename. As has been discussed in bsc#1124431 comment 51 https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of the certificates is an API which cannot be changed unless we can ensure that no two kernels that use different certificate location can be built with the same certificate. - commit d9a1357 - ocfs2: ocfs2_downconvert_lock failure results in deadlock (bsc#1188439). - commit d87fe21 - USB: serial: pl2303: fix GL type detection (git-fixes). - USB: serial: cp210x: fix flow-control error handling (git-fixes). - USB: serial: cp210x: fix control-characters error handling (git-fixes). - mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' (git-fixes). - mtd: rawnand: intel: Fix error handling in probe (git-fixes). - mtd: spinand: Fix comment (git-fixes). - mtd: mtdconcat: Check _read, _write callbacks existence before assignment (git-fixes). - mtd: mtdconcat: Judge callback existence based on the master (git-fixes). - commit 4851953 - net: don't unconditionally copy_from_user a struct ifreq for socket ioctls (stable-5.14.1). - audit: move put_tree() to avoid trim_trees refcount underflow and UAF (stable-5.14.1). - ubifs: report correct st_size for encrypted symlinks (stable-5.14.1). - f2fs: report correct st_size for encrypted symlinks (stable-5.14.1). - ext4: report correct st_size for encrypted symlinks (stable-5.14.1). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (stable-5.14.1). - Revert "floppy: reintroduce O_NDELAY fix" (stable-5.14.1). - commit 0f888a9 - Update patch reference for stable-5.14.1 - commit c1210cb ++++ kmod: - Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190). * Refres no-stylesheet-download.patch ++++ libcontainers-common: - Comment out ostree_repo [boo#1189893] ++++ fuse3: - Update to release 3.10.5 * Various improvements to make unit tests more robust. ++++ python-ordered-set: - Update to version 4.0.2 * Restore compatibility with Python 3.5 * fix packaging, remove vestiges of type stubs * Remove unused type * Add a mailmap * remove old .pyi type stub * Implement code review suggestions for types * Code formatting (isort and black) * Move type annotations inline * Directly distribute type stub file via PEP 561 * Handle another indexing case from NumPy ++++ yast2: - Mark systemd unit/service state "maintenance" as active (bsc#1190163) - 4.4.17 ------------------------------------------------------------------ ------------------ 2021-9-4 - Sep 4 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - watchdog: Fix NULL pointer dereference when releasing cdev (bsc#1190093). - Update config files. We can enable the option after this fix again. - commit d237379 ------------------------------------------------------------------ ------------------ 2021-9-3 - Sep 3 2021 ------------------- ------------------------------------------------------------------ ++++ glib-networking: - Update to version 2.70.rc: + gnutls: - revert AuthorityInformationAccess implementation for now. - fix use of non-default GTlsDatabases, Geary crash on startup. - fix leak in g_tls_certificate_gnutls_copy. - Unbreak GTLS_GNUTLS_CHECK_VERSION. + openssl: remove openssl-util. ++++ kernel-default: - supported.conf: Add missing entries for armv7hl builds - commit 86ffe23 - Refresh patches.suse/powerpc-stacktrace-Include-linux-delay.h.patch. - commit 35e6afe - supported.conf: hv_sock is externally supported - commit 8dbed5c - locking/rtmutex: Return success on deadlock for ww_mutex (bsc#1190137 bsc#1189998). - locking/rtmutex: Prevent spurious EDEADLK return caused by (bsc#1190137 bsc#1189998). - locking/rtmutex: Dequeue waiter on ww_mutex deadlock (bsc#1190137 bsc#1189998). - locking/rtmutex: Dont dereference waiter lockless (bsc#1190137 bsc#1189998). - locking/ww_mutex: Initialize waiter.ww_ctx properly (bsc#1190137 bsc#1189998). - locking/local_lock: Add PREEMPT_RT support (bsc#1190137 bsc#1189998). - locking/spinlock/rt: Prepare for RT local_lock (bsc#1190137 bsc#1189998). - locking/rtmutex: Add adaptive spinwait mechanism (bsc#1190137 bsc#1189998). - locking/rtmutex: Implement equal priority lock stealing (bsc#1190137 bsc#1189998). - preempt: Adjust PREEMPT_LOCK_OFFSET for RT (bsc#1190137 bsc#1189998). - locking/rtmutex: Prevent lockdep false positive with PI (bsc#1190137 bsc#1189998). - futex: Prevent requeue_pi() lock nesting issue on RT (bsc#1190137 bsc#1189998). - futex: Simplify handle_early_requeue_pi_wakeup() (bsc#1190137 bsc#1189998). - futex: Reorder sanity checks in futex_requeue() (bsc#1190137 bsc#1189998). - futex: Clarify comment in futex_requeue() (bsc#1190137 bsc#1189998). - futex: Restructure futex_requeue() (bsc#1190137 bsc#1189998). - futex: Correct the number of requeued waiters for PI (bsc#1190137 bsc#1189998). - futex: Remove bogus condition for requeue PI (bsc#1190137 bsc#1189998). - futex: Clarify futex_requeue() PI handling (bsc#1190137 bsc#1189998). - futex: Clean up stale comments (bsc#1190137 bsc#1189998). - futex: Validate waiter correctly in (bsc#1190137 bsc#1189998). - lib/test_lockup: Adapt to changed variables (bsc#1190137 bsc#1189998). - locking/rtmutex: Add mutex variant for RT (bsc#1190137 bsc#1189998). - locking/ww_mutex: Implement rtmutex based ww_mutex API (bsc#1190137 bsc#1189998). - locking/rtmutex: Extend the rtmutex core to support ww_mutex (bsc#1190137 bsc#1189998). - locking/ww_mutex: Add rt_mutex based lock type and accessors (bsc#1190137 bsc#1189998). - locking/ww_mutex: Add RT priority to W/W order (bsc#1190137 bsc#1189998). - locking/ww_mutex: Implement rt_mutex accessors (bsc#1190137 bsc#1189998). - locking/ww_mutex: Abstract out internal lock accesses (bsc#1190137 bsc#1189998). - locking/ww_mutex: Abstract out mutex types (bsc#1190137 bsc#1189998). - locking/ww_mutex: Abstract out mutex accessors (bsc#1190137 bsc#1189998). - locking/ww_mutex: Abstract out waiter enqueueing (bsc#1190137 bsc#1189998). - locking/ww_mutex: Abstract out the waiter iteration (bsc#1190137 bsc#1189998). - locking/ww_mutex: Remove the __sched annotation from ww_mutex (bsc#1190137 bsc#1189998). - locking/ww_mutex: Split out the W/W implementation logic into (bsc#1190137 bsc#1189998). - locking/ww_mutex: Split up ww_mutex_unlock() (bsc#1190137 bsc#1189998). - locking/ww_mutex: Gather mutex_waiter initialization (bsc#1190137 bsc#1189998). - locking/ww_mutex: Simplify lockdep annotations (bsc#1190137 bsc#1189998). - locking/mutex: Make mutex::wait_lock raw (bsc#1190137 bsc#1189998). - locking/ww_mutex: Move the ww_mutex definitions from (bsc#1190137 bsc#1189998). - locking/mutex: Move the 'struct mutex_waiter' definition from (bsc#1190137 bsc#1189998). - locking/mutex: Consolidate core headers, remove (bsc#1190137 bsc#1189998). - locking/rtmutex: Squash !RT tasks to DEFAULT_PRIO (bsc#1190137 bsc#1189998). - locking/rwlock: Provide RT variant (bsc#1190137 bsc#1189998). - locking/spinlock: Provide RT variant (bsc#1190137 bsc#1189998). - locking/rtmutex: Provide the spin/rwlock core lock function (bsc#1190137 bsc#1189998). - locking/spinlock: Provide RT variant header: (bsc#1190137 bsc#1189998). - locking/spinlock: Provide RT specific spinlock_t (bsc#1190137 bsc#1189998). - locking/rtmutex: Reduce header (bsc#1190137 bsc#1189998). - rbtree: Split out the rbtree type definitions into (bsc#1190137 bsc#1189998). - locking/lockdep: Reduce header dependencies in (bsc#1190137 bsc#1189998). - locking/rtmutex: Prevent future include recursion hell (bsc#1190137 bsc#1189998). - locking/spinlock: Split the lock types header, and move the (bsc#1190137 bsc#1189998). - locking/rtmutex: Guard regular sleeping locks specific (bsc#1190137 bsc#1189998). - locking/rtmutex: Prepare RT rt_mutex_wake_q for RT locks (bsc#1190137 bsc#1189998). - locking/rtmutex: Use rt_mutex_wake_q_head (bsc#1190137 bsc#1189998). - locking/rtmutex: Provide rt_wake_q_head and helpers (bsc#1190137 bsc#1189998). - locking/rtmutex: Add wake_state to rt_mutex_waiter (bsc#1190137 bsc#1189998). - locking/rwsem: Add rtmutex based R/W semaphore implementation (bsc#1190137 bsc#1189998). - locking/rt: Add base code for RT rw_semaphore and rwlock (bsc#1190137 bsc#1189998). - locking/rtmutex: Provide rt_mutex_base_is_locked() (bsc#1190137 bsc#1189998). - locking/rtmutex: Provide rt_mutex_slowlock_locked() (bsc#1190137 bsc#1189998). - locking/rtmutex: Split out the inner parts of 'struct (bsc#1190137 bsc#1189998). - locking/rtmutex: Split API from implementation (bsc#1190137 bsc#1189998). - locking/rtmutex: Switch to from cmpxchg_*() to (bsc#1190137 bsc#1189998). - locking/rtmutex: Convert macros to inlines (bsc#1190137 bsc#1189998). - locking/rtmutex: Remove rt_mutex_is_locked() (bsc#1190137 bsc#1189998). - media/atomisp: Use lockdep instead of *mutex_is_locked() (bsc#1190137 bsc#1189998). - sched/wake_q: Provide WAKE_Q_HEAD_INITIALIZER() (bsc#1190137 bsc#1189998). - sched/core: Provide a scheduling point for RT locks (bsc#1190137 bsc#1189998). - sched/core: Rework the __schedule() preempt argument (bsc#1190137 bsc#1189998). - sched/wakeup: Prepare for RT sleeping spin/rwlocks (bsc#1190137 bsc#1189998). - sched/wakeup: Reorganize the current::__state helpers (bsc#1190137 bsc#1189998). - sched/wakeup: Introduce the TASK_RTLOCK_WAIT state bit (bsc#1190137 bsc#1189998). - sched/wakeup: Split out the wakeup ->__state check (bsc#1190137 bsc#1189998). - locking/rtmutex: Set proper wait context for lockdep (bsc#1190137 bsc#1189998). - locking/local_lock: Add missing owner initialization (bsc#1190137 bsc#1189998). - commit e9aaa1f - locking/semaphore: Add might_sleep() to down_*() family (bsc#1190137). - Documentation/atomic_t: Document forward progress expectations (bsc#1190137). - locking/rwsem: Remove an unused parameter of rwsem_wake() (bsc#1190137). - Documentation/atomic_t: Document cmpxchg() vs try_cmpxchg() (bsc#1190137). - locking/mutex: Add MUTEX_WARN_ON (bsc#1190137). - locking/mutex: Introduce __mutex_trylock_or_handoff() (bsc#1190137). - locking/mutex: Fix HANDOFF condition (bsc#1190137). - locking/mutex: Use try_cmpxchg() (bsc#1190137). - locktorture: Count lock readers (bsc#1190137). - locktorture: Mark statistics data races (bsc#1190137). - commit e3cdb0b ++++ hivex: - Update to version 1.3.21 hivex-1.3.21.tar.gz hivex-1.3.21.tar.gz.sig * Improve performance by adding a cache for iconv_t handles to hive_t * Increase HIVEX_MAX_VALUES for windows HKLM\SYSTEM\MountedDevices * hivexregedit: add --max-depth option for exports * hivexml: Add -u flag for HIVEX_OPEN_UNSAFE * Ruby: improve test functions * Update translations * Various bug fixes - Drop patches contained in new tarball CVE-2021-3622-stack-overflow-due-to-recursive-call-of-_get_children.patch 0001-lib-handle.c-Add-missing-bounds-check-for-block-exce.patch ++++ spice: - Update to v0.15.0 release This is the first release in the new 0.15.x stable series. * Minor updates to CI * Some compatibility with OpenSSL * Change the behavior of handle_dev_start ignoring multiple start requests * Ignore multiple calls to handle_dev_stop * Pick up newer spice-common to fix a buffer overflow issue - Dropped patches contained in new tarball 0001-quic-Check-we-have-some-data-to-start-decoding-quic-.patch 0002-quic-Check-image-size-in-quic_decode_begin.patch 0003-quic-Check-RLE-lengths.patch 0004-quic-Avoid-possible-buffer-overflow-in-find_bucket.patch 0001-With-OpenSSL-1.1-Disable-client-initiated-renegotiation.patch 0002-With-OpenSSL-1.0.2-and-earlier-disable-client-side-renegotiation.patch ++++ systemd: - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480) ++++ libzypp: - CMake/spec: Add option to force SINGLE_RPMTRANS as default for zypper (fixes #340) - Make sure singleTrans is zypper-only for now. - Do not double check signatures and keys (bsc#1190059) - version 17.28.3 (22) ++++ osinfo-db: - Update to database version 20210903 osinfo-db-20210903.tar.xz ++++ zypper: - Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602) - Fix typo in German translation (fixes #395) - BuildRequires: libzypp-devel >= 17.28.3. - version 1.14.49 ------------------------------------------------------------------ ------------------ 2021-9-2 - Sep 2 2021 ------------------- ------------------------------------------------------------------ ++++ glibc: - mq-notify-use-after-free.patch: Use __pthread_attr_copy in mq_notify (CVE-2021-33574, bsc#1186489, BZ #27896) ++++ hwdata: - Update to version 0.351 (bsc#1190091): + Updated pci, usb and vendor ids. ++++ kernel-default: - update patches metadata Once again, the nvme repository branch has been rebased so that patches from it must have their Git-commit tags updated to avoid git-sort errors. - commit 0fe7e9c - supported.conf: yet more corrections for aarch64 Moved cros-ec and qcom-spmi stuff into solely optional subpkg - commit 3dd8f40 - rpm/config.sh: Use Update OBS/IBS projects Using GA confuses armv7hl build on IBS, and we should keep tracking the update in anyway. - commit 8986697 - Delete patches.suse/printk-console-Correctly-mark-console-that-is-used-w.patch. The upstream commit e369d8227fd211be36242fc4 ("printk: Fix preferred console selection with multiple matches") should be enough to fix the original issue (bsc#1040020). It causes that register_console() first matches console names defined via the command line. The preferred name will match first and CON_CONSDEV (C) flag will be set. As a result, showconsole will know what console is associated with /dev/console. - commit bcf71c6 - Update config files. Run run-oldconfig.sh and re-sort the config files to a clean state. - commit 26fcbce - lib/nmi_backtrace: Serialize even messages about idle CPUs (bsc#1189998). - commit f5da463 - printk: syslog: close window between wait and read (bsc#1189998). - commit 8faa622 - printk: convert @syslog_lock to mutex (bsc#1189998). - commit 75b3430 - printk: remove NMI tracking (bsc#1189998). - commit 76f2be0 - printk: remove safe buffers (bsc#1189998). - commit bad7a41 - rpm/mkspec-dtb: Sync with TW branch A few changes have been missing for the recent kernels that resulted in build errors of dtb packages. - commit 08ed01f - printk: track/limit recursion (bsc#1189998). - commit 6ef1d1a - btrfs: unify regular and subpage error paths in __extent_writepage() (jsc#SLE-17681). - btrfs: allow read-write for 4K sectorsize on 64K page size systems (jsc#SLE-17681). - btrfs: subpage: fix relocation potentially overwriting last page data (jsc#SLE-17681). - btrfs: subpage: fix false alert when relocating partial preallocated data extents (jsc#SLE-17681). - btrfs: subpage: fix a potential use-after-free in writeback helper (jsc#SLE-17681). - btrfs: subpage: fix race between prepare_pages() and btrfs_releasepage() (jsc#SLE-17681). - btrfs: subpage: reject raid56 filesystem and profile conversion (jsc#SLE-17681). - btrfs: subpage: allow submit_extent_page() to do bio split (jsc#SLE-17681). - btrfs: subpage: disable inline extent creation (jsc#SLE-17681). - btrfs: subpage: fix writeback which does not have ordered extent (jsc#SLE-17681). - btrfs: make relocate_one_page() handle subpage case (jsc#SLE-17681). - btrfs: reloc: factor out relocation page read and dirty part (jsc#SLE-17681). - btrfs: rework lzo_decompress_bio() to make it subpage compatible (jsc#SLE-17681). - btrfs: rework btrfs_decompress_buf2page() (jsc#SLE-17681). - btrfs: grab correct extent map for subpage compressed extent read (jsc#SLE-17681). - btrfs: disable compressed readahead for subpage (jsc#SLE-17681). - btrfs: subpage: check if there are compressed extents inside one page (jsc#SLE-17681). - btrfs: reset this_bio_flag to avoid inheriting old flags (jsc#SLE-17681). - btrfs: remove uptodate parameter from btrfs_dec_test_first_ordered_pending (jsc#SLE-17681). - btrfs: switch uptodate to bool in btrfs_writepage_endio_finish_ordered (jsc#SLE-17681). - btrfs: remove unused start and end parameters from btrfs_run_delalloc_range() (jsc#SLE-17681). - btrfs: check-integrity: drop kmap/kunmap for block pages (jsc#SLE-17681). - btrfs: compression: drop kmap/kunmap from generic helpers (jsc#SLE-17681). - btrfs: compression: drop kmap/kunmap from zstd (jsc#SLE-17681). - btrfs: compression: drop kmap/kunmap from zlib (jsc#SLE-17681). - btrfs: compression: drop kmap/kunmap from lzo (jsc#SLE-17681). - btrfs: drop from __GFP_HIGHMEM all allocations (jsc#SLE-17681). - commit 8fdc8cf - lib/nmi_backtrace: explicitly serialize banner and regs (bsc#1189998). - commit a46a563 - printk/console: Check consistent sequence number when handling race in console_unlock() (bsc#1190111). - commit f003e88 - Fix wrongly dropped CONFIG_SUSE_KERNEL_SUPPORTED on default kernel In the commit 8ab07a9c3eb0, I mistakenly dropped CONFIG_SUSE_KERNEL_SUPPORTED for x86_64/default instead of x86_64/debug. Correct the configs again. - commit 517caa1 - clk: staging: correct reference to config IOMEM to config HAS_IOMEM (git-fixes). - Update config files. - commit 553fdbe - supported.conf: More fixup for aarch64 build Also a typo fix in the previous change - commit dbd4d65 - drm/amd/pm: Fix a bug in semaphore double-lock (git-fixes). - ASoC: rt5682: Remove unused variable in rt5682_i2c_remove() (git-fixes). - commit 0cfdea4 - xhci: Fix failure to give back some cached cancelled URBs (git-fixes). - wcn36xx: Ensure finish scan is not requested before start scan (git-fixes). - wan: remove stale Kconfig entries (git-fixes). - commit a6904e7 - blacklist.conf: Add an already cherry-picked wwan commit - commit dc79c3b - usb: host: xhci-rcar: Don't reload firmware after the completion (git-fixes). - usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes). - usb: bdc: Fix a resource leak in the error handling path of 'bdc_probe()' (git-fixes). - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes). - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes). - Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" (git-fixes). - usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes). - usb: phy: tahvo: add IRQ check (git-fixes). - usb: host: ohci-tmio: add IRQ check (git-fixes). - VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes). - commit cffd3f1 - usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes). - usb: gadget: tegra-xudc: fix the wrong mult value for HS isoc or intr (git-fixes). - usb: cdnsp: fix the wrong mult value for HS isoc or intr (git-fixes). - usb: mtu3: fix the wrong HS mult value (git-fixes). - usb: mtu3: use @mult for HS isoc or intr (git-fixes). - usb: mtu3: restore HS function when set SS/SSP (git-fixes). - usb: phy: twl6030: add IRQ checks (git-fixes). - usb: phy: fsl-usb: add IRQ check (git-fixes). - usb: misc: brcmstb-usb-pinmap: add IRQ check (git-fixes). - usb: gadget: udc: s3c2410: add IRQ check (git-fixes). - commit ffaa491 - usb: gadget: udc: at91: add IRQ check (git-fixes). - usb: dwc3: qcom: add IRQ check (git-fixes). - usb: dwc3: meson-g12a: add IRQ check (git-fixes). - usb: isp1301-omap: Fix the GPIO include (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - spi: spi-zynq-qspi: use wait_for_completion_timeout to make zynq_qspi_exec_mem_op not interruptible (git-fixes). - spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: : add missing struct kernel-doc entry (git-fixes). - commit 872c90f - soc: rockchip: ROCKCHIP_GRF should not default to y, unconditionally (git-fixes). - soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes). - soc: qcom: aoss: Fix the out of bound usage of cooling_devs (git-fixes). - soc: qcom: rpmhpd: Use corner in power_off (git-fixes). - soc: mediatek: mmsys: Fix missing UFOE component in mt8173 table routing (git-fixes). - soc: mmsys: mediatek: add mask to mmsys routes (git-fixes). - soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes). - soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes). - spi: davinci: invoke chipselect callback (git-fixes). - spi: coldfire-qspi: Use clk_disable_unprepare in the remove function (git-fixes). - commit b90aa8c - reset: simple: remove ZTE details in Kconfig help (git-fixes). - staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes). - staging: rtl8723bs: fix wpa_set_auth_algs() function (git-fixes). - rsi: fix an error code in rsi_probe() (git-fixes). - rsi: fix error code in rsi_load_9116_firmware() (git-fixes). - PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes). - power: supply: max17042: handle fails of reading status register (git-fixes). - power: supply: cw2015: use dev_err_probe to allow deferred probe (git-fixes). - regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes). - regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes). - commit 9f6c7fa - memory: tegra: fix unused-function warning (git-fixes). - media: venus: helper: do not set constrained parameters for UBWC (git-fixes). - media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes). - media: venus: hfi: fix return value check in sys_get_prop_image_version() (git-fixes). - staging: mt7621-pci: fix hang when nothing is connected to pcie ports (git-fixes). - misc/pvpanic: fix set driver data (git-fixes). - mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: sdhci: Fix issue with uninitialized dma_slave_config (git-fixes). - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). - commit 254fa4e - media: Documentation: media: Improve camera sensor documentation (git-fixes). - media: omap3isp: Fix missing unlock in isp_subdev_notifier_complete() (git-fixes). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes). - media: atomisp: fix the uninitialized use and rename "retvalue" (git-fixes). - media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes). - media: rockchip/rga: fix error handling in probe (git-fixes). - media: v4l2-subdev: fix some NULL vs IS_ERR() checks (git-fixes). - media: go7007: remove redundant initialization (git-fixes). - media: go7007: fix memory leak in go7007_usb_probe (git-fixes). - media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes). - commit d7222a8 - lib/test_scanf: Handle n_bits == 0 in random tests (git-fixes). - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes). - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes). - media: cxd2880-spi: Fix an error handling path (git-fixes). - media: TDA1997x: enable EDID support (git-fixes). - media: atmel: atmel-sama5d2-isc: fix YUYV format (git-fixes). - mac80211: Fix insufficient headroom issue for AMSDU (git-fixes). - mac80211: remove unnecessary NULL check in ieee80211_register_hw() (git-fixes). - leds: lgm-sso: Propagate error codes from callee to caller (git-fixes). - lib/mpi: use kcalloc in mpi_resize (git-fixes). - commit 7c24bb4 - iio: ltc2983: fix device probe (git-fixes). - iwlwifi: skip first element in the WTAS ACPI table (git-fixes). - iwlwifi: mvm: fix old-style static const declaration (git-fixes). - leds: trigger: audio: Add an activate callback to ensure the initial brightness is set (git-fixes). - leds: rt8515: Put fwnode in any case during ->probe() (git-fixes). - leds: lt3593: Put fwnode in any case during ->probe() (git-fixes). - leds: lgm-sso: Don't spam logs when probe is deferred (git-fixes). - leds: lgm-sso: Put fwnode in any case during ->probe() (git-fixes). - leds: is31fl32xx: Fix missing error code in is31fl32xx_parse_dt() (git-fixes). - i2c: xlp9xx: fix main IRQ check (git-fixes). - commit 491c9c6 - fpga: zynqmp-fpga: Address warning about unused variable (git-fixes). - gve: fix the wrong AdminQ buffer overflow check (git-fixes). - hwmon: remove amd_energy driver in Makefile (git-fixes). - hwmon: sht4x: update Documentation for Malformed table (git-fixes). - i2c: mt65xx: fix IRQ check (git-fixes). - i2c: hix5hd2: fix IRQ check (git-fixes). - i2c: s3c2410: fix IRQ check (git-fixes). - i2c: iop3xx: fix deferred probing (git-fixes). - i2c: synquacer: fix deferred probing (git-fixes). - i2c: highlander: add IRQ check (git-fixes). - commit bf527f5 - firmware: qcom_scm: Mark string array const (git-fixes). - drm/exynos: g2d: fix missing unlock on error in g2d_runqueue_worker() (git-fixes). - drm/amdgpu: fix kernel-doc warnings on non-kernel-doc comments (git-fixes). - drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes). - drm/msm/dp: replug event is converted into an unplug followed by an plug events (git-fixes). - firmware: fix theoretical UAF race with firmware cache and resume (git-fixes). - firmware: raspberrypi: Fix a leak in 'rpi_firmware_get()' (git-fixes). - fpga: xilinx-pr-decoupler: Address warning about unused variable (git-fixes). - fpga: xiilnx-spi: Address warning about unused variable (git-fixes). - fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes). - commit c9e6f32 - drm/msm/dsi: Fix some reference counted resource leaks (git-fixes). - drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes). - drm/msm/dp: update is_connected status base on sink count at dp_pm_resume() (git-fixes). - drm/msm/disp/dpu1: add safe lut config in dpu driver (git-fixes). - drm/msm: Fix error return code in msm_drm_init() (git-fixes). - drm/mgag200: Select clock in PLL update functions (git-fixes). - drm: bridge: it66121: Check drm_bridge_attach retval (git-fixes). - drm/bridge: ti-sn65dsi86: Fix power off sequence (git-fixes). - drm/amd/pm: Fix a bug communicating with the SMU (v5) (git-fixes). - drm/amdgpu/acp: Make PM domain really work (git-fixes). - commit f068ea3 - drm/dp_mst: Fix return code on sideband message failure (git-fixes). - drm: mxsfb: Clear FIFO_CLEAR bit (git-fixes). - drm: mxsfb: Increase number of outstanding requests on V4 and newer HW (git-fixes). - drm: mxsfb: Enable recovery on underflow (git-fixes). - drm/prime: fix comment on PRIME Helpers (git-fixes). - drm: rcar-du: Don't put reference to drm_device in rcar_du_remove() (git-fixes). - drm/of: free the iterator object on failure (git-fixes). - drm/of: free the right object (git-fixes). - drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes). - drm/panfrost: Make sure MMU context lifetime is not bound to panfrost_priv (git-fixes). - commit 594b73c - docs: networking: dpaa2: fix chapter title format (git-fixes). - docs: kvm: properly format code blocks and lists (git-fixes). - docs: kvm: fix build warnings (git-fixes). - docs: printk-formats: fix build warning (git-fixes). - dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes). - Revert "dmaengine: imx-sdma: refine to load context only once" (git-fixes). - drm/bridge: anx7625: Make hpd workqueue freezable (git-fixes). - drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes). - Revert "drm/i915/display: Drop FIXME about turn off infoframes" (git-fixes). - driver core: Fix error return code in really_probe() (git-fixes). - commit 845b17f - counter: 104-quad-8: Return error when invalid mode during ceiling_write (git-fixes). - clocksource/drivers/sh_cmt: Fix wrong setting if don't request IRQ for clock source channel (git-fixes). - crypto: rmd320 - remove rmd320 in Makefile (git-fixes). - crypto: qat - use proper type for vf_mask (git-fixes). - crypto: omap - Avoid redundant copy when using truncated sg list (git-fixes). - crypto: ccp - shutdown SEV firmware on kexec (git-fixes). - crypto: ecc - handle unaligned input buffer in ecc_swap_digits (git-fixes). - crypto: x86/aes-ni - add missing error checks in XTS code (git-fixes). - char: tpm: Kconfig: remove bad i2c cr50 select (git-fixes). - commit 761b234 - Bluetooth: add timeout sanity check to hci_inquiry (git-fixes). - Bluetooth: Move shutdown callback before flushing tx and rx queue (git-fixes). - Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS (git-fixes). - Bluetooth: fix repeated calls to sco_sock_kill (git-fixes). - can: c_can: c_can_do_tx(): fix typo in comment (git-fixes). - can: m_can: fix block comment style (git-fixes). - can: tcan4x5x: cdev_to_priv(): remove stray empty line (git-fixes). - can: j1939: j1939_session_tx_dat(): fix typo (git-fixes). - can: bittiming: fix documentation for struct can_tdc (git-fixes). - commit dfeba14 - ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes). - ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes). - ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes). - bcma: Fix memory leak for internally-handled cores (git-fixes). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes). - Bluetooth: btusb: Make the CSR clone chip force-suspend workaround more generic (git-fixes). - Bluetooth: mgmt: Fix wrong opcode in the response for add_adv cmd (git-fixes). - Bluetooth: btusb: Fix a unspported condition to set available debug features (git-fixes). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes). - commit b676294 - igb: Avoid memcpy() over-reading of ETH_SS_STATS (jsc#SLE-19094). - commit 93a11b3 - ASoC: imx-rpmsg: change dev_err to dev_err_probe for - EPROBE_DEFER (git-fixes). - ASoC: Intel: Skylake: Fix module resource and format selection (git-fixes). - ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix format selection for max98373 (git-fixes). - ASoC: fsl_rpmsg: Check -EPROBE_DEFER for getting clocks (git-fixes). - ASoC: rt5682: Properly turn off regulators if wrong device ID (git-fixes). - ASoC: simple-card-utils: Avoid over-allocating DLCs (git-fixes). - ASoC: mediatek: mt8183: Fix Unbalanced pm_runtime_enable in mt8183_afe_pcm_dev_probe (git-fixes). - ASoC: mediatek: mt8192:Fix Unbalanced pm_runtime_enable in mt8192_afe_pcm_dev_probe (git-fixes). - ASoC: tlv320aic32x4: Fix TAS2505/TAS2521 channel count (git-fixes). - commit d69a91a - igb: Add counter to i21x doublecheck (jsc#SLE-19094). - commit f117cef - Refresh patches.suse/btrfs-fix-NULL-pointer-dereference-when-deleting-dev.patch. - Refresh patches.suse/nvme-code-command_id-with-a-genctr-for-use-after-fre.patch. - Refresh patches.suse/nvme-pci-limit-maximum-queue-depth-to-4095.patch. - Refresh patches.suse/nvme-tcp-don-t-check-blk_mq_tag_to_rq-when-receiving.patch. - Refresh patches.suse/params-lift-param_set_uint_minmax-to-common-code.patch. - commit d7a1b93 - ASoC: codecs: wcd938x: fix returnvar.cocci warnings (git-fixes). - ASoC: ti: delete some dead code in omap_abe_probe() (git-fixes). - ASoC: wm_adsp: Put debugfs_remove_recursive back in (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold again (git-fixes). - ASoC: Intel: Fix platform ID matching (git-fixes). - ALSA: usb-audio: Add lowlatency module option (git-fixes). - ALSA: usb-audio: Work around for XRUN with low latency playback (git-fixes). - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes). - ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes). - commit 749ac46 - Move upstreamed btrfs and nvme patches into sorted section - commit 7e285de - Move upstreamed BT fixes into sorted section - commit 060f76e - blacklist.conf: Add an already cherry-picked BT entry - commit 272beb8 - vt_kdsetmode: extend console locking (bsc#1190025 CVE-2021-3753). - commit 1133248 - supported.conf: fix module subpkg dependencies for aarch64 - commit 14c4a2e - supported.conf: Add missing entries for aarch64 builds - commit 804fe91 - Update config files. Disable CONFIG_WATCHDOG_HRTIMER_PRETIMEOUT (bsc#1190093) - commit ba1434f - Fix config and supported.conf for ppc64le builds Disable irrelevant modules: CONFIG_MDIO_IPQ4019 CONFIG_KEYBOARD_BCM CONFIG_SENSORS_GSC CONFIG_MFD_GATEWORKS_GSC CONFIG_I2C_HID_OF_GOODIX CONFIG_LEDS_AW2013 CONFIG_XILINX_ZYNQMP_DPDMA CONFIG_VDPA and relevant ones CONFIG_IOMMU_IOVA - commit d0e5beb ++++ kernel-firmware: - Update to version 20210901 (git commit 6f5aada830d6): * linux-firmware: update frimware for mediatek bluetooth chip (MT7921) * rtl_bt: Update RTL8852A BT USB firmware to 0xD9A9_1D69 * rtl_bt: Update RTL8822C BT UART firmware to 0x05A9_1A4A * rtl_bt: Update RTL8822C BT USB firmware to 0x09A9_1A4A * Mellanox: Add new mlxsw_spectrum firmware xx.2008.3326 * iwlwifi: add FW for new So/Gf device type * rtl_bt: Update RTL8852A BT USB firmware to 0xD9A9_127B * rtl_nic: update firmware of RTL8153C * ice: update package file to 1.3.26.0 - Update aliases ++++ ceph: - Update to 16.2.5-504-g6a3a59bd19e: + rebased on top of upstream commit SHA1 0d1e1f2973cae7645126fc88a72743367c790d9d + (bsc#1189605) cmake: exclude "grafonnet-lib" target from "all" ++++ systemd: - Drop dependency on m4 (replaced by Jinja2) ++++ mdadm: - Remove Spare drives line from details for external metadata (bsc#1180661, bsc#1182642) 0118-Remove-Spare-drives-line-from-details-for-external-m.patch - Don't associate spares with other arrays during RAID Examine (bsc#1180661, bsc#1182642) 0119-Don-t-associate-spares-with-other-arrays-during-RAID.patch ++++ podman: - require runc >= 1.0.1 ++++ qemu: - Keep qemu-img without backing format still deprecated (bsc#1190135) * Patches added: Revert-qemu-img-Improve-error-for-rebase.patch Revert-qemu-img-Require-F-with-b-backing.patch - Update the support files to reflect the deprecation. ++++ selinux-policy: - Modified fix_systemd.patch to allow systemd gpt generator access to udev files (bsc#1189280) ++++ strace: - Update to strace 5.14 * Improvements * Implemented decoding of memfd_secret and quotactl_fd syscalls, introduced in Linux 5.14. * Enhanced prctl syscall decoding. * Enhanced decoding of IFLA_* netlink attributes. * Enhanced decoding of MDBA_ROUTER_PATTR_* mdb router port netlink attributes. * Updated lists of BPF_*, IORING_*, MADV_*, MOUNT_ATTR_*, SCTP_*, and UFFD_* constants. * Updated lists of ioctl commands from Linux 5.14. ------------------------------------------------------------------ ------------------ 2021-9-1 - Sep 1 2021 ------------------- ------------------------------------------------------------------ ++++ grub2: - Add btrfs zstd compression on i386-pc and also make sure it won't break existing grub installations (bsc#1161823) * deleted 0001-btrfs-disable-zstd-support-for-i386-pc.patch * added 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch ++++ kernel-default: - Update config files: drop CONFIG_SUSE_KERNEL_SUPPORTED on some flavors again (bsc#1190068) - commit 8ab07a9 - supported.conf: More fixups for x86-64 supported states - commit 37a445d - Drop downstream patches for DRM AST drivers Those are neither applicable nor valid on the recent upstream code. - commit ed98f8d - arm64: dts: rockchip: Disable CDN DP on Pinebook Pro (bsc#1188234). - commit 84c42d0 - regulator: mt6323: Add OF match table (bsc#1180731). - regulator: mt6358: Add OF match table (bsc#1180731). - regulator: mt6360: Add OF match table (bsc#1180731). - commit 81a7c74 - Bluetooth: btusb: Add support for Foxconn Mediatek Chip (bsc#1188064). - Bluetooth: btusb: Add support for IMC Networks Mediatek Chip (bsc#1188064). - commit 73cd599 - supported.conf: Move spi-mux into extra for unneeded dependency mess - commit 033b938 - supported.conf: Sort entries - commit defd825 - Update config files: disable unneeded modules for s390x/default CONFIG_SERIAL_BCM63XX=n CONFIG_SERIAL_FSL_LINFLEXUART=n CONFIG_VDPA_SIM*=n - commit d925443 - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (CVE-2021-3640 bsc#1188172). - commit 071eba1 - Move upstreamed BT patches into sorted section - commit 3fa501b - supported.conf: Fix for x86-64 build - commit d459e8f - nvme-multipath: revalidate paths during rescan (bsc#1181972). - commit ff45b6e - supported.conf: hyperv_drm (jsc#sle-19733) - commit 19a1bb2 - livepatch: Re-export two kallsyms functions Revert "kallsyms: unexport kallsyms_lookup_name() and kallsyms_on_each_symbol()" (bsc#1190003 jsc#SLE-17360). - commit d62679f - livepatch: Enable -flive-patching GCC option Revert "Revert "kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled"" (bsc#1190003 jsc#SLE-17360). - commit 8f68bda - livepatch: Drop klp-convert patches It is highly unlikely we will ever use klp-convert, so drop two small patches we currently have in the tree. References: jsc#SLE-17360 bsc#1190003 - Delete patches.suse/livepatch-create-and-include-UAPI-headers.patch. - Delete patches.suse/livepatch-modpost-ignore-unresolved-symbols.patch. - commit 52ab380 - livepatch: Re-enable patches.suse/livepatch-dump-ipa-clones.patch Re-enable patches.suse/livepatch-dump-ipa-clones.patch, so that we can continue to use IPA clones dumps for live patching even on SLE15-SP4. - Update config files. - Update patches.suse/livepatch-dump-ipa-clones.patch (jsc#SLE-17360 bsc#1190003). - commit c5b382c ++++ numactl: - Update to version 2.0.14.20.g4ee5e0c: * Fix system call numbers on s390x * numactl.c: fixed debug verify for --preferred option * numactl.c: Fixed description for the usage of numactl ++++ libseccomp: - Update to release 2.5.2 * Update the syscall table for Linux v5.14-rc7 * Add a function, get_notify_fd(), to the Python bindings to get the nofication file descriptor. * Consolidate multiplexed syscall handling for all architectures into one location. * Add multiplexed syscall support to PPC and MIPS * The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within the kernel. libseccomp's fd notification logic was modified to support the kernel's previous and new usage of SECCOMP_IOCTL_NOTIF_ID_VALID. ++++ systemd: - Configure split-usr=true only when %usrmerged is not defined - Import commit 40bda18e346ff45132ccd6f8f8e96de78dcf3470 (merge of v249.4) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/7f23815a706cf2b2df3eac2eb2f8220736b8f427...40bda18e346ff45132ccd6f8f8e96de78dcf3470 ++++ libvirt: - Update to libvirt 7.7.0 - jsc#SLE-18446 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html ++++ linux-glibc-devel: - Update to kernel headers 5.14 ++++ osinfo-db: - Update to database version 20210809 osinfo-db-20210809.tar.xz ++++ pam: - Added new file macros.pam on request of systemd. [bsc#1190052, macros.pam] ++++ python-libvirt-python: - Update to 7.7.0 - Add all new APIs and constants in libvirt 7.7.0 - jsc#SLE-18446 ++++ salt: - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories - Don't pass shell="/sbin/nologin" to onlyif/unless checks (bsc#1188259) - Add missing aarch64 to rpm package architectures - Backport of upstream PR#59492 - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Define license macro as doc in spec file if not existing - Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327) - Added: * fix-failing-unit-tests-for-systemd.patch * add-missing-aarch64-to-rpm-package-architectures-405.patch * don-t-use-shell-sbin-nologin-in-requisites.patch * better-handling-of-bad-public-keys-from-minions-bsc-.patch * templates-move-the-globals-up-to-the-environment-jin.patch * fix-error-handling-in-openscap-module-bsc-1188647-40.patch * backport-of-upstream-pr59492-to-3002.2-404.patch ------------------------------------------------------------------ ------------------ 2021-8-31 - Aug 31 2021 ------------------- ------------------------------------------------------------------ ++++ grub2: - Delete the author list from %description (the %description section is literally for package descriptions (only) these days, encoding was also problematic). - Add %doc AUTHORS to get packaged that info ++++ irqbalance: - Update to version 1.8.0.18.git+2435e8d.obscpio: * fix unsigned integer subtraction sign overflow - Make git hash in version better visable .git+ ++++ kernel-default: - Delete patches.suse/pcc-cpufreq-Re-introduce-deadband-effect-to-reduce-number-of-frequency-changes.patch. - Delete patches.suse/sched-Further-improve-spurious-CPU_IDLE-active-migrations.patch. Evaluated and are unnecessary - commit c00353f - rpm/config.sh: Update product and build projects. - commit aa0b0dc - Add guards to out-of-tree performance patches that require re-evaluation While these patches apply, there have been changes made upstream that requires them to be re-evaluated. - commit f4767bf - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages. - commit e98096d - arm64: Update config files. (bsc#1189922, jsc#SLE-20148, jsc#SLE-20721) Enable ISP1760_DUAL_ROLE - commit ad8336c - README.BRANCH: Update branch name and maintainers for SLE15-SP4 - commit 9b584c8 - Enable DEBUG_INFO_BTF (jsc#SLE-18805). - commit 1b36b45 - Remove obsolete non-upstream patches (bsc#1165404). - Delete patches.suse/powerpc-pseries-group-lmb-operation-and-memblock-s.patch. - Delete patches.suse/powerpc-pseries-update-device-tree-before-ejecting-h.patch. - commit ea3f853 - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - commit 357f09a ++++ mozilla-nss: - Removed nss-fips-kdf-self-tests.patch. This was made obsolete by upstream changes. (bmo#1660304) - Rebase nss-fips-stricter-dh.patch needed due to upstream changes. ++++ gpgme: - Update to 1.16.0 in SLE-15-SP4: [jsc#SLE-20014, jsc#SLE-21114] * Remove gpgme-test-json.patch fixed upstream ++++ libtpms: - security update - added patches fix CVE-2021-3746 [bsc#1189935], out-of-bounds access via specially crafted TPM 2 command packets + libtpms-CVE-2021-3746.patch ++++ libzypp: - Workaround Bug 1189788: Don't allow ZYPP_SINGLE_RPMTRANS=1 on a not UsrMerged Tumbleweed system. - version 17.28.2 (22) ++++ podman: - Update to version 3.3.1: * Bugfixes - Fixed a bug where unit files created by podman generate systemd could not cleanup shut down containers when stopped by systemctl stop (#11304). - Fixed a bug where podman machine commands would not properly locate the gvproxy binary in some circumstances. - Fixed a bug where containers created as part of a pod using the - -pod-id-file option would not join the pod's network namespace (#11303). - Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions. - Fixed a bug where the until filter to podman logs and podman events was improperly handled, requiring input to be negated (#11158). - Fixed a bug where rootless containers using CNI networking run on systems using systemd-resolved for DNS would fail to start if resolved symlinked /etc/resolv.conf to an absolute path (#11358). * API - A large number of potential file descriptor leaks from improperly closing client connections have been fixed. ++++ qemu: - Update build dependencies versions: libgcrypt >= 1.8.0, gnutls >= 3.5.18, glib >= 2.56, libssh >= 0.8.7 ++++ supermin: - s390x may have a kernel named /boot/image ------------------------------------------------------------------ ------------------ 2021-8-30 - Aug 30 2021 ------------------- ------------------------------------------------------------------ ++++ chrony: - Added hardening to systemd service(s). Added patch(es): * harden_chrony-wait.service.patch * harden_chronyd.service.patch ++++ transactional-update: - Version 3.5.2 - tukit: Fix overlay syncing errors with SELinux [bsc#1188648] - Don't print message for `shell` with --quiet [gh#openSUSE/transactional-update#69] ++++ gsettings-desktop-schemas: - Update to version 41.rc: + Stop setting legacy GNOME 2 shortcut by default. + Updated translations. ++++ kernel-default: - config: enable CONFIG_BMP280 as module (bsc#1189695). - commit 944ae09 - config: enable CONFIG_SERIAL_DEV_BUS (bsc#1189694). As a result, two other options were exposed. These are also aligned with the results of bsc#1182035. CONFIG_SERIAL_DEV_CTRL_TTYPORT=y CONFIG_BT_HCIUART_BCM=y - config: disable CONFIG_REMOTEPROC on non-ARM architectures (bsc#1189693). - config: disable CONFIG_SENSORS_LM3533 (bsc#1189690). - config: enable CONFIG_EROFS_FS_ZIP (bsc#1189689). - Delete patches.suse/misdn-add-support-for-group-membership-check. This patch depends on CONFIG_ISDN which is disabled. - commit a070a3c - config: enable CONFIG_PRINTK_CALLER (bsc#1189671). - config: modularize CONFIG_NF_REJECT_IPV[46] (bsc#1189111). Also mark these new modules as supported and part of the base package. - config: increase CONFIG_LOG_CPU_MAX_BUF_SHIFT (bsc#1189076). CONFIG_LOG_CPU_MAX_BUF_SHIFT determines the size of a the printk log buffer. This change syncs with the master branch and increases the buffer size from 4k/cpu to 32k/cpu. - commit 57994c4 - config: enable CONFIG_GENERIC_IRQ_DEBUGFS (bsc#1189074). - config: re-enable NLS_ISO8859_1 for kvmsmall The EFI partition wants NLS_ISO8859_1 and will fail to mount without it. - pvusb: fix build warning due to missing fallthrough annotation - SLE15-SP4: fix and re-enable mobiveil errata patchset This also incorporates a revert of removed code from mainline: - PCI: mobiveil: Remove unused readl and writel functions (bsc#1161495). - SLE15-SP4: fix and re-enable oracleasm compatibilty exports bio_map_user_iov is again exported but its prototype has changed, which will require updates in the oracleasm code. - commit cb8b4aa - SLE15-SP4: fix and re-enable rbd lio target support There were some API changes in the rbd code that required some rework. Notably, rbd_img_request_create was eliminated and the snapc argument was dropped, which didn't need particularly special handling at the call sites but deserved to be documented. - SLE15-SP4: xfs: fix and re-enable repair of malformed inode items The log recovery subsystem was reworked and this patch needed minor updating. - SLE15-SP4: fix and re-enable PKCS-7 codeSigning patch There was a new call site that needed usage passed to it but otherwise a simple update. - SLE15-SP4: update product/release identifying patches and re-enable These didn't really require much updating but were dependent on the context of the supported-flag patches. - commit de4c7ec - supported-flag: consolidate separate patches into one and re-enable The history of the five supported flag patches can be found in the commit log. This commit unifies them and reverts the removal of get_next_line from mainline to allow supported() to repeatedly scan the file in memory without modifying it. I looked into using tsearch() to handle the lookups and it turns out that it's no faster than just scanning the file repeatedly in memory. - commit d453119 - SLE15-SP4: re-enable patches with simple context conflicts Patches with simple context conflicts but are otherwise correct are fixed and re-enabled. - commit 89a2230 - SLE15-SP4: Update the base kernel version to 5.14. Required changes for rebasing: - Remove all obsolete backports - Remove all kABI references - Remove all kABI fixes - Remove obsolete blacklisted commits - Disable kABI padding patches - Disable and annotate patches that don't apply and need updating - Update config files - Update supported.conf with new dependencies All configurations retain settings from SLE15-SP3, if possible, and adopt new settings from master. - commit 98da1c5 - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release has arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - commit 56f2cba ++++ krb5: - Fix KDC null pointer dereference via a FAST inner body that lacks a server field; (CVE-2021-37750); (bsc#1189929); - Added patches: * 0012-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch ++++ libnettle: - Provide s390x CPACF/SHA/AES Support for Crypto Libraries * Add libnettle-s390x-CPACF-SHA-AES-support.patch [jsc#SLE-20733] ++++ pcsc-ccid: - Version 1.4.36 * Add support of - Lenovo Lenovo Smartcard Wired Keyboard II - REINER SCT tanJack USB - SafeNet eToken 5110+ FIPS - SafeNet eToken 5300 C - jSolutions s.r.o. Multi SIM card reader 4/8 * parse: fix check when bNumDataRatesSupported = 0 ++++ yast2-trans: - Update to version 84.87.20210828.fbeca8288d: * Translated using Weblate (Finnish) * New POT for text domain 'installation'. * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'add-on'. * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Interpolation fixes * Interpolation fixes * New POT for text domain 'packager'. * New POT for text domain 'online-update'. ------------------------------------------------------------------ ------------------ 2021-8-29 - Aug 29 2021 ------------------- ------------------------------------------------------------------ ++++ openssl-1_1: - Other OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. * CVE-2021-3712 continued * bsc#1189521 * Add CVE-2021-3712-other-ASN1_STRING-issues.patch * Sourced from openssl-CVE-2021-3712.tar.bz2 posted on bsc-1189521 2021-08-24 00:47 PDT by Marcus Meissner ------------------------------------------------------------------ ------------------ 2021-8-28 - Aug 28 2021 ------------------- ------------------------------------------------------------------ ++++ Mesa: - update to 21.2.1 * first bugfix release ------------------------------------------------------------------ ------------------ 2021-8-27 - Aug 27 2021 ------------------- ------------------------------------------------------------------ ++++ cloud-netconfig-azure: - Update to version 1.6: + Ignore proxy when accessing metadata (bsc#1187939) + Print warning in case metadata is not accessible + Documentation update ++++ cloud-netconfig-ec2: - Update to version 1.6: + Ignore proxy when accessing metadata (bsc#1187939) + Print warning in case metadata is not accessible + Documentation update ++++ cloud-netconfig-gce: - Update to version 1.6: + Ignore proxy when accessing metadata (bsc#1187939) + Print warning in case metadata is not accessible + Documentation update ++++ kernel-default: - net: qrtr: fix another OOB Read in qrtr_endpoint_post (CVE-2021-3743 bsc#1189883). - net: qrtr: fix OOB Read in qrtr_endpoint_post (CVE-2021-3743 bsc#1189883). - commit 78ff8ba - rpm: fix kmp install path - commit 22ec560 - btrfs: fix NULL pointer dereference when deleting device by invalid id (bsc#1189832 CVE-2021-3739). - commit 6bfce07 ++++ kmod: - Add ZSTD support on Tumbleweed only. Add a way to detect ZSTD. ++++ patterns-microos: - zypper-migration-plug-in now provided by suseconnect-ng ++++ qemu: - Fix hardcoded binfmt handler doesn't play well with containers (bsc#1186256) * Patches added: qemu-binfmt-conf.sh-allow-overriding-SUS.patch ++++ selinux-policy: - fix rebootmgr does not trigger the reboot properly (boo#1189878) * fix managing /etc/rebootmgr.conf * allow rebootmgr_t to cope with systemd and dbus messaging ++++ suseconnect-ng: - Update to version 0.0.3~git9.19e761b: * Add zypper-migration-plugin to package * Remove unused Error logger * Add missing doc strings to exported vars and funcs * Handle error after products sync api call * Make the CI check gofmt ------------------------------------------------------------------ ------------------ 2021-8-26 - Aug 26 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - nvme: code command_id with a genctr for use-after-free validation (bsc#1181972). - nvme-tcp: don't check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972). - nvme-pci: limit maximum queue depth to 4095 (bsc#1181972). - params: lift param_set_uint_minmax to common code (bsc#1181972). - nvme: avoid possible double fetch in handling CQE (bsc#1181972). - nvme-pci: fix NULL req in completion handler (bsc#1181972). - nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972). - nvme-pci: use unsigned for io queue depth (bsc#1181972). - commit 01de302 - post.sh: detect /usr mountpoint too - commit c7b3d74 - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153). - commit 8bf2f14 ++++ hivex: - bsc#1189060 - VUL-0: CVE-2021-3622: hivex: hivex: stack overflow due to recursive call of _get_children() CVE-2021-3622-stack-overflow-due-to-recursive-call-of-_get_children.patch ++++ python3-core: - test_faulthandler is still problematic under qemu linux-user emulation, disable it there ++++ libssh: - Update to version 0.9.6 (bsc#1189608, CVE-2021-3634) * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.9.6 ++++ patterns-microos: - added sssd_ldap pattern ++++ python3: - test_faulthandler is still problematic under qemu linux-user emulation, disable it there ++++ qemu: - Update to v6.1: see https://wiki.qemu.org/ChangeLog/6.1 For a full list of formely deprecated features that are removed, consult: https://qemu-project.gitlab.io/qemu/about/removed-features.html For a list of new deprecated features, consult: https://qemu-project.gitlab.io/qemu/about/deprecated.html Some noteworthy changes: * Removed moxie CPU. * Removed lm32 CPU. * Removed unicore32 CPU. * Removed 'info cpustats'. * Added Aspeed machines: rainier-bmc, quanta-q7l1-bmc. * Added npcm7xx machine: quanta-gbs-bmc. * Model for Aspeed's Hash and Crypto Engine. * SVE2 is now emulated, including bfloat16 support * FEAT_I8MM, FEAT_TLBIOS, FEAT_TLBRANGE, FEAT_BF16, FEAT_AA32BF16, and FEAT_MTE3 are now emulated. * Improved hot-unplug failures on PowerPC pseries machine. * Implemented some POWER10 instructions in TCG. * Added shakti_c RISC-V machine. * Improved documentation for RISC-V machines. * CPU models for gen16 have been added for s390x. * New CPU model versions added with XSAVES enabled: Skylake-Client-v4, Skylake-Server-v5, Cascadelake-Server-v5, Cooperlake-v2, Icelake-Client-v3, Icelake-Server-v5, Denverton-v3, Snowridge-v3, Dhyana-v2 * Added ACPI based PCI hotplug support to Q35 machine. Enabled and used by default since pc-q35-6.1 machine type. * Added support for the pca9546 and pca9548 I2C muxes. * Added support for PMBus and several PMBus devices. * Crypto subsystem: The preferred crypto backend driver now gnutls, with libgcrypt as the second choice, and nettle as third choice, with ordering driven mostly by performance of the ciphers. * Misc doc improvements. * Patches removed: block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch hmp-Fix-loadvm-to-resume-the-VM-on-succe.patch hw-block-nvme-align-with-existing-style.patch hw-block-nvme-consider-metadata-read-aio.patch hw-net-can-sja1000-fix-buff2frame_bas-an.patch hw-nvme-fix-missing-check-for-PMR-capabi.patch hw-nvme-fix-pin-based-interrupt-behavior.patch hw-pci-host-q35-Ignore-write-of-reserved.patch hw-rdma-Fix-possible-mremap-overflow-in-.patch hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch hw-usb-Do-not-build-USB-subsystem-if-not.patch hw-usb-host-stub-Remove-unused-header.patch linux-user-aarch64-Enable-hwcap-for-RND-.patch module-for-virtio-gpu-pre-load-module-to.patch monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch pvrdma-Ensure-correct-input-on-ring-init.patch pvrdma-Fix-the-ring-init-error-flow-CVE-.patch qemu-config-load-modules-when-instantiat.patch qemu-config-parse-configuration-files-to.patch qemu-config-use-qemu_opts_from_qdict.patch runstate-Initialize-Error-to-NULL.patch sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch target-i386-Exit-tb-after-wrmsr.patch target-sh4-Return-error-if-CPUClass-get_.patch tcg-Allocate-sufficient-storage-in-temp_.patch tcg-arm-Fix-tcg_out_op-function-signatur.patch tcg-sparc-Fix-temp_allocate_frame-vs-spa.patch ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch usb-hid-avoid-dynamic-stack-allocation.patch usb-limit-combined-packets-to-1-MiB-CVE-.patch usb-mtp-avoid-dynamic-stack-allocation.patch usb-redir-avoid-dynamic-stack-allocation.patch usbredir-fix-free-call.patch vfio-ccw-Permit-missing-IRQs.patch vhost-user-blk-Check-that-num-queues-is-.patch vhost-user-blk-Don-t-reconnect-during-in.patch vhost-user-blk-Fail-gracefully-on-too-la.patch vhost-user-blk-Get-more-feature-flags-fr.patch vhost-user-blk-Make-sure-to-set-Error-on.patch vhost-user-gpu-abstract-vg_cleanup_mappi.patch vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch vhost-user-gpu-fix-leak-in-virgl_resourc.patch vhost-user-gpu-fix-memory-disclosure-in-.patch vhost-user-gpu-fix-memory-leak-in-vg_res.patch vhost-user-gpu-fix-memory-leak-while-cal.patch vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch vhost-user-gpu-fix-resource-leak-in-vg_r.patch vhost-vdpa-don-t-initialize-backend_feat.patch virtio-blk-Fix-rollback-path-in-virtio_b.patch virtio-Fail-if-iommu_platform-is-request.patch virtiofsd-Fix-side-effect-in-assert.patch vl-allow-not-specifying-size-in-m-when-u.patch vl-Fix-an-assert-failure-in-error-path.patch vl-plug-object-back-into-readconfig.patch vl-plumb-keyval-based-options-into-readc.patch x86-acpi-use-offset-instead-of-pointer-w.patch ++++ selinux-policy: - Properly label cockpit files - Allow wicked to communicate with network manager on DBUS (bsc#1188331) ------------------------------------------------------------------ ------------------ 2021-8-25 - Aug 25 2021 ------------------- ------------------------------------------------------------------ ++++ cryptsetup: - As YaST passes necessary parameters to cryptsetup anyway, we do not necessarily need to take grub into consideration. So back to Argon2 to see how it goes. ++++ gobject-introspection: - Update to version 1.69.0: + Fix build when gobject-introspection is a subproject, + Add more float types, + Make test suite work with cross-related options, + Fix several leaks found by Coverity, + Fix enum member, + Add g-ir-doc-tool man page, + Export warnlib sources as variables, + Update the GLib annotations, + Add "final" class attribute, + Add option to make .gir files installation paths configurable, + Handle constructors with mismatched GTypes, + Add property accessors annotations, ++++ kernel-default: - Refresh patches.suse/blk-mq-sched-Fix-blk_mq_sched_alloc_tags-error-handl.patch. - commit 6f36e1b - perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (bsc#1189225). - commit 8f47b8e - kABI fix of usb_dcd_config_params (git-fixes). - commit 8726268 ++++ json-glib: - Update to version 1.6.6: + New release with the documentation and gi-docgen included in the archive. - Drop gtk-doc BuildRequires, no longer needed, nor used. - Add docbook-xsl-stylesheets and libxslt-tools BuildRequires, needed for building of manpages. ++++ libqmi: - Update to version 1.28.8 * libqmi-glib: - Fix CTL "Set Data Format" output TLV prerequisites. - Fix double free in the qmiwwan based net port manager. ++++ libsoup2: - Rename source package to libsoup2, as a compatibility package while the world moves to libsoup3 (with HTTP/2 support). ++++ pam: - Added pam_faillock to the set of modules. [jsc#sle-20638, pam-sle20638-add-pam_faillock.patch] ++++ supermin: - Update to 5.2.1 bug fix release. Include post 5.2.1 upstream fix. Avoid-lstat-Value-too-large-for-defined-data-type.patch disable-test-if-newer-ext2.patch ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#520 - ensure /usr/share/pci.ids exists (bsc#1189767) - 16.56.11 ------------------------------------------------------------------ ------------------ 2021-8-24 - Aug 24 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489). - commit 33182b7 - blacklist.conf: 9625895011d1 x86/fpu: Fix copy_xstate_to_kernel() gap handling - commit 50f6bfa - net: usb: lan78xx: don't modify phy_device state concurrently (bsc#1188270) - commit 4e61642 - scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650). - commit 41aa06c - usb: gadget: Export recommended BESL values (git-fixes). - commit 96bbeda ------------------------------------------------------------------ ------------------ 2021-8-23 - Aug 23 2021 ------------------- ------------------------------------------------------------------ ++++ glib2-branding-openSUSE: - Update for libreoffice-* desktop files no longer dropping the libreoffice- prefix. ++++ glib-networking: - Update to version 2.70.beta: + gnutls: Ensure that PKCS #11 pins are NUL terminated. + openssl: Restore OCSP support. ++++ glib2: - Update to version 2.69.2: + The `DBUS_SESSION_BUS_ADDRESS` environment variable is once more not used if the process is `AT_SECURE` (setuid/setgid/setcap); this change was previously applied and then reverted because it broke gnome-keyring + Add `g_test_fail_printf()`, `g_test_skip_printf()`, `g_test_incomplete_printf()` helper functions for printing messages when tests end prematurely + Add portal implementation of `GPowerProfileMonitor` + Various bugs fixed + Updated translations. - Update to version 2.69.1: + Support categories in desktop notifications (`GNotification`) + Add `GPowerProfileMonitor` for monitoring when to use less power (due to being on battery power, electricity being expensive or high-carbon, etc.) + Allow static names to be set for `GSource`s to avoid unnecessary string copies + Various bugs fixed + Updated translations. - Update to version 2.69.0: + Fix a crash in `GKeyFile` when parsing a file which contains translations using a `GKeyFile` instance which has loaded another file previously. + Ensure `dlerror()` is used with locking as it’s not thread-safe in some libc implementations. + Drop internal libpcre copy in favour of a subproject from wrapdb. + Optimise grefcount atomic operations. + Fix `g_date_time_format()` return value encoding if `LC_TIME` is not a UTF-8 locale but other locale settings are. + Set app name in freedesktop.org notifications with `GNotification`. + Add PKCS#11 flags to `GTlsPasswordFlags`. - Drop -Dinternal_pcre=false meson parameter: follow upstreams build recipe changes. ++++ gsettings-desktop-schemas: - Update to version 41.alpha: + Add lockdown setting for revealing passwords. + Updated translations. ++++ ignition: - Make sure to create /boot/writable (may not be present in some images) ++++ kernel-default: - ovl: prevent private clone if bind mount is not allowed (bsc#1189706, CVE-2021-3732). - commit d40514b - blacklist.conf: 6c34df6f350d ("tracing: Apply trace filters on all output channels") Requires at least commit 8cfcf15503f6 ("tracing: kprobes: Output kprobe event to printk buffer") too. Let's wait if there is an actual problem for someone. - commit ef40598 - kernel-binary.spec.in: make sure zstd is supported by kmod if used - commit f36412b - kernel-binary.spec.in: add zstd to BuildRequires if used - commit aa61dba - tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes). - commit bf4be33 - x86/sev: Use "SEV: " prefix for messages from sev.c (jsc#SLE-14337). - x86/sev: Split up runtime #VC handler for correct state tracking (jsc#SLE-14337). - x86/sev: Make sure IRQs are disabled while GHCB is active (jsc#SLE-14337). - commit 33b49b0 - x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489). - commit 72c8a0d - slimbus: ngd: reset dma setup during runtime pm (git-fixes). - slimbus: messaging: check for valid transaction id (git-fixes). - slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes). - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes). - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes). - commit cc02968 - Fix breakage of swap over NFS (bsc#1188924). - commit 9f3f2ef - Update Patch-mainline tags for patches that landed in 5.14-rc7. - commit 118111d ++++ libgcrypt: - Update to 1.9.4: [jsc#SLE-17558, jsc#SLE-18135, jsc#SLE-20734] * Bug fixes: - Fix Elgamal encryption for other implementations. [CVE-2021-33560] - Fix alignment problem on macOS. - Check the input length of the point in ECDH. - Fix an abort in gcry_pk_get_param for "Curve25519". * Other features: - Add GCM and CCM to OID mapping table for AES. * Upstream libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch - Remove not needed patch libgcrypt-sparcv9.diff ++++ libsoup2: - Update to version 2.74.0: + IMPORTANT: Enable ssl-use-system-ca-file by default on deprecated Sync and Async sessions. + Fix including headers in C++ projects. + Fix attempting to resolve relative paths with data URIs. + Support Content-Disposition headers without a disposition-type. + Fix building VAPI bindings with latest Vala. + Fix sending a Content-Length header in a response with status code of 1xx or 204. + Updated translations. - Drop libsoup-fix-SSL-test.patch: fixed upstream. ++++ systemd: - Rework the test (sub)package: - it's been renamed into 'systemd-testsuite' - it includes the extended tests too - the relevant commits have been backported to SUSE/v249 so no SUSE specific patch is needed to run the extended tests (see below) - the deps needed by the extended tests have been added - Import commit 7f23815a706cf2b2df3eac2eb2f8220736b8f427 ad216581b6 test: if haveged is part of initrd it needs to be installed in the image too 088fbb71d0 test: adapt install_pam() for openSUSE 4d631c1f0c Revert "test: adapt TEST-13-NSPAWN-SMOKE for SUSE" ef956eb8a2 test: on openSUSE the static linked version of busybox is named "busybox-static" 6f7ce633b0 TEST-13-*: in busybox container sleep(1) takes a delay in seconds only 278baaa3ec test: don't try to find BUILD_DIR when NO_BUILD is set 3bba2f876a test: add support for NO_BUILD=1 on openSUSE d77cbc1b64 test: make busybox TEST-13-only dependency ++++ libzypp: - Fix crashes in logging code when shutting down (bsc#1189031) - version 17.28.1 (22) ++++ netcfg: - add submissions port number [bsc#1189683] - modified patches % services-suse.diff ++++ podman: - Revert crun change due to crun having exclusive arch targets that would drop podman support in PPC and IBM Z ++++ runc: - Update to runc v1.0.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.2 * Fixed a failure to set CPU quota period in some cases on cgroup v1. * Fixed the inability to start a container with the "adding seccomp filter rule for syscall ..." error, caused by redundant seccomp rules (i.e. those that has action equal to the default one). Such redundant rules are now skipped. * Made release builds reproducible from now on. * Fixed a rare debug log race in runc init, which can result in occasional harmful "failed to decode ..." errors from runc run or exec. * Fixed the check in cgroup v1 systemd manager if a container needs to be frozen before Set, and add a setting to skip such freeze unconditionally. The previous fix for that issue, done in runc 1.0.1, was not working. ++++ selinux-policy: - Added policy module for rebootmgr (jsc#SMO-28) ++++ toolbox: - Update to version 2.2+git20210823.dd0fff8: * README mini-typo * Docker: don't use unsupported --userns=keep-id * Docker: also check for created status * Try to use docker if installed and podman is not * Properly share namespaces in non-user toolboxes * Properly quote workdir ++++ yast2-trans: - Update to version 84.87.20210822.664756784b: * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Czech) * New POT for text domain 'country'. * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'services-manager'. ------------------------------------------------------------------ ------------------ 2021-8-22 - Aug 22 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 (git-fixes). - commit 7a5c94a - ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes). - commit 0bed191 - Update config files: disable CONFIG_SND_SOC_INTEL_BYT_CHT_NOCODEC_MACH (bsc#1189696) This option is only for special purpose, and rather harmful for the usual operations. - commit 1e546ed ++++ xfsprogs: - update to v5.13.0: - mkfs: validate rtextsz hint when rtinherit is set - xfs_repair: invalidate dirhash when junking dirent - xfs_repair: validate inherited rtextsz hint alignmt - xfs_quota: allow truncate of grp & prj quota files - xfs_io: allow callers to dump fs stats individually - xfs_io: don't count fsmaps before querying fsmaps - xfs_io: print header once when dumping fsmap in csv - xfs_io: clean up the funshare command a bit - xfs_io: fix broken funshare_cmd usage - libxfs changes merged from kernel 5.13 ------------------------------------------------------------------ ------------------ 2021-8-21 - Aug 21 2021 ------------------- ------------------------------------------------------------------ ++++ json-glib: - Update to version 1.6.4: + Discover linker flags on all toolchains + Fix memory leak + Use gi-docgen instead of gtk-doc for generating the API reference + Build against newer versions of GLib - Pass gtk_doc=disabled to meson, no longer build API documentation. ------------------------------------------------------------------ ------------------ 2021-8-20 - Aug 20 2021 ------------------- ------------------------------------------------------------------ ++++ glib2: - Update to version 2.68.4: + Various bugfixes and backports from master. + Updated translations. - Drop 63e7864.patch: fixed upstream. ++++ open-iscsi: - Merged latest upstream, which includes: * iscsid: set PR_SET_IO_FLUSHER (bsc#1188869) ++++ kernel-default: - rpm: support gz and zst compression methods Extend commit 18fcdff43a00 ("rpm: support compressed modules") for compression methods other than xz. - commit 3b8c4d9 - ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 (git-fixes). - ALSA: hda/realtek: fix mute led of the HP Pavilion 15-eh1xxx series (git-fixes). - ALSA: hda/realtek - Add ALC285 HP init procedure (git-fixes). - ALSA: hda/realtek - Add type for ALC287 (git-fixes). - ALSA: hda/realtek: Change device names for quirks to barebone names (git-fixes). - ALSA: hda/hdmi: fix max DP-MST dev_num for Intel TGL+ platforms (git-fixes). - ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically (git-fixes). - commit a13877e ++++ libjpeg-turbo: - version update to 2.1.1 1. Fixed a regression introduced in 2.1.0 that caused build failures with non-GCC-compatible compilers for Un*x/Arm platforms. 2. Fixed a regression introduced by 2.1 beta1[13] that prevented the Arm 32-bit (AArch32) Neon SIMD extensions from building unless the C compiler flags included -mfloat-abi=softfp or -mfloat-abi=hard. 3. Fixed an issue in the AArch32 Neon SIMD Huffman encoder whereby reliance on undefined C compiler behavior led to crashes ("SIGBUS: illegal alignment") on Android systems when running AArch32/Thumb builds of libjpeg-turbo built with recent versions of Clang. 4. Added a command-line argument (-copy icc) to jpegtran that causes it to copy only the ICC profile markers from the source file and discard any other metadata. 5. libjpeg-turbo should now build and run on CHERI-enabled architectures, which use capability pointers that are larger than the size of size_t. 6. Fixed a regression introduced by 2.1 beta1[5] that caused a segfault in the 64-bit SSE2 Huffman encoder when attempting to losslessly transform a specially-crafted malformed JPEG image. ++++ podman: - Update to version 3.3.0: * Fix network aliases with network id * machine: compute sha256 as we read the image file * machine: check for file exists instead of listing directory * pkg/bindings/images.nTar(): slashify hdr.Name values * Volumes: Only remove from DB if plugin removal succeeds * For compatibility, ignore Content-Type * [v3.3] Bump c/image 5.15.2, buildah v1.22.3 * Implement SD-NOTIFY proxy in conmon * Fix rootless cni dns without systemd stub resolver * fix rootlessport flake * Skip stats test in CGv1 container environments * Fix AVC denials in tests of volume mounts * Restore buildah-bud test requiring new images * Revert ".cirrus.yml: use fresh images for all VMs" * Fix device tests using ls test files * Enhance priv. dev. check * Workaround host availability of /dev/kvm * Skip cgroup-parent test due to frequent flakes * Cirrus: Fix not uploading logformatter html ------------------------------------------------------------------ ------------------ 2021-8-19 - Aug 19 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.32.10: + core: fix the order of IPv6 addresses changing on service restart. + initrd: add command line option to configure link autonegotiation and speed. + ifcfg-rh: - fix crash when parsing invalid DNS address. - extend ifup/ifdown scripts to work with connection profile names. + udev: also react to "move" (and "change") udev actions in our rules. - Changes from version 1.32.8: + firewalld: configure zones on "Reloaded" signal. + core: fix wrong MTU for bridge interfaces. + cloud-setup: fix gateway address for Aliyun cloud. ++++ cockpit: - add --legacy-peer-deps to fix build ++++ cockpit-wicked: - Version 4.2: * Update a few dependencies to address security concerns (gh#132). - Fix a packaging problem that caused cockpit-wicked to do not work at all (bsc#1189611). ++++ kernel-default: - SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924). - SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924). - kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - commit a690151 - ALSA: hda: Fix hang during shutdown due to link reset (git-fixes). - ALSA: hda: Release controller display power during shutdown/reboot (git-fixes). - commit 62c768e - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes). - PCI/MSI: Correct misleading comments (git-fixes). - PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes). - PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes). - PCI/MSI: Mask all unused MSI-X entries (git-fixes). - i2c: dev: zero out array used for i2c reads from userspace (git-fixes). - commit 4d62c8f - ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes). - ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes). - commit bb87ddf - s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771). - commit 46381a6 - series.conf: cleanup - move mainline backports to sorted section: - patches.suse/KVM-nSVM-avoid-picking-up-unsupported-bits-from-L2-i.patch - patches.suse/KVM-nSVM-always-intercept-VMLOAD-VMSAVE-when-nested.patch - commit 30636ef ++++ suse-module-tools: - Update to version 15.4.3: * fix problem that initrd may not be rebuilt after installing kernel-$flavor-extra (bsc#1189441) ------------------------------------------------------------------ ------------------ 2021-8-18 - Aug 18 2021 ------------------- ------------------------------------------------------------------ ++++ cpio: - Fix regression in last update (bsc#1189465) * fix-CVE-2021-38185_2.patch * fix-CVE-2021-38185_3.patch ++++ kernel-default: - Refresh patches.suse/x86-fpu-make-init_fpstate-correct-with-optimized-xsave.patch. - commit 20ad695 - Refresh patches.suse/x86-fpu-make-init_fpstate-correct-with-optimized-xsave.patch. - commit 9deb044 - Fix kabi of prepare_to_wait_exclusive() (bsc#1189575). - commit da7e3ca - powerpc/smp: Use existing L2 cache_map cpumask to find L3 cache siblings (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Remove the redundant get_shared_cpu_map() (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Lookup cache by dt node and thread-group id (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Make some symbols static (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Improve diagnostics about malformed cache lists (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Use name@unit instead of full DT path in debug messages (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - commit f7e0183 - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587). - commit ae93a20 - ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586). - commit 50b39b2 - ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455). - commit 3cfd5e7 - ubifs: Fix error return code in alloc_wbufs() (bsc#1189585). - blacklist.conf: - commit d0fe9df - ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583). - commit abd23d2 - ocfs2: issue zeroout to EOF blocks (bsc#1189582). - commit 7960ad8 - ocfs2: fix snprintf() checking (bsc#1189581). - commit ca894bd - ocfs2: fix zero out valid data (bsc#1189579). - commit 42e68bc - writeback: fix obtain a reference to a freeing memcg css (bsc#1189577). - commit b318f10 - ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576). - commit 13d68f1 - rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575). - commit edbcd21 - fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574). - commit a8937b5 - bdi: Do not use freezable workqueue (bsc#1189573). - commit 60e4174 - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569). - commit 1b1dfcf - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568). - commit 0ace36d - ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567). - commit 4329025 - ext4: fix avefreec in find_group_orlov (bsc#1189566). - commit d7bfbbd - ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565). - commit 3ca5f18 - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564). - commit cd60859 - ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563). - commit 200d004 - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562). - commit fd9a225 - blacklist.conf: add Kconfig patch for BLK_DEV_INITRD Add 481083ec0bfc ("initramfs: Remove redundant dependency of RD_ZSTD on BLK_DEV_INITRD") to blacklist. We don't have be1859bdc660 ("initramfs: remove redundant dependency on BLK_DEV_INITRD"), on which this one is based, either. - commit 598e95d - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes). - commit 92c63a5 - KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (bsc#1189399, CVE-2021-3653). - KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (bsc#1189400, CVE-2021-3656). - KVM: X86: MMU: Use the correct inherited permissions to get shadow page (CVE-2021-38198 bsc#1189262). - commit 7902615 - usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes). - commit 2a94579 - Revert "xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype" (bsc#1185675). This revert was initially applied to SLE15-SP2-RT (70e4d04b75f). Since the reverted commit went into SLE15-SP2 (96f285dfa8b), the revert needs to move from SLE15-SP2-RT to SLE15-SP2. - commit f32a28c - Update patches.suse/ibmvnic-Allow-device-probe-if-the-device-is-not-read.patch (bsc#1167032 ltc#184087 bsc#1184114 ltc#192237). - commit 8a87839 - blacklist.conf: add an entry for the reverted iTCO_wdt - commit 4c97ae2 ++++ kmod: - Display module information even for modules built into the running kernel (bsc#1189537). + libkmod-Provide-info-even-for-modules-built-into-the.patch ++++ mozilla-nss: - Update nss-fips-constructor-self-tests.patch to fix crashes reported by upstream. This was likely affecting WebRTC calls. ++++ openssl-1_1: - A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. * CVE-2021-3711 * bsc#1189520 * Add: CVE-2021-3711-1-Correctly-calculate-the-length-of-SM2-plaintext-give.patch CVE-2021-3711-2-Extend-tests-for-SM2-decryption.patch CVE-2021-3711-3-Check-the-plaintext-buffer-is-large-enough-when-decr.patch - The function X509_aux_print() has a bug which may cause a read buffer overrun when printing certificate details. A malicious actor could construct a certificate to deliberately hit this bug, which may result in a crash of the application (causing a Denial of Service attack). * CVE-2021-3712 * bsc#1189521 * Add CVE-2021-3712-Fix-read-buffer-overrun-in-X509_aux_print.patch ++++ pango: - Update to version 1.48.9: + Don't require a newly attached buffer to apply state. + Fix upside-down Xshape surface with EGLstream. + Misc. bug fixes and cleanups. + Updated translations. ++++ nvme-cli: - update to 1.15 * add NVMe MI features * add uuid index in get and set features command * nvme-cli: Add lsi option for get-log command * nvme: add json output format for list_ns * fabrics: add fast_io_fail_tmo option * fabrics: add --host-iface option * nvme: add latency parameter for passthru commands * nvme: add optional copy format support id ctrl field * nvme: add zone desc changed notice async event * nvme: add json, binary and human readable output format for id iocs * fabrics: print device name on connect * nvme: add get log page 2.0 spec fields * nvme: add the status codes from 2.0 spec * zns: add timeout parameter for Zone Management Commands * nvme: add CDW2 and CDW3 support for Write Zeroes and Verify Command * nvme: add Storage Tag Check field in NVM Commands * bash: updated completion support for latest commands and plugins * nvme: add capacity management command support * add identify CNS 0x18 domain list support ------------------------------------------------------------------ ------------------ 2021-8-17 - Aug 17 2021 ------------------- ------------------------------------------------------------------ ++++ bash: - Post update-alternatives approach back from factory for /bin/sh (SLE-19670) ++++ haproxy: - Update to version 2.4.3+git0.4dd5a5a6c: CVE-2021-39240 CVE-2021-39241 CVE-2021-39242 (boo#1189366 boo#1189548 boo#1189549) * [RELEASE] Released version 2.4.3 * REGTESTS: add a test to prevent h2 desync attacks * BUG/MEDIUM: h2: give :authority precedence over Host * BUG/MAJOR: h2: enforce stricter syntax checks on the :method pseudo-header * BUG/MAJOR: h2: verify that :path starts with a '/' before concatenating it * BUG/MAJOR: h2: verify early that non-http/https schemes match the valid syntax * MINOR: http: add a new function http_validate_scheme() to validate a scheme * DOC/MINOR: fix typo in management document * CLEANUP: assorted typo fixes in the code and comments * BUG/MEDIUM: cfgcheck: verify existing log-forward listeners during config check * BUG/MEDIUM: spoe: Fix policy to close applets when SPOE connections are queued * DOC: config: Fix 'http-response send-spoe-group' documentation * DOC: Improve the lua documentation * BUG/MINOR: tcpcheck: Properly detect pending HTTP data in output buffer * BUG/MINOR: buffer: fix buffer_dump() formatting * BUG/MEDIUM: spoe: Create a SPOE applet if necessary when the last one is released * MINOR: spoe: Add a pointer on the filter config in the spoe_agent structure * ADMIN: dyncookie: implement a simple dynamic cookie calculator * MINOR: server: unmark deprecated on enable health/agent cli * BUG/MINOR: server: update last_change on maint->ready transitions too * BUG/MINOR: server: remove srv from px list on CLI 'add server' error * BUILD: opentracing: fixed build when using pkg-config utility * DOC: internals: document the FD takeover process * BUG/MINOR: fd: protect fd state harder against a concurrent takeover * BUG/MINOR: pollers: always program an update for migrated FDs * BUG/MINOR: poll: fix abnormally high skip_fd counter * BUG/MINOR: select: fix excess number of dead/skip reported * BUG/MEDIUM: pollers: clear the sleeping bit after waking up, not before * BUG/MEDIUM: connection: close a rare race between idle conn close and takeover * BUG/MINOR: connection: Add missing error labels to conn_err_code_str * BUG/MEDIUM: mux-h2: Handle remaining read0 cases on partial frames * BUG/MINOR: mux-h1: Be sure to swap H1C to splice mode when rcv_pipe() is called * BUG/MINOR: mux-h2: Obey dontlognull option during the preface * BUG/MINOR: mux-h1: Obey dontlognull option for empty requests * BUG/MINOR: systemd: must check the configuration using -Ws * BUG/MINOR: resolvers: Use a null-terminated string to lookup in servers tree * BUG/MINOR: check: fix the condition to validate a port-less server * BUG/MINOR: stats: Add missing agent stats on servers * BUG/MEDIUM: ssl_sample: fix segfault for srv samples on invalid request * BUILD/MINOR: memprof fix macOs build. * BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs * BUG/MEDIUM: mworker: do not register an exit handler if exit is expected * BUILD: lua: silence a build warning with TCC * BUILD: add detection of missing important CFLAGS * BUG/MINOR: ssl: Default-server configuration ignored by server * MINOR: mux_h2: define config to disable h2 websocket support * BUILD: http_htx: fix ci compilation error with isdigit for Windows ++++ jeos-firstboot: - Include appropriate Requires * wicked * iptroute2 * timezone ++++ kernel-default: - usb: dwc3: gadget: Fix handling ZLP (git-fixes). - commit 5e0eec9 - tracing: Reject string operand in the histogram expression (git-fixes). - commit edab067 - tracing / histogram: Give calculation hist_fields a size (git-fixes). - commit 49985ee - blacklist.conf: 1e3bac71c505 ("tracing/histogram: Rename "cpu" to "common_cpu"") Better not to backport the commit as it changes the semantics of an existing field. - commit 00d0183 - blacklist.conf: 6c881ca0b304 ("afs: Fix tracepoint string placement with built-in AFS") CONFIG_AFS_FS is not set on SLE15-SP2. It is on SLE15-SP3 but only as a module, not built-in. No need to backport the commit. - commit 43483b1 - blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507). - commit b15ef07 - blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506). - commit 7fe32f7 - block: fix trace completion for chained bio (bsc#1189505). - commit 47344da - blk-wbt: make sure throttle is enabled properly (bsc#1189504). - commit 7b07185 - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503). - commit 798c57a - misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp() (git-fixes). - misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes). - commit 55d9570 - gpio: eic-sprd: break loop when getting NULL device resource (git-fixes). - Revert "gpio: eic-sprd: Use devm_platform_ioremap_resource()" (git-fixes). - commit 990b695 - Revert a BT patch that was reverted on stable trees (git-fixes) Delete patches.suse/Bluetooth-Shutdown-controller-after-workqueues-are-f.patch - commit 127d54b - mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes). - commit 0a223c6 ++++ samba: - Fix dependency problem upgrading from libndr0 to libndr1; (bsc#1189875); - Fix dependency problem upgrading from libsmbldap0 to libsmbldap2; (bsc#1189875); - Fix wrong kvno exported to keytab after net ads changetrustpw due to replication delay; (bsc#1188727); - Add Certificate Auto Enrollment Policy; (jsc#SLE-18456). - Update to 4.13.10 * s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles; (bso#14708); * Take a copy to make sure we don't reference free'd memory; (bso#14721); * s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722); * s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path; (bso#14736); * samba-tool: Give better error information when the 'domain backup restore' fails with a duplicate SID; (bso#14575); * smbd: Correctly initialize close timestamp fields; (bso#14714); * Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740); * ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475); * gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750); * smbXsrv_{open,session,tcon}: Protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records; (bso#14752); * samba-tool domain backup offline doesn't work against bind DLZ backend; (bso#14027); * netcmd: Use next_free_rid() function to calculate a SID for restoring a backup; (bso#14669); - Update to 4.13.9 * s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success; (bso#14696); * Add documentation for dsdb_group_audit and dsdb_group_json_audit to "log level", synchronise "log level" in smb.conf with the code; (bso#14689); * Fix smbd panic when two clients open same file; (bso#14672); * Fix memory leak in the RPC server; (bso#14675); * s3: smbd: Fix deferred renames; (bso#14679); * s3-iremotewinspool: Set the per-request memory context; (bso#14675); * rpc_server3: Fix a memleak for internal pipes; (bso#14675); * third_party: Update socket_wrapper to version 1.3.2; (bso#11899); * third_party: Update socket_wrapper to version 1.3.3; (bso#14639); * idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid conflict; (bso#14663); * Fix the build on OmniOS; (bso#14288); - Update to 4.13.8 * CVE-2021-20254: Fix buffer overrun in sids_to_unixids(); (bso#14571 - Update to 4.13.7 * Release with dependency on ldb version 2.2.1. ++++ selinux-policy: - Allow systemd-sysctl to read kernel specific sysctl.conf (fix_kernel_sysctl.patch, boo#1184804) ------------------------------------------------------------------ ------------------ 2021-8-16 - Aug 16 2021 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - harden_auditd.service.patch: automatic hardening applied to systemd services ++++ dracut: - Update to version 055+suse.117.ge5fc2048: * fix(suse-initrd): need to handle relative links too ++++ kernel-default: - x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489). - commit 603fc19 - kernel-binary.spec: Require dwarves for kernel-binary-devel when BTF is enabled (jsc#SLE-17288). About the pahole version: v1.18 should be bare mnimum, v1.22 should be fully functional, for now we ship git snapshot with fixes on top of v1.21. - commit 8ba3382 - x86/fpu: Reset state for all signal restore failures (bsc#1152489). - commit f42aa15 - blacklist.conf: blacklist davicom legacy ethernet driver - commit 78e9c10 - usb: dwc3: gadget: Check MPS of the request length (git-fixes). - commit 0d1e1fe - Drop watchdog iTCO_wdt patch that causes incompatible behavior (bsc#1189449) Also blacklisted - commit e5dd4ab - Update config files. - commit 565c68c - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817). - commit 7e146ac - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817). - commit 0297522 - Bluetooth: switch to lock_sock in SCO (CVE-2021-3640 bsc#1188172). - Bluetooth: avoid circular locks in sco_sock_connect (CVE-2021-3640 bsc#1188172). - commit f2d375d - Update patch reference for a BT fix (CVE-2021-3640 bsc#1188172) - commit 98aa089 - powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes). - commit fbccd6a - pinctrl: tigerlake: Fix GPIO mapping for newer version of software (git-fixes). - commit 3483c38 - usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (git-fixes). - commit 5733c23 - usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes). - usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes). - commit 124c915 - PCI/MSI: Do not set invalid bits in MSI mask (git-fixes). - PCI/MSI: Enable and mask MSI-X early (git-fixes). - ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). - iio: adc: Fix incorrect exit of for-loop (git-fixes). - iio: humidity: hdc100x: Add margin to the conversion time (git-fixes). - iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels (git-fixes). - USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes). - usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes). - usb: dwc3: Stop active transfers before halting the controller (git-fixes). - commit 627b67a ++++ kernel-firmware: - Update to version 20210812 (git commit 24c4a85d8514): * amdgpu: revert back to older raven2 sdma firmware * amdgpu: revert back to older raven sdma firmware * amdgpu: revert back to older picasso sdma firmware * amdgpu: add initial vangogh support * amdgpu: update vega20 firmware from 21.30 * amdgpu: update vega12 firmware from 21.30 * amdgpu: update vega10 firmware from 21.30 * amdgpu: update renoir firmware from 21.30 * amdgpu: update raven2 firmware from 21.30 * amdgpu: update raven firmware from 21.30 * amdgpu: update polaris12 firmware from 21.30 * amdgpu: update picasso firmware from 21.30 * amdgpu: update dimgrey cavefish firmware from 21.30 * amdgpu: update navy flounder firmware from 21.30 * amdgpu: update sienna cichlid firmware from 21.30 * amdgpu: update navi14 firmware from 21.30 * amdgpu: update navi12 firmware from 21.30 * amdgpu: update navi10 firmware from 21.30 * amdgpu: update green sardine firmware from 21.30 * amdgpu: update arcturus firmware from 21.30 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: update frimware for mediatek bluetooth chip (MT7921) * linux-firmware: add firmware for MT7922 * QCA : Updated firmware files for WCN3991 * i915: Add v2.03 DMC for RKL * i915: Add v2.12 DMC for TGL * qca: Add firmware files for BT chip WCN6750. ++++ patterns-microos: - remove the microos-k3s pattern ++++ python-semanage: - Call "make -j8 pywrap" instead of "make -j8 all pywrap" to fix random build failures. The toplevel Makefile does not support concurrency, and it resulted in parallel "make all" and "make pywrap" which weren't aware of each other and stepped over the other's artifacts. ++++ rust-keylime: - Update to version 0.1.0+git.1629114992.890e8c9: * Add "v1.0" prefix to agent APIs - Update generate-cargo-lock-file.patch ++++ supportutils: - Changes to version 3.1.18 + Added email.txt based on OPTION_EMAIL #108 (bsc#1189028) + Include 'multipath -t' output in mpio.txt #105 + Improved lsblk readability with --ascsi #106 + Removed duplicate commands in network.txt + Remove duplicate firewalld status output #109 ++++ yast2-trans: - Update to version 84.87.20210813.9ff5558c9c: * Translated using Weblate (Japanese) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Czech) * Translated using Weblate (Catalan) * New POT for text domain 'users'. ------------------------------------------------------------------ ------------------ 2021-8-15 - Aug 15 2021 ------------------- ------------------------------------------------------------------ ++++ libepoxy: - Update to version 1.5.9: + Allow libopengl.so to be used when GLX_LIB is missing. ++++ libgudev: - Update to version 237: + Fix reading double precision floats from sysfs attributes in locales that use comma as a separator + Fix compilation warning + Fix headers to help with build reproducibility + Clarify licensing information - Changes from version 236: + Fix meson project name to match autotools. - Changes from version 235: + Port build system to meson and remove autotools + Fix conversion of sysfs attributes to boolean. - Add meson BuildRequires and macros following upstreams port. - Enable pkgconfig(umockdev-1.0) BuildRequires and test macro. - Update Licence tag to LGPL-2.1-or-later. ------------------------------------------------------------------ ------------------ 2021-8-14 - Aug 14 2021 ------------------- ------------------------------------------------------------------ ++++ ModemManager: - Switch bash completion subpackage to noarch. ------------------------------------------------------------------ ------------------ 2021-8-13 - Aug 13 2021 ------------------- ------------------------------------------------------------------ ++++ cockpit-machines: - new version 249.1 https://github.com/cockpit-project/cockpit-machines/releases/tag/249 ++++ cockpit-podman: - new version 33 https://github.com/cockpit-project/cockpit-podman/releases/tag/33 - fix_dependencies.patch no longer needed ++++ kernel-default: - config: refresh - commit a299bb8 - bpf: Fix integer overflow involving bucket_size (bsc#1189233, CVE#CVE-2021-38166). - commit f4fe434 - Update patches.suse/s390-dasd-add-missing-discipline-function (bsc#1188130 ltc#193581). - commit 0a58311 - ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1189427). - ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468). - commit 93c7440 - blacklist.conf: Add 'fix poly1305_core_setkey() declaration' Commit 8d195e7a8ada ("crypto: poly1305 - fix poly1305_core_setkey() declaration") is a cleanup which breaks kABI. - commit 37e4183 - scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970). - Update config files. - commit 1317caa - crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit (git-fixes). - wireguard: allowedips: free empty intermediate nodes when removing single node (git-fixes). - wireguard: allowedips: allocate nodes in kmem_cache (git-fixes). - wireguard: allowedips: remove nodes in O(1) (git-fixes). - commit 6aa0bda - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes). - USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes). - USB: serial: ch341: fix character loss at high transfer rates (git-fixes). - usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes). - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes). - usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes). - commit f089244 - drm/meson: fix colour distortion from HDR set during vendor u-boot (git-fixes). - drm/i915: Only access SFC_DONE when media domain is not fused off (git-fixes). - ASoC: SOF: Intel: hda-ipc: fix reply size checking (git-fixes). - drm/amdgpu/display: fix DMUB firmware version info (git-fixes). - drm/amdgpu/display: only enable aux backlight control for OLED panels (git-fixes). - commit 8d4d06f - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 650 G8 Notebook PC (git-fixes). - commit 71d7dbd - ALSA: pcm: Fix mmap breakage without explicit buffer setup (git-fixes). - ASoC: amd: Fix reference to PCM buffer address (git-fixes). - ASoC: uniphier: Fix reference to PCM buffer address (git-fixes). - commit 8f53414 - ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes). - ASoC: xilinx: Fix reference to PCM buffer address (git-fixes). - ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes). - ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes). - spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes). - virt_wifi: fix error on connect (git-fixes). - commit 690710b - staging: rtl8712: get rid of flush_scheduled_work (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation (git-fixes). - spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes). - pcmcia: i82092: fix a null pointer dereference bug (git-fixes). - libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes). - spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes). - commit 24af025 - ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes). - ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes). - ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes). - ASoC: cs42l42: Don't allow SND_SOC_DAIFMT_LEFT_J (git-fixes). - ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes). - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback (git-fixes). - Revert "ACPICA: Fix memory leak caused by _CID repair function" (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - ALSA: usb-audio: fix incorrect clock source setting (git-fixes). - commit 20c4d69 ++++ multipath-tools: - Spec file: remove compatibility code for SLE <= SLE15-SP2 ++++ podman: - Switch to crun (bsc#1188914) ++++ suse-module-tools: - Update to version 15.4.2 - Move config files to /lib/modprobe.d and /lib/depmod.d (jsc#SLE-20639) * "modprobe $FS" for a blacklisted file system now offers to unblacklist the module permanently * disabled automatic un-blacklisting of filesystem modules loaded at installation time - Replace mkinitrd with dracut everywhere (jsc#SLE-20348) - Add faster substitute for lsinitrd to speed up weak-modules2 (jsc#SLE-9078) - Enable f2fs - Add a "Supplements" dependency on dkms to the "legacy" submodule (dkms needs "weak-modules") - modprobe.d cleanups and fixes: * Unify ppc64 and ppc64le * Delete files for obsolete architectures * Remove obsolete SUSE_INITRD statements (bsc#1161343) * Remove dma=none setting for parport_pc (bsc#1177695) - Add README.md ------------------------------------------------------------------ ------------------ 2021-8-12 - Aug 12 2021 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.115.gf65e559b: * fix(suse-initrd): find links of usrmerged kernels (boo#1184804) * fix(tpm2-tss): typo in depends() * fix(suse-initrd): inform on usage of obsolete -f parameter (bsc#1187470) - use manual mode in _service file ++++ ignition: - is-live-image doesn't exist on *SUSE, and our live images don't use Ignition, so just add the Ignition device dependency to the service file directly. ++++ kernel-default: - KVM: nVMX: Handle split-lock #AC exceptions that happen in L2 (bsc#1187959). - KVM: VMX: Extend VMXs #AC interceptor to handle split lock [#]AC in guest (bsc#1187959). - KVM: x86: Emulate split-lock access as a write in emulator (bsc#1187959). - commit 93dd7c1 - x86/split_lock: Provide handle_guest_split_lock() (bsc#1187959). - Refresh patches.suse/x86-resctrl-query-llc-monitoring-properties-once-during-boot.patch. patches.suse/x86-split_lock-don-t-write-msr_test_ctrl-on-cpus-that-aren-t-whitelisted.patch. - commit b9759ab - scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189392). - scsi: qla2xxx: Fix use after free in debug code (bsc#1189392). - scsi: qla2xxx: Fix spelling mistakes "allloc" -> "alloc" (bsc#1189392). - scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392). - scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392). - scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392). - scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392). - scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392). - scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add key update (bsc#1189392). - scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189392). - scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189392). - scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392). - scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392). - scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392). - scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392). - scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392). - scsi: qla2xxx: Add heartbeat check (bsc#1189392). - scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392). - scsi: qla2xxx: Remove duplicate declarations (bsc#1189392). - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392). - scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392). - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392). - commit 4f97d8a - Update patch reference for a netfilter fix (CVE-2021-38209 bsc#1189393) - commit 26cdeeb - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385). - scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385). - scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385). - scsi: lpfc: Add 256 Gb link speed support (bsc#1189385). - scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385). - scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385). - scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385). - scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385). - scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385). - scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385). - scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385). - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385). - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385). - scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385). - scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385). - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385). - scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385). - scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385). - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385). - scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385). - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385). - scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385). - scsi: lpfc: Fix function description comments for vmid routines (bsc#1189385). - scsi: lpfc: Improve firmware download logging (bsc#1189385). - scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385). - scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385). - scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385). - scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385). - scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#1189385 jsc#SLE-18970). - scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970). - Update config files Add kABI fixup patch - patches.kabi/blk-cgroup-kABI-fixes-for-new-fc_app_id-definition.patch - scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385). - commit e47f569 - nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384). - commit da8a2b6 ++++ multipath-tools: - Update to version 0.8.6+32+suse.f11c192: * libmultipath:fix compilation with glibc 2.34 (bsc#1189099) * libmultipath: avoid buffer size warning with systemd 240+ (bsc#1189176) * libmultipath: use uint64_t for sg_id.lun (bsc#1187534) - Upstream bug fixes: * multipath-tools: make HUAWEI/XSG1 config work with alua and multibus * multipath-tools: add info about HPE Alletra 6000 and 9000 * multipathd: cli_getprkey(): fix return value and "aptpl" support * multipathd: don't rescan_path on wwid change in uev_update_path * kpartx: Don't leak memory when getblock returns NULL * multipath: free vectors in configure * multipathd: fix ev_remove_path return code handling * multipathd: remove duplicate orphan_paths in flush_map * multipathd: don't fail to remove path once the map is removed * multipathd: fix compilation issue with liburcu < 0.8 ++++ c-ares: - update to 1.17.2: Security: * When building c-ares with CMake, the RANDOM_FILE would not be set and therefore downgrade to the less secure random number generator * If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause a crash * Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response * Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing follow-up (bsc#1188881, CVE-2021-3672) * Perform validation on hostnames to prevent possible XSS due to applications not performing valiation themselves Changes: * ares_malloc(0) is now defined behavior (returns NULL) rather than system-specific to catch edge cases Bug fixes: * Building tests should not force building of static libraries except on Windows * Relative headers must use double quotes to prevent pulling in a system library for details see, https://c-ares.haxx.se/changelog.html#1_17_2 ++++ pango: - Update to version 1.48.8: + Rename git `master` branch to `main` + Fix threadsafety issues with Thai + Fix a rounding problem on i386 + Fix font choice for ellipsis + Fix a crash if no fonts are found. - Drop 3ff6365.patch: Upstream have made various changes to the offending commit. ++++ sssd: - Update to version 2.5.2; (jsc#SLE-17763); * originalADgidNumber attribute in the SSSD cache is now indexed. * Add new config option fallback_to_nss. - Changes from version 2.5.1 * auto_private_groups option can be set centrally through ID range setting in IPA (see ipa idrange commands family). This feature requires SSSD update on both client and server. This feature also requires freeipa 4.9.4 and newer. * Fix getsidbyname issues with IPA users with a user-private-group. * Default value of ldap_sudo_random_offset changed to 0 (disabled). This makes sure that sudo rules are available as soon as possible after SSSD start in default configuration. - Changes from version 2.5.0 * Added support for automatic renewal of renewable TGTs that are stored in KCM ccache. This can be enabled by setting tgt_renewal = true. See the sssd-kcm man page for more details. This feature requires MIT Kerberos krb5-1.19-0.beta2.3 or higher. * Backround sudo periodic tasks (smart and full refresh) periods are now extended by a random offset to spread the load on the server in environments with many clients. * Completing a sudo full refresh now postpones the smart refresh by ldap_sudo_smart_refresh_interval value. This ensure that the smart refresh is not run too soon after a successful full refresh. * If debug_backtrace_enabled is set to true then on any error all prior debug messages (to some limit) are printed even if debug_level is set to low value. * Besides trusted domains known by the forest root, trusted domains known by the local domain are used as well. * New configuration option offline_timeout_random_offset to control random factor in backend probing interval when SSSD is in offline mode. * ad_gpo_implicit_deny is now respected even if there are no applicable GPOs present. * During the IPA subdomains request a failure in reading a single specific configuration option is not considered fatal and the request will continue. * Unknown IPA id-range types are not considered as an error - Changes from version 2.4.2 * Default value of "user" config option was fixed into accordance with man page, i.e. default is "root". * pam_sss_gss now support authentication indicators to further harden the authentication. - Changes from version 2.4.1 * New PAM module pam_sss_gss for authentication using GSSAPI. * case_sensitive=Preserving can now be set for trusted domains with AD and IPA providers. * krb5_use_subdomain_realm=True can now be used when sub-domain user principal names have upnSuffixes which are not known in the parent domain. SSSD will try to send the Kerberos request directly to a KDC of the sub-domain. * SYSLOG_IDENTIFIER was renamed to SSSD_PRG_NAME in journald output, to avoid issues with PID parsing in rsyslog (BSD-style forwarder) output. * Added pam_gssapi_check_upn to enforce authentication only with principal that can be associated with target user. * Added pam_gssapi_services to list PAM services that can authenticate using GSSAPI. - Changes from version 2.4.0 * Session recording can now exclude specific users or groups when scope is set to all (see exclude_users and exclude_groups options). * Active Directory provider now sends CLDAP pings over UDP protocol to Domain Controllers in parallel to determine site and forest to speed up server discovery. - Changes from version 2.3.1 * Domains can be now explicitly enabled or disabled using enable option in domain section. This can be especially used in configuration snippets. * New configuration options memcache_size_passwd, memcache_size_group, memcache_size_initgroups that can be used to control memory cache size. * Fixed several regressions in GPO processing introduced in sssd-2.3.0 * Fixed regression in PAM responder: failures in cache only lookups are no longer considered fatal. * Fixed regression in proxy provider: pwfield=x is now default value only for sssd-shadowutils target. - Changes from version 2.3.0 * SSSD can now handle hosts and networks nsswitch databases (see resolve_provider option). * By default, authentication request only refresh user's initgroups if it is expired or there is not active user's session (see pam_initgroups_scheme option). * OpenSSL is used as default crypto provider, NSS is deprecated. * The AD provider now defaults to GSS-SPNEGO SASL mechanism (see ldap_sasl_mech option). * The AD provider can now be configured to use only ldaps port (see ad_use_ldaps option). * SSSD now accepts host entries from GPO's security filter. * New debug level (0x10000) added for low level LDB messages only (see sssd.conf man page). - Changes from version 2.2.3 * allow_missing_name now treats empty strings the same as missing names. * "soft_ocsp" and "soft_crl" options have been added to make the checks for revoked certificates more flexible if the system is offline. * Smart card authentication in polkit is now allowed by default. * Handling of FreeIPA users and groups containing ‘@’ sign now works. * Issue when autofs was unable to mount shares was fixed. * SSSD was unable to hande ldap_uri containing URIs with different port numbers, which has been rectified. - Changes from version 2.2.2 * Removing domain from ad_enabled_domain was not reflected in SSSD’s cache. This has been fixed. * Because of a race condition SSSD could crash during shutdown. The race condition was fixed. * Fixed a bug that limited number of external groups fetched by SSSD to 2000. * pam_sss now properly creates gnome keyring during login. * SSSD with KCM could wrongly pick older ccache instead of the latest one after login. This was fixed. - Changes from version 2.2.1 * New options were added which allow sssd-kcm to handle bigger data. * SSSD can now automatically refresh cached user data from subdomains in IPA/AD trust. * Fixed issue with SSSD hanging when connecting to non-responsive server with ldaps://. * SSSD is now restarted by systemd after crashes. * Fixed refression when dyndns_update was set to True and dyndns_refresh_interval was not set or set to 0 then DNS records were not updated at all. * Fixed issue when default_domain_suffix was used with files provider and caused all results from files domain to be fully qualified. * Fixed issue with sudo rules not being visible on OpenLDAP servers * Fixed crash with auth_provider = proxy that prevented logins - Changes from version 2.2.0 * The Kerberos provider can now include more KDC addresses or host names when writing data for the Kerberos locator plugin. * The 2FA prompting can now be configured. * The LDAP authentication provider now allows to use a different method of changing LDAP passwords using a modify operation in addition to the default extended operation. * The "auto_private_groups" configuration option now takes a new value hybrid. * A new option "ad_gpo_ignore_unreadable" was added. * The "cached_auth_timeout" parameter is now inherited by trusted domains. * The "ldap_sasl_mech" option now accepts another mechanism "GSS-SPNEGO" in addition to "GSSAPI". * The sssctl tool has two new commands, "cert-show" and "cert-map". - Changes from version 2.1.0 * Any provider can now match and map certificates to user identities. * pam_sss can now be configured to only perform Smart Card authentication or return an error if this is not possible. * pam_sss can also prompt the user to insert a Smart Card if, during an authentication it is not available. * It is now possible to refresh the KCM configuration without restarting the whole SSSD deamon * A new configuration option ad_gpo_implicit_deny was added. This option (when set to True) can be used to deny access to users even if there is not applicable GPO. * The dynamic DNS update can now batch DNS updates to include all address family updates in a single transaction. - Changes from version 2.0.0 * The Python API for managing users and groups in local domains (id_provider=local) was removed completely. The local provider (id_provider=local) and the command line tools to manage users and groups in the local domains, such as sss_useradd is not built anymore. * The LDAP provider had a special-case branch for evaluating group memberships with the RFC2307bis schema when group nesting was explicitly disabled. This codepath is removed. * The ldap_groups_use_matching_rule_in_chain and ldap_initgroups_use_matching_rule_in_chain options and the code that evaluated them was removed. * The "ldap_sudo_include_regexp" option changed its default value from true to false. Wildcards in the sudoHost LDAP attribute are no longer evaluated. This was costly to evaluate on the LDAP server side and at the same time rarely used. * The KCM responder has a new back end to store credential caches in a local database * The list of PAM services which are allowed to authenticate using a Smart Card is now configurable using a new option pam_p11_allowed_services. - Make cifs-idmap plugin (idmapwb.so) use update-alternatives mechanism to be able to switch between cifs-utils and sssd; (bsc#1182682). - Build sssd's KCM - Drop obsolete patches: + 0001-SUDO-Create-the-socket-with-stricter-permissions.patch + 0002-intg-Do-not-hardcode-nsslibdir.patch + 0003-MONITOR-Do-not-use-two-configuration-databases.patch + 0004-Strip-whitespaces-in-netgroup-triple.patch + 0005-nss-sssd-returns-for-emtpy-home-directories.patch + 0006-Rotate-child-log-files.patch + 0007-nss-add-a-netgroup-counter-to-struct-nss_enum_index.patch + 0008-nss-initialize-nss_enum_index-in-nss_setnetgrent.patch + 0009-NSS-nss_clear_netgroup_hash_table-do-not-free-data.patch + 0010-SUDO-Allow-defaults-sudoRole-without-sudoUser-attrib.patch + 0011-GPO-Add-option-ad_gpo_ignore_unreadable.patch + 0012-nss-use-enumeration-context-as-talloc-parent-for-cac.patch + 0013-Revert-LDAP-IPA-add-local-email-address-to-aliases.patch + 0014-util-Remove-the-unused-function-is_email_from_domain.patch + 0015-MONITOR-Propagate-error-when-resolv.conf-does-not-ex.patch + 0016-MONITOR-Add-a-new-option-to-control-resolv.conf-moni.patch + 0017-MONITOR-Resolve-symlinks-setting-the-inotify-watcher.patch + 0018-SYSDB-Delete-linked-local-user-overrides-when-deleti.patch + 0019-winbind-idmap-plugin-support-inferface-version-6.patch + 0020-winbind-idmap-plugin-fix-detection.patch + 0021-nss-imap-add-sss_nss_getsidbyuid-and-sss_nss_getsidb.patch + 0022-cifs-idmap-plugin-use-new-sss_nss_idmap-calls.patch + 0023-winbind-idmap-plugin-use-new-sss_nss_idmap-calls.patch + 0024-libwbclient-sssd-use-new-sss_nss_idmap-calls.patch + 0025-pysss_nss_idmap-add-python-bindings-for-new-sss_nss_.patch + 0026-winbind-idmap-plugin-update-struct-idmap_domain-to-l.patch + 0027-utils-make-N_ELEMENTS-public.patch + 0028-ad-replace-ARRAY_SIZE-with-N_ELEMENTS.patch + sssd-gpo_host_security_filter-1.16.1.patch + 0001-Resolve-computer-lookup-failure-when-sam-cn.patch + 0031-ad-Add-support-for-passing-add-samba-data-to-adcli.patch + 0032-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch + 0033-Fix-build-failure-against-samba-4.12.0rc1.patch + 0034-Use-ndr_pull_steal_switch_value-for-modern-samba-ver.patch + 0035-ad_gpo_ndr.c-refresh-ndr_-methods-from-samba-4.12.patch + 0036-ad_gpo_ndr.c-more-ndr-updates.patch + 0037-UTIL-Fix-compilation-with-curl-7.62.0.patch + 0038-CACHE-Create-timestamp-if-missing.patch + 0039-sss_cache-Do-not-fail-for-missing-domains.patch ++++ python-pycairo: - Add Obsoletes/Provides for python3-cairo-devel. ------------------------------------------------------------------ ------------------ 2021-8-11 - Aug 11 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add profiles-python-3.10-mr783.diff: update abstractions/python and profiles for python 3.10 ++++ irqbalance: - Update to version 1.8.0.14.ga7f8148: * irqbalance: Check validity of numa_node * configure.ac: use pkg-config to find numa * Disable the communication socket when UI is disabled - Use %{?systemd_ordering} instead of %{?systemd_requires} ++++ kernel-default: - README: Modernize build instructions. - commit 8cc5c28 - ovl: allow upperdir inside lowerdir (bsc#1189323). - ovl: fix missing revert_creds() on error path (bsc#1189323). - ovl: skip getxattr of security labels (bsc#1189323). - ovl: perform vfs_getxattr() with mounter creds (bsc#1189323). - ovl: expand warning in ovl_d_real() (bsc#1189323). - commit d2a0c13 - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - commit 7f9ade7 - platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables (git-fixes). - commit e6925d8 ++++ libapparmor: - add profiles-python-3.10-mr783.diff: update abstractions/python and profiles for python 3.10 ++++ p11-kit: - Update to version 0.23.22 (bsc#1180064, bsc#1180065, bsc#1180066): * Fix memory-safety issues that affect the RPC protocol (CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363), discovered and fixed by David Cook * anchor: Prefer persistent format when storing anchor [PR#329] * common: Fix infloop in p11_path_build [PR#326, PR#327] * proxy: C_CloseAllSessions: Make sure that calloc args are non-zero [PR#325] * common: Check for a NULL locale before freeing it [PR#321] * Build and test fixes [PR#313, PR#315, PR#317, PR#318, PR#319, PR#323, PR#330, PR#333, PR#334, PR#335, PR#338, PR#339] - Changes for version 0.23.21 * proxy: Do not assign duplicate slot IDs [PR#282] * common: Get program name based on executable path if possible [PR#307] * anchor: Exit with non-zero code, if any error occurs [PR#304] * Build and test fixes [PR#283, PR#290, PR#291, PR#292, PR#296, PR#299, PR#305, PR#306, PR#309, PR#311] - Changes for version 0.23.20: * Revert "Fix RPC when length-s are 0" changes [PR#276] - Changes for version 0.23.19: * common: add Russian PKCS#11 extensions to pkcs11x.h header [PR#255] * Add simple bash completion for provided commands [PR#258] * Unbreak list matching in enable-in and disable-in [PR#262] * Fix RPC when length-s are 0 [PR#259] * rpc: Add vsock transport support [PR#270] * trust: Support CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER [PR#265] * Build fixes [PR#271, PR#272, PR#273, ...] - Changes for version 0.23.18: * rpc: Allow empty CK_DATE value [PR#253] * build: Meson fixes [PR#245] * build: Adjust feature parity between meson and autotools [PR#247] - Changes for version 0.23.17: * common: Fix uClibc-ng compilation [PR#237] * trust: do not allow daylight to invalidate date validation [PR#236] * build: Port to meson build system [PR#231, PR#234] * rpc: On UNIX wait on condition variable instead of FD if header is for a different thread [PR#232] * doc: Add 'server' command in help [PR#229] * Build and test fixes [PR#230] - Changes for version 0.23.16: * proxy: Support C_WaitForSlotEvent() if CKF_DONT_BLOCK is specified [PR#225] * conf: Ignore user configuration if the program is running as root [PR#226] * proxy: Refresh slot list on every C_GetSlotList call [PR#224] * modules: Fix index used in call to p11_dict_remove() [PR#219] * Fix Win32 p11_dl_error crash [PR#218] * modules: check gl.modules before iterates on it when freeing [PR#217] * trust: Ignore unreadable content in anchors [PR#215] * extract-jks: Prefer _p11_extract_jks_timestamp to SOURCE_DATE_EPOCH [PR#213] - Changes for version 0.23.15: * trust: Improve error handling if backed trust file is corrupted [PR#206] * url: Prefer upper-case letters in hex characters when encoding [PR#193] * trust/extract-jks.c: also honor SOURCE_DATE_EPOCH time [PR#202] * virtual: Prefer fixed closures to libffi closures [PR#196] * Fix issues spotted by coverity and cppcheck [PR#194, PR#204] * Build and test fixes [PR#164, PR#191, PR#199, PR#201] - Changes for version 0.23.14: * proxy: Avoid invalid memory access when unloading proxy module [PR#180] * Update pkcs11 header to allow SoftHSMv2 to compile [PR#181] * build: Restore libpthread dependency [PR#183] * Build fixes [PR#188] - Changes for version 0.23.13: * server: Enable socket activation through systemd [PR#173] * rpc-server: p11_kit_remote_serve_tokens: Allow exporting all modules [PR#174] * proxy: Fail early if there is no slot mapping [PR#175] * Remove hard dependency on libpthread [PR#177] * Build fixes [PR#170, PR#176] - Changes for version 0.23.12 * Fix compile error when PKCS#11 GNU calling convention is enabled [PR#160] * Fix getauxval() and secure_getenv() emulation on macOS and FreeBSD [PR#167] * Build and test fixes on macOS [PR#162, PR#168] - Changes for version 0.23.11 * trust: Add extractor for edk2/cacerts.bin [PR#139] * modules: Add option to control module visibility from proxy [PR#140] * trust: Prevent trust module being loaded by proxy module [PR#142] * library: Use dedicated locale object for printing error [PR#148] * Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctly [PR#134] * Improve const correctness for P11KitUri [PR#152] * PKCS#11 URI scheme comparison is now case insensitive [PR#156] * Build and test fixes [PR#151, PR#149, PR#141, PR#138, PR#135] - Changes for version 0.23.10 * filter: Respect "write-protected" vendor-specific attribute in PKCS#11 URI [PR#129] * server: Improve shell integration and documentation [PR#107, PR#108] * proxy: Reuse existing slot ID mapping in after fork() [PR#120] * trust: Forcibly mark "Default Trust" read-only [PR#123] * New function p11_kit_override_system_files() which can be used for testing [PR#110] * trust: Filter out duplicate extensions [PR#69] * Update translations [PR#128] * Bug fixes [PR#125, PR#126] - Changes for version 0.23.9 * Fix p11-kit server regressions [PR#103, PR#104] * trust: Respect anyExtendedKeyUsage in CA certificates [PR#99] * Build fixes related to reallocarray [PR#96, PR#98, PR#100] - Changes for version 0.23.8 * Improve vendor query attributes handling in PKCS#11 URI [PR#92] * Add OTP and GOST mechanisms to pkcs11.h [PR#90, PR#91] * New envvar P11_KIT_NO_USER_CONFIG to stop looking at user configurations [PR#87] * Build fixes for Solaris and 32-bit big-endian platforms [PR#81, PR#86] - Changes for version 0.23.7 * Fix memory issues with "p11-kit server" [PR#78] * Build fixes [PR#77 ...] - Changes for version 0.23.6 * Port "p11-kit server" to Windows and portability fixes of the RPC protocol [PR#67, PR#72, PR#74] * Recover the old behavior of "trust anchor --remove" [PR#70, PR#71] * Build fixes [PR#63 ...] - Changes for version 0.23.5 * Fix license notice of common/unix-peer.c [PR#58] * Remove systemd unit files for now [PR#60] * Build fixes for FreeBSD [PR#56] - Changes for version 0.23.4 * Recognize query attributes defined in PKCS#11 URI (RFC7512) [PR#31, PR#37, PR#52] * The trust policy module now recognizes CKA_NSS_MOZILLA_CA_POLICY attribute, used by Firefox [#99453, PR#46] * Add 'trust dump' command to dump all PKCS#11 objects in the persistence format [PR#44] * New experimental 'p11-kit server' command that allows PKCS#11 forwarding through a Unix domain socket. A client-side module p11-kit-client.so is also provided [PR#15] * Add systemd unit files for exporting the proxy module through a Unix domain socket [PR#35] * New P11KitIter API to iterate over slots, tokens, and modules in addition to objects [PR#28] * libffi dependency is now optional [PR#9] * Build fixes for FreeBSD, macOS, and Windows [PR#32, PR#39, PR#45] - Changes for version 0.23.3 * Install private executables in libexecdir [fdo#98817] * Fix link error of proxy module on macOS [fdo#98022] * Use new PKCS#11 URI specification for URIs [fdo#97245] * Support x-init-reserved argument of C_Initialize() in remote modules [fdo#80519] * Incorporate changes from PKCS#11 2.40 specification * Bump libtool library version * Documentation fixes * Build fixes [fdo#87192 ...] - Move RPM macros to %_rpmmacrodir. - New server subpackage - Change keyring to new maintainer Daiki Ueno - Avoid bareword to fix build failure - Remove obsolete patches: * p11-kit-biarch.patch * 0001-Support-loading-new-NSS-attribute-CKA_NSS_MOZILLA_CA.patch * 0001-Fix-a-typo-in-x-cetrificate-value-see-also-https-bug.patch ++++ libvirt: - supportconfig: When checking for installed hypervisor drivers, use the libvirtr-daemon-driver- package instead of libvirt-daemon-. The latter are not required packages for a functioning hypervisor driver. ------------------------------------------------------------------ ------------------ 2021-8-10 - Aug 10 2021 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - Update to 5.13.1 * build: fix build on musl libc due to missing definition of NAME_MAX * check: * batch more work into one transaction when clearing v1 free space inodes * detect directoris with wrong number of links * libbtrfsutil: fix race between subvolume iterator and deletion * mkfs: be more specific about supported profiles for zoned device * other: * documentation updates ++++ kernel-default: - fix patches metadata - fix Patch-mainline: - patches.suse/NFSv4-Initialise-connection-to-the-server-in-nfs4_al.patch - patches.suse/NFSv4-pNFS-Don-t-call-_nfs4_pnfs_v3_ds_connect-multi.patch - patches.suse/SUNRPC-Fix-the-batch-tasks-count-wraparound.patch - patches.suse/SUNRPC-Should-wake-up-the-privileged-task-firstly.patch - patches.suse/nfs-fix-acl-memory-leak-of-posix_acl_create.patch - commit bd541fa - net: ll_temac: Fix TX BD buffer overwrite (CVE-2021-38207 bsc#1189298). - commit 64dedf9 - mac80211: Fix NULL ptr deref for injected rate info (CVE-2021-38206 bsc#1189296). - commit a4dbb10 - scsi: zfcp: Report port fc_security as unknown early during remote cable pull (git-fixes). - commit 071c9e5 - net: xilinx_emaclite: Do not print real IOMEM pointer (CVE-2021-38205 bsc#1189292). - commit 1e538f8 - Update patch reference for a USB max3421 HCD fix (CVE-2021-38204 bsc#1189291) - commit 68d7672 - scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST state (bsc#1184180). - commit 435d2bf - usb: dwc3: gadget: Don't setup more than requested (git-fixes). - commit d278880 - usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes). - commit bc358f9 - ocfs2: initialize ip_next_orphan (bsc#1186731). - commit fd80e8c - NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes). - SUNRPC: Should wake up the privileged task firstly (git-fixes). - SUNRPC: Fix the batch tasks count wraparound (git-fixes). - nfs: fix acl memory leak of posix_acl_create() (git-fixes). - commit 1bdda2d - NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364). - Delete patches.suse/0001-NFSv4-don-t-let-hanging-mounts-block-other-mounts.patch. Upstream now has a fix for this bug, so use their version instead of ours. - commit 350271e ++++ python3-core: - Update to 3.6.14: * Security - bpo-44022 (bsc#1189241, CVE-2021-3737): mod:http.client now avoids infinitely reading potential HTTP headers after a 100 Continue status response from the server. - bpo-43882: The presence of newline or tab characters in parts of a URL could allow some forms of attacks. Following the controlling specification for URLs defined by WHATWG urllib.parse() now removes ASCII newlines and tabs from URLs, preventing such attacks. - bpo-42988 (CVE-2021-3426, bsc#1183374): Remove the getfile feature of the pydoc module which could be abused to read arbitrary files on the disk (directory traversal vulnerability). Moreover, even source code of Python modules can contain sensitive data like passwords. Vulnerability reported by David Schwörer. - bpo-43285: ftplib no longer trusts the IP address value returned from the server in response to the PASV command by default. This prevents a malicious FTP server from using the response to probe IPv4 address and port combinations on the client network. Code that requires the former vulnerable behavior may set a trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to True to re-enable it. - bpo-43075 (CVE-2021-3733, bsc#1189287): Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server. - Upstreamed patches were removed: - CVE-2021-3426-inf-disclosure-pydoc-getfile.patch - CVE-2021-3733-ReDoS-urllib-AbstractBasicAuthHandler.patch - Refreshed patches: - python3-sorted_tar.patch - riscv64-ctypes.patch ++++ python3: - Update to 3.6.14: * Security - bpo-44022 (bsc#1189241, CVE-2021-3737): mod:http.client now avoids infinitely reading potential HTTP headers after a 100 Continue status response from the server. - bpo-43882: The presence of newline or tab characters in parts of a URL could allow some forms of attacks. Following the controlling specification for URLs defined by WHATWG urllib.parse() now removes ASCII newlines and tabs from URLs, preventing such attacks. - bpo-42988 (CVE-2021-3426, bsc#1183374): Remove the getfile feature of the pydoc module which could be abused to read arbitrary files on the disk (directory traversal vulnerability). Moreover, even source code of Python modules can contain sensitive data like passwords. Vulnerability reported by David Schwörer. - bpo-43285: ftplib no longer trusts the IP address value returned from the server in response to the PASV command by default. This prevents a malicious FTP server from using the response to probe IPv4 address and port combinations on the client network. Code that requires the former vulnerable behavior may set a trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to True to re-enable it. - bpo-43075 (CVE-2021-3733, bsc#1189287): Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server. - Upstreamed patches were removed: - CVE-2021-3426-inf-disclosure-pydoc-getfile.patch - CVE-2021-3733-ReDoS-urllib-AbstractBasicAuthHandler.patch - Refreshed patches: - python3-sorted_tar.patch - riscv64-ctypes.patch ++++ python-pyudev: - Add hypothesis_settings.patch to allow longer timeouts in OBS. ++++ qemu: - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527) hw-usb-Do-not-build-USB-subsystem-if-not.patch hw-usb-host-stub-Remove-unused-header.patch usb-hid-avoid-dynamic-stack-allocation.patch usb-limit-combined-packets-to-1-MiB-CVE-.patch usb-mtp-avoid-dynamic-stack-allocation.patch ++++ selinux-policy: - Fix quoting in postInstall macro ------------------------------------------------------------------ ------------------ 2021-8-9 - Aug 9 2021 ------------------- ------------------------------------------------------------------ ++++ container-selinux: - Update to version 2.164.2 * Don't setup users for writing to pid_sockets * Allow container engines to be started from the staff user. * Allow spc_t domains to set bpf rules on any domain * Add support for k3s ++++ cpio: - Fix CVE-2021-38185 Remote code execution caused by an integer overflow in ds_fgetstr (CVE-2021-38185, bsc#1189206) * fix-CVE-2021-38185.patch ++++ ignition: - Update to version 2.12.0: * news: add notes for 2.12.0 * stages/files: add previousReport to result report * tests: fix linter warning * workflows: limit permissions to reading repo contents * workflows: bump linter version * go.mod: revendor * Drop EOL Go versions * internal/distro: drop DiskByIDDir * providers/azure: add support for azure gen2 VMs [bsc#1196679] * stages/mount: correctly relabel the root of a fresh ext4 filesystem * exec: fix permissions for mountpoints in home dirs * tests: drop os.ModeDir requirement in mode of output directories * examples: reboot with --force * exec/util: add blkid API to query block devices based on FSTYPE * stages/files: use IntToPtr() in createCrypttabEntries() * stages/files: write result report to /var/lib/ignition * engine: persist fetched config summaries in State * stages/disks: use State to persist keyfiles for files stage * *: add general mechanism for persisting state between stages * main: drop -clear-cache flag * engine: don't hardcode neednet path * fetch-offline: return ErrNeedNet if we need net * engine: switch Engine.logReport() to pointer receiver * engine: fix incorrect error in log message * dracut: drop ignition-setup-user.service * dracut: drop reference to ignition-setup-base.service * providers/gcp: access GCP metadata service by IP address * Remove ignition-firstboot-complete.service * OWNERS: remove * internal/exec/util: drop device argument from cResultToErr() * docs/config*: document storage.luks.clevis.threshold default * ci: disable spec bump external test workaround * docs: Add Ignition release / Spec version table * templates: update example releng signing ticket * templates: don't update %gotest lines * Provide ignition-firstboot-complete.service (removed by upstream due to correctly being considered distro spcific), based on the old upstream version; removed all non-SUSE specific stuff and integrated our own changes * Removed change-ignition-firstboot-path.conf (changes are integrated into ignition-firstboot-complete.service now). * Provide ignition-setup-user.service (removed by upstream due to correctly being considered distro spcific), based on the old upstream version. * Renamed ignition-setup-user-suse.sh to ignition-setup-user.sh * Adapted ignition-generator-suse and module-setup.sh to use the custom ignition-setup-user.service (no overriding of parts of the service file necessary any more). * Synced ignition-kargs-helper script with upstream example * Raising minimum Go version to 1.15 as required by upstream ++++ kernel-default: - usb: dwc3: gadget: Give back staled requests (git-fixes). - commit c4cb23f - usb: dwc3: support continuous runtime PM with dual role (git-fixes). - commit f340e0b - iommu/vt-d: Global devTLB flush when present context entry changed (bsc#1189220). - iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229). - iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214). - iommu/amd: Fix extended features logging (bsc#1189213). - iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216). - iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210). - crypto: ccp - Annotate SEV Firmware file names (bsc#1189212). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218). - iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1189215). - iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219). - iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#1189221). - iommu/vt-d: Don't set then clear private data in prq_event_thread() (bsc#1189217). - iommu/vt-d: Reject unsupported page request modes (bsc#1189222). - iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209). - commit f116a8f - blacklist.conf: Add two IOMMU fixes b9abb19fa5fd iommu: Check dev->iommu in iommu_dev_xxx functions 474dd1c65064 iommu/vt-d: Fix clearing real DMA device's scalable-mode context entries - commit 2db8dfc - powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes). - commit c109f3e - Fix filesystem requirement and suse-release requires Reduce filesystem conflict to anything less than 16 to allow pulling the change into the next major stable version. Don't require suse-release as that's not technically required. Conflict with a too old one instead. - commit 913f755 - iwlwifi: rs-fw: don't support stbc for HE 160 (git-fixes). - commit 981ddc7 - blacklist.conf: obsoleted by 8d396bb0a5b62b326f6be7594d8bd46b088296bd - commit d9ae913 - USB: usbtmc: Fix RCU stall warning (git-fixes). - commit 8c8f7df - powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702 git-fixes). - commit 8c2e999 - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - commit 1278281 - powerpc/pseries: Fix regression while building external modules (bsc#1160010 ltc#183046 git-fixes). This changes a GPL symbol to general symbol which is kABI change but not kABI break. - commit 5db0ce9 - powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#1189197 ltc#193906). - commit 9021659 - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - serial: 8250_pci: Avoid irq sharing for MSI(-X) interrupts (git-fixes). - serial: 8250_pci: Enumerate Elkhart Lake UARTs via dedicated driver (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: idxd: fix setup sequence for MSIXPERM table (git-fixes). - drm/i915: Correct SFC_DONE register offset (git-fixes). - ASoC: ti: j721e-evm: Check for not initialized parent_clk_id (git-fixes). - ASoC: ti: j721e-evm: Fix unbalanced domain activity tracking during startup (git-fixes). - ASoC: rt5682: Fix the issue of garbled recording after powerd_dbus_suspend (git-fixes). - drm/amd/display: Fix max vstartup calculation for modes with borders (git-fixes). - drm/amd/display: Fix comparison error in dcn21 DML (git-fixes). - commit b4ad8ce - firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes). - serial: tegra: Only print FIFO error message when an error occurs (git-fixes). - serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes). - spi: mediatek: Fix fifo transfer (git-fixes). - ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes). - spi: stm32h7: fix full duplex irq handler handling (git-fixes). - regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes). - commit 8f575e8 ++++ yast2-trans: - Update to version 84.87.20210806.5bda944287: * New POT for text domain 'country'. * New POT for text domain 'country'. * New POT for text domain 'installation'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Czech) * Translated using Weblate (Italian) * Translated using Weblate (Hindi) ------------------------------------------------------------------ ------------------ 2021-8-8 - Aug 8 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - fix patches metadata - fix Patch-mainline: - patches.suse/ALSA-hda-realtek-Fix-headset-mic-for-Acer-SWIFT-SF31.patch - patches.suse/ALSA-hda-realtek-add-mic-quirk-for-Acer-SF314-42.patch - patches.suse/ALSA-seq-Fix-racy-deletion-of-subscriber.patch - patches.suse/ALSA-usb-audio-Add-registration-quirk-for-JBL-Quantu-4b0556b96e1f.patch - patches.suse/ALSA-usb-audio-Fix-superfluous-autosuspend-recovery.patch - commit 486a747 ++++ Mesa: - fixed build on %ix86 by removing "-flto=auto" from optflags for cpp ------------------------------------------------------------------ ------------------ 2021-8-7 - Aug 7 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - update to AppArmor 3.0.3 - fix a failure in the parser tests - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3 for the detailed upstream changelog ++++ kernel-default: - Move upstreamed patch into sorted section - commit a779693 - ALSA: usb-audio: Avoid unnecessary or invalid connector selection at resume (git-fixes). - commit a52bb92 - ALSA: seq: Fix racy deletion of subscriber (git-fixes). - ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes). - ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes). - commit 57d9208 ++++ libapparmor: - update to AppArmor 3.0.3 - fix a failure in the parser tests - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3 for the detailed upstream changelog ++++ pcsc-lite: - version 1.9.3 * fix a stupid regression with systemd introduced in the previous version - version 1.9.2 * improve NetBSD support * pcsc-spy: version 1.1 . add option -t|--thread . x10 speed increase . correctly exit at end-of-file . remove, now useless, support of macOS * SetProtocol: Handle IFD_NOT_SUPPORTED from the driver * hotplug_libudev.c: sanitize interface name * pcsc_demo: change licence from GPLv3 to BSD * use Python 3 for Python scripts (psc-spy, UnitaryTests) * Some other minor improvements - remove obsolete pcsc-lite-python3.patch ------------------------------------------------------------------ ------------------ 2021-8-6 - Aug 6 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - update to AppArmor 3.0.2 - add missing permissions to several profiles and abstractions (including boo#1188296) - bugfixes in utils and parser (including boo#1180766 and boo#1184779) - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2 for the detailed upstream changelog - remove upstreamed patches: - apparmor-dovecot-stats-metrics.diff - abstractions-php8.diff - crypto-policies-mr720.diff ++++ elfutils: - Add disable-run-deleted-test.patch in order to disable failing test-case (boo#1189153). ++++ glib-networking: - Update to version 2.70.alpha: + Fix TLS channel bindings tests. + Require OpenSSL 1.0.2. + Fix threadsafety issue in certificate verification. + dlopen libsoup for performing HTTP requests. + OpenSSL: add DTLS support, plus many related improvements. + Implement new GTlsCertificate details APIs. + GnuTLS: improve error handling for PIN failures. + GnuTLS: expose PIN type on PIN requests. + GnuTLS: check cancellable in pull timeout callback. + Improve automation of test certificate creation. + GnuTLS: use GnuTLS to implement all channel bindings. + GnuTLS: rework certificate verification to use TLS session. + GnuTLS: improve peer identity verification. + Bring back automatic downloading of missing intermediate certificates (not fixed, may go away again). ++++ kernel-default: - Update kabi files. - Update from August 2021 maintenance update submission (commit 055c4fd5f13c) - commit 0b9f7b1 - net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext (git-fixes). - commit 4d3a9e0 - Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes). - commit 38ad73f ++++ libapparmor: - update to AppArmor 3.0.2 - add missing permissions to several profiles and abstractions (including boo#1188296) - bugfixes in utils and parser (including boo#1180766 and boo#1184779) - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2 for the detailed upstream changelog - remove upstreamed patches: - apparmor-dovecot-stats-metrics.diff - abstractions-php8.diff - crypto-policies-mr720.diff ++++ rdma-core: - Update to rdma-core v36.0: - Bugfixes on all providers ++++ libesmtp: - Add libesmtp-fix-cve-2019-19977.patch: Fix stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462 bsc#1189097). ++++ qemu: - usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) usbredir-fix-free-call.patch ++++ u-boot-rpiarm64: - u-boot-bin.spl is used for UART or USB boot. Lets package it for convinience. ------------------------------------------------------------------ ------------------ 2021-8-5 - Aug 5 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - fix patches metadata - fix Patch-mainline: - patches.suse/NFSv4.1-Don-t-rebind-to-the-same-source-port-when-re.patch - patches.suse/SUNRPC-prevent-port-reuse-on-transports-which-don-t-.patch - commit 5e54e89 - blacklist.conf: kABI changes due to kvm_mmu_rule struct. - commit f3e0e69 - Refresh patches.suse/Input-ili210x-add-missing-negation-for-touch-indicat.patch Fix missing parentheses in the input backport patch. - commit 0913716 - rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change. - commit b6f021b - Revert "gpio: mpc8xxx: change the gpio interrupt flags." (git-fixes). - drm/amd/display: ensure dentist display clock update finished in DCN20 (git-fixes). - commit 3d2a7da - gpio: tqmx86: really make IRQ optional (git-fixes). - media: videobuf2-core: dequeue if start_streaming fails (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes). - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes). - cfg80211: Fix possible memory leak in function cfg80211_bss_update (git-fixes). - commit 7dd3f8c - SUNRPC: prevent port reuse on transports which don't request it (bnc#1186264 bnc#1189021). - commit a89b568 - kabi fix for NFSv4.1: Don't rebind to the same source port when reconnecting to the server (bnc#1186264 bnc#1189021) - commit 844eb4c - NFSv4.1: Don't rebind to the same source port when (bnc#1186264 bnc#1189021) - commit 4b89a40 ++++ Mesa: - enabled build of 'crocus' Gallium3D OpenGL driver for i965 "Gen4" through Haswell "Gen7" graphics (alternative to classic "i965" OpenGL driver); use MESA_LOADER_DRIVER_OVERRIDE=crocus to use it; in case of issues with video hardware acceleration(vaapi driver), set LIBVA_DRIVER_NAME=i965 - update to 21.2.0 * new release ++++ gpgme: - Fix build with glibc 2.34: [bsc#1189089] * Use glibc's closefrom. * Add gpgme-use-glibc-closefrom.patch ------------------------------------------------------------------ ------------------ 2021-8-4 - Aug 4 2021 ------------------- ------------------------------------------------------------------ ++++ bash: - Add patch bash-4.4-jobctrl.patch to allow process group asignment even for modern kernels (bsc#1057452, bsc#1188287) ++++ glib2: - Add 63e7864.patch: Fix build with glibc 2.34: use 3 parameters for close_range (boo#1189088). ++++ grub2: - update grub2-systemd-sleep.sh to fix hibernation by avoiding the error "no kernelfile matching the running kernel found" on usrmerged setup - Use %autosetup ++++ ipset: - Update to release 7.15 * netfilter: ipset: Fix maximal range check in hash_ipportnet4_uadt() ++++ kernel-default: - ionic: fix up dim accounting for tx and rx (jsc#SLE-16649). - ionic: remove intr coalesce update from napi (jsc#SLE-16649). - ionic: make all rx_mode work threadsafe (jsc#SLE-16649). - RDMA/bnxt_re: Fix stats counters (bsc#1188231). - bnxt_en: Validate vlan protocol ID on RX packets (jsc#SLE-15075). - ionic: add handling of larger descriptors (jsc#SLE-16649). - ionic: add new queue features to interface (jsc#SLE-16649). - ionic: fix sizeof usage (jsc#SLE-16649). - ionic: protect adminq from early destroy (jsc#SLE-16649). - ionic: stop watchdog when in broken state (jsc#SLE-16649). - ionic: block actions during fw reset (jsc#SLE-16649). - ionic: fix unchecked reference (jsc#SLE-16649). - ionic: simplify the intr_index use in txq_init (jsc#SLE-16649). - ionic: code cleanup details (jsc#SLE-16649). - ionic: aggregate Tx byte counting calls (jsc#SLE-16649). - ionic: simplify tx clean (jsc#SLE-16649). - ionic: generic tx skb mapping (jsc#SLE-16649). - ionic: simplify TSO descriptor mapping (jsc#SLE-16649). - ionic: simplify use of completion types (jsc#SLE-16649). - ionic: rebuild debugfs on qcq swap (jsc#SLE-16649). - ionic: simplify rx skb alloc (jsc#SLE-16649). - ionic: optimize fastpath struct usage (jsc#SLE-16649). - ionic: implement Rx page reuse (jsc#SLE-16649). - ionic: move rx_page_alloc and free (jsc#SLE-16649). - ionic: change mtu after queues are stopped (jsc#SLE-16649). - ionic: remove some unnecessary oom messages (jsc#SLE-16649). - ionic: useful names for booleans (jsc#SLE-16649). - ionic: check for link after netdev registration (jsc#SLE-16649). - ionic: start queues before announcing link up (jsc#SLE-16649). - commit 55ca0a7 - btrfs: rework chunk allocation to avoid exhaustion of the system chunk array (bsc#1189077). - btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077). - btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077). - btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077). - btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077). - btrfs: factor out create_chunk() (bsc#1189077). - btrfs: factor out decide_stripe_size() (bsc#1189077). - btrfs: factor out gather_device_info() (bsc#1189077). - btrfs: factor out init_alloc_chunk_ctl (bsc#1189077). - btrfs: introduce alloc_chunk_ctl (bsc#1189077). - btrfs: refactor find_free_dev_extent_start() (bsc#1189077). - btrfs: introduce chunk allocation policy (bsc#1189077). - btrfs: handle invalid profile in chunk allocation (bsc#1189077). - commit 707ed65 - tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop (CVE-2021-3679 bsc#1189057). - commit 49b5ebf - net/mlx5: Properly convey driver version to firmware (git-fixes). - commit 44d8f42 - net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes). - commit ac61742 - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes). - commit 75096f3 - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes). - commit 524d35f ++++ lshw: - Update versioning to to allow easy transition on SLE - Disable parallel build to avoid random failures ++++ python-gobject: - Adjust BuildRequires for python_module cairo to python-module pycairo: the module was renamed 2 years ago. - Skip build for python2: not supported anymore since 3.38.0. ------------------------------------------------------------------ ------------------ 2021-8-3 - Aug 3 2021 ------------------- ------------------------------------------------------------------ ++++ cockpit: - new version 250 https://cockpit-project.org/blog/cockpit-250.html - fix pam_motd selinux denial (0001-selinux-allow-login-to-read-motd-file.patch) ++++ cryptsetup: - need to use PBKDF2 by default for LUKS2 as grub can't decrypt when using Argon. ++++ transactional-update: - Version 3.5.1 - t-u: Disable status file generation by default The new experimental `status` command requires the availability of /etc/YaST2/control.xml, which is not present on all systems. Hide the creation of the corresponding status file behind a new EXPERIMENTAL_STATUS option to try out this functionality. - Increase library version - Add tukit.conf to spec file ++++ efibootmgr: - Update to v17: [jsc#SLE-22542] * use efivar's logging facility more (more info in -v2 , -v3, etc) * Various bug fixes * Better -e parsing * fix pkg-config invocation for ldflags * Make efibootmgr use EFIDIR / efibootmgr.efidir like fwupdate does * make --loader default build-time configurable * sanitize set_mirror()/get_mirror() * Add support for parsing loader options as UCS2 * GCC 7 fixes * Don't use -fshort-wchar since we don't run on EFI machines. - Drop 0001-Don-t-use-fshort-wchar-when-building-63.patch (upstreamed) - Drop 0002-Remove-extra-const-keywords-gcc-7-gripes-about.patch (upstreamed) - Drop 0003-Add-support-for-parsing-optional-data-as-ucs2.patch (upstreamed) - Drop MARM-sanitize-set_mirror.diff (upstreamed) - Drop efibootmgr-derhat.diff (upstreamed) - Rebase efibootmgr-delete-multiple.diff ++++ hwdata: - Update to version 0.350 (bsc#1189005): + Updated pci, usb and vendor ids. ++++ kernel-default: - Update kabi files. - update from August 2021 maintenance update submission (commit a13100d5f167) - commit 75dc981 - blacklist.conf: add macsonic driver - commit 688a554 ++++ qemu: - Add stable patches from upstream: block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch hw-net-can-sja1000-fix-buff2frame_bas-an.patch hw-pci-host-q35-Ignore-write-of-reserved.patch ++++ u-boot-rpiarm64: Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.07 * Patches added: 0014-btrfs-Use-default-subvolume-as-file.patch - boo#1185656 ------------------------------------------------------------------ ------------------ 2021-8-2 - Aug 2 2021 ------------------- ------------------------------------------------------------------ ++++ avahi: - Obsolete the same version of mDNSResponder-lib and mDNSResponder in baselib.conf and spec. ++++ cryptsetup: - cryptsetup 2.4.0 (jsc#SLE-20275) * External LUKS token plugins * Experimental SSH token * Default LUKS2 PBKDF is now Argon2id * Increase minimal memory cost for Argon2 benchmark to 64MiB. * Autodetect optimal encryption sector size on LUKS2 format. * Use VeraCrypt option by default and add --disable-veracrypt option. * Support --hash and --cipher to limit opening time for TCRYPT type * Fixed default OpenSSL crypt backend support for OpenSSL3. * integritysetup: add integrity-recalculate-reset flag. * cryptsetup: retains keyslot number in luksChangeKey for LUKS2. * Fix cryptsetup resize using LUKS2 tokens. * Add close --deferred and --cancel-deferred options. * Rewritten command-line option parsing to avoid libpopt arguments memory leaks. * Add --test-args option. - Use LUKS2 as default format on Tumbleweed. It provides some additional features which other tools (e.g. systemd-cryptenroll) rely on. GRUB 2.06 supports unlocking LUKS2 volumes meanwhile. ++++ transactional-update: - Version 3.5.0 - Add alias setDiscardIfUnchanged for setDiscard. The old method name wasn't really clear and will be removed if we should have an API break in the future - Replace mkinitrd with direct dracut call [boo#1186213] - tukit: Add configuration file support (/etc/tukit.conf) - Allow users to configure additional bind mounts (see /usr/etc/tukit.conf for an example and limitations) [bsc#1188322] - Add 'transactional-update status' call. This is a POC for obtaining a hash of a system to verify its integrity. The functionality is still experimental! - Internal bugfixes / optimizations ++++ e2fsprogs: - Update to 1.46.3: * Add -V and -VV options to filefrag * Fix fs corruption cause by resize2fs on filesystems with MMP blocks * Fast commit portability fixes * Fix direct IO support in Unix IO manager * Avoid calling EXT2_IOC_[GS]ETFLAGS for block devices * Fix mke2fs to not discard blocks beyond end of filesystem * Make e2fsck set filetype of '.' and '..' entries * Fix QCOW image generation in e2image for very large filesystems * Update translations ++++ gtk3: - Drop patch fixed upstream on SLE and Leap 15.4: gtk3-x11-fix-menu-touch-by-pointer-emulation.patch ++++ kernel-default: - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - commit 78eb685 - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - commit a798607 - cifs: missing null pointer check in cifs_mount (bsc#1185902). - commit 17b0494 - cifs: fix check of dfs interlinks (bsc#1185902). - commit 1db4f4d - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - commit 064a32d - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - commit 65332c5 - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - commit 1a16c86 - cifs: fix path comparison and hash calc (bsc#1185902). - commit 9ae40ff - cifs: handle different charsets in dfs cache (bsc#1185902). - commit 7b185cd - cifs: keep referral server sessions alive (bsc#1185902). - commit a6fba08 - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973). - commit b02980f - ALSA: pcm - fix mmap capability check for the snd-dummy driver (git-fixes). - commit b68f7e6 - ACPI: DPTF: Fix reading of attributes (git-fixes). - drm/msm/dpu: Fix sm8250_mdp register length (git-fixes). - commit da4d5f8 - can: esd_usb2: fix memory leak (git-fixes). - can: ems_usb: fix memory leak (git-fixes). - can: usb_8dev: fix memory leak (git-fixes). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes). - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes). - nfc: nfcsim: fix use after free during module unload (git-fixes). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes). - Revert "ACPI: resources: Add checks for ACPI IRQ override" (git-fixes). - firmware: arm_scmi: Fix range check for the maximum number of pending messages (git-fixes). - firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow (git-fixes). - commit 7ff2c84 ++++ systemd: - Upgrade to v249.2 (commit c0bb2fcbc26f6aacde574656159504f263916719) See https://github.com/openSUSE/systemd/blob/SUSE/v249/NEWS for details. This includes the following bug fixes: - upstream commit 6fb61918ccdd0610b425d5b0e5417751f8f8f783 (bsc#1182870) - upstream commit 6fe2a70b9160e35fdeed9d37bd31727c2d46a8b2 (jsc#SLE-17798) - Rebased 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch ++++ libvirt: - Update to libvirt 7.6.0 - storage_driver: Unlock object on ACL fail in storagePoolLookupByTargetPath CVE-2021-3667 bsc#1188843 - jsc#SLE-18354 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html - Added patches: suse-qemu-ovmf-paths.patch, suse-xen-ovmf-paths.patch - Dropped patches: ee3dc2c2-libxl-default-pcistub-name.patch, 6b8e9613-avoid-use-after-free.patch, eab7ae6b-fix-array-access.patch, c363f03e-virnetdaemon-intro-virNetDaemonQuitExecRestart.patch, ccc6dd8f-fix-exec-restart.patch, 15073504-CVE-2021-3631.patch, de1e0ae0-lockd-no-error-if-lockspace.patch, 447f69de-CVE-2021-3667.patch, suse-ovmf-paths.patch, suse-apparmor-libnl-paths.patch, suse-xen-ovmf-loaders.patch, suse-bump-xen-version.patch - libxl: ovmf now provides only one firmware for Xen. The firmware is named ovmf-x86_64-xen-4m.bin in the SUSE ovmf package. Adjust the upstream default firmware path to match the SUSE name. - packaging: To improve maintainability, rename suse-ovmf-paths.patch to suse-qemu-ovmf-paths.patch and suse-xen-ovmf-loaders.patch to suse-xen-ovmf-paths.patch - spec: Remove the sysconfig fillup files for the various daemons - Dropped patches: suse-libvirtd-sysconfig-settings.patch, suse-virtlockd-sysconfig-settings.patch, suse-virtlogd-sysconfig-settings.patch - qemu: Use correct flag constant for enabling storage migration f58349c9-qemu-storage-migration.patch bsc#1188171 - apparmor: Permit new capabilities required by libvirtd boo#1186888 - supportconfig plugin improvements - Suggest numad package instead of requiring it. numad is not required for libvirt daemon to run, it does not support the cgroup2 API and it has been superseded by the kernel NUMA balancer which is enabled by default. bsc#1184722 - libvirt-admin package merged with libvirt-daemon - libvirt-bash-completion package merged with libvirt-client and libvirt-daemon packages ++++ python-libvirt-python: - Update to 7.6.0 - Add all new APIs and constants in libvirt 7.6.0 - jsc#SLE-18354 ++++ rpm-config-SUSE: - Add macros.rpm415 to allow easy backport of Factory srpm [jsc#SLE-20017]. ++++ yast2-trans: - Update to version 84.87.20210802.da4df69bfc: * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (French) * Translated using Weblate (Catalan) * New POT for text domain 'network'. * New POT for text domain 'country'. * Translated using Weblate (Italian) * New POT for text domain 'update'. * New POT for text domain 'autoinst'. * Translated using Weblate (Czech) ------------------------------------------------------------------ ------------------ 2021-8-1 - Aug 1 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - fix patch metadata - fix Patch-mainline: patches.suse/xfrm-xfrm_state_mtu-should-return-at-least-1280-for-.patch - commit e52bdda ------------------------------------------------------------------ ------------------ 2021-7-30 - Jul 30 2021 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Update to version 3.0.3: * Dont interpret audit netlink groups unless AUDIT_NLGRP_MAX is defined * Add support for AUDIT_RESP_ORIGIN_UNBLOCK_TIMED to ids * Change auparse_feed_has_data in auparse to include incomplete events * Auditd, stop linking against -lrt * Add ProtectHome and RestrictRealtime to auditd.service * In auditd, read up to 3 netlink packets in a row * In auditd, do not validate path to plugin unless active * In auparse, only emit config errors when AUPARSE_DEBUG env variable exists - use https source urls ++++ gdk-pixbuf: - Drop gdk-pixbuf-bsc1180393-CVE-2020-29385.patch on SLE and Leap 15.4: fixed upstream. ++++ glib2: - Drop patches fixed upstream on SLE and Leap 15.4: + glib2-add-support-for-slim-timezone-format.patch + glib2-fix-6-days-until-the-end-of-the-month.patch + glib2-CVE-2021-27218.patch + glib2-CVE-2021-27219-add-g_memdup2.patch ++++ kernel-default: - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes). - bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371 bsc#1153274). - bnxt_en: don't disable an already disabled PCI device (git-fixes). - cxgb4: fix IRQ free race during driver unload (git-fixes). - igb: Fix position of assignment to *ring (git-fixes). - igb: Check if num of q_vectors is smaller than max before array access (git-fixes). - iavf: Fix an error handling path in 'iavf_probe()' (git-fixes). - e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes). - igb: Fix an error handling path in 'igb_probe()' (git-fixes). - igc: Fix an error handling path in 'igc_probe()' (git-fixes). - ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes). - igc: change default return of igc_read_phy_reg() (git-fixes). - igb: Fix use-after-free error during reset (git-fixes). - igc: Fix use-after-free error during reset (git-fixes). - virtio_net: move tx vq operation under tx queue lock (git-fixes). - Revert "be2net: disable bh with spin_lock in be_process_mcc" (git-fixes). - e1000e: Check the PCIm state (git-fixes). - i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes). - i40e: Fix error handling in i40e_vsi_open (git-fixes). - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes). - mvpp2: suppress warning (git-fixes). - net: mvpp2: Put fwnode in error case during ->probe() (git-fixes). - net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes). - commit 3de5d62 - Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch. (bsc#1187591, bsc#1188694) - Return EFI_UNSUPPORTED when accessing EFI_RNG_PROTOCOL failed. - Improved the warning message. - commit 0183525 ++++ audit: - Update to version 3.0.3: * Dont interpret audit netlink groups unless AUDIT_NLGRP_MAX is defined * Add support for AUDIT_RESP_ORIGIN_UNBLOCK_TIMED to ids * Change auparse_feed_has_data in auparse to include incomplete events * Auditd, stop linking against -lrt * Add ProtectHome and RestrictRealtime to auditd.service * In auditd, read up to 3 netlink packets in a row * In auditd, do not validate path to plugin unless active * In auparse, only emit config errors when AUPARSE_DEBUG env variable exists - use https source urls ++++ bluez: - update to 5.60 (JIRA-SLE-18497): * Fix issue with reading from RFKILL device node. * Fix issue with AVDTP and parsing capabilities. * Fix issue with UnregisterApplication handling. * Fix issue with RegisterProfile if UUID already exists. * Fix issue with GATT client attribute read with offset. * Fix issue with non-discoverable device and advertising monitor. - update to 5.59: * Fix issue with string to UUID-32 conversion. * Fix issue with connect request if SDP search failed. * Fix issue with accepting invalid AVDTP capabilities. * Fix issue with unregister handling of AVRCP player. * new tool: mesh-cfgtest * new manpages: btmon.1, bluetooth-meshd.8 - update to 5.58: * Fix issue with usage of deprecated GLib functions. - version 5.57: * Fix issue with handling GATT notification PDU parsing. * Fix issue with registering DIS without a valid source. * Fix issue with removing remote SEPs when loading from cache. - update to 5.56: * Fix issue with setting AVDTP disconnect timer. * Fix issue with AVDTP not sending GetCapabilities. * Fix issue with AVDTP connecting using streaming mode. * Fix issue with handling A2DP and remote SEP disappearing. * Fix issue with handling session of A2DP channels. * Fix issue with GATT and handling device removal. * Fix issue with GATT not accepting multiple requests. * Fix issue with HID report value callback registration. * Add support for new advertising management command. * Add support for battery D-Bus interface. * removed obsolete bccmd - remove obsolete upstreamed patches: shared-gatt-server-Fix-not-properly-checking-for-sec.patch (bsc#1186463 CVE-2021-0129) gatt-Fix-potential-buffer-out-of-bound.patch (bsc#1187165 CVE-2021-3588) shared-gatt-db-Introduce-gatt_db_attribute_set_fixed.patch (bsc#1187165 CVE-2021-3588) gatt-Make-use-of-gatt_db_attribute_set_fixed_length.patch (bsc#1187165 CVE-2021-3588) - refresh other patches ++++ ceph: - Update to 16.2.5-113-g8b5bda7684e: + (bsc#1188741) compression/snappy: use uint32_t to be compatible with 1.1.9 improved version of patch that did not work as intended ++++ libsolv: - Disable python2 usage on suse_version >= 1550 by default (still possible to use osc build --with=python). ++++ shared-mime-info: - Do not ghost own %{_datadir}/mime/[a-ms-vxX]*: as those files/directories do not exist during build, RPM can't expand the glob and adds it literally to the file list, not having any effect in the end. A cleanup of the directory structure would not work anyway, as there are also files generated inside. ++++ sudo: - update to 1.9.7p2 - enabled openssl support for secure central session recording collection (without it's clear text) - fixed SLES12 build * When formatting JSON output, octal numbers are now stored as strings, not numbers. The JSON spec does not actually support octal numbers with a '0' prefix. * Fixed a compilation issue on Solaris 9. * Sudo now can handle the getgroups() function returning a different number of groups for subsequent invocations. GitHub PR #106. * When loading a Python plugin, python_plugin.so now verifies that the module loaded matches the one we tried to load. This allows sudo to display a more useful error message when trying to load a plugin with a name that conflicts with a Python module installed in the system location. * Sudo no longer sets the the open files resource limit to "unlimited" while it runs. This avoids a problem where sudo's closefrom() emulation would need to close a very large number of descriptors on systems without a way to determine which ones are actually open. * Sudo now includes a configure check for va_copy or __va_copy and only defines its own version if the configure test fails. * Fixed a bug in sudo's utmp file handling which prevented old entries from being reused. As a result, the utmp (or utmpx) file was appended to unnecessarily. GitHub PR #108. * Fixed a bug introduced in sudo 1.9.7 that prevented sudo_logsrvd from accepting TLS connections when OpenSSL is used. Bug #988. * Fixed an SELinux sudoedit bug when the edited temporary file could not be opened. The sesh helper would still be run even when there are no temporary files available to install. * Fixed a compilation problem on FreeBSD. * The sudo_noexec.so file is now built as a module on all systems other than macOS. This makes it possible to use other libtool implementations such as slibtool. On macOS shared libraries and modules are not interchangeable and the version of libtool shipped with sudo must be used. * Fixed a few bugs in the getgrouplist() emulation on Solaris when reading from the local group file. * Fixed a bug in sudo_logsrvd that prevented periodic relay server connection retries from occurring in "store_first" mode. * Disabled the nss_search()-based getgrouplist() emulation on HP-UX due to a crash when the group source is set to "compat" in /etc/nsswitch.conf. This is probably due to a mismatch between include/compat/nss_dbdefs.h and what HP-UX uses internally. On HP-UX we now just cycle through groups the slow way using getgrent(). Bug #978. ------------------------------------------------------------------ ------------------ 2021-7-29 - Jul 29 2021 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - New package to enable/disable access due to AHB This references bsc#1182026, (jsc#SLE-21246, jsc#SLE-21247, jsc#SLE-21248, jsc#SLE-21249, jsc#SLE-21250) ++++ kernel-default: - powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722). - commit 6d617e8 - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - commit 7f4ff26 - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - commit 96ce669 - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - commit 7d7b6d5 - Update Patch-mainline tags for patches that landed in 5.14-rc3. - commit 48a135a - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722). - commit 837e7fa - powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722). - powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722). - powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722). - powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722). - Delete patches.suse/powerpc-add-link-stack-flush-mitigation-in-debugfs.patch - replaced with upstream security mitigation cleanup - powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722). - commit e35bcce - powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722). - powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722). - Refresh patches.suse/powerpc-pseries-mobility-notify-network-peers-after-.patch. - powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722). - commit 3f019e2 - kABI workaround for btintel symbol changes (bsc#1188893). - commit a0378fb - Bluetooth: btusb: Fix failing to init controllers with operation firmware (bsc#1188893). - Bluetooth: btintel: Skip reading firmware file version while in bootloader mode (bsc#1188893). - Bluetooth: btintel: Collect tlv based active firmware build info in FW mode (bsc#1188893). - Bluetooth: btintel: Reorganized bootloader mode tlv checks in intel_version_tlv parsing (bsc#1188893). - Bluetooth: btusb: Consolidate code for waiting firmware download (bsc#1188893). - Bluetooth: btintel: Consolidate intel_version parsing (bsc#1188893). - Bluetooth: btintel: Consolidate intel_version_tlv parsing (bsc#1188893). - commit 5d9b049 - Bluetooth: btintel: Move operational checks after version check (bsc#1188893). - Bluetooth: btintel: Check firmware version before download (bsc#1188893). - Bluetooth: btintel: Fix offset calculation boot address parameter (bsc#1188893). - Bluetooth: btusb: print firmware file name on error loading firmware (bsc#1188893). - commit 02eefaa - Bluetooth: btusb: Add support for GarfieldPeak controller (bsc#1188893). - Revert "Bluetooth: btintel: Fix endianness issue for TLV version information" (bsc#1188893). - Bluetooth: btusb: Enable MSFT extension for Intel controllers (bsc#1188893). - Bluetooth: btusb: Map Typhoon peak controller to BTUSB_INTEL_NEWGEN (bsc#1188893). - commit 8c5bc15 - Bluetooth: btusb: Helper function to download firmware to Intel adapters (bsc#1188893). - Bluetooth: btusb: Define a function to construct firmware filename (bsc#1188893). - Bluetooth: btusb: Add *setup* function for new generation Intel controllers (bsc#1188893). - Bluetooth: btintel: Fix endianness issue for TLV version information (bsc#1188893). - commit 051ab9c - Bluetooth: btintel: Replace zero-length array with flexible-array member (bsc#1188893). - Bluetooth: btintel: Functions to send firmware header / payload (bsc#1188893). - Bluetooth: btintel: Add infrastructure to read controller information (bsc#1188893). - Bluetooth: btintel: Refactor firmware download function (bsc#1188893). - Bluetooth: hci_intel: enable on new platform (bsc#1188893). - Bluetooth: hci_intel: switch to list_for_each_entry() (bsc#1188893). - Bluetooth: hci_intel: drop strange le16_to_cpu() against u8 values (bsc#1188893). - Bluetooth: btusb: Update boot parameter specific to SKU (bsc#1188893). - commit 29e3766 - Update patch-mainline and git-commit tags Refresh: - patches.suse/0001-netfilter-conntrack-add-new-sysctl-to-disable-RST-ch.patch - patches.suse/0001-netfilter-conntrack-improve-RST-handling-when-tuple-.patch - commit 758ec5c - Move upstreamed patches to sorted section - commit e174d5e - Refresh patches.suse/efi-tpm-Differentiate-missing-and-invalid-final-even.patch. Update upstream status. - commit 871e8d7 - scsi: ibmvfc: Fix command state accounting and stale response detection (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - commit e0dfe90 - net: mac802154: Fix general protection fault (CVE-2021-3659 bsc#1188876). - commit 61caeac - bonding: fix build issue (git-fixes). - commit ba9e531 - ALSA: pcm: Fix mmap capability check (git-fixes). - ALSA: hda/realtek: Fix pop noise and 2 Front Mic issues on a machine (git-fixes). - drm/amdgpu: update golden setting for sienna_cichlid (git-fixes). - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd() (git-fixes). - iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() (git-fixes). - commit aefa679 - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes). - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes). - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes). - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes). - usb: hub: Fix link power management max exit latency (MEL) calculations (git-fixes). - xhci: Fix lost USB 2 remote wake (git-fixes). - spi: imx: add a check for speed_hz before calculating the clock (git-fixes). - commit cbaa23f - firmware/efi: Tell memblock about EFI iomem reservations (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets (git-fixes). - ASoC: rt5631: Fix regcache sync errors on resume (git-fixes). - ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes). - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes). - drm: Return -ENOTTY for non-drm ioctls (git-fixes). - regulator: hi6421: Fix getting wrong drvdata (git-fixes). - regulator: hi6421: Use correct variable type for regmap api val argument (git-fixes). - iio: accel: bma180: Use explicit member assignment (git-fixes). - commit 4603b01 ++++ mozilla-nss: - update to NSS 3.68 * bmo#1713562 - Fix test leak. * bmo#1717452 - NSS 3.68 should depend on NSPR 4.32. * bmo#1693206 - Implement PKCS8 export of ECDSA keys. * bmo#1712883 - DTLS 1.3 draft-43. * bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension. * bmo#1713562 - Validate ECH public names. * bmo#1717610 - Add function to get seconds from epoch from pkix::Time. - update to NSS 3.67 * bmo#1683710 - Add a means to disable ALPN. * bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66). * bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja. * bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c. * bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte. ++++ Mesa: - update to 21.1.6 * sixth bugfix release ++++ systemd: - Avoid the error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291) ++++ libvirt: - storage_driver: Unlock object on ACL fail in storagePoolLookupByTargetPath CVE-2021-3667 bsc#1188843 ++++ tpm2.0-tools: - Add 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch to fix the offset of the read buffer ------------------------------------------------------------------ ------------------ 2021-7-28 - Jul 28 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.32.6: + core: - Fix adding stale local routes when address changes. - Introduce "allowed-connections" option to disallow profiles on a device. This allows to filter out profiles that originate from initrd. - Introduce "keep-configuration" device option to forcefully activate a profile on start. + initrd: - Tag generated profiles with origin in user data. - Add "ib.pkey=" command line option. + dhcp: Handle filename/bootfile_name DHCP option and write it to device state file for initrd/kickstart. ++++ ignition: - Include vfat and nls kernel modules into initrd so that we can read the ignition configuration from USB drives [bsc#1184202] ++++ ipset: - Update to release 7.14 * Allow specifying protocols by number * Limit the maximum range of consecutive elements to add/delete ++++ kernel-default: - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). - commit c3c4cb5 - use 3.0 SPDX identifier in rpm License tags As requested by Maintenance, change rpm License tags from "GPL-2.0" (SPDX 2.0) to "GPL-2.0-only" (SPDX 3.0) so that their scripts do not have to adjust the tags with each maintenance update submission. - commit f888e0b - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - commit 28541e7 - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes). - commit ffedcc6 - platform/x86: intel_int0002_vgpio: Remove dev_err() usage after platform_get_irq() (git-fixes). - commit 4131c57 - platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip (git-fixes). - commit 88a6182 - KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (bsc#1188838 CVE-2021-37576). - commit 0162dcd - platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes). - commit 017d588 - platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command (git-fixes). - commit a8f01e1 - Input: ili210x - add missing negation for touch indication on ili210x (git-fixes). - commit 0575cf5 - KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790). - commit 81b4c99 - KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788). - commit f2e225f - KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787). - commit 388d3fb - KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786). - commit c5de014 ++++ rust-keylime: - Add generate-cargo-lock-file.patch to fix the build system in OBS - Add keylime.conf.diff to adjust the default config file - Adjust build requirements - Add firewalld XML rules - Add systemd keylime_agent.service - Fix license tag ++++ xfsprogs: - mkfs: disable reflink support by default (jsc#SLE-17360) - Add xfsprogs-mkfs-disable-reflink-support-by-default.patch Do not format xfs filesystems with reflink support by default, as the feature is read-only compatible, and read-write compatibility is required to be maintained within product stream (SLE15). - Dropped all following patches which are now part of upstream xfsprogs, and were previously backported to address bugs bsc#1167206, bsc#1167205, bsc#1158630, bsc#1158509, bsc#1158504, bsc#1158758, bsc#1129859, bsc#1122271, bsc#1073421, bsc#1119063, bsc#1105068. make_xfs_scrub_interp_explicit.patch xfsprogs-mkfs-avoid-divide-by-zero-when-hardware-reports-opti.patch xfsprogs-repair-Fix-root-inode-s-parent-when-it-s-bogus-f.patch xfsprogs-xfs_repair-Add-missing-braces-to-allow-zeroing-of-co.patch xfsprogs-xfs_repair-allow-in-attribute-names.patch xfsprogs-xfs-hoist-xfs_fs_geometry-to-libxfs.patch xfsprogs-xfs-refactor-the-geometry-structure-filling-function.patch xfsprogs-xfs_spaceman-add-a-superblock-info-command.patch xfsprogs-xfs_info-move-to-xfs_spaceman.patch xfsprogs-xfs_db-add-a-superblock-info-command.patch xfsprogs-libfrog-refactor-fs-geometry-printing-function.patch xfsprogs-mkfs-use-geometry-generation-helper-functions.patch xfsprogs-xfs_info-call-xfs_db-for-offline-filesystems.patch xfsprogs-xfs_info-use-findmnt-to-handle-mounted-block-devices.patch xfsprogs-xfs_quota-fix-false-error-reporting-of-project-inher.patch xfsprogs-xfs-create-structure-verifier-function-for-shortform.patch xfsprogs-xfs-create-structure-verifier-function-for-short-for.patch xfsprogs-xfs-refactor-short-form-directory-structure-verifier.patch xfsprogs-xfs-provide-a-centralized-method-for-verifying-inlin.patch xfsprogs-xfs_repair-don-t-fail-directory-repairs-when-grabbin.patch xfsprogs-xfs_repair-implement-custom-ifork-verifiers.patch xfsprogs-xfs_repair-use-custom-ifork-verifier-in-mv_orphanage.patch xfsprogs-xfs-move-inode-extent-size-hint-validation-to-libxfs.patch xfsprogs-xfs_repair-use-libxfs-extsize-cowextsize-validation-.patch xfsprogs-mkfs-validate-extent-size-hint-parameters.patch xfsprogs-xfs_io-Make-copy_range-arguments-understand-iB-values.patch xfsprogs-man-document-some-missing-xfs_db-commands.patch xfsprogs-man-reformat-xfs_quota-commands-in-the-manpage-for-t.patch ++++ zypper: - Support new reports for singletrans rpm commit. - BuildRequires: libzypp-devel >= 17.27.1. For lock/query comments. - Prompt: choose exact match if prompt options are not prefix free (bsc#1188156) - Install summary: Show new and removed packages closer to the prompt (fixes #403) These packages are usually more interesting than the updated ones. In case of doubt less scrolling is needed to see them. - Add need reboot/restart hint to XML install summary (bsc#1188435) - Add comment option for lock command (fixes #388). - version 1.14.48 ------------------------------------------------------------------ ------------------ 2021-7-27 - Jul 27 2021 ------------------- ------------------------------------------------------------------ ++++ combustion: - Drop explicit dependency on sysroot.mount. Instead, handle starting and stopping of the unit explicitly to avoid conflicts. - Add workaround for gh#systemd/systemd#20329 ++++ gnutls: - Account for the libnettle soname bump [jsc#SLE-19765] ++++ kernel-default: - KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784). - commit 08b2951 - KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783). - commit 5f8f317 - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782). - commit ef7bd2d - KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781). - commit 8984ecb - KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780). - commit 597c5f3 - KVM: nVMX: Preserve exception priority irrespective of exiting behavior (bsc#1188777). - commit 9024fbf - KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774). - commit 7334e84 - KVM: nVMX: Consult only the "basic" exit reason when routing nested exit (bsc#1188773). - commit f7ab15a - kvm: LAPIC: Restore guard to prevent illegal APIC register access (bsc#1188772). - commit 8a9a1d5 - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (bsc#1188771). - commit 7610884 - kvm: i8254: remove redundant assignment to pointer s (bsc#1188770). - commit f768a8a - prctl: PR_{G,S}ET_IO_FLUSHER to support controlling memory reclaim (bsc#1188752). - commit 80a0f40 - iwlwifi: pcie: make iwl_pcie_txq_update_byte_cnt_tbl bus independent (bsc#1187495). - Refresh patches.suse/iwlwifi-pcie-free-IML-DMA-memory-allocation.patch. - commit 55531dc - blacklist.conf: kABI - commit c1f6ea9 - ceph: don't WARN if we're still opening a session to an MDS (bsc#1188748). - rbd: don't hold lock_rwsem while running_list is being drained (bsc#1188747). - rbd: always kick acquire on "acquired" and "released" notifications (bsc#1188746). - commit 5813020 - Update patches.suse/x86-intel-aggregate-microserver-naming.patch. This was a search-and-replace patch - there were one _X -> _D replacement missing in tools/power/x86/turbostat/turbostat.c Update the patch to cover the missing replacement. - commit 63c708b - mt76: set dma-done flag for flushed descriptors (git-fixes). - commit aaa3cb6 - mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes). - commit 43e0b14 - mt76: mt7615: increase MCU command timeout (git-fixes). - commit 1ca559f - mt76: mt7603: set 0 as min coverage_class value (git-fixes). - commit 606bd07 - ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533). - commit fccec64 - drm/radeon: Call radeon_suspend_kms() in radeon_pci_shutdown() for Loongson64 (git-fixes). - drm/amdgpu: enable sdma0 tmz for Raven/Renoir(V2) (git-fixes). - drm/amdkfd: Fix circular lock in nocpsch path (git-fixes). - drm/amdkfd: fix circular locking on get_wave_state (git-fixes). - drm/amdkfd: use allowed domain for vmbo validation (git-fixes). - drm/amd/display: Fix off-by-one error in DML (git-fixes). - drm/amd/display: Release MST resources on switch from MST to SST (git-fixes). - drm/amd/display: Fix DCN 3.01 DSCCLK validation (git-fixes). - commit 0be6a2a - drm/amdgpu: remove unsafe optimization to drop preamble ib (git-fixes). - drm/amd/display: Avoid HDCP over-read and corruption (git-fixes). - drm: rockchip: add missing registers for RK3066 (git-fixes). - drm: rockchip: add missing registers for RK3188 (git-fixes). - drm/vc4: hdmi: Fix PM reference leak in vc4_hdmi_encoder_pre_crtc_co() (git-fixes). - drm/vc4: Fix clock source for VEC PixelValve on BCM2711 (git-fixes). - drm/amd/display: fix HDCP reset sequence on reinitialize (git-fixes). - drm/scheduler: Fix hang when sched_entity released (git-fixes). - drm/nouveau: Don't set allow_fb_modifiers explicitly (git-fixes). - drm/bridge: nwl-dsi: Force a full modeset when crtc_state->active is changed to be true (git-fixes). - commit 0856190 - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - commit 80eef04 - cifs: fix interrupted close commands (git-fixes). - commit 9eae08a ++++ ceph: - Update to 16.2.5-111-ga5b472dfcf8: + (bsc#1188741) compression/snappy: use uint32_t to be compatible with 1.1.9 ++++ libvirt: - spec: Don't forcibly remove '--listen' arg from /etc/sysconfig/libvirtd. Add '--timeout 120' if '--listen' is not specified. bsc#1188232 ++++ osinfo-db: - bsc#1182144 - osinfo-db: autoinst.xml does not work with Tumbleweed. Fixes nested language problem. opensuse-autoyast-desktop.patch ++++ perl-Bootloader: - merge gh#openSUSE/perl-bootloader#135 - fix typo in update-bootloader - 0.935 ++++ suseconnect-ng: - Update to version 0.0.3~git0.dacdd3b: * Add gofmt target to Makefile * Fix gofmt errors * Add Requires that weren't explicit (bsc#1188646) * Use custom UnmarshalJSON() for the Product struct ------------------------------------------------------------------ ------------------ 2021-7-26 - Jul 26 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Add libnm0 to baselibs.conf to be used by 64bit Steam ++++ cockpit-wicked: - Version 4.1: * Fix a problem when detecting whether an interface is down and clean up the list of assigned addresses when they are released (gh#128, bsc#1182189 and bsc#1186736). * Update several dependencies to address security concerns (gh#127). * Add translations for German, Hindi and Sinhala (work in progress). * Update translations for Catalan, Czech, Italian, Japanese and Portuguese (Brazil). ++++ kernel-default: - cifs: Fix preauth hash corruption (git-fixes). - commit a2ac7b0 - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - commit ffe15e7 - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - commit f974156 - uuid: Add inline helpers to import / export UUIDs (FATE#326628, bsc#1113295, git-fixes). - commit 5ef7dcb - Drop media rtl28xxu fix patch (bsc#1188683) The recent backport of patches.suse/media-rtl28xxu-fix-zero-length-control-request.patch caused a regression on Astrometa DVB-T2. Revert and blacklist it for now. - commit 1ae8d64 - series.conf: cleanup - update upstream references and move into sorted section: - patches.suse/r8152-Fix-a-deadlock-by-doubly-PM-resume.patch - patches.suse/r8152-Fix-potential-PM-refcount-imbalance.patch - commit 425c935 - powerpc/stacktrace: Include linux/delay.h (bsc#1156395). - commit fb8c7fc - ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468). - commit 33a74a3 - sfp: Fix error handing in sfp_probe() (git-fixes). - commit 3f0aed6 - cadence: force nonlinear buffers to be cloned (git-fixes). - commit 4b76907 - gtp: fix an use-before-init in gtp_newlink() (git-fixes). - commit 6e609d3 - ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes). - commit ed39fda - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - commit 57704e2 - wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes). - commit 23af1ba - net: wilc1000: clean up resource in error path of init mon interface (git-fixes). - commit aa75b92 - Update patches.suse/ibmvnic-account-for-bufs-already-saved-in-indir_buf.patch (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 bsc#1188620 ltc#192221). - Update patches.suse/ibmvnic-free-tx_pool-if-tso_pool-alloc-fails.patch (bsc#1085224 ltc#164363 bsc#1188620 ltc#192221). - Update patches.suse/ibmvnic-parenthesize-a-check.patch (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes bsc#1188620 ltc#192221). - Update patches.suse/ibmvnic-set-ltb-buff-to-NULL-after-freeing.patch (bsc#1094840 ltc#167098 bsc#1188620 ltc#192221). - commit 8147958 - ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075). - commit 8bf9d02 - blacklist.conf: kABI - commit 7c940a5 - blacklist.conf: cosmetic cleanup - commit 29705c7 - blacklist.conf: kABI - commit 839f900 - Update patches.suse/x86-intel-aggregate-big-core-mobile-naming.patch. This was a search-and-replace patch - there were a handful of _ULT -> _L and _MOBILE -> _L replacements missing in tools/power/x86/turbostat/turbostat.c Update the patch to cover the missing replacements. - Refresh patches.suse/x86-intel-aggregate-big-core-graphics-naming.patch. - commit efd5300 - Update patches.suse/iommu-vt-d-do-not-use-flush-queue-when-caching-mode-is-on. The definition of domain_use_flush_queue() was tucked inside an #ifdef CONFIG_INTEL_IOMMU_SVM, whereas the function can be called outside of that #ifdef. It does not affect SLE15-SP3 directly since our configs always enable CONFIG_INTEL_IOMMU_SVM, but it's in the incorrect place in general. Move it outside of the ifdef to match upstream behavior. - commit e39afe2 - timers: Fix get_next_timer_interrupt() with no timers pending (git-fixes) - commit 1045d0d - docs: virt/kvm: close inline string literal (bsc#1188703). - commit e83521c - KVM: SVM: document KVM_MEM_ENCRYPT_OP, let userspace detect if SEV is available (bsc#1188703). - commit 0f91585 - integrity: use arch_ima_get_secureboot instead of checking EFI_SECURE_BOOT when loading MokListRT (bsc#1188366). - Update config files. Add CONFIG_IMA_ARCH_POLICY=y and CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y in x86_64/default. - commit 8567c4b - i40e: Fix missing rtnl locking when setting up pf switch (jsc#SLE-13701). - commit 27422dd - rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes). - rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes). - thermal/core: Correct function name thermal_zone_device_unregister() (git-fixes). - reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes). - soc/tegra: fuse: Fix Tegra234-only builds (git-fixes). - commit c39f899 ++++ krb5: - Fix KDC null deref on bad encrypted challenge; (CVE-2021-36222); (bsc#1188571); - Added patches: * 0011-Fix-KDC-null-deref-on-bad-encrypted-challenge.patch ++++ python3-core: - Rebuild to get new headers, avoid building in support for stropts.h (bsc#1187338). ++++ systemd: - Import commit 73e9e6fb847513c6d62f2fb445778ef5bc0fe516 (merge of v248.6) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/cb29bcc5ef2c0ee659686c5d229646a6ba98ec50...73e9e6fb847513c6d62f2fb445778ef5bc0fe516 ++++ libzypp: - Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760) This covers the case where not the packages itself would change its vendor, but replaces a package from a different vendor. - Fix solver jobs for PTFs (bsc#1186503) - spec: switch to pkgconfig(openssl) - Show key fpr from signature when signature check fails (bsc#1187224) Rpm by default only shows the short key ID when checking the signature of a package fails. This patch reads the signatures from the RPM headers and replaces she short IDs with the key fingerprints fetched from the signatures. - Implement alternative single transaction commit strategy. This patch adds a experimental commit strategy that runs all operations in a single rpm transaction, speeding up the execution a lot. - Use ZYPP_MEDIANETWORK=1 to enable the experimental new media backend. - Implement zchunk download, refactor Downloader backend. - Fix purge-kernels fails with kernels from Kernel:HEAD (bsc#1187738) There recently was a change in the kernel package naming scheme in regards to rc kernels. Since kernel upstream uses characters in the version that are not allowed in rpm versions a "-rc" was previously replaced with ".rc" which broke sorting by version, to fix this issue it was replaced with "~rc", which unfortunately broke the purge-kernels logic. This patch makes sure purge-kernel does apply the same conversion. - version 17.28.0 (22) ++++ mozilla-nspr: - update to version 4.32: * implement new socket option PR_SockOpt_DontFrag * support larger DNS records by increasing the default buffer size for DNS queries ++++ osinfo-db: - Add support for openSUSE Leap 15.4, SLE15-SP4, and SLEM 5.1 (bsc#1188692) add-opensuse-leap-15.4-support.patch add-sle15sp4-support.patch add-slem5.1-support.patch ++++ python3: - Rebuild to get new headers, avoid building in support for stropts.h (bsc#1187338). ++++ u-boot-rpiarm64: - Drop qemu-riscv64spl flavor - Use generic opensbi for sifiveunleashed - Rename sifivefu540 to sifiveunleashed to follow upstream - Update to 2021.07 - Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.07 * Patches dropped: 0014-fs-btrfs-fix-the-false-alert-of-dec.patch 0015-arm64-dts-meson-odroidc2-readd-PHY-.patch ++++ yast2-trans: - Update to version 84.87.20210723.6ea31dfcf1: * New POT for text domain 'users'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'country'. * New POT for text domain 'control-center'. * Translated using Weblate (Portuguese (Brazil)) * New POT for text domain 'users'. * New POT for text domain 'autoinst'. ------------------------------------------------------------------ ------------------ 2021-7-25 - Jul 25 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem" (git-fixes). - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes). - usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - commit c637f14 - ASoC: rt5682: Fix a problem with error handling in the io init function of the soundwire (git-fixes). - Refresh patches.suse/ASoC-rt5682-sdw-set-regcache_cache_only-false-before.patch. - commit c833aa0 - ASoC: wm_adsp: Correct wm_coeff_tlv_get handling (git-fixes). - ALSA: hda: intel-dsp-cfg: add missing ElkhartLake PCI ID (git-fixes). - ALSA: usb-audio: Add missing proc text entry for BESPOKEN type (git-fixes). - ASoC: Intel: sof_sdw: add SOF_RT715_DAI_ID_FIX for AlderLake (git-fixes). - ASoC: rt5682-sdw: set regcache_cache_only false before reading RT5682_DEVICE_ID (git-fixes). - Bluetooth: btqca: Don't modify firmware contents in-place (git-fixes). - ASoC: rt5682: fix getting the wrong device id when the suspend_stress_test (git-fixes). - commit 2fb44db - ALSA: pcm: Call substream ack() method upon compat mmap commit (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 630 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 450 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 830 G8 Notebook PC (git-fixes). - ALSA: hda/realtek: Apply LED fixup for HP Dragonfly G1, too (git-fixes). - ALSA: hda/realtek: Improve fixup for HP Spectre x360 15-df0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook x360 830 G8 (git-fixes). - ACPI: PM / fan: Put fan device IDs into separate header file (git-fixes). - commit 10136ed ++++ pcsc-ccid: - Version 1.4.35 * Add support of - ArkSigner Connect2Sign - Circle CCR7115 ICC - Circle CCR7315 - Circle CIR215 CL - Circle CIR215 PICC - Circle CIR315 - Circle CIR315 (idProduct: 0x3100) - Circle CIR315 CL - Circle CIR315 Dual & 1S - Circle CIR415 CL & 1S - Circle Idaxis SecurePIV - DUALi DE-ABCM6 RFRW - Feitian R701 - Generic EMV Smartcard Reader (0x058C:0x9590) - INMAX DWR18 HC - INMAX DWR18 HPC - Identiv Identiv uTrust 4711 F CL + SAM Reader - Identiv uTrust 3721 Contactless Reader - Infocrypt HWDSSL DEVICE - Infocrypt Token++ lite - MK Technology KeyPass D1 - SONY Felica RC-S300/P - SONY Felica RC-S300/S - SONY Felica RC-S660/U - SYNNIX CL-2100R - SoloKeys Solo 2 - Spyrus Inc PocketVault P-3X (idProduct: 0x3203) * parse: use "ICCD token" for ICCD tokens * Support 4 card slots with Feitian R502 C9 * ccid_usb: ask for bNumDataRatesSupported data rates * Solve a performance issue with T=1 and CCID_CLASS_AUTO_PPS_PROP * Fix a possible buffer overflow in T0ProcACK * IFDHSetProtocolParameters: set IFSC/IFSD only for TPDU readers * CCID serial: Reset buffers on failed read * Fix yylex missing symbol * Gemalto pinpad: fix incorrect bEntryValidationCondition for SecurePINVerify and SecurePINModify * Fix bit4id miniLector-EVO pinpad support * The Kobil TriBank reader does NOT support extended APDU ------------------------------------------------------------------ ------------------ 2021-7-23 - Jul 23 2021 ------------------- ------------------------------------------------------------------ ++++ conmon: - Update to version 2.0.29: * Reset OOM score back to 0 for container runtime * call functions registered with atexit on SIGTERM * conn_sock: fix potential segfault ++++ hwinfo: - merge gh#openSUSE/hwinfo#104 - Fix timezone issue in SOURCE_DATE_EPOCH code - 21.76 ++++ kbd: - Only run kbdsettings.service if /etc/sysconfig/keyboard exists. Necessary for image based installations without admin made changes. ++++ kernel-default: - net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes). - commit 2c19bb5 - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101). - commit 62c8708 - r8152: Fix a deadlock by doubly PM resume (bsc#1186194). - r8152: Fix potential PM refcount imbalance (bsc#1186194). - commit 539ea44 - Revert "drm/i915: Propagate errors on awaiting already signaled fences" (git-fixes). - drm/i915/gvt: Clear d3_entered on elsp cmd submission (git-fixes). - commit 258f2b1 - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes). - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes). - liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes). - spi: cadence: Correct initialisation of runtime PM again (git-fixes). - spi: mediatek: fix fifo rx mode (git-fixes). - commit 44fe76d - bcache: avoid oversized read request in cache missing code path (bsc#1184631). - bcache: remove bcache device self-defined readahead (bsc#1184631). - commit aaf8eb0 ++++ kernel-firmware: - Update to version 20210719 (git commit 5de082d4d0f2): * iwlwifi: add ty firmware from Core63-43 - Reduce the LZMA2 dictionary size (bsc#1188662) ++++ libcontainers-common: - Update common to 0.41.0 0.38.18: [0.38] seccomp: add support for defaultErrnoRet 0.41.0: Allow /etc/containers/containers.conf to be read by non-root Created numMem_linux.go and numMem.go and nummem_unsupported.go Fix default definition of secrets in containers.conf Report bad entries in containers.conf to the user add shelldriver. build(deps): bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2 build(deps): bump github.com/containers/storage from 1.32.2 to 1.32.5 build(deps): bump github.com/mitchellh/mapstructure from 1.1.2 to 1.4.1 build(deps): bump github.com/onsi/gomega from 1.13.0 to 1.14.0 build(deps): bump github.com/spf13/cobra from 1.1.3 to 1.2.1 feat: add shell secret driver. libimage: LookupImage: remove IgnorePlatform option libimage: `(*Runtime).SystemContext()` libimage: events: deferred write libimage: force internal image lookups to ignore arch libimage: import: fix tags libimage: pull: enforce pull policy for custom platforms libimage: pull: ignore platform for local image lookup libimage: pull: override even --pull=never with custom platform pull: custom platform: do not use local image name 0.38.13: * libimage: events: deferred write 0.38.12: * pull: custom platform: do not use local image name 0.40.1: Vendor in containers/image v5.13.2 seccomp: tweak default profile (followup for #573) libimage: lookup images by custom platform libimage: force remove: only untag on multi tag image build(deps): bump github.com/containers/image/v5 from 5.13.0 to 5.13.1 Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp seccomp: always allow get_mempolicy, set_mempolicy, mbind seccomp: let membarrier fail with ENOSYS seccomp: allow rseq seccomp: allow pkey_* seccomp: let io_uring_* fail with ENOSYS seccomp: allow clone3 0.40.0: Add default for log-tag Add support for config drop in directories Do not set the default netns Don't use systemd defaults if /proc/1/comm != systemd Fix spacing on name value pairs to be consistent Leave default seccomp path empty Sort containers.conf and containers.conf.5.md Strip extra trailing newlines in templates Tests are writing customer config to host machine Use SetCredentials and add verbose to loginopts [NO TESTS NEEDED] Sort containers.conf and containers.conf.5.md add 'secret' section to the containers.conf struct. add @Luap99 to OWNERS add passdriver for secrets. build(deps): bump github.com/containers/image/v5 from 5.12.0 to 5.13.0 build(deps): bump github.com/containers/storage from 1.32.0 to 1.32.2 build(deps): bump github.com/docker/docker build(deps): bump github.com/jinzhu/copier from 0.3.0 to 0.3.2 build(deps): bump github.com/onsi/ginkgo from 1.16.2 to 1.16.4 build(deps): bump github.com/onsi/gomega from 1.12.0 to 1.13.0 build(deps): bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2 fix autodiscovery of the secret passdriver. fixed comments libimage: fix Exists libimage: pull: turn image-lookup errors non-fatal libmage: Exists: catch corrupted images made necessary changes to handle OS/Arch while importing an image pkg/config: fix systemd compile errors pull: don't resolve short names on explicit docker:// reference seccomp: add support for defaultErrnoRet seccomp: allow more *_time64 syscalls seccomp: allow timer_settime64 seccomp: switch default to ENOSYS secrets: fix build with go 1.15 support tag@digest notation 0.39.0: Vendor in containers/storage v1.32.0 Ensure configuration directory is created for networks Include gateway in generated default networks Use Private as default for rootless when we want CNI rootless networking libimage: add some comments libimage: add more image tests build(deps): bump github.com/containers/storage from 1.31.1 to 1.32.0 rootless_networking = "slirp4netns | cni" build(deps): bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95 - Update podman to 3.2.3 3.2.3: [#]## Security - This release addresses CVE-2021-3602, an issue with the `podman build` command with the `--isolation chroot` flag that results in environment variables from the host leaking into build containers. [#]## Bugfixes - Fixed a bug where events related to images could occur before the relevant operation had completed (e.g. an image pull event could be written before the pull was finished) ([#10812](https://github.com/containers/podman/issues/10812)). - Fixed a bug where `podman save` would refuse to save images with an architecture different from that of the host ([#10835](https://github.com/containers/podman/issues/10835)). - Fixed a bug where the `podman import` command did not correctly handle images without tags ([#10854](https://github.com/containers/podman/issues/10854)). - Fixed a bug where Podman's journald events backend would fail and prevent Podman from running when run on a host with systemd as PID1 but in an environment (e.g. a container) without systemd ([#10863](https://github.com/containers/podman/issues/10863)). - Fixed a bug where containers using rootless CNI networking would fail to start when the `dnsname` CNI plugin was in use and the host system's `/etc/resolv.conf` was a symlink ([#10855](https://github.com/containers/podman/issues/10855) and [#10929](https://github.com/containers/podman/issues/10929)). - Fixed a bug where containers using rootless CNI networking could fail to start due to a race in rootless CNI initialization ([#10930](https://github.com/containers/podman/issues/10930)). [#]## Misc - Updated Buildah to v1.21.3 - Updated the containers/common library to v0.38.16 - Update storage to 1.32.6 1.32.6: Fix runtime panic for opening lockfile if parent dir got removed Cleanup exclude exceptions path build(deps): bump github.com/Microsoft/hcsshim from 0.8.17 to 0.8.20 Add test for bad entries in storage.conf chunked: fix the path used for layers dedup Report bad entries in storage.conf to the user Use /run/user/UID in rootless mode if writable - Update image to 5.14.0 v0.41.0: * Allow /etc/containers/containers.conf to be read by non-root * Created numMem_linux.go and numMem.go and nummem_unsupported.go * Fix default definition of secrets in containers.conf * Report bad entries in containers.conf to the user * add shelldriver. * build(deps): bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2 * build(deps): bump github.com/containers/storage from 1.32.2 to 1.32.5 * build(deps): bump github.com/mitchellh/mapstructure from 1.1.2 to 1.4.1 * build(deps): bump github.com/onsi/gomega from 1.13.0 to 1.14.0 * build(deps): bump github.com/spf13/cobra from 1.1.3 to 1.2.1 * feat: add shell secret driver. * libimage: LookupImage: remove IgnorePlatform option * libimage: `(*Runtime).SystemContext()` * libimage: events: deferred write * libimage: force internal image lookups to ignore arch * libimage: import: fix tags * libimage: pull: enforce pull policy for custom platforms * libimage: pull: ignore platform for local image lookup * libimage: pull: override even --pull=never with custom platform * pull: custom platform: do not use local image name v0.40.1: * Vendor in containers/image v5.13.2 * seccomp: tweak default profile (followup for #573) * libimage: lookup images by custom platform * libimage: force remove: only untag on multi tag image * build(deps): bump github.com/containers/image/v5 from 5.13.0 to 5.13.1 * Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp * seccomp: always allow get_mempolicy, set_mempolicy, mbind * seccomp: let membarrier fail with ENOSYS * seccomp: allow rseq * seccomp: allow pkey_* * seccomp: let io_uring_* fail with ENOSYS * seccomp: allow clone3 v0.40.0: * Add default for log-tag * Add support for config drop in directories * Do not set the default netns * Don't use systemd defaults if /proc/1/comm != systemd * Fix spacing on name value pairs to be consistent * Leave default seccomp path empty * Sort containers.conf and containers.conf.5.md * Strip extra trailing newlines in templates * Tests are writing customer config to host machine * Use SetCredentials and add verbose to loginopts * [NO TESTS NEEDED] Sort containers.conf and containers.conf.5.md * add 'secret' section to the containers.conf struct. * add @Luap99 to OWNERS * add passdriver for secrets. * build(deps): bump github.com/containers/image/v5 from 5.12.0 to 5.13.0 * build(deps): bump github.com/containers/storage from 1.32.0 to 1.32.2 * build(deps): bump github.com/docker/docker * build(deps): bump github.com/jinzhu/copier from 0.3.0 to 0.3.2 * build(deps): bump github.com/onsi/ginkgo from 1.16.2 to 1.16.4 * build(deps): bump github.com/onsi/gomega from 1.12.0 to 1.13.0 * build(deps): bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2 * fix autodiscovery of the secret passdriver. * fixed comments * libimage: fix Exists * libimage: pull: turn image-lookup errors non-fatal * libmage: Exists: catch corrupted images * made necessary changes to handle OS/Arch while importing an image * pkg/config: fix systemd compile errors * pull: don't resolve short names on explicit docker:// reference * seccomp: add support for defaultErrnoRet * seccomp: allow more *_time64 syscalls * seccomp: allow timer_settime64 * seccomp: switch default to ENOSYS * secrets: fix build with go 1.15 * support tag@digest notation v0.39: * Vendor in containers/storage v1.32.0 * Ensure configuration directory is created for networks * Include gateway in generated default networks * Use Private as default for rootless when we want CNI * rootless networking * libimage: add some comments * libimage: add more image tests * build(deps): bump github.com/containers/storage from 1.31.1 to 1.32.0 * rootless_networking = "slirp4netns | cni" * build(deps): bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95 ++++ libglvnd: - update to 1.3.3, fixes boo#1188640 ++++ nvme-cli: - Update copyright date - Move bash-completion into subpackage to avoid zypper recommanding bash-completion everytime. ++++ qemu: - Disabled skiboot building for PowerPC due to the following issue: https://github.com/open-power/skiboot/issues/265 - Fix possible mremap overflow in the pvrdma (CVE-2021-3582, bsc#1187499) hw-rdma-Fix-possible-mremap-overflow-in-.patch - Ensure correct input on ring init (CVE-2021-3607, bsc#1187539) pvrdma-Ensure-correct-input-on-ring-init.patch - Fix the ring init error flow (CVE-2021-3608, bsc#1187538) pvrdma-Fix-the-ring-init-error-flow-CVE-.patch ++++ suseconnect-ng: - Update to version 0.0.2~git0.ebef3b7: * Add --version * Fix list-extensions printing "Not available" when using SCC * Change --deregister to --de-register ------------------------------------------------------------------ ------------------ 2021-7-22 - Jul 22 2021 ------------------- ------------------------------------------------------------------ ++++ grub2: - Replace grub2-use-stat-instead-of-udevadm-for-partition-lookup.patch and fix-grub2-use-stat-instead-of-udevadm-for-partition-lookup-with-new-glibc.patch with upstream backport: 0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch and 0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch. ++++ iputils: - Update to version 20210722 https://github.com/iputils/iputils/releases/tag/20210722 - Use rarpd.service from upstream (removes PrivateUsers=yes, which fixes broken start of the service, adds DynamicUser=yes for more security) - Add BuildRequires: iproute2 (required for running tests) ++++ kernel-default: - skbuff: Fix build with SKB extensions disabled (jsc#SLE-15172). - commit c73a425 - Update Patch-mainline tags for patches that landed in 5.14-rc2. - commit 55eeb57 - KVM: do not allow mapping valid but non-reference-counted pages (bsc#1186482, CVE-2021-22543). - KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped() (bsc#1186482, CVE-2021-22543). - KVM: do not assume PTE is writable after follow_pfn (bsc#1186482, CVE-2021-22543). - commit 3795669 - xen/events: reset active flag for lateeoi events later (git-fixes). - Refresh patches.suse/xen-events-fix-setting-irq-affinity.patch. - commit e51ccb0 - KVM: do not allow mapping valid but non-reference-counted pages (bsc#1186482, CVE-2021-22543). - KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped() (bsc#1186482, CVE-2021-22543). - KVM: do not assume PTE is writable after follow_pfn (bsc#1186482, CVE-2021-22543). - commit 50f4816 - RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449). - RDMA/cma: Protect RMW with qp_mutex (git-fixes). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1154353). - ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency (jsc#SLE-7926). - commit 94fef56 - netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo (bsc#1176447). - bonding: fix incorrect return value of bond_ipsec_offload_ok() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_offload_ok() (bsc#1176447). - bonding: Add struct bond_ipesc to manage SA (bsc#1176447). - bonding: disallow setting nested bonding + ipsec offload (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_del_sa() (bsc#1176447). - ixgbevf: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops (bsc#1176447). - net: netdevsim: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops (bsc#1176447). - bonding: fix null dereference in bond_ipsec_add_sa() (bsc#1176447). - bonding: fix suspicious RCU usage in bond_ipsec_add_sa() (bsc#1176447). - skbuff: Release nfct refcount on napi stolen or re-used skbs (jsc#SLE-15172). - net/sched: act_ct: remove and free nf_table callbacks (jsc#SLE-15172). - RDMA/rtrs-srv: Set minimal max_send_wr and max_recv_wr (jsc#SLE-15176). - RDMA/rtrs-clt: Fix memory leak of not-freed sess->stats and stats->pcpu_stats (jsc#SLE-15176). - RDMA/rtrs-clt: Check if the queue_depth has changed during a reconnection (jsc#SLE-15176). - RDMA/rtrs-srv: Fix memory leak when having multiple sessions (jsc#SLE-15176). - RDMA/rtrs-srv: Fix memory leak of unfreed rtrs_srv_stats object (jsc#SLE-15176). - RDMA/rtrs: Do not reset hb_missed_max after re-connection (jsc#SLE-15176). - RDMA/rtrs-srv: Replace atomic_t with percpu_ref for ids_inflight (jsc#SLE-15176). - RDMA/rtrs-clt: Check state of the rtrs_clt_sess before reading its stats (jsc#SLE-15176). - RDMA/srp: Fix a recently introduced memory leak (jsc#SLE-15176). - RDMA/mlx5: Remove unused parameter udata (jsc#SLE-15176). - RDMA/mlx4: Remove unused parameter udata (jsc#SLE-15176). - RDMA/hns: Remove unused parameter udata (jsc#SLE-15176). - i40e: fix PTP on 5Gb links (jsc#SLE-13701). - xsk: Fix missing validation for skb and unaligned mode (jsc#SLE-13706). - xfrm: Fix xfrm offload fallback fail case (bsc#1176447). - xfrm: delete xfrm4_output_finish xfrm6_output_finish declarations (bsc#1176447). - commit 2d7a0e6 ++++ ceph: - Update to 16.2.5-110-gc5d9c915c46: + rebased on top of upstream commit SHA1 7feddc9819ca05586f230accd67b4e26a328e618 + (bsc#1186348) mgr/zabbix: adapt zabbix_sender default path ++++ libslirp: - Update to version 4.6.1+7: * Haiku: proper path to resolv.conf for DNS server * Fix for Haiku * dhcp: Always send DHCP_OPT_LEN bytes in options - Commit _servicedata to fix changelogs - Don't include .git in source archive, not needed - Run set_version together with obs_scm ++++ rust-keylime: - Update to version 0.0.1+git.1626706730.a009476: * libarchive-devel is needed to build on Fedora * Accept sets of U and V keys; use new Key types * Output mask info * Fix for race condition bug * Do not resend pubkey to CV after attestation * Run payload script from a shell * Write out data and run payload * Decrypt payload after key handlers find symm key * Add handler for U and V keys * Add helper functions for handling U and V keys * Some TPM fixes for IMA PCR validation * Do not flush AK context as this causes an error * Fix bug in revocation service * Drop references to vmask * Better documentation of consts * Do not fail if EK cert is not present in TPM NV * Add more verbose logging to better match Python agent * Remove verify stub as we are not using it * tests: Don't pass --allow-signing to swtpm_setup * Fix typos * Add dependency for libzmq3-dev / zeromq-devel * Fix new clippy lints * Add handling for Identity and Integrity quotes * Add Quote functionality * Add marshaling functions for TPM structs ++++ suseconnect-ng: - Update to version 0.0.1~git33.b531281: * Run integration tests * Try to use localized error from server response * Write usage help to stdout like the Ruby version * Simplify list-extensions template * Fix call to create UUID on s390 * Provides and Obsoletes SUSEConnect * Add extensions list tests * Fix calls to s390 read_values * Add build-s390 target to Makefile * hwinfo: don't fail if dmidecode is missing ------------------------------------------------------------------ ------------------ 2021-7-21 - Jul 21 2021 ------------------- ------------------------------------------------------------------ ++++ curl: - Update to 7.78.0: [bsc#1188217, CVE-2021-22922][bsc#1188218, CVE-2021-22923] [bsc#1188219, CVE-2021-22924][bsc#1188220, CVE-2021-22925] * Changes: - curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE - CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax - hostip: make 'localhost' return fixed values - mbedtls: add support for cert and key blob options - metalink: remove all support for it - mqtt: add support for username and password * Bugfixes: - ares: always store IPv6 addresses first - c-hyper: abort CONNECT response reading early on non 2xx responses - c-hyper: add support for transfer-encoding in the request - c-hyper: bail on too long response headers - c-hyper: clear NTLM auth buffer when request is issued - c-hyper: fix NTLM on closed connection tested with test159 - conncache: lowercase the hash key for better match - curl_multibyte: Remove local encoding fallbacks - Curl_ntlm_core_mk_nt_hash: fix OOM in error path - Curl_ssl_getsessionid: fail if no session cache exists - easy: during upkeep, attach Curl_easy to connections in the cache - gnutls: set the preferred TLS versions in correct order - hsts: ignore numberical IP address hosts - HSTS: not experimental anymore - http2: init recvbuf struct for pushed streams - http: fix crash in rate-limited upload - http: make the haproxy support work with unix domain sockets - http_proxy: deal with non-200 CONNECT response with Hyper - lib: don't compare fd to FD_SETSIZE when using poll - lib: fix compiler warnings with CURL_DISABLE_NETRC - lib: fix type of len passed to *printf's %*s - lib: more %u for port and int for %*s fixes - lib: use %u instead of %ld for port number printf - libssh2: limit time a disconnect can take to 1 second - mqtt: detect illegal and too large file size - msnprintf: return number of printed characters excluding null byte - multi: add scan-build-6 work-around in curl_multi_fdset - multi: alter transfer timeout ordering - multi: do not switch off connect_only flag when closing - multi: fix crash in curl_multi_wait / curl_multi_poll - ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS - openssl: avoid static variable for seed flag - openssl: don't remove session id entry in disassociate - socketpair: fix potential hangs - socks4: scan for the IPv4 address in resolve results - ssl: read pending close notify alert before closing the connection - telnet: fix option parser to not send uninitialized contents - TLS: prevent shutdown loops to get stuck - vtls: exit addsessionid if no cache is inited - vtls: fix connection reuse checks for issuer cert and case sensitivity ++++ drbd-utils: - Update to 9.18.0 (bsc#1189363) * build: remove rpm related targets * drbdsetup,v84: fix minor compile warnings * systemd: resource specific activation * systemd: drbd-reactor promoter templates * doc: fix maximum ping timeout * doc: add man pages for the systemd templates * drbdadm,v9: fix dstate for diskless volumes * build/release: use lbvers.py * drbd-attr: don't leak fd to drbdsetup * doc: various fixes and additions * drbdsetup,events2,v9: add backing_device * build,Debian: rm dh-systemd dependency * drbdsetup,events2,v9: fix --poll regression * drbdmeta: fix bug with ALs with small final extents * build,Debian: rm mail recommends * drbdsetup,events2,v9: allow --poll without --now * drbdsetup,invalidate: allow bitmap based resync after verify * drbdadm,sh-ll-dev: change output to "none" if diskless * drbd-attr/may_promote: fixes from 9.15.1 * drbdadm,v9: allow set-gi in single node clusters * drbsetup,events2,v9: diff(erential) output * drbsetup,events2,v9: add --full output * v9: allow resource rename, also in drbdmon * drbdadm,v9: allow c-max-rate to be disabled * New drbd-attr Pacemaker RA * events2: handle mixed initial state and multicast events * events2: fix regression to always print resync done - Add patch systemd-drbd-service-needs-network-online.patch ++++ ignition: - Ignore error return code if no virtualization environment detected. [bsc#1188479] This makes it possible to use Ignition also on bare metal (e.g. when dumping images directly to disk) without adding a ignition.platform.id parameter. ++++ open-iscsi: - Merge latest upstream, which includeds: * Support the "qede" CMA-card driver. (bsc#1188579) * iscsistart: fix null pointer deref before exit ++++ keepalived: - add 1915.patch to fix build on tumbleweed ++++ kernel-default: - series.conf: cleanup - update upstream reference and move into sorted section: - patches.suse/seq_file-Disallow-extremely-large-seq-buffer-allocations.patch - commit 07df461 - kabi/severities: ignore kABI of iwlwifi symbols (bsc#1187495) iwlwifi driver consists of several modules and all exported symbols are internal uses. Let's ignore kABI checks of those. - commit 75aa507 - iwlwifi: pnvm: set the PNVM again if it was already loaded (bsc#1187495). - iwlwifi: mvm: send stored PPAG command instead of local (bsc#1187495). - iwlwifi: mvm: store PPAG enabled/disabled flag properly (bsc#1187495). - iwlwifi: mvm: fix the type we use in the PPAG table validity checks (bsc#1187495). - iwlwifi: mvm: set enabled in the PPAG command properly (bsc#1187495). - iwlwifi: pnvm: don't try to load after failures (bsc#1187495). - commit 7ff688f - iwlwifi: increase PNVM load timeout (bsc#1187495). - iwlwifi: pcie: properly set LTR workarounds on 22000 devices (bsc#1187495). - iwlwifi: fix 11ax disabled bit in the regulatory capability flags (bsc#1187495). - iwlwifi: pnvm: increment the pointer before checking the TLV (bsc#1187495). - iwlwifi: mvm: don't check if CSA event is running before removing (bsc#1187495). - iwlwifi: mvm: assign SAR table revision to the command later (bsc#1187495). - iwlwifi: pcie: don't disable interrupts for reg_lock (bsc#1187495). - iwlwifi: queue: bail out on invalid freeing (bsc#1187495). - iwlwifi: pnvm: don't skip everything when not reloading (bsc#1187495). - iwlwifi: pcie: avoid potential PNVM leaks (bsc#1187495). - iwlwifi: dbg: Don't touch the tlv data (bsc#1187495). - iwlwifi: provide gso_type to GSO packets (bsc#1187495). - commit 8a657fa - iwlwifi: bump FW API to 59 for AX devices (bsc#1187495). - Delete patches.suse/iwlwifi-SLE15-SP3-ucode-fixes.patch. - commit bcab4a8 - Revert "iwlwifi: remove wide_cmd_header field" (bsc#1187495). - iwlwifi: read and parse PNVM file (bsc#1187495). - iwlwifi: pcie: implement set_pnvm op (bsc#1187495). - commit 8166979 - iwlwifi: add trans op to set PNVM (bsc#1187495). - iwlwifi: move PNVM implementation to common code (bsc#1187495). - iwlwifi: rs: align to new TLC config command API (bsc#1187495). - iwlwifi: fix sar geo table initialization (bsc#1187495). - iwlwifi: stats: add new api fields for statistics cmd/ntfy (bsc#1187495). - iwlwifi: mvm: fix suspicious rcu usage warnings (bsc#1187495). - iwlwifi: mvm: remove memset of kek_kck command (bsc#1187495). - iwlwifi: mvm: don't send a CSA command the firmware doesn't know (bsc#1187495). - iwlwifi: pcie: fix the xtal latency value for a few qu devices (bsc#1187495). - commit b1c507d - iwlwifi: mvm: avoid possible NULL pointer dereference (bsc#1187495). - iwlwifi: mvm: support ADD_STA_CMD_API_S ver 12 (bsc#1187495). - iwlwifi: mvm: add a get lmac id function (bsc#1187495). - iwlwifi: mvm: prepare roc_done_wk to work sync (bsc#1187495). - iwlwifi: mvm: re-enable TX after channel switch (bsc#1187495). - iwlwifi: mvm: stop claiming NL80211_EXT_FEATURE_SET_SCAN_DWELL (bsc#1187495). - iwlwifi: mvm: ring the doorbell and wait for PNVM load completion (bsc#1187495). - commit 53fae87 - iwlwifi: update prph scratch structure to include PNVM data (bsc#1187495). - iwlwifi: mvm: read and parse SKU ID if available (bsc#1187495). - iwlwifi: mvm: get number of stations from TLV (bsc#1187495). - iwlwifi: iwl-drv: Provide descriptions debugfs dentries (bsc#1187495). - iwlwifi: dvm: devices: Fix function documentation formatting issues (bsc#1187495). - iwlwifi: mvm: tx: Demote misuse of kernel-doc headers (bsc#1187495). - iwlwifi: dvm: rxon: Demote non-conformant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: scan: Demote a few nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: mvm: utils: Fix some doc-rot (bsc#1187495). - iwlwifi: dvm: Demote a couple of nonconformant kernel-doc headers (bsc#1187495). - commit 5ecfaae - iwlwifi: bump FW API to 57 for AX devices (bsc#1187495). - Refresh patches.suse/iwlwifi-SLE15-SP3-ucode-fixes.patch. - commit 35fc6ef - iwlwifi: mvm: ops: Remove unused static struct 'iwl_mvm_debug_names' (bsc#1187495). - iwlwifi: dvm: sta: Demote a bunch of nonconformant kernel-doc headers (bsc#1187495). - iwlwifi: calib: Demote seemingly unintentional kerneldoc header (bsc#1187495). - iwlwifi: dvm: lib: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: tx: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: rs: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: dvm: Demote non-compliant kernel-doc headers (bsc#1187495). - iwlwifi: yoyo: add support for internal buffer allocation in D3 (bsc#1187495). - iwlwifi: api: fix u32 -> __le32 (bsc#1187495). - commit 8a1ae62 - iwlwifi: use correct group for alive notification (bsc#1187495). - iwlwifi: support version 5 of the alive notification (bsc#1187495). - iwlwifi: mvm: ignore the scan duration parameter (bsc#1187495). - iwlwifi: dbg: add debug host notification (DHN) time point (bsc#1187495). - iwlwifi: mvm: clear all scan UIDs (bsc#1187495). - iwlwifi: mvm: d3: parse wowlan status version 11 (bsc#1187495). - iwlwifi: align RX status flags with firmware (bsc#1187495). - iwlwifi: mvm: remove redundant log in iwl_mvm_tvqm_enable_txq() (bsc#1187495). - iwlwifi: phy-ctxt: add new API VER 3 for phy context cmd (bsc#1187495). - commit e6bd24d - iwlwifi: thermal: support new temperature measurement API (bsc#1187495). - iwlwifi: mvm: add d3 prints (bsc#1187495). - iwlwifi: mvm: d3: support GCMP ciphers (bsc#1187495). - iwlwifi: mvm: support more GTK rekeying algorithms (bsc#1187495). - iwlwifi: move all bus-independent TX functions to common code (bsc#1187495). - iwlwifi: mvm: initiator: add option for adding a PASN responder (bsc#1187495). - iwlwifi: mvm: responder: allow to set only the HLTK for an associated station (bsc#1187495). - iwlwifi: mvm: location: set the HLTK when PASN station is added (bsc#1187495). - commit 78b502b - iwlwifi: acpi: in non acpi compilations remove iwl_sar_geo_init (bsc#1187495). - commit 5e9faaf - iwlwifi: support version 3 of GEO_TX_POWER_LIMIT (bsc#1187495). - Refresh patches.suse/iwlwifi-follow-the-new-inclusive-terminology.patch. - commit 18f1fc1 - iwlwifi: acpi: rename geo structs to contain versioning (bsc#1187495). - Refresh patches.suse/iwlwifi-follow-the-new-inclusive-terminology.patch. - commit 2a48685 - iwlwifi: mvm: Add FTM initiator RTT smoothing logic (bsc#1187495). - iwlwifi: mvm: add support for responder dynamic config command version 3 (bsc#1187495). - iwlwifi: mvm: add support for range request command ver 11 (bsc#1187495). - iwlwifi: remove wide_cmd_header field (bsc#1187495). - iwlwifi: fw: add default value for iwl_fw_lookup_cmd_ver (bsc#1187495). - iwlwifi: rs: set RTS protection for all non legacy rates (bsc#1187495). - iwlwifi: mvm: support new KEK KCK api (bsc#1187495). - commit b111b70 - iwlwifi: support REDUCE_TX_POWER_CMD version 6 (bsc#1187495). - iwlwifi: acpi: prepare SAR profile selection code for multiple sizes (bsc#1187495). - iwlwifi: add a common struct for all iwl_tx_power_cmd versions (bsc#1187495). - iwlwifi: acpi: remove dummy definition of iwl_sar_set_profile() (bsc#1187495). - iwlwifi: remove iwl_validate_sar_geo_profile() export (bsc#1187495). - iwlwifi: mvm: use CHECKSUM_COMPLETE (bsc#1187495). - iwlwifi: mvm: remove redundant support_umac_log field (bsc#1187495). - iwlwifi: mvm: add support for new WOWLAN_TSC_RSC_PARAM version (bsc#1187495). - iwlwifi: don't export acpi functions unnecessarily (bsc#1187495). - commit 4e206c7 - iwlwifi: mvm: process ba-notifications also when sta rcu is invalid (bsc#1187495). - iwlwifi: mvm: add support for new version of WOWLAN_TKIP_SETTING_API_S (bsc#1187495). - iwlwifi: mvm: Don't install CMAC/GMAC key in AP mode (bsc#1187495). - iwl-trans: move dev_cmd_offs, page_offs to a common trans header (bsc#1187495). - iwlwifi: regulatory: regulatory capabilities api change (bsc#1187495). - iwlwifi: dbg: add dumping special device memory (bsc#1187495). - iwlwifi: dbg: remove IWL_FW_INI_TIME_POINT_WDG_TIMEOUT (bsc#1187495). - iwlwifi: acpi: support ppag table command v2 (bsc#1187495). - iwlwifi: move bc_table_dword to a common trans header (bsc#1187495). - iwlwifi: iwl-trans: move tfd to trans layer (bsc#1187495). - iwlwifi: move bc_pool to a common trans header (bsc#1187495). - iwlwifi: enable twt by default (bsc#1187495). - iwlwifi: mvm: add an option to add PASN station (bsc#1187495). - iwlwifi: fw: move assert descriptor parser to common code (bsc#1187495). - iwlwifi: wowlan: adapt to wowlan status API version 10 (bsc#1187495). - iwlwifi: acpi: evaluate dsm to disable 5.8GHz channels (bsc#1187495). - iwlwifi: msix: limit max RX queues for 9000 family (bsc#1187495). - iwlwifi: sta: defer ADDBA transmit in case reclaimed SN != next SN (bsc#1187495). - iwlwifi: mvm: set PROTECTED_TWT feature if supported by firmware (bsc#1187495). - iwlwifi: mvm: set PROTECTED_TWT in MAC data policy (bsc#1187495). - iwlwifi: mvm: add PROTECTED_TWT firmware API (bsc#1187495). - iwlwifi: mvm: rs-fw: handle VHT extended NSS capability (bsc#1187495). - net: iwlwifi: Remove in_interrupt() from tracing macro (bsc#1187495). - net: ipw2x00,iwlegacy,iwlwifi: Remove in_interrupt() from debug macros (bsc#1187495). - commit 68d8e8f - Update patches.suse/ARM-ensure-the-signal-page-contains-defined-contents.patch (CVE-2021-21781 bsc#1188445). - commit 47f3aa1 - net: fec_ptp: fix issue caused by refactor the fec_devtype (git-fixes). - commit d15e1c0 - kABI workaround for intel_th_driver (git-fixes). - commit c18c5e5 - drm/gma500: Add the missed drm_gem_object_put() in psb_user_framebuffer_create() (git-fixes). - intel_th: Wait until port is in reset before programming it (git-fixes). - ASoC: soc-pcm: fix the return value in dpcm_apply_symmetry() (git-fixes). - ASoC: intel/boards: add missing MODULE_DEVICE_TABLE (git-fixes). - ASoC: Intel: sof_sdw: add mutual exclusion between PCH DMIC and RT715 (git-fixes). - ALSA: firewire-motu: fix detection for S/PDIF source on optical interface in v2 protocol (git-fixes). - ALSA: usx2y: Avoid camelCase (git-fixes). - commit 2f9e57e - Rename patches to match SLE15-SP2 equivalents to prepare for the next SLE15-SP2->SLE15-SP3 merge - commit 06bbd81 - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes). - watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes). - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes). - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes). - w1: ds2438: fixing bug that would always get page0 (git-fixes). - commit 0fe04be - virtio_console: Assure used length from device is limited (git-fixes). - pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes). - pwm: imx1: Don't disable clocks at device remove time (git-fixes). - pwm: spear: Don't modify HW state in .remove callback (git-fixes). - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes). - usb: gadget: hid: fix error return code in hid_bind() (git-fixes). - usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes). - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes). - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes). - staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes). - commit 966e79d - PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes). - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (git-fixes). - power: supply: ab8500: Avoid NULL pointers (git-fixes). - power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes). - misc: alcor_pci: fix inverted branch condition (git-fixes). - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes). - commit 74628f5 - iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge (git-fixes). - misc/libmasm/module: Fix two use after free in ibmasm_init_one (git-fixes). - mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes). - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes). - Input: hideep - fix the uninitialized use in hideep_nvm_unlock() (git-fixes). - i2c: core: Disable client irq on reboot/shutdown (git-fixes). - lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes). - commit 14f42b7 - backlight: lm3630a: Fix return code of .update_status() callback (git-fixes). - dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes). - gpio: pca953x: Add support for the On Semi pca9655 (git-fixes). - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes). - ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters (git-fixes). - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes). - ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes). - ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions (git-fixes). - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes). - ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values (git-fixes). - commit 006f207 - ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes). - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). - ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes). - ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes). - ALSA: bebob: add support for ToneWeal FW66 (git-fixes). - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes). - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes). - ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes). - ALSA: usx2y: Don't call free_pages_exact() with NULL address (git-fixes). - commit eaa8acd - config: refresh - drop GVE on arm64 and s390x (no longer available due to dependency update) - commit d6ed2bf ++++ libnettle: - Update to 3.7.3 in SLE-15-SP4: [SLE-19765, jsc#SLE-18132] - Add libnettle-rpmlintrc - Remove patches upstream: * libnettle-CVE-2021-20305.patch * libnettle-CVE-2021-3580-rsa_decrypt.patch * libnettle-CVE-2021-3580-rsa_sec.patch * nettle-respect-cflags.patch ++++ libsepol: - Fix heap-based buffer over-read in ebitmap_match_any (CVE-2021-36087, 1187928. Added CVE-2021-36087.patch ++++ libslirp: - Update to version 4.6.1: * Release v4.6.1 * Fix "DHCP broken in libslirp v4.6.0" - fixes [bsc#1198773], remove patches: * libslirp-fix-dhcp-1.patch * libslirp-fix-dhcp-2.patch ++++ salt: - Do noop for services states when running systemd in offline mode (bsc#1187787) - transactional_updates: do not execute states in parallel but use a queue (bsc#1188170) - Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787) - Enhance openscap module: add "xccdf_eval" call - virt: pass emulator when getting domain capabilities from libvirt - Adding preliminary support for Rocky Linux - Implementation of held/unheld functions for state pkg (bsc#1187813) - Replace deprecated Thread.isAlive() with Thread.is_alive() - Fix exception in yumpkg.remove for not installed package - Fix save for iptables state module (bsc#1185131) - virt: use /dev/kvm to detect KVM - zypperpkg: improve logic for handling vendorchange flags - Add bundled provides for tornado to the spec file - Enhance logging when inotify beacon is missing pyinotify (bsc#1186310) - Add "python3-pyinotify" as a recommended package for Salt in SUSE/OpenSUSE distros - Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103) - Detect Python version to use inside container (bsc#1167586) (bsc#1164192) - Handle volumes on stopped pools in virt.vm_info (bsc#1186287) - grains.extra: support old non-intel kernels (bsc#1180650) - Fix missing minion returns in batch mode (bsc#1184659) - Parsing Epoch out of version provided during pkg remove (bsc#1173692) - Added: * fix-save-for-iptables-state-module-bsc-1185131-372.patch * grains.extra-support-old-non-intel-kernels-bsc-11806.patch * enhance-openscap-module-add-xccdf_eval-call-386.patch * backport-thread.is_alive-fix-390.patch * parsing-epoch-out-of-version-provided-during-pkg-rem.patch * handle-volumes-on-stopped-pools-in-virt.vm_info-373.patch * virt-use-dev-kvm-to-detect-kvm-383.patch * implementation-of-held-unheld-functions-for-state-pk.patch * enhance-logging-when-inotify-beacon-is-missing-pyino.patch * move-vendor-change-logic-to-zypper-class-355.patch * virt-pass-emulator-when-getting-domain-capabilities-.patch * do-noop-for-services-states-when-running-systemd-in-.patch * fix-exception-in-yumpkg.remove-for-not-installed-pac.patch * adding-preliminary-support-for-rocky.-59682-391.patch * fix-missing-minion-returns-in-batch-mode-360.patch * figure-out-python-interpreter-to-use-inside-containe.patch * handle-master-tops-data-when-states-are-applied-by-t.patch ------------------------------------------------------------------ ------------------ 2021-7-20 - Jul 20 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.32.4: + core: - Remove stale entries from "seen-bssids" and "timestamp" files in "/var/lib/NetworkManager". - Add ipv[46].required-timeout option to wait for IP configuration while activating. - Send ARP announcements when there is carrier. - Start DHCPv6 when a prefix delegation is needed for shared mode. + bond: support the peer_notif_delay option. + firewall: fix nftables backend to create "ip" table for IPv4 only. + initrd: set required-timeout of 20 seconds for default IPv4 configuration to opportunistically wait for IPv4. + ifcfg: - Log warning about invalid keys in ifcfg files. - Reject non-UTF-8 from ifcfg files. + nmcli: show DNS SEARCH field in device information. + cloud-setup: add support for Aliyun cloud. ++++ containerd: - Update to containerd v1.4.8, to fix CVE-2021-32760. bsc#1188282 - Remove upstreamed patches: - bsc1188282-use-chmod-path-for-checking-symlink.patch ++++ gnutls: - Update to 3.7.2 in SLE-15-SP4: [jsc#SLE-19765, jsc#SLE-18139] - Add gnutls-temporarily_disable_broken_guile_reauth_test.patch - Rebased patches: * disable-psk-file-test.patch * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch * gnutls-fips_mode_enabled.patch - Remove patches merged upstream: * gnutls-CVE-2020-11501.patch * gnutls-CVE-2020-13777.patch * gnutls-CVE-2020-24659.patch * gnutls-CVE-2021-20231.patch * gnutls-CVE-2021-20232.patch * gnutls-3.6.7-fips-backport_dont_truncate_output_IV.patch * gnutls-fips_XTS_key_check.patch * 0001-_gnutls_verify_crt_status-apply-algorithm-checks-to-.patch * 0002-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch * 0003-x509-trigger-fallback-verification-path-when-cert-is.patch * 0004-tests-add-test-case-for-certificate-chain-supersedin.patch * 0001-Add-Full-Public-Key-Check-for-DH.patch * 0001-Add-test-to-ensure-DH-exchange-behaves-correctly.patch * 0002-Add-test-to-ensure-ECDH-exchange-behaves-correctly.patch * 0003-Add-plumbing-to-handle-Q-parameter-in-DH-exchanges.patch * 0004-Always-pass-in-and-check-Q-in-TLS-1.3.patch * 0005-Check-Q-for-FFDHE-primes-in-prime-check.patch * 0006-Pass-down-Q-for-FFDHE-in-al-pre-TLS1.3-as-well.patch * 0001-dh-primes-add-MODP-primes-from-RFC-3526.patch * 0002-dhe-check-if-DH-params-in-SKE-match-the-FIPS-approve.patch * 0001-dh-check-validity-of-Z-before-export.patch * 0002-ecdh-check-validity-of-P-before-export.patch * 0003-dh-primes-make-the-FIPS-approved-check-return-Q-valu.patch * 0004-dh-perform-SP800-56A-rev3-full-pubkey-validation-on-.patch * 0005-ecdh-perform-SP800-56A-rev3-full-pubkey-validation-o.patch * 0001-Vendor-in-XTS-functionality-from-Nettle.patch * 0001-pubkey-avoid-spurious-audit-messages-from-_gnutls_pu.patch * gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch * gnutls-3.6.7-fix-FTBFS-2024.patch * gnutls-3.6.7-reproducible-date.patch ++++ kernel-default: - crypto: sun4i-ss - initialize need_fallback (git-fixes). - crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes). - crypto: sun4i-ss - checking sg length is not sufficient (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - commit 2b4c8a1 - blacklist.conf: add 4c9c26f1e67648f41f - commit db6c764 - blacklist.conf: add dbc03e81586fc33e4945263fd6e09e22eb4b980f - commit 32c5658 - powerpc/papr_scm: Properly handle UUID types and API (FATE#326628, bsc#1113295, git-fixes). - commit 9bcaa28 - powerpc: Offline CPU in stop_this_cpu() (bsc#1156395). - commit 01547d1 - powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395). - commit b063178 - powerpc/stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi() (bsc#1156395). - commit f074894 - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940). - Refresh patches.suse/gve-Fix-an-error-handling-path-in-gve_probe.patch. - commit fc90ec1 - gve: DQO: Remove incorrect prefetch (bsc#1176940). - gve: Simplify code and axe the use of a deprecated API (bsc#1176940). - gve: Propagate error codes to caller (bsc#1176940). - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940). - gve: Fix warnings reported for DQO patchset (bsc#1176940). - gve: DQO: Add RX path (bsc#1176940). - gve: DQO: Add TX path (bsc#1176940). - gve: DQO: Configure interrupts on device up (bsc#1176940). - gve: DQO: Add ring allocation and initialization (bsc#1176940). - gve: DQO: Add core netdev features (bsc#1176940). - gve: Update adminq commands to support DQO queues (bsc#1176940). - gve: Add DQO fields for core data structures (bsc#1176940). - gve: Add dqo descriptors (bsc#1176940). - gve: Add support for DQO RX PTYPE map (bsc#1176940). - gve: adminq: DQO specific device descriptor logic (bsc#1176940). - gve: Introduce a new model for device options (bsc#1176940). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940). - gve: gve_rx_copy: Move padding to an argument (bsc#1176940). - gve: Move some static functions to a common file (bsc#1176940). - gve: Check TX QPL was actually assigned (bsc#1176940). - net: gve: remove duplicated allowed (bsc#1176940). - net: gve: convert strlcpy to strscpy (bsc#1176940). - gve: Add support for raw addressing in the tx path (bsc#1176940). - gve: Rx Buffer Recycling (bsc#1176940). - gve: Add support for raw addressing to the rx path (bsc#1176940). - gve: Add support for raw addressing device option (bsc#1176940). - gve: Replace zero-length array with flexible-array member (bsc#1176940). - gve: Enable Link Speed Reporting in the driver (bsc#1176940). - gve: Use link status register to report link status (bsc#1176940). - gve: Batch AQ commands for creating and destroying queues (bsc#1176940). - gve: NIC stats for report-stats and for ethtool (bsc#1176940). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940). - gve: Use dev_info/err instead of netif_info/err (bsc#1176940). - gve: Add stats for gve (bsc#1176940). - gve: Get and set Rx copybreak via ethtool (bsc#1176940). - commit ffc7e3d - cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)). - commit ea5f05d - blacklist.conf: duplication - commit eff56f7 - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes). - commit 9aba4a6 - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes). - commit a579f68 - kABI workaround for pci/quirks.c (git-fixes). - commit 04fb196 - drm/panel: nt35510: Do not fail if DSI read fails (git-fixes). - Bluetooth: mgmt: Fix the command returns garbage parameter value (git-fixes). - Bluetooth: btusb: Add support USB ALT 3 for WBS (git-fixes). - Bluetooth: L2CAP: Fix invalid access on ECRED Connection response (git-fixes). - Bluetooth: L2CAP: Fix invalid access if ECRED Reconfigure fails (git-fixes). - Bluetooth: Remove spurious error message (git-fixes). - Bluetooth: Fix alt settings for incoming SCO with transparent coding format (git-fixes). - mac80211_hwsim: add concurrent channels scanning support over virtio (git-fixes). - mac80211: consider per-CPU statistics if present (git-fixes). - iwlwifi: pcie: fix context info freeing (git-fixes). - iwlwifi: mvm: fix error print when session protection ends (git-fixes). - mt76: mt7915: fix IEEE80211_HE_PHY_CAP7_MAX_NC for station mode (git-fixes). - mt76: mt7615: fix fixed-rate tx status reporting (git-fixes). - net: phy: realtek: add delay to fix RXC generation issue (git-fixes). - commit 4680cad - Add a cherry-picked ID for AMDGPU fix patch - commit ba73832 - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes). - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes). - commit e3971fc - PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() (git-fixes). - pinctrl: mcp23s08: fix race condition in irq handler (git-fixes). - pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes). - wireless: wext-spy: Fix out-of-bounds warning (git-fixes). - rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes). - r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM (git-fixes). - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes). - commit 0ca454f - PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - media, bpf: Do not copy more entries than user space requested (git-fixes). - iwlwifi: pcie: free IML DMA memory allocation (git-fixes). - iwlwifi: mvm: don't change band on bound PHY contexts (git-fixes). - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes). - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes). - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes). - commit f7d13b4 - drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes). - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes). - drm/amd/display: fix incorrrect valid irq check (git-fixes). - drm/amdkfd: Walk through list with dqm lock hold (git-fixes). - drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check (git-fixes). - drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() (git-fixes). - drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes). - drm/amd/display: Update scaling settings on modeset (git-fixes). - drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() (git-fixes). - drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes). - commit d72cf42 - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes). - drm/sched: Avoid data corruptions (git-fixes). - drm/virtio: Fix double free on probe failure (git-fixes). - drm/msm/mdp4: Fix modifier support enabling (git-fixes). - drm/arm/malidp: Always list modifiers (git-fixes). - drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes). - drm/zte: Don't select DRM_KMS_FB_HELPER (git-fixes). - drm/mxsfb: Don't select DRM_KMS_FB_HELPER (git-fixes). - drm/tegra: Don't set allow_fb_modifiers explicitly (git-fixes). - commit b02b3f8 - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes). - clk: tegra: Ensure that PLLU configuration is applied properly (git-fixes). - clk: renesas: r8a77995: Add ZA2 clock (git-fixes). - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes). - Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes). - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes). - Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip (git-fixes). - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes). - clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround (git-fixes). - commit c7cdd5b - ARM: ensure the signal page contains defined contents (bsc#1188445). - commit a1eecda ++++ python3-core: - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). ++++ systemd: - Drop 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch Commit 81107b8419c39f726fd2805517a5b9faab204e59 fixes https://github.com/systemd/systemd/issues/19464 which makes the aforementioned patch not needed anymore. - Drop 1003-basic-unit-name-adjust-comments.patch It's been merged in SUSE/v248 branch - Import commit cb29bcc5ef2c0ee659686c5d229646a6ba98ec50 (merge of v248.5) 4a1c5f34bd basic/unit-name: do not use strdupa() on a path (bsc#1188063 CVE-2021-33910) [...] For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/94efce2ee59fca15a48ff9c232c8dd7cf930c0a0...cb29bcc5ef2c0ee659686c5d229646a6ba98ec50 - Drop 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch as it was merged in v248.5. - Import commit 94efce2ee59fca15a48ff9c232c8dd7cf930c0a0 (merge of v248.4) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/c0aecee593511e49638579cb2b9ac8aaf1f8e6c8...94efce2ee59fca15a48ff9c232c8dd7cf930c0a0 - Drop 1001-unit-name-generate-a-clear-error-code-when-convertin.patch as it was merged in v248.4. - Import commit c0aecee593511e49638579cb2b9ac8aaf1f8e6c8 42ec1d537a login: use a hwdb entry for tagging Parallels' fb devices with 'master-of-seat' tag ecc7c7b462 login: use a hwdb entry for tagging HyperV's fb devices with 'master-of-seat' tag a4cfd70476 login: XGI Z7/Z9 (XG20 core) graphic chip requires master-of-seat to be set (bsc#1187154) ef553e0199 sd-dhcp-client: tentatively ignore FORCERENEW command (bsc#1185972 CVE-2020-13529) aae6c575fc sd-dhcp-client: logs when dhcp client unexpectedly gains a new lease 258a3d2043 sd-dhcp-client: shorten code a bit 0a80303114 sd-dhcp-client: check error earlier and reduce indentation ++++ patterns-microos: - re-add rollback-helper ++++ python3: - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). ------------------------------------------------------------------ ------------------ 2021-7-19 - Jul 19 2021 ------------------- ------------------------------------------------------------------ ++++ cpupower: - Update (jsc#SLE-18392, jsc#SLE-18906, jsc#SLE-18393, jsc#SLE-18410): * turbostat to 21.05.04 * intel speed select to 1.10 * cpupower to 5.14-rcX (kernel sources state) - Already upstream and included in the update: D intel-speed-select_remove_DATE_TIME.patch - SLE patches for jsc#SLE-17797 dropped (in fact never been applied to factory), due to inclusion in upstream version: cpupower-Add-CPUPOWER_CAP_AMD_HW_PSTATE-cpuid-caps-flag.patch cpupower-Condense-pstate-enabled-bit-checks-in-decode_pstates.patch cpupower-Update-family-checks-when-decoding-HW-pstates.patch cpupower-Remove-family-arg-to-decode_pstates.patch cpupower-Correct-macro-name-for-CPB-caps-flag.patch cpupower-Update-msr_pstate-union-struct-naming.patch cpupower-Add-cpuid-cap-flag-for-MSR_AMD_HWCR-support.patch cpupower-Remove-unused-pscur-variable.patch ++++ kernel-default: - kprobes: fix kill kprobe which has been marked as gone (git-fixes). - commit ee1820f - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes). - commit 865421f - kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes). - commit e2cb2ae - net: atlantic: fix ip dst and ipv6 address filters (git-fixes). - commit 4278aab - Align s390 NVME target options with other architectures (bsc#1188404). CONFIG_NVME_TARGET=m CONFIG_NVME_TARGET_PASSTHRU=y CONFIG_NVME_TARGET_LOOP=m CONFIG_NVME_TARGET_RDMA=m CONFIG_NVME_TARGET_FC=m CONFIG_NVME_TARGET_FCLOOP=m CONFIG_NVME_TARGET_TCP=m - commit a49b3f5 - net/mlx5: Don't fail driver on failure to create debugfs (git-fixes). - commit c19d4f7 - net: marvell: Fix OF_MDIO config check (git-fixes). - commit f372318 - net: dp83867: Fix OF_MDIO config check (git-fixes). - commit c2ac3ff - net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes). - commit 0997bfc - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - commit 2e479b6 - PCI: quirks: fix false kABI positive (git-fixes). - commit a2a8059 - tpm: efi: Use local variable for calculating final log size (git-fixes). - commit 69be865 - tracing: Do not reference char * as a string in histograms (git-fixes). - commit 5ff7921 - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - commit 9e70011 - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - commit 4bfb1fd - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - commit dbaa5b3 - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - commit 900ca03 - Update patches.suse/Revert-ibmvnic-remove-duplicate-napi_schedule-call-i.patch (bsc#1065729 bsc#1188405 ltc#193509 bsc#1187476 ltc#193646). - commit f55c672 - blacklist.conf: 36fa06f9 KVM: x86: Add support for RDPID without RDTSCP - commit db710b8 - blacklist.conf: 8aec21c0 KVM: VMX: Do not advertise RDPID if ENABLE_RDTSCP control is unsupported - commit 202cd1e ++++ numactl: - Update to version 2.0.14.17.g498385e: * numactl.c: fix use after free * sysfs.c: prevent mem leak in sysfs_node_read() * sysfs.c: don't leak fd if fail in sysfs_read() * shm.c: fix memleak in verify_shm() * shm.c: fix memleak in dump_shm() * fix description for numa_node_size64 in man as well * fix numa_node_size definition in manpage numa.3 * link with -latomic if needed * libnuma: make numa_police_memory() free of race * numademo: Use first two nodes instead of node 0 and 1 - Enhance _service magic - Enable automake ++++ osinfo-db: - bsc#1188336 - openSUSE Tumbleweed unattended installation in libvirt fails due to invalid autoyast.xml Drop fix-autoyast-validation.patch ++++ patterns-microos: - use suseconnect-ng (jsc#SMO-35) - temporarily remove rollback-helper and zypper-migration-plugin - added bootloader pattern (bsc#1188351) ++++ strace: - Update to strace 5.13 * Improvements * Print netlink data in a more structured way. * Implemented decoding of NT_PRSTATUS and NT_FPREGSET regsets of PTRACE_GETREGSET and PTRACE_SETREGSET requests. * Implemented decoding of regs argument of PTRACE_GETREGS, PTRACE_GETREGS64, PTRACE_SETREGS, PTRACE_SETREGS64, PTRACE_GETFPREGS, and PTRACE_SETFPREGS requests. * Implemented powerpc System Call Vectored ABI support. * Implemented decoding of landlock_add_rule, landlock_create_ruleset, and landlock_restrict_self syscalls introduced in Linux 5.13. * Enhanced decoding of perf_event_open syscall. * Updated lists of BPF_*, IORING_*, KEXEC_*, KEY_*, KVM_*, NT_*, PR_*, PTRACE_*, RTM_*, RTPROT_*, TRAP_*, UFFD_*, UFFDIO_*, and V4L2_* constants. * Updated lists of ioctl commands from Linux 5.13. ++++ suseconnect-ng: - Update to version 0.0.1~git16.8a5d48c: * Add extensions hints for readonly root fs * Make the connect package an internal package * Document debug output destination difference * Add status value constants * Add rollback CLI option * Fix callHTTP() so connections are reused * Fix list-extensions format * Fix error from zypper refresh ++++ yast2-trans: - Update to version 84.87.20210718.64398090f3: * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * New POT for text domain 'registration'. * Translated using Weblate (Slovak) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'users'. * New POT for text domain 'security'. * Translated using Weblate (Slovak) ------------------------------------------------------------------ ------------------ 2021-7-18 - Jul 18 2021 ------------------- ------------------------------------------------------------------ ++++ libguestfs: - Remove obsolete yajl - Add conditional to ocaml_preserve_bytecode - Remove traces of python2 code - Use pkgconfig(python3) to refer to variants of python3 - Remove obsolete 0004-python-include-dirs.patch and related workaround in spec file - Use autosetup - Use _udevrulesdir - Remove BuildRoot and defattr - Remove Group tags ++++ kernel-default: - fix patch metadata - fix Patch-mainline, drop Git-repo: patches.suse/bpftool-Properly-close-va_list-ap-by-va_end-on-error.patch - commit ec7585c - Update kabi files. - update from second July 2021 maintenance update submission (commit 44308a6ad508) - commit ee121a0 - Refresh patches.suse/0003-amdgpu-fix-GEM-obj-leak-in-amdgpu_display_user_frame.patch. Drop _unlocked - commit 942b7a3 - fbmem: Do not delete the mode that is still in use (git-fixes). - dma-buf/sync_file: Don't leak fences on merge failure (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - commit 1116a4b ++++ libselinux: - Add missing libselinux-utils Provides to selinux-tools so that %selinux_requires works ++++ runc: - Update to runc v1.0.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.1 * Fixed occasional runc exec/run failure ("interrupted system call") on an Azure volume. * Fixed "unable to find groups ... token too long" error with /etc/group containing lines longer than 64K characters. * cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is frozen. This is a regression in 1.0.0, not affecting runc itself but some of libcontainer users (e.g Kubernetes). * cgroupv2: bpf: Ignore inaccessible existing programs in case of permission error when handling replacement of existing bpf cgroup programs. This fixes a regression in 1.0.0, where some SELinux policies would block runc from being able to run entirely. * cgroup/systemd/v2: don't freeze cgroup on Set. * cgroup/systemd/v1: avoid unnecessary freeze on Set. - Remove upstreamed patches: + boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch ------------------------------------------------------------------ ------------------ 2021-7-17 - Jul 17 2021 ------------------- ------------------------------------------------------------------ ++++ gstreamer-plugins-base: - Add 90903917.patch: Fix build with meson >= 0.58.0rc1 ++++ libcap: - update to 2.51: * Fix capsh installation * Add an autoauth module flag to pam_cap.so * Unified libcap/cap (Go) and libcap (C) default generation of external format binary data * API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one capability flag to another. * --explain=cap_foo: describe what cap_foo does * --suggest=phrase: search all the cap descriptions and describe those that match the phrase * Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945) * extend libcap to include cap_prctl() and cap_prctlw() functions to regain feature parity with Go "cap" package. These are only needed when linking against -lpsx for keepcaps POSIX semantics. * this likely requires substantial application changes to make Ambient capability support usable in general, but doing our part for the admin. * Add a test case for recent kernel fix * Go pragma fix for convenience functions in "cap" module ++++ harfbuzz: - Drop pkgconfig(chafa) BuildRequires for now: causes a cycle between chafa and harfbuzz, and disable it in meson ++++ tpm2.0-abrmd: - Move selinux devel file to devel subpackage ++++ podman: - Update to version 3.2.3: * Bump to v3.2.3 * Update release notes for v3.2.3 * vendor containers/common@v0.38.16 * vendor containers/buildah@v1.21.3 * Fix race conditions in rootless cni setup * CNI-in-slirp4netns: fix bind-mount for /run/systemd/resolve/stub-resolv.conf * Make rootless-cni setup more robust * Support uid,gid,mode options for secrets * vendor containers/common@v0.38.15 * [CI:DOCS] podman search: clarify that results depend on implementation * vendor containers/common@v0.38.14 * vendor containers/common@v0.38.13 * [3.2] vendor containers/common@v0.38.12 * Bump README to v3.2.2 * Bump to v3.2.3-dev ++++ python-pycairo: - update to 1.20.1 * setup.py: Respect the PKG_CONFIG environment variable * Make import_cairo inline in addition to static * docs: Fix example in Pattern.set_filter() docs _pr_`221` * docs: Fix build with newer sphinx * docs: Fix NumPy width, height-conventions in examples * docs: Last parameter of rel_curve_to should be dy3, not dy4 * mypy: Fixes for mypy 0.800+ * mypy: Don't run mypy via pytest ------------------------------------------------------------------ ------------------ 2021-7-16 - Jul 16 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update patches.suse/Revert-ibmvnic-remove-duplicate-napi_schedule-call-i.patch (bsc#1065729 bsc#1188405 ltc#193509). - Update patches.suse/Revert-ibmvnic-simplify-reset_long_term_buff-functio.patch (bsc#1186206 ltc#191041 bsc#1188405 ltc#193509). - commit 5fcaf8a - rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap (boo#1184804). - commit 5b51131 - bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518). - libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518). - commit a14bd1d ++++ kernel-firmware: - Update to version 20210716 (git commit b7c134f0d349): * linux-firmware: update NXP 8897/8997 firmware images * rtlwifi: de-dupe rtl8723b WiFi firmware * rtlwifi: de-dupe rtl8192e WiFi firmware * linux-firmware: update frimware for mediatek bluetooth chip (MT7921) * cxgb4: Update firmware to revision 1.26.0.0 * firmware/i915/guc: Add HuC v7.9.3 for TGL & DG1 * firmware/i915/guc: Add GuC v62.0.3 for ADL-P * firmware/i915/guc: Add GuC v62.0.0 for all platforms - Make TW packages only installable on post-UsrMerge systems; the packages for Leap are found in OBS Kernel:stable:Backport repo, instead - Update aliases from 5.14-rc1 ++++ libgcrypt: - libgcrypt 1.9.3: [jsc#SLE-17558, jsc#SLE-19413] * Bug fixes: - Fix build problems on i386 using gcc-4.7. - Fix checksum calculation in OCB decryption for AES on s390. - Fix a regression in gcry_mpi_ec_add related to certain usages of curve 25519. - Fix a symbol not found problem on Apple M1. - Fix for Apple iOS getentropy peculiarity. - Make keygrip computation work for compressed points. * Performance: - Add x86_64 VAES/AVX2 accelerated implementation of Camellia. - Add x86_64 VAES/AVX2 accelerated implementation of AES. - Add VPMSUMD acceleration for GCM mode on PPC. * Internal changes. - Harden MPI conditional code against EM leakage. - Harden Elgamal by introducing exponent blinding. * Remove libgcrypt-CVE-2021-33560-ElGamal-exponent-blinding.patch ++++ python3-core: - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). ++++ libslirp: - Update to version 4.6.0: * build-sys: forgot to bump version to 4.6.0 * changelog: post-release * Release v4.6.0 * udp: check upd_input buffer size * tftp: introduce a header structure * tftp: check tftp_input buffer size * upd6: check udp6_input buffer size * bootp: check bootp_input buffer size * bootp: limit vendor-specific area to input packet memory buffer * Revert "Set macOS deployment target to macOS 10.4" - fixes CVE-2021-3592 [bsc#1187364], CVE-2021-3593 [bsc#1187365], CVE-2021-3594 [bsc#1187367],CVE-2021-3595[bsc#1187366] => Remove patches: * libslirp-CVE-2021-3592.patch * libslirp-CVE-2021-3593.patch * libslirp-CVE-2021-3594.patch * libslirp-CVE-2021-3595.patch ++++ python3: - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). ++++ selinux-policy: - Update to version 20210716 - Remove interfaces for container module before building the package (bsc#1188184) - Updated * fix_init.patch * fix_systemd_watch.patch to adapt to upstream changes ++++ systemd-rpm-macros: - Bump to version 8 - Make use of "Suggests:" in %systemd_ordering Until libzypp supports "OrderWithRequires:", we need to specify a similar ordering constraint that can be understood by the dep solver as well. Hence the use of "Suggests:" in %systemd_ordering (workaround for bsc#1187332). - Introduce %sysusers_create_package %sysusers_create and %sysusers_create_inline are now deprecated and the new macro should be used instead. Upstream commit 07a7d4a0040d221ff09e527e91c112b4ffab1dba. ------------------------------------------------------------------ ------------------ 2021-7-15 - Jul 15 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - added apparmor-dovecot-stats-metrics.diff to allow Prometheus metrics end-point ++++ dbus-1: - Add missing patch for CVE-2020-12049 * fix-upstream-CVE-2020-12049_2.patch ++++ dbus-1-x11: - Add missing patch for CVE-2020-12049 * fix-upstream-CVE-2020-12049_2.patch ++++ glib2: - Silence output in libgio-2_0-0 post scriptlet in case the ENV-mimeapps.list files do not exist: we are ready to create them in this case. An error message is only confusing. ++++ kernel-default: - blacklist.conf: add "block: blk-mq.c: fix @at_head kernel-doc warning" Also removed a remnant of a merge conflict. - commit ebd24f1 - netfilter: x_tables: fix compat match/target pad out-of-bound write (CVE-2021-22555 bsc#1188116). - commit 0b62bdb - netfilter: x_tables: fix compat match/target pad out-of-bound write (CVE-2021-22555 bsc#1188116). - commit 5d3d4da - vmxnet3: fix cksum offload issues for tunnels with non-default udp ports (git-fixes). - USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes). - usb: gadget: eem: fix echo command packet response issue (git-fixes). - vfio/pci: Handle concurrent vma faults (git-fixes). - [xarray] iov_iter_fault_in_readable() should do nothing in xarray case (git-fixes). - ssb: sdio: Don't overwrite const buffer if block_write fails (git-fixes). - commit 76c3ff9 - serial_cs: Add Option International GSM-Ready 56K/ISDN modem (git-fixes). - serial_cs: remove wrong GLOBETROTTER.cis entry (git-fixes). - staging: rtl8712: remove redundant check in r871xu_drv_init (git-fixes). - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes). - spi: omap-100k: Fix the length judgment problem (git-fixes). - spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (git-fixes). - spi: Make of_register_spi_device also set the fwnode (git-fixes). - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (git-fixes). - regulator: uniphier: Add missing MODULE_DEVICE_TABLE (git-fixes). - commit a2b1a60 - platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (git-fixes). - random32: Fix implicit truncation warning in prandom_seed_state() (git-fixes). - media: Fix Media Controller API config checks (git-fixes). - media: imx-csi: Skip first few frames from a BT.656 source (git-fixes). - media: siano: fix device register error path (git-fixes). - media: dvb_net: avoid speculation from net slot (git-fixes). - media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes). - mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes). - mmc: sdhci-sprd: use sdhci_sprd_writew (git-fixes). - memstick: rtsx_usb_ms: fix UAF (git-fixes). - commit 0eb2f6b - media: st-hva: Fix potential NULL pointer dereferences (git-fixes). - media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes). - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (git-fixes). - media: em28xx: Fix possible memory leak of em28xx struct (git-fixes). - media: imx: imx7_mipi_csis: Fix logging of only error event counters (git-fixes). - media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes). - media: cobalt: fix race condition in setting HPD (git-fixes). - media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes). - media: sti: fix obj-$(config) targets (git-fixes). - media: exynos-gsc: fix pm_runtime_get_sync() usage count (git-fixes). - commit ba1b2bc - iio: adc: at91-sama5d2: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: mxc4005: Fix overread of data and alignment issue (git-fixes). - lib: vsprintf: Fix handling of number field widths in vsscanf (git-fixes). - media: sti/bdisp: fix pm_runtime_get_sync() usage count (git-fixes). - media: s5p-jpeg: fix pm_runtime_get_sync() usage count (git-fixes). - media: mtk-vcodec: fix PM runtime get logic (git-fixes). - media: sh_vou: fix pm_runtime_get_sync() usage count (git-fixes). - media: mdk-mdp: fix pm_runtime_get_sync() usage count (git-fixes). - iio: at91-sama5d2_adc: remove usage of iio_priv_to_dev() helper (git-fixes). - iio:accel:mxc4005: Drop unnecessary explicit casts in regmap_bulk_read calls (git-fixes). - commit 74c2c06 - gve: Fix an error handling path in 'gve_probe()' (git-fixes). - fm10k: Fix an error handling path in 'fm10k_probe()' (git-fixes). - HID: do not use down_interruptible() when unbinding devices (git-fixes). - HID: wacom: Correct base usage for capacitive ExpressKey status bits (git-fixes). - crypto: omap-sham - Fix PM reference leak in omap sham ops (git-fixes). - crypto: nitrox - fix unchecked variable in nitrox_register_interrupts (git-fixes). - hwrng: exynos - Fix runtime PM imbalance on error (git-fixes). - hwmon: (max31790) Fix pwmX_enable attributes (git-fixes). - hwmon: (max31790) Report correct current pwm duty cycles (git-fixes). - commit ac66984 - ALSA: usb-audio: scarlett2: Fix wrong resume call (git-fixes). - ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D (git-fixes). - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (git-fixes). - clocksource: Retry clock read if long delays detected (git-fixes). - crypto: qat - remove unused macro in FW loader (git-fixes). - crypto: qat - check return code of qat_hal_rd_rel_reg() (git-fixes). - crypto: ccp - Fix a resource leak in an error handling path (git-fixes). - crypto: ux500 - Fix error return code in hash_hw_final() (git-fixes). - crypto: nx - add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: ixp4xx - dma_unmap the correct address (git-fixes). - commit fcdd7a0 - ALSA: hda/realtek: Add another ALC236 variant support (git-fixes). - ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes). - ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes). - ACPI: EC: Make more Asus laptops use ECDT _GPE (git-fixes). - ACPI: resources: Add checks for ACPI IRQ override (git-fixes). - ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes). - ACPICA: Fix memory leak caused by _CID repair function (git-fixes). - commit 930000b ++++ libapparmor: - added apparmor-dovecot-stats-metrics.diff to allow Prometheus metrics end-point ++++ Mesa: - update to 21.1.5 * fith bugfix release ++++ libgcrypt: - Fix building test t-lock with pthread. [bsc#1189745] * Explicitly add -lpthread to compile the t-lock test. * Add libgcrypt-pthread-in-t-lock-test.patch ++++ tpm2-0-tss: - Remove conflicting sysusers.d file ++++ mokutil: - Update to 0.5.0 + mokutil: delete key/hash from the reverse request + efi_x509: fix an error handling in is_immediate_ca() + efi_x509: fix certificates fingerprint calculation + efi_x509: use EVP_Digest()* functions instead of the deprecated SHA1_*() + src/util.c: fix NULL pointer dereference in mok_get_variable + mokutil: Read the SbatLevelRT variable to get the SBAT entries + mokutil: add mok-variables parsing support + mokutil: Add option to print the UEFI SBAT variable content + mokutil: only check for Secure Boot support in options that need it + efi_x509: add the function to fetch SKID + keyring: add the function to check kernel keyring + mokutil: initialize data for efi_get_variable() + mokutil: correct the data for efi_set_variable() in set_password() + mokutil: improve the readability of issue_mok_request() + mokutil: drop the checks for PK and KEK + mokutil: check the blocklists before enrolling a key + mokutil: adjust the command bits + mokutil: remove "--simple-hash" + make CA check non-fatal + mokutil: close file in the error path + mokutil: do the CA check + efi_x509: add the function to check immediate CA + efi_x509: use d2i_X509() to create X509 handling + mokutil: rename hash_file as pw_hash_file + password-crypt: update the function names + password-crypt: fix the types of several functions + mokutil: fix the error message in sb_state() + mokutil: move x509 functions to efi_x509.c + mokutil: move the hash functions to efi_hash.c + util: add functions for db_var_name and db_friendly_name + Remove the SHA1 code from identify_hash_type() + Map the UEFI variable names with a function + Fix -Wcast-align warnings + Fix 32 bit build + Add --timeout to manpage and other corrections. + mokutil.c: fix typo enrollement -> enrollment + Avoid taking pointer to packed struct + Fix name of --enable-validation in the description + Remove shebang from bash-completion/mokutil - Add mokutil-fix-missing-header.patch to fix the compilation error due to the missing header - Refresh mokutil-remove-libkeyutils-check.patch and only apply it to openSUSE Leap 15.* - Drop upstreamed patches: + mokutil-remove-shebang-from-bash-completion-file.patch + mokutil-bsc1173115-add-ca-and-keyring-checks.patch - Drop mokutil-support-revoke-builtin-cert.patch since we don't use the builtin cert prompt patch in shim anymore. ++++ selinux-policy: - Use tabrmd SELinux modules from tpm2.0-abrmd instead of storing here ++++ shim: - Update the SLE signatures (sync shim.changes from SLE) ++++ sysuser-tools: - Use /bin/bash for sysusers-generate-pre ++++ yast2: - Do not escape "$" in URL paths (bsc#1187581). - 4.4.16 ------------------------------------------------------------------ ------------------ 2021-7-14 - Jul 14 2021 ------------------- ------------------------------------------------------------------ ++++ containerd: [ This patch was only released in SLES and Leap. ] - Add patch for GHSA-c72p-9xmj-rx3w. CVE-2021-32760 bsc#1188282 + bsc1188282-use-chmod-path-for-checking-symlink.patch ++++ kernel-default: - seq_file: Disallow extremely large seq buffer allocations (bsc#1188062, CVE-2021-33909). - commit fe01024 - thermal/drivers/int340x/processor_thermal: Fix tcc setting (git-fixes). - commit c7a1614 - serial: fsl_lpuart: remove RTSCTS handling from get_mctrl() (git-fixes). - serial: 8250_pci: Add support for new HPE serial device (git-fixes). - commit bdbeac7 - PCI: tegra194: Fix tegra_pcie_ep_raise_msi_irq() ill-defined shift (git-fixes). - PCI: intel-gw: Fix INTx enable (git-fixes). - rtw88: 8822c: fix lc calibration timing (git-fixes). - commit 27f2c49 - leds: class: The -ENOTSUPP should never be seen by user space (git-fixes). - mac80211: reset profile_periodicity/ema_ap (git-fixes). - i2c: designware: Adjust bus_freq_hz when refuse high speed mode set (git-fixes). - net: phy: fix save wrong speed and duplex problem if autoneg is on (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - commit 3654173 - blacklist.conf: update blacklist - commit 36a2250 - usb: dwc3: Fix debugfs creation flow (git-fixes). - commit dc4de14 - Revert "drm: add a locked version of drm_is_current_master" (git-fixes). - commit 299bede - drm/i915/display: Do not zero past infoframes.vsc (git-fixes). - drm/msm: Fix error return code in msm_drm_init() (git-fixes). - drm/dp_mst: Do not set proposed vcpi directly (git-fixes). - drm/vc4: hdmi: Fix error path of hpd-gpios (git-fixes). - drm/rockchip: cdn-dp: fix sign extension on an int multiply for a u64 result (git-fixes). - drm/rockchip: lvds: Fix an error handling path (git-fixes). - drm: rockchip: set alpha_en to 0 if it is not used (git-fixes). - drm/vc4: hdmi: Prevent clock unbalance (git-fixes). - drm/vc4: crtc: Skip the TXP (git-fixes). - drm/vc4: txp: Properly set the possible_crtcs mask (git-fixes). - drm/amd/display: Fix build warnings (git-fixes). - drm/amd/dc: Fix a missing check bug in dm_dp_mst_detect() (git-fixes). - drm/vmwgfx: Fix cpu updates of coherent multisample surfaces (git-fixes). - drm/vmwgfx: Mark a surface gpu-dirty after the SVGA3dCmdDXGenMips command (git-fixes). - drm: bridge: add missing word in Analogix help text (git-fixes). - drm/bridge: Fix the stop condition of drm_bridge_chain_pre_enable() (git-fixes). - drm/bridge/sii8620: fix dependency on extcon (git-fixes). - drm/i915/selftests: use vma_lookup() in __igt_mmap() (git-fixes). - commit 92278ad - blacklist.conf: update blacklist - commit 6b0f6b8 - clk: imx8mq: remove SYS PLL 1/2 clock gates (git-fixes). - Bluetooth: hci_qca: fix potential GPF (git-fixes). - cw1200: Revert unnecessary patches that fix unreal use-after-free bugs (git-fixes). - brcmfmac: Fix a double-free in brcmf_sdio_bus_reset (git-fixes). - drm/nouveau: fix dma_address check for CPU/GPU sync (git-fixes). - drm/amdgpu: wait for moving fence after pinning (git-fixes). - drm: add a locked version of drm_is_current_master (git-fixes). - commit 41694a6 - kABI compatibility fix for max98373_priv struct (git-fixes). - commit 9bfc21b - ASoC: SOF: loader: Use snd_sof_dsp_block_read() instead sof_block_read() (git-fixes). - ASoC: rk3328: fix missing clk_disable_unprepare() on error in rk3328_platform_probe() (git-fixes). - ASoC: rt5682: Disable irq on shutdown (git-fixes). - ASoC: fsl_spdif: Fix unexpected interrupt after suspend (git-fixes). - ASoC: fsl_spdif: Fix error handler with pm_runtime_enable (git-fixes). - ASoC: rt715-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt711-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt700-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt5682-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: rt1308-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: max98373-sdw: use first_hw_init flag on resume (git-fixes). - ASoC: max98373-sdw: add missing memory allocation check (git-fixes). - commit 5211f08 - ALSA: usb-audio: Fix OOB access at proc output (git-fixes). - ALSA: firewire-motu: fix stream format for MOTU 8pre FireWire (git-fixes). - commit 0a94859 - Blacklist already cherry-picked ASoC commits - commit 5cc6c21 - usb: gadget: f_fs: Fix setting of device and driver data cross-references (git-fixes). - commit 8174fed - vfs: Convert functionfs to use the new mount API (git -fixes). - commit bc4a6d0 - mm, futex: fix shared futex pgoff on shmem huge page (git fixes (kernel/futex)). - commit b5af159 ++++ bluez: - Add gatt-Fix-potential-buffer-out-of-bound.patch * When client features is read check if the offset is within the cli_feat bounds. (bsc#1187165 CVE-2021-3588) - Add shared-gatt-db-Introduce-gatt_db_attribute_set_fixed.patch * This enables user to inform if an attribute has a fixed length so it can automatically perform bounds checking. (bsc#1187165 CVE-2021-3588) - Add gatt-Make-use-of-gatt_db_attribute_set_fixed_length.patch * This makes use of gatt_db_attribute_set_fixed_length so the database is aware of the length of the values and perform bounds checking. (bsc#1187165 CVE-2021-3588) ++++ harfbuzz: - Update to version 2.8.2: + Shaping LTR digits for RTL scripts now makes the native direction of the digits LTR, applying shaping and positioning rules on the same glyph order as Uniscribe + Subsetting COLR v1 and CPAL tables is now supported + Various fixes and improvements to the subsetter + When applying morx table, mark glyph widths should not be zeroed + GPOS is preferred over kerx, if GSUB was applied + Regional_Indicator pairs are grouped together when clustering ++++ tpm2-0-tss: - Clean spec file - Add new library libtss2-tcti-pcap0 - Update to 3.1.0: * Fix FAPI PolicyPCR not instatiating correctly (CVE-2020-24455) * Fixed possible access outside the array in ifapi_calculate_tree * Added pcap TCTI * Added GlobalSign TPM Root CA certs to FAPI cert store * Changed EncryptDecrypt mode type to align with TPM2.0 spec 1.59 * Added two new TPM commands TPM2_CC_CertifyX509, and TPM2_CC_ACT_SetTimeout ++++ tpm2.0-abrmd: - Update to version 2.4.0: - Service start depends on systemd device unit: dev-tpm0.device. - Numerous memory leaks. - udev settle service deprecation warnings. - StandardOutput=syslog deprecation warnings. - Add selinux module files - Move dbus files out of /etc ++++ yast2: - Don't crash with UI exception in Progress.rb if a popup is in the way (bsc#1187676) - 4.4.15 ------------------------------------------------------------------ ------------------ 2021-7-13 - Jul 13 2021 ------------------- ------------------------------------------------------------------ ++++ afterburn: - Forward port fix-authorized-keys-location.patch ++++ curl: - Security fix: [bsc#1188220, CVE-2021-22925] * TELNET stack contents disclosure again * Add curl-CVE-2021-22925.patch ++++ kernel-default: - Update Patch-mainline tags for patches that landed in 5.14-rc1. - commit b2d9bab - thunderbolt: Bond lanes only when dual_link_port != NULL in alloc_dev_default() (git-fixes). - commit a8440fd - usb: typec: fusb302: fix "op-sink-microwatt" default that was in mW (git-fixes). - commit dcf2645 - fuse: reject internal errno (bsc#1188269). - fuse: check connected before queueing on fpq->io (bsc#1188267). - fuse: ignore PG_workingset after stealing (bsc#1188268). - commit ad3c8af - kABI: restore struct tcpc_config definition (git-fixes). - commit af96f3e - media: v4l2-async: Fix trivial documentation typo (git-fixes). - commit a677fa5 ++++ pango: - Add 3ff6365.patch, reverse applied: fix build of e.g. g-c-c. This commit introduced a requirement to run X. ++++ libproxy: - Do no longer BuildRequire libmodman-devel: libproxy 0.4.17 was changed upstream to only support to internal version (no other consumer of libmodman exists). - No longer pass -DFORCE_SYSTEM_LIBMODMAN=ON to cmake: not understood anymore (boo#1188265). ------------------------------------------------------------------ ------------------ 2021-7-12 - Jul 12 2021 ------------------- ------------------------------------------------------------------ ++++ afterburn: - Add set-default-user.patch + Set the default user to suse - Add fix-authorized-keys-location.patch + Write the ssh keys to the standard location - Add no-network-args.patch + Networks arguments on the kernel command line are set during image build there is no need for another place for a hard coded list. - Create target dir for afterburn to write configuration file to ++++ btrfsprogs: - Update to 5.13 * restore: remove loop checks for extent count and directory scan * inspect dump-tree: new options to print node (--csum-headers) and data checksums (--csum-items) * fi usage: * print stripe count for striped profiles * print zoned information: size, total unusable * mkfs: print note about sha256 accelerated module loading issue * check: ability to reset dev_item::bytes_used * fixes * detect zoned kernel support at run time too * exclusive op running check return value * fi resize: support cancel (kernel 5.14) * device remove: support cancel (kernel 5.14) * documentation about general topics * compression * zoned mode * storage model * hardware considerations * other * libbtrfsutil API overview * help text fixes and updates * hash speedtest measure time, cycles using perf and print throughput ++++ curl: - Security fix: [bsc#1188219, CVE-2021-22924] * Bad connection reuse due to flawed path name checks * Add curl-CVE-2021-22924.patch - Security fix: Disable the metalink feature: * Insufficiently Protected Credentials [bsc#1188218, CVE-2021-22923] * Wrong content via metalink not discarded [bsc#1188217, CVE-2021-22922] ++++ dbus-1: - Fix CVE-2020-12049 truncated messages lead to resource exhaustion (CVE-2020-12049, bsc#1172505) * fix-upstream-CVE-2020-12049.patch - Rebased fix-CVE-2019-12749.patch ++++ dbus-1-x11: - Fix CVE-2020-12049 truncated messages lead to resource exhaustion (CVE-2020-12049, bsc#1172505) * fix-upstream-CVE-2020-12049.patch - Rebased fix-CVE-2019-12749.patch ++++ irqbalance: - Update to version 1.8.0.8.gbd5aaf5 (jsc#SLE-17697): * Fix comma typo in ui.c * drop NoNewPrivs from irqbalance service * remove no existing irq in banned_irqs * Fix compile issue with none AARCH64 builds * Fix irqbalance cannot obtain the full name of irq - Enhance _service magic and add git hashtag to version ++++ kernel-default: - tracing/histograms: Fix parsing of "sym-offset" modifier (git-fixes). - commit e43cdf6 - usb: typec: fusb302: Always provide fwnode for the port (git-fixes). - commit 23df3ab - math: Export mul_u64_u64_div_u64 (git-fixes). - commit 3708119 - PCI: tegra194: Fix tegra_pcie_ep_raise_msi_irq() ill-defined shift (git-fixes). - PCI: intel-gw: Fix INTx enable (git-fixes). - serial: fsl_lpuart: remove RTSCTS handling from get_mctrl() (git-fixes). - coresight: Propagate symlink failure (git-fixes). - coresight: core: Fix use of uninitialized pointer (git-fixes). - commit 0c46818 - rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path (git-fixes). - rtc: fix snprintf() checking in is_rtc_hctosys() (git-fixes). - thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations (git-fixes). - reset: bail if try_module_get() fails (git-fixes). - firmware: tegra: Fix error return code in tegra210_bpmp_init() (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: pl353: Fix error return code in pl353_smc_probe() (git-fixes). - memory: atmel-ebi: add missing of_node_put for loop iteration (git-fixes). - reset: brcmstb: Add missing MODULE_DEVICE_TABLE (git-fixes). - reset: a10sr: add missing of_match_table reference (git-fixes). - ALSA: intel8x0: Fix breakage at ac97 clock measurement (git-fixes). - ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes). - commit 8a2377b - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - commit b522bcb - Refresh patches.suse/rtc-pcf2127-handle-timestamp-interrupts.patch. Switched to queued version. - commit 1b185ef ++++ sudo: - Fix commented out "Defaults env_keep" in sudo-sudoers.patch - Fix LC_TIME incorrectly named LC_ATIME ++++ suseconnect-ng: - Update to version 0.0.1~git0.a5f168a: * Add JSONError and cleanup error handling ++++ yast2-trans: - Update to version 84.87.20210710.14ccc2c973: * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * New POT for text domain 'bootloader'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Slovak) * Translated using Weblate (Spanish) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Indonesian) * Translated using Weblate (Catalan) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Catalan) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'autoinst'. * Translated using Weblate (Japanese) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (French) ------------------------------------------------------------------ ------------------ 2021-7-11 - Jul 11 2021 ------------------- ------------------------------------------------------------------ ++++ elfutils: - For version 0.185, the below patches are no longer needed (jsc#SLE-17288, jsc#SLE-17951) libdw-check-end-of-attributes-list-consistently.patch elflint-dont-check-section-group-without-flags-word.patch libelf-error-if-elf_compress_gnu-is-used-on-SHF_COMPRESSED.patch libdw-readelf-make-sure-there-is-enough-data-to-read.patch elfutils-dont-trust-sh_entsize.patch elflint-check-symbol-table-data-is-big-enough-before-check.patch size-handle-recursive-elf-ar-files.patch elflint-sanity-check-the-number-of-phdrs-and-shdrs.patch use-the-empty-string-for-note-names-with-zero-size.patch readelf-fix-off-by-one-sanity-check.patch libebl-check-NT_PLATFORM-core-notes.patch libdwfl-sanity-check-partial-core-file-dyn-data-read.patch libelf-check-compression-before-allocate-output-buffer.patch libdwfl-sanity-check-partial-core-file-data-reads.patch arlib-check-that-sh_entsize-isnt-zero.patch ++++ libdrm: - Update to version 2.4.107: * amdgpu: update marketing names * tests/amdgpu: Fix valgrind warning * test/amdgpu: Add helper functions for hot unplug * test/amdgpu/hotunplug: Add test suite for GPU unplug * tests/amdgpu/hotunplug: Add unplug with cs test. * tests/amdgpu/hotunplug: Add hotunplug with exported bo test * tests/amdgpu/hotunplug: Add hotunplug with exported fence * amdgpu: Add vamgr for capture/replay. * include in xf86drmMode when the OS is FreeBSD * _WANT_KERNEL_ERRNO must be defined in FreeBSD for ERESTART to be used * Conditionally include and on Linux, BSD * Revert "tests/amdgpu: fix bo eviction test issue" * xf86drm: Add a human readable representation for format modifiers * xf86drm: Add a vendor function to decode the format modifier * xf86drm: Add support for decoding Nvidia format modifiers * xf86drm: Add support for decoding AMD format modifiers * xf86drm: Add support for decoding AMLOGIC format modifiers * README.rst: Include some notes about syncing uapi headers * amdgpu: Added product name for E9390,E9560 and E9565 dgpu * intel: Add support for ADLP ------------------------------------------------------------------ ------------------ 2021-7-10 - Jul 10 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - x86/kvm: Disable all PV features on crash (bsc#1185308). - refresh patches.suse/0001-kvm-Reintroduce-nopvspin-kernel-parameter.patch - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - x86/kvm: Disable all PV features on crash (bsc#1185308). - refresh patches.suse/0001-kvm-Reintroduce-nopvspin-kernel-parameter.patch - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - commit 80699a1 ++++ mozilla-nss: - update to NSS 3.66 * bmo#1710716 - Remove Expired Sonera Class2 CA from NSS. * bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority. * bmo#1708307 - Remove Trustis FPS Root CA from NSS. * bmo#1707097 - Add Certum Trusted Root CA to NSS. * bmo#1707097 - Add Certum EC-384 CA to NSS. * bmo#1703942 - Add ANF Secure Server Root CA to NSS. * bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS. * bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database. * bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler. * bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h. * bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators. * bmo#1709291 - Add VerifyCodeSigningCertificateChain. * Use GNU tar for the release helper script. - update to NSS 3.65 * bmo#1709654 - Update for NetBSD configuration. * bmo#1709750 - Disable HPKE test when fuzzing. * bmo#1566124 - Optimize AES-GCM for ppc64le. * bmo#1699021 - Add AES-256-GCM to HPKE. * bmo#1698419 - ECH -10 updates. * bmo#1692930 - Update HPKE to final version. * bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default. * bmo#1703936 - New coverity/cpp scanner errors. * bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. * bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. * bmo#1705119 - Deadlock when using GCM and non-thread safe tokens. - refreshed patches - Firefox 90.0 requires NSS 3.66 ++++ makedumpfile: - Update to 1.6.9 * Add initial mips64 support * Support newer kernels up to v5.12 * x86_64: fix a use-after-free bug in -e option * arm64: support flipped VA and 52-bit kernel VA * Add shorthand --show-stats option to show report stats * Add --dry-run option to prevent writing the dumpfile * printk: add support for lockless ringbuffer - Fix rpmlintrc to not be version agnostic - Refresh makedumpfile-override-libtinfo.patch - Drop upstream merged * makedumpfile-printk-add-support-for-lockless-ringbuffer.patch * makedumpfile-printk-use-committed-finalized-state-value.patch * makedumpfile-use-uts_namespace.name-offset-VMCOREINFO.patch * makedumpfile-1-3-Use-vmcoreinfo-note-in-proc-kcore-for-mem-.patch * makedumpfile-2-3-arm64-Make-use-of-NUMBER-VA_BITS-in-vmcore.patch * makedumpfile-3-3-arm64-support-flipped-VA-and-52-bit-kernel.patch ------------------------------------------------------------------ ------------------ 2021-7-9 - Jul 9 2021 ------------------- ------------------------------------------------------------------ ++++ at-spi2-core: - Update to version 2.40.3 + Bugfix: Use abstract sockets if libdbus is older than 1.12.0 ++++ gtk3: - Update to version 3.24.30: + Input: - Ignore NoSymbol key events (happens with some XKB options). - Fix incomplete reset in some cases. + GtkEmojiChooser: - Update data from CLDR 39. - Support translated keywords for multiple languages. - Allow inserting multiple Emoji with Ctrl. - Match keywords for search. - Fix a memory leak. + GtkFileChooser: Accessibility improvements. + GtkTreeView: - Fix an accessibility-related memory leak. - Fix assertion failures in some cases. + Printing: Remove the Google Cloud Print backend, since the service was shut down. + Wayland: Work with pointer-gestures v1 protocol. + Updated translations. ++++ jeos-firstboot: - Update to version 1.0.2.0: * Skip the lo interface when probing for DHCP - Use @TAG_OFFSET@ in version to make it unambiguous ++++ kernel-default: - fix patches metadata - fix Patch-mainline: patches.suse/tracepoint-Add-tracepoint_probe_register_may_exist-for-BPF-tracing.patch patches.suse/tracing-Resize-tgid_map-to-pid_max-not-PID_MAX_DEFAULT.patch patches.suse/tracing-Simplify-fix-saved_tgids-logic.patch - commit fa5e842 - soc: fsl: qbman: Delete useless kfree code (bsc#1188176). - soc: fsl: qbman: Ensure device cleanup is run for kexec (bsc#1188176). - commit ec1bcd7 - ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation (git-fixes). - commit d17e17c - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - commit 586c229 - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - commit 3d9e50c - rpm/kernel-binary.spec.in: Remove zdebug define used only once. - commit 85a9fc2 ++++ libeconf: - Update to version 0.4.1+git20210709.cf671f2: * CMake fixes regarding installation of econftool and man pages. ++++ ovmf: - Add ovmf-fix-xen-s3-detection.patch to fix the S3 detection in ovmf-xen - Add ovmf-xen-add-qemu-kernel-loader-fs.patch to add QemuKernelLoaderFsDxe to ovmf-xen to load kernel from qemu fw_cfg ++++ suseconnect-ng: - Update to version 0.0.0~git.c45760f: * Add Conflicts:SUSEConnect due to same file name * Document advantage of suseconnect-ng * Make UpdateSystem() message text bold * Add no_zypper_refs config file option * Complete Register() and AnnounceSystem() * Add registerProductTree() * Add activateProduct() and registerProduct() * Rename source modules to executable names * Remove unnecessary content from package. * Add proxy auth support * Change order of usage help options to match the Ruby version * Make requirement for go 1.16 explicit. * Fix instance data file path * Add zypper service commands needed for registration * S390: set cpus, sockets, hypervisor and uuid hwinfo fields * Implement the system update part of registration * Add helper to build hwinfo struct * Add functions to call and parse s390 read_values * Add function to get the hostname * Add function to get private IP address * Add arch, hypervisor and uuid functions * Add function to find cloud provider from dmidecode * Add function to parse lscpu output * Add announceSystem() api call * Add deregistration functionality * Add deactivateProduct() API call * obs: use an in between branch ------------------------------------------------------------------ ------------------ 2021-7-8 - Jul 8 2021 ------------------- ------------------------------------------------------------------ ++++ hwdata: - Update to version 0.349 (bsc#1187948): + Updated pci, usb and vendor ids. ++++ ignition: - If a Combustion device was mounted, then unmount it in ignition-kargs-helper - the replacement script will be put on the same location ++++ kernel-default: - kernel-binary.spec: Exctract s390 decompression code (jsc#SLE-17042). - commit 7f97df2 - seq_file: Disallow extremely large seq buffer allocations (bsc#1188062, CVE-2021-33909). - commit eb7ef76 - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (git-fixes). - commit dfc48c9 - tracing: Simplify & fix saved_tgids logic (git-fixes). - commit c530730 - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing (git-fixes). - commit 1ab86c5 - nvme: verify MNAN value if ANA is enabled (bsc#1185791). - commit e620ef1 - spi: spi-nxp-fspi: Implement errata workaround for LS1028A (bsc#1188121). - spi: spi-nxp-fspi: Add support for IP read only (bsc#1188121). - spi: spi-nxp-fspi: Add ACPI support (bsc#1188121). Refresh: patches.suse/spi-spi-nxp-fspi-fix-fspi-panic-by-unexpected-interr.patch patches.suse/spi-spi-nxp-fspi-move-the-register-operation-after-t.patch - spi: spi-nxp-fspi: Fix a NULL vs IS_ERR() check in probe (bsc#1188121). Refresh: patches.suse/spi-spi-nxp-fspi-fix-fspi-panic-by-unexpected-interr.patch patches.suse/spi-spi-nxp-fspi-move-the-register-operation-after-t.patch - spi: spi-nxp-fspi: Enable the Octal Mode in MCR0 (bsc#1188121). - spi: fspi: dynamically alloc AHB memory (bsc#1188121). Refresh: patches.suse/spi-spi-nxp-fspi-fix-fspi-panic-by-unexpected-interr.patch patches.suse/spi-spi-nxp-fspi-move-the-register-operation-after-t.patch - spi: nxp-fspi: Use devm API to fix missed unregistration of controller (bsc#1188121). - commit 8290109 - Fix meta data in lpfc-decouple-port_template-and-vport_template.patch - commit d9e6471 - scsi: qedf: Do not put host in qedf_vport_create() unconditionally (bsc#1170511). - commit 8665594 - efi/tpm: Differentiate missing and invalid final event log table (bsc#1188036). - commit 8616099 - kernel-binary.spec: Fix up usrmerge for non-modular kernels. - commit d718cd9 - nvme-rdma: introduce nvme_rdma_sgl structure (git-fixes). - commit 6ccb8a5 - nvme-rdma: fix in-casule data send for chained sgls (git-fixes). - nvme-tcp: rerun io_work if req_list is not empty (git-fixes). - commit a286451 - watchdog: aspeed: fix hardware timeout calculation (git-fixes). - watchdog: sp805: Fix kernel doc description (git-fixes). - gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP (git-fixes). - commit 79058fa ++++ libeconf: - Update to version 0.4.0+git20210708.6918ea1: * Fixed covscan FORWARD_NULL_issues warnings ++++ ceph: - Update to 16.2.5-29-g97c2c82c2f5: + rebased on top of upstream commit SHA1 0883bdea7337b95e4b611c768c0279868462204a upstream 16.2.5 release https://ceph.io/releases/v16-2-5-pacific-released/ + cherry-pick fix for bsc#1188111: * include/denc: include used header * mon,osd: always init local variable * common/Formatter: include used header ++++ systemd: - Added patches to fix CVE-2021-33910 (bsc#1188063) Added 1001-unit-name-generate-a-clear-error-code-when-convertin.patch Added 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch Added 1003-basic-unit-name-adjust-comments.patch These patches will be moved to the git repo once the bug will become public. ++++ mdevctl: - Update to version 0.81: * Automatic version commit for tag 0.81 * Fix define from jsonfile ++++ python-pytz: - Add %pyunittest shim for platforms where it is missing. ++++ timezone: - Install tzdata.zi (bsc#1188127) ++++ tpm2.0-tools: - prepare running the test suite via %check, but leave it commented out, because it is broken due to LTO linking. ------------------------------------------------------------------ ------------------ 2021-7-7 - Jul 7 2021 ------------------- ------------------------------------------------------------------ ++++ containerd: - Build with go1.15 for reproducible build results (boo#1102408) ++++ haproxy: - Update to version 2.4.2+git0.553dee326: * [RELEASE] Released version 2.4.2 * REGTESTS: add http scheme-based normalization test * MEDIUM: h2: apply scheme-based normalization on h2 requests * MEDIUM: h1-htx: apply scheme-based normalization on h1 requests * MEDIUM: http: implement scheme-based normalization * MINOR: http: implement http_get_scheme * Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules" * BUG/MINOR: cli: fix server name output in "show fd" * BUG/MEDIUM: sock: make sure to never miss early connection failures * DOC: stick-table: add missing documentation about gpt0 stored type * BUG/MINOR: peers: fix data_type bit computation more than 32 data_types * BUG/MINOR: stick-table: fix several printf sign errors dumping tables * DOC: config: use CREATE USER for mysql-check * BUG/MEDIUM: resolvers: Make 1st server of a template take part to SRV resolution * BUG/MINOR: mqtt: Support empty client ID in CONNECT message * BUG/MINOR: mqtt: Fix parser for string with more than 127 characters * BUG/MINOR: tcpcheck: Fix numbering of implicit HTTP send/expect rules * BUILD: Makefile: fix linkage for Haiku. * BUG/MINOR: checks: return correct error code for srv_parse_agent_check * MINOR: resolvers: Reset server IP on error in resolv_get_ip_from_response() * BUG/MINOR: resolvers: Reset server IP when no ip is found in the response * BUG/MINOR: resolvers: Always attach server on matching record on resolution * CLEANUP: dns: Remove a forgotten debug message * DOC: config: Add missing actions in "tcp-request session" documentation * MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules * REGTESTS: fix maxconn update with agent-check * BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check * BUG/MINOR: cache: Correctly handle existing-but-empty 'accept-encoding' header * BUG/MINOR: server/cli: Fix locking in function processing "set server" command * BUG/MINOR: resolvers: Use resolver's lock in resolv_srvrq_expire_task() * BUG/MEDIUM: resolvers: Add a task on servers to check SRV resolution status * MINOR: resolvers: Remove server from named_servers tree when removing a SRV item * MINOR: resolvers: Clean server in a dedicated function when removing a SRV item * BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI * BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is enabled * BUG/MINOR: server-state: load SRV resolution only if params match the config ++++ ignition: - Update to version 2.11.0: * news: add notes for 2.11.0 * Upgraded docs * config/*: return report from previous parser when chaining * config/*: re-order testcases by version * tree: update for stable v3.3.0 and new v3.4.0-experimental * config/v3_4_experimental: adapt for experimental * config/v3_4_experimental: copy from config/v3_3 * config/v3_3: adapt for stabilization * config/v3_3_experimental: rename to config/v3_3 * config/v3_3_exp: pointerify ClevisCustom Config and Pin * config/v3_3_exp: pointerify Raid.Level * config/v3_3_exp: pointerify LinkEmbedded1.Target * stages/disks: simplify a check * config/v3_1/translate: don't point to field from input struct * config/v3_3_exp: drop devices from schema "required" field * config/*: validate that storage.raid.devices is non-empty * config/*/types: add RAID validation tests * config/shared/errors: fix ErrSparesUnsupportedForLevel message * config: fix comment * *: formally bump Go to 1.13 * platform: add powervs platform * internal/providers/*stack: drop dead timeout code * stages/disks: improve error reporting for LUKS device reuse * ignition-setup-user.service: drop Before=multipathd.service * Dockerfile: build ignition-validate container using Fedora * workflows: test on Go 1.16 * tests/*: verify deletion of block device w/o creating a FS * *: allow erasing block device without creating a filesystem * *: rename other projects' master branches to main * *: rename master branch to main * config/*: add export functions for parsing any config version < N * config/*: refactor config.go's Parse() to use GetConfigVersion * config/* : minor cleanup - Refreshed to match new Ignition spec * 0002-allow-multiple-mounts-of-same-device.patch - Implement missing ignition-kargs-helper script for kernel argument support ++++ kernel-default: - extcon: max8997: Add missing modalias string (git-fixes). - extcon: sm5502: Drop invalid register write in sm5502_reg_data (git-fixes). - char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() (git-fixes). - backlight: lm3630a_bl: Put fwnode in error case during ->probe() (git-fixes). - commit 6b8c8e1 - iio: light: tcs3472: do not free unallocated IRQ (git-fixes). - iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: vcnl4035: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: rm3100: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes). - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() (git-fixes). - fpga: machxo2-spi: Address warning about unused variable (git-fixes). - extcon: intel-mrfld: Sync hardware and software state on init (git-fixes). - fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes). - commit b12d968 - iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: ltr501: ltr501_read_ps(): add missing endianness conversion (git-fixes). - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes). - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too (git-fixes). - iio: si1133: fix format string warnings (git-fixes). - iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - commit 2299862 - iio: magn: bmc150: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: hmc5843: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - commit 66bbafb - serial: mvebu-uart: correctly calculate minimal possible baudrate (git-fixes). - serial: mvebu-uart: do not allow changing baudrate when uartclk is not available (git-fixes). - serial: mvebu-uart: fix calculation of clock divisor (git-fixes). - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates (git-fixes). - serial: tegra-tcu: Reorder channel initialization (git-fixes). - staging: rtl8712: fix memory leak in rtl871x_load_fw_cb (git-fixes). - iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adis16400: do not return ints in irq handlers (git-fixes). - iio: adis_buffer: do not return ints in irq handlers (git-fixes). - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode (git-fixes). - mmc: core: clear flags before allowing to retune (git-fixes). - Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes). - Input: usbtouchscreen - fix control-request directions (git-fixes). - mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() (git-fixes). - mtd: partitions: redboot: seek fis-index-block in the right node (git-fixes). - commit a219c27 - usb: dwc3: Fix debugfs creation flow (git-fixes). - xhci: solve a double free problem while doing s4 (git-fixes). - usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() (git-fixes). - usb: dwc2: Don't reset the core after setting turnaround time (git-fixes). - usb: typec: wcove: Fx wrong kernel doc format (git-fixes). - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' (git-fixes). - tty: nozomi: Fix a resource leak in an error handling function (git-fixes). - soundwire: stream: Fix test for DP prepare complete (git-fixes). - visorbus: fix error return code in visorchipset_init() (git-fixes). - commit e666eaf - leds: ktd2692: Fix an error handling path (git-fixes). - leds: as3645a: Fix error return code in as3645a_parse_node() (git-fixes). - leds: lm3532: select regmap I2C API (git-fixes). - ASoC: mediatek: mtk-btcvsd: Fix an error handling path in 'mtk_btcvsd_snd_probe()' (git-fixes). - ASoC: rsnd: tidyup loop on rsnd_adg_clk_query() (git-fixes). - ASoC: atmel-i2s: Fix usage of capture and playback at the same time (git-fixes). - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes). - ALSA: usb-audio: scarlett2: Read mux at init time (git-fixes). - ALSA: usb-audio: scarlett2: Read mixer volumes at init time (git-fixes). - Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro" (git-fixes). - commit ea3fb69 - ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() (git-fixes). - mwifiex: re-fix for unaligned accesses (git-fixes). - lib/decompressors: remove set but not used variabled 'level' (git-fixes). - clk: si5341: Update initialization magic (git-fixes). - clk: si5341: Avoid divide errors due to bogus register contents (git-fixes). - clk: actions: Fix bisp_factor_table based clocks on Owl S500 SoC (git-fixes). - clk: actions: Fix SD clocks factor table on Owl S500 SoC (git-fixes). - clk: actions: Fix UART clock dividers on Owl S500 SoC (git-fixes). - clk: zynqmp: pll: Remove some dead code (git-fixes). - clk: meson: g12a: fix gp0 and hifi ranges (git-fixes). - commit b4df049 - clk: renesas: rcar-gen3: Update Z clock rate formula in comments (git-fixes). - drm/msm/dpu: Fix error return code in dpu_mdss_init() (git-fixes). - drm: qxl: ensure surf.data is ininitialized (git-fixes). - drm/rockchip: dsi: remove extra component_del() call (git-fixes). - drm/rockchip: dsi: move all lane config except LCDC mux to bind() (git-fixes). - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() (git-fixes). - video: fbdev: imxfb: Fix an error message (git-fixes). - ath10k: Fix an error code in ath10k_add_interface() (git-fixes). - commit fc44520 - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path (git-fixes). - can: gw: synchronize rcu operations before removing gw job entry (git-fixes). - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event (git-fixes). - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes). - ath10k: remove unused more_frags variable (git-fixes). - ath10k: add missing error return code in ath10k_pci_probe() (git-fixes). - ath10k: go to path err_unsupported when chip id is not supported (git-fixes). - brcmsmac: mac80211_if: Fix a resource leak in an error handling path (git-fixes). - brcmfmac: correctly report average RSSI in station info (git-fixes). - brcmfmac: fix setting of station info chains bitmask (git-fixes). - commit d8b0fc2 - can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes). - drm/radeon: wait for moving fence after pinning (git-fixes). - drm/nouveau: wait for moving fence after pinning v2 (git-fixes). - cfg80211: call cfg80211_leave_ocb when switching away from OCB (git-fixes). - dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma (git-fixes). - dmaengine: mediatek: do not issue a new desc if one is still current (git-fixes). - dmaengine: mediatek: free the proper desc in desc_free handler (git-fixes). - dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe() (git-fixes). - dmaengine: zynqmp_dma: Fix PM reference leak in zynqmp_dma_alloc_chan_resourc() (git-fixes). - commit 8be348d - gve: Fix swapped vars when fetching max queues (git-fixes). - mac80211: remove iwlwifi specific workaround NDPs of null_response (git-fixes). - mac80211: remove iwlwifi specific workaround that broke sta NDP tx (git-fixes). - mt76: fix possible NULL pointer dereference in mt76_tx (git-fixes). - extcon: extcon-max8997: Fix IRQ freeing at error path (git-fixes). - r8169: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - mac80211_hwsim: drop pending frames on stop (git-fixes). - mac80211: remove warning in ieee80211_get_sband() (git-fixes). - PCI: Add AMD RS690 quirk to enable 64-bit DMA (git-fixes). - commit c400726 - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes). - wireless: carl9170: fix LEDS build errors & warnings (git-fixes). - rsi: Assign beacon rate settings to the correct rate_info descriptor field (git-fixes). - ssb: Fix error return code in ssb_bus_scan() (git-fixes). - ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes). - ACPI: APEI: fix synchronous external aborts in user-mode (git-fixes). - ACPI: sysfs: Fix a buffer overrun problem with description_show() (git-fixes). - cpufreq: sc520_freq: add 'fallthrough' to one case (git-fixes). - ata: ahci_sunxi: Disable DIPM (git-fixes). - commit 4b20cc3 - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() (git-fixes). - media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: gspca/sunplus: fix zero-length control requests (git-fixes). - media: gspca/gl860: fix zero-length control requests (git-fixes). - media: gspca/sq905: fix control-request direction (git-fixes). - media: dtv5100: fix control-request directions (git-fixes). - hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes). - hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes). - commit 655a2af - media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes). - media: tc358743: Fix error return code in tc358743_probe_of() (git-fixes). - media: au0828: fix a NULL vs IS_ERR() check (git-fixes). - media: exynos4-is: Fix a use after free in isp_video_release (git-fixes). - media: dvb-usb: fix wrong definition (git-fixes). - media: rc: i2c: Fix an error message (git-fixes). - media: I2C: change 'RST' to "RSET" to fix multiple build errors (git-fixes). - mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes). - mmc: vub3000: fix control-request direction (git-fixes). - mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes). - commit 0231cde - spi: stm32-qspi: Remove unused qspi field of struct stm32_qspi_flash (git-fixes). - spi: tegra114: Fix an error message (git-fixes). - spi: spi-sun6i: Fix chipselect/clock bug (git-fixes). - regulator: hi655x: Fix pass wrong pointer to config.driver_data (git-fixes). - mmc: block: Disable CMDQ on the ioctl path (git-fixes). - pinctrl: stm32: fix the reported number of GPIO lines per bank (git-fixes). - i2c: robotfuzz-osif: fix control-request directions (git-fixes). - i2c: dev: Add __user annotation (git-fixes). - commit c37129c - can: bcm: delay release of struct bcm_op after synchronize_rcu() (CVE-2021-3609 bsc#1187215). - commit a57ee2f - Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl (CVE-2021-3612 bsc#1187585). - commit 64519f9 - blacklist.conf: Append 'drm/vc4: hdmi: Move the HSM clock enable to runtime_pm' - commit 23b3543 - drm/vc4: hdmi: Make sure the controller is powered in detect (bsc#1152489) Backporting changes: * context changes * vc4_hdmi -> vc4->hdmi - commit 84c924f - drm/amdgpu: Don't query CE and UE errors (bsc#1152472) Backporting changes: * unsigned long -> uint32_t - commit 1637ecb - amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (bsc#1152472) Backporting changes: * context changes - commit f40c83c - drm/msm: Small msm_gem_purge() fix (bsc#1152489) Backporting changes: * context changes * GEM_WARN_ON() -> WARN_ON() - commit f02a5b9 - drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() (bsc#1152489) Backporting changes: * context changes - commit fee040e - blacklist.conf: Append 'drm/vc4: hdmi: Restore cec physical address on reconnect' - commit b32f423 - Update patch reference for patches.suse/module-limit-enabling-module.sig_enforce.patch (git-fixes, CVE-2021-35039, bsc#1188080). - commit 8d3fd9b - blacklist.conf: Append 'drm/vc4: crtc: Reduce PV fifo threshold on hvs4' - commit 3780e05 - tpm, tpm_tis: Reserve locality in tpm_tis_resume() (bsc#1188036). - tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt() (bsc#1188036). - tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with request_locality() (bsc#1188036). - tpm, tpm_tis: Decorate tpm_get_timeouts() with request_locality() (bsc#1188036). - commit 2c323b1 - drm: bridge/panel: Cleanup connector on bridge detach (bsc#1152489) Backporting changes: * context changes - commit b16ae28 - drm/mcde/panel: Inverse misunderstood flag (bsc#1152472) Backporting changes: * only panel-samsung-s6d16d0.c exists - commit 83514d0 - drm/stm: Fix bus_flags handling (bsc#1152472) - commit eaa7b7a ++++ kernel-firmware: - Update to version 20210629 (git commit d79c26779d45): * amdgpu: update vcn firmware for green sardine for 21.20 * amdgpu: update vcn firmware for renoir for 21.20 * amdgpu: update vcn firmware for navi14 for 21.20 * amdgpu: update vcn firmware for navi12 for 21.20 * amdgpu: update vcn firmware for navi10 for 21.20 * amdgpu: add initial dimgrey cavefish firmware from 21.20 * amdgpu: update sienna cichlid firmware from 21.20 * amdgpu: update vega20 firmware from 21.20 * amdgpu: update Picasso firmware from 21.20 * amdgpu: update navi14 firmware from 21.20 * amdgpu: update green sardine firmware from 21.20 * amdgpu: update vega12 firmware from 21.20 * amdgpu: update navi12 firmware from 21.20 * amdgpu: update vega10 firmware from 21.20 * amdgpu: update renoir firmware from 21.20 * amdgpu: update navi10 firmware from 21.20 * amdgpu: update raven2 firmware from 21.20 * amdgpu: update arcturus firmware from 21.20 * amdgpu: update raven firmware from 21.20 * amdgpu: update navy flounder firmware from 21.20 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * rtl_bt: Update RTL8852A BT USB firmware to 0xD9A8_A0CD * linux-firmware: update firmware for MT7921 WiFi device to 20210612122753 * rtl_bt: Update RTL8822C BT(UART I/F) FW to 0x05A8_C6B4 * QCA: Update Bluetooth firmware for QCA6174 - Add missing CA0132 firmware files into kernel-firmware-sound (boo#1187825) - Update aliases ++++ libeconf: - Update to version 0.4.0+git20210707.537a8a: * Fixed resource leaks found by Iker Pedrosa. ++++ gpgme: - gpgme 1.16.0: * New context flag "cert-expire" * New data flags "io-buffer-size" and "sensitive" * cpp,qt: Add support for trust signatures * qt: Add support for flags in LDAP server options * qt: Fix too high memory consumption due to QProcess * qt: Do not set empty base DN as query of keyserver URL * qt: Extend SignKeyJob to create signatures with expiration date * python: New optional parameter filter_signatures for decrypt - run all tests again - add patches to fix tests: * gpgme-1.16.0-Use-after-free-in-t-edit-sign-test.patch * gpgme-1.16.0-t-various-testSignKeyWithExpiration-32-bit.patch ++++ libvirt: - virtlockd: Don't report error if lockspace exists de1e0ae0-lockd-no-error-if-lockspace.patch bsc#1184253 ------------------------------------------------------------------ ------------------ 2021-7-6 - Jul 6 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - usb: typec: tcpm: Move mod_delayed_work(&port->vdm_state_machine) call into tcpm_queue_vdm() (git-fixes). - Refresh patches.suse/usb-typec-tcpm-Refactor-tcpm_handle_vdm_request-payl.patch. - Refresh patches.suse/usb-typec-tcpm-Refactor-tcpm_handle_vdm_request.patch. - commit 25ab009 - usb: typec: tcpm: Error handling for tcpm_register_partner_altmodes (git-fixes). - commit d172a56 - usb: typec: tcpm: move to SNK_UNATTACHED if sink removed for DRP (git-fixes). - commit 44e186b - usb: typec: tcpm: set correct data role for non-DRD (git-fixes). - commit d27b294 - usb: typec: tcpm: Remove tcpc_config configuration mechanism (git-fixes). - commit 20564c3 - usb: typec: tcpm: Switch to use fwnode_property_count_uXX() (git-fixes). - commit 69ab721 - usb: typec: tcpm: Refactor tcpm_handle_vdm_request (git-fixes). - commit b4b2308 - usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling (git-fixes). - commit 9417ed4 - usb: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes). - commit ec4c8d0 - usb: typec: ucsi: Hold con->lock for the entire duration of ucsi_register_port() (git-fixes). - commit 9f0dcac - usb: typec: tcpm: update power supply once partner accepts (git-fixes). - commit 54348d7 - docs: admin-guide: update description for kernel.hotplug sysctl (git-fixes). - blacklist.conf: we do ship the kernel sources and the documentation. They may just as well be up to date. - commit 7d1b971 - series.conf: cleanup - update upstream references and resort: patches.suse/scsi-ibmvfc-Avoid-move-login-if-fast-fail-is-enabled.patch patches.suse/scsi-ibmvfc-Handle-move-login-failure.patch patches.suse/scsi-ibmvfc-Reinit-target-retries.patch patches.suse/scsi-lpfc-Add-a-option-to-enable-interlocked-ABTS-be.patch patches.suse/scsi-lpfc-Add-ndlp-kref-accounting-for-resume-RPI-pa.patch patches.suse/scsi-lpfc-Fix-Node-recovery-when-driver-is-handling-.patch patches.suse/scsi-lpfc-Fix-Unexpected-timeout-error-in-direct-att.patch patches.suse/scsi-lpfc-Fix-crash-when-lpfc_sli4_hba_setup-fails-t.patch patches.suse/scsi-lpfc-Fix-node-handling-for-Fabric-Controller-an.patch patches.suse/scsi-lpfc-Fix-non-optimized-ERSP-handling.patch patches.suse/scsi-lpfc-Fix-unreleased-RPIs-when-NPIV-ports-are-cr.patch patches.suse/scsi-lpfc-Ignore-GID-FT-response-that-may-be-receive.patch patches.suse/scsi-lpfc-Reregister-FPIN-types-if-ELS_RDF-is-receiv.patch patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.10.patch patches.suse/scsi-scsi_dh_alua-Retry-RTPG-on-a-different-path-aft.patch - commit 9a3a833 - fix patch metadata - fix Patch-mainline and move to "almost mainline" section: patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch - commit 81935f9 ++++ less: - Fix build on Leap: Account for distinction in confdir after UsrMerge. ++++ libvirt: - CVE-2021-3631: fix SELinux label generation logic 15073504-CVE-2021-3631.patch bsc#1187871 ++++ linuxptp: - Update to version 3.1.1: * Version 3.1.1 * tc: Fix length of follow-up message of one-step sync. * Validate the messageLength field of incoming messages. ++++ selinux-policy: - Add tabrmd SELinux modules from upstream (bsc#1187925) https://github.com/tpm2-software/tpm2-abrmd/tree/master/selinux - Automatic spec-cleaner to fix ordering and misaligned spaces ++++ supportutils: - Changes to version 3.1.17 + Adding ethtool options g l m to network.txt (jsc#SLE-18240) ++++ suse-module-tools: - Update to version 15.3.8: * modprobe.d: Remove dma=none setting for parport_pc (bsc#1177695) ------------------------------------------------------------------ ------------------ 2021-7-5 - Jul 5 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blacklist.conf: 1e886090cefe docs: admin-guide: update description for kernel.hotplug sysctl - commit 1332420 - x86/elf: Use _BITUL() macro in UAPI headers (bsc#1178134). - commit 5b8c19e - blacklist.conf: 89f5f8fb5bf4 EDAC/thunderx: Remove irrelevant variable from error messages - commit 7c3f543 ++++ pango: - Update to version 1.48.7: + Fix a thread-safety issue in fontmap initialization. + Small documentation improvements. ++++ libsepol: - Fix use-after-free in __cil_verify_classperms (CVE-2021-36085, 1187965). Added CVE-2021-36085.patch - Fix use-after-free in cil_reset_classpermission (CVE-2021-36086, 1187964). Added CVE-2021-36086.patch ++++ systemd: - systemd-hwdb-update.service should be shipped by the udev package ++++ yast2-trans: - Update to version 84.87.20210703.f3c2e3c809: * New POT for text domain 'network'. * Update IRC link * New POT for text domain 'users'. * New POT for text domain 'installation'. * New POT for text domain 'control'. ------------------------------------------------------------------ ------------------ 2021-7-3 - Jul 3 2021 ------------------- ------------------------------------------------------------------ ++++ fmt: - Update to version 8.0.1 * Fixed the version number in the inline namespace. * Added a missing presentation type check for std::string. * Fixed a linkage error when mixing code built with clang and gcc. * Fixed documentation issues. * Removed dead code in FP formatter. * Fixed various warnings and compilation issues. ++++ qemu: - Fix qemu-supportconfig network-manager verification ------------------------------------------------------------------ ------------------ 2021-7-2 - Jul 2 2021 ------------------- ------------------------------------------------------------------ ++++ avahi: - Add avahi-CVE-2021-3502.patch: fix NULL pointer crashes (boo#1184846 CVE-2021-3502). ++++ hwinfo: - merge gh#openSUSE/hwinfo#100 - recognize loongarch64 architecture - 21.75 ++++ kernel-default: - blacklist.conf: d8778e393afa x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer - commit 07e7bbd - x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#1152489). - commit 05b202a - scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980). - commit bc82289 - cgroup1: don't allow '\n' in renaming (bsc#1187972). - commit 31d330a - qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486). - commit 8249f86 - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1177028). - bpf: Fix libelf endian handling in resolv_btfids (bsc#1177028). - commit f52fc7f ++++ nvme-cli: - install bash-completion file in correct directory - recommend bash-completion ++++ ovmf: - Add ovmf-xen-relocate-shared_info_page-map.patch to fix the save/restore/migrate in ovmf-xen ++++ suseconnect-ng: - Update to version 0.0.0~git.a083a1f: * Add Product.IsEmpty() * Add unit test for token auth * Add obs workflow to be able to use it as CI * add files to build rpm * Add more zypper operations * Unexport api functions * Add --cleanup CLI action * Add listing of installed services via zypper * Change zypperRun args to take a slice of strings * Fix printInformation() outputs ------------------------------------------------------------------ ------------------ 2021-7-1 - Jul 1 2021 ------------------- ------------------------------------------------------------------ ++++ chrony: - boo#1187906: Consolidate all references to the helper script. - bsc#1173760: MD5 is not available from mozilla-nss in FIPS mode, but needed for calculating refids from IPv6 addresses as part of the NTP protocol (rfc5905). As this is a non-cryptographic use of MD5 we can use our own implementation without violating FIPS rules: chrony-refid-internal-md5.patch . ++++ cryptsetup: - cryptsetup 2.3.6: * integritysetup: Fix possible dm-integrity mapping table truncation. * cryptsetup: Backup header can be used to activate TCRYPT device. Use --header option to specify the header. * cryptsetup: Avoid LUKS2 decryption without detached header. This feature will be added later and is currently not supported. * Additional fixes and workarounds for common warnings produced by some static analysis tools (like gcc-11 analyzer) and additional code hardening. * Fix standalone libintl detection for compiled tests. * Add Blake2b and Blake2s hash support for crypto backends. Kernel and gcrypt crypto backend support all variants. OpenSSL supports only Blake2b-512 and Blake2s-256. Crypto backend supports kernel notation e.g. "blake2b-512". ++++ glibc: - wordexp-param-overflow.patch: wordexp: handle overflow in positional parameter number (CVE-2021-35942, bsc#1187911, BZ #28011) ++++ kernel-default: - x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#1152489). - commit f14058e - x86/fpu: Preserve supervisor states in sanitize_restored_user_xstate() (bsc#1178134). - commit 8de1b90 - kernel-binary.spec: Remove obsolete and wrong comment mkmakefile is repleced by echo on newer kernel - commit d9209e7 - ceph: must hold snap_rwsem when filling inode for async create (bsc#1187927). - commit 288e232 - ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237). - ibmvnic: fix send_request_map incompatible argument (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237). - ibmvnic: Allow device probe if the device is not ready at boot (bsc#1184114 ltc#192237). - ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c (bsc#1184114 ltc#192237). - commit 6f12df4 - series.conf: cleanup - update upstream reference and resort: patches.suse/Revert-ibmvnic-simplify-reset_long_term_buff-functio.patch - commit dc51831 - Update patches.suse/RDMA-ucma-Rework-ucma_migrate_id-to-avoid-races-with.patch (bsc#1181147 bsc#1187050 CVE-2020-36385). Added CVE reference. - commit f7b3ebb - ibmvnic: account for bufs already saved in indir_buf (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: clean pending indirect buffs during reset (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - commit 4925dab - fix patch metadata - fix upstream reference: patches.suse/bpfilter-Specify-the-log-level-for-the-kmsg-message.patch - commit 4e6fe72 - ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363). - commit badd4e0 - perf/x86/intel/uncore: Fix a kernel WARNING triggered by maxcpus=1 (git-fixes). - commit 9602802 - ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes). - ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098). - Revert "ibmvnic: remove duplicate napi_schedule call in open function" (bsc#1065729). - commit e5fa23c - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes). - Refresh patches.suse/0001-ipmi-watchdog-Stop-watchdog-timer-when-the-current-a.patch. - Refresh patches.suse/block-return-the-correct-bvec-when-checking-for-gaps.patch. - Refresh patches.suse/ibmvnic-remove-default-label-from-to_string-switch.patch. - commit bff6126 - nvmem: rmem: fix undefined reference to memremap (git-fixes). - commit 420be35 - series.conf: cleanup - update upstream references and resort: patches.suse/0001-ipmi-watchdog-Stop-watchdog-timer-when-the-current-a.patch patches.suse/block-return-the-correct-bvec-when-checking-for-gaps.patch patches.suse/ibmvnic-remove-default-label-from-to_string-switch.patch patches.suse/xfrm-policy-Read-seqcount-outside-of-rcu-read-side-i.patch - commit fc2830a - bpfilter: Specify the log level for the kmsg message (bsc#1155518). - commit a6b5aff - Blacklisted SCSI ufs core patch: way out of context. - commit 33b89f4 ++++ Mesa: - update to 21.1.4 * fourth bugfix release ++++ systemd: - Finally don't create /run/lock/subsys anymore This effectively reverts the fix for bsc#1187292 made earlier. This directory is specific to RH sysvinit and since we're going to fade the support of SysV init script away the directory has no future. ++++ qemu: - Fix stable issues found in upstream: hmp-Fix-loadvm-to-resume-the-VM-on-succe.patch hw-block-nvme-align-with-existing-style.patch hw-nvme-fix-missing-check-for-PMR-capabi.patch hw-nvme-fix-pin-based-interrupt-behavior.patch linux-user-aarch64-Enable-hwcap-for-RND-.patch qemu-config-load-modules-when-instantiat.patch qemu-config-parse-configuration-files-to.patch qemu-config-use-qemu_opts_from_qdict.patch runstate-Initialize-Error-to-NULL.patch target-i386-Exit-tb-after-wrmsr.patch tcg-Allocate-sufficient-storage-in-temp_.patch tcg-sparc-Fix-temp_allocate_frame-vs-spa.patch vhost-vdpa-don-t-initialize-backend_feat.patch vl-allow-not-specifying-size-in-m-when-u.patch vl-Fix-an-assert-failure-in-error-path.patch vl-plug-object-back-into-readconfig.patch vl-plumb-keyval-based-options-into-readc.patch x86-acpi-use-offset-instead-of-pointer-w.patch - Update qemu-supportconfig plugin ++++ runc: - Backport to fix issues with runc under openSUSE MicroOS's SELinux policy. boo#1187704 + boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch ++++ shim: - Add shim-bsc1187696-avoid-deleting-rt-variables.patch to avoid deleting the mirrored RT variables (bsc#1187696) ++++ zypper: - Quick fix obs:// platform guessing for Leap (bsc#1187425) - man: point out more clearly that patches update affected packages to the latest version (bsc#1187466) - version 1.14.47 ------------------------------------------------------------------ ------------------ 2021-6-30 - Jun 30 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.32.2 (CVE-2020-13529): + hostname: prefer IPv4 addresses for reverse DNS lookup. + dhcp: ignore unauthenticated FORCERENEW messages with internal, systemd-based DHCPv4 plugin (CVE-2020-13529). This plugin is not used, unless the undocumented dhcp=systemd option was set. + cloud-setup: preserve IP addresses, routes and rules from currently active connection profile. + Various bugfixes and performance improvements. ++++ kernel-default: - FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886). - scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1187886). - commit bf3226e - Blacklisted libsas new gfp variant patches - commit 7d45a44 - scsi: core: Fix race between handling STS_RESOURCE and completion (bsc#1187883). - Refresh patches.suse/scsi_dh_alua-return-BLK_STS_AGAIN-for-ALUA-transitio.patch. - commit 1a66f28 - Blacklisted scsi commit that should be skipped. - commit 6c0722b - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (bsc#1187867). - commit 4323f85 - kthread_worker: split code for canceling the delayed work timer (bsc#1187867). - commit f950430 - dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212). - commit fa16d18 - Revert "ibmvnic: simplify reset_long_term_buff function" (bsc#1186206 ltc#191041). - commit ae5a395 ++++ sqlite3: - Sync version 3.36.0 from Factory to implement jsc#SLE-16032. - Obsoletes sqlite3-CVE-2019-16168.patch. - The following CVEs have been fixed in upstream releases up to this point, but were not mentioned in the change log so far: * bsc#1173641, CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization * bsc#1164719, CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator * bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error * bsc#1160438, CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input * bsc#1160309, CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference * bsc#1159850, CVE-2019-19924: improper error handling in sqlite3WindowRewrite() * bsc#1159847, CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive * bsc#1159715, CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c * bsc#1159491, CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference * bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name * bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns * bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements * bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service * bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage * bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names * CVE-2020-13434 boo#1172115: integer overflow in sqlite3_str_vappendf * CVE-2020-13630 boo#1172234: use-after-free in fts3EvalNextRow * CVE-2020-13631 boo#1172236: virtual table allowed to be renamed to one of its shadow tables * CVE-2020-13632 boo#1172240: NULL pointer dereference via crafted matchinfo() query * CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (boo#1172091) ------------------------------------------------------------------ ------------------ 2021-6-29 - Jun 29 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - SCSI: ufs: fix ktime_t kabi change (bsc#1187795). - scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187795). - commit 51e8b33 - Blacklisted commit already removed, to keep it away - commit 2ac8cfe - blacklist.conf: Append 'drm/shmem-helpers: vunmap: Don't put pages for dma-buf' - commit 4f0b109 ++++ libcontainers-common: - Mention libcontainers-common.rpmlintrc as source - Use versioned obsoletes ++++ pango: - Update to version 1.48.6: + Avoid attribute index overflow. + Add a new pango-segmentation utility. + Documentation cleanups and fixes. + Update script property data for gravity. + Bring back careful glyph position rounding. + Add a few missing bidi types. + Add more tests. ++++ sysuser-tools: - Remove usage of grep from sysusers-generate-pre - Add a simple test of sysusers-generate-pre to %check ------------------------------------------------------------------ ------------------ 2021-6-28 - Jun 28 2021 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.110.gbe35f166: * fix(fips-suse): fipscheck doesn't need the -c parameter (bsc#1187498) * fix(kernel-install): initrd vs initramfs ++++ gobject-introspection: - Revert back o HOSTTYPE: RPM_ARCH is not available to the dep scanners. ++++ grub2: - Fix error not a btrfs filesystem on s390x (bsc#1187645) * 80_suse_btrfs_snapshot ++++ kernel-default: - s390/stack: fix possible register corruption with stack switch helper (bsc#1185677). - commit d57c991 - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (jsc#SLE-13513 bsc#1176919 ltc#186162 git-fixes). - commit 8cc69d2 - Revert "video: imsttfb: fix potential NULL pointer dereferences" (bsc#1152489) - commit cb44bac ++++ systemd: - Import commit e9a23d9e064c2e7ac21a1b984d116bcf15327e63 8dd19c6ee3 sd-device: allow to read sysattr which contains embedded NUL d52409e5fe pid1: only add a Wants= type dependency on /tmp when PrivateTmp=yes (bsc#1181970 - Enable TPM2 support ++++ tpm2-0-tss: - small services fixes and comments ++++ linux-glibc-devel: - Update to kernel headers 5.13 ++++ live-langset-data: - Don't restart systemd-vconsole-setup.service explicitly (boo#1187618) ++++ selinux-policy: - Update to version 20210419 - Dropped fix_gift.patch, module was removed - Updated wicked.te to removed dropped interface - Refreshed: * fix_cockpit.patch * fix_hadoop.patch * fix_init.patch * fix_logging.patch * fix_logrotate.patch * fix_networkmanager.patch * fix_nscd.patch * fix_rpm.patch * fix_selinuxutil.patch * fix_systemd.patch * fix_systemd_watch.patch * fix_thunderbird.patch * fix_unconfined.patch * fix_unconfineduser.patch * fix_unprivuser.patch * fix_xserver.patch ++++ tpm2.0-tools: - update to version 5.1.1: - tpm2_import: fix fixed AES key CVE-2021-3565 - tpm2_import used a fixed AES key for the inner wrapper, which means that a MITM attack would be able to unwrap the imported key. To fix this, ensure the key size is 16 bytes or bigger and use OpenSSL to generate a secure random AES key. - Avoid pandoc build dependency, use prebuilt man pages everywhere - Drop 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch, now upstream - Drop _service, unused - Drop unused unzip build dependency - Drop autoreconfigure call, no longer necessary - Use %autosetup - Verify tarball signature - Build against efivar - Drop %check section, tests weren't built, so that was a noop ++++ yast2-trans: - Update to version 84.87.20210626.da1ad1189b: * New POT for text domain 's390'. * New POT for text domain 'base'. ------------------------------------------------------------------ ------------------ 2021-6-27 - Jun 27 2021 ------------------- ------------------------------------------------------------------ ++++ cockpit-machines: - Add source-offest to _service to fix build error in Leap 15.3. ++++ opensc: - Fix build on GCC11 * Add opensc-gcc11.patch from Fedora (https://github.com/OpenSC/OpenSC/pull/2241/) ++++ podman: - Update to version 3.2.2: * Bump to v3.2.2 * fix systemcontext to use correct TMPDIR * Scrub podman commands to use report package * Fix volumes with uid and gid options * Vendor in c/common v0.38.11 * Initial release notes for v3.2.2 * Fix restoring of privileged containers * Fix handling of podman-remote build --device * Add support for podman remote build -f - . * Fix panic condition in cgroups.getAvailableControllers * Fix permissions on initially created named volumes * Fix building static podman-remote * add correct slirp ip to /etc/hosts * disable tty-size exec checks in system tests * Fix resize race with podman exec -it * Fix documentation of the --format option of podman push * Fix systemd-resolved detection. * Health Check is not handled in the compat LibpodToContainerJSON * Do not use inotify for OCICNI * getContainerNetworkInfo: lock netNsCtr before sync * [NO TESTS NEEDED] Create /etc/mtab with the correct ownership * Create the /etc/mtab file if does not exists * [v3.2] cp: do not allow dir->file copying * create: support images with invalid platform * vendor containers/common@v0.38.10 * logs: k8s-file: restore poll sleep * logs: k8s-file: fix spurious error logs * utils: move message from warning to debug * Bump to v3.2.2-dev ------------------------------------------------------------------ ------------------ 2021-6-26 - Jun 26 2021 ------------------- ------------------------------------------------------------------ ++++ ceph: - Update to 16.2.4-564-g9689286366a: + rebased on top of upstream commit SHA1 e57defcbcc91e67aac958c4a52d657a7a907e8ef ------------------------------------------------------------------ ------------------ 2021-6-25 - Jun 25 2021 ------------------- ------------------------------------------------------------------ ++++ dbus-1: - Fix CVE-2020-35512 - shared UID's caused issues (CVE-2020-35512 bsc#1187105) * fix-upstream-userdb-constpointer.patch * fix-upstream-CVE-2020-35512.patch ++++ dbus-1-x11: - Fix CVE-2020-35512 - shared UID's caused issues (CVE-2020-35512 bsc#1187105) * fix-upstream-userdb-constpointer.patch * fix-upstream-CVE-2020-35512.patch ++++ kernel-default: - Revert "Update config files (bsc#1187167)" (bsc#1187711). The key is needed. When a random key is generaeted it is a problem with OBS repository setup. OBS should provide a signing key. - commit b53af95 - s390/dasd: add missing discipline function (git-fixes). - commit ea8d00e - kernel: kexec_file: fix error return code of kexec_calculate_store_digests() (git-fixes). - commit c886494 - drm/vc4: hdmi: Make sure the controller is powered in detect (git-fixes). - drm/vc4: hdmi: Move the HSM clock enable to runtime_pm (git-fixes). - commit 20bb391 - blacklist.conf: Add amdgpu entries that have been reverted (git-fixes) - commit 41610da - mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes). - commit c1d2306 ++++ libcbor: - Add libcbor-0.5.0-fix-lib.patch to not build shared lib twice and make package build reproducible (boo#1102408) ++++ libcontainers-common: - Update common to 0.38.11 0.38.11: * Strip extra trailing newlines in templates * Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp 0.38.10: * libimage: pull: override even --pull=never with custom platfo * libimage: pull: enforce pull policy for custom platforms * libimage: pull: ignore platform for local image lookup * Allow /etc/containers/containers.conf to be read by non-root * [0.38] libimage: force remove: only untag on multi tag image 0.38.9: * libimage: fix Exists 0.38.8: * libmage: Exists: catch corrupted images 0.38.7: * libimage: pull: turn image-lookup errors non-fatal 0.38.6: * [0.38] Leave default seccomp path empty 0.38.5: * pull: don't resolve short names on explicit docker:// reference 0.38.4: Revert "Do not emit warnings about OCI runtime paths" libimage: lookup: tolerate corrupted image 0.38.3: build(deps): bump github.com/containers/storage from 1.30.3 to 1.31.1 libimage: fix manifest list lookup - Update podman to 3.2.2 3.2.2: [#]## Changes - Podman's handling of the Architecture field of images has been relaxed. Since 3.2.0, Podman required that the architecture of the image match the architecture of the system to run containers based on an image, but images often incorrectly report architecture, causing Podman to reject valid images ([#10648](https://github.com/containers/podman/issues/10648) and [#10682](https://github.com/containers/podman/issues/10682)). - Podman no longer uses inotify to monitor for changes to CNI configurations. This removes potential issues where Podman cannot be run because a user has exhausted their available inotify sessions ([#10686](https://github.com/containers/podman/issues/10686)). [#]## Bugfixes - Fixed a bug where the `podman cp` would, when given a directory as its source and a target that existed and was a file, copy the contents of the directory into the parent directory of the file; this now results in an error. - Fixed a bug where the `podman logs` command would, when following a running container's logs, not include the last line of output from the container when it exited when the `k8s-file` driver was in use ([#10675](https://github.com/containers/podman/issues/10675)). - Fixed a bug where Podman would fail to run containers if `systemd-resolved` was incorrectly detected as the system's DNS server ([#10733](https://github.com/containers/podman/issues/10733)). - Fixed a bug where the `podman exec -t` command would only resize the exec session's TTY after the session started, leading to a race condition where the terminal would initially not have a size set ([#10560](https://github.com/containers/podman/issues/10560)). - Fixed a bug where Podman containers using the `slirp4netns` network mode would add an incorrect entry to `/etc/hosts` pointing the container's hostname to the wrong IP address. - Fixed a bug where Podman would create volumes specified by images with incorrect permissions ([#10188](https://github.com/containers/podman/issues/10188) and [#10606](https://github.com/containers/podman/issues/10606)). - Fixed a bug where Podman would not respect the `uid` and `gid` options to `podman volume create -o` ([#10620](https://github.com/containers/podman/issues/10620)). - Fixed a bug where the `podman run` command could panic when parsing the system's cgroup configuration ([#10666](https://github.com/containers/podman/issues/10666)). - Fixed a bug where the remote Podman client's `podman build -f - ...` command did not read a Containerfile from STDIN ([#10621](https://github.com/containers/podman/issues/10621)). - Fixed a bug where the `podman container restore --import` command would fail to restore checkpoints created from privileged containers ([#10615](https://github.com/containers/podman/issues/10615)). - Fixed a bug where Podman was not respecting the `TMPDIR` environment variable when pulling images ([#10698](https://github.com/containers/podman/issues/10698)). - Fixed a bug where a number of Podman commands did not properly support using Go templates as an argument to the `--format` option. [#]## API - Fixed a bug where the Compat Inspect endpoint for Containers did not include information on container healthchecks ([#10457](https://github.com/containers/podman/issues/10457)). - Fixed a bug where the Libpod and Compat Build endpoints for Images did not properly handle the `devices` query parameter ([#10614](https://github.com/containers/podman/issues/10614)). [#]## Misc - Fixed a bug where the Makefile's `make podman-remote-static` target to build a statically-linked `podman-remote` binary was instead producing dynamic binaries ([#10656](https://github.com/containers/podman/issues/10656)). - Updated the containers/common library to v0.38.11 3.2.1: [#]## Changes - Podman now allows corrupt images (e.g. from restarting the system during an image pull) to be replaced by a `podman pull` of the same image (instead of requiring they be removed first, then re-pulled). [#]## Bugfixes - Fixed a bug where Podman would fail to start containers if a Seccomp profile was not available at `/usr/share/containers/seccomp.json` ([#10556](https://github.com/containers/podman/issues/10556)). - Fixed a bug where the `podman machine start` command failed on OS X machines with the AMD64 architecture and certain QEMU versions ([#10555](https://github.com/containers/podman/issues/10555)). - Fixed a bug where Podman would always use the slow path for joining the rootless user namespace. - Fixed a bug where the `podman stats` command would fail on Cgroups v1 systems when run on a container running systemd ([#10602](https://github.com/containers/podman/issues/10602)). - Fixed a bug where pre-checkpoint support for `podman container checkpoint` did not function correctly. - Fixed a bug where the remote Podman client's `podman build` command did not properly handle the `-f` option ([#9871](https://github.com/containers/podman/issues/9871)). - Fixed a bug where the remote Podman client's `podman run` command would sometimes not resize the container's terminal before execution began ([#9859](https://github.com/containers/podman/issues/9859)). - Fixed a bug where the `--filter` option to the `podman image prune` command was nonfunctional. - Fixed a bug where the `podman logs -f` command would exit before all output for a container was printed when the `k8s-file` log driver was in use ([#10596](https://github.com/containers/podman/issues/10596)). - Fixed a bug where Podman would not correctly detect that systemd-resolved was in use on the host and adjust DNS servers in the container appropriately under some circumstances ([#10570](https://github.com/containers/podman/issues/10570)). - Fixed a bug where the `podman network connect` and `podman network disconnect` commands acted improperly when containers were in the Created state, marking the changes as done but not actually performing them. [#]## API - Fixed a bug where the Compat and Libpod Prune endpoints for Networks returned null, instead of an empty array, when nothing was pruned. - Fixed a bug where the Create API for Images would continue to pull images even if a client closed the connection mid-pull ([#7558](https://github.com/containers/podman/issues/7558)). - Fixed a bug where the Events API did not include some information (including labels) when sending events. - Fixed a bug where the Events API would, when streaming was not requested, send at most one event ([#10529](https://github.com/containers/podman/issues/10529)). [#]## Misc - Updated the containers/common library to v0.38.9 3.2.0: [#]## Features - Docker Compose is now supported with rootless Podman ([#9169](https://github.com/containers/podman/issues/9169)). - The `podman network connect`, `podman network disconnect`, and `podman network reload` commands have been enabled for rootless Podman. - An experimental new set of commands, `podman machine`, was added to assist in managing virtual machines containing a Podman server. These are intended for easing the use of Podman on OS X by handling the creation of a Linux VM for running Podman. - The `podman generate kube` command can now be run on Podman named volumes (generating `PersistentVolumeClaim` YAML), in addition to pods and containers. - The `podman play kube` command now supports two new options, `--ip` and `--mac`, to set static IPs and MAC addresses for created pods ([#8442](https://github.com/containers/podman/issues/8442) and [#9731](https://github.com/containers/podman/issues/9731)). - The `podman play kube` command's support for `PersistentVolumeClaim` YAML has been greatly improved. - The `podman generate kube` command now preserves the label used by `podman auto-update` to identify containers to update as a Kubernetes annotation, and the `podman play kube` command will convert this annotation back into a label. This allows `podman auto-update` to be used with containers created by `podman play kube`. - The `podman play kube` command now supports Kubernetes `secretRef` YAML (using the secrets support from `podman secret`) for environment variables. - Secrets can now be added to containers as environment variables using the `type=env` option to the `--secret` flag to `podman create` and `podman run`. - The `podman start` command now supports the `--all` option, allowing all containers to be started simultaneously with a single command. The `--filter` option has also been added to filter which containers to start when `--all` is used. - Filtering containers with the `--filter` option to `podman ps` and `podman start` now supports a new filter, `restart-policy`, to filter containers based on their restart policy. - The `--group-add` option to rootless `podman run` and `podman create` now accepts a new value, `keep-groups`, which instructs Podman to retain the supplemental groups of the user running Podman in the created container. This is only supported with the `crun` OCI runtime. - The `podman run` and `podman create` commands now support a new option, `--timeout`. This sets a maximum time the container is allowed to run, after which it is killed ([#6412](https://github.com/containers/podman/issues/6412)). - The `podman run` and `podman create` commands now support a new option, `--pidfile`. This will create a file when the container is started containing the PID of the first process in the container. - The `podman run` and `podman create` commands now support a new option, `--requires`. The `--requires` option adds dependency containers - containers that must be running before the current container. Commands like `podman start` will automatically start the requirements of a container before starting the container itself. - Auto-updating containers can now be done with locally-built images, not just images hosted on a registry, by creating containers with the `io.containers.autoupdate` label set to `local`. - Podman now supports the [Container Device Interface](https://github.com/container-orchestrated-devices/container-device-interface) (CDI) standard. - Podman now adds an entry to `/etc/hosts`, `host.containers.internal`, pointing to the current gateway (which, for root containers, is usually a bridge interface on the host system) ([#5651](https://github.com/containers/podman/issues/5651)). - The `podman ps`, `podman pod ps`, `podman network list`, `podman secret list`, and `podman volume list` commands now support a `--noheading` option, which will cause Podman to omit the heading line including column names. - The `podman unshare` command now supports a new flag, `--rootless-cni`, to join the rootless network namespace. This allows commands to be run in the same network environment as rootless containers with CNI networking. - The `--security-opt unmask=` option to `podman run` and `podman create` now supports glob operations to unmask a group of paths at once (e.g. `podman run --security-opt unmask=/proc/* ...` will unmask all paths in `/proc` in the container). - The `podman network prune` command now supports a `--filter` option to filter which networks will be pruned. [#]## Changes - The change in Podman 3.1.2 where the `:z` and `:Z` mount options for volumes were ignored for privileged containers has been reverted after discussion in [#10209](https://github.com/containers/podman/issues/10209). - Podman's rootless CNI functionality no longer requires a sidecar container! The removal of the requirement for the `rootless-cni-infra` container means that rootless CNI is now usable on all architectures, not just AMD64, and no longer requires pulling an image ([#8709](https://github.com/containers/podman/issues/8709)). - The Image handling code used by Podman has seen a major rewrite to improve code sharing with our other projects, Buildah and CRI-O. This should result in fewer bugs and performance gains in the long term. Work on this is still ongoing. - The `podman auto-update` command now prunes previous versions of images after updating if they are unused, to prevent disk exhaustion after repeated updates ([#10190](https://github.com/containers/podman/issues/10190)). - The `podman play kube` now treats environment variables configured as references to a `ConfigMap` as mandatory unless the `optional` parameter was set; this better matches the behavior of Kubernetes. - Podman now supports the `--context=default` flag from Docker as a no-op for compatibility purposes. - When Podman is run as root, but without `CAP_SYS_ADMIN` being available, it will run in a user namespace using the same code as rootless Podman (instead of failing outright). - The `podman info` command now includes the path of the Seccomp profile Podman is using, available cgroup controllers, and whether Podman is connected to a remote service or running containers locally. - Containers created with the `--rm` option now automatically use the `volatile` storage flag when available for their root filesystems, causing them not to write changes to disk as often as they will be removed at completion anyways. This should result in improved performance. - The `podman generate systemd --new` command will now include environment variables referenced by the container in generated unit files if the value would be looked up from the system environment. - Podman now requires that Conmon v2.0.24 be available. [#]## Bugfixes - Fixed a bug where the remote Podman client's `podman build` command did not support the `--arch`, `--platform`, and `--os`, options. - Fixed a bug where the remote Podman client's `podman build` command ignored the `--rm=false` option ([#9869](https://github.com/containers/podman/issues/9869)). - Fixed a bug where the remote Podman client's `podman build --iidfile` command could include extra output (in addition to just the image ID) in the image ID file written ([#10233](https://github.com/containers/podman/issues/10233)). - Fixed a bug where the remote Podman client's `podman build` command did not preserve hardlinks when moving files into the container via `COPY` instructions ([#9893](https://github.com/containers/podman/issues/9893)). - Fixed a bug where the `podman generate systemd --new` command could generate extra `--iidfile` arguments if the container was already created with one. - Fixed a bug where the `podman generate systemd --new` command would generate unit files that did not include `RequiresMountsFor` lines ([#10493](https://github.com/containers/podman/issues/10493)). - Fixed a bug where the `podman generate kube` command produced incorrect YAML for containers which bind-mounted both `/` and `/root` from the host system into the container ([#9764](https://github.com/containers/podman/issues/9764)). - Fixed a bug where pods created by `podman play kube` from YAML that specified `ShareProcessNamespace` would only share the PID namespace (and not also the UTS, Network, and IPC namespaces) ([#9128](https://github.com/containers/podman/issues/9128)). - Fixed a bug where the `podman network reload` command could generate spurious error messages when `iptables-nft` was in use. - Fixed a bug where rootless Podman could fail to attach to containers when the user running Podman had a large UID. - Fixed a bug where the `podman ps` command could fail with a `no such container` error due to a race condition with container removal ([#10120](https://github.com/containers/podman/issues/10120)). - Fixed a bug where containers using the `slirp4netns` network mode and setting a custom `slirp4netns` subnet while using the `rootlesskit` port forwarder would not be able to forward ports ([#9828](https://github.com/containers/podman/issues/9828)). - Fixed a bug where the `--filter ancestor=` option to `podman ps` did not require an exact match of the image name/ID to include a container in its results. - Fixed a bug where the `--filter until=` option to `podman image prune` would prune images created after the specified time (instead of before). - Fixed a bug where setting a custom Seccomp profile via the `seccomp_profile` option in `containers.conf` had no effect, and the default profile was used instead. - Fixed a bug where the `--cgroup-parent` option to `podman create` and `podman run` was ignored in rootless Podman on cgroups v2 systems with the `cgroupfs` cgroup manager ([#10173](https://github.com/containers/podman/issues/10173)). - Fixed a bug where the `IMAGE` and `NAME` variables in `podman container runlabel` were not being correctly substituted ([#10192](https://github.com/containers/podman/issues/10192)). - Fixed a bug where Podman could freeze when creating containers with a specific combination of volumes and working directory ([#10216](https://github.com/containers/podman/issues/10216)). - Fixed a bug where rootless Podman containers restarted by restart policy (e.g. containers created with `--restart=always`) would lose networking after being restarted ([#8047](https://github.com/containers/podman/issues/8047)). - Fixed a bug where the `podman cp` command could not copy files into containers created with the `--pid=host` flag ([#9985](https://github.com/containers/podman/issues/9985)). - Fixed a bug where filters to the `podman events` command could not be specified twice (if a filter is specified more than once, it will match if any of the given values match - logical or) ([#10507](https://github.com/containers/podman/issues/10507)). - Fixed a bug where Podman would include IPv6 nameservers in `resolv.conf` in containers without IPv6 connectivity ([#10158](https://github.com/containers/podman/issues/10158)). - Fixed a bug where containers could not be created with static IP addresses when connecting to a network using the `macvlan` driver ([#10283](https://github.com/containers/podman/issues/10283)). [#]## API - Fixed a bug where the Compat Create endpoint for Containers did not allow advanced network options to be set ([#10110](https://github.com/containers/podman/issues/10110)). - Fixed a bug where the Compat Create endpoint for Containers ignored static IP information provided in the `IPAMConfig` block ([#10245](https://github.com/containers/podman/issues/10245)). - Fixed a bug where the Compat Inspect endpoint for Containers returned null (instead of an empty list) for Networks when the container was not joined to a CNI network ([#9837](https://github.com/containers/podman/issues/9837)). - Fixed a bug where the Compat Wait endpoint for Containers could miss containers exiting if they were immediately restarted. - Fixed a bug where the Compat Create endpoint for Volumes required that the user provide a name for the new volume ([#9803](https://github.com/containers/podman/issues/9803)). - Fixed a bug where the Libpod Info handler would sometimes not return the correct path to the Podman API socket. - Fixed a bug where the Compat Events handler used the wrong name for container exited events (`died` instead of `die`) ([#10168](https://github.com/containers/podman/issues/10168)). - Fixed a bug where the Compat Push endpoint for Images could leak goroutines if the remote end closed the connection prematurely. [#]## Misc - Updated Buildah to v1.21.0 - Updated the containers/common library to v0.38.5 - Updated the containers/storage library to v1.31.3 3.2.0-RC3: This is the third release candidate for Podman v3.2.0. We expect it will be the final RC. Preliminary release notes follow: [#]## Features - Docker Compose is now supported with rootless Podman ([#9169](https://github.com/containers/podman/issues/9169)). - The `podman network connect`, `podman network disconnect`, and `podman network reload` commands have been enabled for rootless Podman. - An experimental new set of commands, `podman machine`, was added to assist in managing virtual machines containing a Podman server. These are intended for easing the use of Podman on OS X by handling the creation of a Linux VM for running Podman. - The `podman generate kube` command can now be run on Podman named volumes (generating `PersistentVolumeClaim` YAML), in addition to pods and containers. - The `podman play kube` command now supports two new options, `--ip` and `--mac`, to set static IPs and MAC addresses for created pods ([#8442](https://github.com/containers/podman/issues/8442) and [#9731](https://github.com/containers/podman/issues/9731)). - The `podman play kube` command's support for `PersistentVolumeClaim` YAML has been greatly improved. - The `podman generate kube` command now preserves the label used by `podman auto-update` to identify containers to update as a Kubernetes annotation, and the `podman play kube` command will convert this annotation back into a label. This allows `podman auto-update` to be used with containers created by `podman play kube`. - The `podman play kube` command now supports Kubernetes `secretRef` YAML (using the secrets support from `podman secret`) for environment variables. - Secrets can now be added to containers as environment variables using the `type=env` option to the `--secret` flag to `podman create` and `podman run`. - The `podman start` command now supports the `--all` option, allowing all containers to be started simultaneously with a single command. The `--filter` option has also been added to filter which containers to start when `--all` is used. - Filtering containers with the `--filter` option to `podman ps` and `podman start` now supports a new filter, `restart-policy`, to filter containers based on their restart policy. - The `--group-add` option to rootless `podman run` and `podman create` now accepts a new value, `keep-groups`, which instructs Podman to retain the supplemental groups of the user running Podman in the created container. This is only supported with the `crun` OCI runtime. - The `podman run` and `podman create` commands now support a new option, `--timeout`. This sets a maximum time the container is allowed to run, after which it is killed ([#6412](https://github.com/containers/podman/issues/6412)). - The `podman run` and `podman create` commands now support a new option, `--pidfile`. This will create a file when the container is started containing the PID of the first process in the container. - The `podman run` and `podman create` commands now support a new option, `--requires`. The `--requires` option adds dependency containers - containers that must be running before the current container. Commands like `podman start` will automatically start the requirements of a container before starting the container itself. - Auto-updating containers can now be done with locally-built images, not just images hosted on a registry, by creating containers with the `io.containers.autoupdate` label set to `local`. - Podman now supports the [Container Device Interface](https://github.com/container-orchestrated-devices/container-device-interface) (CDI) standard. - Podman now adds an entry to `/etc/hosts`, `host.containers.internal`, pointing to the current gateway (which, for root containers, is usually a bridge interface on the host system) ([#5651](https://github.com/containers/podman/issues/5651)). - The `podman ps`, `podman pod ps`, `podman network list`, `podman secret list`, and `podman volume list` commands now support a `--noheading` option, which will cause Podman to omit the heading line including column names. - The `podman unshare` command now supports a new flag, `--rootless-cni`, to join the rootless network namespace. This allows commands to be run in the same network environment as rootless containers with CNI networking. - The `--security-opt unmask=` option to `podman run` and `podman create` now supports glob operations to unmask a group of paths at once (e.g. `podman run --security-opt unmask=/proc/* ...` will unmask all paths in `/proc` in the container). - The `podman network prune` command now supports a `--filter` option to filter which networks will be pruned. [#]## Changes - The change in Podman 3.1.2 where the `:z` and `:Z` mount options for volumes were ignored for privileged containers has been reverted after discussion in [#10209](https://github.com/containers/podman/issues/10209). - Podman's rootless CNI functionality no longer requires a sidecar container! The removal of the requirement for the `rootless-cni-infra` container means that rootless CNI is now usable on all architectures, not just AMD64, and no longer requires pulling an image ([#8709](https://github.com/containers/podman/issues/8709)). - The Image handling code used by Podman has seen a major rewrite to improve code sharing with our other projects, Buildah and CRI-O. This should result in fewer bugs and performance gains in the long term. Work on this is still ongoing. - The `podman auto-update` command now prunes previous versions of images after updating if they are unused, to prevent disk exhaustion after repeated updates ([#10190](https://github.com/containers/podman/issues/10190)). - The `podman play kube` now treats environment variables configured as references to a `ConfigMap` as mandatory unless the `optional` parameter was set; this better matches the behavior of Kubernetes. - Podman now supports the `--context=default` flag from Docker as a no-op for compatibility purposes. - When Podman is run as root, but without `CAP_SYS_ADMIN` being available, it will run in a user namespace using the same code as rootless Podman (instead of failing outright). - The `podman info` command now includes the path of the Seccomp profile Podman is using, available cgroup controllers, and whether Podman is connected to a remote service or running containers locally. - Containers created with the `--rm` option now automatically use the `volatile` storage flag when available for their root filesystems, causing them not to write changes to disk as often as they will be removed at completion anyways. This should result in improved performance. - The `podman generate systemd --new` command will now include environment variables referenced by the container in generated unit files if the value would be looked up from the system environment. - Podman now requires that Conmon v2.0.24 be available. [#]## Bugfixes - Fixed a bug where the remote Podman client's `podman build` command did not support the `--arch`, `--platform`, and `--os`, options. - Fixed a bug where the remote Podman client's `podman build` command ignored the `--rm=false` option ([#9869](https://github.com/containers/podman/issues/9869)). - Fixed a bug where the remote Podman client's `podman build --iidfile` command could include extra output (in addition to just the image ID) in the image ID file written ([#10233](https://github.com/containers/podman/issues/10233)). - Fixed a bug where the remote Podman client's `podman build` command did not preserve hardlinks when moving files into the container via `COPY` instructions ([#9893](https://github.com/containers/podman/issues/9893)). - Fixed a bug where the `podman generate systemd --new` command could generate extra `--iidfile` arguments if the container was already created with one. - Fixed a bug where the `podman generate kube` command produced incorrect YAML for containers which bind-mounted both `/` and `/root` from the host system into the container ([#9764](https://github.com/containers/podman/issues/9764)). - Fixed a bug where pods created by `podman play kube` from YAML that specified `ShareProcessNamespace` would only share the PID namespace (and not also the UTS, Network, and IPC namespaces) ([#9128](https://github.com/containers/podman/issues/9128)). - Fixed a bug where the `podman network reload` command could generate spurious error messages when `iptables-nft` was in use. - Fixed a bug where rootless Podman could fail to attach to containers when the user running Podman had a large UID. - Fixed a bug where the `podman ps` command could fail with a `no such container` error due to a race condition with container removal ([#10120](https://github.com/containers/podman/issues/10120)). - Fixed a bug where containers using the `slirp4netns` network mode and setting a custom `slirp4netns` subnet while using the `rootlesskit` port forwarder would not be able to forward ports ([#9828](https://github.com/containers/podman/issues/9828)). - Fixed a bug where the `--filter ancestor=` option to `podman ps` did not require an exact match of the image name/ID to include a container in its results. - Fixed a bug where the `--filter until=` option to `podman image prune` would prune images created after the specified time (instead of before). - Fixed a bug where setting a custom Seccomp profile via the `seccomp_profile` option in `containers.conf` had no effect, and the default profile was used instead. - Fixed a bug where the `--cgroup-parent` option to `podman create` and `podman run` was ignored in rootless Podman on cgroups v2 systems with the `cgroupfs` cgroup manager ([#10173](https://github.com/containers/podman/issues/10173)). - Fixed a bug where the `IMAGE` and `NAME` variables in `podman container runlabel` were not being correctly substituted ([#10192](https://github.com/containers/podman/issues/10192)). - Fixed a bug where Podman could freeze when creating containers with a specific combination of volumes and working directory ([#10216](https://github.com/containers/podman/issues/10216)). - Fixed a bug where rootless Podman containers restarted by restart policy (e.g. containers created with `--restart=always`) would lose networking after being restarted ([#8047](https://github.com/containers/podman/issues/8047)). - Fixed a bug where the `podman cp` command could not copy files into containers created with the `--pid=host` flag ([#9985](https://github.com/containers/podman/issues/9985)). [#]## API - Fixed a bug where the Compat Create endpoint for Containers did not allow advanced network options to be set ([#10110](https://github.com/containers/podman/issues/10110)). - Fixed a bug where the Compat Create endpoint for Containers ignored static IP information provided in the `IPAMConfig` block ([#10245](https://github.com/containers/podman/issues/10245)). - Fixed a bug where the Compat Inspect endpoint for Containers returned null (instead of an empty list) for Networks when the container was not joined to a CNI network ([#9837](https://github.com/containers/podman/issues/9837)). - Fixed a bug where the Compat Wait endpoint for Containers could miss containers exiting if they were immediately restarted. - Fixed a bug where the Compat Create endpoint for Volumes required that the user provide a name for the new volume ([#9803](https://github.com/containers/podman/issues/9803)). - Fixed a bug where the Libpod Info handler would sometimes not return the correct path to the Podman API socket. - Fixed a bug where the Compat Events handler used the wrong name for container exited events (`died` instead of `die`) ([#10168](https://github.com/containers/podman/issues/10168)). [#]## Misc - Updated Buildah to v1.21.0 - Updated the containers/common library to v0.38.4 - Updated the containers/storage library to v1.31.1 3.2.0-RC2: This is the second release candidate for Podman v3.2.0. We expect a final RC early next week, and a final release late next week if all goes well Preliminary release notes follow: [#]## Features - Docker Compose is now supported with rootless Podman ([#9169](https://github.com/containers/podman/issues/9169)). - The `podman network connect`, `podman network disconnect`, and `podman network reload` commands have been enabled for rootless Podman. - An experimental new set of commands, `podman machine`, was added to assist in managing virtual machines containing a Podman server. These are intended for easing the use of Podman on OS X by handling the creation of a Linux VM for running Podman. - The `podman generate kube` command can now be run on Podman named volumes (generating `PersistentVolumeClaim` YAML), in addition to pods and containers. - The `podman play kube` command now supports two new options, `--ip` and `--mac`, to set static IPs and MAC addresses for created pods ([#8442](https://github.com/containers/podman/issues/8442) and [#9731](https://github.com/containers/podman/issues/9731)). - The `podman play kube` command's support for `PersistentVolumeClaim` YAML has been greatly improved. - The `podman generate kube` command now preserves the label used by `podman auto-update` to identify containers to update as a Kubernetes annotation, and the `podman play kube` command will convert this annotation back into a label. This allows `podman auto-update` to be used with containers created by `podman play kube`. - The `podman play kube` command now supports Kubernetes `secretRef` YAML (using the secrets support from `podman secret`) for environment variables. - Secrets can now be added to containers as environment variables using the `type=env` option to the `--secret` flag to `podman create` and `podman run`. - The `podman start` command now supports the `--all` option, allowing all containers to be started simultaneously with a single command. The `--filter` option has also been added to filter which containers to start when `--all` is used. - Filtering containers with the `--filter` option to `podman ps` and `podman start` now supports a new filter, `restart-policy`, to filter containers based on their restart policy. - The `--group-add` option to rootless `podman run` and `podman create` now accepts a new value, `keep-groups`, which instructs Podman to retain the supplemental groups of the user running Podman in the created container. This is only supported with the `crun` OCI runtime. - The `podman run` and `podman create` commands now support a new option, `--timeout`. This sets a maximum time the container is allowed to run, after which it is killed ([#6412](https://github.com/containers/podman/issues/6412)). - The `podman run` and `podman create` commands now support a new option, `--pidfile`. This will create a file when the container is started containing the PID of the first process in the container. - The `podman run` and `podman create` commands now support a new option, `--requires`. The `--requires` option adds dependency containers - containers that must be running before the current container. Commands like `podman start` will automatically start the requirements of a container before starting the container itself. - Auto-updating containers can now be done with locally-built images, not just images hosted on a registry, by creating containers with the `io.containers.autoupdate` label set to `local`. - Podman now supports the [Container Device Interface](https://github.com/container-orchestrated-devices/container-device-interface) (CDI) standard. - Podman now adds an entry to `/etc/hosts`, `host.containers.internal`, pointing to the current gateway (which, for root containers, is usually a bridge interface on the host system) ([#5651](https://github.com/containers/podman/issues/5651)). - The `podman ps`, `podman pod ps`, `podman network list`, `podman secret list`, and `podman volume list` commands now support a `--noheading` option, which will cause Podman to omit the heading line including column names. - The `podman unshare` command now supports a new flag, `--rootless-cni`, to join the rootless network namespace. This allows commands to be run in the same network environment as rootless containers with CNI networking. - The `--security-opt unmask=` option to `podman run` and `podman create` now supports glob operations to unmask a group of paths at once (e.g. `podman run --security-opt unmask=/proc/* ...` will unmask all paths in `/proc` in the container). - The `podman network prune` command now supports a `--filter` option to filter which networks will be pruned. [#]## Changes - The change in Podman 3.1.2 where the `:z` and `:Z` mount options for volumes were ignored for privileged containers has been reverted after discussion in [#10209](https://github.com/containers/podman/issues/10209). - Podman's rootless CNI functionality no longer requires a sidecar container! The removal of the requirement for the `rootless-cni-infra` container means that rootless CNI is now usable on all architectures, not just AMD64, and no longer requires pulling an image ([#8709](https://github.com/containers/podman/issues/8709)). - The Image handling code used by Podman has seen a major rewrite to improve code sharing with our other projects, Buildah and CRI-O. This should result in fewer bugs and performance gains in the long term. Work on this is still ongoing. - The `podman auto-update` command now prunes previous versions of images after updating if they are unused, to prevent disk exhaustion after repeated updates ([#10190](https://github.com/containers/podman/issues/10190)). - The `podman play kube` now treats environment variables configured as references to a `ConfigMap` as mandatory unless the `optional` parameter was set; this better matches the behavior of Kubernetes. - Podman now supports the `--context=default` flag from Docker as a no-op for compatibility purposes. - When Podman is run as root, but without `CAP_SYS_ADMIN` being available, it will run in a user namespace using the same code as rootless Podman (instead of failing outright). - The `podman info` command now includes the path of the Seccomp profile Podman is using, and whether Podman is connected to a remote service or running containers locally. - Containers created with the `--rm` option now automatically use the `volatile` storage flag when available for their root filesystems, causing them not to write changes to disk as often as they will be removed at completion anyways. This should result in improved performance. - The `podman generate systemd --new` command will now include environment variables referenced by the container in generated unit files if the value would be looked up from the system environment. - Podman now requires that Conmon v2.0.24 be available. [#]## Bugfixes - Fixed a bug where the remote Podman client's `podman build` command did not support the `--arch`, `--platform`, and `--os`, options. - Fixed a bug where the remote Podman client's `podman build` command ignored the `--rm=false` option ([#9869](https://github.com/containers/podman/issues/9869)). - Fixed a bug where the `podman generate systemd --new` command could generate extra `--iidfile` arguments if the container was already created with one. - Fixed a bug where the `podman generate kube` command produced incorrect YAML for containers which bind-mounted both `/` and `/root` from the host system into the container ([#9764](https://github.com/containers/podman/issues/9764)). - Fixed a bug where pods created by `podman play kube` from YAML that specified `ShareProcessNamespace` would only share the PID namespace (and not also the UTS, Network, and IPC namespaces) ([#9128](https://github.com/containers/podman/issues/9128)). - Fixed a bug where the `podman network reload` command could generate spurious error messages when `iptables-nft` was in use. - Fixed a bug where rootless Podman could fail to attach to containers when the user running Podman had a large UID. - Fixed a bug where the `podman ps` command could fail with a `no such container` error due to a race condition with container removal ([#10120](https://github.com/containers/podman/issues/10120)). - Fixed a bug where containers using the `slirp4netns` network mode and setting a custom `slirp4netns` subnet while using the `rootlesskit` port forwarder would not be able to forward ports ([#9828](https://github.com/containers/podman/issues/9828)). - Fixed a bug where the `--filter ancestor=` option to `podman ps` did not require an exact match of the image name/ID to include a container in its results. - Fixed a bug where the `--filter until=` option to `podman image prune` would prune images created after the specified time (instead of before). - Fixed a bug where setting a custom Seccomp profile via the `seccomp_profile` option in `containers.conf` had no effect, and the default profile was used instead. - Fixed a bug where the `--cgroup-parent` option to `podman create` and `podman run` was ignored in rootless Podman on cgroups v2 systems with the `cgroupfs` cgroup manager ([#10173](https://github.com/containers/podman/issues/10173)). - Fixed a bug where the `IMAGE` and `NAME` variables in `podman container runlabel` were not being correctly substituted ([#10192](https://github.com/containers/podman/issues/10192)). - Fixed a bug where the remote Podman client's `podman build --iidfile` command could include extra output (in addition to just the image ID) in the image ID file written ([#10233](https://github.com/containers/podman/issues/10233)). - Fixed a bug where Podman could freeze when creating containers with a specific combination of volumes and working directory ([#10216](https://github.com/containers/podman/issues/10216)). - Fixed a bug where rootless Podman containers restarted by restart policy (e.g. containers created with `--restart=always`) would lose networking after being restarted ([#8047](https://github.com/containers/podman/issues/8047)). [#]## API - Fixed a bug where the Compat Create endpoint for Containers did not allow advanced network options to be set ([#10110](https://github.com/containers/podman/issues/10110)). - Fixed a bug where the Compat Create endpoint for Containers ignored static IP information provided in the `IPAMConfig` block ([#10245](https://github.com/containers/podman/issues/10245)). - Fixed a bug where the Compat Inspect endpoint for Containers returned null (instead of an empty list) for Networks when the container was not joined to a CNI network ([#9837](https://github.com/containers/podman/issues/9837)). - Fixed a bug where the Compat Wait endpoint for Containers could miss containers exiting if they were immediately restarted. - Fixed a bug where the Compat Create endpoint for Volumes required that the user provide a name for the new volume ([#9803](https://github.com/containers/podman/issues/9803)). - Fixed a bug where the Libpod Info handler would sometimes not return the correct path to the Podman API socket. - Fixed a bug where the Compat Events handler used the wrong name for container exited events (`died` instead of `die`) ([#10168](https://github.com/containers/podman/issues/10168)). [#]## Misc - Updated Buildah to v1.21.0 - Updated the containers/common library to v0.38.4 - Updated the containers/storage library to v1.31.1 3.2.0-RC1: This is the first release candidate for the Podman v3.2.0 release. Podman 3.2.0 features improved rootless networking (including support for rootless Docker compose), a rewritten image backend, and numerous other changes. Full release notes will be available with the release of RC2 next week. - Update storage to 1.32.5 1.32.5: Fix handling of user namespace 1.32.4: Vendor in opencontainers/runc v1.0.0 overlay: fix check for rootless native diff 1.32.3: Reload layer storage if layers.json got externally modified build(deps): bump github.com/klauspost/compress from 1.13.0 to 1.13.1 Fix cancel deferred remove bug Cirrus: Fix references to master branch [CI:DOCS] Fix docs links due to branch rename 1.32.2: lockfile: merge Seek+Read/Write into Pread/Pwrite Added support for CONTAINERS_STORAGE_CONF override canUseShifting can segfault build(deps): bump github.com/mattn/go-shellwords from 1.0.11 to 1.0.12 build(deps): bump github.com/klauspost/compress from 1.12.3 to 1.13.0 overlay: make userxattr,metacopy=on debug message build(deps): bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2 1.31.3: * store: ReloadIfChanged propagates errors from Modified() * store: load additional image stores once * store: fix graphLock reload 1.32.1: store: fix graphLock reload store: ReloadIfChanged propagates errors from Modified() store: load additional image stores once delete_internal: return error early build(deps): bump github.com/klauspost/compress from 1.12.2 to 1.12.3 1.32.0: chunked: fix build on other platforms Avoid failure when umount an unmounted mountpoint overlay: enable native diff for fuse-overlayfs Enable to export layers from Additional Layer Store 1.31.2: build(deps): bump github.com/Microsoft/go-winio from 0.4.17 to 0.5.0 build(deps): bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95 reintroduce store: allow shifting only with contiguous mappings overlay: check for unix.ENOTSUP archive/overlay: ignore failures from nested whiteouts overlay: honor DisableShifting store: allow shifting only with contiguous mappings 1.31.1: Revert "store: allow shifting only with contiguous mappings" - Update image to 5.13.2 v0.38.11: * Strip extra trailing newlines in templates * Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp v0.38.10: * libimage: pull: override even --pull=never with custom platfo * libimage: pull: enforce pull policy for custom platforms * libimage: pull: ignore platform for local image lookup * Allow /etc/containers/containers.conf to be read by non-root * [0.38] libimage: force remove: only untag on multi tag image v0.38.9: * libimage: fix Exists v0.38.8: * libmage: Exists: catch corrupted images v0.38.7: * libimage: pull: turn image-lookup errors non-fatal v0.38.6: * [0.38] Leave default seccomp path empty v0.38.5: * pull: don't resolve short names on explicit docker:// reference v0.38.4: * Revert "Do not emit warnings about OCI runtime paths" * libimage: lookup: tolerate corrupted image v0.38.3: * build(deps): bump github.com/containers/storage from 1.30.3 to 1.31.1 * libimage: fix manifest list lookup ++++ qemu: - Fix an update-alternative warning when removing qemu-skiboot package bsc#1178678 ++++ suseconnect-ng: - Initial package of suseconnect-ng ++++ yast2-trans: - Update to version 84.87.20210624.bda5a6b0e5: * New POT for text domain 'bootloader'. * New POT for text domain 'firewall'. * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) ------------------------------------------------------------------ ------------------ 2021-6-24 - Jun 24 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Removed patch that was incorrectly added to SLE15-SP2 (bsc#1186949) This patch was suggested as a git-fix for SLE15-SP2, but the commits it fixes are not present there. - commit fc1818c - bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371 bsc#1153274). - bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371 bsc#1153274). - cxgb4: fix wrong shift (git-fixes). - be2net: Fix an error handling path in 'be_probe()' (git-fixes). - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' (git-fixes). - qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes). - net/mlx5e: Block offload of outer header csum for UDP tunnels (git-fixes). - net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes). - net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes). - net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes). - ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926). - net/sched: act_ct: handle DNAT tuple collision (bsc#1154353). - vrf: fix maximum MTU (git-fixes). - net/mlx5: Fix PBMC register mapping (git-fixes). - net/mlx5: Fix placement of log_max_flow_counter (git-fixes). - net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa (git-fixes). - commit 060a647 - net/mlx5: Reset mkey index on creation (jsc#SLE-15172). - net/mlx5: E-Switch, Allow setting GUID for host PF vport (jsc#SLE-15172). - net/mlx5: E-Switch, Read PF mac address (jsc#SLE-15172). - cxgb4: fix wrong ethtool n-tuple rule lookup (jsc#SLE-15131). - ethtool: strset: fix message length calculation (bsc#1176447). - cxgb4: halt chip before flashing PHY firmware image (jsc#SLE-15131). - cxgb4: fix sleep in atomic when flashing PHY firmware (jsc#SLE-15131). - cxgb4: fix endianness when flashing boot image (jsc#SLE-15131). - ice: parameterize functions responsible for Tx ring management (jsc#SLE-12878). - mlxsw: reg: Spectrum-3: Enforce lowest max-shaper burst size of 11 (bsc#1176774). - commit 3e01284 - drm/sun4i: dw-hdmi: Make HDMI PHY into a platform device (git-fixes). - ASoC: rt5682: Fix the fast discharge for headset unplugging in soundwire mode (git-fixes). - ASoC: tas2562: Fix TDM_CFG0_SAMPRATE values (git-fixes). - ASoC: fsl-asoc-card: Set .owner attribute when registering card (git-fixes). - commit af36159 - PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes). - commit ce71c77 - PCI: aardvark: Don't rely on jiffies while holding spinlock (git-fixes). - commit 1bd7ff7 - spi: spi-nxp-fspi: move the register operation after the clock enable (git-fixes). - Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" (git-fixes). - PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes). - radeon: use memcpy_to/fromio for UVD fw upload (git-fixes). - spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd() (git-fixes). - regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting (git-fixes). - commit 8ac9ce3 - cfg80211: make certificate generation more robust (git-fixes). - PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes). - PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes). - PCI: Mark TI C667X to avoid bus reset (git-fixes). - ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes). - hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes). - commit ed194e5 ++++ keyutils: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) ++++ ceph: - Update _constraints: only honor physical memory, not 'any memory' (e.g. swap). But then, be happy with 8GB (bumping the current x86_64 worker pool from 16 to 64). (Dominique Leuenberger) ++++ systemd: - Import commit fcdb8dce591db2f5fc3c1e3eeb7abe9a2090b401 aa2d840a3b compat-rules: fix warning: "label ‘out’ defined but not used" in path_id_compat.c - Restore 61-persistent-storage-compat.rules that was mistakenly dropped during the merge of v248. ++++ zchunk: - Update to version 1.1.16 * Fix major bug when compressing with dictionary ++++ lshw: - Update to version B.02.19+git.20210619: * Fix typos in translatable messages - jsc#SLE-19399 ++++ python-pytz: - Remove real directory of %{python_sitelib}/pytz/zoneinfo when upgrading, before it is replaced by a symlink (bsc#1185748). ++++ slirp4netns: - Update to version 1.1.11: * Add --macaddress option to specify the MAC address of the tap interface. * Updated the man page. ------------------------------------------------------------------ ------------------ 2021-6-23 - Jun 23 2021 ------------------- ------------------------------------------------------------------ ++++ grub2: - Fix error gfxterm isn't found with multiple terminals (bsc#1187565) * grub2-fix-error-terminal-gfxterm-isn-t-found.patch ++++ kernel-default: - fix patches metadata - fix Patch-mainline: patches.suse/NFS-Fix-a-potential-NULL-dereference-in-nfs_get_clie.patch patches.suse/NFS-Fix-use-after-free-in-nfs4_init_client.patch patches.suse/NFSv4-Fix-deadlock-between-nfs4_evict_inode-and-nfs4.patch patches.suse/SUNRPC-Handle-major-timeout-in-xprt_adjust_timeout.patch - commit e5e0666 - series.conf: cleanup - update upstream reference and resort: patches.suse/xfrm-policy-Read-seqcount-outside-of-rcu-read-side-i.patch - commit cafffbc - video: hgafb: correctly handle card detect failure during probe (git-fixes). - commit 55f7ec7 - Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes). - video: hgafb: fix potential NULL pointer dereference (git-fixes). - Revert "video: hgafb: fix potential NULL pointer dereference" (git-fixes). - commit 83627e7 - dmaengine: fsl-dpaa2-qdma: Fix error return code in two functions (git-fixes). - drm/amd/amdgpu:save psp ring wptr to avoid attack (git-fixes). - drm/amd/display: Fix potential memory leak in DMUB hw_init (git-fixes). - drm/amdgpu: refine amdgpu_fru_get_product_info (git-fixes). - Bluetooth: Add a new USB ID for RTL8822CE (git-fixes). - commit d18513c - module: limit enabling module.sig_enforce (git-fixes). - commit 7f30f5d - Add dtb-microchip - commit c797107 - Bluetooth: use correct lock to prevent UAF of hdev object (bsc#1186666 CVE-2021-3573). - commit 6781ea8 - blacklist.conf: Add unwanted commits - commit 1da6dbc - NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() (git-fixes). - NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes). - NFS: Fix use-after-free in nfs4_init_client() (git-fixes). - commit 3478e99 ++++ qemu: - Use doc directive to build QEMU documentation ++++ yast2: - Y2Issues::Issue: renamed severity "fatal" to "error", to be more consistent with other parts of (Auto)YaST - Added options to configure the behavior of Y2Issues.report (related to jsc#SLE-20563 and bsc#1166743) - 4.4.14 ------------------------------------------------------------------ ------------------ 2021-6-22 - Jun 22 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092). - blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092). - blk-mq: In blk_mq_dispatch_rq_list() "no budget" is a reason to kick (bsc#1180092). - commit e31a7fc - blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (bsc#1180092). - commit ccd1ac3 - blk-mq: insert flush request to the front of dispatch queue (bsc#1180092). - commit acc744b - blk-mq: insert passthrough request into hctx->dispatch directly (bsc#1180092). - Refresh patches.suse/blk-mq-call-commit_rqs-while-list-empty-but-error-ha.patch. - Refresh patches.suse/blk-mq-insert-request-not-through-queue_rq-into-sw-s.patch. - commit 4ba4b0f - lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493). Reduce delta to mainline Refresh patches.suse/lib-vdso-Prepare-for-time-namespace-support.patch. - commit 7b06299 - Update patch reference for net keys fix (CVE-2021-0605 bsc#1187601) - commit 7bb3e99 - Update patch reference for HID security fix (CVE-2021-0512 bsc#1187595) - commit 0506954 - bpf: Fix leakage under speculation on mispredicted branches (bsc#1187554,CVE-2021-33624). - bpf: Do not mark insn as seen under speculative path verification (bsc#1187554,CVE-2021-33624). - bpf: Inherit expanded/patched seen count from old aux data (bsc#1187554,CVE-2021-33624). - commit 06f1411 - bpf: Fix leakage under speculation on mispredicted branches (bsc#1187554,CVE-2021-33624). - commit 7949a37 ++++ Mesa: - no longer apply n_drirc-disable-rgb10-for-chromium-on-amd.patch on TW; no longer needed with gstreamer-plugins-vaapi 1.18.4; more details on https://gitlab.freedesktop.org/gstreamer/gstreamer-vaapi/-/merge_requests/410 ------------------------------------------------------------------ ------------------ 2021-6-21 - Jun 21 2021 ------------------- ------------------------------------------------------------------ ++++ combustion: - Set the exit status explicitly ++++ grub2: - Fix boot failure after kdump due to the content of grub.cfg is not completed with pending modificaton in xfs journal (bsc#1186975) * grub-install-force-journal-draining-to-ensure-data-i.patch - Patch refreshed * grub2-mkconfig-default-entry-correction.patch ++++ kernel-default: - patches.suse/0001-x86-sched-Treat-Intel-SNC-topology-as-default-COD-as.patch: (bsc#1187263). - commit 349dc99 - Refresh patches.suse/scsi-qla2xxx-Reserve-extra-IRQ-vectors.patch. Add Signed-off-by tag for author of the patch in the SLE branch to suppress error during branch merges. Example error is patches.suse/scsi-qla2xxx-Reserve-extra-IRQ-vectors.patch An email address with @suse.de, @suse.com, @suse.cz, or @novell.com in the From, Signed-off-by, or Acked-by headers is required - commit acfd671 - blacklist.conf: 28e5e44aa3f4 x86/mm: Avoid truncating memblocks for SGX memory - commit ea06fd1 - x86/fpu: Prevent state corruption in __fpu__restore_sig() (bsc#1178134). - commit e509690 - tracing: Do no increment trace_clock_global() by one (git-fixes). - commit 17da93e - tracing: Do not stop recording comms if the trace file is being read (git-fixes). - commit 7d357b1 - usb: chipidea: imx: Fix Battery Charger 1.2 CDP detection (git-fixes). - commit 9d5feb1 - tracing: Do not stop recording cmdlines when tracing is off (git-fixes). - commit 3306bfd - HID: usbhid: Fix race between usbhid_close() and usbhid_stop() (git-fixes). - commit c5019d9 - dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes). - commit cfc2db2 - usb: dwc3: core: fix kernel panic when do reboot (git-fixes). - commit 35719e0 - usb: dwc3: core: fix kernel panic when do reboot (git-fixes). - commit 9306e13 - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes). - commit 87fe1f5 - series.conf: cleanup - update upstream references and move into sorted section: patches.suse/xfrm-policy-Read-seqcount-outside-of-rcu-read-side-i.patch - commit 3bedaae ++++ fmt: - Update to version 8.0.0 * Enabled compile-time format string check by default. * Added compile-time formatting. * Optimized handling of format specifiers during format string compilation. * Added the ``_cf`` user-defined literal to represent a compiled format string. It can be used instead of the ``FMT_COMPILE`` macro. * Format string compilation now requires ``format`` functions of ``formatter`` specializations for user-defined types to be ``const``. * Added UDL-based named argument support to format string compilation. * Added format string compilation support to ``fmt::print``. * Added initial support for compiling {fmt} as a C++20 module. * Made symbols private by default reducing shared library size * Optimized includes making the result of preprocessing ``fmt/format.h``. * Added support of ranges with non-const ``begin`` / ``end`` * Added support of ``std::byte`` and other formattable types to ``fmt::join``. * Implemented the default format for ``std::chrono::system_clock``. * Made more chrono specifiers locale independent by default. Use the ``'L'`` specifier to get localized formatting. * Improved locale handling in chrono formatting. * Deprecated ``fmt/locale.h`` moving the formatting functions that take a locale to ``fmt/format.h`` (``char``) and ``fmt/xchar`` (other overloads). This doesn't introduce a dependency on ```` so there is virtually no compile time effect. * Made parameter order in ``vformat_to`` consistent with ``format_to``. * Added support for time points with arbitrary durations. * Formatting floating-point numbers no longer produces trailing zeros by default. for consistency with ``std::format``. * Dropped a limit on the number of elements in a range and replaced ``{}`` with ``[]`` as range delimiters for consistency with Python's ``str.format``. * The ``'L'`` specifier for locale-specific numeric formatting can now be combined with presentation specifiers as in ``std::format``. * Made the ``0`` specifier ignored for infinity and NaN. * Made the hexfloat formatting use the right alignment by default. * Removed the deprecated numeric alignment (``'='``). Use the ``'0'`` specifier instead. * Removed the deprecated ``fmt/posix.h`` header that has been replaced with ``fmt/os.h``. * Removed the deprecated ``format_to_n_context``, ``format_to_n_args`` and ``make_format_to_n_args``. They have been replaced with ``format_context``, ``format_args` and ``make_format_args`` respectively. * Moved ``wchar_t``-specific functions and types to ``fmt/wchar.h``. You can define ``FMT_DEPRECATED_INCLUDE_WCHAR`` to automatically include ``fmt/wchar.h`` from ``fmt/format.h`` but this will be disabled in the next major release. * Fixed handling of the ``'+'`` specifier in localized formatting. * Added support for the ``'s'`` format specifier that gives textual representation of ``bool``. * Made ``fmt::ptr`` work with function pointers. * Fixed ``fmt::formatted_size`` with format string compilation * Fixed handling of empty format strings during format string compilation. * Fixed handling of enums in ``fmt::to_string``. * Improved width computation. * The experimental fast output stream (``fmt::ostream``) is now truncated by default for consistency with ``fopen``. * Fixed moving of ``fmt::ostream`` that holds buffered data * Replaced the ``fmt::system_error`` exception with a function of the same name that constructs ``std::system_error``. * Replaced the ``fmt::windows_error`` exception with a function of the same name that constructs ``std::system_error`` with the category returned by ``fmt::system_category()``. * Replaced ``fmt::error_code`` with ``std::error_code`` and made it formattable. * Added speech synthesis support. * Made ``format_to`` work with a memory buffer that has a custom allocator. * Added ``Allocator::max_size`` support to ``basic_memory_buffer``. * Added wide string support to ``fmt::join`` * Made iterators passed to ``formatter`` specializations via a format context satisfy C++20 ``std::output_iterator`` requirements. * Optimized the ``printf`` implementation. * Improved detection of ``constexpr`` ``char_traits``. * Fixed exception propagation from iterators. * Improved ``strftime`` error handling. * Stopped using deprecated GCC UDL template extension. * Added ``fmt/args.h`` to the install target. * Error messages are now passed to assert when exceptions are disabled. * Added the ``FMT_MASTER_PROJECT`` CMake option to control build and install targets when {fmt} is included via ``add_subdirectory``. * Improved build configuration. * Fixed various warnings and compilation issues. * Improved documentation. * Continuous integration and test improvements. - Bump soversion to 8 ++++ osinfo-db: - Update to database version 20210621 osinfo-db-20210621.tar.xz - Drop patches contained in new tarball SLE-add-info-about-UEFI-support.patch add-sle15sp3-support.patch add-slem50-support.patch fix-sle15sp1-volume-id-string.patch ++++ shim: (sync shim.changes from SLE) - Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz - Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch to handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) - Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the maximum variable size check for u-boot (bsc#1185621) + Also drop AArch64 suse-signed shim since we merged this patch - Add shim-bsc1185261-relax-import_mok_state-check.patch to relax the check for import_mok_state() when Secure Boot is off. (bsc#1185261) - Add shim-bsc1185232-relax-loadoptions-length-check.patch to ignore the odd LoadOptions length (bsc#1185232) - shim-install: reset def_shim_efi to "shim.efi" if the given file doesn't exist - Add shim-fix-aa64-relsz.patch to fix the size of rela sections for AArch64 Fix: https://github.com/rhboot/shim/issues/371 - Add shim-disable-export-vendor-dbx.patch to disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) - Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the potential crash when calling QueryVariableInfo in EFI 1.10 machines (bsc#1187260) - Add shim-bsc1185232-fix-config-table-copying.patch to avoid buffer overflow when copying data to the MOK config table (bsc#1185232) - Add shim-bsc1185232-fix-config-table-copying.patch to avoid buffer overflow when copying data to the MOK config table (bsc#1185232) - Add shim-disable-export-vendor-dbx.patch to disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) - Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the potential crash when calling QueryVariableInfo in EFI 1.10 machines (bsc#1187260) ++++ sysuser-tools: - Bump version up to 3.1. The --replace parameter only appeared in systemd 238, so we need to ensure to get the update order correct for sysuser-generate when using the 3rd command line parameters: * systemd -> sysuser-tools -> system-{user|group}-FOO. - Add dependency on systemd >=238 if systemd is installed to sysuser-shadow - update sysuser_requires to request sysuser-shadow 3.1 ++++ virt-manager: - Upstream bug fixes (bsc#1027942) d3c627f1-volumeupload-Use-1MiB-read-size.patch cf93e2db-console-fix-error-with-old-pygobject.patch 143c6bef-virtinst-fix-error-message-format-string.patch fe8722e7-createnet-Remove-some-unnecessary-max_length-annotations.patch d9b5090e-Fix-forgetting-password-from-keyring.patch ++++ yast2: - Y2Issues::List: Add methods size and concat (related to bsc#1181295). - 4.4.13 ++++ yast2-trans: - Update to version 84.87.20210620.b9c691b1c1: * New POT for text domain 'gtk'. * New POT for text domain 'packager'. * Translated using Weblate (Czech) * New POT for text domain 'firstboot'. * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Finnish) * Translated using Weblate (Czech) * Translated using Weblate (Czech) ------------------------------------------------------------------ ------------------ 2021-6-19 - Jun 19 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - usb: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes). - net/x25: Return the correct errno code (git-fixes). - HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes). - HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes). - HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes). - commit be65fa1 - cfg80211: avoid double free of PMSR request (git-fixes). - can: mcba_usb: fix memory leak in mcba_usb (git-fixes). - alx: Fix an error handling path in 'alx_probe()' (git-fixes). - batman-adv: Avoid WARN_ON timing related checks (git-fixes). - drm/tegra: sor: Do not leak runtime PM reference (git-fixes). - drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes). - HID: hid-sensor-hub: Return error for hid_set_field() failure (git-fixes). - HID: hid-input: add mapping for emoji picker key (git-fixes). - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (git-fixes). - commit c7889a3 - can: bcm: fix infoleak in struct bcm_msg_head (CVE-2021-34693 bsc#1187452). - commit 02583ee ++++ Mesa: - update to 21.1.3 * third bugfix * mostly AMD fixes ------------------------------------------------------------------ ------------------ 2021-6-18 - Jun 18 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171). - commit 9bd57ed ++++ libgpg-error: - Drop --with-pic (no effect with --disable-static). ++++ systemd: - Create /run/lock/subsys again (bsc#1187292) The creation of this directory was mistakenly dropped when 'filesystem' package took the initialization of the generic paths over. Paths under /run/lock are still managed by systemd for lack of better place. ++++ tpm2.0-tools: - Add 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch to fix the tpm2_eventlog command (boo#1187360) ------------------------------------------------------------------ ------------------ 2021-6-17 - Jun 17 2021 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.106.g760b0c69: * chore(suse): add Conflicts for old suse-module-tools to specfile (bsc#1187115) - Update to version 055+suse.104.g9d45c1df: * feat(suse-initrd): add INITRD_MODULES from /etc/sysconfig/kernel, too * fix(suse-initrd): call dracut_instmods with hostonly= * fix(suse-initrd): use $kernel rather than $(uname -r) ++++ haproxy: - Update to version 2.4.1+git0.1ce7d4925: * [RELEASE] Released version 2.4.1 * BUG/MINOR: mux-h2/traces: bring back the lost "sent H2 REQ/RES" traces * BUG/MINOR: mux-h2/traces: bring back the lost "rcvd H2 REQ" trace * MINOR: mux-h2: obey http-ignore-probes during the preface * BUG/MINOR: stats: make "show stat typed desc" work again * CLEANUP: mux-h2/traces: better align user messages * MINOR: mux-h2/trace: report a few connection-level info during h2_init() * MINOR: connection: add helper conn_append_debug_info() * BUG/MINOR: server: explicitly set "none" init-addr for dynamic servers * BUG/MINOR: mux-h1: do not skip the error response on bad requests * MINOR: backend: only skip LB when there are actual connections * BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue * CLEANUP: global: remove unused definition of stopping_task[] * BUG/MINOR: mworker: fix typo in chroot error message * BUG/MINOR: ssl: use atomic ops to update global shctx stats * BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE * BUG/MEDIUM: server: do not auto insert a dynamic server in px addr_node * BUG/MINOR: server: do not keep an invalid dynamic server in px ids tree * BUG/MEDIUM: server: do not forget to generate the dynamic servers ids * BUG/MEDIUM: server: clear dynamic srv on delete from proxy id/name trees * BUG/MEDIUM: server: extend thread-isolate over much of CLI 'add server' * BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id * DOC: lua: Add a warning about buffers modification in HTTP * BUG/MAJOR: resolvers: segfault using server template without SRV RECORDs * MEDIUM: resolvers: add a ref between servers and srv request or used SRV record * MEDIUM: resolvers: add a ref on server to the used A/AAAA answer item * BUG/MINOR: resolvers: answser item list was randomly purged or errors * CLEANUP: l7-retries: do not test the buffer before calling b_alloc() * BUG/MINOR: mux-fcgi: Expose SERVER_SOFTWARE parameter by default * BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded * CLEANUP: pools: remove now unused seq and pool_free_list * BUG/MAJOR: pools: fix possible race with free() in the lockless variant * MEDIUM: pools: use a single pool_gc() function for locked and lockless * MINOR: pools: call malloc_trim() under thread isolation * MINOR: pools: do not maintain the lock during pool_flush() * BUG/MINOR: pools: make DEBUG_UAF always write to the to-be-freed location * BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush() * BUG/MEDIUM: compression: Add a flag to know the filter is still processing data * BUG/MEDIUM: compression: Properly get the next block to iterate on payload * BUG/MEDIUM: compression: Fix loop skipping unused blocks to get the next block * BUG/MEDIUM: opentracing: initialization before establishing daemon and/or chroot mode * Revert "BUG/MINOR: opentracing: initialization after establishing daemon mode" * BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future * BUILD: make tune.ssl.keylog available again * DOC: use the req.ssl_sni in examples * MINOR: errors: allow empty va_args for diag variadic macro * BUG/MAJOR: stream-int: Release SI endpoint on server side ASAP on retry * DOC/MINOR: move uuid in the configuration to the right alphabetical order * BUG/MINOR: vars: Be sure to have a session to get checks variables * CLEANUP: http-ana: Remove useless if statement about L7 retries * BUG/MINOR: proxy: Missing calloc return value check in chash_init_server_tree * BUG/MINOR: http: Missing calloc return value check in make_arg_list * BUG/MINOR: http: Missing calloc return value check while parsing redirect rule * BUG/MINOR: worker: Missing calloc return value check in mworker_env_to_proc_list * BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo * BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule * BUG/MINOR: http: Missing calloc return value check while parsing tcp-request/tcp-response * BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy * BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare * BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture * BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine * BUG/MINOR: peers: Missing calloc return value check in peers_register_table * BUG/MINOR: server: Missing calloc return value check in srv_parse_source * DOC: intro: Fix typo in starter guide * MINOR: cfgparse: Fail when encountering extra arguments in macro * MINOR: http-ana: Perform L7 retries because of status codes in response analyser * BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts * BUG/MINOR: http-ana: Send the right error if max retries is reached on L7 retry * Revert "MEDIUM: http-ana: Deal with L7 retries in HTTP analysers" * BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response * BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter * BUILD/MINOR: opentracing: fixed build when using clang * BUG/MAJOR: server: prevent deadlock when using 'set maxconn server' * BUG/MEDIUM: ebtree: Invalid read when looking for dup entry ++++ kernel-default: - ASoC: Intel: soc-acpi: remove TGL RVP mixed SoundWire/TDM config (git-fixes). - commit 85be7e7 - blacklist.conf: the driver has not been converted to new error codes - commit 5e49259 - UsrMerge the kernel (boo#1184804) - Move files in /boot to modules dir The file names in /boot are included as %ghost links. The %post script creates symlinks for the kernel, sysctl.conf and System.map in /boot for compatibility. Some tools require adjustments before we can drop those links. If boot is a separate partition, a copy is used instead of a link. The logic for /boot/vmlinuz and /boot/initrd doesn't change with this patch. - Use /usr/lib/modules as module dir when usermerge is active in the target distro. - commit 6f5ed04 - x86/sev: Check SME/SEV support in CPUID first (jsc#SLE-14337). - iommu/vt-d: Use user privilege for RID2PASID translation (bsc#1187348). - iommu/virtio: Add missing MODULE_DEVICE_TABLE (bsc#1187345). - x86/sev-es: Use __put_user()/__get_user() for data accesses (bsc#1187351). - x86/sev-es: Forward page-faults which happen during emulation (bsc#1187350). - x86/sev-es: Don't return NULL from sev_es_get_ghcb() (bsc#1187349). - iommu/vt-d: Remove WO permissions on second-level paging entries (bsc#1187346). - iommu/vt-d: Report right snoop capability when using FL for IOVA (bsc#1187347). - iommu: Fix a boundary issue to avoid performance drop (bsc#1187344). - x86/sev-es: Replace open-coded hlt-loops with sev_es_terminate() (jsc#SLE-14337). - x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path (jsc#SLE-14337). - x86/boot/compressed/64: Add CPUID sanity check to 32-bit boot-path (jsc#SLE-14337). - x86/boot/compressed/64: Add 32-bit boot #VC handler (jsc#SLE-14337). - x86/boot/compressed/64: Setup IDT in startup_32 boot path (jsc#SLE-14337). - x86/boot/compressed/64: Reload CS in startup_32 (jsc#SLE-14337). - x86/sev: Do not require Hypervisor CPUID bit for SEV guests (jsc#SLE-14337). - x86/boot/compressed/64: Cleanup exception handling before booting kernel (jsc#SLE-14337). - iommu/amd: Keep track of amd_iommu_irq_remap state (https://bugzilla.kernel.org/show_bug.cgi?id=212133). - x86/sev-es: Do not support MMIO to/from encrypted memory (jsc#SLE-14337). - x86/head/64: Check SEV encryption before switching to kernel page-table (jsc#SLE-14337). - x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path (jsc#SLE-14337). - x86/boot/compressed/64: Sanity-check CPUID results in the early #VC handler (jsc#SLE-14337). - x86/boot/compressed/64: Introduce sev_status (jsc#SLE-14337). - x86/boot/64: Explicitly map boot_params and command line (jsc#SLE-14337). - x86/head/64: Disable stack protection for head$(BITS).o (jsc#SLE-14337). - commit 9810251 - usb: gadget: eem: fix wrong eem header operation (git-fixes). - commit 88ac26b - usb: fix various gadget panics on 10gbps cabling (git-fixes). - commit 43c2b75 - usb: f_ncm: only first packet of aggregate needs to start timer (git-fixes). - commit 6960da4 - dmaengine: idxd: add missing dsa driver unregister (git-fixes). - ALSA: seq: Fix race of snd_seq_timer_open() (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power G8 (git-fixes). - ALSA: hda/realtek: headphone and mic don't work on an Acer laptop (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 840 Aero G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP EliteBook x360 1040 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Elite Dragonfly G2 (git-fixes). - ASoC: amd: fix for pcm_read() error (git-fixes). - ASoC: max98088: fix ni clock divider calculation (git-fixes). - commit 4d314e7 - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes). - commit 4b0a18c - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - commit a61b441 - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - commit f1cf5e2 - usb: dwc3: ep0: fix NULL pointer exception (git-fixes). - usb: gadget: eem: fix wrong eem header operation (git-fixes). - usb: fix various gadget panics on 10gbps cabling (git-fixes). - usb: f_ncm: only first packet of aggregate needs to start timer (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - commit 6edf7f4 - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes). - drm: Lock pointer access in drm_master_release() (git-fixes). - isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes). - net/nfc/rawsock.c: fix a permission check bug (git-fixes). - spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - i2c: mpc: Make use of i2c_recover_bus() (git-fixes). - commit 623c00b - dmaengine: stedma40: add missing iounmap() on error in d40_probe() (git-fixes). - dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes). - dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes). - dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (git-fixes). - drm: Fix use-after-free read in drm_getunique() (git-fixes). - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet (git-fixes). - ASoC: max98088: fix ni clock divider calculation (git-fixes). - commit 2b181d0 ++++ kernel-firmware: - Update to version 20210609 (git commit 0f66b74b6267): * cypress: update firmware for cyw54591 pcie * cypress: update firmware for cyw4373 sdio * cypress: update firmware for cyw43570 pcie * cypress: update firmware for cyw4356 sdio * cypress: update firmware for cyw4354 sdio * cypress: update firmware for cyw43455 sdio * cypress: update firmware for cyw43430 sdio * cypress: update firmware for cyw43340 sdio * cypress: update firmware for cyw43012 sdio * rtl_bt: Add rtl8761bu firmware * rtl_bt: Add rtl8761b firmware * Mellanox: Add new mlxsw_spectrum firmware xx.2008.2946 * mediatek: update MT7915 firmware to 20201105 * rtl_bt: Update RTL8822C BT(UART I/F) FW to 0x05A8_A0CB * rtl_bt: Update RTL8822C BT(USB I/F) FW to 0x09A8_A0CB * linux-firmware: update firmware for MT7921 WiFi device * QCA: Add Bluetooth firmware for WCN685x * QCA: Update Bluetooth firmware for QCA6174 * QCA: Update Bluetooth firmware for QCA6390 * cxgb4: Update firmware to revision 1.25.6.0 ++++ less: - update to 590: * Make less able to read lesskey source files (deprecating lesskey). * If XDG_CONFIG_HOME is set, find lesskey source file in $XDG_CONFIG_HOME/lesskey rather than $HOME/.lesskey. * If XDG_DATA_HOME is set, find and store history file in $XDG_DATA_HOME/lesshst rather than $HOME/.lesshst. * Add the --lesskey-src option. * Add the --file-size option. * With -F, if screen is resized to make file fit on one screen, don't exit. ++++ patterns-microos: - create pattern for k3s (jsc#SMO-40) ++++ python-ordered-set: - Add Provides: for python*dist(ordered-set): work around boo#1186870 ++++ shim: - Add shim-fix-aa64-relsz.patch to fix the size of rela sections for AArch64 Fix: https://github.com/rhboot/shim/issues/371 ++++ suse-module-tools: - Update to version 15.3.7: * Fix treatment of compressed modules (bsc#1187093) ++++ tpm2.0-tools: - Add 0001-tpm2_checkquote-fix-uninitialized-variable.patch for a better fix of boo#1187316 - Re-enable lto ++++ yast2: - add riscv64 architecture helper (jsc#SLE-19562) - 4.4.12 ------------------------------------------------------------------ ------------------ 2021-6-16 - Jun 16 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.32.0: + Now NetworkManager uses systemd-resolved API to lookup the system hostname via reverse DNS. If systemd-resolved is not available, a 'nm-daemon-helper' binary is spawned to perform the lookup using the 'dns' NSS module. - Rebase patches. ++++ btrfsprogs: - Add --disable-zoned for leap ++++ kernel-default: - bcache: avoid oversized read request in cache missing code path (bsc#1187357, bsc#1185570, bsc#1184631). - bcache: remove bcache device self-defined readahead (bsc#1187357, bsc#1185570, bsc#1184631). - lib: crc64: fix kernel-doc warning (bsc#1187357). - bcache: fix a regression of code compiling failure in debug.c (bsc#1187357). - bcache: Use 64-bit arithmetic instead of 32-bit (bsc#1187357). - md: bcache: Trivial typo fixes in the file journal.c (bsc#1187357). - md: bcache: avoid -Wempty-body warnings (bsc#1187357). - bcache: use NULL instead of using plain integer as pointer (bsc#1187357). - bcache: remove PTR_CACHE (bsc#1187357). - bcache: reduce redundant code in bch_cached_dev_run() (bsc#1187357). - bcache: don't pass BIOSET_NEED_BVECS for the 'bio_set' embedded in 'cache_set' (bsc#1187357). - bcache: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1187357). - bcache: inherit the optimal I/O size (bsc#1187357). - commit ce1a322 - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes). - commit 1d82c71 - media: mtk-mdp: Check return value of of_clk_get (git-fixes). - commit f37fbe9 - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes). - commit 08513d7 - usb: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes). - commit 08559a5 - dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411). - commit 31da646 - dax: Add an enum for specifying dax wakup mode (bsc#1187411). - commit 1d4c2a3 - tracing: Correct the length check which causes memory corruption (git-fixes). - commit 0072a4b - tracing: Restructure trace_clock_global() to never block (git-fixes). - commit 6d6d42d - Refresh patches.suse/brcmfmac-Add-clm_blob-firmware-files-to-modinfo.patch. - commit f631d93 - ftrace: Free the trampoline when ftrace_startup() fails (git-fixes). - commit 533e192 - blacklist.conf: 75d3e7f4769d ("s390/test_unwind: fix possible memleak in test_unwind()") We build test_unwind kernel module out of tree. - commit abf9977 - ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes). - commit 31cd567 - Revert "ecryptfs: replace BUG_ON with error handling code" (bsc#1187413). - commit 7387ee5 - ocfs2: fix data corruption by fallocate (bsc#1187412). - commit 684ec92 - dax: Wake up all waiters after invalidating dax entry (bsc#1187411). - commit 42391aa - fs: fix reporting supported extra file attributes for statx() (bsc#1187410). - commit 36f6f1f - Update config files: CONFIG_SND_HDA_INTEL=m for armv7hl, too (bsc#1187334) It's used by openQA. - commit c363e06 - ext4: fix memory leak in ext4_fill_super (bsc#1187409). - commit d8152b1 - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (bsc#1187408). - commit 41eb311 - ext4: fix error code in ext4_commit_super (bsc#1187407). - commit 350d1b1 - ext4: fix check to prevent false positive report of incorrect used inodes (bsc#1187404). - commit 57c9a0a - kyber: fix out of bounds access when preempted (bsc#1187403). - commit 491df1f - block: Discard page cache of zone reset target range (bsc#1187402). - commit 74c08d5 - xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (bsc#1185675). - commit 372fbf0 - kernel-binary.spec.in: Regenerate makefile when not using mkmakefile. - commit 6b30fe5 - xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (bsc#1185675). - commit 96f285d - cifs: constify get_normalized_path() properly (bsc#1185902). - commit f4ccabe - cifs: don't cargo-cult strndup() (bsc#1185902). - commit 2296da2 ++++ efivar: - Add efivar-bsc1187386-fix-emmc-parsing.patch to fix the eMMC sysfs parsing (bsc#1187386) ++++ openldap2: - bsc#1187210 - Resolve bug in the idle / connection TTL timeout implementation in OpenLDAP. * 0231-ITS-9468-Added-test-case-for-proxy-re-binding-anonym.patch * 0232-ITS-9468-back-ldap-Return-disconect-if-rebind-cannot.patch * 0233-ITS-9468-removed-accidental-unicode-characters.patch * 0234-ITS-9468-documented-that-re-connecting-does-not-happ.patch * 0235-ITS-9468-summarize-discussion-about-rebind-as-user.patch * 0236-ITS-9468-fixed-typos.patch * 0237-ITS-9468-always-init-lc_time-and-lc_create_time.patch * 0238-ITS-9468-do-not-arm-expire-timer-for-connections-tha.patch ++++ microos-tools: - Update to version 2.11 - Fix unwritable /var / /etc after SELinux relabel [bsc#1186563] ------------------------------------------------------------------ ------------------ 2021-6-15 - Jun 15 2021 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - revert previous change, unintentionally disables zstd on tumbleweed - Fix build for leap * --disable-zstd if leap < 42.3 * --disable-zoned for leap ++++ cloud-regionsrv-client: - Update to version 9.2.0 (bsc#1029162) + Support IPv6 as best-effort, with fallback to IPv4 ++++ kernel-default: - Updated patch-mainline tags. Also moved the affected patches into the sorted section. Change in patch order moved devm_rpi_firmware_put but it aligns with mainline. - commit bb0636f - fuse: BUG_ON correction in fuse_dev_splice_write() (bsc#1187356). - commit d2e5d40 - Update config files: enable zstd decompression for initramfs (bsc#1187483, jsc#SLE-18766) - commit 0fe9f47 - usr: Add support for zstd compressed initramfs (bsc#1187483, jsc#SLE-18766). - commit a9bf6b8 - sched/debug: Fix cgroup_path[] serialization (git-fixes) - commit 24c7edf - blacklist.conf: We don't support uclamp - commit 0b70e65 - blacklist.conf: We have CONFIG_JUMP_LABEL - commit 093a643 - series.conf: cleanup - update upstream references and move into sorted section: patches.suse/mac80211-add-fragment-cache-to-sta_info.patch patches.suse/mac80211-assure-all-fragments-are-encrypted.patch patches.suse/mac80211-check-defrag-PN-against-current-frame.patch patches.suse/mac80211-do-not-accept-forward-invalid-EAPOL-frames.patch patches.suse/mac80211-drop-A-MSDUs-on-old-ciphers.patch patches.suse/mac80211-extend-protection-against-mixed-key-and-fra.patch patches.suse/mac80211-prevent-attacks-on-TKIP-WEP-as-well.patch patches.suse/mac80211-prevent-mixed-key-and-fragment-cache-attack.patch patches.suse/mac80211-properly-handle-A-MSDUs-that-start-with-an-.patch No effect on expanded tree. - commit 9fdca2b - series.conf: cleanup Move a SUSE specific patch ("Patch-mainline: Never...") to corresponding per-subsystem section. - commit 811dc9a - fix patch metadata - fix Patch-mainline: patches.suse/RDMA-ucma-Rework-ucma_migrate_id-to-avoid-races-with.patch - commit c80eef0 ++++ netcontrol: - version 0.3.2 - use SPDX shortname lincense and PKG_INSTALLDIR autoconf macro - virsh iface-list takes too long with many interfaces (bsc#1179144) - Cleanup netcf functions, include elapsed time in debug messages - Changed to refresh config and system info to keep them consistent - Add (fix or) adaptive refresh caching, set to double refresh-time - Implemented new backend refresh using wicked config/system queries - remove packages included in 0.3.2 source archive: [- 0005-bonding-don-t-complain-about-unknown-options.1132794.patch] [- 0004-udev-use-correct-udev-rule-write-lock-directory.patch] [- 0003-sysconfig-fix-segfault-on-missed-end-quote-bsc-10277.patch] [- 0002-Fix-invalid-check-in-route-creation-bsc-1148646.patch] [- 0001-virsh-iface-list-not-working-as-expected-bsc-1029201.patch] ++++ tpm2.0-tools: - Disable lto to fix tpm2_checkquote error (boo#1187316) - Update service file to point to the correct revision ++++ wicked: - version 0.6.66 - wireless: migrate to wpa-supplicant v1 DBus interface (bsc#1156920) - support multiple networks configurations per interface - show connection status and scan-results (bsc#1160654) - corrected eap-tls,ttls cetificate handling and open vs. shared wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592) - cleanups and several other improvements, see changes - updated man ifcfg-wireless manual pages - nanny: fix identify node owner exit condition - schema: several xml-schema and dbus/property improvements - utils: format/parse bitmap to array and string alternatives - client: expose ethtool --get-permanent-address option - removed sle15-sp3 patches included in the master sources (bsc#1181812) [- 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch] [- 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch] ------------------------------------------------------------------ ------------------ 2021-6-14 - Jun 14 2021 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Adjust audit.spec and audit-secondary.spec to support new version - Include fix for libev * add libev-werror.patch - Update to version 3.0.2 - In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen) - Optionally interpret auid in auditctl -l - Update some syscall argument interpretations - In auditd, do not allow spaces in the hostname name format - Big documentation cleanup (MIZUTA Takeshi) - Update syscall table to the 5.12 kernel - Update the auparse normalizer for new event types - Fix compiler warnings in ids subsystem - Block a couple signals from flush & reconfigure threads - In auditd, don't wait on flush thread when exiting - Output error message if the path of input files are too long ausearch/report Included fixes from 3.0.1 - Update syscall table to the 5.11 kernel - Add new --eoe-timeout option to ausearch and aureport (Burn Alting) - Only enable periodic timers when listening on the network - Upgrade libev to 4.33 - Add auparse_new_buffer function to auparse library - Use the select libev backend unless aggregating events - Add sudoers to some base audit rules - Update the auparse normalizer for some new syscalls and event types Included fixes from 3.0 - Generate checkpoint file even when no results are returned (Burn Alting) - Fix log file creation when file logging is disabled entirely (Vlad Glagolev) - Convert auparse_test to run with python3 (Tomáš Chvátal) - Drop support for prelude - Adjust backlog_wait_time in rules to the kernel default (#1482848) - Remove ids key syntax checking of rules in auditctl - Use SIGCONT to dump auditd internal state (#1504251) - Fix parsing of virtual timestamp fields in ausearch_expression (#1515903) - Fix parsing of uid & success for ausearch - Add support for not equal operator in audit by executable (Ondrej Mosnacek) - Hide lru symbols in auparse - Add systemd process protections - Fix aureport summary time range reporting - Allow unlimited retries on startup for remote logging - Add queue_depth to remote logging stats and increase default queue_depth size - Fix segfault on shutdown - Merge auditd and audispd code - Close on execute init_pipe fd (#1587995) - Breakout audisp syslog plugin to be standalone program - Create a common internal library to reduce code - Move all audispd config files under /etc/audit/ - Move audispd.conf settings into auditd.conf - Add queue depth statistics to internal state dump report - Add network statistics to internal state dump report - SIGUSR now also restarts queue processing if its suspended - Update lookup tables for the 4.18 kernel - Add auparse_normalizer support for SOFTWARE_UPDATE event - Add 30-ospp-v42.rules to meet new Common Criteria requirements - Deprecate enable_krb and replace with transport config opt for remote logging - Mark netlabel events as simple events so that get processed quicker - When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833) - In aureport, fix segfault in file report - Add auparse_normalizer support for labeled networking events - Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194) - In ausearch/auparse, event aging is off by a second - In ausearch/auparse, correct event ordering to process oldest first - Migrate auparse python test to python3 - auparse_reset was not clearing everything it should - Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events - In ausearch/report, lightly parse selinux portion of USER_AVC events - Add bpf syscall command argument interpretation to auparse - In ausearch/report, limit record size when malformed - Port af_unix plugin to libev - In auditd, fix extract_type function for network originating events - In auditd, calculate right size and location for network originating events - Make legacy script wait for auditd to terminate (#1643567) - Treat all network originating events as VER2 so dispatcher doesn't format it - If an event has a node name make it VER2 so dispatcher doesnt format it - In audisp-remote do an initial connection attempt (#1625156) - In auditd, allow expression of space left as a percentage (#1650670) - On PPC64LE systems, only allow 64 bit rules (#1462178) - Make some parts of auditd state report optional based on config - Update to libev-4.25 - Fix ausearch when checkpointing a single file (Burn Alting) - Fix scripting in 31-privileged.rules wrt filecap (#1662516) - In ausearch, do not checkpt if stdin is input source - In libev, remove __cold__ attribute for functions to allow proper hardening - Add tests to configure.ac for openldap support - Make systemd support files use /run rather than /var/run (Christian Hesse) - Fix minor memory leak in auditd kerberos credentials code - Allow exclude and user filter by executable name (Ondrej Mosnacek) - Fix auditd regression where keep_logs is limited by rotate_logs 2 file test - In ausearch/report fix --end to use midnight time instead of now (#1671338) - Add substitue functions for strndupa & rawmemchr - Fix memleak in auparse caused by corrected event ordering - Fix legacy reload script to reload audit rules when daemon is reloaded - Support for unescaping in trusted messages (Dmitry Voronin) - In auditd, use standard template for DEAMON events (Richard Guy Briggs) - In aureport, fix segfault for malformed USER_CMD events - Add exe field to audit_log_user_command in libaudit - In auditctl support filter on socket address families (Richard Guy Briggs) - Deprecate support for Alpha & IA64 processors - If space_left_action is rotate, allow it every time (#1718444) - In auparse, drop standalone EOE events - Add milliseconds column for ausearch extra time csv format - Fix aureport first event reporting when no start given - In audisp-remote, add new config item for startup connection errors - Remove dependency on chkconfig - Install rules to /usr/share/audit/sample-rules/ - Split up ospp rules to make SCAP scanning easier (#1746018) - In audisp-syslog, support interpreting records (#1497279) - Audit USER events now sends msg as name value pair - Add support for AUDIT_BPF event - Auditd should not process AUDIT_REPLACE events - Update syscall tables to the 5.5 kernel - Improve personality interpretation by using PERS_MASK - Speedup ausearch/report parsing RAW logging format by caching uid/name lookup - Change auparse python bindings to shared object (Issue #121) - Add error messages for watch permissions - If audit rules file doesn't exist log error message instead of info message - Revise error message for unmatched options in auditctl - In audisp-remote, fixup remote endpoint disappearin in ascii format - Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander) - In auditctl, add support for sending a signal to auditd - Removes audit-fno-common.patch: fixed in upstream - Removes audit-python3.patch: fixed in upstream ++++ dracut: - Update to version 055+suse.100.ga2700279: * fix(suse-initrd): remove references to INITRD_MODULES (bsc#1187115) * chore(suse): erase conditional for usrmerge from specfile * chore(suse): fix specfile for usrmerge ++++ kernel-default: - series.conf: cleanup Move a queued patch to "almost mainline" section. - commit a847492 - lib: Add zstd support to decompress (bsc#1187483, jsc#SLE-18766). - commit 8fa709b - x86/cpufeatures: Force disable X86_FEATURE_ENQCMD and remove update_pasid() (bsc#1178134). - commit 08621e3 - blacklist: add commit 4f06dd92b5d0 ("fuse: fix write deadlock") This is an ancient bug (from v2.6.26) which require extra backports. Not worth the risk introducing new regressions. - commit f0ede60 - efi/libstub: prevent read overflow in find_file_option() (git-fixes). - commit 9d1183c - kABI workaround for rtw88 (git-fixes). - commit 8a7edfc - usb: typec: intel_pmc_mux: Put fwnode in error case during - >probe() (git-fixes). - thunderbolt: usb4: Fix NVM read buffer bounds and offset issue (git-fixes). - rtw88: 8822c: add LC calibration for RTL8822C (git-fixes). - commit 3f6037a - mmc: sdhci: Clear unused bounce buffer at DMA mmap error path (bsc#1187039). - commit 757ad8a - rpm/kernel-binary.spec.in: Fix handling of +arch marker (bsc#1186672) The previous commit made a module wrongly into Module.optional. Although it didn't influence on the end result, better to fix it. Also, add a comment to explain the markers briefly. - commit 8f79742 - block: return the correct bvec when checking for gaps (bsc#1187144). - commit 22678f9 - Update patches.suse/scsi-qla2xxx-Reserve-extra-IRQ-vectors.patch (bsc#1184436 bsc#1186286). - commit 3b95648 - sched/fair: Make sure to update tg contrib for blocked load (git-fixes) - commit 9eeb58b - sched/fair: Keep load_avg and load_sum synced (git-fixes) - commit 8888330 - Refresh patches.suse/bpf-Fix-alu32-const-subreg-bound-tracking-on-bitwise.patch. - Refresh patches.suse/bpf-Prevent-writable-memory-mapping-of-read-only-rin.patch. - Refresh patches.suse/bpf-ringbuf-Deny-reserve-of-buffers-larger-than-ring.patch. - commit da26c78 - gpio: wcd934x: Fix shift-out-of-bounds error (git-fixes). - drm/mcde: Fix off by 10^3 in calculation (git-fixes). - drm/msm/a6xx: fix incorrectly set uavflagprd_inv field for A650 (git-fixes). - drm/msm/a6xx: update/fix CP_PROTECT initialization (git-fixes). - Revert "ACPI: sleep: Put the FACS table after using it" (git-fixes). - commit e1018b7 - USB: serial: cp210x: fix alternate function for CP2102N QFN20 (git-fixes). - usb: typec: mux: Fix copy-paste mistake in typec_mux_match (git-fixes). - usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path (git-fixes). - usb: typec: wcove: Use LE to CPU conversion when accessing msg->header (git-fixes). - usb: fix various gadgets null ptr deref on 10gbps cabling (git-fixes). - USB: f_ncm: ncm_bitrate (speed) is unsigned (git-fixes). - USB: serial: quatech2: fix control-request directions (git-fixes). - usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes). - usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes). - staging: rtl8723bs: Fix uninitialized variables (git-fixes). - commit b524f7e ++++ less: - Remove --with-pic (no static libs are ever produced). ++++ alsa: - Update to version 1.2.5.1: a bug fix release, including previous patches: https://www.alsa-project.org/wiki/Changes_v1.2.5_v1.2.5.1 - Drop obsoleted patches: 0001-conf-fix-load_for_all_cards.patch 0002-ucm-add-_alibpref-to-get-the-private-device-prefix.patch 0003-ucm-fix-_alibpref-string-add-.-delimiter-to-the-end.patch ++++ audit: - Adjust audit.spec and audit-secondary.spec to support new version - Include fix for libev * add libev-werror.patch - Update to version 3.0.2 - In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen) - Optionally interpret auid in auditctl -l - Update some syscall argument interpretations - In auditd, do not allow spaces in the hostname name format - Big documentation cleanup (MIZUTA Takeshi) - Update syscall table to the 5.12 kernel - Update the auparse normalizer for new event types - Fix compiler warnings in ids subsystem - Block a couple signals from flush & reconfigure threads - In auditd, don't wait on flush thread when exiting - Output error message if the path of input files are too long ausearch/report Included fixes from 3.0.1 - Update syscall table to the 5.11 kernel - Add new --eoe-timeout option to ausearch and aureport (Burn Alting) - Only enable periodic timers when listening on the network - Upgrade libev to 4.33 - Add auparse_new_buffer function to auparse library - Use the select libev backend unless aggregating events - Add sudoers to some base audit rules - Update the auparse normalizer for some new syscalls and event types Included fixes from 3.0 - Generate checkpoint file even when no results are returned (Burn Alting) - Fix log file creation when file logging is disabled entirely (Vlad Glagolev) - Convert auparse_test to run with python3 (Tomáš Chvátal) - Drop support for prelude - Adjust backlog_wait_time in rules to the kernel default (#1482848) - Remove ids key syntax checking of rules in auditctl - Use SIGCONT to dump auditd internal state (#1504251) - Fix parsing of virtual timestamp fields in ausearch_expression (#1515903) - Fix parsing of uid & success for ausearch - Add support for not equal operator in audit by executable (Ondrej Mosnacek) - Hide lru symbols in auparse - Add systemd process protections - Fix aureport summary time range reporting - Allow unlimited retries on startup for remote logging - Add queue_depth to remote logging stats and increase default queue_depth size - Fix segfault on shutdown - Merge auditd and audispd code - Close on execute init_pipe fd (#1587995) - Breakout audisp syslog plugin to be standalone program - Create a common internal library to reduce code - Move all audispd config files under /etc/audit/ - Move audispd.conf settings into auditd.conf - Add queue depth statistics to internal state dump report - Add network statistics to internal state dump report - SIGUSR now also restarts queue processing if its suspended - Update lookup tables for the 4.18 kernel - Add auparse_normalizer support for SOFTWARE_UPDATE event - Add 30-ospp-v42.rules to meet new Common Criteria requirements - Deprecate enable_krb and replace with transport config opt for remote logging - Mark netlabel events as simple events so that get processed quicker - When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833) - In aureport, fix segfault in file report - Add auparse_normalizer support for labeled networking events - Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194) - In ausearch/auparse, event aging is off by a second - In ausearch/auparse, correct event ordering to process oldest first - Migrate auparse python test to python3 - auparse_reset was not clearing everything it should - Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events - In ausearch/report, lightly parse selinux portion of USER_AVC events - Add bpf syscall command argument interpretation to auparse - In ausearch/report, limit record size when malformed - Port af_unix plugin to libev - In auditd, fix extract_type function for network originating events - In auditd, calculate right size and location for network originating events - Make legacy script wait for auditd to terminate (#1643567) - Treat all network originating events as VER2 so dispatcher doesn't format it - If an event has a node name make it VER2 so dispatcher doesnt format it - In audisp-remote do an initial connection attempt (#1625156) - In auditd, allow expression of space left as a percentage (#1650670) - On PPC64LE systems, only allow 64 bit rules (#1462178) - Make some parts of auditd state report optional based on config - Update to libev-4.25 - Fix ausearch when checkpointing a single file (Burn Alting) - Fix scripting in 31-privileged.rules wrt filecap (#1662516) - In ausearch, do not checkpt if stdin is input source - In libev, remove __cold__ attribute for functions to allow proper hardening - Add tests to configure.ac for openldap support - Make systemd support files use /run rather than /var/run (Christian Hesse) - Fix minor memory leak in auditd kerberos credentials code - Allow exclude and user filter by executable name (Ondrej Mosnacek) - Fix auditd regression where keep_logs is limited by rotate_logs 2 file test - In ausearch/report fix --end to use midnight time instead of now (#1671338) - Add substitue functions for strndupa & rawmemchr - Fix memleak in auparse caused by corrected event ordering - Fix legacy reload script to reload audit rules when daemon is reloaded - Support for unescaping in trusted messages (Dmitry Voronin) - In auditd, use standard template for DEAMON events (Richard Guy Briggs) - In aureport, fix segfault for malformed USER_CMD events - Add exe field to audit_log_user_command in libaudit - In auditctl support filter on socket address families (Richard Guy Briggs) - Deprecate support for Alpha & IA64 processors - If space_left_action is rotate, allow it every time (#1718444) - In auparse, drop standalone EOE events - Add milliseconds column for ausearch extra time csv format - Fix aureport first event reporting when no start given - In audisp-remote, add new config item for startup connection errors - Remove dependency on chkconfig - Install rules to /usr/share/audit/sample-rules/ - Split up ospp rules to make SCAP scanning easier (#1746018) - In audisp-syslog, support interpreting records (#1497279) - Audit USER events now sends msg as name value pair - Add support for AUDIT_BPF event - Auditd should not process AUDIT_REPLACE events - Update syscall tables to the 5.5 kernel - Improve personality interpretation by using PERS_MASK - Speedup ausearch/report parsing RAW logging format by caching uid/name lookup - Change auparse python bindings to shared object (Issue #121) - Add error messages for watch permissions - If audit rules file doesn't exist log error message instead of info message - Revise error message for unmatched options in auditctl - In audisp-remote, fixup remote endpoint disappearin in ascii format - Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander) - In auditctl, add support for sending a signal to auditd - Remove audit-fno-common.patch: fixed in upstream - Remove audit-python3.patch: fixed in upstream ++++ podman: - Update to version 3.2.1: * Bump to v3.2.1 * Updated release notes for v3.2.1 * Fix network connect race with docker-compose * Revert "Ensure minimum API version is set correctly in tests" * Fall back to string for dockerfile parameter * remote events: fix --stream=false * [CI:DOCS] fix incorrect network remove api doc * remote: always send resize before the container starts * remote events: support labels * remote pull: cancel pull when connection is closed * Fix network prune api docs * Improve systemd-resolved detection * logs: k8s-file: fix race * Fix image prune --filter cmd behavior * Several shell completion fixes * podman-remote build should handle -f option properly * System tests: deal with crun 0.20.1 * Fix build tags for pkg/machine... * Fix pre-checkpointing * container: ignore named hierarchies * [v3.2] vendor containers/common@v0.38.9 * rootless: fix fast join userns path * [v3.2] vendor containers/common@v0.38.7 * [v3.2] vendor containers/common@v0.38.6 * Correct qemu options for Intel macs * Ensure minimum API version is set correctly in tests * Bump to v3.2.1-dev ++++ python-M2Crypto: - Update to 0.38.0: - Remove the last use of setup.py test idiom. - Use m2_PyObject_AsReadBuffer instead of PyObject_AsReadBuffer. - Add support for arm64 big endian - Make support of RSA_SSLV23_PADDING optional (it has been deprecated). - Move project to src/ layout - Allow verify_cb_* to be called with ok=True - Be prepared if any of constants in x509_vfy.h is not available. - But we do support 3.8 - We DO NOT support Python 2.6. - All patches were upstreamed: - 293_sslv23_padding.patch - no-need-parameterized.patch - python-M2Crypto-Allow-on-UNABLE_TO_VERIFY_LEAF_SIGNATURE.patch ++++ yast2-trans: - Update to version 84.87.20210612.ff10a453ed: * New POT for text domain 'autoinst'. * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * New POT for text domain 'proxy'. * New POT for text domain 'installation'. * Translated using Weblate (Slovak) * Translated using Weblate (Italian) * Translated using Weblate (Catalan) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * New POT for text domain 'ftp-server'. * New POT for text domain 'bootloader'. * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) ------------------------------------------------------------------ ------------------ 2021-6-13 - Jun 13 2021 ------------------- ------------------------------------------------------------------ ++++ chrony: - Add now working CONFIG parameter to sysusers generator ++++ dnsmasq: - Add now working CONFIG parameter to sysusers generator ++++ transactional-update: - Version 3.4.0 - Apply SElinux context on /etc in transaction [boo#1185625], [boo#1185766] [bsc#1186842], [boo#1186775] - Implement inotify handling in C instead of Bash; this makes the - -drop-if-no-change option work on SLE Micro [bsc#1184529] - Use `tukit call` for up, dup and patch to allow resuming an update after zypper updated itself in the snapshot [bsc#1185226] - Fix obsolete output type messages in initrd [boo#1177149] - Make different base snapshot warning more visible [bsc#1185224] ------------------------------------------------------------------ ------------------ 2021-6-11 - Jun 11 2021 ------------------- ------------------------------------------------------------------ ++++ afterburn: - Add dracut modules for afterburn ++++ glib2: - Update to version 2.68.3: + Bugs fixed: - testfilemonitor test leaks ip_watched_file_t struct - GFile: `g_file_replace_contents()` reports `G_IO_ERROR_WRONG_ETAG` when saving from a symlink - Backport !2128 “inotify: Fix a memory leak” to glib-2-68 - Backport !2136 “tlscertificate: Avoid possible invalid read” to glib-2-68 - Backport !2138 “glocalfileoutputstream: Fix ETag check when replacing through a symlink” to glib-2-68. ++++ kernel-default: - Add arch-dependent support markers in supported.conf (bsc#1186672) We may need to put some modules as supported only on specific archs. This extends the supported.conf syntax to allow to put +arch additionally after the unsupported marker, then it'll be conditionally supported on that arch. - commit 75113c7 - Create Symbols.list and ipa-clones.list determistically without this patch, filesystem readdir order would influence order of entries in these files. This patch was done while working on reproducible builds for SLE. - commit a898b6d - RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy (bsc#1187050, CVE-2020-36385) - commit d630126 - Update patches.suse/Bluetooth-SMP-Fail-if-remote-and-local-public-keys-a.patch (bsc#1186463 CVE-2021-0129 CVE-2020-26558). - commit 3b40194 - Update config files (bsc#1187167) Set empty to CONFIG_MODULE_SIG_KEY for reproducible builds - commit d4c1c78 - ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (git-fixes). - drm/amdgpu/jpeg3: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/jpeg2.5: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/vcn3: add cancel_delayed_work_sync before power gate (git-fixes). - commit fbebaf6 - Bluetooth: fix the erroneous flush_work() order (git-fixes). - ALSA: timer: Fix master timer notification (git-fixes). - ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (git-fixes). - drm/amdgpu: make sure we unpin the UVD BO (git-fixes). - vfio/platform: fix module_put call in error flow (git-fixes). - vfio/pci: zap_vma_ptes() needs MMU (git-fixes). - vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes). - HID: multitouch: require Finger field to mark Win8 reports as MT (git-fixes). - commit 64bd478 ++++ bluez: - Add shared-gatt-server-Fix-not-properly-checking-for-sec.patch * Fix not properly checking for secure flags (bsc#1186463 CVE-2021-0129 CVE-2020-26558) ++++ libgcrypt: - Security fix: [bsc#1187212, CVE-2021-33560] * Libgcrypt mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm - Add patches: * libgcrypt-CVE-2021-33560-ElGamal-exponent-blinding.patch * libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch ++++ libpcap: - Update to 1.10.1 * Fix "type XXX subtype YYY" giving a parse error * Add PCAP_AVAILABLE_1_11. * Rename struct bpf_aux_data to avoid NetBSD compile errors * Fix cross-builds with older kernels lacking BPF_MOD and BPF_XOR * Fix Bison detection for minor version 0. * Fix parallel build with FreeBSD make. * Get DLT_MATCHING_MAX right in gencode.c on NetBSD. * Define timeradd() and timersub() if necessary. * Fix Cygwin/MSYS target directories. * Fix symlinking with DESTDIR. * Fix generation of libpcap.pc with CMake when not building a shared library. * Support reading version 1.2, which some writers produce, and which is the same as 1.0 * Drop support for text-mode USB captures, as we require a 2.6.27 or later kernel * Bluetooth: fix non-blocking mode. Don't assume that all compilers used to build for Linux support the __atomic builtins ++++ osinfo-db: - Update to database version 20210531 osinfo-db-20210531.tar.xz - Drop add-leap15.3-support.patch ++++ python-urllib3: - Add CVE-2021-33503.patch (bsc#1187045, CVE-2021-33503) * Improve performance of sub-authority splitting in URL ++++ qemu: - Improve compatibility with gcc 11: target-sh4-Return-error-if-CPUClass-get_.patch tcg-arm-Fix-tcg_out_op-function-signatur.patch ++++ yast2: - Yast2::AutoClient.run: Ensure that Reset, Read, and SetModified return nil regardless of their implementation, to prevent a crash in the component system (bsc#1187233) - 4.4.11 ------------------------------------------------------------------ ------------------ 2021-6-10 - Jun 10 2021 ------------------- ------------------------------------------------------------------ ++++ gptfdisk: - Update to 1.0.8 * Fixed double byte swap operation on writes of partition name data on big-endian systems; this is in addition to the double byte swap fix on reading partition label data fixed in 1.0.7. (Thanks to Erik Larsson for both fixes.) * Added feature to gdisk and sgdisk to enable swapping the byte order of partition names, so as to correct disks already affected by the preceding bug. This option is 'b' on the experts' menu in gdisk and - b/--byte-swap-name in sgdisk. This seems advanced/obscure enough that I don't want to clutter cgdisk's menu with this option, so I haven't added it there. * Added type code for the Barebox boot loader (0xbb00; 4778ED65-BF42-45FA-9C5B-287A1DC4AAB1). * Fixed bug that caused spurious warnings about the partition table header claiming an invalid size of partition entries when reading some MBR disks. * Added ARM64 as an architecture for the Mac builds of gdisk and fixparts. The official GPT fdisk binaries of these files for macOS are now "universal" x86-64/ARM64 binaries, so they will run natively on the new M1 (ARM64) Macs. The sgdisk and cgdisk binaries, though, remain built only for x86-64, because they rely on libraries that are not easily built in "universal" form. * Fixed double byte swap operation on partition label data on big-endian CPUs. This resulted in partition names becoming gibberish on such CPUs. * Added three new type codes: - 0x0701 - Microsoft Storage Replica - 0x0702 - ArcaOS Type 1 - 0x8401 - Storage Performance Development Kit (SPDK) block device - Drop fix-spurious-warnings.patch ++++ kernel-default: - scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701). - commit 36cc9f2 - kernel-binary.spec.in: Add Supplements: for -extra package on Leap kernel-$flavor-extra should supplement kernel-$flavor on Leap, like it does on SLED, and like the kernel-$flavor-optional package does. - commit c60d87f - perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 (bsc#1184685). - commit 1c4876a - block: return the correct bvec when checking for gaps (bsc#1187143). - commit 1a99a11 - series: Resort and update metadata Resort series.conf and update meta data: patches.suse/scsi-lpfc-Add-a-option-to-enable-interlocked-ABTS-be.patch patches.suse/scsi-lpfc-Add-ndlp-kref-accounting-for-resume-RPI-pa.patch patches.suse/scsi-lpfc-Fix-Node-recovery-when-driver-is-handling-.patch patches.suse/scsi-lpfc-Fix-Unexpected-timeout-error-in-direct-att.patch patches.suse/scsi-lpfc-Fix-crash-when-lpfc_sli4_hba_setup-fails-t.patch patches.suse/scsi-lpfc-Fix-node-handling-for-Fabric-Controller-an.patch patches.suse/scsi-lpfc-Fix-non-optimized-ERSP-handling.patch patches.suse/scsi-lpfc-Fix-unreleased-RPIs-when-NPIV-ports-are-cr.patch patches.suse/scsi-lpfc-Ignore-GID-FT-response-that-may-be-receive.patch patches.suse/scsi-lpfc-Reregister-FPIN-types-if-ELS_RDF-is-receiv.patch patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.10.patch - commit f894385 ++++ libnettle: - Security fix: [CVE-2021-3580, bsc#1187060] * Remote crash in RSA decryption via manipulated ciphertext - Add patches: * libnettle-CVE-2021-3580-rsa_sec.patch * libnettle-CVE-2021-3580-rsa_decrypt.patch ++++ libxslt: - Backport upstream xsltproc manpage fix f165525f Recreate xsltproc man page with old Docbook stylesheet URL Recreate-xsltproc-man-page-with-old-Docbook-styleshe.patch ++++ libzypp: - Enhance XML output of repo GPG options (fixes openSUSE/zypper#390) In addition to the effective values, add optional attributes showing the raw values actually present in the .repo file. (raw_gpgcheck, raw_repo_gpgcheck, raw_pkg_gpgcheck) - Link all executables with -pie (bsc#1186447) - Ship an empty /etc/zypp/needreboot per default (fixes #311, jsc#PM-2645) If packages want to trigger the reboot-needed hiint upon installation they may provide 'installhint(reboot-needed)'. Builtin packages triggering the hint without the provides are only kernel and kernel-firmware related. - Add Solvable::isBlacklisted as superset of retracted and ptf packages (bsc#1186503) - Fix segv if ZYPP_FULLOG is set (fixes #317) - version 17.27.0 (22) ++++ systemd-presets-common-SUSE: - To make update of package man work with its new upstream timer and service units both called man-db enable also man-db.timer ++++ zypper: - Link all executables with -pie (bsc#1186447) - Tag PTF packages in the status column (bsc#1186503) Like retracted packages, a program temporary fix must be explicitly selected and will otherwise not be considered in dependency resolution. - BuildRequires: libzypp-devel >= 17.26.1. - version 1.14.46 ------------------------------------------------------------------ ------------------ 2021-6-9 - Jun 9 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - cxgb4: avoid link re-train during TC-MQPRIO configuration (jsc#SLE-8389). - ice: Allow all LLDP packets from PF to Tx (jsc#SLE-7926). - ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared (git-fixes). - net/mlx5: DR, Create multi-destination flow table with level less than 64 (jsc#SLE-8464). - ixgbe: fix large MTU request from VF (git-fixes). - cxgb4: avoid accessing registers when clearing filters (git-fixes). - net/mlx5e: Fix multipath lag activation (git-fixes). - net/mlx5e: Fix nullptr in add_vlan_push_action() (git-fixes). - net: hns3: put off calling register_netdev() until client initialize complete (bsc#1154353). - gve: Correct SKB queue index validation (git-fixes). - gve: Upgrade memory barrier in poll routine (git-fixes). - gve: Add NULL pointer checks when freeing irqs (git-fixes). - gve: Update mgmt_msix_idx if num_ntfy changes (git-fixes). - net: bnx2: Fix error return code in bnx2_init_board() (git-fixes). - net/mlx4: Fix EEPROM dump support (git-fixes). - Revert "net: liquidio: fix a NULL pointer dereference" (git-fixes). - Revert "qlcnic: Avoid potential NULL pointer dereference" (git-fixes). - net: hns3: Limiting the scope of vector_ring_chain variable (git-fixes). - commit 4451268 - btrfs: open device without device_list_mutex (bsc#1176771). - commit c922550 - UCSI fixup of array of PDOs (git-fixes). - commit 554911b - usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4 (git-fixes). - commit 62a78a2 - i2c: imx: fix reference leak when pm_runtime_get_sync fails (git-fixes). - commit 7b525ce - vmlinux.lds.h: Avoid orphan section with !SMP (git-fixes). - commit 50e12e5 - ice: handle the VF VSI rebuild failure (jsc#SLE-12878). - ice: Fix allowing VF to request more/less queues via virtchnl (jsc#SLE-12878). - cxgb4: fix regression with HASH tc prio value update (jsc#SLE-15131). - net/mlx5e: Fix incompatible casting (jsc#SLE-15172). - netfilter: nf_tables: missing error reporting for not selected expressions (bsc#1176447). - net/sched: act_ct: Offload connections with commit action (jsc#SLE-15172). - devlink: Correct VIRTUAL port to not have phys_port attributes (jsc#SLE-15172). - net: zero-initialize tc skb extension on allocation (bsc#1176447). - net/sched: fq_pie: fix OOB access in the traffic path (jsc#SLE-15172). - net/sched: fq_pie: re-factor fix for fq_pie endless loop (jsc#SLE-15172). - net/mlx5: Set term table as an unmanaged flow table (jsc#SLE-15172). - net/mlx5e: Fix error path of updating netdev queues (jsc#SLE-15172). - net/mlx5e: reset XPS on error flow if netdev isn't registered yet (jsc#SLE-15172). - net/mlx5e: Fix null deref accessing lag dev (jsc#SLE-15172). - net/mlx5: Set reformat action when needed for termination rules (jsc#SLE-15172). - net: hns3: fix incorrect resp_msg issue (jsc#SLE-14777). - netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version (bsc#1176447). - cxgb4/ch_ktls: Clear resources when pf4 device is removed (jsc#SLE-15129). - chelsio/chtls: unlock on error in chtls_pt_recvmsg() (jsc#SLE-15129). - commit 9e162d7 - regulator: max77620: Use device_set_of_node_from_dev() (git-fixes). - regulator: core: resolve supply for boot-on/always-on regulators (git-fixes). - commit a6466ca ++++ alsa: - Fix regression in config read and UCM handling on pipewire and pulseaudio (boo#1187079, boo#1187033): 0001-conf-fix-load_for_all_cards.patch 0002-ucm-add-_alibpref-to-get-the-private-device-prefix.patch 0003-ucm-fix-_alibpref-string-add-.-delimiter-to-the-end.patch ++++ fuse3: - Update to release 3.10.4 * Source code: fixed memory leaks in examples. ++++ libnettle: - GNU Nettle 3.7.3: [CVE-2021-3580, bsc#1187060] * Fix crash for zero input to rsa_sec_decrypt and rsa_decrypt_tr. Potential denial of service vector. * Ensure that all of rsa_decrypt_tr and rsa_sec_decrypt return failure for out of range inputs, instead of either crashing, or silently reducing input modulo n. Potential denial of service vector. * Ensure that rsa_decrypt returns failure for out of range inputs, instead of silently reducing input modulo n. * Ensure that rsa_sec_decrypt returns failure if the message size is too large for the given key. Unlike the other bugs, this would typically be triggered by invalid local configuration, rather than by processing untrusted remote data. ++++ tpm2.0-abrmd: - Requires libtss2-tcti-{device0,tabrmd0} (bsc#1187077). In MicroOS systems the recommendations are not installed, making the service fail to initialize: Failed to instantiate TCTI ++++ pam-config: - Add "revoke" to the option list for pam_keyinit (Remove some leftover debugs while we're at it) [pam-config-fix-pam_keyinit-options.patch] - prior to writing an service-specific config file, the main function calls access() on the destination file in /etc/pam.d. This will fail and no config file will be written when the original config file was installed in /usr/etc/pam.d. A similar problem exists when creating the new service file: create_service_file() wants to give the new service file the same user, group and mode as the old one, but the old one may not exist. In that case, set these to 0(root), 0(root), and 0644. [pam-config-remove-bad-access-call.patch, bsc#1187091] ++++ python-dbus-python: - Update to latest version from tumbleweed jira#OPENSUSE-22 boo#1183818 - Enable testsuite ++++ qemu: - Enable zstd compression option to qcow2 ++++ ovmf: - Add ovmf-bsc1186151-fix-iscsi-overflows.patch to fix the possible overflows in IScsiDxe (bsc#1186151) ++++ tar: - Link /var/lib/tests/tar/bin/genfile as Position-Independent Executable (bsc#1184124). + tar-PIE.patch ++++ thin-provisioning-tools: - Link as position-independent executable (bsc#1184124). ++++ u-boot-rpiarm64: Fix Ethernet PHY initialization on OdroidC2 (boo#1187095) Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.04 * Patches added: 0015-arm64-dts-meson-odroidc2-readd-PHY-.patch ------------------------------------------------------------------ ------------------ 2021-6-8 - Jun 8 2021 ------------------- ------------------------------------------------------------------ ++++ augeas: - add remove-unportable-tests.patch to fix build ++++ gobject-introspection: - gi-find-deps.sh: Don't use HOSTTYPE, use RPM_ARCH. - ia64 never used ()(64bit) markers, do drop that from gi-find-deps. - gi-find-deps.sh: on Tumbleweed, HOSTTYPE on ppc64/ppc64le reports powerpc64 and powerpc64le: accept those strings as 64bit archs. ++++ kernel-default: - scsi: libsas: Reset num_scatter if libata marks qc as NODATA (bsc#1187068). - scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()" (bsc#1187067). - scsi: ufs: Make ufshcd_print_trs() consider UFSHCD_QUIRK_PRDT_BYTE_GRAN (bsc#1187069). - scsi: aacraid: Fix an oops in error handling (bsc#1187072). - commit a34cc53 - x86/ioremap: Map efi_mem_reserve() memory as encrypted for SEV (bsc#1186885). - commit c1bc56f - Update kabi files. - Update from the June 2021 maintenance update submission (commit eaf040d1bea) - commit ff2915c - Update patch reference for a BT fix (CVE-2020-36386 bsc#1187038) - commit 673eac4 - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal (git-fixes). - commit 12081a6 - scsi: ufs: core: Narrow down fast path in system suspend path (bsc#1186996). - scsi: sni_53c710: Add IRQ check (bsc#1186990). - scsi: sun3x_esp: Add IRQ check (bsc#1186991). - scsi: jazz_esp: Add IRQ check (bsc#1186965). - scsi: hisi_sas: Fix IRQ checks (bsc#1186963). - scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187003). - scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() (bsc#1186978). - scsi: qedi: Fix error return code of qedi_alloc_global_queues() (bsc#1186984). - scsi: mpt3sas: Do not use GFP_KERNEL in atomic context (bsc#1186977). - scsi: myrs: Fix a double free in myrs_cleanup() (bsc#1186980). - scsi: sd: Fix Opal support (bsc#1186989). - scsi: bnx2fc: Fix Kconfig warning & CNIC build errors (bsc#1186955). - scsi: lpfc: Fix ancient double free (bsc#1186969). - scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression (bsc#1186973). - scsi: cxgb4i: Fix TLS dependency (bsc#1186960). - scsi: fnic: Fix error return code in fnic_probe() (bsc#1186962). - scsi: pm80xx: Fix error return in pm8001_pci_probe() (bsc#1186981). - scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe (bsc#1186985). - scsi: qla4xxx: Remove in_interrupt() (bsc#1186987). - scsi: hisi_sas: Remove preemptible() (bsc#1186964). - scsi: megaraid_sas: Check user-provided offsets (bsc#1186970). - scsi: libfc: Fix enum-conversion warning (bsc#1186966). - scsi: bnx2i: Requires MMU (bsc#1186956). - scsi: mpt3sas: Fix ioctl timeout (bsc#1186979). - scsi: ufs: Fix race between shutdown and runtime resume flow (bsc#1186998). - scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186954). - scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() (bsc#1186953). - scsi: aacraid: Remove erroneous fallthrough annotation (bsc#1186950). - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (bsc#1186957). - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' (bsc#1186986). - scsi: ufs: Properly release resources if a task is aborted successfully (bsc#1187001). - scsi: libsas: Fix error path in sas_notify_lldd_dev_found() (bsc#1186967). - scsi: megaraid_sas: Don't call disable_irq from process IRQ poll (bsc#1186972). - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA (bsc#1186968). - scsi: mesh: Fix panic after host or bus reset (bsc#1186976). - scsi: megaraid_sas: Clear affinity hint (bsc#1186971). - scsi: scsi_debug: Add check for sdebug_max_queue during module init (bsc#1186988). - scsi: eesox: Fix different dev_id between request_irq() and free_irq() (bsc#1186961). - scsi: powertec: Fix different dev_id between request_irq() and free_irq() (bsc#1186982). - scsi: cumana_2: Fix different dev_id between request_irq() and free_irq() (bsc#1186958). - scsi: ufs: Add quirk to fix abnormal ocs fatal error (bsc#1186994). - scsi: ufs: Introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk (bsc#1187000). - scsi: ufs: Add quirk to enable host controller without hce (bsc#1186993). - scsi: ufs: Add quirk to disallow reset of interrupt aggregation (bsc#1186992). - scsi: ufs: Add quirk to fix mishandling utrlclr/utmrlclr (bsc#1186995). - scsi: megaraid_sas: Remove undefined ENABLE_IRQ_POLL macro (bsc#1186974). - scsi: acornscsi: Fix an error handling path in acornscsi_probe() (bsc#1186952). - scsi: ufs: Don't update urgent bkops level when toggling auto bkops (bsc#1186997). - scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186959). - scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1187002). - scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186951). - scsi: qedi: Check for buffer overflow in qedi_set_path() (bsc#1186983). - Revert "scsi: core: run queue if SCSI device queue isn't ready and queue is idle" (bsc#1186949). - scsi: ufshcd: use an enum for quirks (bsc#1186999). - commit 063da01 ++++ multipath-tools: - install to /usr on Tumbleweed (boo#1029961) ++++ python3-core: - add 22198.patch to build with Sphinx 4 ++++ podman: - Update to version 3.2.0: * Bump to v3.2.0 * Fix network create macvlan with subnet option * Final release notes updates for v3.2.0 * add ipv6 nameservers only when the container has ipv6 enabled * Use request context instead of background * [v.3.2] events: support disjunctive filters * System tests: add :Z to volume mounts * generate systemd: make mounts portable * vendor containers/storage@v1.31.3 * vendor containers/common@v0.38.5 * Bump to v3.2.0-dev * Bump to v3.2.0-RC3 * Update release notes for v3.2.0-RC3 * Fix race on podman start --all * Fix race condition in running ls container in a pod * docs: --cert-dir: point to containers-certs.d(5) * Handle hard links in different directories * Improve OCI Runtime error * Handle hard links in remote builds * Podman info add support for status of cgroup controllers * Drop container does not exist on removal to debugf * Downgrade API service routing table logging * add libimage events * docs: generate systemd: XDG_RUNTIME_DIR * Fix problem copying files when container is in host pid namespace * Bump to v3.2.0-dev * Bump to v3.2.0-RC2 * update c/common * Update Cirrus DEST_BRANCH to v3.2 * Updated vendors of c/image, c/storage, Buildah * Initial release notes for v3.2.0-RC2 * Add script for identifying commits in release branches * Add host.containers.internal entry into container's etc/hosts * image prune: remove unused images only with `--all` * podman network reload add rootless support * Use more recent `stale` release... * network tutorial: update with rootless cni changes * [CI:DOCS] Update first line in intro page * Use updated VM images + updated automation tooling * auto-update service: prune images * make vendor * fix system upgrade tests * Print "extracting" only on compressed file * podman image tree: restore previous behavior * fix network restart always test * fix incorrect log driver in podman container image * Add support for cli network prune --filter flag * Move filter parsing to common utils * Bump github.com/containers/storage from 1.30.2 to 1.30.3 * Update nix pin with `make nixpkgs` * [CI:DOCS] hack/bats - new helper for running system tests * fix restart always with slirp4netns * Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94 * Bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2 * Add host.serviceIsRemote to podman info results * Add client disconnect to build handler loop * Remove obsolete skips * Fix podman-remote build --rm=false ... * fix: improved "containers/{name}/wait" endpoint * Bump github.com/containers/storage from 1.30.1 to 1.30.2 * Add envars to the generated systemd unit * fix: use UTC Time Stamps in response JSON * fix container startup for empty pidfile * Kube like pods should share ipc,net,uts by default * fix: compat API "images/get" for multiple images * Revert escaped double dash man page flag syntax * Report Download complete in Compatibility mode * Add documentation on short-names * Bump github.com/docker/docker * Adds support to preserve auto update labels in generate and play kube * [CI:DOCS] Stop conversion of `--` into en dash * Revert Patch to relabel if selinux not enabled * fix per review request * Add support for environment variable secrets * fix pre review request * Fix infinite loop in isPathOnVolume * Add containers.conf information for changing defaults * CI: run rootless tests under ubuntu * Fix wrong macvlan PNG in networking doc. * Add restart-policy to container filters & --filter to podman start * Fixes docker-compose cannot set static ip when use ipam * channel: simplify implementation * build: improve regex for iidfile * Bump github.com/onsi/gomega from 1.11.0 to 1.12.0 * cgroup: fix rootless --cgroup-parent with pods * fix: docker APIv2 `images/get` * codespell cleanup * Minor podmanimage docs updates. * Fix handling of runlabel IMAGE and NAME * Bump to v3.2.0-dev * Bump to v3.2.0-rc1 * rootless: improve automatic range split * podman: set volatile storage flag for --rm containers * Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 * Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0 * migrate Podman to containers/common/libimage * Add filepath glob support to --security-opt unmask * Force log_driver to k8s-file for containers in containers * add --mac-address to podman play kube * compat api: Networks must be empty instead of null * System tests: honor $OCI_RUNTIME (for CI) * is this a bug? * system test image: add arm64v8 image * Fix troubleshooting documentation on handling sublemental groups. * Add --all to podman start * Fix variable reference typo. in multi-arch image action * cgroup: always honor --cgroup-parent with cgroupfs * Bump github.com/uber/jaeger-client-go * Don't require tests for github-actions & metadata * Detect if in podman machine virtual vm * Fix multi-arch image workflow typo * [CI:DOCS] Add titles to remote docs (windows) * Remove unused VolumeList* structs * Cirrus: Update F34beta -> F34 * Update container image docs + fix unstable execution * Bump github.com/containers/storage from 1.30.0 to 1.30.1 * TODO complete * Docker returns 'die' status rather then 'died' status * Check if another VM is running on machine start * [CI:DOCS] Improve titles of command HTML pages * system tests: networking: fix another race condition * Use seccomp_profile as default profile if defined in containers.conf * Bump github.com/json-iterator/go from 1.1.10 to 1.1.11 * Vendored * Autoupdate local label functional * System tests: fix two race conditions * Add more documentation on conmon * Allow docker volume create API to pass without name * Cirrus: Update Ubuntu images to 21.04 * Skip blkio-weight test when no kernel BFQ support * rootless: Tell the user what was led to the error, not just what it is * Add troubleshooting advice about the --userns option. * Fix images prune filter until * Fix logic for pushing stable multi-arch images * Fixes generate kube incorrect when bind-mounting "/" and "/root" * libpod/image: unit tests: don't use system's registries.conf.d * runtime: create userns when CAP_SYS_ADMIN is not present * rootless: attempt to copy current mappings first * [CI:DOCS] Restore missing content to manpages * [CI:DOCS] Fix Markdown layout bugs * Fix podman ps --filter ancestor to match exact ImageName/ImageID * Add machine-enabled to containers.conf for machine * Several multi-arch image build/push fixes * Add podman run --timeout option * Parse slirp4netns net options with compat api * Fix rootlesskit port forwarder with custom slirp cidr * Fix removal race condition in ListContainers * Add github-action workflow to build/push multi-arch * rootless: if root is not sub?id raise a debug message * Bump github.com/containers/common from 0.36.0 to 0.37.0 * Add go template shell completion for --format * Add --group-add keep-groups: suplimentary groups into container * Fixes from make codespell * Typo fix to usage text of --compress option * corrupt-image test: fix an oops * Add --noheading flag to all list commands * Bump github.com/containers/storage from 1.29.0 to 1.30.0 * Bump github.com/containers/image/v5 from 5.11.0 to 5.11.1 * [CI:DOCS] Fix Markdown table layout bugs * podman-remote should show podman.sock info * rmi: don't break when the image is missing a manifest * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * Add support for CDI device configuration * [CI:DOCS] Add missing dash to verbose option * Bump github.com/uber/jaeger-client-go * Remove an advanced layer diff function * Ensure mount destination is clean, no trailing slash * add it for inspect pidfile * [CI:DOCS] Fix introduction page typo * support pidfile on container restore * fix start it * skip pidfile test on remote * improve document * set pidfile default value int containerconfig * add pidfile in inspection * add pidfile it for container start * skip pidfile it on remote * Modify according to comments * WIP: drop test requirement * runtime: bump required conmon version * runtime: return findConmon to libpod * oci: drop ExecContainerCleanup * oci: use `--full-path` option for conmon * use AttachSocketPath when removing conmon files * hide conmon-pidfile flag on remote mode * Fix possible panic in libpod/image/prune.go * add --ip to podman play kube * add flag autocomplete * add ut * add flag "--pidfile" for podman create/run * Add network bindings tests: remove and list * Fix build with GO111MODULE=off * system tests: build --pull-never: deal with flakes * compose test: diagnose flakes v3 * podman play kube apply correct log driver * Fixes podman-remote save to directories does not work * Bump github.com/rootless-containers/rootlesskit from 0.14.1 to 0.14.2 * Update documentation of podman-run to reflect volume "U" option * Fix flake on failed podman-remote build : try 2 * compose test: ongoing efforts to diagnose flakes * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix flake on failed podman-remote build * System tests: fix racy podman-inspect * Fixes invalid expression in save command * Bump github.com/containers/common from 0.35.4 to 0.36.0 * Update nix pin with `make nixpkgs` * compose test: try to get useful data from flakes * Remove in-memory state implementation * Fix message about runtime to show only the actual runtime * System tests: setup: better cleanup of stray images * Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1 * Reflect current state of prune implementation in docs * Do not delete container twice * [CI:DOCS] Correct status code for /pods/create * vendor in containers/storage v1.29.0 * cgroup: do not set cgroup parent when rootless and cgroupfs * Overhaul Makefile binary and release worflows * Reorganize Makefile with sections and guide * Simplify Makefile help target * Don't shell to obtain current directory * Remove unnecessary/not-needed release.txt target * Fix incorrect version number output * Exclude .gitignore from test req. * Fix handling of $NAME and $IMAGE in runlabel * Update podman image Dockerfile to support Podman in container * Bump github.com/containers/image/v5 from 5.10.5 to 5.11.0 * Fix slashes in socket URLs * Add network prune filters support to bindings * Add support for play/generate kube volumes * Update manifest API endpoints * Fix panic when not giving a machine name for ssh * cgroups: force 64 bits to ParseUint * Bump k8s.io/api from 0.20.5 to 0.21.0 * [CI:DOCS] Fix formatting of podman-build man page * buildah-bud tests: simplify * Add missing return * Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 * speed up CI handling of images * Volumes prune endpoint should use only prune filters * Cirrus: Use Fedora 34beta images * Bump go.sum + Makefile for golang 1.16 * Exempt Makefile changes from test requirements * Adjust libpod API Container Wait documentation to the code * [CI:DOCS] Update swagger definition of inspect manifest * use updated ubuntu images * podman unshare: add --rootless-cni to join the ns * Update swagger-check * swagger: remove name wildcards * Update buildah-bud diffs * Handle podman-remote --arch, --platform, --os * buildah-bud tests: handle go pseudoversions, plus... * Fix flaking rootless compose test * rootless cni add /usr/sbin to PATH if not present * System tests: special case for RHEL: require runc * Add --requires flag to podman run/create * [CI:DOCS] swagger-check: compare operations * [CI:DOCS] Polish swagger OpertionIDs * [NO TESTS NEEDED] Update nix pin with `make nixpkgs` * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Cirrus: Make use of shared get_ci_vm container * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add support for podman --context default * Verify existence of auth file if specified * fix machine naming conventions * Initial network bindings tests * Update release notes to indicate CVE fix * Move socket activation check into init() and set global condition. * Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 * Http api tests for network prune with until filter * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add transport and destination info to manifest doc * Bump github.com/rootless-containers/rootlesskit from 0.14.0 to 0.14.1 * Add default template functions * Fix missing podman-remote build options * Bump github.com/coreos/go-systemd/v22 from 22.3.0 to 22.3.1 * Add ssh connection to root user * Add rootless docker-compose test to the CI * Use the slrip4netns dns in the rootless cni ns * Cleanup the rootless cni namespace * Add new docker-compose test for two networks * Make the docker-compose test work rootless * Remove unused rootless-cni-infra container files * Only use rootless RLK when the container has ports * Fix dnsname test * Enable rootless network connect/disconnect * Move slirp4netns functions into an extra file * Fix pod infra container cni network setup * Add rootless support for cni and --uidmap * rootless cni without infra container * Recreate until container prune tests for bindings * Remove --execute from podman machine ssh * Fixed podman-remote --network flag * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Fix unmount doc reference in image.rst * Should send the OCI runtime path not just the name to buildah * podman machine shell completion * Fix handling of remove --log-rusage param * Fix bindings prune containers flaky test * [CI:DOCS] Add local html build info to docs/README.md * Add podman machine list * Trim white space from /top endpoint results * Remove semantic version suffices from API calls * podman machine init --ignition-path * Document --volume from podman-remote run/create client * Update main branch to reflect the release of v3.1.0 * Silence podman network reload errors with iptables-nft * Containers prune endpoint should use only prune filters * resolve proper aarch64 image names * APIv2 basic test: relax APIVersion check * Add machine support for qemu-system-aarch64 * podman machine init user input * manpage xref: helpful diagnostic for unescaped dash-dash * Bump to v3.2.0-dev * swagger: update system version response body * buildah-bud tests: reenable pull-never test * [NO TESTS NEEDED] Shrink the size of podman-remote * Add powershell completions * [NO TESTS NEEDED] Drop Warning to Info, if cgroups not mounted * Fix long option format on docs.podman.io * system tests: friendier messages for 2-arg is() * service: use LISTEN_FDS * man pages: correct seccomp-policy label * rootless: use is_fd_inherited * podman generate systemd --new do not duplicate params * play kube: add support for env vars defined from secrets * play kube: support optional/mandatory env var from config map * play kube: prepare supporting other env source than config maps * Add machine support for more Linux distros * [NO TESTS NEEDED] Use same function podman-remote rmi as podman * Podman machine enhancements * Add problematic volume name to kube play error messages * Fix podman build --pull-never * [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix list pods filter handling in libpod api * Remove resize race condition * [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0 * Use TMPDIR when commiting images * Add RequiresMountsFor= to systemd generate * Bump github.com/vbauerster/mpb/v6 from 6.0.2 to 6.0.3 * Fix swapped dimensions from terminal.GetSize * Rename podman machine create to init and clean up * Correct json field name * system tests: new interactive tests * Improvements for machine * libpod/image: unit tests: use a `registries.conf` for aliases * libpod/image: unit tests: defer cleanup * libpod/image: unit tests: use `require.NoError` * Add --execute flag to podman machine ssh * introduce podman machine * Podman machine CLI and interface stub * Support multi doc yaml for generate/play kube * Fix filters in image http compat/libpod api endpoints * Bump github.com/containers/common from 0.35.3 to 0.35.4 * Bump github.com/containers/storage from 1.28.0 to 1.28.1 * Check if stdin is a term in --interactive --tty mode * [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot * [NO TESTS NEEDED] Fix rootless volume plugins * Ensure manually-created volumes have correct ownership * Bump github.com/rootless-containers/rootlesskit * Unification of until filter across list/prune endpoints * Unification of label filter across list/prune endpoints * fixup * fix: build endpoint for compat API * [CI:DOCS] Add note to mappings for user/group userns in build * Bump k8s.io/api from 0.20.1 to 0.20.5 * Validate passed in timezone from tz option * WIP: run buildah bud tests using podman * Fix containers list/prune http api filter behaviour * Generate Kubernetes PersistentVolumeClaims from named volumes ++++ python3: - add 22198.patch to build with Sphinx 4 ++++ python-pyzmq: - update to version 17.1.2 (fixes boo#1186945) * Fix possible hang when working with asyncio * Remove some outdated workarounds for old Cython versions * Fix some compilation with custom compilers * Remove unneeded link of libstdc++ on PyPy ++++ setools: - Fix dependency of python3-setools: require python3, not python (which is python2). ++++ rust-keylime: - Update to version 0.0.1+git.1620935374.4df2148: * Add function to read PCR mask * Small fixes in TPM functions * Send quote data to actixweb handlers ++++ sysconfig: - Link as Position Independent Executable (bsc#1184124). - version 0.85.7 ++++ system-users: - Add default hardware group for 'sgx' enclave access Since udev v248, a default rule for /dev/sgx_enclave is provided to give rw access to the new group hopefully making 'sgx' the standard group name for such devices. [bsc#1190572] ++++ yast2: - Ignore sysctl configuration files that do not have the .conf extension. The only exception are kernel files (/boot/sysctl.conf-*) (bsc#1187018). - 4.4.10 ------------------------------------------------------------------ ------------------ 2021-6-7 - Jun 7 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - move Requires: python3 back to the python3-apparmor subpackage - readline usage is in the python modules, not in apparmor-utils ++++ bzip2: - Drop --with-pic (no effect with --disable-static) - Use %autosetup (rediff bzip2-1.0.6.2-autoconfiscated.patch to p1) ++++ combustion: - combustion: Relabel the old snapshot (if necessary) and explicitly trigger autorelabel for the new snapshot ++++ kernel-default: - scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes). - scsi: qla2xxx: Prevent PRLI in target mode (git-fixes). - commit df14b8a - blacklist: Add not necessary git-fixes - commit 203b357 - wireguard: allowedips: initialize list head in selftest (git-fixes). - wireguard: peer: allocate in kmem_cache (git-fixes). - wireguard: use synchronize_net rather than synchronize_rcu (git-fixes). - wireguard: do not use -O3 (git-fixes). - wireguard: selftests: make sure rp_filter is disabled on vethc (git-fixes). - wireguard: selftests: remove old conntrack kconfig value (git-fixes). - wireguard: queueing: get rid of per-peer ring buffers (git-fixes). - wireguard: peer: put frequently used members above cache lines (git-fixes). - commit f17f786 - pid: take a reference when initializing `cad_pid` (bsc#1152489). - commit 7fbca02 - rpm/config.sh: Build device trees (boo#1186928). - commit 0645dbf - x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing (bsc#1152489). - commit 76a898b - NFC: SUSE specific brutal fix for runtime PM (bsc#1185589). - commit c32c592 - brcmfmac: Add clm_blob firmware files to modinfo (bsc#1186677). - commit abced70 - x86/fault: Don't send SIGSEGV twice on SEGV_PKUERR (bsc#1152489). - commit e986350 - powerpc/32: Fix boot failure with CONFIG_STACKPROTECTOR (jsc#SLE-13847 git-fixes). - commit c646236 - powerpc/kprobes: Fix validation of prefixed instructions across page boundary (jsc#SLE-13847 git-fixes). - commit 1cefe80 - Refresh patches.suse/cpuidle-pseries-Fixup-CEDE0-latency-only-for-POWER10.patch. Update to v4 submission. - commit 1222430 - config: refresh - drop PCIE_BW (removed by a backported patch) - commit 8a54d2d - fix patches metadata - fix Patch-mainline: patches.suse/NFS-Deal-correctly-with-attribute-generation-counter.patch patches.suse/NFS-Don-t-corrupt-the-value-of-pg_bytes_written-in-n.patch patches.suse/NFS-Don-t-discard-pNFS-layout-segments-that-are-mark.patch patches.suse/NFS-Don-t-gratuitously-clear-the-inode-cache-when-lo.patch patches.suse/NFS-Don-t-revalidate-the-directory-permissions-on-a-.patch patches.suse/NFS-Fix-an-Oopsable-condition-in-__nfs_pageio_add_re.patch patches.suse/NFS-fix-an-incorrect-limit-in-filelayout_decode_layo.patch patches.suse/NFSD-Repair-misuse-of-sv_lock-in-5.10.16-rt30.patch patches.suse/NFSv4-Don-t-discard-segments-marked-for-return-in-_p.patch patches.suse/NFSv4-Fix-a-NULL-pointer-dereference-in-pnfs_mark_ma.patch patches.suse/NFSv4-Fix-v4.0-v4.1-SEEK_DATA-return-ENOTSUPP-when-s.patch patches.suse/NFSv4.2-Always-flush-out-writes-in-nfs42_proc_falloc.patch patches.suse/NFSv4.2-fix-handling-of-sr_eof-in-SEEK-s-reply.patch patches.suse/NFSv4.2-fix-return-value-of-_nfs4_get_security_label.patch patches.suse/NFSv42-Copy-offload-should-update-the-file-size-when.patch patches.suse/SUNRPC-Move-fault-injection-call-sites.patch patches.suse/SUNRPC-Set-memalloc_nofs_save-for-sync-tasks.patch patches.suse/fs-nfs-Use-fatal_signal_pending-instead-of-signal_pe.patch patches.suse/md-Fix-missing-unused-status-line-of-proc-mdstat.patch patches.suse/nfsd-register-pernet-ops-last-unregister-first.patch patches.suse/pNFS-NFSv4-Fix-a-layout-segment-leak-in-pnfs_layout_.patch patches.suse/pNFS-flexfiles-fix-incorrect-size-check-in-decode_nf.patch patches.suse/sunrpc-fix-refcount-leak-for-rpc-auth-modules.patch patches.suse/svcrdma-disable-timeouts-on-rdma-backchannel.patch patches.suse/x86-fix-seq_file-iteration-for-pat-memtype.c.patch patches.suse/xprtrdma-Avoid-Receive-Queue-wrapping.patch patches.suse/xprtrdma-rpcrdma_mr_pop-already-does-list_del_init.patch - commit 08c81db - fix patch metadata - fix Patch-mainline: patches.suse/pm-sleep-add-pm_debug_messages-kernel-command-line-option.patch - commit 9d4ad2b - kABI workaround for struct lis3lv02d change (git-fixes). - commit b20df4c - dmaengine: idxd: Use cpu_feature_enabled() (git-fixes). - ALSA: hda: update the power_state during the direct-complete (git-fixes). - drm/amdgpu: Don't query CE and UE errors (git-fixes). - drm/i915/selftests: Fix return value check in live_breadcrumbs_smoketest() (git-fixes). - serial: 8250_pci: handle FL_NOIRQ board flag (git-fixes). - drm/amdgpu/jpeg2.0: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdkfd: correct sienna_cichlid SDMA RLC register offset error (git-fixes). - drm/amdgpu: stop touching sched.ready in the backend (git-fixes). - ASoC: cs43130: handle errors in cs43130_probe() properly (git-fixes). - Revert "ASoC: cs43130: fix a NULL pointer dereference" (git-fixes). - commit f261b0d - drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate (git-fixes). - drm/amd/display: Disconnect non-DP with no EDID (git-fixes). - commit 9592735 - Add No-fix tag to already backported sound fixes - commit 96fc983 - bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act (git-fixes). - i2c: qcom-geni: Suspend and resume the bus during SYSTEM_SLEEP_PM ops (git-fixes). - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (git-fixes). - ALSA: hda/cirrus: Set Initial DMIC volume to -26 dB (git-fixes). - commit 957e0af - thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID (git-fixes). - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' (git-fixes). - USB: serial: pl2303: add device id for ADLINK ND-6530 GC (git-fixes). - USB: serial: ti_usb_3410_5052: add startech.com device id (git-fixes). - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 (git-fixes). - USB: serial: ftdi_sio: add IDs for IDS GmbH Products (git-fixes). - USB: usbfs: Don't WARN about excessively large memory allocations (git-fixes). - serial: max310x: unregister uart driver in case of failure and abort (git-fixes). - Revert "serial: max310x: pass return value of spi_register_driver" (git-fixes). - usb: core: reduce power-on-good delay time of root hub (git-fixes). - commit 5cd70a0 - mei: request autosuspend after sending rx flow control (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700 tablet (git-fixes). - platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI (git-fixes). - platform/x86: hp-wireless: add AMD's hardware id to the supported list (git-fixes). - platform/x86: hp_accel: Avoid invoking _INI to speed up resume (git-fixes). - media: gspca: properly check for errors in po1030_probe() (git-fixes). - Revert "media: gspca: Check the return value of write_bridge for timeout" (git-fixes). - media: gspca: mt9m111: Check write_bridge for timeout (git-fixes). - Revert "media: gspca: mt9m111: Check write_bridge for timeout" (git-fixes). - media: dvb: Add check on sp8870_readreg return (git-fixes). - commit c7b5e47 - gpio: cadence: Add missing MODULE_DEVICE_TABLE (git-fixes). - Revert "media: dvb: Add check on sp8870_readreg" (git-fixes). - libertas: register sysfs groups properly (git-fixes). - Revert "libertas: add checks for the return value of sysfs_create_group" (git-fixes). - isdn: mISDN: correctly handle ph_info allocation failure in hfcsusb_ph_info (git-fixes). - Revert "isdn: mISDN: Fix potential NULL pointer dereference of kzalloc" (git-fixes). - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io (git-fixes). - Revert "isdn: mISDNinfineon: fix potential NULL pointer dereference" (git-fixes). - Revert "media: usb: gspca: add a missed check for goto_low_power" (git-fixes). - commit 337d971 - cfg80211: mitigate A-MSDU aggregation attacks (CVE-2020-24588 bsc#1185861). - drm/amd/amdgpu: fix a potential deadlock in gpu reset (git-fixes). - drm/amdgpu: Fix a use-after-free (git-fixes). - drm/amd/amdgpu: fix refcount leak (git-fixes). - drm/amd/display: Disconnect non-DP with no EDID (git-fixes). - dmaengine: qcom_hidma: comment platform_driver_register call (git-fixes). - Revert "dmaengine: qcom_hidma: Check for driver register failure" (git-fixes). - char: hpet: add checks after calling ioremap (git-fixes). - Revert "char: hpet: fix a missing check of ioremap" (git-fixes). - commit 17141be - efi: cper: fix snprintf() use in cper_dimm_err_location() (git-fixes). - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (git-fixes). - ACPICA: Clean up context mutex during object deletion (git-fixes). - hwmon: (dell-smm-hwmon) Fix index values (git-fixes). - brcmfmac: properly check for bus register errors (git-fixes). - Revert "brcmfmac: add a check for the status of usb_register" (git-fixes). - ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd() (git-fixes). - Revert "ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd()" (git-fixes). - commit d3cc1eb ++++ kmod: - Enable support for ZSTD compressed modules ++++ libapparmor: - move Requires: python3 back to the python3-apparmor subpackage - readline usage is in the python modules, not in apparmor-utils ++++ libxslt: - Don't disable testsuite under QEMU ++++ qemu: - Fix out-of-bounds write in virgl_cmd_get_capset CVE-2021-3546 bsc#1185981 vhost-user-gpu-abstract-vg_cleanup_mappi.patch - Fix memory leaks found in the virtio vhost-user GPU device CVE-2021-3544 bsc#1186010 vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch vhost-user-gpu-fix-leak-in-virgl_resourc.patch vhost-user-gpu-fix-memory-disclosure-in-.patch vhost-user-gpu-fix-memory-leak-in-vg_res.patch vhost-user-gpu-fix-memory-leak-while-cal.patch vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch - Fix information disclosure due to uninitialized memory read CVE-2021-3545 bsc#1185990 vhost-user-gpu-fix-resource-leak-in-vg_r.patch ++++ supportutils: - Changes to version 3.1.16 + lsof options to improve performance (bsc#1186687) ++++ sysuser-tools: - Support systemd-sysusers --replace=/usr/lib/sysusers.d/ option - sysusers-generate-pre: only use first argument for grep - sysusers2shadow.sh: use "run" prefix for systemd-sysusers call - macros.sysusers: fix typo ++++ tpm2.0-tools: - Do not BuildRequire pandoc on ix86 architectures: the haskell stack is not supported on intel 32bit archs. ++++ yast2-trans: - Update to version 84.87.20210606.38199687e1: * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * Translated using Weblate (Finnish) * New POT for text domain 'installation'. * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * New POT for text domain 'registration'. * New POT for text domain 'apparmor'. * Translated using Weblate (Japanese) ------------------------------------------------------------------ ------------------ 2021-6-6 - Jun 6 2021 ------------------- ------------------------------------------------------------------ ++++ at-spi2-core: - Update to version 2.40.2: + README: Remove outdated links. + Key grab fixes for the new API. + registryd: Add a missing call to va_end. ++++ distribution-logos-openSUSE: - Add icons package to handle systemd branding better ------------------------------------------------------------------ ------------------ 2021-6-5 - Jun 5 2021 ------------------- ------------------------------------------------------------------ ++++ librsvg: - Update to version 2.50.7: + Two cairo-related bug fixes: - glgo#GNOME/librsvg#745: Fix mismatched cairo_save/restore when running in inside the Cairo test suite. - glgo#GNOME/librsvg#746: Possible cairo_save() without cairo_restore() in render_layer(). ++++ libqmi: - Update to version 1.28.6 * New request/responses: - dms: implement "Foxconn Set FCC authentication" request/response. * libqmi-glib: - Fix transport detection in the 'wwan' subsystem. * build: - Fix build with GCC 11 and -Wincompatible-pointer-types. * Several other minor improvements and fixes. ------------------------------------------------------------------ ------------------ 2021-6-4 - Jun 4 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Revert "char: hpet: fix a missing check of ioremap" (git-fixes). - ttyprintk: Add TTY hangup callback (git-fixes). - commit dac98b4 ++++ systemd: - Drop systemd's dependency on udev (jsc#PM-2677) In some environments (i.e. containers) udev is usually not necessary but pulls in unnecessary packages. - Now that chkconfig/insserv are history, let's implement the strict minimum in systemd-sysv-install to enable/disable SysV init scripts (bsc#1186595 bsc#1186359) Indeed there's no much point in dropping SysV support completely until upstream will do especially since 3rd party applications such as vmware still rely on it, see bsc#1186359). ++++ shim: - Add shim-bsc1185232-relax-loadoptions-length-check.patch to ignore the odd LoadOptions length (bsc#1185232) - shim-install: reset def_shim_efi to "shim.efi" if the given file doesn't exist ------------------------------------------------------------------ ------------------ 2021-6-3 - Jun 3 2021 ------------------- ------------------------------------------------------------------ ++++ grub2: - Version bump to 2.06 * rediff - 0001-add-support-for-UEFI-network-protocols.patch - 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch - 0003-Make-grub_error-more-verbose.patch - 0003-bootp-New-net_bootp6-command.patch - 0005-grub.texi-Add-net_bootp6-doument.patch - 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch - 0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch - 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch - 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch - grub-install-force-journal-draining-to-ensure-data-i.patch - grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch - grub2-diskfilter-support-pv-without-metadatacopies.patch - grub2-efi-HP-workaround.patch - grub2-efi-xen-cfg-unquote.patch - grub2-efi-xen-chainload.patch - grub2-fix-menu-in-xen-host-server.patch - grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch - grub2-install-remove-useless-check-PReP-partition-is-empty.patch - grub2-lvm-allocate-metadata-buffer-from-raw-contents.patch - grub2-mkconfig-default-entry-correction.patch - grub2-pass-corret-root-for-nfsroot.patch - grub2-s390x-03-output-7-bit-ascii.patch - grub2-s390x-04-grub2-install.patch - grub2-secureboot-install-signed-grub.patch - grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch - use-grub2-as-a-package-name.patch * update by patch squashed: - 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch - grub2-efi-chainload-harder.patch - grub2-secureboot-no-insmod-on-sb.patch - grub2-secureboot-chainloader.patch - grub2-secureboot-add-linuxefi.patch * remove squashed patches: - 0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch - 0009-squash-Add-support-for-linuxefi.patch - 0041-squash-Add-secureboot-support-on-efi-chainloader.patch - 0042-squash-grub2-efi-chainload-harder.patch - 0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch - 0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch * drop upstream patches: - 0001-Warn-if-MBR-gap-is-small-and-user-uses-advanced-modu.patch - 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch - 0001-kern-efi-sb-Add-chainloaded-image-as-shim-s-verifiab.patch - 0001-mdraid1x_linux-Fix-gcc10-error-Werror-array-bounds.patch - 0001-normal-Move-common-datetime-functions-out-of-the-nor.patch - 0001-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch - 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch - 0002-grub-install-Avoid-incompleted-install-on-i386-pc.patch - 0002-kern-Add-X-option-to-printf-functions.patch - 0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch - 0002-zfs-Fix-gcc10-error-Werror-zero-length-bounds.patch - 0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch - 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch - 0003-normal-main-Search-for-specific-config-files-for-net.patch - 0004-calloc-Use-calloc-at-most-places.patch - 0004-datetime-Enable-the-datetime-module-for-the-emu-plat.patch - 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch - 0005-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch - 0005-efi-Add-secure-boot-detection.patch - 0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch - 0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch - 0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch - 0007-font-Do-not-load-more-than-one-NAME-section.patch - 0007-verifiers-Move-verifiers-API-to-kernel-image.patch - 0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch - 0008-script-Remove-unused-fields-from-grub_script_functio.patch - 0009-kern-Add-lockdown-support.patch - 0009-script-Avoid-a-use-after-free-when-redefining-a-func.patch - 0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch - 0010-linux-Fix-integer-overflows-in-initrd-size-handling.patch - 0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch - 0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch - 0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch - 0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch - 0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch - 0016-commands-setpci-Restrict-setpci-command-when-locked-.patch - 0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch - 0018-gdb-Restrict-GDB-access-when-locked-down.patch - 0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch - 0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch - 0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch - 0022-lib-arg-Block-repeated-short-options-that-require-an.patch - 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch - 0024-kern-parser-Fix-resource-leak-if-argc-0.patch - 0025-kern-parser-Fix-a-memory-leak.patch - 0026-kern-parser-Introduce-process_char-helper.patch - 0027-kern-parser-Introduce-terminate_arg-helper.patch - 0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch - 0029-kern-buffer-Add-variable-sized-heap-buffer.patch - 0030-kern-parser-Fix-a-stack-buffer-overflow.patch - 0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch - 0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch - 0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch - 0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch - 0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch - 0036-util-mkimage-Improve-data_size-value-calculation.patch - 0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch - 0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch - 0039-grub-install-common-Add-sbat-option.patch - 0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch - grub-install-define-default-platform-for-risc-v.patch - grub2-editenv-add-warning-message.patch - grub2-efi-gop-add-blt.patch - grub2-efi-uga-64bit-fb.patch - grub2-verifiers-fix-system-freeze-if-verify-failed.patch - risc-v-add-clzdi2-symbol.patch - risc-v-fix-computation-of-pc-relative-relocation-offset.patch - Add grub2-instdev-fixup.pl for correcting /etc/default/grub_installdevice to use disk devie if grub has been installed to it - Add 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch to fix detection of efi fwsetup support ++++ kernel-default: - kernel-binary.spec.in: build-id check requires elfutils. - commit 01569b3 - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (git-fixes). - commit 33829e2 - NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config (git-fixes). - NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() (git-fixes). - NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (git-fixes). - NFS: fix an incorrect limit in filelayout_decode_layout() (git-fixes). - fs/nfs: Use fatal_signal_pending instead of signal_pending (git-fixes). - xprtrdma: rpcrdma_mr_pop() already does list_del_init() (git-fixes). - xprtrdma: Avoid Receive Queue wrapping (git-fixes). - NFSv4: Don't discard segments marked for return in _pnfs_return_layout() (git-fixes). - NFS: Don't discard pNFS layout segments that are marked for return (git-fixes). - NFSv42: Copy offload should update the file size when appropriate (git-fixes). - SUNRPC: Move fault injection call sites (git-fixes). - NFSv4.2 fix handling of sr_eof in SEEK's reply (git-fixes). - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (git-fixes). - NFS: Deal correctly with attribute generation counter overflow (git-fixes). - NFSv4.2: Always flush out writes in nfs42_proc_fallocate() (git-fixes). - md: Fix missing unused status line of /proc/mdstat (git-fixes). - sunrpc: fix refcount leak for rpc auth modules (git-fixes). - NFSD: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes). - svcrdma: disable timeouts on rdma backchannel (git-fixes). - NFSv4.2: fix return value of _nfs4_get_security_label() (git-fixes). - NFS: Don't gratuitously clear the inode cache when lookup failed (git-fixes). - NFS: Don't revalidate the directory permissions on a lookup failure (git-fixes). - SUNRPC: Set memalloc_nofs_save() for sync tasks (git-fixes). - x86: fix seq_file iteration for pat.c (git-fixes). - nfsd: register pernet ops last, unregister first (git-fixes). - net: fix iteration for sctp transport seq_files (git-fixes). - pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() (git-fixes). - commit 60296fb ++++ Mesa: - update to 21.1.2 * second bugfix * mostly AMD and Intel changes as usual, but also a decent amount of ARM fixes and more. ++++ patterns-microos: - add zypper-migration-plugin to the default pattern (bsc#1186791) ++++ qemu: - disable sheepdog, it was dropped upstream ( https://gitlab.com/qemu-project/qemu/-/commit/09ec85176e4095be15f233ebc870d5680123f024) and fails to build with gcc 11 on non-x86 ++++ ovmf: - Correct the path to copy the Xen flavor ++++ yast2: - AutoYaST: SectionWithAttributes allows to indicate whether an attribute accepts blank values (related to jsc#PM-2620). - 4.4.9 - revert disable of hibernation based on product and virtual machines (bsc#1184470) - 4.4.8 ------------------------------------------------------------------ ------------------ 2021-6-2 - Jun 2 2021 ------------------- ------------------------------------------------------------------ ++++ avahi: - Fix libavahi-devel requirements. The devel package installs libavahi-libevent.so but didn't require the library it's pointing to. ++++ chrony: - Change to using systemd-sysusers - Remove otherproviders, not needed anymore ++++ dnsmasq: - Change to using systemd-sysusers on TW ++++ e2fsprogs: - Fix the %doc files. RELEASE-NOTES is a symlink to doc/RelNotes/v%version. ++++ hwdata: - Update to version 0.348 (bsc#1186749): + Updated pci, usb and vendor ids. ++++ kbd: - Update the installed license file. COPYING is a symlink to LICENSE. Let's use this file directly. ++++ kernel-default: - kernel-binary.spec: Only use mkmakefile when it exists Linux 5.13 no longer has a mkmakefile script - commit b453c7b - scsi: smartpqi: Remove unused functions (bsc#1186472). - scsi: smartpqi: Fix device pointer variable reference static checker issue (bsc#1186472). - scsi: smartpqi: Fix blocks_per_row static checker issue (bsc#1186472). - scsi: smartpqi: Update version to 2.1.8-045 (bsc#1186472). - scsi: smartpqi: Add new PCI IDs (bsc#1186472). - scsi: smartpqi: Correct system hangs when resuming from hibernation (bsc#1186472). - scsi: smartpqi: Update enclosure identifier in sysfs (bsc#1186472). - scsi: smartpqi: Add additional logging for LUN resets (bsc#1186472). - scsi: smartpqi: Update SAS initiator_port_protocols and target_port_protocols (bsc#1186472). - scsi: smartpqi: Add phy ID support for the physical drives (bsc#1186472). - scsi: smartpqi: Convert snprintf() to scnprintf() (bsc#1186472). - scsi: smartpqi: Fix driver synchronization issues (bsc#1186472). - scsi: smartpqi: Update device scan operations (bsc#1186472). - scsi: smartpqi: Update OFA management (bsc#1186472). - scsi: smartpqi: Update RAID bypass handling (bsc#1186472). - scsi: smartpqi: Update suspend/resume and shutdown (bsc#1186472). - scsi: smartpqi: Synchronize device resets with mutex (bsc#1186472). - scsi: smartpqi: Update soft reset management for OFA (bsc#1186472). - scsi: smartpqi: Update event handler (bsc#1186472). - scsi: smartpqi: Add support for wwid (bsc#1186472). - scsi: smartpqi: Remove timeouts from internal cmds (bsc#1186472). - scsi: smartpqi: Disable WRITE SAME for HBA NVMe disks (bsc#1186472). - scsi: smartpqi: Add host level stream detection enable (bsc#1186472). - scsi: smartpqi: Add stream detection (bsc#1186472). - scsi: smartpqi: Align code with oob driver (bsc#1186472). - scsi: smartpqi: Add support for long firmware version (bsc#1186472). - scsi: smartpqi: Add support for BMIC sense feature cmd and feature bits (bsc#1186472). - scsi: smartpqi: Add support for RAID1 writes (bsc#1186472). - scsi: smartpqi: Add support for RAID5 and RAID6 writes (bsc#1186472). - scsi: smartpqi: Refactor scatterlist code (bsc#1186472). - scsi: smartpqi: Refactor aio submission code (bsc#1186472). - scsi: smartpqi: Add support for new product ids (bsc#1186472). - scsi: smartpqi: Correct request leakage during reset operations (bsc#1186472). - scsi: smartpqi: Use host-wide tag space (bsc#1186472). - commit b561ca9 - PM: sleep: Add pm_debug_messages kernel command line option (bsc#1186752). - commit 735920b - media: dvb: Add check on sp8870_readreg return (git-fixes). - commit 2133cbd - blacklist.conf: cosmetic fix - commit ce72d5a - media: gspca: properly check for errors in po1030_probe() (git-fixes). - commit 1750a2e - Revert "media: gspca: Check the return value of write_bridge for timeout" (git-fixes). - commit b97e22b - media: gspca: mt9m111: Check write_bridge for timeout (git-fixes). - commit 7f3a7f1 - Revert "media: gspca: mt9m111: Check write_bridge for timeout" (git-fixes). - commit d087481 - blacklist.conf: depends on PD 3.0 which we don't have and cannot be backported - commit a396f2f - Update kabi files. - update from June 2021 maitenance update submission (commit f0fe006fa3e1) - commit 3b5c05b - HID: magicmouse: fix NULL-deref on disconnect (git-fixes). - HID: i2c-hid: fix format string mismatch (git-fixes). - HID: pidff: fix error return code in hid_pidff_init() (git-fixes). - HID: i2c-hid: Skip ELAN power-on command after reset (git-fixes). - tpm: fix error return code in tpm2_get_cc_attrs_tbl() (git-fixes). - vsock/vmci: log once the failed queue pair allocation (git-fixes). - commit e5695e4 - partitions/ibm: fix non-DASD devices (bsc#1185857 LTC#192526). - commit 0f96f57 ++++ kernel-default-base: - Add nfsd for nfs server support (boo#1186363 bsc#1089118) ++++ libcap: - Fix a broken symlink. libcap-devel installs libpsx.so but didn't install the library it's pointing to. ++++ Mesa: - no longer autoselect Mesa-dri-nouveau at all; autoselect libvdpau_nouveau depending on PCI ID (boo#1186721) ++++ libxslt: - Move the Copyright file to %_defaultlicensedir Configure.ac replaces the COPYING file with a symlink. ++++ yast2: - Improve Yast2::Equatable mixin making the #hash method to be fine tuned easily (related to bsc#1186082). - 4.4.7 ++++ zypper: - Add hints to 'trust GPG key' prompt. - Add report when receiving new package signing keys from a trusted repo (bsc#1184326) - Added translation using Weblate (Kabyle) - version 1.14.45 ------------------------------------------------------------------ ------------------ 2021-6-1 - Jun 1 2021 ------------------- ------------------------------------------------------------------ ++++ chrony: - Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Update clknetsim to snapshot f89702d. - Refresh chrony.keyring from https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). ++++ gnutls: - Update to version 3.7.2 * Added Linux kernel AF_ALG based acceleration * Fixed timing of early data exchange * The priority string option DISABLE_TLS13_COMPAT_MODE was added to disable TLS 1.3 middlebox compatibility mode * The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to GNUTLS_NO_IMPLICIT_INIT to reflect the purpose * certtool: * When signing a CSR, CRL distribution point (CDP) is no longer copied from the signing CA by default * When producing certificates and certificate requests, subject DN components that are provided individually will now be ordered by assumed scale ++++ kernel-default: - Fix patches.suse/nvme-multipath-reset-bdev-to-ns-head-when-failover.patch (bsc#1186681) The backport for bsc#1182999 bsc#1178378 introduced a bug. It's not possible to use bdget_disk() in nvme_failover_req() as this can run in IRQ context and bdget_disk() can sleep. Luckily, we don't need to set bdev via bio_set_dev() as we can set bi_disk directly. - commit cee62aa - Revert "media: dvb: Add check on sp8870_readreg" (git-fixes). - commit 3655f21 - usb: typec: tcpm: Use LE to CPU conversion when accessing msg->header (git-fixes). - commit f61bf4c - xen-pciback: redo VF placement in the virtual topology (git-fixes). - commit 323098d - usb: typec: mux: Fix matching with typec_altmode_desc (git-fixes). - commit 2c2aed2 - Fix patches.suse/nvme-multipath-reset-bdev-to-ns-head-when-failover.patch (bsc#1186681) The backport for bsc#1182999 bsc#1178378 introduced a bug. It's not possible to use bdget_disk() in nvme_failover_req() as this can run in IRQ context and bdget_disk() can sleep. Luckily, we don't need to set bdev via bio_set_dev() as we can set bi_disk directly. Refresh: - patches.suse/nvme-multipath-retry-commands-for-dying-queues.patch - commit f0fe006 - series.conf: cleanup - move unsortable patch out of sorted section patches.suse/nxp-nci-add-NXP1002-id.patch - commit d0ca1ba - Refresh patches.suse/scsi-ibmvfc-Reinit-target-retries.patch. Update patch metadata. - commit e269098 - nxp-i2c: restore includes for kABI (bsc#1185589). - commit 1786af1 - nxp-nci: add NXP1002 id (bsc#1185589). - commit 9d43526 - block/genhd: use atomic_t for disk_event->block (bsc#1185497). - commit 57427b3 - s390/ipl: support NVMe IPL kernel parameters (bsc#1185980 LTC#192679). - commit 36a59d3 ++++ lua53: - Sync with Factory (5.3.6), includes fixes for - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. - bsc#1123043 CVE-2019-6706 Fix free-after-use bug in lua_upvaluejoin function of lapi.c - Remove upstreamed patches: - CVE-2019-6706-use-after-free-lua_upvaluejoin.patch ++++ sssd: - Fix sss_cache spurious error messages when invoked from shadow-utils; (bsc#1185017); Add 0039-sss_cache-Do-not-fail-for-missing-domains.patch ++++ libxml2: - Fix python-lxml regression with libxml2 2.9.12: * Work around lxml API abuse: gitlab.gnome.org/GNOME/libxml2/issues/255 - Add upstream patches: * libxml2-fix-lxml-corrupted-subtree-structures.patch * libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch - Update to version 2.9.12 * Fix CVE-2021-3541, CVE-2021-3537 (bsc#1185698, bsc#1185879), CVE-2021-3518, CVE-2021-3517, CVE-2021-3516, CVE-2020-7595, CVE-2019-20388, CVE-2020-24977, and CVE-2019-19956 (bsc#1159928) * Fix null deref in legacy SAX1 parser * Fix handling of unexpected EOF in xmlParseContent * Fix user-after-free * Validate UTF8 in xmlEncodeEntities * Fix memory leak in xmlParseElementMixedContentDecl * Fix integer overflow in xmlSchemaGetParticleTotalRangeMin * Fix SEGV in xmlSAXParseFileWithData * Don't process siblings of root in xmlXIncludeProcess * Full changes: http://xmlsoft.org/news.html - Drop upstream fixed * libxml2-CVE-2021-3541.patch * libxml2-CVE-2021-3537.patch * libxml2-CVE-2021-3518.patch * libxml2-CVE-2021-3517.patch * libxml2-CVE-2021-3516.patch * libxml2-CVE-2020-7595.patch * libxml2-CVE-2019-20388.patch * libxml2-CVE-2020-24977.patch * libxml2-CVE-2019-19956.patch * libxml2-python39.patch * libxml2-Avoid-quadratic-checking-of-identity-constraints.patch - Drop since 2.9.10 merged libxml2-xmlFreeNodeList-recursive.patch - Drop since 2.8.0 merged fix-perl.diff - Refresh libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch ++++ libxslt: - Fix build with libxml2 2.9.12 that removes maxParserDepth XPath limit - Add upstream patches: * libxslt-Stop-using-maxParserDepth-XPath-limit.patch * libxslt-Do-not-set-maxDepth-in-XPath-contexts.patch ++++ libzypp: - Work around download.o.o broken https redirects. - Allow trusted repos to add additional signing keys (bsc#1184326) Repositories signed with a trusted gpg key may import additional package signing keys. This is needed if different keys were used to sign the the packages shipped by the repository. - MediaCurl: Fix logging of redirects. - Use 15.3 resolver problem and solution texts on all distros. - $ZYPP_LOCK_TIMEOUT: Let negative values wait forever for the zypp lock (bsc#1184399) Helps boot time services like 'zypper purge-kernels' to wait for the zypp lock until other services using zypper have completed. - Fix purge-kernels is broken in Leap 15.3 (bsc#1185325) Leap 15.3 introduces a new kernel package called kernel-flavour-extra, which contain kmp's. Currently kmp's are detected by name ".*-kmp(-.*)?" but this does not work which those new packages. This patch fixes the problem by checking packages for kmod(*) and ksym(*) provides and only falls back to name checking if the package in question does not provide one of those. - Introduce zypp-runpurge, a tool to run purge-kernels on testcases. - version 17.26.0 (22) ++++ libxml2-python: - Fix python-lxml regression with libxml2 2.9.12: * Work around lxml API abuse: gitlab.gnome.org/GNOME/libxml2/issues/255 - Add upstream patches: * libxml2-fix-lxml-corrupted-subtree-structures.patch * libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch - Update to version 2.9.12 * Fix CVE-2021-3541, CVE-2021-3537 (bsc#1185698, bsc#1185879), CVE-2021-3518, CVE-2021-3517, CVE-2021-3516, CVE-2020-7595, CVE-2019-20388, CVE-2020-24977, and CVE-2019-19956 (bsc#1159928) * Fix null deref in legacy SAX1 parser * Fix handling of unexpected EOF in xmlParseContent * Fix user-after-free * Validate UTF8 in xmlEncodeEntities * Fix memory leak in xmlParseElementMixedContentDecl * Fix integer overflow in xmlSchemaGetParticleTotalRangeMin * Fix SEGV in xmlSAXParseFileWithData * Don't process siblings of root in xmlXIncludeProcess * Full changes: http://xmlsoft.org/news.html - Drop upstream fixed * libxml2-CVE-2021-3541.patch * libxml2-CVE-2021-3537.patch * libxml2-CVE-2021-3518.patch * libxml2-CVE-2021-3517.patch * libxml2-CVE-2021-3516.patch * libxml2-CVE-2020-7595.patch * libxml2-CVE-2019-20388.patch * libxml2-CVE-2020-24977.patch * libxml2-CVE-2019-19956.patch * libxml2-python39.patch * libxml2-Avoid-quadratic-checking-of-identity-constraints.patch - Drop since 2.9.10 merged libxml2-xmlFreeNodeList-recursive.patch - Drop since 2.8.0 merged fix-perl.diff - Refresh libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch ++++ salt: - Check if dpkgnotify is executable (bsc#1186674) - Added: * check-if-dpkgnotify-is-executable-bsc-1186674-376.patch ++++ runc: - Update to runc v1.0.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0 ! The usage of relative paths for mountpoints will now produce a warning (such configurations are outside of the spec, and in future runc will produce an error when given such configurations). * cgroupv2: devices: rework the filter generation to produce consistent results with cgroupv1, and always clobber any existing eBPF program(s) to fix runc update and avoid leaking eBPF programs (resulting in errors when managing containers). * cgroupv2: correctly convert "number of IOs" statistics in a cgroupv1-compatible way. * cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures. * cgroupv2: wait for freeze to finish before returning from the freezing code, optimize the method for checking whether a cgroup is frozen. * cgroups/systemd: fixed "retry on dbus disconnect" logic introduced in rc94 * cgroups/systemd: fixed returning "unit already exists" error from a systemd cgroup manager (regression in rc94) + cgroupv2: support SkipDevices with systemd driver + cgroup/systemd: return, not ignore, stop unit error from Destroy + Make "runc --version" output sane even when built with go get or otherwise outside of our build scripts. + cgroups: set SkipDevices during runc update (so we don't modify cgroups at all during runc update). + cgroup1: blkio: support BFQ weights. + cgroupv2: set per-device io weights if BFQ IO scheduler is available. ++++ yast2: - Added some names to the list of parameters handled by CFA for the login.defs configuration (related to jsc#PM-2620). - 4.4.6 ------------------------------------------------------------------ ------------------ 2021-5-31 - May 31 2021 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 055+suse.97.gb98506b2: * docs: update NEWS.md and AUTHORS * fix(fs-lib): install fsck utilities * fix(integrity): require ALLOW_METADATA_WRITES to come from EVM config file * fix(install): configure logging earlier * fix(warpclock): minor cleanups * fix(dash): minor cleanups * fix(mksh): minor cleanups * feat(install): add default value for --firmwaredirs * fix(dracut-functions): get_maj_min without get_maj_min_cache_file set * fix(dracut): pipe hardlink output to `dinfo` * fix(install): sane default --kerneldir * fix(bash): minor cleanups * fix(squash): don't mount the mount points if already mounted * ci: add shfmt to Fedora containers * fix(base): add missing `str_replace` to `dracut-dev-lib.sh` * feat(dracut.sh): detect running in a container * fix(base): split out `dracut-dev-lib.sh` * fix(dracut-util): print error message with trailing newline * fix(packit): downstream has renamed the master branch to main - Update to version 054+suse.96.gb5aa64d2: * fix(suse-initrd) fix list of modprobe.d directories * fix(suse-initrd): exclude modules that are built-in (bsc#1185646) * fix(systemd-coredump): shellcheck for modules.d/01systemd-coredump (bsc#1190845) ++++ grub2: - Fix running grub2-once leads to failure of starting systemd service in the boot sequence (bsc#1169460) * grub2-once * grub2-once.service ++++ ignition: - Update to version 2.10.1: * Breaking Changes: * Rename Custom struct to ClevisCustom * Embed Clevis and ClevisCustom structs in parents * Always include interior nodes in merge transcript * Add kernel argument support * Fix fetching userdata on AWS when IMDSv1 is disabled * Fix creating Tang-based LUKS volumes before network is up * Document storage.filesystems.wipeFilesystem default * Fix file mode of ignition-kargs-helper script - Fix Go dependency, 1.13+ is required ++++ kernel-default: - x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#1152489). - commit 1931741 - Update config files: build W1 modules for x86-64, too (bsc#1186672) The core w1 and a couple of modules are needed to be in kernel core package for Arm (for RPi) while they are put into leap package for other archs. - commit 5ae0be0 - xen-pciback: reconfigure also from backend watch handler (git-fixes). - commit 5795686 - xen-blkback: fix compatibility bug with single page rings (git-fixes). - commit c1a440a - x86/sev-es: Invalidate the GHCB after completing VMGEXIT (bsc#1178134). - commit 2ed6303 - xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes). - commit 085f359 - tty: serial: ucc_uart: replace qe_io{read,write}* wrappers by generic io{read,write}* (git-fixes). - commit 845115a - soc: fsl: qe: replace qe_io{read,write}* wrappers by generic io{read,write}* (git-fixes). - commit d4c6a74 - series.conf: cleanup update upstream references and resort: patches.suse/ipc-mqueue-msg-sem-Avoid-relying-on-a-stack-reference.patch - commit a8331c9 - nvme: fix deadlock in disconnect during scan_work and/or ana_work (git-fixes). - Refresh patches.suse/nvme-fabrics-reject-I-O-to-offline-device.patch. - commit 4805fdc - arm64: vdso32: make vdso32 install conditional (git-fixes). - commit de92552 - blacklist.conf: arm64: add fix for unsupported SOC - commit 7c4e5f6 - x86/sev-es: Move sev_es_put_ghcb() in prep for follow on patch (bsc#1178134). - commit 61a3120 - nvme: document nvme controller states (git-fixes). - commit 495f482 - nvme-pci: use simple suspend when a HMB is enabled (git-fixes). - nvme-pci: make sure write/poll_queues less or equal then cpu (git-fixes). - nvme-pci: align io queue count with allocted nvme_queue in (git-fixes). - nvme-pci: remove last_sq_tail (git-fixes). - nvme-pci: remove volatile cqes (git-fixes). - nvme-pci: avoid race between nvme_reap_pending_cqes() and nvme_poll() (git-fixes). - nvme-pci: dma read memory barrier for completions (git-fixes). - nvme-pci: fix "slimmer CQ head update" (git-fixes). - nvme-pci: Simplify nvme_poll_irqdisable (git-fixes). - nvme-pci: Remove two-pass completions (git-fixes). - nvme-pci: Remove tag from process cq (git-fixes). - nvme-pci: slimmer CQ head update (git-fixes). - commit dd74a78 - i2c: s3c2410: fix possible NULL pointer deref on read message after write (git-fixes). - i2c: i801: Don't generate an interrupt on bus reset (git-fixes). - i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (git-fixes). - iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes). - iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() (git-fixes). - iio: gyro: fxas21002c: balance runtime power in error path (git-fixes). - staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes). - iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers (git-fixes). - iio: adc: ad7124: Fix missbalanced regulator enable / disable on error (git-fixes). - staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes). - serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (git-fixes). - serial: core: fix suspicious security_locked_down() call (git-fixes). - serial: tegra: Fix a mask operation that is always true (git-fixes). - thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (git-fixes). - usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (git-fixes). - USB: trancevibrator: fix control-request direction (git-fixes). - misc/uss720: fix memory leak in uss720_probe (git-fixes). - drm/meson: fix shutdown crash when component not probed (git-fixes). - net: usb: fix memory leak in smsc75xx_bind (git-fixes). - cdrom: gdrom: initialize global variable at init time (git-fixes). - cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom (git-fixes). - Revert "gdrom: fix a memory leak bug" (git-fixes). - usb: dwc3: gadget: Enable suspend events (git-fixes). - commit 62c76a6 - blk-mq: Swap two calls in blk_mq_exit_queue() (git-fixes). - block: Fix three kernel-doc warnings (git-fixes). - commit e222970 - Rename duplicate patches to their SLE15-SP2 equivalents. This is to prepare for the next SLE15-SP2 -> SLE15-SP3 merge. - commit e32f455 - SUNRPC: More fixes for backlog congestion (bsc#1185428). - commit c0de1ec - series.conf: cleanup - update upstream references and resort: patches.suse/nvme-fabrics-decode-host-pathing-error-for-connect.patch patches.suse/nvme-fc-short-circuit-reconnect-retries.patch - whitespace cleanup - commit 03158d3 ++++ libX11: - redone U_CVE-2021-31535.patch due to regressions (boo#1186643) * fixes segfaults for xforms applications like fdesign ++++ alsa: - Update to version 1.2.5 * https://www.alsa-project.org/wiki/Changes_v1.2.4_v1.2.5#alsa-lib - Drop upstream fixed patches * 0001-dlmisc-the-snd_plugin_dir_set-snd_plugin_dir-must-be.patch * 0002-dlmisc-fix-snd_plugin_dir-locking-for-not-DL_ORIGIN_.patch * 0003-pcm-snd_pcm_mmap_readi-fix-typo-in-comment.patch * 0004-topology-use-inclusive-language-for-bclk.patch * 0005-topology-use-inclusive-language-for-fsync.patch * 0006-topology-use-inclusive-language-in-documentation.patch * 0007-pcm-set-the-snd_pcm_ioplug_status-tstamp-field.patch * 0009-pcm-Add-snd_pcm_audio_tstamp_type_t-constants.patch * 0045-pcm-direct-Fix-the-missing-appl_ptr-update.patch * 0019-pcm-fix-__snd_pcm_state-return-value.patch * 0025-pcm-plugin-optimize-sync-in-snd_pcm_plugin_status.patch * 0026-Revert-pcm_plugin-fix-delay.patch * 0014-rawmidi-fix-memory-leak-in-snd_rawmidi_virtual_open.patch * 0037-topology-tplg_decode_pcm-add-missing-log-argument-co.patch * 0040-topology-sort_config-cleanups-use-goto-for-the-error.patch * 0028-pcm-rate-tidy-up-snd_pcm_rate_avail_update.patch * 0046-pcm-ioplug-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_statu.patch * 0030-pcm-rate-use-pcm_frame_diff-in-snd_pcm_rate_playback.patch * 0047-pcm-null-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch * 0043-pcm-dmix-dshare-delay-calculation-fixes-and-cleanups.patch * 0042-pcm_plugin-set-the-initial-hw_ptr-appl_ptr-from-the-.patch * 0011-pcm-Fix-a-typo-in-SND_PCM_AUDIO_TSTAMP_TYPE_LAST-def.patch * 0017-pcm_multi-remove-dead-assignment-from-_snd_pcm_multi.patch * 0027-pcm-ioplug-fix-the-delay-calculation-in-the-status-c.patch * 0041-conf-USB-add-Xonar-U7-MKII-to-USB-Audio.pcm.iec958_d.patch * 0016-pcm-remove-dead-assignments-from-snd_pcm_rate_-commi.patch * 0035-topology-tplg_pprint_integer-fix-coverity-uninitaliz.patch * 0034-ucm-fix-possible-memory-leak-in-parse_verb_file.patch * 0021-conf-fix-return-code-in-_snd_config_load_with_includ.patch * 0023-pcm-plugin-status-revert-the-recent-changes.patch * 0020-confmisc-fix-memory-leak-in-snd_func_concat.patch * 0029-pcm-ioplug-fix-the-delay-calculation-for-old-plugins.patch * 0039-ucm-uc_mgr_substitute_tree-fix-use-after-free.patch * 0024-pcm-plugin-tidy-snd_pcm_plugin_avail_update.patch * 0010-test-audio_time-Make-use-of-SND_PCM_AUDIO_TSTAMP_TYP.patch * 0033-pcm-rate-fix-the-capture-delay-values.patch * 0015-timer-fix-sizeof-operator-mismatch-in-snd_timer_quer.patch * 0036-topology-tplg_add_widget_object-do-not-use-invalid-e.patch * 0044-topology-fix-parse_tuple_set-remove-dead-condition-c.patch * 0038-topology-parse_tuple_set-remove-dead-condition-code.patch * 0018-conf-fix-get_hexachar-return-value.patch * 0013-ucm-fix-bad-frees-in-get_list0-and-get_list20.patch * 0012-conf-fix-use-after-free-in-_snd_config_load_with_inc.patch * 0031-pcm-plugin-fix-status-code-for-capture.patch * 0048-pcm-share-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch * 0032-pcm-rate-use-pcm_frame_diff-on-related-places.patch * 0022-pcm-plugin-status-fix-the-return-value-regression.patch ++++ ovmf: - Update to edk2-stable202105 * MdeModulePkg/UfsPassThruDxe: Improve Device initialization polling Loop * MdePkg: MmUnblockMemoryLib: Added definition and null instance * OvmfPkg: resolve MmUnblockMemoryLib (mainly for VariableSmmRuntimeDxe) * MdeModulePkg: VariableSmmRuntimeDxe: Added request unblock memory interface * SecurityPkg: Tcg2Smm: Switching from gSmst to gMmst * SecurityPkg: Tcg2Smm: Separate Tcg2Smm into 2 modules * SecurityPkg: Tcg2Smm: Added support for Standalone Mm * SecurityPkg: Tcg2Acpi: Added unblock memory interface for NVS region * UefiCpuPkg/MpInitLib: Use NASM struc to avoid hardcode offset * UefiCpuPkg/MpInitLib: Remove unused Lock from MP_CPU_EXCHANGE_INFO * UefiCpuPkg/SmmCpuFeaturesLib: Move multi-instance function decl to header * UefiCpuPkg/SmmCpuFeaturesLib: Rename SmmCpuFeaturesLib.c * UefiCpuPkg/SmmCpuFeaturesLib: Cleanup library constructors * UefiCpuPkg/SmmCpuFeaturesLib: Abstract PcdCpuMaxLogicalProcessorNumber * UefiCpuPkg/SmmCpuFeaturesLib: Add Standalone MM support * UefiCpuPkg/PiSmmCpu: Don't allocate Token for SmmStartupThisAp * RedfishPkg/Library: RedfishLib * OvmfPkg/CpuHotplugSmm: refactor hotplug logic * OvmfPkg/CpuHotplugSmm: collect hot-unplug events * OvmfPkg/CpuHotplugSmm: add Qemu Cpu Status helper * OvmfPkg/CpuHotplugSmm: introduce UnplugCpus() * OvmfPkg: define CPU_HOT_EJECT_DATA * OvmfPkg/SmmCpuFeaturesLib: init CPU ejection state * OvmfPkg/SmmCpuFeaturesLib: call CPU hot-eject handler * OvmfPkg/CpuHotplugSmm: add EjectCpu() * OvmfPkg/CpuHotplugSmm: do actual CPU hot-eject * OvmfPkg/SmmControl2Dxe: negotiate CPU hot-unplug * EmbeddedPkg/PrePiHobLib: replace duplicate GUID * MdePkg/UefiLib: Correct the arguments passed to IsLanguageSupported() * UefiCpuPkg/CpuCacheInfoLib: Collect cache associative type * UefiCpuPkg/MpInitLib: avoid printing debug messages in AP * UefiCpuPkg/CpuDxe: Rename variables to follow EDKII coding standard * UefiCpuPkg/CpuDxe: Guarantee GDT is below 4GB * BaseTools/Ecc: Make Ecc only check first include guard * ShellPkg/SmbiosView: add more items for smbiosview -t 3 * MdePkg: Support standalone MM Driver Unload capability * OvmfPkg/X86QemuLoadImageLib: Handle allocation failure for CommandLine * ShellPkg/Pci: Add valid check for PCI extended config space parser * CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1j * OvmfPkg: strip build paths in release builds * MdeModulePkg: Initialize local variable value before they are used * UefiCpuPkg/SmmCommunication: Remove out-dated comments * MdePkg: use CpuPause() in CpuDeadLoop() * MdePkg/Include: EFI Redfish Discover protocol * ShellPkg/UefiHandleParsingLib: Support EFI Redfish protocols * MdePkg/Include/Protocol: EFI_HII POPUP_PROTOCOL duplicate declaration * MdePkg/Include/Protocol: EFI_RESET_NOTIFICATION_PROTOCOL duplicate * CryptoPkg/Private/Protocol/Crypto.h: Remove duplicate function type * MdePkg/BaseLib: Add support for the XSETBV instruction * MdeModulePkg/PiDxeS3BootScriptLib: Rename mAcpiS3Enable to avoid dup symbol * MdePkg/IoLib: Filter/trace port IO/MMIO access * MdePkg/Baseib: Filter/trace MSR access for IA32/X64 * UefiCpuPkg: Remove PEI/DXE instances of CpuTimerLib. * UefiCpuPkg: Add MicrocodeLib for loading microcode * OvmfPkg: Add MicrocodeLib in DSC files. * UefiPayloadPkg/UefiPayloadPkg.dsc: Consume MicrocodeLib * UefiCpuPkg/MpInitLib: Consume MicrocodeLib to remove duplicated code * UefiCpuPkg/PiSmmCpuDxeSmm: Support detect SMM shadow stack overflow * ShellPkg: Fix smbiosview system enclosure type table * UefiCpuPkg/CpuTimerLib: Update LIBRARY_CLASS of Base instance. * RedfishPkg/RedfishDiscoverDxe: EFI Redfish Discover Protocol * RedfishPkg/RedfishConfigHandler: EDKII RedfishConfigHandler Protocol * UefiCpuPkg: PiSmmCpuDxeSmm: Check buffer size before accessing * BaseTools/Conf: Fix MAKE_FLAGS typos in tools_def.template * MdeModulePkg: Initialize temp variable in VarCheckPolicyLib * SecurityPkg/Tcg2Smm: Initialize local Status variable * DynamicTablesPkg: add validation for PcdNonBsaCompliant16550SerialHid * OvmfPkg/XenResetVector: Silent a warning from nasm * MdePkg: Allow PcdFSBClock to by Dynamic * OvmfPkg/IndustryStandard/Xen: Apply EDK2 coding style to XEN_VCPU_TIME_INFO * OvmfPkg/IndustryStandard: Introduce PageTable.h * OvmfPkg/XenPlatformPei: Map extra physical address * OvmfPkg/XenPlatformPei: Calibrate APIC timer frequency * OvmfPkg/OvmfXen: Set PcdFSBClock * DynamicTablesPkg: Re-order GicItsIdentifierArray struct * DynamicTablesPkg: Remove EArmObjExtendedInterruptInfo * MdePkg: Fix AsmReadMsr64() and AsmWriteMsr64() with GCC toolchain * BaseTools/PlatformAutoGen: MAKE_FLAGS and MAKE_PATH fixes * RedfishPkg/RestJsonStructureDxe: Fix typo in function header * MdePkg/Include: Allow CPU specific defines to be predefined * CryptoPkg/Library/Include: Allow CPU specific defines to be predefined * ArmPlatformPkg: Fix Ecc error 8001 * ArmPlatformPkg: Fix Ecc error 9001 * ArmPlatformPkg: Remove package dependency in NorFlashStandaloneMm * ArmPkg: Fix Ecc error 8001 in Chipset * ArmPkg: Fix Ecc error 8001 in SemihostLib * ArmPkg: Fix Ecc error 8001 in ArmArchTimerLib * ArmPkg: Fix Ecc error 9005 in CpuDxe * ArmPkg: Fix Ecc error 10006 in ArmPkg.dsc * ArmPkg: Fix Ecc error 10016 in StandaloneMmMmuLib * ArmPkg: Fix Ecc error 10014 in ArmScmiDxe * ArmPkg: Fix Ecc error 10014 in GenericWatchdogDxe * ArmPkg: Fix Ecc error 10014 in MmCommunicationDxe * ArmPkg: Fix Ecc error 10014 in SemihostLib * ArmPkg: Remove ArmGic/ArmGicSecLib.c * ArmPkg: Fix Ecc error 5003 in ArmExceptionLib * ArmPkg: Fix Ecc error 6001 in MmCommunicationDxe * ArmPkg: Fix Ecc error 6001 in ArmSoftFloatLib * ArmPkg: Rename include guard in ArmGicLib.h * ArmPkg: Fix Ecc error 7008 for SCMI_CLOCK_RATE * ArmPkg: Fix Ecc error 7008 for OPTEE_MESSAGE_PARAM * ArmPkg: Fix Ecc error 8005/8007 in ArmDisassemblerLib * ArmPkg: Fix Ecc error 8005 for SCMI_PROTOCOL_ID * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_TYPE * ArmPkg: Fix Ecc error 8005 for SCMI_STATUS * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID_BASE * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID_CLOCK * ArmPkg: Fix Ecc error 8005 for SCMI_CLOCK_RATE_FORMAT * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID_PERFORMANCE * RedfishPkg: Add EDK2 Redfish Foundation diagrams * SecurityPkg/FvReportPei: remove redundant sizeof * ShellPkg: Rename Address Size to Access size * DynamicTablesPkg: Add access size to CM_ARM_SERIAL_PORT_INFO * DynamicTablesPkg: Set the Access size for the SPCR table * DynamicTablesPkg: Set the Access size for the DBG2 table * UefiCpuPkg: PiSmmCpuDxeSmm: Not to Change Bitwidth During Static Paging * MdePkg/Cpuid.h: Define new element in CPUID Leaf(07h) data structure. * SecurityPkg: Add constraints on PK strength * ArmPkg: Allow platforms to supply more data for SMBIOS Type3 record * ArmPkg: Allow platforms to report their boot status via OemMiscLib call * ArmPkg: Fix calculation of offset of chassis SKU Number in SmbiosMiscDxe * ArmPkg: Fix typo of Manufacturer in comment in SmbiosMiscDxe * ArmPkg: Fix Ecc error 8003 * ArmPkg: Fix Ecc error 3002 in StandaloneMmMmuLib * ArmPkg: Add missing library headers to ArmPkg.dec * ArmPlatformPkg: Document libraries in ArmPlatformPkg.dec * ArmPkg: Add OemMiscLibNull library to ArmPkg.dsc * ArmPkg: Correct small typos * ArmPlatformPkg: Add ArmPlatformPkg.ci.yaml * OvfmPkg/VmgExitLib: Properly decode MMIO MOVZX and MOVSX opcodes * OvmfPkg/VmgExitLib: Add support for new MMIO MOV opcodes * OvmfPkg: Define a new PPI GUID to signal TPM MMIO accessability * OvmfPkg/TpmMmioSevDecryptPei: Mark TPM MMIO range as unencrypted for SEV-ES * OvmfPkg/Tcg2ConfigPei: Update Depex for IA32 and X64 * ArmPkg: Update SCMI Base Protocol version to 0x20000 * MdePkg/BaseRngLib: Add support for ARMv8.5 RNG instructions * SecurityPkg: Add support for RngDxe on AARCH64 * UefiCpuPkg/MpInitLib: Properly cast from PCD to SEV-ES jump table pointer * BaseTools: Add support for version 3 of FMP Image Header structure * CryptoPkg: BaseCryptLib: Add RSA PSS verify support * ShellPkg/UefiShellCommandLib: suppress incorrect gcc warning * OvmfPkg/VirtioFsDxe: suppress incorrect gcc warnings * UefiCpuPkg/CpuExceptionHandler: Add missing comma to exception name array * UefiCpuPkg/PiSmmCpu: Remove hardcode 48 address size limitation * MdeModulePkg: Retrieve boot manager menu from any fv * ShellPkg/HttpDynamicCommand: Fix possible uninitialized use * MdeModulePkg/PciBusDxe: Fix possible uninitialized use * CryptoPkg/BaseCryptLib: Fix possible uninitialized use * MdeModulePkg/PlatformDriOverrideDxe: Fix overflow condition check * MdeModulePkg/VariableLock: downgrade compatibility warnings to DEBUG_WARN * ArmPkg/ArmGic: Fix maximum number of interrupts in GICv3 - Update openssl to 1.1.1j - Drop upstreamed patch: ovmf-bsc1184801-fix-sev-with-tpm.patch - Add the new Xen flavor for x86_64 + Update 50-xen-hvm-x86_64.json to use ovmf-x86_64-xen-4m.bin as the default firmware for Xen ------------------------------------------------------------------ ------------------ 2021-5-30 - May 30 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - series.conf: cleanup - fix Patch-mainline and move unsortable patches out of sorted section patches.suse/0001-netfilter-conntrack-improve-RST-handling-when-tuple-.patch patches.suse/0001-netfilter-conntrack-add-new-sysctl-to-disable-RST-ch.patch - commit 9d82526 - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 17 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 15 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 855 G8 (git-fixes). - ALSA: hda/realtek: Chain in pop reduction fixup for ThinkStation P340 (git-fixes). - ALSA: hda/realtek: the bass speaker can't output sound on Yoga 9i (git-fixes). - commit 7ba5be9 - ASoC: cs35l33: fix an error code in probe() (git-fixes). - ASoC: cs42l42: Regmap must use_single_read/write (git-fixes). - ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static (git-fixes). - commit 72126c6 - ALSA: hda/realtek: Headphone volume is controlled by Front mixer (git-fixes). - ALSA: usb-audio: scarlett2: Improve driver startup messages (git-fixes). - ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (git-fixes). - ALSA: usb-audio: fix control-request direction (git-fixes). - commit ad502bc ------------------------------------------------------------------ ------------------ 2021-5-29 - May 29 2021 ------------------- ------------------------------------------------------------------ ++++ kmod: - /usr/lib should override /lib where both are available. Support /usr/lib for depmod.d as well. * Refresh usr-lib-modprobe.patch - Remove test patches included in release 29 - kmod-populate-modules-Use-more-bash-more-quotes.patch - kmod-testsuite-compress-modules-if-feature-is-enabled.patch - kmod-also-test-xz-compression.patch ------------------------------------------------------------------ ------------------ 2021-5-28 - May 28 2021 ------------------- ------------------------------------------------------------------ ++++ grub2: - Fix crash in launching gfxmenu without theme file (bsc#1186481) * grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch ++++ libguestfs: - For unknown reasons the appliance build fails randomly Workaround it by retrying the build once ++++ kdump: - Fix use of DNS in the panic environment (bsc#1183070): * kdump-avoid-endless-loop-on-EAI_AGAIN.patch: Avoid an endless loop when resolving a hostname fails with EAI_AGAIN. * kdump-install-real-resolv.conf.patch: Install /etc/resolv.conf using its resolved path. - kdump-fix-incorrect-exit-code-checking.patch: Fix incorrect exit code checking after "local" with assignment (bsc#1184616, LTC#192282) - kdump-do-not-iterate-past-end-of-string.patch: Fix a crash caused by iterating past end of string (bsc#1186037). ++++ kernel-default: - futex: Make syscall entry points less convoluted (git-fixes). - futex: Get rid of the val2 conditional dance (git-fixes). - futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI (bsc#1164648). - futex: Change utime parameter to be 'const ... *' (git-fixes). - commit c6c39e0 - arm64: kdump: update ppos when reading elfcorehdr (git-fixes). - arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL (git-fixes). - arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory (git-fixes). - arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) (git-fixes). - arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes). - arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into() fails (git-fixes). - arm64: link with -z norelro for LLD or aarch64-elf (git-fixes). - arm64: avoid -Woverride-init warning (git-fixes). - arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (git-fixes). - Revert "arm64: vdso: Fix compilation with clang older than 8" (git-fixes). - ARM64: vdso32: Install vdso32 from vdso_install (git-fixes). - arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter() (git-fixes). - arm: mm: use __pfn_to_section() to get mem_section (git-fixes). - commit 4accc73 - Hibernation: Fix Hibernate not blocked in Secure Boot with no EFI secret key Refresh patches.suse/0005-efi-generate-secret-key-in-EFI-boot-environment.patch. (bsc#1186512) - commit d15957a - blacklist.conf: arm64: dts: add fixes - commit 918cf09 - netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950). - commit 54ae065 - blacklist.conf: spi: add a cosmetic fix - commit 67d8fed - Revert "soc: fsl: qe: introduce qe_io{read,write}* wrappers" (git-fixes). - commit 25de66e - netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950). - commit 3e0da56 - netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950). - commit 9338bce - net: enetc: fix link error again (git-fixes). - commit 0d4ccc0 - blacklist.conf: add misc dt-bindings fixes References: git-fixes - commit fc2fb63 - NFC: nci: fix memory leak in nci_allocate_device (git-fixes). - commit 2bba556 - scsi: libfc: Avoid invoking response handler twice if ep is already completed (bsc#1186573). - commit 679d56e - SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1185428). - commit 862f15d - bpf: No need to simulate speculative domain for immediates (bsc#1186484,CVE-2021-33200). - bpf: Fix mask direction swap upon off reg sign change (bsc#1186484,CVE-2021-33200). - bpf: Wrap aux data inside bpf_sanitize_info container (bsc#1186484,CVE-2021-33200). - commit fc0b52a ++++ python-pytz: - %check: use %pyunittest rpm macro ++++ tpm2.0-tools: - add 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch: no longer use a fixed AES key in the context of the tpm2_import command. Fixes CVE-2021-3565 (bsc#1186490). - drop fix_pie_linking.patch: now contained in upstream tarball - drop fix_warnings.patch: now contained in upstream tarball - update to upstream version 5.1: - Minimum tpm2-tss version dependency bumped to 3.1.0 - Minimum tpm2-abrmd version dependency bumped to 2.4.0 - tss2: - Support in tools for PolicyRef inclusion in policy search per latest TSS. - Support to use TPM objects protected by a policy with PolicySigned. - Enable backward compatibility to old Fapi callback API. - Fix PCR selection for tss2 quote. - Support policy signed policies by implementing Fapi_SetSignCB. - Command/ response parameter support for auditing and pHash policies: - lib/tpm2_util.c: Add method to determine hashing alg for cp/rphash - Add support to calculate rphash for tpm2_create, tpm2_activatecredential, tpm2_certify, tpm2_certifycreation, tpm2_changeauth, tpm2_changeeps, tpm2_changepps, tpm2_nvdefine, tpm2_nvextend, tpm2_unseal - Add support to calculate cphash for tpm2_changeeps, tpm2_changepps. - Session-support: - tpm2_sessionconfig: Add tool to display and configure session attributes. - tpm2_getrandom: Fix— session input was hardcoded for audit-only - tpm2_startauthsession: Add option to specify the bind object and its authorization value. - tpm2_startauthsession: support for bounded-only session. - tpm2_startauthsession: support for salted-only session. - tpm2_startauthsession: add option to specify an hmac session type. - Add support for specifying non-authorization sessions for audit and parameter encryption for tpm2_getrandom, tpm2_create, tpm2_nvextend, tpm2_nvdefine, tpm2_unseal, tpm2_activatecredential, tpm2_certify, tpm2_certifycreation, tpm2_changeauth, tpm2_changeeps, tpm2_changepps. - tpm2_eventlog: - Support for event type: EV_IPL extensively used by the Shim and Grub. - Support for event type: EV_EFI_GPT_EVENT to parse. UEFI_PARTITION_TABLE_HEADER and UEFI_PARTITION_ENTRY. - Support for event type: EFI_SIGNATURE_LIST, which contains one or more EFI_SIGNATURE_DATA. - Support for event type EV_EFI_VARIABLE_AUTHORITY. - Parse UEFI_PLATFORM_FIRMWARE_BLOB structure that the CRTM MUST put into the Event Log entry TCG_PCR_EVENT2.event field for event types EV_POST_CODE, EV_S_CRTM_CONTENTS, and EV_EFI_PLATFORM_FIRMWARE_BLOB. - Parse secureboot variable to indicate enable as 'Yes'. - Parse BootOrder variable to a more readable format. - Parse Boot variables per EFI_LOAD_OPTION described in more details in UEFI Spec Section 3.1.3 - Parse Device-path in a readable format using the efivar library. - Support for logs longer than 64 kilobytes. - Perform verification for event types where digest can be verified from their event payload. - Better support for multiline strings. - Fix handling of event log EV_POST_CODE data where field is empty and len is specified. - scripts/utils: Add a utility to read the cert chain of embedded CA. - tpm2_getekcertificate: Fix tool failing to return error/non-zero for HTTP 404. - tpm2_nvdefine: allow setting hash algorithm by command line parameter for NV indices set in extend mode. - tpm2_duplicate, tpm2_import: support duplicating non-TPM keys to a remote TPM without first requiring them to be loaded to a local TPM. - tpm2_dictionarylockout: Fix issue where setting value for one parameter caused to reset the others. - tpm2_getpolicydigest: Add new tool to enable TPM2_CC_PolicyGetDigest. - Fix segfault where optind > argc. - tools/tpm2_checkquote: fix missing initializer - tpm2_convert: fix EVP_EncodeUpdate usage for OSSL < 1.1.0 - openssl: fix EVP_ENCODE_CTX_(new|free) - test: Add support for swTPM simulator to the testing framework and make it the default if mssim isn't available. - tpm2_unseal: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - tpm2_nvextend: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - tpm2_nvdefine: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - tpm2_changepps: - Added option **\--cphash**=_FILE_ to specify ile path to record the hash of the command parameters. This is commonly termed as cpHash. - Added option **\--rphash**=_FILE_ to specify ile path to record the hash - Added option **-S**, **\--session** to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. - tpm2_changeeps: - Added option **\--cphash**=_FILE_ to specify ile path to record the hash of the command parameters. This is commonly termed as cpHash. - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - Added option **-S**, **\--session** to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. - tpm2_changeauth: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - Added option **-S**, **\--session** to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. - tpm2_certifycreation: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - Added option **-S**, **\--session** to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. - tpm2_certify: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - Added option **-S**, **\--session** to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. - tpm2_activatecredential: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - Added option **-S**, **\--session** to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. - tpm2_create: - Added option **\--rphash**=_FILE_ to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. - tpm2_unseal: - Added option **-S**, **--session** to specify auxiliary sessions for audit and encryption. - tpm2_nvdefine: - Added option **-S**, **--session** to specify auxiliary sessions for audit and encryption. - tpm2_nvextend: - Added option **-S**, **--session** to specify auxilary sessions for audit and encryption. ------------------------------------------------------------------ ------------------ 2021-5-27 - May 27 2021 ------------------- ------------------------------------------------------------------ ++++ cockpit: - new version 245 https://cockpit-project.org/blog/cockpit-245.html ++++ librsvg: - Update to version 2.50.6: + Librsvg now requires at least Pango 1.44. + glgo#GNOME/librsvg#730: Incorrect text spacing when the transform is not 1:1. You can see this when a small font-size is scaled up due to a transform. It is less visible for a large font-size scaled down. + glgo#GNOME/librsvg#704: Fix circle/ellipse in paths when they are made out of a single Arc command. ++++ issue-generator: - Update to version 1.13 - SELinux: Do not call agetty --reload [bsc#1186178] ++++ kernel-default: - Update patches.suse/powerpc-64s-Fix-crashes-when-toggling-entry-flush-ba.patch (bsc#1177666 git-fixes bsc#1186460 ltc#192531). - Update patches.suse/powerpc-64s-Fix-crashes-when-toggling-stf-barrier.patch (bsc#1087082 git-fixes bsc#1186460 ltc#192531). - commit ce0ebfb - ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501). - ceph: only check pool permissions for regular files (bsc#1186501). - ceph: don't clobber i_snap_caps on non-I_NEW inode (bsc#1186501). - ceph: fix up error handling with snapdirs (bsc#1186501). - commit 7d20748 - hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (git-fixes). - commit 661689a - uio_hv_generic: Fix another memory leak in error handling paths (git-fixes). - uio_hv_generic: Fix a memory leak in error handling paths (git-fixes). - uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes). - uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes). - commit 0e1067b - ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501). - ceph: only check pool permissions for regular files (bsc#1186501). - ceph: don't clobber i_snap_caps on non-I_NEW inode (bsc#1186501). - ceph: fix up error handling with snapdirs (bsc#1186501). - commit 7c54637 - nvme-fabrics: decode host pathing error for connect (bsc#1179827). - nvme-fc: short-circuit reconnect retries (bsc#1179827). - nvme-fc: check sgl supported by target (bsc#1179827). - commit 97321b0 - scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#1186451). - commit 192cba3 - scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186451). - scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric controller (bsc#1186451). - scsi: lpfc: Add a option to enable interlocked ABTS before job completion (bsc#1186451). - scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs (bsc#1186451). - scsi: lpfc: Ignore GID-FT response that may be received after a link flip (bsc#1186451). - scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller (bsc#1186451). - scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs (bsc#1186451). - scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186451). - scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology (bsc#1186451). - scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186451). - scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186451). - commit 19dc8b6 - Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS (git-fixes). - commit 322fe2d - nvme-fc: clear q_live at beginning of association teardown (bsc#1186479). - commit 6f0e9b4 - RDMA/core: create ib_cm with WQ_MEM_RECLAIM flag (bsc#1183346). - RDMA/addr: create addr_wq with WQ_MEM_RECLAIM flag (bsc#1183346). - commit 18a82b0 - drm/amdgpu: update sdma golden setting for Navi12 (git-fixes). - drm/amdgpu: update gc golden setting for Navi12 (git-fixes). - drm/amdgpu: Fix GPU TLB update error when PAGE_SIZE > AMDGPU_PAGE_SIZE (git-fixes). - drm/i915/gt: Disable HiZ Raw Stall Optimization on broken gen7 (git-fixes). - ALSA: hda/realtek: Add fixup for HP Spectre x360 15-df0xxx (git-fixes). - ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes). - commit b2fab88 - drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (git-fixes). - ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes). - ALSA: intel8x0: Don't update period unless prepared (git-fixes). - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (git-fixes). - ALSA: usb-audio: Validate MS endpoint descriptors (git-fixes). - ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes). - ALSA: hda/realtek: reset eapd coeff to default value for alc287 (git-fixes). - leds: lp5523: check return value of lp5xx_read and jump to cleanup code (git-fixes). - Revert "leds: lp5523: fix a missing check of return value of lp55xx_read" (git-fixes). - Bluetooth: SMP: Fail if remote and local public keys are identical (git-fixes). - commit 57f36e1 ++++ kmod: - Update to release 29 * Fix `modinfo -F` not working for built-in modules and certain fields. * Fix a memory leak, overflow and double free on error path. - Drop 0001-Fix-modinfo-F-always-shows-name-for-built-ins.patch, 0001-libkmod-config-revamp-kcmdline-parsing-into-a-state-.patch, 0002-libkmod-config-re-quote-option-from-kernel-cmdline.patch (all merged) ++++ mozilla-nss: - update to NSS 3.64 * bmo#1705286 - Properly detect mips64. * bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and disable_crypto_vsx. * bmo#1698320 - replace __builtin_cpu_supports("vsx") with ppc_crypto_support() for clang. * bmo#1613235 - Add POWER ChaCha20 stream cipher vector acceleration. ++++ pcre2: - pcre2 10.37: * removal of the actual POSIX names regcomp etc. from the POSIX wrapper library because these have caused issues for some applications, replacing pcre2-symbol-clash.patch * fix a hypothetical NULL dereference * fix two bugs related to over-large numbers so the behaviour is now the same as Perl * Fix propagation of \K back from the full pattern recursion * Restore single character repetition optimization in JIT ++++ polkit: - CVE-2021-3560: fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497) CVE-2021-3560.patch ++++ spice: - bsc#1181686 - VUL-0: CVE-2021-20201: spice,spice-gtk: client initiated renegotiation denial of service 0001-With-OpenSSL-1.1-Disable-client-initiated-renegotiation.patch 0002-With-OpenSSL-1.0.2-and-earlier-disable-client-side-renegotiation.patch ++++ logrotate: - update to 3.18.1: * fix memory leaks on error-handling paths * make `renamecopy` and `copytruncate` override each other * improve error handling in the parser of configuration files * improve user experience for non-privileged users of logrotate ++++ mozilla-nspr: - update to version 4.31: * Lock access to PRCallOnceType members in PR_CallOnce* for thread safety bmo#1686138 ++++ supportutils: - Fixes to supportconfig + Exclude rhn.conf from etc.txt (bsc#1186347) ++++ systemd-presets-common-SUSE: - When installing the systemd-presets-common-SUSE package for the first time in a new system, it might happen that some services are installed before systemd so the %systemd_pre/post macros would not work. This is handled by enabling all preset services in this package's %posttrans section but it wasn't enabling user services, just system services. Now it enables also the user services installed before this package, thus fixing boo#1186561 ------------------------------------------------------------------ ------------------ 2021-5-26 - May 26 2021 ------------------- ------------------------------------------------------------------ ++++ augeas: - Allow all printable ASCII characters in WPA-PSK definition * augeas-allow_printable_ASCII.patch * bsc#1185524 * Sourced from https://github.com/hercules-team/augeas/pull/723/commits * Credit to Michal Filka ++++ curl: - Update to 7.77.0: [bsc#1186114, CVE-2021-22898] [bsc#1186115, bsc#1185579, CVE-2021-22901] * Security fixes: - CVE-2021-22297: schannel cipher selection surprise - CVE-2021-22298: TELNET stack contents disclosure - CVE-2021-22901: TLS session caching disaster * Changes: - configure: make the TLS library choice(s) explicit - curl: ignore options asking for SSLv2 or SSLv3 - hsts: enable by default - SSL: support in-memory CA certs for some backends - vtls: refuse setting any SSL version * Bugfixes: - configure: provide --with-openssl, deprecate --with-ssl - cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies - curl: include libmetalink version in --version output - data_pending: check only SECONDARY socket for FTP(S) transfers - gnutls: don't allow TLS 1.3 for versions that don't support it - gnutls: make setting only the MAX TLS allowed version work - http2: fix resource leaks in set_transfer_url() and push_promise() - http: limit the initial send amount to used upload buffer size - rustls: only return CURLE_AGAIN when TLS session is fully drained - rustls: use ALPN - schannel: Disable auto credentials; add an option to enable it - schannel: Support strong crypto option - sectransp: allow cipher name to be specified - sockfilt: avoid getting stuck waiting for writable socket ++++ dosfstools: - Add fix-calculation.patch (gh#dosfstools/dosfstools#153, bsc#1172863) to work with different size of clusters. ++++ kernel-default: - net/mlx5: Fix health error state handling (bsc#1186467). - commit d6aa2d3 - ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#1184855). - commit 725c479 - scsi: mpt3sas: Only one vSES is present even when IOC has multi vSES (bsc#1185954). - commit e2e5f3a ++++ kernel-firmware: - Update to version 20210518 (git commit f8462923ed8f): * nvidia: fix symlinks for tu104/tu106 acr unload firmware * rtw88: 8822c: Update normal firmware to v9.9.10 * iwlwifi: update 8000 family firmwares * iwlwifi: update 9000-family firmwares to core60-51 * iwlwifi: add new FWs from core60-51 release * nvidia: Update Tegra194 XUSB firmware to v60.09 * nvidia: Update Tegra186 XUSB firmware to v55.18 * nvidia: Update Tegra210 XUSB firmware to v50.26 * linux-firmware: update firmware for mhdp8546 - Update module aliases ++++ libvirt-dbus: - Add libvirtdbus user to libvirt group boo#1182538 ++++ lshw: - Update to version B.02.19+git.20210429: * Fix getting size of memory banks <32GiB * devtree: Add UUID property * code clean-up * improve portability (esp. musl) * fix potential crash * add static target to Makefile * Avoid crash on device-tree parsing * Add JEDEC manufacturer * Report correct memory size on SMBIOS < 2.7 * fix man page after previous update - Drop no longer needed patches: * lshw-fix-segfault-in-apfs-volume-code.patch * lshw-fix-mmc.patch * lshw-fix-ppc.patch * lshw-devtree-Add-UUID-property.patch ------------------------------------------------------------------ ------------------ 2021-5-25 - May 25 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - Remove python symbols (python means currently python2), work only with python3 ones (fallout from bsc#1185588). ++++ lvm2-device-mapper: - Link test as position independent executable (bsc#1184124). + bug-1184124-link-tests-as-PIE.patch ++++ gnutls: - Add gnutls-3.6.7-fix-FTBFS-2024.patch to let tests pass after 2024 (boo#1186579) - Add gnutls-3.6.7-reproducible-date.patch to override build date (boo#1047218) ++++ kernel-default: - btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441). - commit fb966c0 - btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439). - commit 305123c - btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441). - commit 9be975d - btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439). - commit f318368 - drm/amdgpu/display/dm: add missing parameter documentation (git-fixes). - drm/amdgpu/display: remove redundant continue statement (git-fixes). - Revert "drm/qxl: do not run release if qxl failed to init" (git-fixes). - commit d1874da - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - usb: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes). - security: keys: trusted: fix TPM2 authorizations (git-fixes). - tpm: acpi: Check eventlog signature before using it (git-fixes). - tty: serial: lpuart: fix lpuart32_write usage (git-fixes). - commit 4ed41e4 - mt76: mt7615: fix entering driver-own state on mt7663 (git-fixes). - mt76: mt7915: fix txpower init for TSSI off chips (git-fixes). - mt76: mt76x0: disable GTK offloading (git-fixes). - mt76: mt7615: support loading EEPROM for MT7613BE (git-fixes). - platform/x86: intel_pmt_crashlog: Fix incorrect macros (git-fixes). - pinctrl: qcom: spmi-gpio: fix warning about irq chip reusage (git-fixes). - commit 6b07d97 - KEYS: trusted: Fix memory leak on object td (git-fixes). - iwlwifi: pcie: make cfg vs. trans_cfg more robust (git-fixes). - media: saa7146: use sg_dma_len when building pgtable (git-fixes). - media: saa7134: use sg_dma_len when building pgtable (git-fixes). - intel_th: pci: Add Alder Lake-M support (git-fixes). - intel_th: pci: Add Rocket Lake CPU support (git-fixes). - KEYS: trusted: Fix TPM reservation for seal/unseal (git-fixes). - gpu/xen: Fix a use after free in xen_drm_drv_init (git-fixes). - commit 2d606fa - drm/i915: Read C0DRB3/C1DRB3 as 16 bits again (git-fixes). - drm/amdgpu: fix concurrent VM flushes on Vega/Navi v2 (git-fixes). - drm/i915/display: fix compiler warning about array overrun (git-fixes). - drm/amdgpu: Add mem sync flag for IB allocated by SA (git-fixes). - drm/amd/display: add handling for hdcp2 rx id list validation (git-fixes). - drm/amd/display: Try YCbCr420 color when YCbCr444 fails (git-fixes). - drm/amd/display: Fix UBSAN: shift-out-of-bounds warning (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - commit 1d7d2f2 - drm/amd/display: Fix debugfs link_settings entry (git-fixes). - drm/amd/display: DCHUB underflow counter increasing in some scenarios (git-fixes). - drm/amd/pm: fix workload mismatch on vega10 (git-fixes). - drm/amdkfd: Fix UBSAN shift-out-of-bounds warning (git-fixes). - drm/amdgpu: Fix some unload driver issues (git-fixes). - drm/amdgpu/display: buffer INTERRUPT_LOW_IRQ_CONTEXT interrupt work (git-fixes). - drm/amd/display: Don't optimize bandwidth before disabling planes (git-fixes). - drm/amd/display: Check for DSC support instead of ASIC revision (git-fixes). - drm/amd/display: changing sr exit latency (git-fixes). - drm/dp_mst: Set CLEAR_PAYLOAD_ID_TABLE as broadcast (git-fixes). - commit f3698a5 - dmaengine: idxd: fix cdev setup and free device lifetime issues (git-fixes). - dmaengine: idxd: removal of pcim managed mmio mapping (git-fixes). - dmaengine: idxd: cleanup pci interrupt vector allocation management (git-fixes). - dmaengine: idxd: fix dma device lifetime (git-fixes). - drm/dp_mst: Revise broadcast msg lct & lcr (git-fixes). - drm/ast: Fix invalid usage of AST_MAX_HWC_WIDTH in cursor atomic_check (git-fixes). - drm/qxl: do not run release if qxl failed to init (git-fixes). - drm/amd/display/dc/dce/dce_aux: Remove duplicate line causing 'field overwritten' issue (git-fixes). - drm/komeda: Fix bit check to import to value of proper type (git-fixes). - commit 7955989 - ALSA: firewire-lib: fix amdtp_packet tracepoints event for packet_index field (git-fixes). - ALSA: usb-audio: Fix potential out-of-bounce access in MIDI EP parser (git-fixes). - ACPI: PM: Add ACPI ID of Alder Lake Fan (git-fixes). - ASoC: Intel: sof_sdw: add quirk for new ADL-P Rvp (git-fixes). - ASoC: rt5670: Add a quirk for the Dell Venue 10 Pro 5055 (git-fixes). - ALSA: hda/hdmi: fix race in handling acomp ELD notification at resume (git-fixes). - Bluetooth: btusb: Enable quirk boolean flag for Mediatek Chip (git-fixes). - Bluetooth: Fix incorrect status handling in LE PHY UPDATE event (git-fixes). - commit ea056ec - scsi: core: Run queue in case of I/O resource contention failure (bsc#1186416). - commit 50bad37 - USB: serial: pl2303: fix line-speed handling on newer chips (bsc#1186320). - USB: serial: pl2303: add support for PL2303HXN (bsc#1186320). - commit bc4a20a - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (bsc#1186009) - commit 8a9d64a - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (bsc#1186009) - commit 1607e2d - s390/kdump: fix out-of-memory with PCI (bsc#1182257 LTC#191375). - commit b91dd8c - PCI/RCEC: Fix RCiEP device to RCEC association (jsc#SLE-13736 jsc#SLE-14845 git-fixes). - commit 6922678 - Refresh patches.suse/PCI-AER-Add-RCEC-AER-error-injection-support.patch. Update to upstream version. - commit deb7805 - Refresh patches.suse/PCI-AER-Add-pcie_walk_rcec-to-RCEC-AER-handling.patch. Update to upstream version. - commit c098a79 - Delete patches.suse/PCI-AER-Apply-Function-Level-Reset-to-RCiEP-on-fatal.patch. - Delete patches.suse/PCI-ERR-Limit-AER-resets-in-pcie_do_recovery.patch. - Delete patches.suse/PCI-RCEC-Add-RCiEP-s-linked-RCEC-to-AER-ERR.patch. Replaced in upstream by a175102b0a82 (PCI/ERR: Recover from RCEC AER errors). - commit 716aea9 - Update to upstream version. - commit 21cf7c7 - Refresh patches.suse/PCI-AER-Apply-Function-Level-Reset-to-RCiEP-on-fatal.patch. - Refresh patches.suse/PCI-ERR-Avoid-negated-conditional-for-clarity.patch. - Refresh patches.suse/PCI-RCEC-Add-RCiEP-s-linked-RCEC-to-AER-ERR.patch. - Refresh patches.suse/pci-err-add-pci_walk_bridge-to-pcie_do_recovery. - Refresh patches.suse/pci-err-recover-from-rcec-aer-errors. - Refresh patches.suse/pci-err-recover-from-rciep-aer-errors. Update to upstream version. - commit 41d7b52 - spi: spi-fsl-dspi: Fix a resource leak in an error handling path (git-fixes). - gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes). - mmc: sdhci-pci-gli: increase 1.8V regulator wait (git-fixes). - drm/amd/display: Fix two cursor duplication when using overlay (git-fixes). - Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state (git-fixes). - Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices (git-fixes). - PCI: thunder: Fix compile testing (git-fixes). - ACPI / hotplug / PCI: Fix reference count leak in enable_slot() (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 (git-fixes). - dmaengine: dw-edma: Fix crash on loading/unloading driver (git-fixes). - usb: sl811-hcd: improve misleading indentation (git-fixes). - pinctrl: ingenic: Improve unreachable code generation (git-fixes). - commit 4488c4d - firmware: arm_scpi: Prevent the ternary sign expansion bug (git-fixes). - ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency (git-fixes). - ALSA: firewire-lib: fix calculation for size of IR context payload (git-fixes). - ALSA: firewire-lib: fix check for the size of isochronous packet payload (git-fixes). - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes). - ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 (git-fixes). - platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes). - ics932s401: fix broken handling of errors when word reading fails (git-fixes). - ASoC: rt286: Generalize support for ALC3263 codec (git-fixes). - ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init() (git-fixes). - commit 309a9af - ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet (git-fixes). - ASoC: rsnd: core: Check convert rate in rsnd_hw_params (git-fixes). - ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF (git-fixes). - ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes). - ALSA: bebob: enable to deliver MIDI messages for multiple ports (git-fixes). - ALSA: rme9652: don't disable if not enabled (git-fixes). - ALSA: hdspm: don't disable if not enabled (git-fixes). - ALSA: hdsp: don't disable if not enabled (git-fixes). - commit 0897647 - usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes). - usb: xhci: Increase timeout for HC halt (git-fixes). - usb: dwc3: omap: improve extcon initialization (git-fixes). - cdc-wdm: untangle a circular dependency between callback and softint (git-fixes). - drm/i915: Avoid div-by-zero on gen2 (git-fixes). - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (git-fixes). - pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes). - i2c: Add I2C_AQ_NO_REP_START adapter quirk (git-fixes). - i2c: bail out early when RDWR parameters are wrong (git-fixes). - drm/amd/display: fixed divide by zero kernel crash during dsc enablement (git-fixes). - drm/amd/display: Force vsync flip when reconfiguring MPCC (git-fixes). - qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth (git-fixes). - wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes). - wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes). - mac80211: clear the beacon's CRC after channel switch (git-fixes). - Bluetooth: check for zapped sk before connecting (git-fixes). - Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes). - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes). - commit 6a99610 - Refresh patches.suse/PCI-ERR-Rename-reset_link-to-reset_subordinates.patch. - Refresh patches.suse/pci-err-add-pci_walk_bridge-to-pcie_do_recovery. - Refresh patches.suse/pci-err-retain-status-from-error-notification. - Refresh patches.suse/pci-err-simplify-by-computing-pci_pcie_type-once. - Refresh patches.suse/pci-err-use-bridge-for-clarity-in-pcie_do_recovery. Update to upstream version. - commit b63143d - Update to upstream version. - commit c7b5cb5 - PCI/ERR: Bind RCEC devices to the Root Port driver (jsc#SLE-13736 jsc#SLE-14845). - Refresh patches.suse/pci-err-simplify-by-computing-pci_pcie_type-once. - Delete patches.suse/PCI-RCEC-Add-RCEC-class-code-and-extended-capability.patch. - Delete patches.suse/PCI-RCEC-Bind-RCEC-devices-to-the-Root-Port-driver.patch. Update to upstream version. The two were merged into the one. - commit 746ca90 - scsi: pm80xx: Fix potential infinite loop (bsc#1186354). - commit f24fca0 ++++ libapparmor: - Remove python symbols (python means currently python2), work only with python3 ones (fallout from bsc#1185588). ++++ lvm2: - Link test as position independent executable (bsc#1184124). + bug-1184124-link-tests-as-PIE.patch ++++ libnftnl: - Update to release 1.2.0 * table: add table owner support * expr: socket: add cgroups v2 support ++++ systemd: - Allow the sysusers config files shipped by systemd rpms to be overriden during system installation (bsc#1171962) - While at it, add a comment to explain why we don't use %sysusers_create in %pre and why it should be safe in %post. ++++ systemd-rpm-macros: - %sysusers_create_inline: use here-docs instead of echo (bsc#1186282) Upstream commit dd2490ae12ad1e1795ecbf8f8944b950da9c8d06. ++++ xfsprogs: - update to v5.12.0: - mkfs: don't default to too-large physical sector size - repair: phase 6 speedups - man: Add dax mount option to man xfs(5) - xfs_admin: pick up log arguments correctly - xfs_growfs: support shrinking unused space - libfrog: report inobtcount in geometry - xfs_logprint: Fix buffer overflow printing quotaoff - xfsprogs: include for platform_crash - xfsprogs: remove BMV_IF_NO_DMAPI_READ flag - workqueue: bound maximum queue depth - libxfs changes merged from kernel 5.12 ++++ yast2: - Add Yast2::Equatable mixin to avoid troubles with classes that overloads the comparison methods (related to bsc#1186082). - 4.4.5 ------------------------------------------------------------------ ------------------ 2021-5-24 - May 24 2021 ------------------- ------------------------------------------------------------------ ++++ elfutils: - Update to version 0.185: debuginfod-client: Simplify curl handle reuse so downloads which return an error are retried. elfcompress: Always exit with code 0 when the operation succeeds (even when nothing was done). On error the exit code is now always 1. ++++ kernel-default: - scsi: pm80xx: Increase timeout for pm80xx mpi_uninit_check() (bsc#1186355). - scsi: pm80xx: Fix chip initialization failure (bsc#1186354). - scsi: target: tcmu: Fix use-after-free of se_cmd->priv (bsc#1186356). - scsi: pm80xx: Do not sleep in atomic context (bsc#1186353). - scsi: aacraid: Improve compat_ioctl handlers (bsc#1186352). - scsi: target: tcmu: Fix warning: 'page' may be used uninitialized (bsc#1186357). - commit d9c7184 - Update metadata and move to sorted section patches.suse/sched-fair-Clear-SMT-siblings-after-determining-the-core-is-not-idle.patch. patches.suse/sched-fair-Fix-wrong-cpu-selecting-from-isolated-dom.patch. patches.suse/sched-fair-Minimize-concurrent-LBs-between-domain-level.patch. patches.suse/sched-fair-Reduce-busy-load-balance-interval.patch. patches.suse/sched-fair-Reduce-minimal-imbalance-threshold.patch. patches.suse/sched-fair-Relax-constraint-on-task-s-load-during-load-balance.patch. patches.suse/sched-fair-Remove-the-force-parameter-of-update_tg_load_avg.patch. patches.suse/sched-fair-Simplify-the-work-when-reweighting-entity.patch. patches.suse/sched-rt-Disable-RT_RUNTIME_SHARE-by-default.patch. - commit 9b005f0 - sched/fair: Fix shift-out-of-bounds in load_balance() (git fixes (sched)). - commit c01b809 - s390/dasd: fix hanging DASD driver unbind (bsc#1183932 LTC#192153). - commit f5a02db ++++ expat: - Update to 2.4.1: * Bug fixes: - Autotools: Fix installed header expat_config.h for multilib systems; regression introduced in 2.4.0 by pull request #486 * Other changes: - Version info bumped from 9:0:8 to 9:1:8; see https://verbump.de/ for what these numbers do - Update to 2.4.0: [CVE-2013-0340 "Billion Laughs"] * Security fixes: - CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks (denial-of-service; flavors targeting CPU time or RAM or both, leveraging general entities or parameter entities or both) by tracking and limiting the input amplification factor ( := ( + ) / ). By conservative default, amplification up to a factor of 100.0 is tolerated and rejection only starts after 8 MiB of output bytes (= + ) have been processed. The fix adds the following to the API: - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to signals this specific condition. - Two new API functions .. - XML_SetBillionLaughsAttackProtectionMaximumAmplification and - XML_SetBillionLaughsAttackProtectionActivationThreshold .. to further tighten billion laughs protection parameters when desired. Please see file "doc/reference.html" for details. If you ever need to increase the defaults for non-attack XML payload, please file a bug report with libexpat. - Two new XML_FEATURE_* constants .. - that can be queried using the XML_GetFeatureList function, and - that are shown in "xmlwf -v" output. - Two new environment variable switches .. - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and - EXPAT_ENTITY_DEBUG=(0|1) .. for runtime debugging of accounting and entity processing. Specific behavior of these values may change in the future. - Two new command line arguments "-a FACTOR" and "-b BYTES" for xmlwf to further tighten billion laughs protection parameters when desired. If you ever need to increase the defaults for non-attack XML payload, please file a bug report with libexpat. * Bug fixes: - For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake) or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault for UTF-16 payloads containing CDATA sections. - Autotools: Fix generated CMake files for non-64bit and non-Linux platforms (e.g. macOS and MinGW in particular) that were introduced with release 2.3.0 * Other changes: - xmlwf: Improve help output and the xmlwf man page - xmlwf: Improve maintainability through some refactoring - xmlwf: Fix man page DocBook validity - CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR and CMAKE_INSTALL_INCLUDEDIR - CMake: Add support for standard variable BUILD_SHARED_LIBS - Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters - Resolve macro HAVE_EXPAT_CONFIG_H - Delete unused legacy helper file "conftools/PrintPath" - doc/reference.html: Fix XHTML validity - doc/reference.html: Replace the 90s look by OK.css - Version info bumped from 8:0:7 to 9:0:8 due to addition of new symbols and error codes; see https://verbump.de/ for what these numbers do ++++ qemu: - Fix CVE-2021-3527 in usb/redir: usb-redir-avoid-dynamic-stack-allocation.patch - Fix issues found upstream: hw-block-nvme-consider-metadata-read-aio.patch sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch vfio-ccw-Permit-missing-IRQs.patch vhost-user-blk-Check-that-num-queues-is-.patch vhost-user-blk-Don-t-reconnect-during-in.patch vhost-user-blk-Fail-gracefully-on-too-la.patch vhost-user-blk-Get-more-feature-flags-fr.patch vhost-user-blk-Make-sure-to-set-Error-on.patch virtio-blk-Fix-rollback-path-in-virtio_b.patch virtio-Fail-if-iommu_platform-is-request.patch virtiofsd-Fix-side-effect-in-assert.patch monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch ++++ supportutils: - analyzevmcore supports local directories (bsc#1186397) ++++ yast2-trans: - Update to version 84.87.20210522.fa639d2702: * New POT for text domain 'installation'. * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (French) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * New POT for text domain 'storage'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * New POT for text domain 'migration'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (French) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Japanese) * Translated using Weblate (German) * Translated using Weblate (Japanese) * Translated using Weblate (German) ------------------------------------------------------------------ ------------------ 2021-5-23 - May 23 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - genirq/irqdomain: Don't try to free an interrupt that has no (git-fixes) - commit 6059d03 - sched/fair: Avoid stale CPU util_est value for schedutil in (git-fixes) - commit 3ca2554 - sched/eas: Don't update misfit status if the task is pinned (git-fixes) - commit 7849a6f - posix-timers: Preserve return value in clock_adjtime32() (git-fixes) - commit 637287d ------------------------------------------------------------------ ------------------ 2021-5-22 - May 22 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - hrtimer: Update softirq_expires_next correctly after (git-fixes) - commit 123b070 - genirq: Disable interrupts for force threaded handlers (git-fixes) - commit a3b0361 ------------------------------------------------------------------ ------------------ 2021-5-21 - May 21 2021 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add abstractions-php8.diff to support PHP8 in abstractions/php (boo#1186267) ++++ kernel-default: - blacklist.conf: Remove already backported commits. - commit d6aafa0 - sched/fair: Fix unfairness caused by missing load decay (git-fixes) - commit 25deacb - lpfc: Decouple port_template and vport_template (bsc#185032). - commit 77503a8 - workqueue: Minor follow-ups to the rescuer destruction change (bsc#1185911). - commit 682a642 - workqueue: more destroy_workqueue() fixes (bsc#1185911). - commit 63656eb - Re-enable yenta socket driver for x86_64 (bsc#1186349) CONFIG_YENTA was mistakenly disabled along with the disablement of CONFIG_PCMCIA. Re-enable the module for keeping the CardBus stuff still working, but put it to kernel-*-optional for Leap 15.3. - commit 1b41019 - ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432 git-fixes). - commit 5e94000 - series.conf: cleanup - move submitted patch to "almost mainline" section: patches.suse/cpufreq-intel_pstate-Add-Icelake-servers-support-in-.patch - commit 0ccf9b6 ++++ libapparmor: - add abstractions-php8.diff to support PHP8 in abstractions/php (boo#1186267) ++++ libepoxy: - Update to version 1.5.8: + Revert changes from PR #238 / #229 + Fixes regressions: #240, #252, #253 ++++ python3-core: - Stop providing "python" symbol (bsc#1185588), which means python2 currently. ++++ libsigc++2: - Update to version 2.10.7: + Meson build: - Make it possible to use sigc++ as a subproject. - Fix dependency on files generated from .h.m4 files. - No implicit_include_directories. - Make quiet installations possible. - Fix build as subproject without building documentation. + Documentation fixes. ++++ zchunk: - Update to version 1.1.14 * Final fixes for zstd 1.5 support ++++ nfs-utils: - Add 0019-gssd-use-mutex-to-protect-decrement-of-refcount.patch A field was modified by multiple threads without locking. This can lead to use-after-free. (bsc#1183194) ++++ python3: - Stop providing "python" symbol (bsc#1185588), which means python2 currently. ------------------------------------------------------------------ ------------------ 2021-5-20 - May 20 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted (bsc#1184259). - nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#1184259). - nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1184259). - nvme: simplify error logic in nvme_validate_ns() (bsc#1184259). - commit 56bb69c - xsk: Respect device's headroom and tailroom on generic xmit path (git-fixes). - commit 7e45682 - smc: disallow TCP_ULP in smc_setsockopt() (git-fixes). - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit (git-fixes). - RDMA/srpt: Fix error return code in srpt_cm_req_recv() (git-fixes). - RDMA/hns: Delete redundant abnormal interrupt status (git-fixes). - RDMA/hns: Delete redundant condition judgment related to eq (git-fixes). - net, xdp: Update pkt_type if generic XDP changes unicast MAC (git-fixes). - xsk: Respect device's headroom and tailroom on generic xmit path (git-fixes). - commit 7c9514e - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758). - commit d0a78d0 - bnxt_en: Fix RX consumer index logic in the error path (git-fixes). - commit 75ee727 - i40e: Fix PHY type identifiers for 2.5G and 5G adapters (git-fixes). - i40e: fix the restart auto-negotiation after FEC modified (git-fixes). - i40e: Fix use-after-free in i40e_client_subtask() (git-fixes). - i40e: fix broken XDP support (git-fixes). - mlxsw: spectrum_mr: Update egress RIF list before route's action (git-fixes). - net: hns3: disable phy loopback setting in hclge_mac_start_phy (git-fixes). - net: hns3: clear unnecessary reset request in hclge_reset_rebuild (git-fixes). - net: hns3: use netif_tx_disable to stop the transmit queue (git-fixes). - net: hns3: fix for vxlan gpe tx checksum bug (git-fixes). - net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet() (git-fixes). - net: hns3: initialize the message content in hclge_get_link_mode() (git-fixes). - net: hns3: fix incorrect configuration for igu_egu_hw_err (git-fixes). - RDMA/qedr: Fix error return code in qedr_iw_connect() (jsc#SLE-8215). - bnxt_en: Fix RX consumer index logic in the error path (git-fixes). - bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (git-fixes). - net: thunderx: Fix unintentional sign extension issue (git-fixes). - cxgb4: Fix unintentional sign extension issues (git-fixes). - netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes). - vrf: fix a comment about loopback device (git-fixes). - net: hns3: Fix for geneve tx checksum bug (git-fixes). - commit d07ce98 - ethtool: fix missing NLM_F_MULTI flag when dumping (bsc#1176447). - IB/hfi1: Rework AIP and VNIC dummy netdev usage (jsc#SLE-13208). - RDMA/rtrs-clt: destroy sysfs after removing session from active list (jsc#SLE-15176). - RDMA/mlx5: Fix drop packet rule in egress table (jsc#SLE-15175). - net/sched: act_ct: fix wild memory access when clearing fragments (bsc#1176447). - nfp: devlink: initialize the devlink port attribute "lanes" (bsc#1176447). - selftests: mlxsw: Remove a redundant if statement in tc_flower_scale test (bsc#1176774). - net/mlx5: Fix bit-wise and with zero (jsc#SLE-15172). - netfilter: conntrack: Make global sysctls readonly in non-init netns (bsc#1176447). - commit 3d16f03 - scsi: fnic: Remove bogus ratelimit messages (bsc#1183249). - commit ad3d189 ++++ Mesa: - update to 21.1.1 * bugfix release * mostly AMD and Intel changes as usual, but also a decent amount of ARM fixes and more ++++ systemd: - udev requires systemd in its %post (bsc#1185958) udevadm, called in udev's %post, requires libsystemd-shared-248.so. - Restore all "License:" tags udev uses a different license (GPL-2.0-only) than the main package and "osc service localrun format_spec_file" has the good taste to restore the license tags for all other subpackages if one of the subpackage tag differs. - Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ++++ linux-glibc-devel: - Add cross-*-linux-glibc-devel packages ++++ pam_u2f: - Update to version 1.1.1 (released 2021-05-19) * Fix an issue where PIN authentication could be bypassed (CVE-2021-31924). * Fix an issue with nodetect and non-resident credentials. * Fix build issues with musl libc. * Add support for self-attestation in pamu2fcfg. * Fix minor bugs found by fuzzing. ------------------------------------------------------------------ ------------------ 2021-5-19 - May 19 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (bsc#1185581). - commit eec9b2b - Enable CONFIG_PCI_PF_STUB for Nvidia Ampere vGPU support (jsc#SLE-17882 jsc#ECO-3691) Nvidia switched its vGPU mechanism from mdev to SRIOV since Ampere architecutre. For the SRIOV implementation, they used pci-pf-stub module. We only need to enable CONFIG_PCI_PF_STUB here, other dependencies have been enabled already. - commit 8ab8eb0 - x86,swiotlb: Adjust SWIOTLB bounce buffer size for SEV guests (bsc#1186219). - commit df8fbad - nvme: explicitly update mpath disk capacity on revalidation (git-fixes). - commit 71b6570 - nvme: retrigger ANA log update if group descriptor isn't found (git-fixes) - commit d9afd49 - nvme-tcp: fix misuse of __smp_processor_id with preemption (git-fixes). - dm: avoid filesystem lookup in dm_get_dev_t() (git-fixes). - nvme: don't intialize hwmon for discovery controllers (git-fixes). - nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT (git-fixes). - nvme-tcp: Fix possible race of io_work and direct send (git-fixes). - nvme-tcp: fix kconfig dependency warning when !CRYPTO (git-fixes). - blk-iocost: ioc_pd_free() shouldn't assume irq disabled (git-fixes). - nvme: fix controller instance leak (git-fixes). - nvmet: fix a memory leak (git-fixes). - block: fix get_max_io_size() (git-fixes). - nvme-tcp: fix possible hang waiting for icresp response (bsc#1179519). - commit 6431b47 - nvme: fix possible deadlock when I/O is blocked (git-fixes). - Delete patches.suse/nvme-do-not-update-disk-info-for-multipathed-device.patch. - commit c1000c4 - nvme: define constants for identification values (git-fixes). - commit ef03dba ++++ libdrm: - Update to 2.4.106: * various nouveau fixes * improve tests ++++ Mesa: - Add swrast to vulkan - Enable vulkan on %{arm} and aarch64 with: swrast, amd, broadcom and freedreno ++++ systemd: - Spec file minor cleanups: - Drop all "Group:" tags as they are deprecated. - Drop "License:" tags from all subpackages and make it inherited from the main package. - Drop "%bcond_with parentpathid" as it's not used. ++++ libxml2: - Security fix: [bsc#1186015, CVE-2021-3541] * Exponential entity expansion attack bypasses all existing protection mechanisms. - Add libxml2-CVE-2021-3541.patch ++++ openssh: - Add openssh-7.6p1-audit_race_condition.patch, fixing sshd termination of multichannel sessions with non-root users (error on 'mm_request_receive_expect') (bsc#1115550, bsc#1174162). ++++ python-contextvars: - use %pytest macro in %check ++++ libxml2-python: - Security fix: [bsc#1186015, CVE-2021-3541] * Exponential entity expansion attack bypasses all existing protection mechanisms. - Add libxml2-CVE-2021-3541.patch ++++ runc: - Update to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95 This release of runc contains a fix for CVE-2021-30465, and users are strongly recommended to update (especially if you are providing semi-limited access to spawn containers to untrusted users). bsc#1185405 ++++ shim: - shim-install: instead of assuming "removable" for Azure, remove fallback.efi from \EFI\Boot and copy grub.efi/cfg to \EFI\Boot to make \EFI\Boot bootable and keep the boot option created by efibootmgr (bsc#1185464, bsc#1185961) ------------------------------------------------------------------ ------------------ 2021-5-18 - May 18 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Add nm-add-CAP_CHOWN-capability.patch: Add CAP_CHOWN to CapabilityBoundingSet to make teamd work properly (glfd#NetworkManager/NetworkManager!860, bsc#1185424). ++++ cockpit: - new version 244.1 https://cockpit-project.org/blog/cockpit-244.html - enable SELinux ++++ dracut: - Update to version 054+suse.95.gd5820102: * chore(suse) update spec Important change on mkinitrd: mkinitrd is now in its own subpackage "dracut-mkinit-deprecated", which requires dracut. If you need mkinitrd, require "mkinitrd". However note that in the long run, mkinit will go away. It is preferred to call dracut directly. ++++ hwinfo: - merge gh#openSUSE/hwinfo#98 - update pci and usb ids - 21.74 ++++ kernel-default: - powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666 git-fixes). - powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes). - commit f06d724 - blk-mq: plug request for shared sbitmap (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - commit d041278 - ACPI: PM: s2idle: Drop unused local variables and related code (bsc#1185840). - commit 1fc2033 - Delete patches.suse/hwmon-amd_energy-01-add-driver-to-report-energy-counters.patch. - Delete patches.suse/hwmon-amd_energy-02-missing-platform_driver_unregister-on.patch. - Delete patches.suse/hwmon-amd_energy-03-match-for-supported-models.patch. - Delete patches.suse/hwmon-amd_energy-04-move-label-out-of-accumulation-structure.patch. - Delete patches.suse/hwmon-amd_energy-05-optimize-accumulation-interval.patch. - Delete patches.suse/hwmon-amd_energy-06-improve-the-accumulation-logic.patch. - Delete patches.suse/hwmon-amd_energy-07-modify-the-visibility-of-the-counters.patch. - Delete patches.suse/hwmon-amd_energy-08-add-family-19h-model-01h.patch. - Delete patches.suse/hwmon-amd_energy-09-fix-allocation-of-hwmon_channel_info.patch. As agreed with Jeffrey Cheung and Darren Davis, after the amd_energy driver has been removed from upstream due to a disagreement between AMD and the hwmon subsystem maintainer on how to mitigate a hardware security vulnerability, we will not include this driver in SLE15-SP3. In other words, features SLE-15432 and SLE-14261 are being rejected for SP3. They will be evaluated again for SP4 if the upstream situation changes by then. - commit 30a5d69 - usb: pci-quirks: disable D3cold on xhci suspend for s2idle on AMD Renoire (bsc#1185840). - commit 5bd67ef - ACPI / idle: override c-state latency when not in conformance with s0ix (bsc#1185840). - commit 00d00d3 - ACPI: PM: s2idle: Add missing LPS0 functions for AMD (bsc#1185840). - commit 77d36ca - ACPI: PM: s2idle: Move x86-specific code to the x86 directory (bsc#1185840). - ACPI: PM: s2idle: Add AMD support to handle _DSM (bsc#1185840). - commit 240ac31 - fuse: fix write deadlock (bsc#1185573). - commit f65dbea - drm/i915/overlay: Fix active retire callback alignment (git-fixes). - commit 6ca3a83 - drm/i915: Wedge the GPU if command parser setup fails (git-fixes). - commit 331f4cc - drm/amdgpu: remove unused variable from struct amdgpu_bo (git-fixes). - commit e3fca29 - Refresh patches.suse/0001-drm-i915-Fix-overlay-frontbuffer-tracking.patch. Add Alt-commit for duplicate - commit af0c5c1 - drm/amd/display: Initialize attribute for hdcp_srm sysfs file (git-fixes). - commit e983a11 - drm/i915: Fix crash in auto_retire (git-fixes). - commit a0ca792 - drm/amdgpu: Init GFX10_ADDR_CONFIG for VCN v3 in DPG mode (git-fixes). - commit 1530740 - Refresh patches.suse/drm-amdgpu-display-restore-AUX_DPHY_TX_CONTROL-for-D.patch. Added Alt-commit for duplicate - commit 9ad673d - blacklist.conf: 12aca1ce9ee3 drm/msm/disp/dpu1: program 3d_merge only if block is attached - commit 1e8f219 - nvmet: use new ana_log_size instead the old one (bsc#1178612, bsc#1184259, bsc#1186155). - nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#1184259, bsc#1186155). - commit 0df107a - nvme: add new line after variable declatation (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: don't check nvme_req flags for new req (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: mark nvme_setup_passsthru() inline (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: split init identify into helper (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: rename nvme_init_identify() (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: reduce checks for zero command effects (bsc#1184259, bsc#1178612, bsc#1186155). - nvme: use NVME_CTRL_CMIC_ANA macro (bsc#1184259, bsc#1178612, bsc#1186155). - commit bb55f2e - powerpc/pseries: warn if recursing into the hcall tracing code (bsc#1185110 ltc#192091). - powerpc/pseries: use notrace hcall variant for H_CEDE idle (bsc#1185110 ltc#192091). - powerpc/pseries: Don't trace hcall tracing wrapper (bsc#1185110 ltc#192091). - powerpc/pseries: Fix hcall tracing recursion in pv queued spinlocks (bsc#1185110 ltc#192091). - commit b5b9cb5 - supported.conf: mark usb_otg_fsm as supported (bsc#1185010) - commit d340e77 - supported.conf: add bsc1185010 dependency - commit fb8d746 ++++ multipath-tools: - Update to version 0.8.6+10+suse.47711374: * Github workflows: add CI for SUSE-specific branches ++++ libcontainers-common: - Update image to 5.12.0 v0.38.2: * libimage: add save tests * libimage/Image.HasDifferentDigest: handle manifest lists * libimage: push: ignore image platform * Cirrus: Use config. in common with all repos. * libimage: add import test * Fix handling of all capabilities * libimage: add save tests * containers.conf: don't set default logging driver v0.38.1: * libimage: add save tests * libimage/Image.HasDifferentDigest: handle manifest lists * libimage: push: ignore image platform * Cirrus: Use config. in common with all repos. * libimage: add import test * Fix handling of all capabilities * libimage: add save tests * containers.conf: don't set default logging driver v0.38.1: * adjust log-driver defaults * Do not emit warnings about OCI runtime paths * build(deps): bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1 * build(deps): bump github.com/containers/storage from 1.30.1 to 1.30.3 * [NO TESTS NEEDED] Fix reading configs on mac and windows * libimage: add push tests * build(deps): bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94 * libimage: fix pull from dir * libimage: add load unit tests * Only close EventChannel if it has been created. v0.38: * build(deps): bump github.com/docker/docker * libimage: add an events system * libimage: add unit tests * libimage: rename dockerTransport to registryTransport * Bump github.com/onsi/gomega from 1.11.0 to 1.12.0 * pull: simplify transports switch * Fix images tagged by 64 chars cannot be pulled when ommiting "docker://" prefix * Add support for codespell, and fix issues found * libimage: restore the ability to pull from docker-daemon and tarball * Swap default logging to journald * fix image tree * Add support for creating default CNI network * Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0 * Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 * Add a default network creation package * Add ability to specify a subnet for the default network * libimage: follow-up changes v0.37.1: * Bump github.com/containers/storage from 1.30.0 to 1.30.1 * Add support for the runsc OCI Runtime * Add support for machine_enabled in containers.conf * modify README.md: Contributing section finetuning * Add support for image_parallel_copies in containers.conf * Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1 - Update common to 0.38.2 0.38.2: libimage: add save tests libimage/Image.HasDifferentDigest: handle manifest lists libimage: push: ignore image platform Cirrus: Use config. in common with all repos. libimage: add import test Fix handling of all capabilities libimage: add save tests containers.conf: don't set default logging driver 0.38.1: adjust log-driver defaults Do not emit warnings about OCI runtime paths build(deps): bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1 build(deps): bump github.com/containers/storage from 1.30.1 to 1.30.3 [NO TESTS NEEDED] Fix reading configs on mac and windows libimage: add push tests build(deps): bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94 libimage: fix pull from dir libimage: add load unit tests Only close EventChannel if it has been created. 0.38.0: build(deps): bump github.com/docker/docker libimage: add an events system libimage: add unit tests libimage: rename dockerTransport to registryTransport Bump github.com/onsi/gomega from 1.11.0 to 1.12.0 pull: simplify transports switch Fix images tagged by 64 chars cannot be pulled when ommiting "docker://" prefix Add support for codespell, and fix issues found libimage: restore the ability to pull from docker-daemon and tarball Swap default logging to journald fix image tree Add support for creating default CNI network Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0 Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 Add a default network creation package Add ability to specify a subnet for the default network libimage: follow-up changes 0.37.1: Bump github.com/containers/storage from 1.30.0 to 1.30.1 Add support for the runsc OCI Runtime Add support for machine_enabled in containers.conf modify README.md: Contributing section finetuning Add support for image_parallel_copies in containers.conf Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1 - Update storage to 1.31.0 1.31.0: Update docs/containers-storage.conf.5.md store: add option to disable volatile build(deps): bump github.com/Microsoft/hcsshim from 0.8.16 to 0.8.17 Enable zstd:chunked support in containers/image overlay: honor DisableShifting store: allow shifting only with contiguous mappings idtools: new function IsContiguous store: replace Modified+Load with ReloadIfChanged store: new method ROFileBasedStore.ReloadIfChanged() Expand the scope of transaction in the process of deleting device Remove unlock/lock caused by Incorrect assumption 1.30.3: Update to F34 and U2104 Update vendor opencontainers/selinux v1.8.1 AUFS not supported in Ubuntu 21.04+ build(deps): bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94 TestMatch: handle cases where NewPatternMatcher catches syntax errors 1.30.2: Switch from ffjson to json-iterator Remove dependencies on ffjson Expand Variables on rootlessStoragePath Log expected rootless overlay mount failures as debug level ++++ rdma-core: - Update to rdma-core v35.0 - Bugfixes on all providers - Many improvements on pyverbs - Fixes dracut path issues on Tumbleweed - Refresh patches to latest sources: - Revert-libcxgb3-Remove-libcxgb3-from-rdma-core.patch - disable-rdma-interface-renaming.patch ++++ libepoxy: - Update to version 1.5.7: * Remove type redefinition - Includes changes from 1.5.6: * Fix issue loading OpenGL/GLX/EGL libraries * Expose dependency variables in pkg-config file * Close output objects when generating files ++++ pango: - Update to version 1.48.5: + Only initialize fontconfig once. + Add missing deprecation notices. + Add some missing apis to the markup docs. + Speed up Emoji classification. + Fix hangs and memory leaks. + Don't insert hyphens at word boundaries. + Handle empty lines better. + Avoid width fluctuations with ellipsized text. + Add a utility to show text segmentation. ++++ systemd: - Introduce subpackage systemd-tests This subpackage is mainly used before submitting a new version of the systemd packages. As such it's not intended for regular users hence can be removed/renamed at any time. One might wonder why the unit tests are not executed during package builds (%check)... the reason is that the environment used to build package (chroot) is too limited and therefore only a subset of the unit tests would be executed in this environment. To disable the build of the subpackage, use "--without=tests". - Add 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch A temporary patch until https://github.com/systemd/systemd/issues/19464 is solved. - Import commit bc08011f04ac4f12569ec05965149f665a0b110b (merge of v248.3) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/6f5c11b28f5739b901390f22c2bf4c003cadedaa...bc08011f04ac4f12569ec05965149f665a0b110b ++++ psmisc: - Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch * Fix bsc#1185208 to make private mount namespaces work as well as to distinguish NFS mounts from same remote device share. ++++ selinux-policy: - allow systemd to watch /usr, /usr/lib, /etc, /etc/pki as we have path units that trigger on changes in those. Added fix_systemd_watch.patch - own /usr/share/selinux/packages/$SELINUXTYPE/ and /var/lib/selinux/$SELINUXTYPE/active/modules/* to allow packages to install files there ++++ u-boot-rpiarm64: * Add rockpi-n10-rk3399pro * Several fixes and cleanups for RK3399/3328 boards: - Replace repeated board list with is_rk3399/is_rk3328 define - Fix non-functional rock960, copy bl31.elf - Remove "make u-boot.itb", already part of "all" target * Remove obsolete manual generation of SOURCE_DATE_EPOCH ------------------------------------------------------------------ ------------------ 2021-5-17 - May 17 2021 ------------------- ------------------------------------------------------------------ ++++ curl: - Security fix: [bsc#1186114, CVE-2021-22898] * TELNET stack contents disclosure - Add curl-CVE-2021-22898.patch ++++ dracut: - Update to version 054+suse.94.g1648453e: * chore(suse): re-add SUSE mkinitrd - Update to version 054+suse.93.gd393f006: With this release dracut has undergone a major overhaul. A lot of systemd related modules have been added. The integration test suite has finally ironed out the flaky behaviour due to the parallel device probing of the kernel, which bit sometimes in the non-kvm github CI. So, if you see any /dev/sda in a setup script with more than two hard drives, chances are, that the script works on the wrong disk. Same goes for network interfaces. This release is also fully shellcheck'ed with ShellCheck-0.7.2 and indented with shfmt and astyle. The dracut project builds test containers every day for: opensuse/tumbleweed-dnf:latest archlinux:latest fedora:rawhide fedora:latest fedora:33 These containers can easily be used to run the integration tests locally without root permissions via podman. We hope this serves as a blueprint for your distribution's CI process. More information can be found in docs/HACKING.md. Bug Fixes make testsuite pass on OpenSuse and Arch (8b2afb08) cope with distributions with /usr/etc files (3ad3b3a4) deprecate gummiboot (5c94cf41) set vimrc and emacs indention according to .editorconfig (9012f399) correctly handle kernel parameters (501d82f7) remove dracut.pc on make clean (d643156d) honor KVERSION environment in the Makefile (d8a454a5) always use mkdir -p (9cf7b1c5) dracut.sh: prevent symbolic links containing // (de0c0872) adding missing globalvars for udev (f35d479d) sysctl global variables (3ca9aa1d) add global vars for modules-load (ec4539c6) omission is an addition to other omissions in conf files (96c31333) harden dracut against GZIP environment variable (d8e47e20) add a missing tmpfilesconfdir global variable (8849dd8d) include modules.builtin.alias in the initramfs (7f633747) install all depmod relevant configuration files (50a01dd4) add modules.builtin.modinfo to the initramfs (87c4c178) search for btrfs devices from actual mount poiont (3fdc734a) dracut-functions.sh: implement a cache for get_maj_min (c3bb9d18) word splitting issue for sed in get_ucode_file (122657b2) dracut-logger.sh: double dash trigger unknown logger warnings during run (4fbccde5) dracut-install: handle $LIB in ldd output parsing (bsc#1185615) handle builtin modules (2536a9ea) base: suppress calls to getarg in build phase (6feaaabc) source hooks without exec (8059bcb2) wait_for_dev quote shell variables (b800edd6) adding crc32c for ext3 (61f45643) crypt: install all crypto modules in the generic initrd (10f9e569) include cryptsetups tmpfile (a4cc1964) crypt-gpg: cope with different scdaemon location (44fd1c13) dbus-broker: enable the service (df1e5f06) dbus-daemon: only error out in install() (ae4fbb3d) dracut-systemd: don't refuse root=tmpfs when systemd is used (a96900a8) examples: remove the examples directory and reference to it (b37c90c8) fips: add dh and ecdh ciphers (543b8014) remove old udev version requirements (be30d987) i18n: skip if data is missing (651fe01e) img-lib: ignored null byte in input (85eb9680) integrity: properly set up EVM when using an x509 cert (4bdd7eb2) iscsi: replace sed call with bash internals (66b920c6) add iscsid.service requirements (bb6770f1) only rely on socket activiation (0eb87d78) kernel-modules: optionally add /usr/lib/modules.d to initramfs (92e6a8f8) add watchdog drivers for generic initrd (3a60c036) mdraid: remove dependency statements (86b75634) memstrack: correct dependencies (c2ecc4d1) multipath: stop multipath before udev db cleanup (3c244c7c) revise multipathd-stop (7b8c78ff) nbd: assume nbd version >= 3.8 (6209edeb) remove old udev version requirements (fd15dbad) make nbd work again with systemd (77906443) network: use wicked unit instead of find_binary (57eefcf7) user variable for sdnetworkd instead of path (4982e16d) correct regression in iface_has_carrier (36af0518) network-legacy: add missing options to dhclient.conf (abfd547a) silence getargs (60a34d8b) network-manager: cope with distributions not using libexec (22d6863e) set timeout via command line option (8a51ee1f) run after dracut-cmdline (4d03404f) create /run directories (49b61496) use /run/NetworkManager/initrd/neednet in initqueue (6a37c6f6) only run NetworkManager if rd.neednet=1 (ac0e8f7d) nm-run.service: don't kill forked processes (1f21fac6) no default deps for nm-run.service (ba4bcf5f) nm-lib.sh does not require bash (3402142e) squash: post install should be the last step before stripping (8c8aecdc) systemd: include all nss libraries (b3bbf5fb) include hosts and nsswitch.conf in hostonly mode (5912f4fb) remove old systemd version requirements (fc53987b) systemd-hostnamed: extra quote (2aa65234) systemd-modules: remove dependency on systemd meta module (afef4557) systemd-modules-load: misc repairs (782ac8f1) systemd-networkd: make systemd-networkd a proper network provider (ea779750, closes #737) systemd-resolved: remove nss libraries (12bef83c) systemd-sysctl: sysctl global variables (02acedd0) systemd-sysusers: misc fixes and cleanup (7359ba8a) systemd-udev: use global vars instead of fixed path (fd883a58) systemd-udevd: add udev id program files (562cb77b) systemd-verity: incorrect reference to cryptsetup target (ba92d1fc) re-naming module to veritysetup (0267f3c3) tpm2-tss: add tpm2 requirement (8f99fada) udev-rules: remove sourcing of network link files (69f4e7cd) add btrfs udev rules by default (567c4557) url-lib: fix passing args (5f6be515) zipl: don't depend on grub2 (6b499ec1) Performance disable initrd compression when squash module is enabled (7c0bc0b2) Features support ZSTD-compressed kernel modules (ce9af251) also restore the initramfs from /lib/modules (33e27fab) extend Makefile indent target (e0a0fa61) customize .editorconfig according to shfmt (1f621aba) squash module follow --compress option (5d05ffbd) bluetooth: implement bluetooth support in initrd (64ee2a53) btrfs: add 64-btrfs-dm.rules rules (d4caa86a) mkinitrd: remove mkinitrd (43df4ee2) nbd: support ipv6 link local nbds (b12f8188) network-manager: run as daemon with D-Bus (112f03f9) qemu: include the virtio_mem kernel module (f3dcb606) skipcpio: speed up and harden skipcpio (63033495) squash: use busybox for early setup if available (90f269f6) install and depmod modules seperately (5a18b24a) systemd-ac-power: introducing the systemd-ac-power module (e7407230) systemd-hostnamed: introducing the systemd-hostnamed module (bf273e3e) systemd-initrd: add initrd-usr-fs.target (5eb73610) systemd-journald: introducing the systemd-journald module (3697891b) systemd-ldconfig: introducing the systemd-ldconfig module (563c434e) systemd-network-management: introducing systemd-network-management module (e942d86c) systemd-resolved: introducing the systemd-resolved module (b7d3caef) systemd-rfkill: introducing the systemd-rfkill module (21536544) systemd-sysext: introducing the systemd-sysext module (fc88af54) systemd-timedated: introducing the systemd-timedated module (1c41cc90) systemd-timesyncd: introducing the systemd-timesyncd module (2257d545) systemd-tmpfiles: introducing the systemd-tmpfiles module (2b61be32) systemd-udevd: introducing the systemd-udevd module (3534789c) systemd-verity: introducing the systemd-verity module (3d4dea58) tpm2-tss: introducing the tpm2-tss module (8743b073) ++++ kernel-default: - drm/ingenic: Register devm action to cleanup encoders (git-fixes). - commit 675f1fb - nvmet: use new ana_log_size instead the old one (bsc#1184259). note: the upstream commit msg is misleading, this is an nvme host fix, not nvmet. - commit 99e6038 - drm/ingenic: Fix non-OSD mode (git-fixes). - commit 6368ef3 - drm/mcde/panel: Inverse misunderstood flag (git-fixes). - commit e3c909b - nvme: don't intialize hwmon for discovery controllers (bsc#1184259). - commit c0f763f - kABI workaround for hci_chan amp field addition (CVE-2021-33034 bsc#1186111). - commit 82f4155 - Bluetooth: verify AMP hci_chan before amp_destroy (CVE-2021-33034 bsc#1186111). - commit f6d837e - USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check (git-fixes). - tty: moxa: fix TIOCSSERIAL permission check (git-fixes). - tty: moxa: fix TIOCSSERIAL jiffies conversions (git-fixes). - tty: amiserial: fix TIOCSSERIAL permission check (git-fixes). - commit ec86798 - drm/amd/display: Reject non-zero src_y and src_x for video planes (git-fixes). - PCI: Allow VPD access for QLogic ISP2722 (git-fixes). - cfg80211: scan: drop entry from hidden_list on overflow (git-fixes). - serial: core: return early on unsupported ioctls (git-fixes). - serial: stm32: fix tx_empty condition (git-fixes). - serial: stm32: fix incorrect characters on console (git-fixes). - commit 4d97fe4 - libbpf: Fix signed overflow in ringbuf_process_ring (bsc#1177028). - selftests/bpf: Fix BPF_CORE_READ_BITFIELD() macro (bsc#1177028). - libbpf: Initialize the bpf_seq_printf parameters array field by field (bsc#1177028). - selftests/bpf: Fix the ASSERT_ERR_PTR macro (bsc#1177028). - libbpf: Add explicit padding to btf_dump_emit_type_decl_opts (bsc#1177028). - selftests/bpf: Re-generate vmlinux.h and BPF skeletons if bpftool changed (bsc#1177028). - libbpf: Add explicit padding to bpf_xdp_set_link_opts (bsc#1177028). - commit c874e76 - video: hyperv_fb: Add ratelimit on error message (bsc#1185725). - Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725). - Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725). - Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes). - drivers: hv: Fix whitespace errors (bsc#1185725). - Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM (git-fixes). - commit ebeaec2 - iio: tsl2583: Fix division by a zero lux_val (git-fixes). - iio: gyro: mpu3050: Fix reported temperature value (git-fixes). - iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes). - xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes). - usb: fotg210-hcd: Fix an error message (git-fixes). - usb: dwc3: gadget: Return success always for kick transfer in ep queue (git-fixes). - usb: dwc2: Fix gadget DMA unmap direction (git-fixes). - usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield (git-fixes). - commit c94cc71 - ipc/mqueue, msg, sem: Avoid relying on a stack reference past its expiry (bsc#1185988). - commit 5e2321a - perf/amd/uncore: Fix sysfs type mismatch (bsc#1178134). - commit 54f1b43 - Refresh patches.suse/powerpc-kexec_file-Use-current-CPU-info-while-settin.patch. - commit b3db5e3 ++++ libX11: - U_CVE-2021-31535.patch * adds missing request length checks in libX11 (CVE-2021-31535, bsc#1182506) ++++ perl-ExtUtils-Depends: - updated to 0.8001 see /usr/share/doc/packages/perl-ExtUtils-Depends/Changes 0.8001 - Remove hack (cf https://rt.cpan.org/Ticket/Display.html?id=45224) The hijacking of EUMM's `static_lib` method is now obsolete, as well as causing problems. - Also added a couple of code tidy-ups ++++ qemu: - Brotli VLA error was already fixed in v5.2 but the patches wasn't included in v6.0. This change fixed that - Patches added: brotli-fix-actual-variable-array-paramet.patch hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch ++++ yast2-trans: - Update to version 84.87.20210516.482fe91bc6: * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * New POT for text domain 'autoinst'. * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Catalan) * Translated using Weblate (Lithuanian) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'base'. * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (French) * Translated using Weblate (Japanese) * New POT for text domain 'autoinst'. * New POT for text domain 'network'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) ------------------------------------------------------------------ ------------------ 2021-5-16 - May 16 2021 ------------------- ------------------------------------------------------------------ ++++ less: - update to 586: * Make less able to read lesskey source files (deprecating lesskey). * If XDG_CONFIG_HOME is set, find lesskey source file in $XDG_CONFIG_HOME/lesskey rather than $HOME/.lesskey. * If XDG_DATA_HOME is set, find and store history file in $XDG_DATA_HOME/lesshst rather than $HOME/.lesshst. * Add the --lesskey-src option. * Add the --file-size option. * Fix bug which could leave terminal in mouse-reporting mode after exiting less. * Fix bug which caused failure to respond to window resize. * Fix backslash bug searching in tag file. ------------------------------------------------------------------ ------------------ 2021-5-15 - May 15 2021 ------------------- ------------------------------------------------------------------ ++++ libqmi: - Update to version 1.28.4 * libqmi-glib: - Add 'wwan' subsystem support. - Plug memleak when allocating new links. - Plug memleak when QmiDevice is opened multiple times. - Fix build when ARPHRD_RAWIP isn't defined in libc. * gir: - Flag all output TLV readers as optional. - Add explicit ownership information in the string and struct return annotations. * collections: - basic: added WMS Send ACK * qmicli: - Fix double GError when both 'Extended List' and 'Bandwidth List' are missing in --nas-get-rf-band-info. * Several other minor improvements and fixes. ++++ zchunk: - Update to version 1.1.12 * Update testsuite for zstd 1.5 ------------------------------------------------------------------ ------------------ 2021-5-14 - May 14 2021 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Drop networkmanager-obs-net.patch: the patch needs a full rework. - Drop networkmanager-checks-po.patch: as it was supposed to fix something introduced by another patch which we still carry, yet we can live with this patch disabled, I'd infer this patch is not nescessary. ++++ cifs-utils: - Update to cifs-utils 6.13 * Fixes CVE-2021-20208, cifs.upcall kerberos auth leak in container * remove cifs-utils-6.12.tar.bz2 * remove cifs-utils-6.12.tar.bz2.asc * add cifs-utils-6.13.tar.bz2 * add cifs-utils-6.13.tar.bz2.asc - Drop upstream fixed patches: * 0001-cifs.upcall-try-to-use-container-ipc-uts-net-pid-mnt.patch ++++ glib2: - Update to version 2.68.2: + Fix building third-party projects against GLib on CentOS 7. + Bugs fixed: - json-glib does not build with glib 2.68.1. - gmacros: check that __cplusplus or _MSC_VER is defined. - gmacros: missing check if __STDC_VERSION__ is defined. - Backport !2078 “gthreadedresolver: don't ignore flags in lookup_by_name_with_flags” to glib-2-68. ++++ haproxy: - Update to version 2.4.0+git0.6cbbecf09: https://www.haproxy.com/blog/announcing-haproxy-2-4/ for all the details see /usr/share/doc/packages/haproxy/CHANGELOG - refreshed patches to apply cleanly again haproxy-1.6.0-makefile_lib.patch haproxy-1.6.0-sec-options.patch lua54.patch ++++ kernel-default: - Correct CVE number for a mac80211 fix (CVE-2020-26139 bsc#1186062) - commit 16457bf - net/nfc: fix use-after-free llcp_sock_bind/connect (CVE-2021-23134 bsc#1186060). - commit ffbe2a6 - watchdog/softlockup: Remove obsolete check of last reported task (bsc#1185982). - commit 6d9c3a2 - nvmet: seset ns->file when open fails (bsc#1183873). - commit ca1c5ff - KVM: s390: fix guarded storage control register handling (bsc#1133021). - commit 6757070 - vgacon: Record video mode changes with VT_RESIZEX (git-fixes). - hwmon: (occ) Fix poll rate limiting (git-fixes). - PM / devfreq: Use more accurate returned new_freq as resume_freq (git-fixes). - commit 63ad411 - Update meta data patches.suse/nvme-retrigger-ana-log-update-if-group-descriptor-isn-t.patch The patch has been added to mainline. Update the meta data and move it into the sorted section. - commit 7250fb0 ++++ Mesa: - reenabled build of device-select and overlay vulkan layers ++++ ceph: - Update to 16.2.4-26-g555d38aa5a5: + rebased on top of v16.2.4 tag https://ceph.io/releases/v16-2-4-pacific-released/ * mgr/dashboard: fix base-href: revert it to previous approach * (bsc#1186021) mgr/dashboard: fix cookie injection issue (CVE-2021-3509) * mgr/dashboard: fix set-ssl-certificate{,-key} commands * (bsc#1186020) rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (CVE-2021-3531) * (bsc#1185619) rgw: sanitize \r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524) * systemd: remove ProtectClock=true for ceph-osd@.service ++++ mdadm: - Grow: be careful of corrupt dev_roles list (bsc#1181619) 0117-Grow-be-careful-of-corrupt-dev_roles-list.patch - imsm: nvme multipath support (bsc#1175758) 0116-imsm-nvme-multipath-support.patch ------------------------------------------------------------------ ------------------ 2021-5-13 - May 13 2021 ------------------- ------------------------------------------------------------------ ++++ curl: - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. - Add curl-X509_V_FLAG_PARTIAL_CHAIN.patch ++++ kernel-default: - nvme: remove superfluous else in nvme_ctrl_loss_tmo_store (bsc#1182378). - commit f263745 - nvme: Fix NULL dereference for pci nvme controllers (bsc#1182378). - commit cf7170b - nvme: expose reconnect_delay and ctrl_loss_tmo via sysfs (bsc#1182378). - Refresh patches.suse/nvme-add-kato-sysfs-attribute.patch. Context adjustment in kato patch. - commit 7126f4d - sched: optimize latency defaults for throughput add guard (Scheduler enhancements for I7 (bnc#754690, bnc#1144446)). Upstream removed the relevant sysctls and a deviation from mainline now can only be reverted via debugfs. The guard is added until it can be determined if the need for tuning can be addressed without reenabling the sysctls. - commit 5985363 ------------------------------------------------------------------ ------------------ 2021-5-12 - May 12 2021 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - Update to 5.12.1 * build: fix missing symbols in libbtrfs * mkfs: check for minimal number of zones * check: fix warning about cache generation when free space tree is enabled * fix superblock write in zoned mode on 16K pages ++++ open-iscsi: - Merge latest upstream, which added fix (bsc#1185930): * Set default 'startup' to 'onboot' for FW nodes ++++ kernel-default: - ath10k kABI workaround for CVE-2020-24588 fix (CVE-2020-24588 bsc#1185861). - ath10k: Validate first subframe of A-MSDU before processing the list (CVE-2020-26141 bsc#1185863). - ath10k: Fix TKIP Michael MIC verification for PCIe (CVE-2020-26141 bsc#1185863). - ath10k: drop MPDU which has discard flag set by firmware for SDIO (CVE-2020-24588 bsc#1185861). - ath10k: drop fragments with multicast DA for SDIO (CVE-2020-26145 bsc#1185860). - ath10k: drop fragments with multicast DA for PCIe (CVE-2020-26145 bsc#1185860). - ath10k: add CCMP PN replay protection for fragmented frames for PCIe (CVE-2020-26145 bsc#1185860). - kABI workaround for cfg80211 changes (CVE-2020-24586 bsc#1185859). - mac80211: extend protection against mixed key and fragment cache attacks (CVE-2020-24586 bsc#1185859). - mac80211: do not accept/forward invalid EAPOL frames (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859). - mac80211: prevent attacks on TKIP/WEP as well (CVE-2020-24586 bsc#1185859). - mac80211: check defrag PN against current frame (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859). - mac80211: add fragment cache to sta_info (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185859). - mac80211: drop A-MSDUs on old ciphers (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859). - mac80211: properly handle A-MSDUs that start with an RFC 1042 header (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859). - mac80211: prevent mixed key and fragment cache attacks (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859). - mac80211: assure all fragments are encrypted (CVE-2020-26147 bsc#1185863 bsc#1185859). - commit 1aa5a24 - watchdog/softlockup: report the overall time of softlockups (bsc#1185982). - commit 88ee1b3 - watchdog: explicitly update timestamp when reporting softlockup (bsc#1185982). - commit e1f93d5 - watchdog: rename __touch_watchdog() to a better descriptive name (bsc#1185982). - commit c09eacd - Update to mainline version and move into sorted section: patches.suse/scsi-fnic-Use-scsi_host_busy_iter-to-traverse-commands.patch (bsc#1179851) - commit 5bb3cbc - scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io() (bsc#1179851). temporarily disable patches.suse/fnic-use-blk_mq_tagset_busy_iter-to-traverse-commands.patch - commit da3e4e8 - Update upstream references and move into sorted section: patches.suse/scsi-fnic-do-not-call-scsi_done-for-unhandled-commands.patch - commit 0dfec7c - ath10k: Validate first subframe of A-MSDU before processing the list (CVE-2020-26141 bsc#1185863 bsc#1185987). - commit ea14c35 - ath10k: Fix TKIP Michael MIC verification for PCIe (CVE-2020-26141 bsc#1185863 bsc#1185987). - commit 4eb2710 - nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#1184259). - commit 4aa67c6 - ath10k kABI workaround for CVE-2020-24588 fix (CVE-2020-24588 bsc#1185861). - ath10k: drop MPDU which has discard flag set by firmware for SDIO (CVE-2020-24588 bsc#1185861). - ath10k: drop fragments with multicast DA for SDIO (CVE-2020-26145 bsc#1185860). - ath10k: drop fragments with multicast DA for PCIe (CVE-2020-26145 bsc#1185860). - ath10k: add CCMP PN replay protection for fragmented frames for PCIe (CVE-2020-26145 bsc#1185860). - commit e9158ad - kABI workaround for cfg80211 changes (CVE-2020-24586 bsc#1185859). - mac80211: extend protection against mixed key and fragment cache attacks (CVE-2020-24586 bsc#1185859). - mac80211: do not accept/forward invalid EAPOL frames (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859). - mac80211: prevent attacks on TKIP/WEP as well (CVE-2020-24586 bsc#1185859). - mac80211: check defrag PN against current frame (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859). - mac80211: add fragment cache to sta_info (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185859). - mac80211: drop A-MSDUs on old ciphers (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859). - mac80211: properly handle A-MSDUs that start with an RFC 1042 header (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859). - mac80211: prevent mixed key and fragment cache attacks (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859). - mac80211: assure all fragments are encrypted (CVE-2020-26147 bsc#1185863 bsc#1185859). - commit e747a3d - ftrace: Handle commands when closing set_ftrace_filter file (git-fixes). - commit 7c0272c - tracing: Map all PIDs to command lines (git-fixes). - commit ed170f4 - ibmvfc: Reinit target retries (bsc#1185938 ltc#192043). - ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043). - ibmvfc: Handle move login failure (bsc#1185938 ltc#192043). - commit 0d8166b - xhci: fix potential array out of bounds with several interrupters (git-fixes). - xhci: check control context is valid before dereferencing it (git-fixes). - commit c3f83a0 - usb: gadget: dummy_hcd: fix gpf in gadget_setup (git-fixes). - usb: core: hub: Fix PM reference leak in usb_port_resume() (git-fixes). - usb: musb: fix PM reference leak in musb_irq_work() (git-fixes). - usb: xhci: Fix port minor revision (git-fixes). - usb: gadget: f_uac1: validate input parameters (git-fixes). - usb: gadget: f_uac2: validate input parameters (git-fixes). - usb: gadget/function/f_fs string table fix for multiple languages (git-fixes). - usb: webcam: Invalid size of Processing Unit Descriptor (git-fixes). - commit 4c3dc8b - power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() (git-fixes). - power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() (git-fixes). - power: supply: Use IRQF_ONESHOT (git-fixes). - spi: qup: fix PM reference leak in spi_qup_remove() (git-fixes). - spi: omap-100k: Fix reference leak to master (git-fixes). - spi: dln2: Fix reference leak to master (git-fixes). - spi: ath79: remove spi-master setup and cleanup assignment (git-fixes). - spi: ath79: always call chipselect function (git-fixes). - usb: gadget: uvc: add bInterval checking for HS mode (git-fixes). - tty: fix memory leak in vc_deallocate (git-fixes). - commit fbbea32 - mmc: block: Update ext_csd.cache_ctrl if it was written (git-fixes). - mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers (git-fixes). - mmc: sdhci-pci: Add PCI IDs for Intel LKF (git-fixes). - mmc: sdhci: Check for reset prior to DMA address unmap (git-fixes). - mmc: core: Set read only for SD cards with permanent write protect bit (git-fixes). - PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes). - phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() (git-fixes). - platform/x86: intel_pmc_core: Don't use global pmcdev in quirks (git-fixes). - commit f8dc44d - mfd: arizona: Fix rumtime PM imbalance on error (git-fixes). - mmc: core: Do a power cycle when the CMD11 fails (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes). - media: platform: sti: Fix runtime PM imbalance in regs_show (git-fixes). - media: i2c: adv7842: fix possible use-after-free in adv7842_remove() (git-fixes). - media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove() (git-fixes). - media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() (git-fixes). - media: adv7604: fix possible use-after-free in adv76xx_remove() (git-fixes). - media: tc358743: fix possible use-after-free in tc358743_remove() (git-fixes). - commit bddb0b7 - media: em28xx: fix memory leak (git-fixes). - media: gspca/sq905.c: fix uninitialized variable (git-fixes). - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs (git-fixes). - media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt() (git-fixes). - media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB (git-fixes). - media: ite-cir: check for receive overflow (git-fixes). - commit f5f8b81 - extcon: arizona: Fix various races on driver unbind (git-fixes). - extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged (git-fixes). - drm/msm/mdp5: Do not multiply vclk line count by 100 (git-fixes). - drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes). - drm/amdgpu: fix NULL pointer dereference (git-fixes). - drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug (git-fixes). - drm/vkms: fix misuse of WARN_ON (git-fixes). - drm/amd/display: fix dml prefetch validation (git-fixes). - intel_th: Consistency and off-by-one fix (git-fixes). - fbdev: zero-fill colormap in fbcmap.c (git-fixes). - commit e59ac4d - drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool' (git-fixes). - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f (git-fixes). - drm/amdgpu: mask the xgmi number of hops reported from psp to kfd (git-fixes). - drm: Added orientation quirk for OneGX1 Pro (git-fixes). - crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c (git-fixes). - crypto: stm32/hash - Fix PM reference leak on stm32-hash.c (git-fixes). - crypto: qat - Fix a double free in adf_create_ring (git-fixes). - crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes). - commit 4f7d7a0 - clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return (git-fixes). - ata: ahci: Disable SXS for Hisilicon Kunpeng920 (git-fixes). - amdgpu: avoid incorrect %hu format string (git-fixes). - crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init (git-fixes). - crypto: qat - don't release uninitialized resources (git-fixes). - crypto: qat - fix unmap invalid dma address (git-fixes). - crypto: api - check for ERR pointers in crypto_destroy_tfm() (git-fixes). - crypto: mips/poly1305 - enable for all MIPS processors (git-fixes). - commit e379274 - Move upstreamed media fixes into sorted section - commit 5bae3a8 - bpf: Prevent writable memory-mapping of read-only ringbuf pages (bsc#1185640 CVE-2021-3489). - bpf, ringbuf: Deny reserve of buffers larger than ringbuf (bsc#1185640 CVE-2021-3489). - bpf: Fix alu32 const subreg bound tracking on bitwise operations (bsc#1185641 CVE-2021-3490). - commit c0fa121 - scripts/git_sort/git_sort.py: add bpf git repo - commit 65979e3 ++++ libXfixes: - Update to version 6.0.0 * The big new feature here is support for the new ClientDisconnectMode. From the corresponding xorgproto announcement: An X server that is started on demand (Xwayland) should ideally also terminate when the last client disconnects. However, some X11 clients that provide system services will linger around forever, preventing that shutdown. * With the new XFixes request, a client can designate itself as to-be-terminated and the X server can ignore those clients when counting the number of remaining clients. If no other clients are left, the server can shut down. * Note that this requires changes to the X server and each client to work. ++++ runc: - Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94 Breaking Changes: * cgroupv1: kernel memory limits are now always ignored, as kmemcg has been effectively deprecated by the kernel. Users should make use of regular memory cgroup controls. Regression Fixes: * seccomp: fix 32-bit compilation errors * runc init: fix a hang caused by deadlock in seccomp/ebpf loading code * runc start: fix "chdir to cwd: permission denied" for some setups - Remove upstreamed patches: - 0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch ++++ sudo: - update to 1.9.7 * The "fuzz" Makefile target now runs all the fuzzers for 8192 passes (can be overridden via the FUZZ_RUNS variable). This makes it easier to run the fuzzers in-tree. To run a fuzzer indefinitely, set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz". * Fixed fuzzing on FreeBSD where the ld.lld linker returns an error by default when a symbol is multiply-defined. * Added support for determining local IPv6 addresses on systems that lack the getifaddrs() function. This now works on AIX, HP-UX and Solaris (at least). Bug #969. * Fixed a bug introduced in sudo 1.9.6 that caused "sudo -V" to report a usage error. Also, when invoked as sudoedit, sudo now allows a more restricted set of options that matches the usage statement and documentation. GitHub issue #95. * Fixed a crash in sudo_sendlog when the specified certificate or key does not exist or is invalid. Bug #970 * Fixed a compilation error when sudo is configured with the - -disable-log-client option. * Sudo's limited support for SUCCESS=return entries in nsswitch.conf is now documented. Bug #971. * Sudo now requires autoconf 2.70 or higher to regenerate the configure script. Bug #972. * sudo_logsrvd now has a relay mode which can be used to create a hierarchy of log servers. By default, when a relay server is defined, messages from the client are forwarded immediately to the relay. However, if the "store_first" setting is enabled, the log will be stored locally until the command completes and then relayed. Bug #965. * Sudo now links with OpenSSL by default if it is available unless the --disable-openssl configure option is used or both the - -disable-log-client and --disable-log-server configure options are specified. * Fixed configure's Python version detection when the version minor number is more than a single digit, for example Python 3.10. * The sudo Python module tests now pass for Python 3.10. * Sudo will now avoid changing the datasize resource limit as long as the existing value is at least 1GB. This works around a problem on 64-bit HP-UX where it is not possible to exactly restore the original datasize limit. Bug #973. * Fixed a race condition that could result in a hang when sudo is executed by a process where the SIGCHLD handler is set to SIG_IGN. This fixes the bug described by GitHub PR #98. * Fixed an out-of-bounds read in sudoedit and visudo when the EDITOR, VISUAL or SUDO_EDITOR environment variables end in an unescaped backslash. Also fixed the handling of quote characters that are escaped by a backslash. GitHub issue #99. * Fixed a bug that prevented the "log_server_verify" sudoers option from taking effect. * The sudo_sendlog utility has a new -s option to cause it to stop sending I/O records after a user-specified elapsed time. This can be used to test the I/O log restart functionality of sudo_logsrvd. * Fixed a crash introduced in sudo 1.9.4 in sudo_logsrvd when attempting to restart an interrupted I/O log transfer. * The TLS connection timeout in the sudoers log client was previously hard-coded to 10 seconds. It now uses the value of log_server_timeout. * The configure script now outputs a summary of the user-configurable options at the end, separate from output of configure script tests. Bug #820. * Corrected the description of which groups may be specified via the - g option in the Runas_Spec section. Bug #975. ++++ supportutils: - getappcore checks for valid compression binary (bsc#1185991) - getappcore does not trigger errors with help message (bsc#1185993) ++++ virt-what: - update to 1.21: * Nutanix Acropolis Hypervisor detection * podman detection ------------------------------------------------------------------ ------------------ 2021-5-11 - May 11 2021 ------------------- ------------------------------------------------------------------ ++++ grub2: - Fix plaintext password in grub config didn't work to unlock menu entry if enabling secure boot in UEFI (bsc#1181892) ++++ kernel-default: - proc: Avoid mixing integer types in mem_rw() (CVE-2021-3491 bsc#1185642). - commit 757f76b - blacklist: add commit b166a20b0738 Mainline commit b166a20b0738 ("net/sctp: fix race condition in sctp_destroy_sock") was found buggy so that it was reverted by commit 01bfe5e8e428 ("Revert "net/sctp: fix race condition in sctp_destroy_sock"") and replaced by a new fix, commit 34e5b0118685 ("sctp: delay auto_asconf init until binding the first addr"). - commit 7c2eabc - sctp: delay auto_asconf init until binding the first addr (). - commit cb84c72 - tcp: fix to update snd_wl1 in bulk receiver fast path (). - commit 627e2e2 - Update patch reference for BT fix (CVE-2021-32399 bsc#1185898) - commit 81179ec ++++ pcre: - Do not run profiling 'check' in parallel to make package build reproducible (boo#1040589) ++++ pam: - In the 32-bit compatibility package for 64-bit architectures, require "systemd-32bit" to be also installed as it contains pam_systemd.so for 32 bit applications. [bsc#1185562, baselibs.conf] ++++ salt: - Drop support for Python2. Obsoletes "python2-salt" package (jsc#SLE-18033) - Fix issue parsing errors in ansiblegate state module - Prevent command injection in the snapper module (bsc#1185281) (CVE-2021-31607) - transactional_update: detect recursion in the executor - Add subpackage salt-transactional-update (jsc#SLE-18028) - Remove duplicate directories - Added: * fix-issue-parsing-errors-in-ansiblegate-state-module.patch * prevent-command-injection-in-the-snapper-module-bsc-.patch * transactional_update-detect-recursion-in-the-executo.patch ++++ shim: - Add shim-bsc1185261-relax-import_mok_state-check.patch to relax the check for import_mok_state() when Secure Boot is off. (bsc#1185261) ------------------------------------------------------------------ ------------------ 2021-5-10 - May 10 2021 ------------------- ------------------------------------------------------------------ ++++ elfutils: - Update to version 0.184: debuginfod: Use libarchive's bsdtar as the .deb-family file unpacker. debuginfod-client: Client caches negative results. If a query for a file failed with 404, an empty 000 permission file is created in the cache. This will prevent requesting the same file for the next 10 minutes. Client objects now carry long-lived curl handles for outgoing connections. This makes it more efficient for multiple sequential queries, because the TCP connections and/or TLS state info are kept around awhile, avoiding O(100ms) setup latencies. libdw: handle DW_FORM_indirect when reading attributes translations: Update Polish translation. ++++ hdparm: - update to 9.62: * work around unexpected sign-extending of left-shifted unsigned values by gcc ++++ kernel-default: - Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op") (git-fixes). - commit 9e8eea0 - series.conf: cleanup - move a submitted patch to "almost mainline" section patches.suse/rtc-pcf2127-handle-timestamp-interrupts.patch - commit baf1232 - fix patch metadata - fix Patch-mainline: patches.suse/fs-epoll-restore-waking-from-ep_done_scan.patch - commit 220b548 - series.conf: cleanup - update upstream references and resort: patches.suse/nvme-multipath-reset-bdev-to-ns-head-when-failover.patch patches.suse/scsi-lpfc-Fix-DMA-virtual-address-ptr-assignment-in-.patch patches.suse/scsi-lpfc-Fix-illegal-memory-access-on-Abort-IOCBs.patch - commit a062422 - drm/radeon: Avoid power table parsing memory leaks (git-fixes). - drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes). - commit dad28e7 - bpf: Fix leakage of uninitialized bpf stack under speculation (bsc#1155518). - bpf: Fix masking negation logic upon negative dst register (bsc#1155518). - commit 876c85a - bpf: Fix propagation of 32 bit unsigned bounds from 64 bit bounds (bsc#1177028). - commit 26f1fe9 ++++ systemd: - Import commit 6f5c11b28f5739b901390f22c2bf4c003cadedaa (merge of v248.2) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e5f93c9d2e9e26dd0dff430c4c072a547357ae7d...6f5c11b28f5739b901390f22c2bf4c003cadedaa ++++ libxml2: - Security fix: [bsc#1185698, CVE-2021-3537] * NULL pointer dereference in valid.c:xmlValidBuildAContentModel * Add libxml2-CVE-2021-3537.patch ++++ microos-tools: - Update to version 2.10 - Fixes and improvements for SELinux support - Add devel tools - Add new subpackage microos-devel-tools - Add rpm as build dependency for that subpackage ++++ libxml2-python: - Security fix: [bsc#1185698, CVE-2021-3537] * NULL pointer dereference in valid.c:xmlValidBuildAContentModel * Add libxml2-CVE-2021-3537.patch ++++ yast2-trans: - Update to version 84.87.20210509.2001bf14f7: * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Added translation using Weblate (Hindi) * Added translation using Weblate (Hindi) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Hindi) * Translated using Weblate (Slovak) * Translated using Weblate (Hindi) * Translated using Weblate (Slovak) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Hindi) * Added translation using Weblate (Hindi) * Added translation using Weblate (Hindi) * Added translation using Weblate (Hindi) * Added translation using Weblate (Hindi) * New POT for text domain 'auth-client'. * Translated using Weblate (Hindi) * Translated using Weblate (Slovak) * Translated using Weblate (Hindi) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Dutch) * Translated using Weblate (French) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * New POT for text domain 'network'. * New POT for text domain 'installation'. * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * New POT for text domain 'iscsi-lio-server'. * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) ------------------------------------------------------------------ ------------------ 2021-5-9 - May 9 2021 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - Update to 5.12 * libbtrfsutil: relicensed to LGPL v2.1+ * mkfs: zoned mode support (kernel 5.12+) * fi df: show zone_unusable per profile type in zoned mode * fi usage: show total amount of zone_unusable * fi resize: fix message for exact size * image: fix warning and enlarge output file if necessary * core * refactor chunk allocator for more modes * implement zoned mode support: allocation and writes, sb log * crypto/hash refactoring and cleanups * refactoring and cleanups * other * test updates * CI updates * travis-ci integration disabled * docker images updated, more coverage * incomplete build support for Android removed * doc updates * chattr mode m for 'NOCOMPRESS" * swapfile used from fstab * how to add a new export to libbtrfsutil * update status of mount options since 5.9 - Update to 5.11.1 * properly format checksums when a mismatch is reported * check: fix false alert on tree block crossing 64K page boundary * convert: * refuse to convert filesystem with 'needs_recovery' * update documentation to require fsck before conversion * balance convert: fix raid56 warning when converting other profiles * fi resize: improved summary * other * build: fix checks and autoconf defines * fix symlink paths for CI support scripts * updated tests ------------------------------------------------------------------ ------------------ 2021-5-8 - May 8 2021 ------------------- ------------------------------------------------------------------ ++++ gstreamer-plugins-base: - don't own appdata dir - comes from filesystem rpm ++++ kernel-default: - ALSA: usb-audio: Remove redundant assignment to len (git-fixes). - ALSA: usb-audio: Generic application of implicit fb to Roland/BOSS devices (git-fixes). - Revert "ALSA: usb-audio: Add support for many Roland devices..." (git-fixes). - ALSA: usb-audio: Re-apply implicit feedback mode to Pioneer devices (git-fixes). - ALSA: usb-audio: Add support for many Roland devices' implicit feedback quirks (git-fixes). - ALSA: usb-audio: Apply implicit feedback mode for BOSS devices (git-fixes). - ALSA: usb-audio: Skip probe of UA-101 devices (git-fixes). - ALSA: usb-audio: Drop implicit fb quirk entries dubbed for capture (git-fixes). - ALSA: usb-audio: Check connector value on resume (git-fixes). - ALSA: usb-audio: Carve out connector value checking into a helper (git-fixes). - ALSA: usb-audio: fix Pioneer DJM-850 control label info (git-fixes). - ALSA: usb-audio: Declare Pioneer DJM-850 mixer controls (git-fixes). - ALSA: usb-audio: Add Pioneer DJM-850 to quirks-table (git-fixes). - ALSA: usb-audio: generate midi streaming substream names from jack names (git-fixes). - ALSA: usb-audio: use usb headers rather than define structs locally (git-fixes). - commit 66017db - ALSA: usb-audio: Add implicit feeback support for the BOSS GT-1 (git-fixes). - Refresh patches.suse/ALSA-usb-audio-Add-implicit-fb-quirk-for-BOSS-GP-10.patch. - Refresh patches.suse/ALSA-usb-audio-Add-quirk-for-BOSS-AD-10.patch. - Refresh patches.suse/ALSA-usb-audio-Add-quirk-for-RC-505.patch. - commit 430c145 - ALSA: hda/realtek: Add fixup for HP OMEN laptop (git-fixes). - ALSA: hda/realtek: Fix speaker amp on HP Envy AiO 32 (git-fixes). - ALSA: hda/realtek: Fix silent headphone output on ASUS UX430UA (git-fixes). - ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset PC 8 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845 G8 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445 G7 (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Ideapad S740 (git-fixes). - commit 0e8dbae - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP (git-fixes). - commit cb198d3 - Revert "i3c master: fix missing destroy_workqueue() on error in i3c_master_register" (git-fixes). - ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure (git-fixes). - ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable (git-fixes). - USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes). - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet (git-fixes). - platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes). - commit 23adf05 ++++ sysuser-tools: - Use /usr/sbin/nologin instead of /sbin/nologin ------------------------------------------------------------------ ------------------ 2021-5-7 - May 7 2021 ------------------- ------------------------------------------------------------------ ++++ drbd: - bsc#1188472, update to 9.0.29 * fix data corruption when DRBD's backing disk is a degraded Linux software raid (MD) * add correct thawing of IO requests after IO was frozen due to loss of quorum * fix timeout detection after idle periods and for configs with ko-count when a disk on an a secondary stops delivering IO-completion events * fixed an issue where UUIDs where not shifted in the history slots; that caused false "unrelated data" events * fix switching resync sources by letting resync requests drain before issuing resync requests to the new source; before the fix, it could happen that the resync does not terminate since a late reply from the previous caused a out-of-sync bit set after the "scan point" * fix a temporal deadlock you could trigger when you exercise promotion races and mix some read-only openers into the test case * fix for bitmap-copy operation in a very specific and unlikely case where two nodes do a bitmap-based resync due to disk-states * fix size negotiation when combining nodes of different CPU architectures that have different page sizes * fix a very rare race where DRBD reported wrong magic in a header packet right after reconnecting * fix a case where DRBD ends up reporting unrelated data; it affected thinly allocated resources with a diskless node in a recreate from day0 event * speedup open() of drbd devices if promote has not chance to go through * new option "--reset-bitmap=no" for the invalidate and invalidate-remote commands; this allows to do a resync after online verify found differences * changes to socket buffer sizes get applied to established connections immediately; before it was applied after a re-connect * add exists events for path objects * forbid keyed hash algorithms for online verify, csyms and HMAC base alg * fix a regression introduces with 9.0.25; it failed to determine the right device size and the connection hangs in WFBitmapS/WFBitmapT repl state; to trigger this you need to do a partial resync to a new node with different backing device size * fix an issue with netlink packets processed in parallel on multiple CPUs; the bug caused drbdadm adjust failing in very rare cases * fix a very rare occurrence of a reconciliation resync getting stuck * fix a race condition that causes a detach operation to hang; it is very hard to trigger * fix a kernel OOPS (via a BUG()) upon adding a timer twice under very rare timing * fix a counter imbalance that could lead to assertion messages when a protocol A peer disconnects with a certain timing * fix a rare race with receiving bitmap and a state change while establishing a connection * fix UUID handling to avoid false split-brain detections; this bug got triggered an isolated primary that gets demoted, and temporal network interruptions among the remaining nodes * fix resync decision to obey disk states when the generation UUIDs are equal; the effect of this bug was that you could end up with two Outdated nodes after resync * fix concurrent disk-attach operations * Fix possible kernel warning regarding an inbalance of backing device link/unlink * move some amount of kernel backward compatibility code moved from the old method (drbd_wrappers.h) to new cocci semantic patches * add support renaming resources while its devices might be in use and process IO requests * Allow setting c_max_rate to 0 with the meaning that the resync controller has no upper limit for the resync speed * Fix regression: allow live migration between two diskful peers again * following upstream changes to DRBD up to Linux 5.12 and updated compat rules to support up to Linux 5.12 - Remove patch compat_blk_queue_stack_limits.patch Remove patch compat_get_fs.patch Remove patch compat_remove_kernel_setsockopt.patch Remove patch compat-test-header.patch Remove patch drbd-fix-zero-metadata-limit-by-page-size-misaligned.patch Remove patch remove_bdi_cap_stable_writes.patch Remove patch submit-bio-private-date.patch - Modify patch suse-coccinelle.patch - Add patch compat_genl_maxattr_in_ops.patch (48526a0f) - Bug fixes between 9.0.29 and 9.0.30 Add patch drbd-change-to-L_VERIFY_S-after-peer-is-L_VERIFY_T.patch Add patch drbd-Fix-abortion-of-a-connect-2-phase-commit.patch Add patch drbd-Fix-a-possible-NULL-deref-found-with-gcc-11-fan.patch Add patch drbd-Fix-locking-for-the-drbd_devices-idr.patch Add patch drbd-fix-protocol-compatibility-with-drbd-8.4-state.patch Add patch drbd-fix-race-condition-resetting-resync_next_bit.patch Add patch drbd-fix-termination-of-verify-with-stop-sector.patch Add patch drbd-remove-device_to_minor.patch Add patch drbd-use-DEFINE_MUTEX-insteadm-of-mutex_init.patch Add patch Revert-drbd-serialize-syncs-from-multiple-sources.patch - cocci apply: linux-5.12.0-2 queue_discard_zeroes_data__no_present (48920ff2a5a9) ++++ kernel-default: - fs/epoll: restore waking from ep_done_scan() (bsc#1183868). - commit b803549 - iommu/amd: Add support for map/unmap_resource (jsc#ECO-3482). - commit 7b9e3ca - s390/pci: fix leak of PCI device structure (git-fixes). - vfio-pci/zdev: fix possible segmentation fault issue (git-fixes). - s390/zcrypt: return EIO when msg retry limit reached (git-fixes). - commit 5abd9df - ACPI: custom_method: fix a possible memory leak (git-fixes). - ACPI: custom_method: fix potential use-after-free issue (git-fixes). - commit 2b51e47 ++++ kernel-firmware: - Update to version 20210503 (git commit ecdfcf8e2ca1): * i915: Add ADL-P DMC Support * amdgpu: add new polaris 12 MC firmware * firmware: nvidia: Add VIC firmware for Tegra194 * qcom: add gpu firmwares for sc7280 * brcm: Add a link to enable khadas VIM2's WiFi * rtw89: 8852a: update fw to v0.13.8.0 * rtl_bt: Update RTL8852A BT USB firmware to 0xD9A8_7893 * qcom: Add venus firmware files for VPU-2.0 * qcom: update venus firmware files for v5.4 - Move adreno and modem firmware into kernel-firmware-qcom subpackage - Update license list and module aliases ++++ nfs-utils: - Add 0018-Replace-all-var-run-with-run.patch /var/run is long deprecated - switch all relevant paths to /run (bsc#1185170) ++++ shim: - shim-install: always assume "removable" for Azure to avoid the endless reset loop (bsc#1185464) ++++ yast2: - Logging all available product information into directory /var/log/YaST2/installation_info. This should help for evaluating the cause of e.g. bsc#1180888, bsc#1180908, bsc#1178688. - 4.4.4 ------------------------------------------------------------------ ------------------ 2021-5-6 - May 6 2021 ------------------- ------------------------------------------------------------------ ++++ hwdata: - Update to version 0.347 (bsc#1185697): + Updated pci, usb and vendor ids. ++++ jeos-firstboot: - Update to version 1.0.1: * Always show manual SSID option * Call dialog with --backtitle everywhere * Calculate the height of menus dynamically (bsc#1177188) * Create README.md ++++ kernel-default: - kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle UTF-8 input in non-UTF-8 locale. - commit 0db6da1 - md-cluster: fix use-after-free issue when removing rdev (bsc#1184082). - md: split mddev_find (bsc#1184081). - md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081). - md: md_open returns -EBUSY when entering racing area (bsc#1184081). - md: don't flush workqueue unconditionally in md_open (bsc#1184081). - commit 255ac58 - genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641). - commit 54b345b - PCI: dwc: Move iATU detection earlier (git-fixes). - PCI: keystone: Let AM65 use the pci_ops defined in pcie-designware-host.c (git-fixes). - thermal: thermal_of: Fix error return code of thermal_of_populate_bind_params() (git-fixes). - commit 48dc8db - PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() (git-fixes). - PCI: endpoint: Fix missing destroy_workqueue() (git-fixes). - PCI/RCEC: Fix RCiEP device to RCEC association (git-fixes). - PCI: Release OF node in pci_scan_device()'s error path (git-fixes). - thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val' (git-fixes). - docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes). - docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes). - commit 6976ceb ++++ Mesa: - adjusted filelist to removed vulkan files in Mesa 21.1.0 (packages Mesa-libVulkan-devel, Mesa-vulkan-device-select, Mesa-vulkan-overlay) - /usr/include/vulkan/vulkan_intel.h dropped with Mesa 21.1.0, but let's keep the package containing an empty directory - update to 21.1.0 * bunch of work here, lots of zink and softpipe, but bits and pieces of other things: tgsi, freddreno, nir, panfrost, intel, spirv, core gallium, radv, aco, r600, and core mesa. - supersedes patches U_clover-Fix-build-with-llvm-12.patch, U_clover-Add-missing-include-for-llvm-12-build-fix.patch ++++ harfbuzz: - Update to version 2.8.1: + Subsetter now fully supports GSUB/GPOS/GDEF tables (including variations); as such, layout tables are retained by subsetter by default + hb-view supports iTerm2 and kitty inline image protocols it can also use Chafa for terminal graphics if available - Add pkgconfig(chafa): new, optional depdency. ++++ ceph: - Update to 16.2.3-26-g422932e923: + rebased on top of upstream pacific SHA1 381b476cb3900f9a92eb95d03b4850b953cfd79a Pacific v16.2.3 release see https://ceph.io/releases/v16-2-3-pacific-released/ * cephadm: normalize image digest in 'ls' output too Pacific v16.2.2 release see https://ceph.io/releases/v16-2-2-pacific-released/ ++++ qemu: - For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683, CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477, CVE-2020-29129, bsc#1179484, CVE-2021-3419, bsc#1182975) ++++ shim: - Include suse-signed shim for AArch64 (bsc#1185621) (sync shim.changes from SLE) - Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the maximum variable size check for u-boot (bsc#1185621) ------------------------------------------------------------------ ------------------ 2021-5-5 - May 5 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - md/raid1: properly indicate failure when ending a failed write request (bsc#1185680). - commit 67fde5a - s390/entry: save the caller of psw_idle (bsc#1185677). - commit d82aadb - rtc: pcf2127: handle timestamp interrupts (bsc#1185495). - commit f74f90f - bus: fsl-mc: list more commands as accepted through the ioctl (bsc#1185670). - bus: fsl-mc: add the dpdbg device type (bsc#1185670). - commit 6325c23 - Update patches.suse/powerpc-eeh-Fix-EEH-handling-for-hugepages-in-iorema.patch (bsc#1156395 bsc#1185645 ltc#192576). - commit b0c1c70 - spi: cadence: set cqspi to the driver_data field of struct device (git-fixes). - commit e8779a2 - i2c: mlxbf: add IRQ check (git-fixes). - commit 571342e - fix patch metadata - fix Patch-mainline: patches.suse/mm-memcontrol-fix-cpuhotplug-statistics-flushing.patch - commit fc7f89c - Update kabi files. - update from May 2021 maintenance update submission (commit 0a8fae2b39f2) - commit 8a0c3f3 - dmaengine: idxd: Fix potential null dereference on pointer status (git-fixes). - commit 287f8f1 - powerpc/kexec_file: Use current CPU info while setting up FDT (bsc#1184615 ltc#189835). - commit 21c8a7e - Update config files. (bsc#1185010) - supported.conf: - commit 8888052 - rpm: drop /usr/bin/env in interpreter specification OBS checks don't like /usr/bin/env in script interpreter lines but upstream developers tend to use it. A proper solution would be fixing the depedency extraction and drop the OBS check error but that's unlikely to happen so that we have to work around the problem on our side and rewrite the interpreter lines in scripts before collecting files for packages instead. - commit 45c5c1a - scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089). - scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089). - scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089). - commit d9b38b9 ++++ ceph: - Update to 16.2.1-283-g9f37a4bec4: + rebased on top of upstream pacific SHA1 717ce59b76c659aaef8c5aec1355c0ac5cef7234 Pacific v16.2.1 release see https://ceph.io/releases/v16-2-1-pacific-released/ * (bsc#1183074) - (CVE-2021-20288) ceph: Unauthorized global_id reuse * (bsc#1184231) cephadm: Allow to use paths in all <_devices> drivegroup sections ++++ tcl: - bsc#1185662: Move tcl.macros /usr/lib/rpm/macros.d . - https://core.tcl-lang.org/thread/tktview?name=98ae20f0f5: Add tcl-aa4a13c15516da45.patch to disable lto for the stubs libraries. ------------------------------------------------------------------ ------------------ 2021-5-4 - May 4 2021 ------------------- ------------------------------------------------------------------ ++++ bash: - Add patch bsc1183064.patch * Fix bug bsc#1183064: Segfault from reading a history file not starting with # with HISTTIMEFORMAT set and history_multiline_entries nonzero and with the history cleared and read on the same input line. ++++ kernel-default: - nvme: add 'kato' sysfs attribute (bsc#1179825). - nvme: sanitize KATO setting (bsc#1179825). - commit f3a2791 - patches.suse/NFC-nxp-nci-Add-GPIO-ACPI-mapping-table.patch: (bsc#1185589). - commit 4004e31 - patches.suse/NFC-nxp-nci-Convert-to-use-GPIO-descriptor.patch: (bsc#1185589). - commit a3f193f - patches.suse/NFC-nxp-nci-Get-rid-of-platform-data.patch: (bsc#1185589). - commit 3e24d09 - rtc: ds1307: Fix wday settings for rx8130 (git-fixes). - mmc: sdhci-of-dwcmshc: fix rpmb access (git-fixes). - commit d21fbb6 - patches.suse/NFC-nxp-nci-Add-NXP1001-to-the-ACPI-ID-table.patch: (bsc#1185589). - commit 68d285a - mm: memcontrol: fix cpuhotplug statistics flushing (bsc#1185606). - commit 3bba386 - nvme-multipath: reset bdev to ns head when failover (bsc#178378 bsc#1182999). Refresh: - patches.suse/nvme-multipath-retry-commands-for-dying-queues.patch - commit ee2dc7b - scripts/git_sort/git_sort.py: Update nvme repositories - commit e849c44 - blacklist.conf: Add ppc kuap/uaccess fixes not applicable to SP2 - commit 4b4ca8e ++++ libjpeg-turbo: - disable SIMD for armv6hl, not available ++++ mokutil: - spec file cleanup ++++ nvme-cli: - update to 1.14 * nvme-discover: add json output * nvme: add support for lba status log page * nvme: add support for endurance group event aggregate log * nvme: add endurance group event configuration feature * nvme: add latest opcodes for command supported and effects log * zns: print select_all field for Zone Management Send * print topology for NVMe nodes in kernel and path * nvme: add support for predictable latency event aggregate log page * nvme: add support for persistent event log page * Show more async event config fields ++++ ovmf: - Update the descriptors to add "acpi-s4" tag to allow libvirt enable hibernation (bsc#1182886#c31) ++++ rust-keylime: - Update to version 0.0.1+git.1618949271.f609525: * Add more TPM helper functions * Use PKeys consistently * Rebase on tss-esapi 5.0 * Pass a PKeyRef to asym_verify * Use #[[from] from thiserror * Fix uppercase acronyms * Add testing feature * Remove port bindings for agent * More verbose TPM and revocation error, verbose success * Fix docker networking ++++ tpm2.0-tools: - fix `--version` output of tools. Since now autoreconf is called and configure.ac attempts to fetch the version from git (which we don't have during building), the version was empty. Fix this by replacing the git invocation in configure.ac. ------------------------------------------------------------------ ------------------ 2021-5-3 - May 3 2021 ------------------- ------------------------------------------------------------------ ++++ cockpit: - install all of pkg/lib in -devel package. Cockpit-machines needs more ++++ cockpit-machines: - initial package ++++ docker: - Add shell requires for the *-completion subpackages. ++++ kernel-default: - powerpc/eeh: Fix EEH handling for hugepages in ioremap space (bsc#1156395). - powerpc/time: Enable sched clock for irqtime (bsc#1156395). - commit 5ee4c93 - powerpc/perf: Fix PMU constraint check for EBB events (bsc#1065729). - powerpc/64s: Fix pte update for kernel memory on radix (bsc#1055117 git-fixes). - powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729). - powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729). - powerpc/fadump: Mark fadump_calculate_reserve_size as __init (bsc#1065729). - commit e08fbf4 - powerpc/perf: Fix the threshold event selection for memory events in power10 (jsc#SLE-13513). - powerpc/perf: Fix sampled instruction type for larx/stcx (jsc#SLE-13513). - powerpc/smp: Reintroduce cpu_core_mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/xive: Drop check on irq_data in xive_core_debug_show() (bsc#1177437 ltc#188522 jsc#SLE-13294 git-fixes). - powerpc/xmon: Fix build failure for 8xx (jsc#SLE-12936 git-fixes). - commit 84bf014 - KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit (bsc#1156395). - KVM: PPC: Make the VMX instruction emulation routines static (bsc#1156395). - commit 66099c4 - btrfs: fix race between swap file activation and snapshot creation (bsc#1185587). - btrfs: fix race between writes to swap files and scrub (bsc#1185586). - commit fef5517 - btrfs: fix race between swap file activation and snapshot creation (bsc#1185587). - btrfs: fix race between writes to swap files and scrub (bsc#1185586). - commit 517921a - series.conf: cleanup - move into "almost mainline" section patches.suse/rtc-fsl-ftm-alarm-add-MODULE_TABLE.patch - commit 75e25e9 - fix patch metadata - fix Patch-mainline: patches.suse/x86-platform-uv-set-section-block-size-for-hubless-architectures.patch - commit 5cf9a28 - series.conf: cleanup - update upstream references and resort patches.suse/powerpc-mm-Add-cond_resched-while-removing-hpte-mapp.patch patches.suse/powerpc-papr_scm-Fix-build-error-due-to-wrong-printf.patch patches.suse/powerpc-papr_scm-Implement-support-for-H_SCM_FLUSH-h.patch patches.suse/powerpc-pseries-Add-shutdown-to-vio_driver-and-vio_b.patch patches.suse/scsi-lpfc-Change-wording-of-invalid-pci-reset-log-me.patch patches.suse/scsi-lpfc-Correct-function-header-comments-related-t.patch patches.suse/scsi-lpfc-Fix-ADISC-handling-that-never-frees-nodes.patch patches.suse/scsi-lpfc-Fix-FLOGI-failure-due-to-accessing-a-freed.patch patches.suse/scsi-lpfc-Fix-PLOGI-ACC-to-be-transmit-after-REG_LOG.patch patches.suse/scsi-lpfc-Fix-crash-caused-by-switch-reboot.patch patches.suse/scsi-lpfc-Fix-dropped-FLOGI-during-pt2pt-discovery-r.patch patches.suse/scsi-lpfc-Fix-incorrect-dbde-assignment-when-buildin.patch patches.suse/scsi-lpfc-Fix-lpfc_els_retry-possible-null-pointer-d.patch patches.suse/scsi-lpfc-Fix-nodeinfo-debugfs-output.patch patches.suse/scsi-lpfc-Fix-null-pointer-dereference-in-lpfc_prep_.patch patches.suse/scsi-lpfc-Fix-pt2pt-connection-does-not-recover-afte.patch patches.suse/scsi-lpfc-Fix-pt2pt-state-transition-causing-rmmod-h.patch patches.suse/scsi-lpfc-Fix-reftag-generation-sizing-errors.patch patches.suse/scsi-lpfc-Fix-stale-node-accesses-on-stale-RRQ-reque.patch patches.suse/scsi-lpfc-Fix-status-returned-in-lpfc_els_retry-erro.patch patches.suse/scsi-lpfc-Fix-unnecessary-null-check-in-lpfc_release.patch patches.suse/scsi-lpfc-Fix-use-after-free-in-lpfc_els_free_iocb.patch patches.suse/scsi-lpfc-Fix-vport-indices-in-lpfc_find_vport_by_vp.patch patches.suse/scsi-lpfc-Reduce-LOG_TRACE_EVENT-logging-for-vports.patch patches.suse/scsi-lpfc-Update-copyrights-for-12.8.0.7-and-12.8.0..patch patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.8.patch patches.suse/scsi-qla2xxx-Reserve-extra-IRQ-vectors.patch patches.suse/selftests-powerpc-Fix-L1D-flushing-tests-for-Power10.patch - commit e03aa0a - ibmvnic: queue reset work in system_long_wq (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681 git-fixes). - ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: clean up the remaining debugfs data structures (bsc#1065729). - ibmvnic: remove duplicate napi_schedule call in open function (bsc#1065729). - ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#1065729). - ibmvnic: avoid calling napi_disable() twice (bsc#1065729). - commit 5d92f24 - cpuidle/pseries: Fixup CEDE0 latency only for POWER10 onwards (bsc#1185550 ltc#192610). - commit 19688a8 - ima: Free IMA measurement buffer after kexec syscall (git-fixes). - commit 2cf366a - virtiofs: fix memory leak in virtio_fs_probe() (bsc#1185558). - commit bc3eb47 - btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1185549). - commit 210f7a5 - btrfs: track qgroup released data in own variable in insert_prealloc_file_extent (bsc#1185549). - commit 4d34a1c ++++ zchunk: - Update to version 1.1.11 * Fix memory leak of zck->prep_digest * Fix argp detection * Handle certain rare web servers that don't start with \r\n - Drop upstream merged fix-test-argp.patch ++++ python-py: - CVE-2020-29651.patch (bsc#1179805, CVE-2020-29651, bsc#1184505) * python-py: regular expression denial of service in svnwc.py ++++ ovmf: - Add ovmf-bsc1184801-fix-sev-with-tpm.patch to fix SEV-ES guest crash with TPM (bsc#1184801) ++++ shim: - Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch to handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#508 - create NVMe config files before udevd is started (bsc#1184908) - 16.56.10 ++++ yast2: - Do not crash when a client execution return false (related to bsc#1185561, and bsc#1180954). - 4.4.3 ++++ yast2-trans: - Update to version 84.87.20210502.7b34dbceae: * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Turkish) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'network'. * New POT for text domain 'installation'. * New POT for text domain 'network'. * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) ------------------------------------------------------------------ ------------------ 2021-5-2 - May 2 2021 ------------------- ------------------------------------------------------------------ ++++ at-spi2-core: - Update to version 2.40.1: + Fix double free when removing event listeners. + Fix numlock detection. ++++ python3-core: - Make sure to close the import_failed.map file after the exception has been raised in order to avoid ResourceWarnings when the failing import is part of a try...except block. ++++ python3: - Make sure to close the import_failed.map file after the exception has been raised in order to avoid ResourceWarnings when the failing import is part of a try...except block. ------------------------------------------------------------------ ------------------ 2021-5-1 - May 1 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes). - ASoC: rsnd: check all BUSIF status when error (git-fixes). - ASoC: wm8960: Remove bitclk relax condition in wm8960_configure_sysclk (git-fixes). - ASoC: samsung: snow: remove useless test (git-fixes). - ASoC: Intel: boards: sof-wm8804: add check for PLL setting (git-fixes). - drm/i915/gt: Clear CACHE_MODE prior to clearing residuals (git-fixes). - commit 18fa88e - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices (git-fixes). - ALSA: hda/realtek: Re-order ALC662 quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx (git-fixes). - ALSA: hda/cirrus: Use CS8409 filter to fix abnormal sounds on Bullseye (git-fixes). - ALSA: hda/cirrus: Set Initial DMIC volume for Bullseye to -26 dB (git-fixes). - ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer (git-fixes). - ALSA: hda/realtek - Headset Mic issue on HP platform (git-fixes). - ALSA: usb-audio: DJM-750: ensure format is set (git-fixes). - ALSA: hda/realtek: GA503 use same quirks as GA401 (git-fixes). - ALSA: hda/realtek: fix mic boost on Intel NUC 8 (git-fixes). - ALSA: usb-audio: Explicitly set up the clock selector (git-fixes). - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes). - ALSA: hda/cirrus: Make CS8409 driver more generic by using fixups (git-fixes). - ALSA: hda/cirrus: Fix CS42L42 Headset Mic volume control name (git-fixes). - ALSA: hda/cirrus: Cleanup patch_cirrus.c code (git-fixes). - ALSA: hda/cirrus: Add error handling into CS8409 I2C functions (git-fixes). - ALSA: hda/cirrus: Add Headphone and Headset MIC Volume Control (git-fixes). - ALSA: hda/cirrus: Add jack detect interrupt support from CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Add support for CS8409 HDA bridge and CS42L42 companion codec (git-fixes). - ALSA: usb-audio: Configure Pioneer DJM-850 samplerate (git-fixes). - ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes). - ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes). - commit 82d06eb - i2c: sh7760: fix IRQ error path (git-fixes). - commit e315f49 - pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes). - pinctrl: Ingenic: Add missing pins to the JZ4770 MAC MII group (git-fixes). - i2c: sh7760: add IRQ check (git-fixes). - i2c: jz4780: add IRQ check (git-fixes). - i2c: emev2: add IRQ check (git-fixes). - commit da2180a - i2c: cadence: add IRQ check (git-fixes). - i2c: sprd: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: omap: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: img-scb: fix reference leak when pm_runtime_get_sync fails (git-fixes). - HID: plantronics: Workaround for double volume key presses (git-fixes). - ASoC: ak5558: correct reset polarity (git-fixes). - ASoC: simple-card: fix possible uninitialized single_cpu local variable (git-fixes). - ASoC: ak5558: Fix s/show/slow/ typo (git-fixes). - ASoC: samsung: tm2_wm5110: check of of_parse return value (git-fixes). - ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops (git-fixes). - ALSA: usb-audio: Fix implicit sync clearance at stopping stream (git-fixes). - ALSA: usb: midi: don't return -ENOMEM when usb_urb_ep_type_check fails (git-fixes). - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls (git-fixes). - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect (git-fixes). - drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes). - commit 2b66742 ++++ libxkbcommon: - Update to release 1.3.0 * `xkbcli list` was changed to output YAML instead of a custom format. * Fix segmentation fault in case-insensitive `xkb_keysym_from_name` for certain values like the empty string. ------------------------------------------------------------------ ------------------ 2021-4-30 - Apr 30 2021 ------------------- ------------------------------------------------------------------ ++++ cockpit: - new version 243 https://cockpit-project.org/blog/cockpit-243.html https://cockpit-project.org/blog/cockpit-242.html https://cockpit-project.org/blog/cockpit-241.html https://cockpit-project.org/blog/cockpit-240.html https://cockpit-project.org/blog/cockpit-239.html ++++ librsvg: - Update to version 2.50.5: + Images embedded as data: URLs didn't render if they had a MIME type with a charset parameter. + Don't allow number lists with unbounded lengths in tableValues attributes, for feComponentTransfer and feConvolveMatrix. + Negative rx/ry in rect element should be ignored. ++++ glib-networking: - Update to version 2.68.1: + Fix threadsafety issue in certificate verification. + Temporarily remove support for downloading missing intermediate certificates with GnuTLS 3.7. ++++ kernel-default: - ath10k: Fix a use after free in ath10k_htc_send_bundle (git-fixes). - mt76: mt7915: fix aggr len debugfs node (git-fixes). - rtw88: Fix an error code in rtw_debugfs_set_rsvd_page() (git-fixes). - Bluetooth: avoid deadlock between hci_dev->lock and socket lock (git-fixes). - commit 38c8cc4 - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (git-fixes). - commit f8b6668 - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req (git-fixes). - net: phy: marvell: fix m88e1111_set_downshift (git-fixes). - net: phy: marvell: fix m88e1011_set_downshift (git-fixes). - net: phy: intel-xway: enable integrated led functions (git-fixes). - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock (git-fixes). - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices (git-fixes). - mac80211: bail out if cipher schemes are invalid (git-fixes). - rtw88: Fix array overrun in rtw_get_tx_power_params() (git-fixes). - rsi: Use resume_noirq for SDIO (git-fixes). - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() (git-fixes). - rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes). - mt7601u: fix always true expression (git-fixes). - liquidio: Fix unintented sign extension of a left shift of a u16 (git-fixes). - nfc: pn533: prevent potential memory corruption (git-fixes). - commit 4c3b252 - rpm/constraints.in: bump disk space to 45GB on riscv64 - commit f8b883f - scsi: qla2xxx: Reuse existing error handling path (bsc#1185491). - scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491). - scsi: qla2xxx: Do logout even if fabric scan retries got exhausted (bsc#1185491). - scsi: qla2xxx: Update default AER debug mask (bsc#1185491). - scsi: qla2xxx: Fix mailbox recovery during PCIe error (bsc#1185491). - scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491). - scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491). - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (bsc#1185491). - scsi: qla2xxx: Fix use after free in bsg (bsc#1185491). - scsi: qla2xxx: Consolidate zio threshold setting for both FCP & NVMe (bsc#1185491). - scsi: qla2xxx: Fix stuck session (bsc#1185491). - scsi: qla2xxx: Add H:C:T info in the log message for fc ports (bsc#1185491). - scsi: qla2xxx: Fix IOPS drop seen in some adapters (bsc#1185491). - scsi: qla2xxx: Check kzalloc() return value (bsc#1185491). - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() (bsc#1185491). - scsi: qla2xxx: Simplify qla8044_minidump_process_control() (bsc#1185491). - scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (bsc#1185491). - scsi: qla2xxx: Fix endianness annotations (bsc#1185491). - scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491). - scsi: qla2xxx: Fix a couple of misdocumented functions (bsc#1185491). - scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (bsc#1185491). - scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491). - scsi: qla2xxx: Fix some incorrect formatting/spelling issues (bsc#1185491). - scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores (bsc#1185491). - scsi: qla2xxx: Fix broken #endif placement (bsc#1185491). - scsi: qla2xxx: Simplify if statement (bsc#1185491). - scsi: qla2xxx: Simplify the calculation of variables (bsc#1185491). - scsi: qla2xxx: Fix some memory corruption (bsc#1185491). - scsi: qla2xxx: Remove redundant NULL check (bsc#1185491). - scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491). - scsi: qla2xxx: Assign boolean values to a bool variable (bsc#1185491). - scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491). - scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (bsc#1185491). - scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491). - scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (bsc#1185491). - scsi: qla2xxx: Move some messages from debug to normal log level (bsc#1185491). - scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491). - scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (bsc#1185491). - commit db29123 - Remove patches.suse/scsi-qla2xxx-Make-sure-that-aborted-commands-are-fre.patch Upstream commit 39c0c8553bfb ("scsi: Revert "qla2xxx: Make sure that aborted commands are freed"") reverts the patch. - commit 311c2c6 ++++ sensors: - change-pidfile-path-from-var-run-to-run.patch: Change PIDFile path from /var/run to /run (bsc#1185183). - var-run-deprecated.patch: /var/run is deprecated (bsc#1185183). ++++ permissions: - Update to version 20181225: * etc/permissions: remove unnecessary entries (bsc#1182899) ++++ qemu: - Update to v6.0: see https://wiki.qemu.org/ChangeLog/6.0 For a full list of formely deprecated features that are removed now, consult: https://qemu-project.gitlab.io/qemu/system/removed-features.html. For a list of new deprecated features, consult: https://qemu-project.gitlab.io/qemu/system/deprecated.html Some noteworthy changes: * Removed tileGX CPU (linux-user mode). * Removed ide-drive device (use ide-hd or ide-cd instead). * Removed scsi-disk device (use scsi-hd or scsi-cd instead). * Removed pc-1.0, pc-1.1, pc-1.2, and pc-1.3 machine types. * Added emulation of Arm-v8.1M arch and Cortex-M55 CPU. * Added boards mps3-an524 (Cortex-M33) and mps3-an547 (Cortex-M55). * x86: Support for running SEV-ES encrypted guests; TCG can emulate the PKS feature; WHPX accelerator supports accelerated APIC. * ARM: ARMv8.4-TTST, ARMv8.4-SEL2, FEAT_SSBS, and ARMv8.4-DIT emulation are now supported; Added ARMv8.5-MemTag extension is now supported formely linux-user. Additional device emulation support for xlnx-zynqmp, xlnx-versal, sbsa-ref, npcm7xx, and sabrelite board models. * PowerPC: powernv now allows external BMC; pseries can send QAPI message if it detects a memory hotplug failure; CPU unplug request can be retried. * s390: TCG works with Linux kernels built with clang-11 and clang12. * RISC-V: OpenSBI upgraded to v0.9; Support the QMP dump-guest-memory command; Add support for the SiFive SPI controller (sifive_u); Add QSPI NOR flash to Microchip PFSoC. * Misc doc improvements. * Multiprocess: Add experimental options to support out-of-process device emulation. * ACPI: support for assigning NICs to known names in guest OS independently of PCI slot placement. * NVMe: new emulation support for v1.4 spec with many new features, experimental support for Zoned Namespaces, multipath I/O, and End-to-End Data Protection. * Xen: New guest loader for testing of Xen-like hypervisors booting kernels. * virtiofs: misc. security fixes and performance improvements. * Tools: FUSE block exports to allow mounting any QEMU block device node as a host file. * Migration: query/info-migrate now display the migration blocker status and the reasons for blocking. * User-mode: Added support for the Qualcomm Hexagon processor. * TCG: Added support for Apple Silicon hosts (macOS). * QMP: backup jobs now support multiple asynchronous requests in parallel * VNC: virtio-vga support for scaling resolution based on client window size * Patches added: doc-add-our-support-doc-to-the-main-proj.patch * Patches removed: 9pfs-Fully-restart-unreclaim-loop-CVE-20.patch audio-add-sanity-check.patch block-Fix-deadlock-in-bdrv_co_yield_to_d.patch block-Fix-locking-in-qmp_block_resize.patch blockjob-Fix-crash-with-IOthread-when-bl.patch block-nfs-fix-int-overflow-in-nfs_client.patch block-rbd-fix-memory-leak-in-qemu_rbd_co.patch block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch block-Separate-blk_is_writable-and-blk_s.patch block-Simplify-qmp_block_resize-error-pa.patch brotli-fix-actual-variable-array-paramet.patch build-no-pie-is-no-functional-linker-fla.patch cadence_gem-switch-to-use-qemu_receive_p.patch cpu-core-Fix-help-of-CPU-core-device-typ.patch docs-add-SUSE-support-statements-to-html.patch dp8393x-switch-to-use-qemu_receive_packe.patch e1000-fail-early-for-evil-descriptor.patch e1000-switch-to-use-qemu_receive_packet-.patch hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch hw-arm-virt-Disable-pl011-clock-migratio.patch hw-block-fdc-Fix-fallback-property-on-sy.patch hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch hw-isa-Kconfig-Add-missing-dependency-VI.patch hw-isa-piix4-Migrate-Reset-Control-Regis.patch hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch hw-s390x-fix-build-for-virtio-9p-ccw.patch hw-sd-sd-Actually-perform-the-erase-oper.patch hw-sd-sd-Fix-build-error-when-DEBUG_SD-i.patch hw-sd-sdhci-Correctly-set-the-controller.patch hw-sd-sdhci-Don-t-transfer-any-data-when.patch hw-sd-sdhci-Don-t-write-to-SDHC_SYSAD-re.patch hw-sd-sdhci-Limit-block-size-only-when-S.patch hw-sd-sdhci-Reset-the-data-pointer-of-s-.patch hw-sd-sd-Move-the-sd_block_-read-write-a.patch hw-sd-sd-Skip-write-protect-groups-check.patch hw-timer-slavio_timer-Allow-64-bit-acces.patch hw-virtio-pci-Added-AER-capability.patch hw-virtio-pci-Added-counter-for-pcie-cap.patch i386-acpi-restore-device-paths-for-pre-5.patch iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch lan9118-switch-to-use-qemu_receive_packe.patch lsilogic-Use-PCIDevice-exit-instead-of-D.patch Make-keycode-gen-output-reproducible-use.patch memory-clamp-cached-translation-in-case-.patch monitor-Fix-assertion-failure-on-shutdow.patch mptsas-Remove-unused-MPTSASState-pending.patch msf2-mac-switch-to-use-qemu_receive_pack.patch net-Fix-handling-of-id-in-netdev_add-and.patch net-introduce-qemu_receive_packet.patch pcnet-switch-to-use-qemu_receive_packet-.patch qemu-nbd-Use-SOMAXCONN-for-socket-listen.patch qemu-storage-daemon-Enable-object-add.patch rtl8139-switch-to-use-qemu_receive_packe.patch s390x-add-have_virtio_ccw.patch s390x-css-report-errors-from-ccw_dstream.patch s390x-Fix-stringop-truncation-issue-repo.patch s390x-modularize-virtio-gpu-ccw.patch s390x-move-S390_ADAPTER_SUPPRESSIBLE.patch s390x-pci-restore-missing-Query-PCI-Func.patch spice-app-avoid-crash-when-core-spice-mo.patch sungem-switch-to-use-qemu_receive_packet.patch target-arm-Don-t-decode-insns-in-the-XSc.patch target-arm-Fix-MTE0_ACTIVE.patch target-arm-Introduce-PREDDESC-field-defi.patch target-arm-Update-PFIRST-PNEXT-for-pred_.patch target-arm-Update-REV-PUNPK-for-pred_des.patch target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch target-xtensa-fix-meson.build-rule-for-x.patch tcg-Use-memset-for-large-vector-byte-rep.patch tools-virtiofsd-Replace-the-word-whiteli.patch tx_pkt-switch-to-use-qemu_receive_packet.patch ui-vnc-Add-missing-lock-for-send_color_m.patch update-linux-headers-Include-const.h.patch Update-linux-headers-to-5.11-rc2.patch util-fix-use-after-free-in-module_load_o.patch vfio-ccw-Connect-the-device-request-noti.patch vhost-user-blk-fix-blkcfg-num_queues-end.patch viriofsd-Add-support-for-FUSE_HANDLE_KIL.patch virtiofsd-extract-lo_do_open-from-lo_ope.patch virtiofsd-optionally-return-inode-pointe.patch virtiofsd-prevent-opening-of-special-fil.patch virtiofs-drop-remapped-security.capabili.patch virtiofsd-Save-error-code-early-at-the-f.patch virtio-move-use-disabled-flag-property-t.patch virtio-pci-compat-page-aligned-ATS.patch xen-block-Fix-removal-of-backend-instanc.patch ++++ zypper: - Rephrase needs-rebooting help and messages. Try to point out that the need to reboot was not necessarily triggered by the current transaction. - man page: Recommend the needs-rebooting command to test whether a system reboot is suggested. - patch: Let a patch's reboot-needed flag overrule included packages (bsc#1183268) - Quickfix setting "openSUSE_Tumbleweed" as default platform for "MicroOS" (bsc#1153687) This fixes the guessed platform for "obs:///" URLs. - Protect against strict/relaxed user umask via sudo (bsc#1183589) - zypper-log: protect against thread name indicators in a log. - xml summary: add solvables repository alias (bsc#1182372) - version 1.14.44 ------------------------------------------------------------------ ------------------ 2021-4-29 - Apr 29 2021 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - scsi: lpfc: Fix DMA virtual address ptr assignment in bsg (bsc#1185365). - scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1183203). - scsi: lpfc: Copyright updates for 12.8.0.9 patches (bsc#1185472). - scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472). - scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c (bsc#1185472). - scsi: lpfc: Standardize discovery object logging format (bsc#1185472). - scsi: lpfc: Fix various trivial errors in comments and log messages (bsc#1185472). - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic (bsc#1185472). - scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored (bsc#1185472). - scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login (bsc#1185472). - scsi: lpfc: Fix silent memory allocation failure in lpfc_sli4_bsg_link_diag_test() (bsc#1185472). - scsi: lpfc: Fix use-after-free on unused nodes after port swap (bsc#1185472). - scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode (bsc#1185472). - scsi: lpfc: Fix lack of device removal on port swaps with PRLIs (bsc#1185472). - scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock dependency (bsc#1185472). - scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp() (bsc#1185472). - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response (bsc#1185472). - scsi: lpfc: Fix rmmod crash due to bad ring pointers to abort_iotag (bsc#1185472). - scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472). - scsi: lpfc: Fix a typo (bsc#1185472). - scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472). - scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472). - scsi: lpfc: Fix incorrectly documented function lpfc_debugfs_commonxripools_data() (bsc#1185472). - scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc misdemeanours (bsc#1185472). - scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record() (bsc#1185472). - scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472). - scsi: lpfc: Fix some error codes in debugfs (bsc#1185472). - commit a4fa91e - series.conf: Resort and update meta data - meta data refreshed: patches.suse/scsi-lpfc-Change-wording-of-invalid-pci-reset-log-me.patch patches.suse/scsi-lpfc-Correct-function-header-comments-related-t.patch patches.suse/scsi-lpfc-Fix-ADISC-handling-that-never-frees-nodes.patch patches.suse/scsi-lpfc-Fix-FLOGI-failure-due-to-accessing-a-freed.patch patches.suse/scsi-lpfc-Fix-PLOGI-ACC-to-be-transmit-after-REG_LOG.patch patches.suse/scsi-lpfc-Fix-crash-caused-by-switch-reboot.patch patches.suse/scsi-lpfc-Fix-dropped-FLOGI-during-pt2pt-discovery-r.patch patches.suse/scsi-lpfc-Fix-incorrect-dbde-assignment-when-buildin.patch patches.suse/scsi-lpfc-Fix-lpfc_els_retry-possible-null-pointer-d.patch patches.suse/scsi-lpfc-Fix-nodeinfo-debugfs-output.patch patches.suse/scsi-lpfc-Fix-null-pointer-dereference-in-lpfc_prep_.patch patches.suse/scsi-lpfc-Fix-pt2pt-connection-does-not-recover-afte.patch patches.suse/scsi-lpfc-Fix-pt2pt-state-transition-causing-rmmod-h.patch patches.suse/scsi-lpfc-Fix-reftag-generation-sizing-errors.patch patches.suse/scsi-lpfc-Fix-stale-node-accesses-on-stale-RRQ-reque.patch patches.suse/scsi-lpfc-Fix-status-returned-in-lpfc_els_retry-erro.patch patches.suse/scsi-lpfc-Fix-unnecessary-null-check-in-lpfc_release.patch patches.suse/scsi-lpfc-Fix-use-after-free-in-lpfc_els_free_iocb.patch patches.suse/scsi-lpfc-Fix-vport-indices-in-lpfc_find_vport_by_vp.patch patches.suse/scsi-lpfc-Reduce-LOG_TRACE_EVENT-logging-for-vports.patch patches.suse/scsi-lpfc-Update-copyrights-for-12.8.0.7-and-12.8.0..patch patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.8.patch patches.suse/scsi-qla2xxx-Reserve-extra-IRQ-vectors.patch - commit 27785f8 - x86/platform/uv: Set section block size for hubless architectures (bsc#1152489). - commit 47e611e - rtc: fsl-ftm-alarm: add MODULE_TABLE() (bsc#1185454). - rtc: fsl-ftm-alarm: update acpi device id (bsc#1185454). - rtc: fsl-ftm-alarm: fix freeze(s2idle) failed to wake (bsc#1185454). - rtc: fsl-ftm-alarm: report alarm to core (bsc#1185454). - rtc: fsl-ftm-alarm: enable acpi support (bsc#1185454). - rtc: fsl-ftm-alarm: avoid struct rtc_time conversions (bsc#1185454). - rtc: fsl-ftm-alarm: switch to rtc_time64_to_tm/rtc_tm_to_time64 (bsc#1185454). - rtc: fsl-ftm-alarm: switch to ktime_get_real_seconds (bsc#1185454). - commit 10147b2 - reintroduce cqhci_suspend for kABI (git-fixes). - commit eb30081 - blk-mq: set default elevator as deadline in case of hctx shared tagset (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - commit 55cfd5d - Refresh sorted section. - commit b0d2a3b - vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer (git-fixes). - vfio/mdev: Make to_mdev_device() into a static inline (git-fixes). - vfio/pci: Re-order vfio_pci_probe() (git-fixes). - vfio/pci: Move VGA and VF initialization to functions (git-fixes). - drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() (git-fixes). - drm: xlnx: zynqmp: fix a memset in zynqmp_dp_train() (git-fixes). - drm/probe-helper: Check epoch counter in output_poll_execute() (git-fixes). - drm/amd/display: Fix off by one in hdmi_14_process_transaction() (git-fixes). - drm/panfrost: Don't try to map pages that are already mapped (git-fixes). - drm/panfrost: Clear MMU irqs before handling the fault (git-fixes). - drm/tilcdc: send vblank event when disabling crtc (git-fixes). - commit fe92c5a - Fix series.conf sorted section - commit 6795229 - media: staging/intel-ipu3: Fix race condition during set_fmt (git-fixes). - commit 7053b04 - mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes). - mmc: core: Correct descriptions in mmc_of_parse() (git-fixes). - sata_mv: add IRQ checks (git-fixes). - pata_ipx4xx_cf: fix IRQ check (git-fixes). - pata_arasan_cf: fix IRQ check (git-fixes). - rsxx: remove extraneous 'const' qualifier (git-fixes). - pinctrl: lewisburg: Update number of pins in community (git-fixes). - net: geneve: check skb is large enough for IPv4/IPv6 header (git-fixes). - commit 8cd08fd - mfd: lpc_sch: Partially revert "Add support for Intel Quark X1000" (git-fixes). - mfd: stm32-timers: Avoid clearing auto reload register (git-fixes). - mmc: uniphier-sd: Fix a resource leak in the remove function (git-fixes). - mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe() (git-fixes). - media: staging/intel-ipu3: Fix memory leak in imu_fmt (git-fixes). - media: v4l2-ctrls.c: fix race condition in hdl->requests list (git-fixes). - media: staging/intel-ipu3: Fix set_fmt error handling (git-fixes). - media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes). - media: m88rs6000t: avoid potential out-of-bounds reads on arrays (git-fixes). - commit e24fcb3 - drm/omap: fix misleading indentation in pixinc() (git-fixes). - drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes). - media: mantis: remove orphan mantis_core.c (git-fixes). - media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming() (git-fixes). - media: omap4iss: return error code when omap4iss_get() failed (git-fixes). - gpio: omap: Save and restore sysconfig (git-fixes). - HID: wacom: Assign boolean values to a bool variable (git-fixes). - HID: alps: fix error return code in alps_input_configured() (git-fixes). - HID: google: add don USB id (git-fixes). - commit 20a3b3a - clk: uniphier: Fix potential infinite loop (git-fixes). - clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback (git-fixes). - clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes). - clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE (git-fixes). - backlight: journada720: Fix Wmisleading-indentation warning (git-fixes). - ata: libahci_platform: fix IRQ check (git-fixes). - drm/radeon: fix copy of uninitialized variable back to userspace (git-fixes). - commit f116afa ++++ kernel-firmware: - Update to version 20210426 (git commit fa0efeff4894): * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Intel BT 7265: Fix Security Issues * linux-firmware: Update firmware file for Intel Bluetooth 8265 * mrvl: prestera: Add Marvell Prestera Switchdev firmware 3.0 version * rtw88: 8822c: Update normal firmware to v9.9.9 * brcm: add missing symlink for Pi Zero W NVRAM file * amdgpu: update arcturus firmware from 21.10 * amdgpu: update navy flounder firmware from 21.10 * amdgpu: update sienna cichlid firmware from 21.10 * amdgpu: update vega20 firmware from 21.10 * amdgpu: update picasso firmware from 21.10 * amdgpu: update navi14 firmware from 21.10 * amdgpu: update green sardine firmware from 21.10 * amdgpu: update vega12 firmware from 21.10 * amdgpu: update navi12 firmware from 21.10 * amdgpu: update vega10 firmware from 21.10 * amdgpu: update renoir firmware from 21.10 * amdgpu: update navi10 firmware from 21.10 * amdgpu: update raven2 firmware from 21.10 * amdgpu: update raven firmware from 21.10 * rtl_nic: add new firmware for RTL8153 and RTL8156 series ++++ less: - update to 581.2: * This fixes a bug found in less-581 where the terminal was sometimes left in mouse-reporting mode after exiting less. ++++ libcontainers-common: - Update common to 0.37.0 0.37.0: new libimage package Bump github.com/containers/storage from 1.29.0 to 1.30.0 config: suggest enable-linger only if euid != 0 Change log message in findRuntime() Add setns to default seccomp.json Cleanup debugf information to make debugging more useful - Update podman to 3.1.2 3.1.2: [#]## Bugfixes - Fixed a bug where images with empty layers were stored incorrectly, causing them to be unable to be pushed or saved. - Fixed a bug where the `podman rmi` command could fail to remove corrupt images from storage. - Fixed a bug where the remote Podman client's `podman save` command did not support the `oci-dir` and `docker-dir` formats ([#9742](https://github.com/containers/podman/issues/9742)). - Fixed a bug where volume mounts from `podman play kube` created with a trailing `/` in the container path were were not properly superceding named volumes from the image ([#9618](https://github.com/containers/podman/issues/9618)). - Fixed a bug where Podman could fail to build on 32-bit architectures. [#]## Misc - Updated the containers/image library to v5.11.1 - Update storage to 1.30.1 1.30.1: Allow users to tag images in read/only image stores build(deps): bump github.com/klauspost/compress from 1.12.1 to 1.12.2 Validate selinux label before attempting to use it 1.30.0: unshare: new function HasCapSysAdmin btrfs: Do not disable quota on cleanup build(deps): bump github.com/klauspost/compress from 1.11.13 to 1.12.1 - Update image to 5.11.1 * new libimage package * Bump github.com/containers/storage from 1.29.0 to 1.30.0 * config: suggest enable-linger only if euid != 0 * Change log message in findRuntime() * Add setns to default seccomp.json * Cleanup debugf information to make debugging more useful ++++ procps: - Add upstream patch procps-vmstat-1b9ea611.patch for bsc#1185417 * Support up to 2048 CPU as well ++++ virglrenderer: - Update to version 0.9.1: * Various small bugfixes ------------------------------------------------------------------ ------------------ 2021-4-28 - Apr 28 2021 ------------------- ------------------------------------------------------------------ ++++ open-iscsi: - Local (SUSE) change: update iscsi.service so that it tries to logon to any "onboot" and firmware targets, in case a target was offline when booted but back up when the service is started. (bsc#1153806) - Merged with latest from upstream, which contains these fixes: * Add "no wait" option to iscsiadm firmware login * Check for ISCSI_ERR_ISCSID_NOTCONN in iscsistart * Log proper error message when AUTH failure occurs ++++ kernel-default: - scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089). - scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089). - scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089). - commit 1fed21d - fix patch metadata - fix Patch-mainline: patches.suse/x86-microcode-check-for-offline-cpus-before-requesting-new-microcode.patch - commit 86da738 - x86/microcode: Check for offline CPUs before requesting new microcode (bsc#1152489). - commit 720943a - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - commit e46a789 - mmc: sdhci-of-dwcmshc: implement specific set_uhs_signaling (git-fixes). - commit 78a20b1 - mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes). - commit b9124c1 - mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes). - commit 3690227 - mmc: sdhci: Use Auto CMD Auto Select only when v4_mode is true (git-fixes). - commit 23cd005 - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - Refresh patches.suse/mmc-sdhci-pci-Prefer-SDR25-timing-for-High-Speed-mod.patch. - commit 9dd1a55 - blacklist.conf: prerequisites break kABI - commit 2c4445c - mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes). - commit 72c0b64 - Refresh patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch. - commit dbaac01 - blacklist.conf: fixes a compiler warning only - commit 2e1acc1 - blacklist.conf: fixes a compiler warning only - commit 0566d04 - rpm/constraints.in: remove aarch64 disk size exception obs://Kernel:stable/kernel-default/ARM/aarch64 currrently fails: installing package kernel-default-livepatch-devel-5.12.0-3.1.g6208a83.aarch64 needs 3MB more space on the / filesystem The stats say: Maximal used disk space: 31799 Mbyte By default, we require 35G. For aarch64 we had an exception to lower this limit to 30G there. Drop this exception as it is obviously no longer valid. - commit ee00b50 ++++ libxml2: - Security fix: [bsc#1185408, CVE-2021-3518] * Fix use-after-free in xinclude.c:xmlXIncludeDoProcess() * Add libxml2-CVE-2021-3518.patch - Security fix: [bsc#1185410, CVE-2021-3517] * Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal() * Add libxml2-CVE-2021-3517.patch - Security fix: [bsc#1185409, CVE-2021-3516] * Fix use-after-free in entities.c:xmlEncodeEntitiesInternal() * Add libxml2-CVE-2021-3516.patch ++++ libzypp: - Properly handle permission denied when providing optional files (bsc#1185239) - Fix service detection with cgroupv2 (bsc#1184997) - version 17.25.10 (22) ++++ libxml2-python: - Security fix: [bsc#1185408, CVE-2021-3518] * Fix use-after-free in xinclude.c:xmlXIncludeDoProcess() * Add libxml2-CVE-2021-3518.patch - Security fix: [bsc#1185410, CVE-2021-3517] * Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal() * Add libxml2-CVE-2021-3517.patch - Security fix: [bsc#1185409, CVE-2021-3516] * Fix use-after-free in entities.c:xmlEncodeEntitiesInternal() * Add libxml2-CVE-2021-3516.patch ++++ selinux-policy: - allow cockpit socket to bind nodes (fix_cockpit.patch) - use %autosetup to get rid of endless patch lines ++++ shim: - Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz ++++ installation-images-LeapMicro: - merge gh#openSUSE/installation-images#507 - Revert "trigger automatic nvme discovery (bsc#1184908)" - trigger automatic nvme discovery in udev start script (bsc#1184908) - 16.56.9