------------------------------------------------------------------ --- Changelog.all ----------- Wed Mar 8 16:18:17 UTC 2023 ------ ------------------------------------------------------------------ ------------------------------------------------------------------ ------------------ 2023-3-6 - Mar 6 2023 ------------------- ------------------------------------------------------------------ ++++ fde-tools: - Add fde-tools-set-stop-event-for-tpm_authorize.patch to set the stop event when signing the authorized policy ------------------------------------------------------------------ ------------------ 2023-3-1 - Mar 1 2023 ------------------- ------------------------------------------------------------------ ++++ fde-tools: - firstboot/fde: ensure that aliases get expanded in shell scripts This is needed to make the bootloader_foo -> grub2_foo function name expansion work ------------------------------------------------------------------ ------------------ 2023-2-28 - Feb 28 2023 ------------------- ------------------------------------------------------------------ ++++ fde-tools: - Updated to version 0.6.3 - Fix a bug introduced by the recent change in tempdir handling ------------------------------------------------------------------ ------------------ 2023-2-22 - Feb 22 2023 ------------------- ------------------------------------------------------------------ ++++ rust-keylime: - Update to version 0.2.0+git.1677002906.cf6c4f0: * Bump version to 0.2.0 * packit: Remove workaround for Fedora BZ#2158598 * ima-emulator: Implement graceful shutdown * Update tss-esapi in Cargo.toml * packit: Re-enable tests on Fedora Rawhide * Deprecate `with-zmq` and `legacy-python-actions` features ------------------------------------------------------------------ ------------------ 2023-2-16 - Feb 16 2023 ------------------- ------------------------------------------------------------------ ++++ tpm2-0-tss: - Drop 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch as was already merged upstream - Update to 4.0.1 + Fixed: * A buffer overflow in tss2-rc as CVE-2023-22745. - Update to 4.0.0 + Fixed: * tcti-ldr: Use heap instead of stack when tcti initialize * Fix usage of NULL pointer if Esys_TR_SetAuth is calles with ESYS_TR_NONE. * Conditionally check user/group manipulation commands. * Store VERSION into the release tarball. * When using DESTDIR for make einstall, do not invoke systemd-sysusers and systemd-tmpfiles. * esys_iutil: fix possible NPD. * Tss2_Sys_Flushcontext: flushHandle was encoded as a handleArea handle and not as parameter one, this affected the contents of cpHash. * esys: fix allow usage of HMAC sessions for Esys_TR_FromTPMPublic. * fapi: fix usage of policy_nv with a TPM nv index. * linking tcti for libtpms against tss2-tctildr. It should be linked against tss2-mu. * build: Remove erroneous trailing comma in linker option. Bug [#2391]. * fapi: fix encoding of complex tpm2bs in authorize nv, duplication select and policy template policies. Now the complex and TPMT or TPMS representations can be used. Bug #2383 * The error message for unsupported FAPI curves was in hex without a leading 0x, make it integer output to clarify. * Documentation that had various scalar out pointers as "callee allocated". * test: build with opaque FILE structure like in musl libc. * Transient endorsement keys were not recreated according to the EK credential profile. * Evict control for a persistent EK failed during provisioning if an auth value for the storage hierarchy was set. * The authorization of the storage hierarchy is now added. Fixes FAPI: Provisioning error if an auth value is needed for the storage hierarchy #2438. * Usage of a second profile in a path was not possible because the default profile was always used. * The setting of an empty auth value for Fapi_Provision was fixed. * JSON encoding of a structure TPMS_POLICYAUTHORIZATION used the field keyPEMhashAlg instead of hashAlg as defined in "TCG TSS 2.0 JSON Data Types and Policy Language Specification". Rename to hashAlg but preserve support for reading keyPEMhashAlg for backwards compatibility. * fapi: PolicySecret did not work with keys as secret object. * Esys_PCR_SetAuthValue: remembers the auth like other SetAutg ESAPI functions. * tests: esys-pcr-auth-value.int moved to destructive tests. * FAPI: Fix double free if keystore is corrupted. * Marshaling of TPMU_CAPABILITIES data, only field intelPttProperty was broken before.a * Spec deviation in Fapi_GetDescription caused description to be NULL when it should be empty string. This is API breaking but considered a bug since it deviated from the FAPI spec. * FAPI: undefined reference to curl_url_strerror when using curl less than 7.80.0. * FAPI: Fixed support for EK templates in NV inidices per the spec, see #2518 for details. * FAPI: fix NPD in ifapi_curl logging. * FAPI: Improve documentation fapi-profile * FAPI: Fix CURL HTTP handling. * FAPI: Return FAPI_RC_IO_ERROR if a policy does not exist in keystore. + Added: * TPM version 1.59 support. * ci: ubuntu-22.04 added. * mbedTLS 3.0 is supported by ESAPI. * Add CreationHash to JSON output for usage between applications not using the FAPI keystore, like command line tools. * Reduced code size for SAPI. * Support for Runtime Switchable ESAPI Crypto Backend via Esys_SetCryptoCallbacks. * Testing for TCG EK Credential Profile TPM 2.0, Version 2.4 Rev. 3, 2021 for the low and high address range of EK templates. * tss2-rc: Tss2_RC_DecodeInfo function for parsing TSS2_RC into the various bit fields. * FAPI support for P_ECC384 profile. * tss2-rc: Tss2_RC_DecodeInfoError: Function to get a human readable error from a TSS2_RC_INFO returned by Tss2_RC_DecodeInfo * tcti: Generic SPI driver, implementors only need to connect to acquire/release, transmit/receive, and sleep/timeout functions. * FAPI: Add event logging for Firmware and IMA Events. See #2170 for details. * FAPI: Fix Fapi_ChangeAuth updates on hierarchy objects not being reflected across profiles. * FAPI: Allow keyedhash keys in PolicySigned. * ESAPI: Support sha512 for mbedtls crypto backend. * TPM2B_MAX_CAP_BUFFER and mu routines * vendor field to TPMU_CAPABILTIIES * FAPI: support for PolicyTemplate + Changed * libmu soname from 0:0:0 to 0:1:0. * tss2-sys soname from 1:0:0 to 1:1:0 * tss2-esys: from 0:0:0 to 0:1:0 * FAPI ignores vendor properties on Fapi_GetInfo * FAPI Event Logging JSON format, See #2170 for details. + Removed * Dead struct TPMS_ALGORITHM_DESCRIPTION * Dead field intelPttProperty from TPMU_CAPABILITIES * Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Marshal * Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Unmarshal ++++ rust-keylime: - Drop zmq from the feature set - Remove already merged patches: * 0001-keylime-agent-remove-const_err-deny.patch * 0001-Cargo.toml-tss-esapi-bindings.patch - Update to version 0.1.0+git.1676549716.5382ed9: * Cargo: Update clap minimum version to 3.2 * Cargo: Update uuid minimum version to 1.3 * Cargo: Update tokio minimum version to 1.24 and reduce features * build(deps): bump tss-esapi from 7.1.0 to 7.2.0 * cargo deb: include shim.py in packaging * build(deps): bump thiserror from 1.0.36 to 1.0.38 * keylime-agent.conf: Add comments on how to override options * config: Fix overriding options with env vars * Add missing e2e tests and reordering tests based on alphabetical order * e2e tests: Fix test name * Store associated U keys, auth tags, and payloads together * Refactor ZeroMQ revocation listener to not block * keylime-agent: Gracefully shutdown on SIGINT * Refactor async code for keys and payloads * main: Move payload related functions to payloads module * main: Run ZeroMQ service in a separate task * Remove unused option "openstack" for obtaining uuid * algorithms: fix typo * clippy: fix uninlined_format_args warnings * clippy: fix needless_borrow warnings * crypto, mTLS: allow certificate chain for trusted_client_ca * build(deps): bump base64 from 0.13.0 to 0.13.1 * build(deps): bump serde_json from 1.0.85 to 1.0.91 * build(deps): bump libc from 0.2.133 to 0.2.139 * build(deps): bump bumpalo from 3.11.0 to 3.12.0 * build(deps): bump futures from 0.3.24 to 0.3.25 * Cargo.toml: tss-esapi bindings * packit-ci: Disable Rawhide due to agent compilation issues * packit-ci: Add hotfix for tpm2-tss Fedora BZ#2158598 * keylime-agent: remove const_err deny * build(deps): bump tokio from 1.23.0 to 1.24.2 ++++ tpm2.0-tools: - Update to version 5.5 + Added: * tpm2_createek: SM2 EK Support * misc: SM2 support to internal OSSL format key routines. Fixes - -format flags for conversions. + Fixed: * echo_tcti.py: set to use python3 named executable in shebang. - Drop already merged patches + fix_bogus_warning.patch + echo_tcti_call_python3_binary.patch ------------------------------------------------------------------ ------------------ 2023-2-15 - Feb 15 2023 ------------------- ------------------------------------------------------------------ ++++ grub2: - Refresh 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch to handle the TPM2 responseCode correctly. ++++ kernel-default: - Linux 6.1.12 (bsc#1012628). - Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions (bsc#1012628). - KVM: x86: Mitigate the cross-thread return address predictions bug (bsc#1012628). - x86/speculation: Identify processors vulnerable to SMT RSB predictions (bsc#1012628). - drm/i915: Fix VBT DSI DVO port handling (bsc#1012628). - drm/i915: Initialize the obj flags for shmem objects (bsc#1012628). - drm/i915: Move fd_install after last use of fence (bsc#1012628). - drm/amd/display: fix cursor offset on rotation 180 (bsc#1012628). - drm/amd/display: properly handling AGP aperture in vm setup (bsc#1012628). - drm/amdgpu/smu: skip pptable init under sriov (bsc#1012628). - drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (bsc#1012628). - drm/amd/pm: bump SMU 13.0.7 driver_if header version (bsc#1012628). - drm/amdgpu: Add unique_id support for GC 11.0.1/2 (bsc#1012628). - drm/amd/pm: bump SMU 13.0.0 driver_if header version (bsc#1012628). - arm64: efi: Force the use of SetVirtualAddressMap() on eMAG and Altra Max machines (bsc#1012628). - Fix page corruption caused by racy check in __free_pages (bsc#1012628). - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (bsc#1012628). - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (bsc#1012628). - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (bsc#1012628). - rtmutex: Ensure that the top waiter is always woken up (bsc#1012628). - tracing: Fix TASK_COMM_LEN in trace event format file (bsc#1012628). - drm/amdgpu: Use the TGID for trace_amdgpu_vm_update_ptes (bsc#1012628). - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1012628). - riscv: kprobe: Fixup misaligned load text (bsc#1012628). - riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte (bsc#1012628). - nvdimm: Support sizeof(struct page) > MAX_STRUCT_PAGE_SIZE (bsc#1012628). - ceph: flush cap releases when the session is flushed (bsc#1012628). - drm/amd/pm: add SMU 13.0.7 missing GetPptLimit message mapping (bsc#1012628). - pinctrl: qcom: sm8450-lpass-lpi: correct swr_rx_data group (bsc#1012628). - clk: ingenic: jz4760: Update M/N/OD calculation algorithm (bsc#1012628). - cxl/region: Fix passthrough-decoder detection (bsc#1012628). - cxl/region: Fix null pointer dereference for resetting decoder (bsc#1012628). - usb: typec: altmodes/displayport: Fix probe pin assign check (bsc#1012628). - usb: core: add quirk for Alcor Link AK9563 smartcard reader (bsc#1012628). - btrfs: free device in btrfs_close_devices for a single device filesystem (bsc#1012628). - btrfs: simplify update of last_dir_index_offset when logging a directory (bsc#1012628). - selftests: mptcp: stop tests earlier (bsc#1012628). - selftests: mptcp: allow more slack for slow test-case (bsc#1012628). - mptcp: be careful on subflow status propagation on errors (bsc#1012628). - mptcp: do not wait for bare sockets' timeout (bsc#1012628). - net: USB: Fix wrong-direction WARNING in plusb.c (bsc#1012628). - cifs: Fix use-after-free in rdata->read_into_pages() (bsc#1012628). - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (bsc#1012628). - pinctrl: aspeed: Revert "Force to disable the function's signal" (bsc#1012628). - spi: dw: Fix wrong FIFO level setting for long xfers (bsc#1012628). - pinctrl: single: fix potential NULL dereference (bsc#1012628). - pinctrl: aspeed: Fix confusing types in return value (bsc#1012628). - pinctrl: mediatek: Fix the drive register definition of some Pins (bsc#1012628). - clk: microchip: mpfs-ccc: Use devm_kasprintf() for allocating formatted strings (bsc#1012628). - ASoC: topology: Return -ENOMEM on memory allocation failure (bsc#1012628). - ASoC: fsl_sai: fix getting version from VERID (bsc#1012628). - ASoC: tas5805m: add missing page switch (bsc#1012628). - ASoC: tas5805m: rework to avoid scheduling while atomic (bsc#1012628). - arm64: dts: mediatek: mt8195: Fix vdosys* compatible strings (bsc#1012628). - riscv: stacktrace: Fix missing the first frame (bsc#1012628). - ALSA: pci: lx6464es: fix a debug loop (bsc#1012628). - arm64: dts: rockchip: set sdmmc0 speed to sd-uhs-sdr50 on rock-3a (bsc#1012628). - arm64: dts: rockchip: fix input enable pinconf on rk3399 (bsc#1012628). - selftests: forwarding: lib: quote the sysctl values (bsc#1012628). - net: mscc: ocelot: fix all IPv6 getting trapped to CPU when PTP timestamping is used (bsc#1012628). - rds: rds_rm_zerocopy_callback() use list_first_entry() (bsc#1012628). - selftests: Fix failing VXLAN VNI filtering test (bsc#1012628). - txhash: fix sk->sk_txrehash default (bsc#1012628). - net: ethernet: mtk_eth_soc: fix wrong parameters order in __xdp_rxq_info_reg() (bsc#1012628). - igc: Add ndo_tx_timeout support (bsc#1012628). - net/mlx5: Serialize module cleanup with reload and remove (bsc#1012628). - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (bsc#1012628). - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (bsc#1012628). - net/mlx5: Expose SF firmware pages counter (bsc#1012628). - net/mlx5: Store page counters in a single array (bsc#1012628). - net/mlx5e: IPoIB, Show unknown speed instead of error (bsc#1012628). - net/mlx5e: Fix crash unsetting rx-vlan-filter in switchdev mode (bsc#1012628). - net/mlx5: Bridge, fix ageing of peer FDB entries (bsc#1012628). - net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (bsc#1012628). - net: mscc: ocelot: fix VCAP filters not matching on MAC with "protocol 802.1Q" (bsc#1012628). - net: dsa: mt7530: don't change PVC_EG_TAG when CPU port becomes VLAN-aware (bsc#1012628). - ice: switch: fix potential memleak in ice_add_adv_recipe() (bsc#1012628). - ice: Fix disabling Rx VLAN filtering with port VLAN enabled (bsc#1012628). - ice: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1012628). - nvidiafb: detect the hardware support before removing console (bsc#1012628). - cpuset: Call set_cpus_allowed_ptr() with appropriate mask for task (bsc#1012628). - drm/virtio: exbuf->fence_fd unmodified on interrupted wait (bsc#1012628). - drm/i915: Don't do the WM0->WM1 copy w/a if WM1 is already enabled (bsc#1012628). - HID: amd_sfh: if no sensors are enabled, clean up (bsc#1012628). - net: microchip: sparx5: fix PTP init/deinit not checking all ports (bsc#1012628). - uapi: add missing ip/ipv6 header dependencies for linux/stddef.h (bsc#1012628). - cpufreq: qcom-hw: Fix cpufreq_driver->get() for non-LMH systems (bsc#1012628). - ionic: missed doorbell workaround (bsc#1012628). - ionic: refactor use of ionic_rx_fill() (bsc#1012628). - ionic: clean interrupt before enabling queue to avoid credit race (bsc#1012628). - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (bsc#1012628). - net: macb: Perform zynqmp dynamic configuration only for SGMII interface (bsc#1012628). - bonding: fix error checking in bond_debug_reregister() (bsc#1012628). - net: phylink: move phy_device_free() to correctly release phy device (bsc#1012628). - of: Make OF framebuffer device names unique (bsc#1012628). - xfrm: fix bug with DSCP copy to v6 from v4 tunnel (bsc#1012628). - RDMA/usnic: use iommu_map_atomic() under spin_lock() (bsc#1012628). - RDMA/irdma: Fix potential NULL-ptr-dereference (bsc#1012628). - xfrm: annotate data-race around use_time (bsc#1012628). - IB/IPoIB: Fix legacy IPoIB due to wrong number of queues (bsc#1012628). - xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() (bsc#1012628). - IB/hfi1: Restore allocated resources on failed copyout (bsc#1012628). - xfrm: compat: change expression for switch in xfrm_xlate64 (bsc#1012628). - HID: logitech: Disable hi-res scrolling on USB (bsc#1012628). - can: j1939: do not wait 250 ms if the same addr was already claimed (bsc#1012628). - of/address: Return an error when no valid dma-ranges are found (bsc#1012628). - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (bsc#1012628). - Revert "PCI/ASPM: Refactor L1 PM Substates Control Register programming" (bsc#1012628). - Revert "PCI/ASPM: Save L1 PM Substates Capability for suspend/resume" (bsc#1012628). - ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP platform (bsc#1012628). - ALSA: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (bsc#1012628). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (bsc#1012628). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (bsc#1012628). - ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (bsc#1012628). - ALSA: hda/realtek: Add Positivo N14KP6-TG (bsc#1012628). - btrfs: zlib: zero-initialize zlib workspace (bsc#1012628). - btrfs: limit device extents to the device size (bsc#1012628). - hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (bsc#1012628). - commit 373f017 ------------------------------------------------------------------ ------------------ 2023-2-14 - Feb 14 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update patches.kernel.org/6.1.5-127-x86-bugs-Flush-IBP-in-ib_prctl_set.patch (bsc#1012628 bsc#1207773 CVE-2023-0045). Add refereces. - commit 69a37c0 - Update config files. Enable budget-ci module (bsc#1206774) Needed for saa7146 support. - commit 1fa8f94 - Removed the support of EINJ (bsc#1023051, CVE-2016-3695) - Update config files. - supported.conf: removed drivers/acpi/apei/einj support. - commit 0a54635 ------------------------------------------------------------------ ------------------ 2023-2-10 - Feb 10 2023 ------------------- ------------------------------------------------------------------ ++++ grub2: - Add module for boot loader interface. Needed for load Unified Kernel Image (UKI) * grub2-add-module-for-boot-loader-interface.patch ------------------------------------------------------------------ ------------------ 2023-2-9 - Feb 9 2023 ------------------- ------------------------------------------------------------------ ++++ grub2: - Amend the TPM2 stack and add authorized policy mode to tpm2_key_protector * 0001-tpm2-adjust-the-input-parameters-of-TPM2_EvictContro.patch * 0002-tpm2-declare-the-input-arguments-of-TPM2-functions-a.patch * 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch * 0004-tpm2-add-new-TPM2-types-structures-and-command-const.patch * 0005-tpm2-add-more-marshal-unmarshal-functions.patch * 0006-tpm2-check-the-command-parameters-of-TPM2-commands.patch * 0007-tpm2-pack-the-missing-authorization-command-for-TPM2.patch * 0008-tpm2-allow-some-command-parameters-to-be-NULL.patch * 0009-tpm2-remove-the-unnecessary-variables.patch * 0010-tpm2-add-TPM2-commands-to-support-authorized-policy.patch * 0011-tpm2-make-the-file-reading-unmarshal-functions-gener.patch * 0012-tpm2-initialize-the-PCR-selection-list-early.patch * 0013-tpm2-support-unsealing-key-with-authorized-policy.patch ++++ kernel-default: - Linux 6.1.11 (bsc#1012628). - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (bsc#1012628). - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (bsc#1012628). - arm64: dts: imx8m-venice: Remove incorrect 'uart-has-rtscts' (bsc#1012628). - arm64: dts: freescale: imx8dxl: fix sc_pwrkey's property name linux,keycode (bsc#1012628). - ASoC: amd: acp-es8336: Drop reference count of ACPI device after use (bsc#1012628). - ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device after use (bsc#1012628). - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (bsc#1012628). - ASoC: Intel: bytcr_rt5640: Drop reference count of ACPI device after use (bsc#1012628). - ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (bsc#1012628). - ASoC: Intel: sof_es8336: Drop reference count of ACPI device after use (bsc#1012628). - ASoC: Intel: avs: Implement PCI shutdown (bsc#1012628). - bpf: Fix off-by-one error in bpf_mem_cache_idx() (bsc#1012628). - bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (bsc#1012628). - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (bsc#1012628). - bpf: Fix to preserve reg parent/live fields when copying range info (bsc#1012628). - selftests/filesystems: grant executable permission to run_fat_tests.sh (bsc#1012628). - ASoC: SOF: ipc4-mtrace: prevent underflow in sof_ipc4_priority_mask_dfs_write() (bsc#1012628). - bpf: Add missing btf_put to register_btf_id_dtor_kfuncs (bsc#1012628). - media: v4l2-ctrls-api.c: move ctrl->is_new = 1 to the correct line (bsc#1012628). - bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener (bsc#1012628). - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (bsc#1012628). - arm64: dts: imx8mm-verdin: Do not power down eth-phy (bsc#1012628). - drm/vc4: hdmi: make CEC adapter name unique (bsc#1012628). - drm/ssd130x: Init display before the SSD130X_DISPLAY_ON command (bsc#1012628). - scsi: Revert "scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT" (bsc#1012628). - bpf: Fix the kernel crash caused by bpf_setsockopt() (bsc#1012628). - ALSA: memalloc: Workaround for Xen PV (bsc#1012628). - vhost/net: Clear the pending messages when the backend is removed (bsc#1012628). - copy_oldmem_kernel() - WRITE is "data source", not destination (bsc#1012628). - WRITE is "data source", not destination.. (bsc#1012628). - READ is "data destination", not source.. (bsc#1012628). - zcore: WRITE is "data source", not destination.. (bsc#1012628). - memcpy_real(): WRITE is "data source", not destination.. (bsc#1012628). - fix iov_iter_bvec() "direction" argument (bsc#1012628). - fix 'direction' argument of iov_iter_{init,bvec}() (bsc#1012628). - fix "direction" argument of iov_iter_kvec() (bsc#1012628). - use less confusing names for iov_iter direction initializers (bsc#1012628). - vhost-scsi: unbreak any layout for response (bsc#1012628). - ice: Prevent set_channel from changing queues while RDMA active (bsc#1012628). - qede: execute xdp_do_flush() before napi_complete_done() (bsc#1012628). - virtio-net: execute xdp_do_flush() before napi_complete_done() (bsc#1012628). - dpaa_eth: execute xdp_do_flush() before napi_complete_done() (bsc#1012628). - dpaa2-eth: execute xdp_do_flush() before napi_complete_done() (bsc#1012628). - skb: Do mix page pool and page referenced frags in GRO (bsc#1012628). - sfc: correctly advertise tunneled IPv6 segmentation (bsc#1012628). - net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (bsc#1012628). - net: wwan: t7xx: Fix Runtime PM initialization (bsc#1012628). - block, bfq: replace 0/1 with false/true in bic apis (bsc#1012628). - block, bfq: fix uaf for bfqq in bic_set_bfqq() (bsc#1012628). - netrom: Fix use-after-free caused by accept on already connected socket (bsc#1012628). - fscache: Use wait_on_bit() to wait for the freeing of relinquished volume (bsc#1012628). - platform/x86/amd/pmf: update to auto-mode limits only after AMT event (bsc#1012628). - platform/x86/amd/pmf: Add helper routine to update SPS thermals (bsc#1012628). - platform/x86/amd/pmf: Fix to update SPS default pprof thermals (bsc#1012628). - platform/x86/amd/pmf: Add helper routine to check pprof is balanced (bsc#1012628). - platform/x86/amd/pmf: Fix to update SPS thermals when power supply change (bsc#1012628). - platform/x86/amd/pmf: Ensure mutexes are initialized before use (bsc#1012628). - platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1012628). - drm/i915/guc: Fix locking when searching for a hung request (bsc#1012628). - drm/i915: Fix request ref counting during error capture & debugfs dump (bsc#1012628). - drm/i915: Fix up locking around dumping requests lists (bsc#1012628). - drm/i915/adlp: Fix typo for reference clock (bsc#1012628). - net/tls: tls_is_tx_ready() checked list_entry (bsc#1012628). - ALSA: firewire-motu: fix unreleased lock warning in hwdep device (bsc#1012628). - netfilter: br_netfilter: disable sabotage_in hook after first suppression (bsc#1012628). - block: ublk: extending queue_size to fix overflow (bsc#1012628). - kunit: fix kunit_test_init_section_suites(...) (bsc#1012628). - squashfs: harden sanity check in squashfs_read_xattr_id_table (bsc#1012628). - maple_tree: should get pivots boundary by type (bsc#1012628). - sctp: do not check hb_timer.expires when resetting hb_timer (bsc#1012628). - net: phy: meson-gxl: Add generic dummy stubs for MMD register access (bsc#1012628). - drm/panel: boe-tv101wum-nl6: Ensure DSI writes succeed during disable (bsc#1012628). - ip/ip6_gre: Fix changing addr gen mode not generating IPv6 link local address (bsc#1012628). - ip/ip6_gre: Fix non-point-to-point tunnel not generating IPv6 link local address (bsc#1012628). - riscv: kprobe: Fixup kernel panic when probing an illegal position (bsc#1012628). - igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (bsc#1012628). - octeontx2-af: Fix devlink unregister (bsc#1012628). - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (bsc#1012628). - can: raw: fix CAN FD frame transmissions over CAN XL devices (bsc#1012628). - can: mcp251xfd: mcp251xfd_ring_set_ringparam(): assign missing tx_obj_num_coalesce_irq (bsc#1012628). - ata: libata: Fix sata_down_spd_limit() when no link speed is reported (bsc#1012628). - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (bsc#1012628). - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (bsc#1012628). - selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (bsc#1012628). - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (bsc#1012628). - virtio-net: Keep stop() to follow mirror sequence of open() (bsc#1012628). - net: openvswitch: fix flow memory leak in ovs_flow_cmd_new (bsc#1012628). - efi: fix potential NULL deref in efi_mem_reserve_persistent (bsc#1012628). - rtc: sunplus: fix format string for printing resource (bsc#1012628). - certs: Fix build error when PKCS#11 URI contains semicolon (bsc#1012628). - kbuild: modinst: Fix build error when CONFIG_MODULE_SIG_KEY is a PKCS#11 URI (bsc#1012628). - i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (bsc#1012628). - i2c: mxs: suppress probe-deferral error message (bsc#1012628). - scsi: target: core: Fix warning on RT kernels (bsc#1012628). - x86/aperfmperf: Erase stale arch_freq_scale values when disabling frequency invariance readings (bsc#1012628). - perf/x86/intel: Add Emerald Rapids (bsc#1012628). - perf/x86/intel/cstate: Add Emerald Rapids (bsc#1012628). - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (bsc#1012628). - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (bsc#1012628). - i2c: rk3x: fix a bunch of kernel-doc warnings (bsc#1012628). - Revert "gfs2: stop using generic_writepages in gfs2_ail1_start_one" (bsc#1012628). - x86/build: Move '-mindirect-branch-cs-prefix' out of GCC-only block (bsc#1012628). - platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (bsc#1012628). - platform/x86: hp-wmi: Handle Omen Key event (bsc#1012628). - platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (bsc#1012628). - platform/x86/amd: pmc: Disable IRQ1 wakeup for RN/CZN (bsc#1012628). - net/x25: Fix to not accept on connected socket (bsc#1012628). - drm/amd/display: Fix timing not changning when freesync video is enabled (bsc#1012628). - bcache: Silence memcpy() run-time false positive warnings (bsc#1012628). - iio: adc: stm32-dfsdm: fill module aliases (bsc#1012628). - usb: dwc3: qcom: enable vbus override when in OTG dr-mode (bsc#1012628). - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (bsc#1012628). - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (bsc#1012628). - fbcon: Check font dimension limits (bsc#1012628). - cgroup/cpuset: Fix wrong check in update_parent_subparts_cpumask() (bsc#1012628). - hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (bsc#1012628). - ARM: dts: imx7d-smegw01: Fix USB host over-current polarity (bsc#1012628). - net: qrtr: free memory on error path in radix_tree_insert() (bsc#1012628). - can: isotp: split tx timer into transmission and timeout (bsc#1012628). - can: isotp: handle wait_event_interruptible() return values (bsc#1012628). - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1012628). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1012628). - ALSA: hda/realtek: Add Acer Predator PH315-54 (bsc#1012628). - ALSA: hda/realtek: fix mute/micmute LEDs, speaker don't work for a HP platform (bsc#1012628). - ASoC: codecs: wsa883x: correct playback min/max rates (bsc#1012628). - ASoC: SOF: sof-audio: unprepare when swidget->use_count > 0 (bsc#1012628). - ASoC: SOF: sof-audio: skip prepare/unprepare if swidget is NULL (bsc#1012628). - ASoC: SOF: keep prepare/unprepare widgets in sink path (bsc#1012628). - efi: Accept version 2 of memory attributes table (bsc#1012628). - rtc: efi: Enable SET/GET WAKEUP services as optional (bsc#1012628). - iio: hid: fix the retval in accel_3d_capture_sample (bsc#1012628). - iio: hid: fix the retval in gyro_3d_capture_sample (bsc#1012628). - iio: adc: xilinx-ams: fix devm_krealloc() return value check (bsc#1012628). - iio: adc: berlin2-adc: Add missing of_node_put() in error path (bsc#1012628). - iio: imx8qxp-adc: fix irq flood when call imx8qxp_adc_read_raw() (bsc#1012628). - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (bsc#1012628). - iio: light: cm32181: Fix PM support on system with 2 I2C resources (bsc#1012628). - iio: imu: fxos8700: fix ACCEL measurement range selection (bsc#1012628). - iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (bsc#1012628). - iio: imu: fxos8700: fix IMU data bits returned to user space (bsc#1012628). - iio: imu: fxos8700: fix map label of channel type to MAGN sensor (bsc#1012628). - iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (bsc#1012628). - iio: imu: fxos8700: fix incorrect ODR mode readback (bsc#1012628). - iio: imu: fxos8700: fix failed initialization ODR mode assignment (bsc#1012628). - iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (bsc#1012628). - iio: imu: fxos8700: fix MAGN sensor scale and unit (bsc#1012628). - nvmem: brcm_nvram: Add check for kzalloc (bsc#1012628). - nvmem: sunxi_sid: Always use 32-bit MMIO reads (bsc#1012628). - nvmem: qcom-spmi-sdam: fix module autoloading (bsc#1012628). - parisc: Fix return code of pdc_iodc_print() (bsc#1012628). - parisc: Replace hardcoded value with PRIV_USER constant in ptrace.c (bsc#1012628). - parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case (bsc#1012628). - riscv: disable generation of unwind tables (bsc#1012628). - Revert "mm: kmemleak: alloc gray object for reserved region with direct map" (bsc#1012628). - mm: multi-gen LRU: fix crash during cgroup migration (bsc#1012628). - mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps (bsc#1012628). - mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1012628). - usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (bsc#1012628). - usb: typec: ucsi: Don't attempt to resume the ports before they exist (bsc#1012628). - usb: gadget: udc: do not clear gadget driver.bus (bsc#1012628). - kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup() (bsc#1012628). - HV: hv_balloon: fix memory leak with using debugfs_lookup() (bsc#1012628). - x86/debug: Fix stack recursion caused by wrongly ordered DR7 accesses (bsc#1012628). - fpga: m10bmc-sec: Fix probe rollback (bsc#1012628). - fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (bsc#1012628). - mm/uffd: fix pte marker when fork() without fork event (bsc#1012628). - mm/swapfile: add cond_resched() in get_swap_pages() (bsc#1012628). - mm/khugepaged: fix ->anon_vma race (bsc#1012628). - mm/MADV_COLLAPSE: catch !none !huge !bad pmd lookups (bsc#1012628). - highmem: round down the address passed to kunmap_flush_on_unmap() (bsc#1012628). - ia64: fix build error due to switch case label appearing next to declaration (bsc#1012628). - Squashfs: fix handling and sanity checking of xattr_ids count (bsc#1012628). - maple_tree: fix mas_empty_area_rev() lower bound validation (bsc#1012628). - migrate: hugetlb: check for hugetlb shared PMD in node migration (bsc#1012628). - dma-buf: actually set signaling bit for private stub fences (bsc#1012628). - serial: stm32: Merge hard IRQ and threaded IRQ handling into single IRQ handler (bsc#1012628). - drm/i915: Avoid potential vm use-after-free (bsc#1012628). - drm/i915: Fix potential bit_17 double-free (bsc#1012628). - drm/amd: Fix initialization for nbio 4.3.0 (bsc#1012628). - drm/amd/pm: drop unneeded dpm features disablement for SMU 13.0.4/11 (bsc#1012628). - drm/amdgpu: update wave data type to 3 for gfx11 (bsc#1012628). - nvmem: core: initialise nvmem->id early (bsc#1012628). - nvmem: core: remove nvmem_config wp_gpio (bsc#1012628). - nvmem: core: fix cleanup after dev_set_name() (bsc#1012628). - nvmem: core: fix registration vs use race (bsc#1012628). - nvmem: core: fix device node refcounting (bsc#1012628). - nvmem: core: fix cell removal on error (bsc#1012628). - nvmem: core: fix return value (bsc#1012628). - phy: qcom-qmp-combo: fix runtime suspend (bsc#1012628). - serial: 8250_dma: Fix DMA Rx completion race (bsc#1012628). - serial: 8250_dma: Fix DMA Rx rearm race (bsc#1012628). - platform/x86/amd: pmc: add CONFIG_SERIO dependency (bsc#1012628). - ASoC: SOF: sof-audio: prepare_widgets: Check swidget for NULL on sink failure (bsc#1012628). - iio:adc:twl6030: Enable measurement of VAC (bsc#1012628). - powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1012628). - powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1012628). - powerpc/imc-pmu: Revert nest_init_lock to being a mutex (bsc#1012628). - fs/ntfs3: Validate attribute data and valid sizes (bsc#1012628). - ovl: Use "buf" flexible array for memcpy() destination (bsc#1012628). - f2fs: initialize locks earlier in f2fs_fill_super() (bsc#1012628). - fbdev: smscufx: fix error handling code in ufx_usb_probe (bsc#1012628). - f2fs: fix to do sanity check on i_extra_isize in is_alive() (bsc#1012628). - wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads (bsc#1012628). - gfs2: Cosmetic gfs2_dinode_{in,out} cleanup (bsc#1012628). - gfs2: Always check inode size of inline inodes (bsc#1012628). - bpf: Skip invalid kfunc call in backtrack_insn (bsc#1012628). - commit 16a4964 ------------------------------------------------------------------ ------------------ 2023-2-8 - Feb 8 2023 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 4.1.3 - Suppress SELinux relabelling output in quiet mode - Documentation readability improvements ++++ grub2: - Fix nvmf boot device setup (bsc#1207811) * 0001-grub2-Can-t-setup-a-default-boot-device-correctly-on.patch ------------------------------------------------------------------ ------------------ 2023-2-7 - Feb 7 2023 ------------------- ------------------------------------------------------------------ ++++ grub2: - Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064) * 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch ++++ kernel-default: - mm, mremap: fix mremap() expanding for vma's with vm_ops->close() (bsc#1206359). Update to upstream version. - commit 82ff25b ------------------------------------------------------------------ ------------------ 2023-2-6 - Feb 6 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Linux 6.1.10 (bsc#1012628). - net: mctp: purge receive queues on sk destruction (bsc#1012628). - rust: print: avoid evaluating arguments in `pr_*` macros in `unsafe` blocks (bsc#1012628). - net: fix NULL pointer in skb_segment_list (bsc#1012628). - gpiolib-acpi: Don't set GPIOs for wakeup in S3 mode (bsc#1012628). - gpiolib: acpi: Add a ignore wakeup quirk for Clevo NL5xRU (bsc#1012628). - nvme-apple: only reset the controller when RTKit is running (bsc#1012628). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1012628). - gpiolib: acpi: Allow ignoring wake capability on pins that aren't in _AEI (bsc#1012628). - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (bsc#1012628). - HID: playstation: sanity check DualSense calibration data (bsc#1012628). - HID: uclogic: Add support for XP-PEN Deco 01 V2 (bsc#1012628). - s390: workaround invalid gcc-11 out of bounds read warning (bsc#1012628). - block: fix hctx checks for batch allocation (bsc#1012628). - ACPI: video: Add backlight=native DMI quirk for Acer Aspire 4810T (bsc#1012628). - LoongArch: Get frame info in unwind_start() when regs is not available (bsc#1012628). - blk-cgroup: fix missing pd_online_fn() while activating policy (bsc#1012628). - erofs: clean up parsing of fscache related options (bsc#1012628). - kselftest: Fix error message for unconfigured LLVM builds (bsc#1012628). - ARM: omap1: fix building gpio15xx (bsc#1012628). - arm64: dts: msm8994-angler: fix the memory map (bsc#1012628). - mac80211: Fix MLO address translation for multiple bss case (bsc#1012628). - erofs/zmap.c: Fix incorrect offset calculation (bsc#1012628). - bpf: Skip task with pid=1 in send_signal_common() (bsc#1012628). - firmware: arm_scmi: Clear stale xfer->hdr.status (bsc#1012628). - arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (bsc#1012628). - arm64: dts: freescale: Fix pca954x i2c-mux node names (bsc#1012628). - ARM: dts: vf610: Fix pca9548 i2c-mux node names (bsc#1012628). - ARM: dts: imx: Fix pca9547 i2c-mux node name (bsc#1012628). - commit 2a0570b ------------------------------------------------------------------ ------------------ 2023-2-4 - Feb 4 2023 ------------------- ------------------------------------------------------------------ ++++ grub2: - Fix GCC 13 build failure (bsc#1201089) * 0002-AUDIT-0-http-boot-tracker-bug.patch ------------------------------------------------------------------ ------------------ 2023-2-1 - Feb 1 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Linux 6.1.9 (bsc#1012628). - memory: tegra: Remove clients SID override programming (bsc#1012628). - memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (bsc#1012628). - memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (bsc#1012628). - arm64: dts: qcom: sc8280xp: fix primary USB-DP PHY reset (bsc#1012628). - dmaengine: qcom: gpi: Set link_rx bit on GO TRE for rx operation (bsc#1012628). - dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (bsc#1012628). - soc: imx: imx8mp-blk-ctrl: enable global pixclk with HDMI_TX_PHY PD (bsc#1012628). - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (bsc#1012628). - ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (bsc#1012628). - ARM: dts: imx7d-pico: Use 'clock-frequency' (bsc#1012628). - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (bsc#1012628). - arm64: dts: verdin-imx8mm: fix dahlia audio playback (bsc#1012628). - arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (bsc#1012628). - arm64: dts: verdin-imx8mm: fix dev board audio playback (bsc#1012628). - arm64: dts: imx93-11x11-evk: correct clock and strobe pad setting (bsc#1012628). - ARM: imx: add missing of_node_put() (bsc#1012628). - soc: imx: imx8mp-blk-ctrl: don't set power device name (bsc#1012628). - arm64: dts: imx8mp: Fix missing GPC Interrupt (bsc#1012628). - arm64: dts: imx8mp: Fix power-domain typo (bsc#1012628). - arm64: dts: imx8mp-evk: pcie0-refclk cosmetic cleanup (bsc#1012628). - HID: intel_ish-hid: Add check for ishtp_dma_tx_map (bsc#1012628). - arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (bsc#1012628). - soc: imx8m: Fix incorrect check for of_clk_get_by_name() (bsc#1012628). - reset: ti-sci: honor TI_SCI_PROTOCOL setting when not COMPILE_TEST (bsc#1012628). - reset: uniphier-glue: Fix possible null-ptr-deref (bsc#1012628). - EDAC/highbank: Fix memory leak in highbank_mc_probe() (bsc#1012628). - firmware: arm_scmi: Harden shared memory access in fetch_response (bsc#1012628). - firmware: arm_scmi: Harden shared memory access in fetch_notification (bsc#1012628). - firmware: arm_scmi: Fix virtio channels cleanup on shutdown (bsc#1012628). - interconnect: qcom: msm8996: Provide UFS clocks to A2NoC (bsc#1012628). - interconnect: qcom: msm8996: Fix regmap max_register values (bsc#1012628). - HID: amd_sfh: Fix warning unwind goto (bsc#1012628). - tomoyo: fix broken dependency on *.conf.default (bsc#1012628). - RDMA/rxe: Fix inaccurate constants in rxe_type_info (bsc#1012628). - RDMA/rxe: Prevent faulty rkey generation (bsc#1012628). - erofs: fix kvcalloc() misuse with __GFP_NOFAIL (bsc#1012628). - arm64: dts: marvell: AC5/AC5X: Fix address for UART1 (bsc#1012628). - RDMA/core: Fix ib block iterator counter overflow (bsc#1012628). - IB/hfi1: Reject a zero-length user expected buffer (bsc#1012628). - IB/hfi1: Reserve user expected TIDs (bsc#1012628). - IB/hfi1: Fix expected receive setup error exit issues (bsc#1012628). - IB/hfi1: Immediately remove invalid memory from hardware (bsc#1012628). - IB/hfi1: Remove user expected buffer invalidate race (bsc#1012628). - affs: initialize fsdata in affs_truncate() (bsc#1012628). - PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (bsc#1012628). - arm64: dts: qcom: msm8992: Don't use sfpb mutex (bsc#1012628). - arm64: dts: qcom: msm8992-libra: Fix the memory map (bsc#1012628). - kbuild: export top-level LDFLAGS_vmlinux only to scripts/Makefile.vmlinux (bsc#1012628). - kbuild: fix 'make modules' error when CONFIG_DEBUG_INFO_BTF_MODULES=y (bsc#1012628). - phy: ti: fix Kconfig warning and operator precedence (bsc#1012628). - drm/msm/gpu: Fix potential double-free (bsc#1012628). - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (bsc#1012628). - ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (bsc#1012628). - drm/vc4: bo: Fix drmm_mutex_init memory hog (bsc#1012628). - phy: usb: sunplus: Fix potential null-ptr-deref in sp_usb_phy_probe() (bsc#1012628). - bpf: hash map, avoid deadlock with suitable hash mask (bsc#1012628). - amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent (bsc#1012628). - amd-xgbe: Delay AN timeout during KR training (bsc#1012628). - bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1012628). - drm/vc4: bo: Fix unused variable warning (bsc#1012628). - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (bsc#1012628). - net: nfc: Fix use-after-free in local_cleanup() (bsc#1012628). - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (bsc#1012628). - net: enetc: avoid deadlock in enetc_tx_onestep_tstamp() (bsc#1012628). - net: lan966x: add missing fwnode_handle_put() for ports node (bsc#1012628). - sch_htb: Avoid grafting on htb_destroy_class_offload when destroying htb (bsc#1012628). - gpio: mxc: Protect GPIO irqchip RMW with bgpio spinlock (bsc#1012628). - gpio: mxc: Always set GPIOs used as interrupt source to INPUT mode (bsc#1012628). - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (bsc#1012628). - pinctrl: rockchip: fix reading pull type on rk3568 (bsc#1012628). - net: stmmac: Fix queue statistics reading (bsc#1012628). - net/sched: sch_taprio: fix possible use-after-free (bsc#1012628). - l2tp: convert l2tp_tunnel_list to idr (bsc#1012628). - l2tp: close all race conditions in l2tp_tunnel_register() (bsc#1012628). - net: usb: sr9700: Handle negative len (bsc#1012628). - net: mdio: validate parameter addr in mdiobus_get_phy() (bsc#1012628). - HID: check empty report_list in hid_validate_values() (bsc#1012628). - HID: check empty report_list in bigben_probe() (bsc#1012628). - net: stmmac: fix invalid call to mdiobus_get_phy() (bsc#1012628). - pinctrl: rockchip: fix mux route data for rk3568 (bsc#1012628). - ARM: dts: stm32: Fix qspi pinctrl phandle for stm32mp15xx-dhcor-som (bsc#1012628). - ARM: dts: stm32: Fix qspi pinctrl phandle for stm32mp15xx-dhcom-som (bsc#1012628). - ARM: dts: stm32: Fix qspi pinctrl phandle for stm32mp157c-emstamp-argon (bsc#1012628). - ARM: dts: stm32: Fix qspi pinctrl phandle for stm32mp151a-prtt1l (bsc#1012628). - HID: revert CHERRY_MOUSE_000C quirk (bsc#1012628). - block/rnbd-clt: fix wrong max ID in ida_alloc_max (bsc#1012628). - usb: ucsi: Ensure connector delayed work items are flushed (bsc#1012628). - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (bsc#1012628). - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (bsc#1012628). - netfilter: conntrack: handle tcp challenge acks during connection reuse (bsc#1012628). - Bluetooth: Fix a buffer overflow in mgmt_mesh_add() (bsc#1012628). - Bluetooth: hci_conn: Fix memory leaks (bsc#1012628). - Bluetooth: hci_sync: fix memory leak in hci_update_adv_data() (bsc#1012628). - Bluetooth: ISO: Avoid circular locking dependency (bsc#1012628). - Bluetooth: ISO: Fix possible circular locking dependency (bsc#1012628). - Bluetooth: hci_event: Fix Invalid wait context (bsc#1012628). - Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (bsc#1012628). - net: ipa: disable ipa interrupt during suspend (bsc#1012628). - net/mlx5e: Avoid false lock dependency warning on tc_ht even more (bsc#1012628). - net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (bsc#1012628). - net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (bsc#1012628). - net/mlx5e: Set decap action based on attr for sample (bsc#1012628). - net/mlx5: E-switch, Fix switchdev mode after devlink reload (bsc#1012628). - net: mlx5: eliminate anonymous module_init & module_exit (bsc#1012628). - drm/panfrost: fix GENERIC_ATOMIC64 dependency (bsc#1012628). - dmaengine: Fix double increment of client_count in dma_chan_get() (bsc#1012628). - net: macb: fix PTP TX timestamp failure due to packet padding (bsc#1012628). - virtio-net: correctly enable callback during start_xmit (bsc#1012628). - l2tp: prevent lockdep issue in l2tp_tunnel_register() (bsc#1012628). - HID: betop: check shape of output reports (bsc#1012628). - drm/i915/selftests: Unwind hugepages to drop wakeref on error (bsc#1012628). - cifs: fix potential deadlock in cache_refresh_path() (bsc#1012628). - dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (bsc#1012628). - dmaengine: tegra: Fix memory leak in terminate_all() (bsc#1012628). - phy: phy-can-transceiver: Skip warning if no "max-bitrate" (bsc#1012628). - drm/amd/display: fix issues with driver unload (bsc#1012628). - net: sched: gred: prevent races when adding offloads to stats (bsc#1012628). - nvme-pci: fix timeout request state check (bsc#1012628). - tcp: avoid the lookup process failing to get sk in ehash table (bsc#1012628). - usb: dwc3: fix extcon dependency (bsc#1012628). - ptdma: pt_core_execute_cmd() should use spinlock (bsc#1012628). - device property: fix of node refcount leak in fwnode_graph_get_next_endpoint() (bsc#1012628). - w1: fix deadloop in __w1_remove_master_device() (bsc#1012628). - w1: fix WARNING after calling w1_process() (bsc#1012628). - driver core: Fix test_async_probe_init saves device in wrong array (bsc#1012628). - selftests/net: toeplitz: fix race on tpacket_v3 block close (bsc#1012628). - net: dsa: microchip: ksz9477: port map correction in ALU table entry register (bsc#1012628). - thermal: Validate new state in cur_state_store() (bsc#1012628). - thermal/core: fix error code in __thermal_cooling_device_register() (bsc#1012628). - thermal: core: call put_device() only after device_register() fails (bsc#1012628). - net: stmmac: enable all safety features by default (bsc#1012628). - bnxt: Do not read past the end of test names (bsc#1012628). - tcp: fix rate_app_limited to default to 1 (bsc#1012628). - scsi: iscsi: Fix multiple iSCSI session unbind events sent to userspace (bsc#1012628). - ASoC: SOF: pm: Set target state earlier (bsc#1012628). - ASoC: SOF: pm: Always tear down pipelines before DSP suspend (bsc#1012628). - ASoC: SOF: Add FW state to debugfs (bsc#1012628). - ASoC: amd: yc: Add Razer Blade 14 2022 into DMI table (bsc#1012628). - spi: cadence: Fix busy cycles calculation (bsc#1012628). - cpufreq: CPPC: Add u64 casts to avoid overflowing (bsc#1012628). - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (bsc#1012628). - ASoC: mediatek: mt8186: support rt5682s_max98360 (bsc#1012628). - ASoC: mediatek: mt8186: Add machine support for max98357a (bsc#1012628). - ASoC: amd: yc: Add ASUS M5402RA into DMI table (bsc#1012628). - ASoC: support machine driver with max98360 (bsc#1012628). - kcsan: test: don't put the expect array on the stack (bsc#1012628). - cpufreq: Add SM6375 to cpufreq-dt-platdev blocklist (bsc#1012628). - ASoC: fsl_micfil: Correct the number of steps on SX controls (bsc#1012628). - drm/msm/a6xx: Avoid gx gbit halt during rpm suspend (bsc#1012628). - net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (bsc#1012628). - drm: Add orientation quirk for Lenovo ideapad D330-10IGL (bsc#1012628). - s390/debug: add _ASM_S390_ prefix to header guard (bsc#1012628). - s390: expicitly align _edata and _end symbols on page boundary (bsc#1012628). - xen/pvcalls: free active map buffer on pvcalls_front_free_map (bsc#1012628). - perf/x86/cstate: Add Meteor Lake support (bsc#1012628). - perf/x86/msr: Add Meteor Lake support (bsc#1012628). - perf/x86/msr: Add Emerald Rapids (bsc#1012628). - perf/x86/intel/uncore: Add Emerald Rapids (bsc#1012628). - nolibc: fix fd_set type (bsc#1012628). - tools/nolibc: Fix S_ISxxx macros (bsc#1012628). - tools/nolibc: fix missing includes causing build issues at -O0 (bsc#1012628). - tools/nolibc: prevent gcc from making memset() loop over itself (bsc#1012628). - cpufreq: armada-37xx: stop using 0 as NULL pointer (bsc#1012628). - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (bsc#1012628). - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (bsc#1012628). - ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA (bsc#1012628). - drm/amdkfd: Add sync after creating vram bo (bsc#1012628). - drm/amdkfd: Fix NULL pointer error for GC 11.0.1 on mGPU (bsc#1012628). - cifs: fix potential memory leaks in session setup (bsc#1012628). - spi: spidev: remove debug messages that access spidev->spi without locking (bsc#1012628). - KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (bsc#1012628). - scsi: hisi_sas: Use abort task set to reset SAS disks when discovered (bsc#1012628). - scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (bsc#1012628). - r8152: add vendor/device ID pair for Microsoft Devkit (bsc#1012628). - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (bsc#1012628). - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_CAMERA (bsc#1012628). - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (bsc#1012628). - platform/x86: asus-wmi: Add quirk wmi_ignore_fan (bsc#1012628). - platform/x86: asus-wmi: Ignore fan on E410MA (bsc#1012628). - platform/x86: simatic-ipc: correct name of a model (bsc#1012628). - platform/x86: simatic-ipc: add another model (bsc#1012628). - lockref: stop doing cpu_relax in the cmpxchg loop (bsc#1012628). - ata: pata_cs5535: Don't build on UML (bsc#1012628). - firmware: coreboot: Check size of table entry and use flex-array (bsc#1012628). - btrfs: zoned: enable metadata over-commit for non-ZNS setup (bsc#1012628). - Revert "selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID" (bsc#1012628). - arm64: efi: Recover from synchronous exceptions occurring in firmware (bsc#1012628). - arm64: efi: Avoid workqueue to check whether EFI runtime is live (bsc#1012628). - arm64: efi: Account for the EFI runtime stack in stack unwinder (bsc#1012628). - Bluetooth: hci_sync: cancel cmd_timer if hci_open failed (bsc#1012628). - drm/i915: Allow panel fixed modes to have differing sync polarities (bsc#1012628). - drm/i915: Allow alternate fixed modes always for eDP (bsc#1012628). - drm/amdgpu: complete gfxoff allow signal during suspend without delay (bsc#1012628). - io_uring/msg_ring: fix remote queue to disabled ring (bsc#1012628). - wifi: mac80211: Proper mark iTXQs for resumption (bsc#1012628). - wifi: mac80211: Fix iTXQ AMPDU fragmentation handling (bsc#1012628). - sched/fair: Check if prev_cpu has highest spare cap in feec() (bsc#1012628). - sched/uclamp: Fix a uninitialized variable warnings (bsc#1012628). - vfio/type1: Respect IOMMU reserved regions in vfio_test_domain_fgsp() (bsc#1012628). - scsi: hpsa: Fix allocation size for scsi_host_alloc() (bsc#1012628). - kvm/vfio: Fix potential deadlock on vfio group_lock (bsc#1012628). - nfsd: don't free files unconditionally in __nfsd_file_cache_purge (bsc#1012628). - module: Don't wait for GOING modules (bsc#1012628). - ftrace: Export ftrace_free_filter() to modules (bsc#1012628). - tracing: Make sure trace_printk() can output as soon as it can be used (bsc#1012628). - trace_events_hist: add check for return value of 'create_hist_field' (bsc#1012628). - ftrace/scripts: Update the instructions for ftrace-bisect.sh (bsc#1012628). - cifs: Fix oops due to uncleared server->smbd_conn in reconnect (bsc#1012628). - ksmbd: add max connections parameter (bsc#1012628). - ksmbd: do not sign response to session request for guest login (bsc#1012628). - ksmbd: downgrade ndr version error message to debug (bsc#1012628). - ksmbd: limit pdu length size according to connection status (bsc#1012628). - ovl: fix tmpfile leak (bsc#1012628). - ovl: fail on invalid uid/gid mapping at copy up (bsc#1012628). - io_uring/net: cache provided buffer group value for multishot receives (bsc#1012628). - KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (bsc#1012628). - KVM: arm64: GICv4.1: Fix race with doorbell on VPE activation/deactivation (bsc#1012628). - scsi: ufs: core: Fix devfreq deadlocks (bsc#1012628). - riscv: fix -Wundef warning for CONFIG_RISCV_BOOT_SPINWAIT (bsc#1012628). - thermal: intel: int340x: Protect trip temperature from concurrent updates (bsc#1012628). - regulator: dt-bindings: samsung,s2mps14: add lost samsung,ext-control-gpios (bsc#1012628). - ipv6: fix reachability confirmation with proxy_ndp (bsc#1012628). - ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment (bsc#1012628). - EDAC/device: Respect any driver-supplied workqueue polling value (bsc#1012628). - EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info (bsc#1012628). - platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1012628). - drm/display/dp_mst: Correct the kref of port (bsc#1012628). - drm/amd/pm: add missing AllowIHInterrupt message mapping for SMU13.0.0 (bsc#1012628). - drm/amdgpu: remove unconditional trap enable on add gfx11 queues (bsc#1012628). - drm/amdgpu/display/mst: Fix mst_state->pbn_div and slot count assignments (bsc#1012628). - drm/amdgpu/display/mst: limit payload to be updated one by one (bsc#1012628). - drm/amdgpu/display/mst: update mst_mgr relevant variable when long HPD (bsc#1012628). - io_uring: inline io_req_task_work_add() (bsc#1012628). - io_uring: inline __io_req_complete_post() (bsc#1012628). - io_uring: hold locks for io_req_complete_failed (bsc#1012628). - io_uring: use io_req_task_complete() in timeout (bsc#1012628). - io_uring: remove io_req_tw_post_queue (bsc#1012628). - io_uring: inline __io_req_complete_put() (bsc#1012628). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1012628). - io_uring: always prep_async for drain requests (bsc#1012628). - i2c: designware: use casting of u64 in clock multiplication to avoid overflow (bsc#1012628). - i2c: designware: Fix unbalanced suspended flag (bsc#1012628). - drm/drm_vma_manager: Add drm_vma_node_allow_once() (bsc#1012628). - drm/i915: Fix a memory leak with reused mmap_offset (bsc#1012628). - iavf: fix temporary deadlock and failure to set MAC address (bsc#1012628). - iavf: schedule watchdog immediately when changing primary MAC (bsc#1012628). - netlink: prevent potential spectre v1 gadgets (bsc#1012628). - net: fix UaF in netns ops registration error path (bsc#1012628). - net: fec: Use page_pool_put_full_page when freeing rx buffers (bsc#1012628). - nvme: simplify transport specific device attribute handling (bsc#1012628). - nvme: consolidate setting the tagset flags (bsc#1012628). - nvme-fc: fix initialization order (bsc#1012628). - drm/i915/selftest: fix intel_selftest_modify_policy argument types (bsc#1012628). - ACPI: video: Add backlight=native DMI quirk for HP Pavilion g6-1d80nr (bsc#1012628). - ACPI: video: Add backlight=native DMI quirk for HP EliteBook 8460p (bsc#1012628). - ACPI: video: Add backlight=native DMI quirk for Asus U46E (bsc#1012628). - netfilter: nft_set_rbtree: Switch to node list walk for overlap detection (bsc#1012628). - netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (bsc#1012628). - netlink: annotate data races around nlk->portid (bsc#1012628). - netlink: annotate data races around dst_portid and dst_group (bsc#1012628). - netlink: annotate data races around sk_state (bsc#1012628). - ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() (bsc#1012628). - ipv4: prevent potential spectre v1 gadget in fib_metrics_match() (bsc#1012628). - net: dsa: microchip: fix probe of I2C-connected KSZ8563 (bsc#1012628). - net: ethernet: adi: adin1110: Fix multicast offloading (bsc#1012628). - netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE (bsc#1012628). - netrom: Fix use-after-free of a listening socket (bsc#1012628). - platform/x86: asus-wmi: Fix kbd_dock_devid tablet-switch reporting (bsc#1012628). - platform/x86: apple-gmux: Move port defines to apple-gmux.h (bsc#1012628). - platform/x86: apple-gmux: Add apple_gmux_detect() helper (bsc#1012628). - ACPI: video: Fix apple gmux detection (bsc#1012628). - tracing/osnoise: Use built-in RCU list checking (bsc#1012628). - net/sched: sch_taprio: do not schedule in taprio_reset() (bsc#1012628). - sctp: fail if no bound addresses can be used for a given scope (bsc#1012628). - riscv/kprobe: Fix instruction simulation of JALR (bsc#1012628). - nvme: fix passthrough csi check (bsc#1012628). - gpio: mxc: Unlock on error path in mxc_flip_edge() (bsc#1012628). - gpio: ep93xx: Fix port F hwirq numbers in handler (bsc#1012628). - net: ravb: Fix lack of register setting after system resumed for Gen3 (bsc#1012628). - net: ravb: Fix possible hang if RIS2_QFF1 happen (bsc#1012628). - net: mctp: add an explicit reference from a mctp_sk_key to sock (bsc#1012628). - net: mctp: move expiry timer delete to unhash (bsc#1012628). - net: mctp: hold key reference when looking up a general key (bsc#1012628). - net: mctp: mark socks as dead on unhash, prevent re-add (bsc#1012628). - thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type() (bsc#1012628). - riscv: Move call to init_cpu_topology() to later initialization stage (bsc#1012628). - net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1012628). - tsnep: Fix TX queue stop/wake for multiple queues (bsc#1012628). - net: mdio-mux-meson-g12a: force internal PHY off on mux switch (bsc#1012628). - Partially revert "perf/arm-cmn: Optimise DTC counter accesses" (bsc#1012628). - block: ublk: move ublk_chr_class destroying after devices are removed (bsc#1012628). - treewide: fix up files incorrectly marked executable (bsc#1012628). - tools: gpio: fix -c option of gpio-event-mon (bsc#1012628). - Fix up more non-executable files marked executable (bsc#1012628). - Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode" (bsc#1012628). - Input: i8042 - add Clevo PCX0DX to i8042 quirk table (bsc#1012628). - x86/sev: Add SEV-SNP guest feature negotiation support (bsc#1012628). - acpi: Fix suspend with Xen PV (bsc#1012628). - dt-bindings: riscv: fix underscore requirement for multi-letter extensions (bsc#1012628). - dt-bindings: riscv: fix single letter canonical order (bsc#1012628). - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (bsc#1012628). - dt-bindings: i2c: renesas,rzv2m: Fix SoC specific string (bsc#1012628). - netfilter: conntrack: unify established states for SCTP paths (bsc#1012628). - perf/x86/amd: fix potential integer overflow on shift of a int (bsc#1012628). - amdgpu: fix build on non-DCN platforms (bsc#1012628). - Update config files. - commit 79d6a70 ------------------------------------------------------------------ ------------------ 2023-1-30 - Jan 30 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Revert "mm/compaction: fix set skip in fast_find_migrateblock" (bsc#1206848). Update upstream status. - commit e426c74 ------------------------------------------------------------------ ------------------ 2023-1-25 - Jan 25 2023 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 059+suse.360.g2e0ed5f7: * revert(multipath): install multipathd.socket (bsc#1207524) ++++ shim-leap: - Enhance cryptodisk code to recognize new variables in /etc/default/grub: * GRUB_TPM_AUTHORIZED_POLICY * GRUB_TPM_PUBLIC_KEY * GRUB_TPM_SIGNATURE These were added in support of TPM2 authorized policies ------------------------------------------------------------------ ------------------ 2023-1-24 - Jan 24 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149). - ACPI: EC: Fix EC address space handler unregistration (bsc#1207149). - ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149). - ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149). - commit 2d8f09a - Linux 6.1.8 (bsc#1012628). - dma-buf: fix dma_buf_export init order v2 (bsc#1012628). - btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (bsc#1012628). - wifi: iwlwifi: fw: skip PPAG for JF (bsc#1012628). - pNFS/filelayout: Fix coalescing test for single DS (bsc#1012628). - selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID (bsc#1012628). - net: ethernet: marvell: octeontx2: Fix uninitialized variable warning (bsc#1012628). - tools/virtio: initialize spinlocks in vring_test.c (bsc#1012628). - vdpa/mlx5: Return error on vlan ctrl commands if not supported (bsc#1012628). - vdpa/mlx5: Avoid using reslock in event_handler (bsc#1012628). - vdpa/mlx5: Avoid overwriting CVQ iotlb (bsc#1012628). - virtio_pci: modify ENOENT to EINVAL (bsc#1012628). - vduse: Validate vq_num in vduse_validate_config() (bsc#1012628). - vdpa_sim_net: should not drop the multicast/broadcast packet (bsc#1012628). - net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats (bsc#1012628). - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (bsc#1012628). - r8169: fix dmar pte write access is not set error (bsc#1012628). - bpf: keep a reference to the mm, in case the task is dead (bsc#1012628). - RDMA/srp: Move large values to a new enum for gcc13 (bsc#1012628). - selftests: net: fix cmsg_so_mark.sh test hang (bsc#1012628). - btrfs: always report error in run_one_delayed_ref() (bsc#1012628). - x86/asm: Fix an assembler warning with current binutils (bsc#1012628). - f2fs: let's avoid panic if extent_tree is not created (bsc#1012628). - perf/x86/rapl: Treat Tigerlake like Icelake (bsc#1012628). - cifs: fix race in assemble_neg_contexts() (bsc#1012628). - memblock tests: Fix compilation error (bsc#1012628). - perf/x86/rapl: Add support for Intel Meteor Lake (bsc#1012628). - perf/x86/rapl: Add support for Intel Emerald Rapids (bsc#1012628). - of: fdt: Honor CONFIG_CMDLINE* even without /chosen node, take 2 (bsc#1012628). - fbdev: omapfb: avoid stack overflow warning (bsc#1012628). - Bluetooth: hci_sync: Fix use HCI_OP_LE_READ_BUFFER_SIZE_V2 (bsc#1012628). - Bluetooth: hci_qca: Fix driver shutdown on closed serdev (bsc#1012628). - wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (bsc#1012628). - wifi: mac80211: fix MLO + AP_VLAN check (bsc#1012628). - wifi: mac80211: reset multiple BSSID options in stop_ap() (bsc#1012628). - wifi: mac80211: sdata can be NULL during AMPDU start (bsc#1012628). - nommu: fix memory leak in do_mmap() error path (bsc#1012628). - nommu: fix do_munmap() error path (bsc#1012628). - nommu: fix split_vma() map_count error (bsc#1012628). - proc: fix PIE proc-empty-vm, proc-pid-vm tests (bsc#1012628). - Add exception protection processing for vd in axi_chan_handle_err function (bsc#1012628). - LoongArch: Add HWCAP_LOONGARCH_CPUCFG to elf_hwcap (bsc#1012628). - zonefs: Detect append writes at invalid locations (bsc#1012628). - nilfs2: fix general protection fault in nilfs_btree_insert() (bsc#1012628). - mm/shmem: restore SHMEM_HUGE_DENY precedence over MADV_COLLAPSE (bsc#1012628). - hugetlb: unshare some PMDs when splitting VMAs (bsc#1012628). - mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1012628). - serial: stm32: Merge hard IRQ and threaded IRQ handling into single IRQ handler (bsc#1012628). - Revert "serial: stm32: Merge hard IRQ and threaded IRQ handling into single IRQ handler" (bsc#1012628). - xhci-pci: set the dma max_seg_size (bsc#1012628). - usb: xhci: Check endpoint is valid before dereferencing it (bsc#1012628). - xhci: Fix null pointer dereference when host dies (bsc#1012628). - xhci: Add update_hub_device override for PCI xHCI hosts (bsc#1012628). - xhci: Add a flag to disable USB3 lpm on a xhci root port level (bsc#1012628). - usb: acpi: add helper to check port lpm capability using acpi _DSM (bsc#1012628). - xhci: Detect lpm incapable xHC USB3 roothub ports from ACPI tables (bsc#1012628). - prlimit: do_prlimit needs to have a speculation check (bsc#1012628). - USB: serial: option: add Quectel EM05-G (GR) modem (bsc#1012628). - USB: serial: option: add Quectel EM05-G (CS) modem (bsc#1012628). - USB: serial: option: add Quectel EM05-G (RS) modem (bsc#1012628). - USB: serial: option: add Quectel EC200U modem (bsc#1012628). - USB: serial: option: add Quectel EM05CN (SG) modem (bsc#1012628). - USB: serial: option: add Quectel EM05CN modem (bsc#1012628). - staging: vchiq_arm: fix enum vchiq_status return types (bsc#1012628). - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (bsc#1012628). - usb: misc: onboard_hub: Invert driver registration order (bsc#1012628). - usb: misc: onboard_hub: Move 'attach' work to the driver (bsc#1012628). - misc: fastrpc: Fix use-after-free and race in fastrpc_map_find (bsc#1012628). - misc: fastrpc: Don't remove map on creater_process and device_release (bsc#1012628). - misc: fastrpc: Fix use-after-free race condition for maps (bsc#1012628). - usb: core: hub: disable autosuspend for TI TUSB8041 (bsc#1012628). - comedi: adv_pci1760: Fix PWM instruction handling (bsc#1012628). - ACPI: PRM: Check whether EFI runtime is available (bsc#1012628). - mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (bsc#1012628). - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (bsc#1012628). - mm/hugetlb: fix PTE marker handling in hugetlb_change_protection() (bsc#1012628). - mm/hugetlb: fix uffd-wp handling for migration entries in hugetlb_change_protection() (bsc#1012628). - mm/hugetlb: pre-allocate pgtable pages for uffd wr-protects (bsc#1012628). - mm/userfaultfd: enable writenotify while userfaultfd-wp is enabled for a VMA (bsc#1012628). - mm/MADV_COLLAPSE: don't expand collapse when vm_end is past requested end (bsc#1012628). - btrfs: add extra error messages to cover non-ENOMEM errors from device_add_list() (bsc#1012628). - btrfs: fix missing error handling when logging directory items (bsc#1012628). - btrfs: fix directory logging due to race with concurrent index key deletion (bsc#1012628). - btrfs: add missing setup of log for full commit at add_conflicting_inode() (bsc#1012628). - btrfs: do not abort transaction on failure to write log tree when syncing log (bsc#1012628). - btrfs: do not abort transaction on failure to update log root (bsc#1012628). - btrfs: fix invalid leaf access due to inline extent during lseek (bsc#1012628). - btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1012628). - cifs: do not include page data when checking signature (bsc#1012628). - thunderbolt: Disable XDomain lane 1 only in software connection manager (bsc#1012628). - thunderbolt: Use correct function to calculate maximum USB3 link rate (bsc#1012628). - thunderbolt: Do not report errors if on-board retimers are found (bsc#1012628). - thunderbolt: Do not call PM runtime functions in tb_retimer_scan() (bsc#1012628). - riscv: dts: sifive: fu740: fix size of pcie 32bit memory (bsc#1012628). - bpf: restore the ebpf program ID for BPF_AUDIT_UNLOAD and PERF_BPF_EVENT_PROG_UNLOAD (bsc#1012628). - tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (bsc#1012628). - tty: fix possible null-ptr-defer in spk_ttyio_release (bsc#1012628). - pktcdvd: check for NULL returna fter calling bio_split_to_limits() (bsc#1012628). - io_uring/poll: don't reissue in case of poll race on multishot request (bsc#1012628). - mptcp: explicitly specify sock family at subflow creation time (bsc#1012628). - mptcp: netlink: respect v4/v6-only sockets (bsc#1012628). - selftests: mptcp: userspace: validate v4-v6 subflows mix (bsc#1012628). - USB: gadgetfs: Fix race between mounting and unmounting (bsc#1012628). - USB: serial: cp210x: add SCALANCE LPE-9000 device id (bsc#1012628). - usb: cdns3: remove fetched trb from cache before dequeuing (bsc#1012628). - usb: host: ehci-fsl: Fix module alias (bsc#1012628). - usb: musb: fix error return code in omap2430_probe() (bsc#1012628). - usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (bsc#1012628). - usb: typec: altmodes/displayport: Add pin assignment helper (bsc#1012628). - usb: typec: altmodes/displayport: Fix pin assignment calculation (bsc#1012628). - usb: gadget: g_webcam: Send color matching descriptor per frame (bsc#1012628). - USB: gadget: Add ID numbers to configfs-gadget driver names (bsc#1012628). - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (bsc#1012628). - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (bsc#1012628). - arm64: dts: imx8mp: correct usb clocks (bsc#1012628). - dt-bindings: phy: g12a-usb2-phy: fix compatible string documentation (bsc#1012628). - dt-bindings: phy: g12a-usb3-pcie-phy: fix compatible string documentation (bsc#1012628). - serial: pch_uart: Pass correct sg to dma_unmap_sg() (bsc#1012628). - dmaengine: lgm: Move DT parsing after initialization (bsc#1012628). - dmaengine: tegra210-adma: fix global intr clear (bsc#1012628). - dmaengine: idxd: Let probe fail when workqueue cannot be enabled (bsc#1012628). - dmaengine: idxd: Prevent use after free on completion memory (bsc#1012628). - dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (bsc#1012628). - serial: amba-pl011: fix high priority character transmission in rs486 mode (bsc#1012628). - serial: atmel: fix incorrect baudrate setup (bsc#1012628). - serial: exar: Add support for Sealevel 7xxxC serial cards (bsc#1012628). - gsmi: fix null-deref in gsmi_get_variable (bsc#1012628). - mei: bus: fix unlink on bus in error path (bsc#1012628). - mei: me: add meteor lake point M DID (bsc#1012628). - VMCI: Use threaded irqs instead of tasklets (bsc#1012628). - ARM: dts: qcom: apq8084-ifc6540: fix overriding SDHCI (bsc#1012628). - ARM: omap1: fix !ARCH_OMAP1_ANY link failures (bsc#1012628). - drm/amdgpu: fix amdgpu_job_free_resources v2 (bsc#1012628). - drm/amdgpu: allow multipipe policy on ASICs with one MEC (bsc#1012628). - drm/amdgpu: Correct the power calcultion for Renior/Cezanne (bsc#1012628). - drm/i915: re-disable RC6p on Sandy Bridge (bsc#1012628). - drm/i915/display: Check source height is > 0 (bsc#1012628). - drm/i915: Allow switching away via vga-switcheroo if uninitialized (bsc#1012628). - drm/i915: Remove unused variable (bsc#1012628). - drm/amd/display: Fix set scaling doesn's work (bsc#1012628). - drm/amd/display: Calculate output_color_space after pixel encoding adjustment (bsc#1012628). - drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (bsc#1012628). - drm/amd/display: disable S/G display on DCN 3.1.5 (bsc#1012628). - drm/amd/display: disable S/G display on DCN 3.1.4 (bsc#1012628). - cifs: reduce roundtrips on create/qinfo requests (bsc#1012628). - fs/ntfs3: Fix attr_punch_hole() null pointer derenference (bsc#1012628). - arm64: efi: Execute runtime services from a dedicated stack (bsc#1012628). - efi: rt-wrapper: Add missing include (bsc#1012628). - panic: Separate sysctl logic from CONFIG_SMP (bsc#1012628). - exit: Put an upper limit on how often we can oops (bsc#1012628). - exit: Expose "oops_count" to sysfs (bsc#1012628). - exit: Allow oops_limit to be disabled (bsc#1012628). - panic: Consolidate open-coded panic_on_warn checks (bsc#1012628). - panic: Introduce warn_limit (bsc#1012628). - panic: Expose "warn_count" to sysfs (bsc#1012628). - docs: Fix path paste-o for /sys/kernel/warn_count (bsc#1012628). - exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1012628). - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (bsc#1012628). - drm/amdgpu/discovery: enable soc21 common for GC 11.0.4 (bsc#1012628). - drm/amdgpu/discovery: enable gmc v11 for GC 11.0.4 (bsc#1012628). - drm/amdgpu/discovery: enable gfx v11 for GC 11.0.4 (bsc#1012628). - drm/amdgpu/discovery: enable mes support for GC v11.0.4 (bsc#1012628). - drm/amdgpu: set GC 11.0.4 family (bsc#1012628). - drm/amdgpu/discovery: set the APU flag for GC 11.0.4 (bsc#1012628). - drm/amdgpu: add gfx support for GC 11.0.4 (bsc#1012628). - drm/amdgpu: add gmc v11 support for GC 11.0.4 (bsc#1012628). - drm/amdgpu/discovery: add PSP IP v13.0.11 support (bsc#1012628). - drm/amdgpu/pm: enable swsmu for SMU IP v13.0.11 (bsc#1012628). - drm/amdgpu: add smu 13 support for smu 13.0.11 (bsc#1012628). - drm/amdgpu/pm: add GFXOFF control IP version check for SMU IP v13.0.11 (bsc#1012628). - drm/amdgpu/soc21: add mode2 asic reset for SMU IP v13.0.11 (bsc#1012628). - drm/amdgpu/pm: use the specific mailbox registers only for SMU IP v13.0.4 (bsc#1012628). - drm/amdgpu/discovery: enable nbio support for NBIO v7.7.1 (bsc#1012628). - drm/amdgpu: enable PSP IP v13.0.11 support (bsc#1012628). - drm/amdgpu: enable GFX IP v11.0.4 CG support (bsc#1012628). - drm/amdgpu: enable GFX Power Gating for GC IP v11.0.4 (bsc#1012628). - drm/amdgpu: enable GFX Clock Gating control for GC IP v11.0.4 (bsc#1012628). - drm/amdgpu: add tmz support for GC 11.0.1 (bsc#1012628). - drm/amdgpu: add tmz support for GC IP v11.0.4 (bsc#1012628). - drm/amdgpu: correct MEC number for gfx11 APUs (bsc#1012628). - octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (bsc#1012628). - net/ulp: use consistent error code when blocking ULP (bsc#1012628). - octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (bsc#1012628). - net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (bsc#1012628). - block: mq-deadline: Rename deadline_is_seq_writes() (bsc#1012628). - Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" (bsc#1012628). - soc: qcom: apr: Make qcom,protection-domain optional again (bsc#1012628). - commit baebfe0 ------------------------------------------------------------------ ------------------ 2023-1-23 - Jan 23 2023 ------------------- ------------------------------------------------------------------ ++++ cyrus-sasl: - drop optional opie dependency ++++ dracut: - Update to version 059+suse.358.g8ecd6e83: See https://github.com/dracutdevs/dracut/releases/tag/058 for details (059 just adds missing entries in NEWS.md). Additional changes: * chore(suse): add execute permission to all scripts * chore(suse): update spec - Update to version 057+suse.355.g1b722fda: * fix(dracut.spec): require libopenssl1_1-hmac for dracut-fips (bsc#1206439) ++++ transactional-update: - Version 4.1.2 - Don't try to mount user mounts if they don't exist [boo#1207366] ++++ kernel-default: - Update config files. Only run oldconfig. This is a left-over from commit 2ebd33fc0df1 (Update config files. Set saa7146 to pre-6.1 state (bsc#1206774)). - commit 7ea99cf - btrfs: qgroup: do not warn on record without old_roots populated (bsc#1206681). - commit ab906a1 - Refresh patches.suse/v4-wifi-mac80211-fix-initialization-of-rx--link-and-rx--link_sta.patch. Update to upstream version. - commit a02770c ++++ zeromq: - qemu-user.patch: Fix build with qemu linux-user emulation ------------------------------------------------------------------ ------------------ 2023-1-20 - Jan 20 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update config files. Set saa7146 to pre-6.1 state (bsc#1206774). The driver was moved to staging and disabled by us in 6.1. Now it turned out it is actually used. So the driver is getting cleaned up. So enable it even when it is in staging, so that users can use it properly. - commit 2ebd33f ++++ tpm2-0-tss: - add 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch: fixes CVE-2023-22745 (bsc#1207325): Buffer Overlow in TSS2_RC_Decode. Overly large RC values passed to the TSS2 function could lead to memory overread or memory overread. This patch is not yet part of any upstream git tag. ------------------------------------------------------------------ ------------------ 2023-1-19 - Jan 19 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - git_sort: add usb-linus branch for gregkh/usb - commit 9c240f9 ++++ microos-tools: - Update to version 2.18: - Add TMPDIR to tukit binddirs for Salt - 98selinux-microos: Add chroot as dependency - Fix spelling error in warning ------------------------------------------------------------------ ------------------ 2023-1-18 - Jan 18 2023 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 4.1.1 - Mount user specific binddirs last: Prevously the internal mounts would potentially overwrite user bind mounts [boo#1205011] - selinux: Relabel shadowed /var files during update to make sure they don't interfere with the update [boo#1205937] - Clean up /var/lib/overlay more aggressively [boo#1206947] - tukit: Merge /etc overlay into parent if --discard is used together with --continue - previously the files were incorrectly always merged with the currently running system - status: do not execute the status command if experimental - Don't delete created mount point dirs any more - Small code optimizations ++++ kernel-default: - Linux 6.1.7 (bsc#1012628). - netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits (bsc#1012628). - ALSA: control-led: use strscpy in set_led_id() (bsc#1012628). - ALSA: usb-audio: Always initialize fixed_rate in snd_usb_find_implicit_fb_sync_format() (bsc#1012628). - ALSA: hda/realtek - Turn on power early (bsc#1012628). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (bsc#1012628). - KVM: x86: Do not return host topology information from KVM_GET_SUPPORTED_CPUID (bsc#1012628). - KVM: arm64: Fix S1PTW handling on RO memslots (bsc#1012628). - efi: fix userspace infinite retry read efivars after EFI runtime services page fault (bsc#1012628). - efi: tpm: Avoid READ_ONCE() for accessing the event log (bsc#1012628). - io_uring/poll: add hash if ready poll request can't complete inline (bsc#1012628). - arm64: mte: Fix double-freeing of the temporary tag storage during coredump (bsc#1012628). - arm64: mte: Avoid the racy walk of the vma list during core dump (bsc#1012628). - arm64: cmpxchg_double*: hazard against entire exchange variable (bsc#1012628). - ACPI: Fix selecting wrong ACPI fwnode for the iGPU on some Dell laptops (bsc#1012628). - net: stmmac: add aux timestamps fifo clearance wait (bsc#1012628). - perf auxtrace: Fix address filter duplicate symbol selection (bsc#1012628). - s390/kexec: fix ipl report address for kdump (bsc#1012628). - brcmfmac: Prefer DT board type over DMI board type (bsc#1012628). - ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (bsc#1012628). - elfcore: Add a cprm parameter to elf_core_extra_{phdrs,data_size} (bsc#1012628). - cpufreq: amd-pstate: fix kernel hang issue while amd-pstate unregistering (bsc#1012628). - s390/cpum_sf: add READ_ONCE() semantics to compare and swap loops (bsc#1012628). - s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (bsc#1012628). - drm/virtio: Fix GEM handle creation UAF (bsc#1012628). - drm/amd/pm/smu13: BACO is supported when it's in BACO state (bsc#1012628). - drm: Optimize drm buddy top-down allocation method (bsc#1012628). - drm/i915/gt: Reset twice (bsc#1012628). - drm/i915: Reserve enough fence slot for i915_vma_unbind_async (bsc#1012628). - drm/i915: Fix potential context UAFs (bsc#1012628). - drm/amd: Delay removal of the firmware framebuffer (bsc#1012628). - drm/amdgpu: Fixed bug on error when unloading amdgpu (bsc#1012628). - drm/amd/pm: correct the reference clock for fan speed(rpm) calculation (bsc#1012628). - drm/amd/pm: add the missing mapping for PPT feature on SMU13.0.0 and 13.0.7 (bsc#1012628). - drm/amd/display: move remaining FPU code to dml folder (bsc#1012628). - Revert "drm/amdgpu: Revert "drm/amdgpu: getting fan speed pwm for vega10 properly"" (bsc#1012628). - cifs: Fix uninitialized memory read for smb311 posix symlink create (bsc#1012628). - cifs: fix file info setting in cifs_query_path_info() (bsc#1012628). - cifs: fix file info setting in cifs_open_file() (bsc#1012628). - cifs: do not query ifaces on smb1 mounts (bsc#1012628). - cifs: fix double free on failed kerberos auth (bsc#1012628). - io_uring/fdinfo: include locked hash table in fdinfo output (bsc#1012628). - ASoC: rt9120: Make dev PM runtime bind AsoC component PM (bsc#1012628). - ACPI: video: Allow selecting NVidia-WMI-EC or Apple GMUX backlight from the cmdline (bsc#1012628). - platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (bsc#1012628). - platform/surface: aggregator: Ignore command messages not intended for us (bsc#1012628). - platform/x86: int3472/discrete: Ensure the clk/power enable pins are in output mode (bsc#1012628). - platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1012628). - platform/x86: asus-wmi: Don't load fan curves without fan (bsc#1012628). - platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (bsc#1012628). - dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (bsc#1012628). - drm/msm: another fix for the headless Adreno GPU (bsc#1012628). - firmware/psci: Fix MEM_PROTECT_RANGE function numbers (bsc#1012628). - firmware/psci: Don't register with debugfs if PSCI isn't available (bsc#1012628). - drm/msm/adreno: Make adreno quirks not overwrite each other (bsc#1012628). - arm64/signal: Always allocate SVE signal frames on SME only systems (bsc#1012628). - dt-bindings: msm: dsi-controller-main: Fix power-domain constraint (bsc#1012628). - dt-bindings: msm: dsi-controller-main: Fix description of core clock (bsc#1012628). - arm64/signal: Always accept SVE signal frames on SME only systems (bsc#1012628). - arm64/mm: add pud_user_exec() check in pud_user_accessible_page() (bsc#1012628). - dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (bsc#1012628). - arm64: ptrace: Use ARM64_SME to guard the SME register enumerations (bsc#1012628). - arm64/mm: fix incorrect file_map_count for invalid pmd (bsc#1012628). - platform/x86: ideapad-laptop: Add Legion 5 15ARH05 DMI id to set_fn_lock_led_list[] (bsc#1012628). - drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (bsc#1012628). - dt-bindings: msm/dsi: Don't require vdds-supply on 10nm PHY (bsc#1012628). - dt-bindings: msm/dsi: Don't require vcca-supply on 14nm PHY (bsc#1012628). - platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe (bsc#1012628). - ixgbe: fix pci device refcount leak (bsc#1012628). - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1012628). - iavf/iavf_main: actually log ->src mask when talking about it (bsc#1012628). - drm/i915/gt: Cleanup partial engine discovery failures (bsc#1012628). - usb: ulpi: defer ulpi_register on ulpi_read_id timeout (bsc#1012628). - drm/amd/pm: enable mode1 reset on smu_v13_0_10 (bsc#1012628). - drm/amd/pm: Enable bad memory page/channel recording support for smu v13_0_0 (bsc#1012628). - drm/amd/pm: enable GPO dynamic control support for SMU13.0.0 (bsc#1012628). - drm/amd/pm: enable GPO dynamic control support for SMU13.0.7 (bsc#1012628). - drm/amdgpu: add soc21 common ip block support for GC 11.0.4 (bsc#1012628). - drm/amdgpu: Enable pg/cg flags on GC11_0_4 for VCN (bsc#1012628). - drm/amdgpu: enable VCN DPG for GC IP v11.0.4 (bsc#1012628). - mm: Always release pages to the buddy allocator in memblock_free_late() (bsc#1012628). - iommu/iova: Fix alloc iova overflows issue (bsc#1012628). - iommu/arm-smmu-v3: Don't unregister on shutdown (bsc#1012628). - iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe() (bsc#1012628). - iommu/arm-smmu: Don't unregister on shutdown (bsc#1012628). - iommu/arm-smmu: Report IOMMU_CAP_CACHE_COHERENCY even betterer (bsc#1012628). - sched/core: Fix use-after-free bug in dup_user_cpus_ptr() (bsc#1012628). - netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function (bsc#1012628). - selftests: netfilter: fix transaction test script timeout handling (bsc#1012628). - powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (bsc#1012628). - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (bsc#1012628). - EDAC/device: Fix period calculation in edac_device_reset_delay_period() (bsc#1012628). - x86/pat: Fix pat_x_mtrr_type() for MTRR disabled case (bsc#1012628). - x86/resctrl: Fix task CLOSID/RMID update race (bsc#1012628). - x86/resctrl: Fix event counts regression in reused RMIDs (bsc#1012628). - regulator: da9211: Use irq handler when ready (bsc#1012628). - scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (bsc#1012628). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (bsc#1012628). - scsi: ufs: core: WLUN suspend SSU/enter hibern8 fail recovery (bsc#1012628). - ASoC: Intel: fix sof-nau8825 link failure (bsc#1012628). - ASoC: Intel: sof_nau8825: support rt1015p speaker amplifier (bsc#1012628). - ASoC: Intel: sof-nau8825: fix module alias overflow (bsc#1012628). - drm/msm/dpu: Fix some kernel-doc comments (bsc#1012628). - drm/msm/dpu: Fix memory leak in msm_mdss_parse_data_bus_icc_path (bsc#1012628). - ASoC: wm8904: fix wrong outputs volume after power reactivation (bsc#1012628). - mtd: parsers: scpart: fix __udivdi3 undefined on mips (bsc#1012628). - mtd: cfi: allow building spi-intel standalone (bsc#1012628). - stmmac: dwmac-mediatek: remove the dwmac_fix_mac_speed (bsc#1012628). - tipc: fix unexpected link reset due to discovery messages (bsc#1012628). - NFSD: Pass the target nfsd_file to nfsd_commit() (bsc#1012628). - NFSD: Revert "NFSD: NFSv4 CLOSE should release an nfsd_file immediately" (bsc#1012628). - NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection (bsc#1012628). - nfsd: remove the pages_flushed statistic from filecache (bsc#1012628). - nfsd: reorganize filecache.c (bsc#1012628). - NFSD: Add an nfsd_file_fsync tracepoint (bsc#1012628). - nfsd: rework refcounting in filecache (bsc#1012628). - nfsd: fix handling of cached open files in nfsd4_open codepath (bsc#1012628). - octeontx2-af: Fix LMAC config in cgx_lmac_rx_tx_enable (bsc#1012628). - sched/core: Fix arch_scale_freq_tick() on tickless systems (bsc#1012628). - hvc/xen: lock console list traversal (bsc#1012628). - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (bsc#1012628). - gro: avoid checking for a failed search (bsc#1012628). - gro: take care of DODGY packets (bsc#1012628). - af_unix: selftest: Fix the size of the parameter to connect() (bsc#1012628). - ASoC: qcom: Fix building APQ8016 machine driver without SOUNDWIRE (bsc#1012628). - tools/nolibc: restore mips branch ordering in the _start block (bsc#1012628). - tools/nolibc: fix the O_* fcntl/open macro definitions for riscv (bsc#1012628). - drm/amdgpu: Fix potential NULL dereference (bsc#1012628). - ice: Fix potential memory leak in ice_gnss_tty_write() (bsc#1012628). - ice: Add check for kzalloc (bsc#1012628). - drm/vmwgfx: Write the driver id registers (bsc#1012628). - drm/vmwgfx: Refactor resource manager's hashtable to use linux/hashtable implementation (bsc#1012628). - drm/vmwgfx: Remove ttm object hashtable (bsc#1012628). - drm/vmwgfx: Refactor resource validation hashtable to use linux/hashtable implementation (bsc#1012628). - drm/vmwgfx: Refactor ttm reference object hashtable to use linux/hashtable (bsc#1012628). - drm/vmwgfx: Remove vmwgfx_hashtab (bsc#1012628). - drm/vmwgfx: Remove rcu locks from user resources (bsc#1012628). - net/sched: act_mpls: Fix warning during failed attribute validation (bsc#1012628). - Revert "r8169: disable detection of chip version 36" (bsc#1012628). - net/mlx5: check attr pointer validity before dereferencing it (bsc#1012628). - net/mlx5e: TC, Keep mod hdr actions after mod hdr alloc (bsc#1012628). - net/mlx5: Fix command stats access after free (bsc#1012628). - net/mlx5e: Verify dev is present for fix features ndo (bsc#1012628). - net/mlx5e: IPoIB, Block queue count configuration when sub interfaces are present (bsc#1012628). - net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent (bsc#1012628). - net/mlx5e: IPoIB, Fix child PKEY interface stats on rx path (bsc#1012628). - net/mlx5: Fix ptp max frequency adjustment range (bsc#1012628). - net/mlx5e: Don't support encap rules with gbp option (bsc#1012628). - net/mlx5e: Fix macsec ssci attribute handling in offload path (bsc#1012628). - net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY) (bsc#1012628). - selftests/net: l2_tos_ttl_inherit.sh: Set IPv6 addresses with "nodad" (bsc#1012628). - selftests/net: l2_tos_ttl_inherit.sh: Run tests in their own netns (bsc#1012628). - selftests/net: l2_tos_ttl_inherit.sh: Ensure environment cleanup on failure (bsc#1012628). - octeontx2-pf: Fix resource leakage in VF driver unbind (bsc#1012628). - perf build: Properly guard libbpf includes (bsc#1012628). - perf kmem: Support legacy tracepoints (bsc#1012628). - perf kmem: Support field "node" in evsel__process_alloc_event() coping with recent tracepoint restructuring (bsc#1012628). - igc: Fix PPS delta between two synchronized end-points (bsc#1012628). - net: lan966x: check for ptp to be enabled in lan966x_ptp_deinit() (bsc#1012628). - net: hns3: fix wrong use of rss size during VF rss config (bsc#1012628). - bnxt: make sure we return pages to the pool (bsc#1012628). - platform/surface: aggregator: Add missing call to ssam_request_sync_free() (bsc#1012628). - platform/x86/amd: Fix refcount leak in amd_pmc_probe (bsc#1012628). - ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() (bsc#1012628). - efi: fix NULL-deref in init error path (bsc#1012628). - io_uring: lock overflowing for IOPOLL (bsc#1012628). - io_uring/poll: attempt request issue after racy poll wakeup (bsc#1012628). - drm/i915: Fix CFI violations in gt_sysfs (bsc#1012628). - io_uring/io-wq: free worker if task_work creation is canceled (bsc#1012628). - io_uring/io-wq: only free worker if it was allocated for creation (bsc#1012628). - block: handle bio_split_to_limits() NULL return (bsc#1012628). - Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout" (bsc#1012628). - pinctrl: amd: Add dynamic debugging for active GPIOs (bsc#1012628). - Update config files. - commit 872045c ------------------------------------------------------------------ ------------------ 2023-1-17 - Jan 17 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - mm, mremap: fix mremap() expanding for vma's with vm_ops->close() (bsc#1206359). - commit e6ff94b - Refresh patches.suse/ALSA-usb-audio-Make-sure-to-stop-endpoints-before-cl.patch. - Refresh patches.suse/ALSA-usb-audio-More-refactoring-of-hw-constraint-rul.patch. - Refresh patches.suse/ALSA-usb-audio-Relax-hw-constraints-for-implicit-fb-.patch. - Refresh patches.suse/Revert-ALSA-usb-audio-Drop-superfluous-interface-set.patch. - Update patches.suse/docs-Fix-the-docs-build-with-Sphinx-6.0.patch (sphinx_6.0). Update upstream statuses. - commit ffddea5 ------------------------------------------------------------------ ------------------ 2023-1-16 - Jan 16 2023 ------------------- ------------------------------------------------------------------ ++++ container-selinux: - Update to version 2.198.0: * Fix spc_t transition rules on tmpfs_t - Changes from 2.197.0: * Add boolean containers_use_ecryptfs policy - Changes from 2.195.1: * Readd missing allow rules for container_t - Changes from 2.194.0: * Allow syslogd_t to use tmpfs files created by container runtime - Changes from 2.193.0: * Allow containers to mount tmpfs_t file systems * Label spc_t as a init initrc daemon * Allow userdomains to run containers - Changes from 2.191.0: * Create container_logwriter_t type - Changes from 2.190.1: * Support BuildKit * container.fc: Set label for kata-agent * support nerdctl - Changes from 2.190.0: * Packit: initial enablement * Allow iptables to list directories labeled as container_file_t - Changes from 2.189.0: * Dont audit searching other processes in /proc. ++++ kernel-default: - rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage - commit 6020754 - Linux 6.1.6 (bsc#1012628). - ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle (bsc#1012628). - ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (bsc#1012628). - ALSA: hda: cs35l41: Don't return -EINVAL from system suspend/resume (bsc#1012628). - ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP platform (bsc#1012628). - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (bsc#1012628). - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (bsc#1012628). - net: sched: disallow noqueue for qdisc classes (bsc#1012628). - gcc: disable -Warray-bounds for gcc-11 too (bsc#1012628). - Update config files. - Revert "SUNRPC: Use RMW bitops in single-threaded hot paths" (bsc#1012628). - selftests/vm/pkeys: Add a regression test for setting PKRU through ptrace (bsc#1012628). - x86/fpu: Emulate XRSTOR's behavior if the xfeatures PKRU bit is not set (bsc#1012628). - x86/fpu: Allow PKRU to be (once again) written by ptrace (bsc#1012628). - x86/fpu: Add a pkru argument to copy_uabi_to_xstate() (bsc#1012628). - x86/fpu: Add a pkru argument to copy_uabi_from_kernel_to_xstate() (bsc#1012628). - x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (bsc#1012628). - parisc: Align parisc MADV_XXX constants with all other architectures (bsc#1012628). - commit 573f4a9 ++++ pcr-oracle: - Updated to version 0.4.2 ++++ rust-keylime: - Update to version 0.1.0+git.1672681780.762cec8: * build(deps): bump openssl from 0.10.41 to 0.10.45 * build(deps): bump tokio from 1.21.1 to 1.23.0 * Disable dnf-makecache.service to save RAM * CI tests: Do not remove Fedora tag repository * add support for cargo deb * Pacify clippy::needless-borrow * Move tpm.rs from keylime-agent to the library * Split crates into library and applications - Add 0001-keylime-agent-remove-const_err-deny.patch - Fix "cargo install" with workspaces https://github.com/rust-lang/cargo/issues/7599 - Add 0001-Cargo.toml-tss-esapi-bindings.patch ------------------------------------------------------------------ ------------------ 2023-1-13 - Jan 13 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Revert "mm/compaction: fix set skip in fast_find_migrateblock" (bsc#1206848). - commit e99ed0e ------------------------------------------------------------------ ------------------ 2023-1-12 - Jan 12 2023 ------------------- ------------------------------------------------------------------ ++++ container-selinux: - Rename spc_timedated.patch to spc.patch - Update spc.patch to allow privileged containers to use localectl (bsc#1207077) ++++ kernel-default: - Linux 6.1.5 (bsc#1012628). - ARM: renumber bits related to _TIF_WORK_MASK (bsc#1012628). - btrfs: replace strncpy() with strscpy() (bsc#1012628). - cifs: fix interface count calculation during refresh (bsc#1012628). - cifs: refcount only the selected iface during interface update (bsc#1012628). - usb: dwc3: gadget: Ignore End Transfer delay on teardown (bsc#1012628). - btrfs: fix off-by-one in delalloc search during lseek (bsc#1012628). - btrfs: fix compat_ro checks against remount (bsc#1012628). - perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor (bsc#1012628). - perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data (bsc#1012628). - phy: qcom-qmp-combo: fix broken power on (bsc#1012628). - btrfs: fix an error handling path in btrfs_defrag_leaves() (bsc#1012628). - SUNRPC: ensure the matching upcall is in-flight upon downcall (bsc#1012628). - wifi: ath9k: use proper statements in conditionals (bsc#1012628). - bpf: pull before calling skb_postpull_rcsum() (bsc#1012628). - drm/panfrost: Fix GEM handle creation ref-counting (bsc#1012628). - netfilter: nf_tables: consolidate set description (bsc#1012628). - netfilter: nf_tables: add function to create set stateful expressions (bsc#1012628). - netfilter: nf_tables: perform type checking for existing sets (bsc#1012628). - ice: xsk: do not use xdp_return_frame() on tx_buf->raw_buf (bsc#1012628). - net: vrf: determine the dst using the original ifindex for multicast (bsc#1012628). - vmxnet3: correctly report csum_level for encapsulated packet (bsc#1012628). - mptcp: fix deadlock in fastopen error path (bsc#1012628). - mptcp: fix lockdep false positive (bsc#1012628). - netfilter: nf_tables: honor set timeout and garbage collection updates (bsc#1012628). - bonding: fix lockdep splat in bond_miimon_commit() (bsc#1012628). - net: lan966x: Fix configuration of the PCS (bsc#1012628). - veth: Fix race with AF_XDP exposing old or uninitialized descriptors (bsc#1012628). - nfsd: shut down the NFSv4 state objects before the filecache (bsc#1012628). - net: hns3: add interrupts re-initialization while doing VF FLR (bsc#1012628). - net: hns3: fix miss L3E checking for rx packet (bsc#1012628). - net: hns3: fix VF promisc mode not update when mac table full (bsc#1012628). - net: sched: fix memory leak in tcindex_set_parms (bsc#1012628). - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (bsc#1012628). - net: dsa: mv88e6xxx: depend on PTP conditionally (bsc#1012628). - nfc: Fix potential resource leaks (bsc#1012628). - bnxt_en: Simplify bnxt_xdp_buff_init() (bsc#1012628). - bnxt_en: Fix XDP RX path (bsc#1012628). - bnxt_en: Fix first buffer size calculations for XDP multi-buffer (bsc#1012628). - bnxt_en: Fix HDS and jumbo thresholds for RX packets (bsc#1012628). - vdpa/mlx5: Fix rule forwarding VLAN to TIR (bsc#1012628). - vdpa/mlx5: Fix wrong mac address deletion (bsc#1012628). - vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (bsc#1012628). - vhost/vsock: Fix error handling in vhost_vsock_init() (bsc#1012628). - vringh: fix range used in iotlb_translate() (bsc#1012628). - vhost: fix range used in translate_desc() (bsc#1012628). - vhost-vdpa: fix an iotlb memory leak (bsc#1012628). - vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (bsc#1012628). - virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session() (bsc#1012628). - vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove (bsc#1012628). - vdpasim: fix memory leak when freeing IOTLBs (bsc#1012628). - net/mlx5: E-Switch, properly handle ingress tagged packets on VST (bsc#1012628). - net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (bsc#1012628). - net/mlx5: Fix io_eq_size and event_eq_size params validation (bsc#1012628). - net/mlx5: Avoid recovery in probe flows (bsc#1012628). - net/mlx5: Fix RoCE setting at HCA level (bsc#1012628). - net/mlx5e: IPoIB, Don't allow CQE compression to be turned on by default (bsc#1012628). - net/mlx5e: Fix RX reporter for XSK RQs (bsc#1012628). - net/mlx5e: CT: Fix ct debugfs folder name (bsc#1012628). - net/mlx5e: Always clear dest encap in neigh-update-del (bsc#1012628). - net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (bsc#1012628). - net/mlx5e: Set geneve_tlv_option_0_exist when matching on geneve option (bsc#1012628). - net/mlx5: Lag, fix failure to cancel delayed bond work (bsc#1012628). - bpf: Always use maximal size for copy_array() (bsc#1012628). - net: hns3: refine the handling for VF heartbeat (bsc#1012628). - net: amd-xgbe: add missed tasklet_kill (bsc#1012628). - net: ena: Fix toeplitz initial hash value (bsc#1012628). - net: ena: Don't register memory info on XDP exchange (bsc#1012628). - net: ena: Account for the number of processed bytes in XDP (bsc#1012628). - net: ena: Use bitmask to indicate packet redirection (bsc#1012628). - net: ena: Fix rx_copybreak value update (bsc#1012628). - net: ena: Set default value for RX interrupt moderation (bsc#1012628). - net: ena: Update NUMA TPH hint register upon NUMA node update (bsc#1012628). - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (bsc#1012628). - gpio: pca953x: avoid to use uninitialized value pinctrl (bsc#1012628). - RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (bsc#1012628). - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (bsc#1012628). - selftests: net: fix cleanup_v6() for arp_ndisc_evict_nocarrier (bsc#1012628). - selftests: net: return non-zero for failures reported in arp_ndisc_evict_nocarrier (bsc#1012628). - drm/meson: Reduce the FIFO lines held when AFBC is not used (bsc#1012628). - filelock: new helper: vfs_inode_has_locks (bsc#1012628). - ceph: switch to vfs_inode_has_locks() to fix file lock bug (bsc#1012628). - gpio: sifive: Fix refcount leak in sifive_gpio_probe (bsc#1012628). - net: sched: atm: dont intepret cls results when asked to drop (bsc#1012628). - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1012628). - vxlan: Fix memory leaks in error path (bsc#1012628). - net: sparx5: Fix reading of the MAC address (bsc#1012628). - netfilter: ipset: fix hash:net,port,net hang with /0 subnet (bsc#1012628). - netfilter: ipset: Rework long task execution when adding/deleting entries (bsc#1012628). - drm/virtio: Fix memory leak in virtio_gpu_object_create() (bsc#1012628). - perf tools: Fix resources leak in perf_data__open_dir() (bsc#1012628). - drm/imx: ipuv3-plane: Fix overlay plane width (bsc#1012628). - fs/ntfs3: don't hold ni_lock when calling truncate_setsize() (bsc#1012628). - drivers/net/bonding/bond_3ad: return when there's no aggregator (bsc#1012628). - octeontx2-pf: Fix lmtst ID used in aura free (bsc#1012628). - usb: rndis_host: Secure rndis_query check against int overflow (bsc#1012628). - perf lock contention: Fix core dump related to not finding the "__sched_text_end" symbol on s/390 (bsc#1012628). - perf stat: Fix handling of unsupported cgroup events when using BPF counters (bsc#1012628). - perf stat: Fix handling of --for-each-cgroup with --bpf-counters to match non BPF mode (bsc#1012628). - drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (bsc#1012628). - drm/i915/gvt: fix double free bug in split_2MB_gtt_entry (bsc#1012628). - ublk: honor IO_URING_F_NONBLOCK for handling control command (bsc#1012628). - qed: allow sleep in qed_mcp_trace_dump() (bsc#1012628). - net/ulp: prevent ULP without clone op from entering the LISTEN status (bsc#1012628). - caif: fix memory leak in cfctrl_linkup_request() (bsc#1012628). - udf: Fix extension of the last extent in the file (bsc#1012628). - usb: dwc3: xilinx: include linux/gpio/consumer.h (bsc#1012628). - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (bsc#1012628). - ASoC: SOF: Revert: "core: unregister clients and machine drivers in .shutdown" (bsc#1012628). - 9p/client: fix data race on req->status (bsc#1012628). - ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (bsc#1012628). - ASoC: SOF: mediatek: initialize panic_info to zero (bsc#1012628). - drm/amdgpu: Fix size validation for non-exclusive domains (v4) (bsc#1012628). - drm/amdkfd: Fix kfd_process_device_init_vm error handling (bsc#1012628). - drm/amdkfd: Fix double release compute pasid (bsc#1012628). - io_uring/cancel: re-grab ctx mutex after finishing wait (bsc#1012628). - nvme: fix multipath crash caused by flush request when blktrace is enabled (bsc#1012628). - ACPI: video: Allow GPU drivers to report no panels (bsc#1012628). - drm/amd/display: Report to ACPI video if no panels were found (bsc#1012628). - ACPI: video: Don't enable fallback path for creating ACPI backlight by default (bsc#1012628). - io_uring: check for valid register opcode earlier (bsc#1012628). - kunit: alloc_string_stream_fragment error handling bug fix (bsc#1012628). - nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (bsc#1012628). - nvme: also return I/O command effects from nvme_command_effects (bsc#1012628). - ASoC: SOF: Intel: pci-tgl: unblock S5 entry if DMA stop has failed" (bsc#1012628). - x86/kexec: Fix double-free of elf header buffer (bsc#1012628). - x86/bugs: Flush IBP in ib_prctl_set() (bsc#1012628). - nfsd: fix handling of readdir in v4root vs. mount upcall timeout (bsc#1012628). - fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (bsc#1012628). - bpf: Fix panic due to wrong pageattr of im->image (bsc#1012628). - Revert "drm/amd/display: Enable Freesync Video Mode by default" (bsc#1012628). - Revert "net: dsa: qca8k: cache lo and hi for mdio write" (bsc#1012628). - net: dsa: qca8k: fix wrong length value for mgmt eth packet (bsc#1012628). - net: dsa: tag_qca: fix wrong MGMT_DATA2 size (bsc#1012628). - block: don't allow splitting of a REQ_NOWAIT bio (bsc#1012628). - io_uring: pin context while queueing deferred tw (bsc#1012628). - io_uring: fix CQ waiting timeout handling (bsc#1012628). - tpm: Allow system suspend to continue when TPM suspend fails (bsc#1012628). - vhost_vdpa: fix the crash in unmap a large memory (bsc#1012628). - thermal: int340x: Add missing attribute for data rate base (bsc#1012628). - riscv: uaccess: fix type of 0 variable on error in get_user() (bsc#1012628). - riscv, kprobes: Stricter c.jr/c.jalr decoding (bsc#1012628). - of/fdt: run soc memory setup when early_init_dt_scan_memory fails (bsc#1012628). - drm/plane-helper: Add the missing declaration of drm_atomic_state (bsc#1012628). - drm/amdkfd: Fix kernel warning during topology setup (bsc#1012628). - drm/i915/gvt: fix gvt debugfs destroy (bsc#1012628). - drm/i915/gvt: fix vgpu debugfs clean in remove (bsc#1012628). - virtio-blk: use a helper to handle request queuing errors (bsc#1012628). - virtio_blk: Fix signedness bug in virtblk_prep_rq() (bsc#1012628). - drm/amd/display: Add check for DET fetch latency hiding for dcn32 (bsc#1012628). - drm/amd/display: Uninitialized variables causing 4k60 UCLK to stay at DPM1 and not DPM0 (bsc#1012628). - btrfs: handle case when repair happens with dev-replace (bsc#1012628). - ksmbd: fix infinite loop in ksmbd_conn_handler_loop() (bsc#1012628). - ksmbd: send proper error response in smb2_tree_connect() (bsc#1012628). - ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in ksmbd_decode_ntlmssp_auth_blob (bsc#1012628). - drm/i915/dsi: add support for ICL+ native MIPI GPIO sequence (bsc#1012628). - drm/i915/dsi: fix MIPI_BKLT_EN_1 native GPIO index (bsc#1012628). - efi: random: combine bootloader provided RNG seed with RNG protocol output (bsc#1012628). - wifi: ath11k: Send PME message during wakeup from D3cold (bsc#1012628). - commit 0fb77d6 ------------------------------------------------------------------ ------------------ 2023-1-11 - Jan 11 2023 ------------------- ------------------------------------------------------------------ ++++ container-selinux: - Add spc_timedated.patch to allow privileged containers to use timedatectl (bsc#1207054) ------------------------------------------------------------------ ------------------ 2023-1-10 - Jan 10 2023 ------------------- ------------------------------------------------------------------ ++++ docker-compose: - Update to version 2.15.1: * Don't share the options map * don't filter by services if no filter was set * use a simpler prompt implementation when we lack a terminal * fix CVE-2022-27664 and CVE-2022-32149 high-risk vulnerability * add support for uts namespace ++++ kdump: - improve the generation of calibrate.conf * print the qemu messages and trackrss log during calibrate * use static IP address for calibration * all calibrate.conf variants now stored in a single file * added a README and a helper script for updating calibrate.conf * prevent dracut from running emergency shell * fix s390x build dependencies - fix deleting of a temporary file in dracut/module-setup.sh - look for nsswitch.conf in /etc and /usr/etc - never run a debugging shell when KDUMP_CONTINUE_ON_ERROR is set - remove build dependency for wicked - fix package summary in the spec file ------------------------------------------------------------------ ------------------ 2023-1-9 - Jan 9 2023 ------------------- ------------------------------------------------------------------ ++++ fde-tools: - Updated to version 0.6.2 - Several patches that were added last-minute for the December snapshot have been folded back into git. - Implement first stab at authorized policies. ++++ kernel-default: - docs: Fix the docs build with Sphinx 6.0 (sphinx_6.0-staging_E). - commit 4b9b43c - Linux 6.1.4 (bsc#1012628). - drm/amdgpu: skip MES for S0ix as well since it's part of GFX (bsc#1012628). - drm/amdgpu: skip mes self test after s0i3 resume for MES IP v11.0 (bsc#1012628). - media: stv0288: use explicitly signed char (bsc#1012628). - cxl/region: Fix memdev reuse check (bsc#1012628). - arm64: dts: qcom: sc8280xp: fix UFS DMA coherency (bsc#1012628). - arm64: Prohibit instrumentation on arch_stack_walk() (bsc#1012628). - soc: qcom: Select REMAP_MMIO for LLCC driver (bsc#1012628). - soc: qcom: Select REMAP_MMIO for ICC_BWMON driver (bsc#1012628). - kest.pl: Fix grub2 menu handling for rebooting (bsc#1012628). - ktest.pl minconfig: Unset configs instead of just removing them (bsc#1012628). - jbd2: use the correct print format (bsc#1012628). - perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1012628). - perf/x86/intel/uncore: Clear attr_update properly (bsc#1012628). - arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (bsc#1012628). - arm64: dts: qcom: sc8280xp: fix UFS reference clocks (bsc#1012628). - mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (bsc#1012628). - phy: qcom-qmp-combo: fix out-of-bounds clock access (bsc#1012628). - drm/amd/pm: update SMU13.0.0 reported maximum shader clock (bsc#1012628). - drm/amd/pm: correct SMU13.0.0 pstate profiling clock settings (bsc#1012628). - btrfs: fix uninitialized parent in insert_state (bsc#1012628). - btrfs: fix extent map use-after-free when handling missing device in read_one_chunk (bsc#1012628). - btrfs: fix resolving backrefs for inline extent followed by prealloc (bsc#1012628). - ARM: ux500: do not directly dereference __iomem (bsc#1012628). - arm64: dts: qcom: sdm850-samsung-w737: correct I2C12 pins drive strength (bsc#1012628). - random: use rejection sampling for uniform bounded random integers (bsc#1012628). - x86/fpu/xstate: Fix XSTATE_WARN_ON() to emit relevant diagnostics (bsc#1012628). - arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (bsc#1012628). - cxl/region: Fix missing probe failure (bsc#1012628). - EDAC/mc_sysfs: Increase legacy channel support to 12 (bsc#1012628). - selftests: Use optional USERCFLAGS and USERLDFLAGS (bsc#1012628). - x86/MCE/AMD: Clear DFR errors found in THR handler (bsc#1012628). - random: add helpers for random numbers with given floor or range (bsc#1012628). - PM/devfreq: governor: Add a private governor_data for governor (bsc#1012628). - cpufreq: Init completion before kobject_init_and_add() (bsc#1012628). - ext2: unbugger ext2_empty_dir() (bsc#1012628). - media: s5p-mfc: Fix to handle reference queue during finishing (bsc#1012628). - media: s5p-mfc: Clear workbit to handle error condition (bsc#1012628). - media: s5p-mfc: Fix in register read and write for H264 (bsc#1012628). - bpf: Resolve fext program type when checking map compatibility (bsc#1012628). - ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (bsc#1012628). - ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (bsc#1012628). - platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1012628). - platform/x86: ideapad-laptop: Revert "check for touchpad support in _CFG" (bsc#1012628). - platform/x86: ideapad-laptop: Add new _CFG bit numbers for future use (bsc#1012628). - platform/x86: ideapad-laptop: support for more special keys in WMI (bsc#1012628). - ACPI: video: Simplify __acpi_video_get_backlight_type() (bsc#1012628). - ACPI: video: Prefer native over vendor (bsc#1012628). - platform/x86: ideapad-laptop: Refactor ideapad_sync_touchpad_state() (bsc#1012628). - platform/x86: ideapad-laptop: Do not send KEY_TOUCHPAD* events on probe / resume (bsc#1012628). - platform/x86: ideapad-laptop: Only toggle ps2 aux port on/off on select models (bsc#1012628). - platform/x86: ideapad-laptop: Send KEY_TOUCHPAD_TOGGLE on some models (bsc#1012628). - platform/x86: ideapad-laptop: Stop writing VPCCMD_W_TOUCHPAD at probe time (bsc#1012628). - platform/x86: intel-uncore-freq: add Emerald Rapids support (bsc#1012628). - ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (bsc#1012628). - platform/x86: x86-android-tablets: Add Medion Lifetab S10346 data (bsc#1012628). - platform/x86: x86-android-tablets: Add Lenovo Yoga Tab 3 (YT3-X90F) charger + fuel-gauge data (bsc#1012628). - platform/x86: x86-android-tablets: Add Advantech MICA-071 extra button (bsc#1012628). - HID: Ignore HP Envy x360 eu0009nv stylus battery (bsc#1012628). - ALSA: usb-audio: Add new quirk FIXED_RATE for JBL Quantum810 Wireless (bsc#1012628). - fs: dlm: fix sock release if listen fails (bsc#1012628). - fs: dlm: retry accept() until -EAGAIN or error returns (bsc#1012628). - mptcp: netlink: fix some error return code (bsc#1012628). - mptcp: remove MPTCP 'ifdef' in TCP SYN cookies (bsc#1012628). - mptcp: dedicated request sock for subflow in v6 (bsc#1012628). - mptcp: use proper req destructor for IPv6 (bsc#1012628). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (bsc#1012628). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (bsc#1012628). - dm thin: Use last transaction's pmd->root when commit failed (bsc#1012628). - dm thin: resume even if in FAIL mode (bsc#1012628). - dm thin: Fix UAF in run_timer_softirq() (bsc#1012628). - dm integrity: Fix UAF in dm_integrity_dtr() (bsc#1012628). - dm clone: Fix UAF in clone_dtr() (bsc#1012628). - dm cache: Fix UAF in destroy() (bsc#1012628). - dm cache: set needs_check flag after aborting metadata (bsc#1012628). - ata: ahci: fix enum constants for gcc-13 (bsc#1012628). - PCI/DOE: Fix maximum data object length miscalculation (bsc#1012628). - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (bsc#1012628). - perf/core: Call LSM hook after copying perf_event_attr (bsc#1012628). - xtensa: add __umulsidi3 helper (bsc#1012628). - of/kexec: Fix reading 32-bit "linux,initrd-{start,end}" values (bsc#1012628). - ima: Fix hash dependency to correct algorithm (bsc#1012628). - KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (bsc#1012628). - KVM: nVMX: Inject #GP, not #UD, if "generic" VMXON CR0/CR4 check fails (bsc#1012628). - KVM: x86: fix APICv/x2AVIC disabled when vm reboot by itself (bsc#1012628). - KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (bsc#1012628). - x86/microcode/intel: Do not retry microcode reloading on the APs (bsc#1012628). - ftrace/x86: Add back ftrace_expected for ftrace bug reports (bsc#1012628). - x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (bsc#1012628). - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (bsc#1012628). - tracing: Fix race where eprobes can be called before the event (bsc#1012628). - powerpc/ftrace: fix syscall tracing on PPC64_ELF_ABI_V1 (bsc#1012628). - tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (bsc#1012628). - tracing/hist: Fix wrong return value in parse_action_params() (bsc#1012628). - tracing/probes: Handle system names with hyphens (bsc#1012628). - tracing: Fix issue of missing one synthetic field (bsc#1012628). - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (bsc#1012628). - staging: media: tegra-video: fix chan->mipi value on error (bsc#1012628). - staging: media: tegra-video: fix device_node use after free (bsc#1012628). - arm64: dts: mediatek: mt8195-demo: fix the memory size of node secmon (bsc#1012628). - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (bsc#1012628). - media: dvb-core: Fix double free in dvb_register_device() (bsc#1012628). - cifs: fix confusing debug message (bsc#1012628). - cifs: fix missing display of three mount options (bsc#1012628). - cifs: set correct tcon status after initial tree connect (bsc#1012628). - cifs: set correct ipc status after initial tree connect (bsc#1012628). - cifs: set correct status of tcon ipc when reconnecting (bsc#1012628). - ravb: Fix "failed to switch device to config mode" message during unbind (bsc#1012628). - rtc: ds1347: fix value written to century register (bsc#1012628). - drm/amdgpu: fix mmhub register base coding error (bsc#1012628). - block: mq-deadline: Fix dd_finish_request() for zoned devices (bsc#1012628). - block: mq-deadline: Do not break sequential write streams to zoned HDDs (bsc#1012628). - md/bitmap: Fix bitmap chunk size overflow issues (bsc#1012628). - efi: Add iMac Pro 2017 to uefi skip cert quirk (bsc#1012628). - wifi: wilc1000: sdio: fix module autoloading (bsc#1012628). - ASoC: jz4740-i2s: Handle independent FIFO flush bits (bsc#1012628). - ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (bsc#1012628). - ipmi: fix long wait in unload when IPMI disconnect (bsc#1012628). - mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (bsc#1012628). - ima: Fix a potential NULL pointer access in ima_restore_measurement_list (bsc#1012628). - ipmi: fix use after free in _ipmi_destroy_user() (bsc#1012628). - mtd: spi-nor: gigadevice: gd25q256: replace gd25q256_default_init with gd25q256_post_bfpt (bsc#1012628). - ima: Fix memory leak in __ima_inode_hash() (bsc#1012628). - um: virt-pci: Avoid GCC non-NULL warning (bsc#1012628). - crypto: ccree,hisilicon - Fix dependencies to correct algorithm (bsc#1012628). - PCI: Fix pci_device_is_present() for VFs by checking PF (bsc#1012628). - PCI/sysfs: Fix double free in error path (bsc#1012628). - RISC-V: kexec: Fix memory leak of fdt buffer (bsc#1012628). - riscv: Fixup compile error with !MMU (bsc#1012628). - RISC-V: kexec: Fix memory leak of elf header buffer (bsc#1012628). - riscv: stacktrace: Fixup ftrace_graph_ret_addr retp argument (bsc#1012628). - riscv: mm: notify remote harts about mmu cache updates (bsc#1012628). - crypto: n2 - add missing hash statesize (bsc#1012628). - crypto: ccp - Add support for TEE for PCI ID 0x14CA (bsc#1012628). - driver core: Fix bus_type.match() error handling in __driver_attach() (bsc#1012628). - bus: mhi: host: Fix race between channel preparation and M0 event (bsc#1012628). - phy: qcom-qmp-combo: fix sdm845 reset (bsc#1012628). - phy: qcom-qmp-combo: fix sc8180x reset (bsc#1012628). - iommu/amd: Fix ivrs_acpihid cmdline parsing code (bsc#1012628). - iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (bsc#1012628). - test_kprobes: Fix implicit declaration error of test_kprobes (bsc#1012628). - hugetlb: really allocate vma lock for all sharable vmas (bsc#1012628). - remoteproc: imx_dsp_rproc: Add mutex protection for workqueue (bsc#1012628). - remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (bsc#1012628). - remoteproc: imx_rproc: Correct i.MX93 DRAM mapping (bsc#1012628). - parisc: led: Fix potential null-ptr-deref in start_task() (bsc#1012628). - parisc: Drop locking in pdc console code (bsc#1012628). - parisc: Fix locking in pdc_iodc_print() firmware call (bsc#1012628). - parisc: Add missing FORCE prerequisites in Makefile (bsc#1012628). - parisc: Drop duplicate kgdb_pdc console (bsc#1012628). - parisc: Drop PMD_SHIFT from calculation in pgtable.h (bsc#1012628). - device_cgroup: Roll back to original exceptions after copy failure (bsc#1012628). - drm/connector: send hotplug uevent on connector cleanup (bsc#1012628). - drm/vmwgfx: Validate the box size for the snooped cursor (bsc#1012628). - drm/mgag200: Fix PLL setup for G200_SE_A rev >=4 (bsc#1012628). - drm/etnaviv: move idle mapping reaping into separate function (bsc#1012628). - drm/i915/dsi: fix VBT send packet port selection for dual link DSI (bsc#1012628). - drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (bsc#1012628). - drm/etnaviv: reap idle mapping if it doesn't match the softpin address (bsc#1012628). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1012628). - ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1012628). - ext4: remove trailing newline from ext4_msg() message (bsc#1012628). - ext4: correct inconsistent error msg in nojournal mode (bsc#1012628). - fs: ext4: initialize fsdata in pagecache_write() (bsc#1012628). - ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1012628). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1012628). - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1012628). - ext4: add helper to check quota inums (bsc#1012628). - ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1012628). - ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1012628). - ext4: journal_path mount options should follow links (bsc#1012628). - ext4: check and assert if marking an no_delete evicting inode dirty (bsc#1012628). - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1012628). - ext4: don't allow journal inode to have encrypt flag (bsc#1012628). - ext4: disable fast-commit of encrypted dir operations (bsc#1012628). - ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1012628). - ext4: don't set up encryption key during jbd2 transaction (bsc#1012628). - ext4: add missing validation of fast-commit record lengths (bsc#1012628). - ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1012628). - ext4: fix off-by-one errors in fast-commit block filling (bsc#1012628). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1012628). - ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1012628). - ext4: don't fail GETFSUUID when the caller provides a long buffer (bsc#1012628). - ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1012628). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1012628). - ext4: fix error code return to user-space in ext4_get_branch() (bsc#1012628). - ext4: fix bad checksum after online resize (bsc#1012628). - ext4: dont return EINVAL from GETFSUUID when reporting UUID length (bsc#1012628). - ext4: fix corrupt backup group descriptors after online resize (bsc#1012628). - ext4: avoid BUG_ON when creating xattrs (bsc#1012628). - ext4: fix deadlock due to mbcache entry corruption (bsc#1012628). - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1012628). - ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1012628). - ext4: initialize quota before expanding inode in setproject ioctl (bsc#1012628). - ext4: avoid unaccounted block allocation when expanding inode (bsc#1012628). - ext4: allocate extended attribute value in vmalloc area (bsc#1012628). - drm/i915/ttm: consider CCS for backup objects (bsc#1012628). - drm/amd/display: Add DCN314 display SG Support (bsc#1012628). - drm/amdgpu: handle polaris10/11 overlap asics (v2) (bsc#1012628). - drm/amdgpu: make display pinning more flexible (v2) (bsc#1012628). - drm/i915: improve the catch-all evict to handle lock contention (bsc#1012628). - drm/i915/migrate: Account for the reserved_space (bsc#1012628). - drm/amd/pm: add missing SMU13.0.0 mm_dpm feature mapping (bsc#1012628). - drm/amd/pm: add missing SMU13.0.7 mm_dpm feature mapping (bsc#1012628). - drm/amd/pm: bump SMU13.0.0 driver_if header to version 0x34 (bsc#1012628). - drm/amd/pm: correct the fan speed retrieving in PWM for some SMU13 asics (bsc#1012628). - commit 9fd04e2 ------------------------------------------------------------------ ------------------ 2023-1-6 - Jan 6 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs This makes in-tree KMPs more consistent with externally built KMPs and silences several rpmlint warnings. - commit 02b7735 - rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_* Dummy gcc pretends to support -mrecord-mcount option but actual gcc on ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in check failure. As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT in the exception list, replace them with a general pattern. And add OBJTOOL as well. - commit 887416f ------------------------------------------------------------------ ------------------ 2023-1-5 - Jan 5 2023 ------------------- ------------------------------------------------------------------ ++++ docker-compose: - Update to version 2.15.0: * add support for COMPOSE_PARALLEL_LIMIT (parity with Compose v1) * introduce --no-attach to ignore some service output * introduce `--ignore-buildable` to ignore buildable images on pull * limit build concurrency according to --parallel * Ignore not only auto-removed containers but also "removal in progress" for orphan containers * Set `pullChanged` when setting `--pull` on `compose up` * Fix empty file when using compose config in case of smaller source files * Update documentation * build(deps): bump github.com/docker/cli-docs-tool from 0.5.0 to 0.5.1 * add support of privileged attribut in service.build section * cleanup framework.go from uncessary debug logs * reduce cyclomatic complexity * fix security opts support (seccomp and unconfined) * check service names based on project, not running containers * debut output for CI * change the way finding the just built compose binary * e2e tests display Compose version used to run the test currently the version displayed is the one installed and not the one use for the tests * rely on CI timeout * add buildx plugin to e2e configuration directory * remove flaky TestLocalComposeLogsFollow * service hash MUST exclude replicas * don't assume os.Stdout and rely on dockerCLI.streams * dump stdout to help diagnose flaky test * don't fail `logs` when driver:none is set * introduce support for cgroup namespace ++++ kernel-default: - supported-flag: fix build failures with SUSE_KERNEL_SUPPORTED=y Upstream commit 425937381ec (kbuild: re-run modpost when it is updated) added an expectation that the MODPOST variable would only point to the modpost executable and moved arguments to the modpost-args variable. Also removed some legacy stuff, like the assumption that MODVERDIR would exist (and then later creating it and using it) when the only two places we ever care about Module.supported being located are the directory in which an external module is being built and the current directory. - commit 2e19141 - config: Added product codes to suse_version.h for comparison Refreshed patches.suse/kernel-add-product-identifying-information-to-kernel-build.patch. - commit 3dffbad - config: Added support for ALP releases in product identifiers - Refresh patches.suse/kernel-add-product-identifying-information-to-kernel-build.patch. - commit 1b2e183 - Revert "ALSA: usb-audio: Drop superfluous interface setup at parsing" (bsc#1206766). - ALSA: usb-audio: More refactoring of hw constraint rules (bsc#1206766). - ALSA: usb-audio: Relax hw constraints for implicit fb sync (bsc#1206766). - ALSA: usb-audio: Make sure to stop endpoints before closing EPs (bsc#1206766). - commit 80a4df2 ++++ pcr-oracle: - Fix project URL ------------------------------------------------------------------ ------------------ 2023-1-4 - Jan 4 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Linux 6.1.3 (bsc#1012628). - eventpoll: add EPOLL_URING_WAKE poll wakeup flag (bsc#1012628). - eventfd: provide a eventfd_signal_mask() helper (bsc#1012628). - io_uring: pass in EPOLL_URING_WAKE for eventfd signaling and wakeups (bsc#1012628). - nvme-pci: fix doorbell buffer value endianness (bsc#1012628). - nvme-pci: fix mempool alloc size (bsc#1012628). - nvme-pci: fix page size checks (bsc#1012628). - ACPI: resource: do IRQ override on XMG Core 15 (bsc#1012628). - ACPI: resource: do IRQ override on Lenovo 14ALC7 (bsc#1012628). - ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks (bsc#1012628). - ACPI: video: Fix Apple GMUX backlight detection (bsc#1012628). - block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (bsc#1012628). - ata: ahci: Fix PCS quirk application for suspend (bsc#1012628). - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (bsc#1012628). - nvmet: don't defer passthrough commands with trivial effects to the workqueue (bsc#1012628). - fs/ntfs3: Validate BOOT record_size (bsc#1012628). - fs/ntfs3: Add overflow check for attribute size (bsc#1012628). - fs/ntfs3: Validate data run offset (bsc#1012628). - fs/ntfs3: Add null pointer check to attr_load_runs_vcn (bsc#1012628). - fs/ntfs3: Fix memory leak on ntfs_fill_super() error path (bsc#1012628). - fs/ntfs3: Add null pointer check for inode operations (bsc#1012628). - fs/ntfs3: Validate attribute name offset (bsc#1012628). - fs/ntfs3: Validate buffer length while parsing index (bsc#1012628). - fs/ntfs3: Validate resident attribute name (bsc#1012628). - fs/ntfs3: Fix slab-out-of-bounds read in run_unpack (bsc#1012628). - soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (bsc#1012628). - phy: sun4i-usb: Introduce port2 SIDDQ quirk (bsc#1012628). - phy: sun4i-usb: Add support for the H616 USB PHY (bsc#1012628). - fs/ntfs3: Validate index root when initialize NTFS security (bsc#1012628). - fs/ntfs3: Use __GFP_NOWARN allocation at wnd_init() (bsc#1012628). - fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_fill_super() (bsc#1012628). - fs/ntfs3: Delete duplicate condition in ntfs_read_mft() (bsc#1012628). - fs/ntfs3: Fix slab-out-of-bounds in r_page (bsc#1012628). - objtool: Fix SEGFAULT (bsc#1012628). - iommu/mediatek: Fix crash on isr after kexec() (bsc#1012628). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1012628). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1012628). - rtc: msc313: Fix function prototype mismatch in msc313_rtc_probe() (bsc#1012628). - kprobes: kretprobe events missing on 2-core KVM guest (bsc#1012628). - HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (bsc#1012628). - HID: plantronics: Additional PIDs for double volume key presses quirk (bsc#1012628). - futex: Fix futex_waitv() hrtimer debug object leak on kcalloc error (bsc#1012628). - rtmutex: Add acquire semantics for rtmutex lock acquisition slow path (bsc#1012628). - mm/mempolicy: fix memory leak in set_mempolicy_home_node system call (bsc#1012628). - kmsan: export kmsan_handle_urb (bsc#1012628). - kmsan: include linux/vmalloc.h (bsc#1012628). - pstore: Properly assign mem_type property (bsc#1012628). - pstore/zone: Use GFP_ATOMIC to allocate zone buffer (bsc#1012628). - hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (bsc#1012628). - ACPI: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1012628). - ACPI: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1012628). - binfmt: Fix error return code in load_elf_fdpic_binary() (bsc#1012628). - ovl: Use ovl mounter's fsuid and fsgid in ovl_link() (bsc#1012628). - ovl: update ->f_iocb_flags when ovl_change_flags() modifies - >f_flags (bsc#1012628). - ALSA: line6: correct midi status byte when receiving data from podxt (bsc#1012628). - ALSA: line6: fix stack overflow in line6_midi_transmit (bsc#1012628). - pnode: terminate at peers of source (bsc#1012628). - mfd: mt6360: Add bounds checking in Regmap read/write call-backs (bsc#1012628). - md: fix a crash in mempool_free (bsc#1012628). - mm, compaction: fix fast_isolate_around() to stay within boundaries (bsc#1012628). - f2fs: should put a page when checking the summary info (bsc#1012628). - f2fs: allow to read node block after shutdown (bsc#1012628). - block: Do not reread partition table on exclusively open device (bsc#1012628). - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (bsc#1012628). - tpm: acpi: Call acpi_put_table() to fix memory leak (bsc#1012628). - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (bsc#1012628). - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (bsc#1012628). - SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails (bsc#1012628). - kcsan: Instrument memcpy/memset/memmove with newer Clang (bsc#1012628). - commit a5315fb ++++ pcr-oracle: - add --rsa-generate-key option ++++ tpm2.0-tools: - Re-disable tests in PPC, PPC64 and S390X and reference issues about endianness unsafe API ------------------------------------------------------------------ ------------------ 2023-1-3 - Jan 3 2023 ------------------- ------------------------------------------------------------------ ++++ grub2: - Move unsupported zfs modules into 'extras' packages (bsc#1205554) (PED-2947) ++++ pcr-oracle: - Updated to version 0.4.1: - disable debug messages from authenticode PECOFF parser - add --tpm-eventlog option - add manpage ------------------------------------------------------------------ ------------------ 2023-1-2 - Jan 2 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Enable Qualcomm soundwire stuff on armv7hl/default (bsc#1206782) - commit fe2e154 - mm, mremap: fix mremap() expanding vma with addr inside vma (bsc#1206359). Update upstream status. - commit 05f50ad - Refresh patches.suse/tcp-Add-TIME_WAIT-sockets-in-bhash2.patch. Update upstream status. - commit c14f878 ++++ pcr-oracle: - Updated to version 0.4: - drop the dependency on tss2 fapi - introduce authorized policies ------------------------------------------------------------------ ------------------ 2023-1-1 - Jan 1 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Linux 6.1.2 (bsc#1012628). - MIPS: DTS: CI20: fix reset line polarity of the ethernet controller (bsc#1012628). - usb: musb: remove extra check in musb_gadget_vbus_draw (bsc#1012628). - arm64: dts: renesas: r8a779g0: Fix HSCIF0 "brg_int" clock (bsc#1012628). - arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins (bsc#1012628). - arm64: dts: qcom: sm8250-sony-xperia-edo: fix touchscreen bias-disable (bsc#1012628). - arm64: dts: qcom: sdm845-xiaomi-polaris: fix codec pin conf name (bsc#1012628). - arm64: dts: qcom: msm8996: Add MSM8996 Pro support (bsc#1012628). - arm64: dts: qcom: msm8996: fix supported-hw in cpufreq OPP tables (bsc#1012628). - arm64: dts: qcom: msm8996: fix GPU OPP table (bsc#1012628). - ARM: dts: qcom: apq8064: fix coresight compatible (bsc#1012628). - arm64: dts: qcom: sdm630: fix UART1 pin bias (bsc#1012628). - arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias (bsc#1012628). - arm64: dts: qcom: msm8916: Drop MSS fallback compatible (bsc#1012628). - arm64: dts: fsd: fix drive strength macros as per FSD HW UM (bsc#1012628). - arm64: dts: fsd: fix drive strength values as per FSD HW UM (bsc#1012628). - memory: renesas-rpc-if: Clear HS bit during hardware initialization (bsc#1012628). - objtool, kcsan: Add volatile read/write instrumentation to whitelist (bsc#1012628). - ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96 (bsc#1012628). - ARM: dts: stm32: Fix AV96 WLAN regulator gpio property (bsc#1012628). - drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static (bsc#1012628). - firmware: ti_sci: Fix polled mode during system suspend (bsc#1012628). - riscv: dts: microchip: fix memory node unit address for icicle (bsc#1012628). - arm64: dts: qcom: pm660: Use unique ADC5_VCOIN address in node name (bsc#1012628). - arm64: dts: qcom: sm8250: correct LPASS pin pull down (bsc#1012628). - arm64: dts: qcom: sc7180-trogdor-homestar: fully configure secondary I2S pins (bsc#1012628). - soc: qcom: llcc: make irq truly optional (bsc#1012628). - arm64: dts: qcom: sm8150: fix UFS PHY registers (bsc#1012628). - arm64: dts: qcom: sm8250: fix UFS PHY registers (bsc#1012628). - arm64: dts: qcom: sm8350: fix UFS PHY registers (bsc#1012628). - arm64: dts: qcom: sm8450: fix UFS PHY registers (bsc#1012628). - arm64: dts: qcom: msm8996: fix sound card reset line polarity (bsc#1012628). - arm64: dts: qcom: sm8250-mtp: fix reset line polarity (bsc#1012628). - arm64: dts: qcom: sc7280: fix codec reset line polarity for CRD 3.0/3.1 (bsc#1012628). - arm64: dts: qcom: sc7280: fix codec reset line polarity for CRD 1.0/2.0 (bsc#1012628). - arm64: dts: qcom: sm8250: drop bogus DP PHY clock (bsc#1012628). - arm64: dts: qcom: sm6350: drop bogus DP PHY clock (bsc#1012628). - soc: qcom: apr: Add check for idr_alloc and of_property_read_string_index (bsc#1012628). - arm64: dts: qcom: pm6350: Include header for KEY_POWER (bsc#1012628). - arm64: dts: qcom: sm6125: fix SDHCI CQE reg names (bsc#1012628). - arm64: dts: renesas: r8a779f0: Fix HSCIF "brg_int" clock (bsc#1012628). - arm64: dts: renesas: r8a779f0: Fix SCIF "brg_int" clock (bsc#1012628). - arm64: dts: renesas: r9a09g011: Fix unit address format error (bsc#1012628). - arm64: dts: renesas: r9a09g011: Fix I2C SoC specific strings (bsc#1012628). - dt-bindings: pwm: fix microchip corePWM's pwm-cells (bsc#1012628). - soc: sifive: ccache: fix missing iounmap() in error path in sifive_ccache_init() (bsc#1012628). - soc: sifive: ccache: fix missing free_irq() in error path in sifive_ccache_init() (bsc#1012628). - soc: sifive: ccache: fix missing of_node_put() in sifive_ccache_init() (bsc#1012628). - arm64: dts: mt7986: fix trng node name (bsc#1012628). - soc/tegra: cbb: Use correct master_id mask for CBB NOC in Tegra194 (bsc#1012628). - soc/tegra: cbb: Update slave maps for Tegra234 (bsc#1012628). - soc/tegra: cbb: Add checks for potential out of bound errors (bsc#1012628). - soc/tegra: cbb: Check firewall before enabling error reporting (bsc#1012628). - arm64: dts: qcom: sc7280: Mark all Qualcomm reference boards as LTE (bsc#1012628). - arm: dts: spear600: Fix clcd interrupt (bsc#1012628). - riscv: dts: microchip: fix the icicle's #pwm-cells (bsc#1012628). - soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe (bsc#1012628). - soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe (bsc#1012628). - arm64: mm: kfence: only handle translation faults (bsc#1012628). - perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init() (bsc#1012628). - drivers: perf: marvell_cn10k: Fix hotplug callback leak in tad_pmu_init() (bsc#1012628). - perf/arm_dmc620: Fix hotplug callback leak in dmc620_pmu_init() (bsc#1012628). - perf/smmuv3: Fix hotplug callback leak in arm_smmu_pmu_init() (bsc#1012628). - arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node (bsc#1012628). - arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node (bsc#1012628). - arm64: dts: ti: k3-j7200-mcu-wakeup: Drop dma-coherent in crypto node (bsc#1012628). - arm64: dts: ti: k3-j721s2: Fix the interrupt ranges property for main & wkup gpio intr (bsc#1012628). - riscv: dts: microchip: remove pcie node from the sev kit (bsc#1012628). - ARM: dts: nuvoton: Remove bogus unit addresses from fixed-partition nodes (bsc#1012628). - arm64: dts: mediatek: mt8195: Fix CPUs capacity-dmips-mhz (bsc#1012628). - arm64: dts: mt7896a: Fix unit_address_vs_reg warning for oscillator (bsc#1012628). - arm64: dts: mt6779: Fix devicetree build warnings (bsc#1012628). - arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators (bsc#1012628). - arm64: dts: mt2712e: Fix unit address for pinctrl node (bsc#1012628). - arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names (bsc#1012628). - arm64: dts: mt2712-evb: Fix usb vbus regulators unit names (bsc#1012628). - arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings (bsc#1012628). - arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name (bsc#1012628). - arm64: tegra: Fix Prefetchable aperture ranges of Tegra234 PCIe controllers (bsc#1012628). - arm64: tegra: Fix non-prefetchable aperture of PCIe C3 controller (bsc#1012628). - arm64: dts: mt7986: move wed_pcie node (bsc#1012628). - ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port (bsc#1012628). - ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port (bsc#1012628). - ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port (bsc#1012628). - ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port (bsc#1012628). - ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port (bsc#1012628). - ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port (bsc#1012628). - ARM: dts: turris-omnia: Add ethernet aliases (bsc#1012628). - ARM: dts: turris-omnia: Add switch port 6 node (bsc#1012628). - arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC (bsc#1012628). - soc: apple: sart: Stop casting function pointer signatures (bsc#1012628). - soc: apple: rtkit: Stop casting function pointer signatures (bsc#1012628). - drivers/perf: hisi: Fix some event id for hisi-pcie-pmu (bsc#1012628). - seccomp: Move copy_seccomp() to no failure path (bsc#1012628). - pstore/ram: Fix error return code in ramoops_probe() (bsc#1012628). - ARM: mmp: fix timer_read delay (bsc#1012628). - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (bsc#1012628). - arch: arm64: apple: t8103: Use standard "iommu" node name (bsc#1012628). - tpm: tis_i2c: Fix sanity check interrupt enable mask (bsc#1012628). - tpm: Add flag to use default cancellation policy (bsc#1012628). - tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init() (bsc#1012628). - tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (bsc#1012628). - ovl: remove privs in ovl_copyfile() (bsc#1012628). - ovl: remove privs in ovl_fallocate() (bsc#1012628). - sched/uclamp: Fix relationship between uclamp and migration margin (bsc#1012628). - sched/uclamp: Make task_fits_capacity() use util_fits_cpu() (bsc#1012628). - sched/uclamp: Fix fits_capacity() check in feec() (bsc#1012628). - sched/uclamp: Make select_idle_capacity() use util_fits_cpu() (bsc#1012628). - sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (bsc#1012628). - sched/uclamp: Make cpu_overutilized() use util_fits_cpu() (bsc#1012628). - sched/uclamp: Cater for uclamp in find_energy_efficient_cpu()'s early exit condition (bsc#1012628). - cpuidle: dt: Return the correct numbers of parsed idle states (bsc#1012628). - alpha: fix TIF_NOTIFY_SIGNAL handling (bsc#1012628). - alpha: fix syscall entry in !AUDUT_SYSCALL case (bsc#1012628). - sched/psi: Fix possible missing or delayed pending event (bsc#1012628). - x86/sgx: Reduce delay and interference of enclave release (bsc#1012628). - PM: hibernate: Fix mistake in kerneldoc comment (bsc#1012628). - fs: don't audit the capability check in simple_xattr_list() (bsc#1012628). - cpufreq: qcom-hw: Fix memory leak in qcom_cpufreq_hw_read_lut() (bsc#1012628). - x86/split_lock: Add sysctl to control the misery mode (bsc#1012628). - ACPI: irq: Fix some kernel-doc issues (bsc#1012628). - selftests/ftrace: event_triggers: wait longer for test_event_enable (bsc#1012628). - perf: Fix possible memleak in pmu_dev_alloc() (bsc#1012628). - lib/debugobjects: fix stat count and optimize debug_objects_mem_init (bsc#1012628). - platform/x86: huawei-wmi: fix return value calculation (bsc#1012628). - timerqueue: Use rb_entry_safe() in timerqueue_getnext() (bsc#1012628). - proc: fixup uptime selftest (bsc#1012628). - lib/fonts: fix undefined behavior in bit shift for get_default_font (bsc#1012628). - ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1012628). - selftests: cgroup: fix unsigned comparison with less than zero (bsc#1012628). - cpufreq: qcom-hw: Fix the frequency returned by cpufreq_driver->get() (bsc#1012628). - MIPS: vpe-mt: fix possible memory leak while module exiting (bsc#1012628). - MIPS: vpe-cmp: fix possible memory leak while module exiting (bsc#1012628). - selftests/efivarfs: Add checking of the test return value (bsc#1012628). - PNP: fix name memory leak in pnp_alloc_dev() (bsc#1012628). - mailbox: pcc: Reset pcc_chan_count to zero in case of PCC probe failure (bsc#1012628). - ACPI: pfr_telemetry: use ACPI_FREE() to free acpi_object (bsc#1012628). - ACPI: pfr_update: use ACPI_FREE() to free acpi_object (bsc#1012628). - perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (bsc#1012628). - perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (bsc#1012628). - perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (bsc#1012628). - perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (bsc#1012628). - platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() (bsc#1012628). - thermal: core: fix some possible name leaks in error paths (bsc#1012628). - irqchip/loongson-pch-pic: Fix translate callback for DT path (bsc#1012628). - irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe() (bsc#1012628). - irqchip/wpcm450: Fix memory leak in wpcm450_aic_of_init() (bsc#1012628). - irqchip/loongson-liointc: Fix improper error handling in liointc_init() (bsc#1012628). - EDAC/i10nm: fix refcount leak in pci_get_dev_wrapper() (bsc#1012628). - NFSD: Finish converting the NFSv2 GETACL result encoder (bsc#1012628). - NFSD: Finish converting the NFSv3 GETACL result encoder (bsc#1012628). - nfsd: don't call nfsd_file_put from client states seqfile display (bsc#1012628). - genirq/irqdesc: Don't try to remove non-existing sysfs files (bsc#1012628). - cpufreq: amd_freq_sensitivity: Add missing pci_dev_put() (bsc#1012628). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (bsc#1012628). - lib/notifier-error-inject: fix error when writing -errno to debugfs file (bsc#1012628). - debugfs: fix error when writing negative value to atomic_t debugfs file (bsc#1012628). - ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1012628). - rapidio: fix possible name leaks when rio_add_device() fails (bsc#1012628). - rapidio: rio: fix possible name leak in rio_register_mport() (bsc#1012628). - clocksource/drivers/sh_cmt: Access registers according to spec (bsc#1012628). - futex: Resend potentially swallowed owner death notification (bsc#1012628). - cpu/hotplug: Make target_store() a nop when target == state (bsc#1012628). - cpu/hotplug: Do not bail-out in DYING/STARTING sections (bsc#1012628). - clocksource/drivers/timer-ti-dm: Fix warning for omap_timer_match (bsc#1012628). - clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock() (bsc#1012628). - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (bsc#1012628). - uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (bsc#1012628). - x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (bsc#1012628). - x86/xen: Fix memory leak in xen_init_lock_cpu() (bsc#1012628). - xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (bsc#1012628). - PM: runtime: Do not call __rpm_callback() from rpm_idle() (bsc#1012628). - erofs: check the uniqueness of fsid in shared domain in advance (bsc#1012628). - erofs: Fix pcluster memleak when its block address is zero (bsc#1012628). - erofs: fix missing unmap if z_erofs_get_extent_compressedlen() fails (bsc#1012628). - erofs: validate the extent length for uncompressed pclusters (bsc#1012628). - platform/chrome: cros_ec_typec: zero out stale pointers (bsc#1012628). - platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() (bsc#1012628). - platform/x86: intel_scu_ipc: fix possible name leak in __intel_scu_ipc_register() (bsc#1012628). - MIPS: BCM63xx: Add check for NULL for clk in clk_enable (bsc#1012628). - MIPS: OCTEON: warn only once if deprecated link status is being used (bsc#1012628). - lockd: set other missing fields when unlocking files (bsc#1012628). - nfsd: return error if nfs4_setacl fails (bsc#1012628). - NFSD: pass range end to vfs_fsync_range() instead of count (bsc#1012628). - fs: sysv: Fix sysv_nblocks() returns wrong value (bsc#1012628). - rapidio: fix possible UAF when kfifo_alloc() fails (bsc#1012628). - eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD (bsc#1012628). - relay: fix type mismatch when allocating memory in relay_create_buf() (bsc#1012628). - hfs: Fix OOB Write in hfs_asc2mac (bsc#1012628). - rapidio: devices: fix missing put_device in mport_cdev_open (bsc#1012628). - ipc: fix memory leak in init_mqueue_fs() (bsc#1012628). - platform/mellanox: mlxbf-pmc: Fix event typo (bsc#1012628). - selftests/bpf: Add missing bpf_iter_vma_offset__destroy call (bsc#1012628). - wifi: fix multi-link element subelement iteration (bsc#1012628). - wifi: mac80211: mlme: fix null-ptr deref on failed assoc (bsc#1012628). - wifi: mac80211: check link ID in auth/assoc continuation (bsc#1012628). - wifi: mac80211: fix ifdef symbol name (bsc#1012628). - drm/atomic-helper: Don't allocate new plane state in CRTC check (bsc#1012628). - wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (bsc#1012628). - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() (bsc#1012628). - wifi: rtl8xxxu: Fix reading the vendor of combo chips (bsc#1012628). - wifi: ath11k: fix firmware assert during bandwidth change for peer sta (bsc#1012628). - drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge (bsc#1012628). - libbpf: Fix use-after-free in btf_dump_name_dups (bsc#1012628). - libbpf: Fix memory leak in parse_usdt_arg() (bsc#1012628). - selftests/bpf: Fix memory leak caused by not destroying skeleton (bsc#1012628). - selftest/bpf: Fix memory leak in kprobe_multi_test (bsc#1012628). - selftests/bpf: Fix error failure of case test_xdp_adjust_tail_grow (bsc#1012628). - selftest/bpf: Fix error usage of ASSERT_OK in xdp_adjust_tail.c (bsc#1012628). - libbpf: Use elf_getshdrnum() instead of e_shnum (bsc#1012628). - libbpf: Deal with section with no data gracefully (bsc#1012628). - libbpf: Fix null-pointer dereference in find_prog_by_sec_insn() (bsc#1012628). - drm: lcdif: Switch to limited range for RGB to YUV conversion (bsc#1012628). - ata: libata: fix NCQ autosense logic (bsc#1012628). - pinctrl: ocelot: add missing destroy_workqueue() in error path in ocelot_pinctrl_probe() (bsc#1012628). - ASoC: Intel: avs: Fix DMA mask assignment (bsc#1012628). - ASoC: Intel: avs: Fix potential RX buffer overflow (bsc#1012628). - ipmi: kcs: Poll OBF briefly to reduce OBE latency (bsc#1012628). - drm/amdgpu: Revert "drm/amdgpu: getting fan speed pwm for vega10 properly" (bsc#1012628). - drm/amdgpu/powerplay/psm: Fix memory leak in power state init (bsc#1012628). - net: ethernet: adi: adin1110: Fix SPI transfers (bsc#1012628). - samples/bpf: Fix map iteration in xdp1_user (bsc#1012628). - samples/bpf: Fix MAC address swapping in xdp2_kern (bsc#1012628). - selftests/bpf: fix missing BPF object files (bsc#1012628). - drm/bridge: it6505: Initialize AUX channel in it6505_i2c_probe (bsc#1012628). - Input: iqs7222 - protect against undefined slider size (bsc#1012628). - media: v4l2-ctrls: Fix off-by-one error in integer menu control check (bsc#1012628). - media: coda: jpeg: Add check for kmalloc (bsc#1012628). - media: amphion: reset instance if it's aborted before codec header parsed (bsc#1012628). - media: adv748x: afe: Select input port when initializing AFE (bsc#1012628). - media: v4l2-ioctl.c: Unify YCbCr/YUV terms in format descriptions (bsc#1012628). - media: cedrus: hevc: Fix offset adjustments (bsc#1012628). - media: mediatek: vcodec: fix h264 cavlc bitstream fail (bsc#1012628). - drm/i915/guc: Limit scheduling properties to avoid overflow (bsc#1012628). - drm/i915: Fix compute pre-emption w/a to apply to compute engines (bsc#1012628). - media: i2c: hi846: Fix memory leak in hi846_parse_dt() (bsc#1012628). - media: i2c: ad5820: Fix error path (bsc#1012628). - venus: pm_helpers: Fix error check in vcodec_domains_get() (bsc#1012628). - soreuseport: Fix socket selection for SO_INCOMING_CPU (bsc#1012628). - media: i2c: ov5648: Free V4L2 fwnode data on unbind (bsc#1012628). - media: exynos4-is: don't rely on the v4l2_async_subdev internals (bsc#1012628). - libbpf: Btf dedup identical struct test needs check for nested structs/arrays (bsc#1012628). - can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (bsc#1012628). - can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (bsc#1012628). - can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (bsc#1012628). - can: kvaser_usb_leaf: Set Warning state even without bus errors (bsc#1012628). - can: kvaser_usb_leaf: Fix improved state not being reported (bsc#1012628). - can: kvaser_usb_leaf: Fix wrong CAN state after stopping (bsc#1012628). - can: kvaser_usb_leaf: Fix bogus restart events (bsc#1012628). - can: kvaser_usb: Add struct kvaser_usb_busparams (bsc#1012628). - can: kvaser_usb: Compare requested bittiming parameters with actual parameters in do_set_{,data}_bittiming (bsc#1012628). - clk: renesas: r8a779f0: Fix SD0H clock name (bsc#1012628). - clk: renesas: r8a779a0: Fix SD0H clock name (bsc#1012628). - ASoC: dt-bindings: rt5682: Set sound-dai-cells to 1 (bsc#1012628). - drm/i915/guc: Add error-capture init warnings when needed (bsc#1012628). - drm/i915/guc: Fix GuC error capture sizing estimation and reporting (bsc#1012628). - dw9768: Enable low-power probe on ACPI (bsc#1012628). - drm/amd/display: wait for vblank during pipe programming (bsc#1012628). - drm/rockchip: lvds: fix PM usage counter unbalance in poweron (bsc#1012628). - drm/i915: Handle all GTs on driver (un)load paths (bsc#1012628). - drm/i915: Refactor ttm ghost obj detection (bsc#1012628). - drm/i915: Encapsulate lmem rpm stuff in intel_runtime_pm (bsc#1012628). - drm/i915/dgfx: Grab wakeref at i915_ttm_unmap_virtual (bsc#1012628). - clk: renesas: r9a06g032: Repair grave increment error (bsc#1012628). - drm: lcdif: change burst size to 256B (bsc#1012628). - drm/panel/panel-sitronix-st7701: Fix RTNI calculation (bsc#1012628). - spi: Update reference to struct spi_controller (bsc#1012628). - drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure (bsc#1012628). - drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED (bsc#1012628). - drm/msm/mdp5: stop overriding drvdata (bsc#1012628). - ima: Handle -ESTALE returned by ima_filter_rule_match() (bsc#1012628). - drm/msm/hdmi: use devres helper for runtime PM management (bsc#1012628). - bpf: Clobber stack slot when writing over spilled PTR_TO_BTF_ID (bsc#1012628). - bpf: Fix slot type check in check_stack_write_var_off (bsc#1012628). - drm/msm/dpu1: Account for DSC's bits_per_pixel having 4 fractional bits (bsc#1012628). - drm/msm/dsi: Remove useless math in DSC calculations (bsc#1012628). - drm/msm/dsi: Remove repeated calculation of slice_per_intf (bsc#1012628). - drm/msm/dsi: Use DIV_ROUND_UP instead of conditional increment on modulo (bsc#1012628). - drm/msm/dsi: Reuse earlier computed dsc->slice_chunk_size (bsc#1012628). - drm/msm/dsi: Appropriately set dsc->mux_word_size based on bpc (bsc#1012628). - drm/msm/dsi: Migrate to drm_dsc_compute_rc_parameters() (bsc#1012628). - drm/msm/dsi: Account for DSC's bits_per_pixel having 4 fractional bits (bsc#1012628). - drm/msm/dsi: Disallow 8 BPC DSC configuration for alternative BPC values (bsc#1012628). - drm/msm/dsi: Prevent signed BPG offsets from bleeding into adjacent bits (bsc#1012628). - media: platform: mtk-mdp3: fix error handling in mdp_cmdq_send() (bsc#1012628). - media: platform: mtk-mdp3: fix error handling about components clock_on (bsc#1012628). - media: platform: mtk-mdp3: fix error handling in mdp_probe() (bsc#1012628). - media: rkvdec: Add required padding (bsc#1012628). - media: vivid: fix compose size exceed boundary (bsc#1012628). - media: platform: exynos4-is: fix return value check in fimc_md_probe() (bsc#1012628). - bpf: propagate precision in ALU/ALU64 operations (bsc#1012628). - bpf: propagate precision across all frames, not just the last one (bsc#1012628). - clk: qcom: gcc-ipq806x: use parent_data for the last remaining entry (bsc#1012628). - clk: qcom: dispcc-sm6350: Add CLK_OPS_PARENT_ENABLE to pixel&byte src (bsc#1012628). - clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs (bsc#1012628). - mtd: Fix device name leak when register device failed in add_mtd_device() (bsc#1012628). - mtd: core: fix possible resource leak in init_mtd() (bsc#1012628). - Input: joystick - fix Kconfig warning for JOYSTICK_ADC (bsc#1012628). - wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port (bsc#1012628). - media: camss: Clean up received buffers on failed start of streaming (bsc#1012628). - media: camss: Do not attach an already attached power domain on MSM8916 platform (bsc#1012628). - clk: renesas: r8a779f0: Fix HSCIF parent clocks (bsc#1012628). - clk: renesas: r8a779f0: Fix SCIF parent clocks (bsc#1012628). - virt/sev-guest: Add a MODULE_ALIAS (bsc#1012628). - net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write() (bsc#1012628). - rxrpc: Fix ack.bufferSize to be 0 when generating an ack (bsc#1012628). - drm: lcdif: Set and enable FIFO Panic threshold (bsc#1012628). - wifi: rtw89: use u32_encode_bits() to fill MAC quota value (bsc#1012628). - drm: rcar-du: Drop leftovers dependencies from Kconfig (bsc#1012628). - regmap-irq: Use the new num_config_regs property in regmap_add_irq_chip_fwnode (bsc#1012628). - drbd: use blk_queue_max_discard_sectors helper (bsc#1012628). - bfq: fix waker_bfqq inconsistency crash (bsc#1012628). - drm/radeon: Add the missed acpi_put_table() to fix memory leak (bsc#1012628). - dt-bindings: pinctrl: update uart/mmc bindings for MT7986 SoC (bsc#1012628). - pinctrl: mediatek: fix the pinconf register offset of some pins (bsc#1012628). - wifi: iwlwifi: mei: make sure ownership confirmed message is sent (bsc#1012628). - wifi: iwlwifi: mei: don't send SAP commands if AMT is disabled (bsc#1012628). - wifi: iwlwifi: mei: fix tx DHCP packet for devices with new Tx API (bsc#1012628). - wifi: iwlwifi: mei: avoid blocking sap messages handling due to rtnl lock (bsc#1012628). - wifi: iwlwifi: mei: fix potential NULL-ptr deref after clone (bsc#1012628). - module: Fix NULL vs IS_ERR checking for module_get_next_page (bsc#1012628). - ASoC: codecs: wsa883x: Use proper shutdown GPIO polarity (bsc#1012628). - ASoC: codecs: wsa883x: use correct header file (bsc#1012628). - selftests/bpf: Fix xdp_synproxy compilation failure in 32-bit arch (bsc#1012628). - selftests/bpf: Fix incorrect ASSERT in the tcp_hdr_options test (bsc#1012628). - drm/mediatek: Modify dpi power on/off sequence (bsc#1012628). - ASoC: pxa: fix null-pointer dereference in filter() (bsc#1012628). - nvmet: only allocate a single slab for bvecs (bsc#1012628). - regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() (bsc#1012628). - amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() (bsc#1012628). - nvme: return err on nvme_init_non_mdts_limits fail (bsc#1012628). - wifi: rtw89: Fix some error handling path in rtw89_core_sta_assoc() (bsc#1012628). - regulator: qcom-rpmh: Fix PMR735a S3 regulator spec (bsc#1012628). - drm/fourcc: Fix vsub/hsub for Q410 and Q401 (bsc#1012628). - ALSA: memalloc: Allocate more contiguous pages for fallback case (bsc#1012628). - integrity: Fix memory leakage in keyring allocation error path (bsc#1012628). - ima: Fix misuse of dereference of pointer in template_desc_init_fields() (bsc#1012628). - block: clear ->slave_dir when dropping the main slave_dir reference (bsc#1012628). - dm: cleanup open_table_device (bsc#1012628). - dm: cleanup close_table_device (bsc#1012628). - dm: make sure create and remove dm device won't race with open and close table (bsc#1012628). - dm: track per-add_disk holder relations in DM (bsc#1012628). - selftests/bpf: fix memory leak of lsm_cgroup (bsc#1012628). - wifi: ath10k: Fix return value in ath10k_pci_init() (bsc#1012628). - drm/msm/a6xx: Fix speed-bin detection vs probe-defer (bsc#1012628). - mtd: lpddr2_nvm: Fix possible null-ptr-deref (bsc#1012628). - Input: elants_i2c - properly handle the reset GPIO when power is off (bsc#1012628). - ASoC: amd: acp: Fix possible UAF in acp_dma_open (bsc#1012628). - net: ethernet: mtk_eth_soc: do not overwrite mtu configuration running reset routine (bsc#1012628). - media: amphion: add lock around vdec_g_fmt (bsc#1012628). - media: amphion: apply vb2_queue_error instead of setting manually (bsc#1012628). - media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() (bsc#1012628). - media: solo6x10: fix possible memory leak in solo_sysfs_init() (bsc#1012628). - media: platform: exynos4-is: Fix error handling in fimc_md_init() (bsc#1012628). - media: amphion: Fix error handling in vpu_driver_init() (bsc#1012628). - media: videobuf-dma-contig: use dma_mmap_coherent (bsc#1012628). - net: ethernet: mtk_eth_soc: fix RSTCTRL_PPE{0,1} definitions (bsc#1012628). - udp: Clean up some functions (bsc#1012628). - net: Return errno in sk->sk_prot->get_port() (bsc#1012628). - mtd: spi-nor: hide jedec_id sysfs attribute if not present (bsc#1012628). - mtd: spi-nor: Fix the number of bytes for the dummy cycles (bsc#1012628). - clk: imx93: correct the flexspi1 clock setting (bsc#1012628). - bpf: Pin the start cgroup in cgroup_iter_seq_init() (bsc#1012628). - HID: i2c: let RMI devices decide what constitutes wakeup event (bsc#1012628). - clk: imx93: unmap anatop base in error handling path (bsc#1012628). - clk: imx93: correct enet clock (bsc#1012628). - bpf: Move skb->len == 0 checks into __bpf_redirect (bsc#1012628). - HID: hid-sensor-custom: set fixed size for custom attributes (bsc#1012628). - clk: imx: imxrt1050: fix IMXRT1050_CLK_LCDIF_APB offsets (bsc#1012628). - pinctrl: k210: call of_node_put() (bsc#1012628). - wifi: rtw89: fix physts IE page check (bsc#1012628). - ASoC: Intel: Skylake: Fix Kconfig dependency (bsc#1012628). - ASoC: Intel: avs: Lock substream before snd_pcm_stop() (bsc#1012628). - ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT (bsc#1012628). - ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT (bsc#1012628). - regulator: core: use kfree_const() to free space conditionally (bsc#1012628). - clk: rockchip: Fix memory leak in rockchip_clk_register_pll() (bsc#1012628). - drm/amdgpu: fix pci device refcount leak (bsc#1012628). - drm/i915/guc: make default_lists const data (bsc#1012628). - selftests/bpf: Make sure zero-len skbs aren't redirectable (bsc#1012628). - selftests/bpf: Mount debugfs in setns_by_fd (bsc#1012628). - bonding: fix link recovery in mode 2 when updelay is nonzero (bsc#1012628). - clk: microchip: check for null return of devm_kzalloc() (bsc#1012628). - mtd: core: Fix refcount error in del_mtd_device() (bsc#1012628). - mtd: maps: pxa2xx-flash: fix memory leak in probe (bsc#1012628). - drbd: remove call to memset before free device/resource/connection (bsc#1012628). - drbd: destroy workqueue when drbd device was freed (bsc#1012628). - ASoC: qcom: Add checks for devm_kcalloc (bsc#1012628). - ASoC: qcom: cleanup and fix dependency of QCOM_COMMON (bsc#1012628). - ASoC: mediatek: mt8186: Correct I2S shared clocks (bsc#1012628). - media: vimc: Fix wrong function called when vimc_init() fails (bsc#1012628). - media: imon: fix a race condition in send_packet() (bsc#1012628). - media: imx: imx7-media-csi: Clear BIT_MIPI_DOUBLE_CMPNT for <16b formats (bsc#1012628). - media: mt9p031: Drop bogus v4l2_subdev_get_try_crop() call from mt9p031_init_cfg() (bsc#1012628). - clk: imx8mn: rename vpu_pll to m7_alt_pll (bsc#1012628). - clk: imx: replace osc_hdmi with dummy (bsc#1012628). - clk: imx: rename video_pll1 to video_pll (bsc#1012628). - clk: imx8mn: fix imx8mn_sai2_sels clocks list (bsc#1012628). - clk: imx8mn: fix imx8mn_enet_phy_sels clocks list (bsc#1012628). - pinctrl: pinconf-generic: add missing of_node_put() (bsc#1012628). - media: dvb-core: Fix ignored return value in dvb_register_frontend() (bsc#1012628). - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (bsc#1012628). - x86/boot: Skip realmode init code when running as Xen PV guest (bsc#1012628). - media: sun6i-mipi-csi2: Require both pads to be connected for streaming (bsc#1012628). - media: sun8i-a83t-mipi-csi2: Require both pads to be connected for streaming (bsc#1012628). - media: sun6i-mipi-csi2: Register async subdev with no sensor attached (bsc#1012628). - media: sun8i-a83t-mipi-csi2: Register async subdev with no sensor attached (bsc#1012628). - media: amphion: try to wakeup vpu core to avoid failure (bsc#1012628). - media: amphion: cancel vpu before release instance (bsc#1012628). - media: amphion: lock and check m2m_ctx in event handler (bsc#1012628). - media: mediatek: vcodec: Fix getting NULL pointer for dst buffer (bsc#1012628). - media: mediatek: vcodec: Fix h264 set lat buffer error (bsc#1012628). - media: mediatek: vcodec: Setting lat buf to lat_list when lat decode error (bsc#1012628). - media: mediatek: vcodec: Core thread depends on core_list (bsc#1012628). - media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC (bsc#1012628). - drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() (bsc#1012628). - ASoC: dt-bindings: wcd9335: fix reset line polarity in example (bsc#1012628). - ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd (bsc#1012628). - drm/msm/mdp5: fix reading hw revision on db410c platform (bsc#1012628). - NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (bsc#1012628). - NFSv4.2: Always decode the security label (bsc#1012628). - NFSv4.2: Fix a memory stomp in decode_attr_security_label (bsc#1012628). - NFSv4.2: Fix initialisation of struct nfs4_label (bsc#1012628). - NFSv4: Fix a credential leak in _nfs4_discover_trunking() (bsc#1012628). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (bsc#1012628). - NFS: Fix an Oops in nfs_d_automount() (bsc#1012628). - ALSA: asihpi: fix missing pci_disable_device() (bsc#1012628). - wifi: plfxlc: fix potential memory leak in __lf_x_usb_enable_rx() (bsc#1012628). - wifi: rtl8xxxu: Fix use after rcu_read_unlock in rtl8xxxu_bss_info_changed (bsc#1012628). - wifi: iwlwifi: mvm: fix double free on tx path (bsc#1012628). - ASoC: mediatek: mt8173: Enable IRQ when pdata is ready (bsc#1012628). - clk: mediatek: fix dependency of MT7986 ADC clocks (bsc#1012628). - drm/amd/pm/smu11: BACO is supported when it's in BACO state (bsc#1012628). - amdgpu/nv.c: Corrected typo in the video capabilities resolution (bsc#1012628). - drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() (bsc#1012628). - drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (bsc#1012628). - drm/amdkfd: Fix memory leakage (bsc#1012628). - drm/i915/bios: fix a memory leak in generate_lfp_data_ptrs (bsc#1012628). - ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe (bsc#1012628). - clk: visconti: Fix memory leak in visconti_register_pll() (bsc#1012628). - netfilter: conntrack: set icmpv6 redirects as RELATED (bsc#1012628). - Input: wistron_btns - disable on UML (bsc#1012628). - bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data (bsc#1012628). - bpf, sockmap: Fix missing BPF_F_INGRESS flag when using apply_bytes (bsc#1012628). - bpf, sockmap: Fix data loss caused by using apply_bytes on ingress redirect (bsc#1012628). - bonding: uninitialized variable in bond_miimon_inspect() (bsc#1012628). - spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE (bsc#1012628). - wifi: nl80211: Add checks for nla_nest_start() in nl80211_send_iface() (bsc#1012628). - wifi: mac80211: fix memory leak in ieee80211_if_add() (bsc#1012628). - wifi: mac80211: fix maybe-unused warning (bsc#1012628). - wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails (bsc#1012628). - wifi: mt76: mt7921: fix antenna signal are way off in monitor mode (bsc#1012628). - wifi: mt76: mt7915: fix mt7915_mac_set_timing() (bsc#1012628). - wifi: mt76: mt7915: fix reporting of TX AGGR histogram (bsc#1012628). - wifi: mt76: mt7921: fix reporting of TX AGGR histogram (bsc#1012628). - wifi: mt76: mt7915: rework eeprom tx paths and streams init (bsc#1012628). - wifi: mt76: mt7915: Fix chainmask calculation on mt7915 DBDC (bsc#1012628). - wifi: mt76: mt7921: fix wrong power after multiple SAR set (bsc#1012628). - wifi: mt76: fix coverity overrun-call in mt76_get_txpower() (bsc#1012628). - wifi: mt76: mt7921: Add missing __packed annotation of struct mt7921_clc (bsc#1012628). - wifi: mt76: do not send firmware FW_FEATURE_NON_DL region (bsc#1012628). - mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2() (bsc#1012628). - regulator: core: fix module refcount leak in set_supply() (bsc#1012628). - clk: qcom: lpass-sc7280: Fix pm_runtime usage (bsc#1012628). - clk: qcom: lpass-sc7180: Fix pm_runtime usage (bsc#1012628). - clk: qcom: clk-krait: fix wrong div2 functions (bsc#1012628). - Revert "net: hsr: use hlist_head instead of list_head for mac addresses" (bsc#1012628). - hsr: Add a rcu-read lock to hsr_forward_skb() (bsc#1012628). - hsr: Avoid double remove of a node (bsc#1012628). - hsr: Disable netpoll (bsc#1012628). - hsr: Synchronize sending frames to have always incremented outgoing seq nr (bsc#1012628). - hsr: Synchronize sequence number updates (bsc#1012628). - configfs: fix possible memory leak in configfs_create_dir() (bsc#1012628). - regulator: core: fix resource leak in regulator_register() (bsc#1012628). - hwmon: (jc42) Convert register access and caching to regmap/regcache (bsc#1012628). - hwmon: (jc42) Restore the min/max/critical temperatures on resume (bsc#1012628). - bpf: Add dummy type reference to nf_conn___init to fix type deduplication (bsc#1012628). - bpf, sockmap: fix race in sock_map_free() (bsc#1012628). - ALSA: pcm: Set missing stop_operating flag at undoing trigger start (bsc#1012628). - media: saa7164: fix missing pci_disable_device() (bsc#1012628). - media: ov5640: set correct default link frequency (bsc#1012628). - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (bsc#1012628). - pinctrl: thunderbay: fix possible memory leak in thunderbay_build_functions() (bsc#1012628). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (bsc#1012628). - SUNRPC: Fix missing release socket in rpc_sockname() (bsc#1012628). - NFSv4.2: Set the correct size scratch buffer for decoding READ_PLUS (bsc#1012628). - NFS: Allow very small rsize & wsize again (bsc#1012628). - NFSv4.x: Fail client initialisation if state manager thread can't run (bsc#1012628). - riscv, bpf: Emit fixed-length instructions for BPF_PSEUDO_FUNC (bsc#1012628). - bpftool: Fix memory leak in do_build_table_cb (bsc#1012628). - hwmon: (emc2305) fix unable to probe emc2301/2/3 (bsc#1012628). - hwmon: (emc2305) fix pwm never being able to set lower (bsc#1012628). - mmc: alcor: fix return value check of mmc_add_host() (bsc#1012628). - mmc: moxart: fix return value check of mmc_add_host() (bsc#1012628). - mmc: mxcmmc: fix return value check of mmc_add_host() (bsc#1012628). - mmc: pxamci: fix return value check of mmc_add_host() (bsc#1012628). - mmc: rtsx_pci: fix return value check of mmc_add_host() (bsc#1012628). - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (bsc#1012628). - mmc: toshsd: fix return value check of mmc_add_host() (bsc#1012628). - mmc: vub300: fix return value check of mmc_add_host() (bsc#1012628). - mmc: wmt-sdmmc: fix return value check of mmc_add_host() (bsc#1012628). - mmc: litex_mmc: ensure `host->irq == 0` if polling (bsc#1012628). - mmc: atmel-mci: fix return value check of mmc_add_host() (bsc#1012628). - mmc: omap_hsmmc: fix return value check of mmc_add_host() (bsc#1012628). - mmc: meson-gx: fix return value check of mmc_add_host() (bsc#1012628). - mmc: via-sdmmc: fix return value check of mmc_add_host() (bsc#1012628). - mmc: wbsd: fix return value check of mmc_add_host() (bsc#1012628). - mmc: mmci: fix return value check of mmc_add_host() (bsc#1012628). - mmc: renesas_sdhi: alway populate SCC pointer (bsc#1012628). - memstick/ms_block: Add check for alloc_ordered_workqueue (bsc#1012628). - mmc: core: Normalize the error handling branch in sd_read_ext_regs() (bsc#1012628). - nvme: pass nr_maps explicitly to nvme_alloc_io_tag_set (bsc#1012628). - regulator: qcom-labibb: Fix missing of_node_put() in qcom_labibb_regulator_probe() (bsc#1012628). - media: c8sectpfe: Add of_node_put() when breaking out of loop (bsc#1012628). - media: coda: Add check for dcoda_iram_alloc (bsc#1012628). - media: coda: Add check for kmalloc (bsc#1012628). - media: staging: stkwebcam: Restore MEDIA_{USB,CAMERA}_SUPPORT dependencies (bsc#1012628). - clk: samsung: Fix memory leak in _samsung_clk_register_pll() (bsc#1012628). - spi: spi-gpio: Don't set MOSI as an input if not 3WIRE mode (bsc#1012628). - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (bsc#1012628). - wifi: rtl8xxxu: Fix the channel width reporting (bsc#1012628). - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (bsc#1012628). - blktrace: Fix output non-blktrace event when blk_classic option enabled (bsc#1012628). - bpf: Do not zero-extend kfunc return values (bsc#1012628). - clk: socfpga: Fix memory leak in socfpga_gate_init() (bsc#1012628). - net: vmw_vsock: vmci: Check memcpy_from_msg() (bsc#1012628). - net: defxx: Fix missing err handling in dfx_init() (bsc#1012628). - net: stmmac: selftests: fix potential memleak in stmmac_test_arpoffload() (bsc#1012628). - net: stmmac: fix possible memory leak in stmmac_dvr_probe() (bsc#1012628). - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (bsc#1012628). - ipvs: use u64_stats_t for the per-cpu counters (bsc#1012628). - of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop() (bsc#1012628). - ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave() (bsc#1012628). - net: farsync: Fix kmemleak when rmmods farsync (bsc#1012628). - net/tunnel: wait until all sk_user_data reader finish before releasing the sock (bsc#1012628). - net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave() (bsc#1012628). - net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave() (bsc#1012628). - net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave() (bsc#1012628). - net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave() (bsc#1012628). - hamradio: don't call dev_kfree_skb() under spin_lock_irqsave() (bsc#1012628). - net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave() (bsc#1012628). - net: setsockopt: fix IPV6_UNICAST_IF option for connected sockets (bsc#1012628). - af_unix: call proto_unregister() in the error path in af_unix_init() (bsc#1012628). - net: amd-xgbe: Fix logic around active and passive cables (bsc#1012628). - net: amd-xgbe: Check only the minimum speed for active/passive cables (bsc#1012628). - can: tcan4x5x: Remove invalid write in clear_interrupts (bsc#1012628). - can: m_can: Call the RAM init directly from m_can_chip_config (bsc#1012628). - can: tcan4x5x: Fix use of register error status mask (bsc#1012628). - net: ethernet: ti: am65-cpsw: Fix PM runtime leakage in am65_cpsw_nuss_ndo_slave_open() (bsc#1012628). - net: lan9303: Fix read error execution path (bsc#1012628). - ntb_netdev: Use dev_kfree_skb_any() in interrupt context (bsc#1012628). - sctp: sysctl: make extra pointers netns aware (bsc#1012628). - Bluetooth: hci_core: fix error handling in hci_register_dev() (bsc#1012628). - Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS (bsc#1012628). - Bluetooth: Fix EALREADY and ELOOP cases in bt_status() (bsc#1012628). - Bluetooth: hci_conn: Fix crash on hci_create_cis_sync (bsc#1012628). - Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() (bsc#1012628). - Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave() (bsc#1012628). - Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave() (bsc#1012628). - Bluetooth: hci_ll: don't call kfree_skb() under spin_lock_irqsave() (bsc#1012628). - Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave() (bsc#1012628). - Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave() (bsc#1012628). - Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave() (bsc#1012628). - Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave() (bsc#1012628). - octeontx2-af: cn10k: mcs: Fix a resource leak in the probe and remove functions (bsc#1012628). - stmmac: fix potential division by 0 (bsc#1012628). - i40e: Fix the inability to attach XDP program on downed interface (bsc#1012628). - net: dsa: tag_8021q: avoid leaking ctx on dsa_tag_8021q_register() error path (bsc#1012628). - apparmor: fix a memleak in multi_transaction_new() (bsc#1012628). - apparmor: fix lockdep warning when removing a namespace (bsc#1012628). - apparmor: Fix abi check to include v8 abi (bsc#1012628). - apparmor: Fix regression in stacking due to label flags (bsc#1012628). - crypto: hisilicon/qm - fix incorrect parameters usage (bsc#1012628). - crypto: hisilicon/qm - re-enable communicate interrupt before notifying PF (bsc#1012628). - crypto: sun8i-ss - use dma_addr instead u32 (bsc#1012628). - crypto: nitrox - avoid double free on error path in nitrox_sriov_init() (bsc#1012628). - crypto: tcrypt - fix return value for multiple subtests (bsc#1012628). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (bsc#1012628). - apparmor: Use pointer to struct aa_label for lbs_cred (bsc#1012628). - PCI: dwc: Fix n_fts[] array overrun (bsc#1012628). - RDMA/core: Fix order of nldev_exit call (bsc#1012628). - PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled (bsc#1012628). - f2fs: Fix the race condition of resize flag between resizefs (bsc#1012628). - crypto: rockchip - do not do custom power management (bsc#1012628). - crypto: rockchip - do not store mode globally (bsc#1012628). - crypto: rockchip - add fallback for cipher (bsc#1012628). - crypto: rockchip - add fallback for ahash (bsc#1012628). - crypto: rockchip - better handle cipher key (bsc#1012628). - crypto: rockchip - remove non-aligned handling (bsc#1012628). - crypto: rockchip - rework by using crypto_engine (bsc#1012628). - apparmor: Fix memleak in alloc_ns() (bsc#1012628). - fortify: Do not cast to "unsigned char" (bsc#1012628). - f2fs: fix to invalidate dcc->f2fs_issue_discard in error path (bsc#1012628). - f2fs: fix gc mode when gc_urgent_high_remaining is 1 (bsc#1012628). - f2fs: fix normal discard process (bsc#1012628). - f2fs: allow to set compression for inlined file (bsc#1012628). - f2fs: fix the assign logic of iocb (bsc#1012628). - f2fs: fix to destroy sbi->post_read_wq in error path of f2fs_fill_super() (bsc#1012628). - RDMA/irdma: Report the correct link speed (bsc#1012628). - scsi: qla2xxx: Fix set-but-not-used variable warnings (bsc#1012628). - RDMA/siw: Fix immediate work request flush to completion queue (bsc#1012628). - IB/mad: Don't call to function that might sleep while in atomic context (bsc#1012628). - PCI: vmd: Disable MSI remapping after suspend (bsc#1012628). - PCI: imx6: Initialize PHY before deasserting core reset (bsc#1012628). - f2fs: fix to avoid accessing uninitialized spinlock (bsc#1012628). - RDMA/restrack: Release MR restrack when delete (bsc#1012628). - RDMA/core: Make sure "ib_port" is valid when access sysfs node (bsc#1012628). - RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port (bsc#1012628). - RDMA/siw: Set defined status for work completion with undefined status (bsc#1012628). - RDMA/irdma: Fix inline for multiple SGE's (bsc#1012628). - RDMA/irdma: Fix RQ completion opcode (bsc#1012628). - RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (bsc#1012628). - scsi: scsi_debug: Fix a warning in resp_write_scat() (bsc#1012628). - crypto: ccree - Remove debugfs when platform_driver_register failed (bsc#1012628). - crypto: cryptd - Use request context instead of stack for sub-request (bsc#1012628). - crypto: hisilicon/qm - add missing pci_dev_put() in q_num_set() (bsc#1012628). - RDMA/rxe: Fix mr->map double free (bsc#1012628). - RDMA/hns: Fix ext_sge num error when post send (bsc#1012628). - RDMA/hns: Fix incorrect sge nums calculation (bsc#1012628). - PCI: Check for alloc failure in pci_request_irq() (bsc#1012628). - RDMA/hfi: Decrease PCI device reference count in error path (bsc#1012628). - crypto: ccree - Make cc_debugfs_global_fini() available for module init function (bsc#1012628). - RDMA/irdma: Initialize net_type before checking it (bsc#1012628). - RDMA/hns: fix memory leak in hns_roce_alloc_mr() (bsc#1012628). - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (bsc#1012628). - dt-bindings: imx6q-pcie: Fix clock names for imx6sx and imx8mq (bsc#1012628). - dt-bindings: visconti-pcie: Fix interrupts array max constraints (bsc#1012628). - PCI: endpoint: pci-epf-vntb: Fix call pci_epc_mem_free_addr() in error path (bsc#1012628). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (bsc#1012628). - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak (bsc#1012628). - padata: Always leave BHs disabled when running ->parallel() (bsc#1012628). - padata: Fix list iterator in padata_do_serial() (bsc#1012628). - crypto: x86/aegis128 - fix possible crash with CFI enabled (bsc#1012628). - crypto: x86/aria - fix crash with CFI enabled (bsc#1012628). - crypto: x86/sha1 - fix possible crash with CFI enabled (bsc#1012628). - crypto: x86/sha256 - fix possible crash with CFI enabled (bsc#1012628). - crypto: x86/sha512 - fix possible crash with CFI enabled (bsc#1012628). - crypto: x86/sm3 - fix possible crash with CFI enabled (bsc#1012628). - crypto: x86/sm4 - fix crash with CFI enabled (bsc#1012628). - crypto: arm64/sm3 - add NEON assembly implementation (bsc#1012628). - crypto: arm64/sm3 - fix possible crash with CFI enabled (bsc#1012628). - crypto: hisilicon/qm - fix 'QM_XEQ_DEPTH_CAP' mask value (bsc#1012628). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (bsc#1012628). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (bsc#1012628). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (bsc#1012628). - scsi: efct: Fix possible memleak in efct_device_init() (bsc#1012628). - scsi: scsi_debug: Fix a warning in resp_verify() (bsc#1012628). - scsi: scsi_debug: Fix a warning in resp_report_zones() (bsc#1012628). - scsi: fcoe: Fix possible name leak when device_register() fails (bsc#1012628). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (bsc#1012628). - scsi: ipr: Fix WARNING in ipr_init() (bsc#1012628). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (bsc#1012628). - scsi: snic: Fix possible UAF in snic_tgt_create() (bsc#1012628). - scsi: ufs: core: Fix the polling implementation (bsc#1012628). - RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (bsc#1012628). - f2fs: set zstd compress level correctly (bsc#1012628). - f2fs: fix to enable compress for newly created file if extension matches (bsc#1012628). - f2fs: avoid victim selection from previous victim section (bsc#1012628). - RDMA/nldev: Fix failure to send large messages (bsc#1012628). - crypto: qat - fix error return code in adf_probe (bsc#1012628). - crypto: amlogic - Remove kcalloc without check (bsc#1012628). - crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() (bsc#1012628). - riscv/mm: add arch hook arch_clear_hugepage_flags (bsc#1012628). - RDMA: Disable IB HW for UML (bsc#1012628). - RDMA/hfi1: Fix error return code in parse_platform_config() (bsc#1012628). - RDMA/srp: Fix error return code in srp_parse_options() (bsc#1012628). - PCI: vmd: Fix secondary bus reset for Intel bridges (bsc#1012628). - orangefs: Fix sysfs not cleanup when dev init failed (bsc#1012628). - RDMA/hns: Fix the gid problem caused by free mr (bsc#1012628). - RDMA/hns: Fix AH attr queried by query_qp (bsc#1012628). - RDMA/hns: Fix PBL page MTR find (bsc#1012628). - RDMA/hns: Fix page size cap from firmware (bsc#1012628). - RDMA/hns: Fix error code of CMD (bsc#1012628). - RDMA/hns: Fix XRC caps on HIP08 (bsc#1012628). - RISC-V: Fix unannoted hardirqs-on in return to userspace slow-path (bsc#1012628). - RISC-V: Fix MEMREMAP_WB for systems with Svpbmt (bsc#1012628). - riscv: Fix crash during early errata patching (bsc#1012628). - crypto: img-hash - Fix variable dereferenced before check 'hdev->req' (bsc#1012628). - hwrng: amd - Fix PCI device refcount leak (bsc#1012628). - hwrng: geode - Fix PCI device refcount leak (bsc#1012628). - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (bsc#1012628). - RISC-V: Align the shadow stack (bsc#1012628). - f2fs: fix iostat parameter for discard (bsc#1012628). - riscv: Fix P4D_SHIFT definition for 3-level page table mode (bsc#1012628). - drivers: dio: fix possible memory leak in dio_init() (bsc#1012628). - serial: tegra: Read DMA status before terminating (bsc#1012628). - serial: 8250_bcm7271: Fix error handling in brcmuart_init() (bsc#1012628). - drivers: staging: r8188eu: Fix sleep-in-atomic-context bug in rtw_join_timeout_handler (bsc#1012628). - class: fix possible memory leak in __class_register() (bsc#1012628). - vfio: platform: Do not pass return buffer to ACPI _RST method (bsc#1012628). - vfio/iova_bitmap: Fix PAGE_SIZE unaligned bitmaps (bsc#1012628). - uio: uio_dmem_genirq: Fix missing unlock in irq configuration (bsc#1012628). - uio: uio_dmem_genirq: Fix deadlock between irq config and handling (bsc#1012628). - usb: fotg210-udc: Fix ages old endianness issues (bsc#1012628). - interconnect: qcom: sc7180: fix dropped const of qcom_icc_bcm (bsc#1012628). - staging: vme_user: Fix possible UAF in tsi148_dma_list_add (bsc#1012628). - usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (bsc#1012628). - usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (bsc#1012628). - usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register fails (bsc#1012628). - usb: typec: tipd: Fix spurious fwnode_handle_put in error path (bsc#1012628). - usb: typec: tipd: Fix typec_unregister_port error paths (bsc#1012628). - usb: musb: omap2430: Fix probe regression for missing resources (bsc#1012628). - extcon: usbc-tusb320: Update state on probe even if no IRQ pending (bsc#1012628). - USB: gadget: Fix use-after-free during usb config switch (bsc#1012628). - serial: amba-pl011: avoid SBSA UART accessing DMACR register (bsc#1012628). - serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle (bsc#1012628). - serial: stm32: move dma_request_chan() before clk_prepare_enable() (bsc#1012628). - serial: pch: Fix PCI device refcount leak in pch_request_dma() (bsc#1012628). - serial: altera_uart: fix locking in polling mode (bsc#1012628). - serial: sunsab: Fix error handling in sunsab_init() (bsc#1012628). - habanalabs: fix return value check in hl_fw_get_sec_attest_data() (bsc#1012628). - test_firmware: fix memory leak in test_firmware_init() (bsc#1012628). - misc: ocxl: fix possible name leak in ocxl_file_register_afu() (bsc#1012628). - ocxl: fix pci device refcount leak when calling get_function_0() (bsc#1012628). - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (bsc#1012628). - firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (bsc#1012628). - cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() (bsc#1012628). - cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter() (bsc#1012628). - iio: temperature: ltc2983: make bulk write buffer DMA-safe (bsc#1012628). - iio: adis: add '__adis_enable_irq()' implementation (bsc#1012628). - counter: stm32-lptimer-cnt: fix the check on arr and cmp registers update (bsc#1012628). - coresight: trbe: remove cpuhp instance node before remove cpuhp state (bsc#1012628). - coresight: cti: Fix null pointer error on CTI init before ETM (bsc#1012628). - tracing/user_events: Fix call print_fmt leak (bsc#1012628). - usb: roles: fix of node refcount leak in usb_role_switch_is_parent() (bsc#1012628). - usb: core: hcd: Fix return value check in usb_hcd_setup_local_mem() (bsc#1012628). - usb: gadget: f_hid: fix f_hidg lifetime vs cdev (bsc#1012628). - usb: gadget: f_hid: fix refcount leak on error path (bsc#1012628). - drivers: mcb: fix resource leak in mcb_probe() (bsc#1012628). - mcb: mcb-parse: fix error handing in chameleon_parse_gdd() (bsc#1012628). - chardev: fix error handling in cdev_device_add() (bsc#1012628). - vfio/iova_bitmap: refactor iova_bitmap_set() to better handle page boundaries (bsc#1012628). - i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (bsc#1012628). - staging: rtl8192u: Fix use after free in ieee80211_rx() (bsc#1012628). - staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (bsc#1012628). - vme: Fix error not catched in fake_init() (bsc#1012628). - gpiolib: cdev: fix NULL-pointer dereferences (bsc#1012628). - gpiolib: protect the GPIO device against being dropped while in use by user-space (bsc#1012628). - i2c: mux: reg: check return value after calling platform_get_resource() (bsc#1012628). - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (bsc#1012628). - usb: storage: Add check for kcalloc (bsc#1012628). - usb: typec: wusb3801: fix fwnode refcount leak in wusb3801_probe() (bsc#1012628). - tracing/hist: Fix issue of losting command info in error_log (bsc#1012628). - ksmbd: Fix resource leak in ksmbd_session_rpc_open() (bsc#1012628). - samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe() (bsc#1012628). - thermal/drivers/imx8mm_thermal: Validate temperature range (bsc#1012628). - thermal/drivers/k3_j72xx_bandgap: Fix the debug print message (bsc#1012628). - thermal/of: Fix memory leak on thermal_of_zone_register() failure (bsc#1012628). - thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2 (bsc#1012628). - thermal/drivers/qcom/lmh: Fix irq handler return value (bsc#1012628). - fbdev: ssd1307fb: Drop optional dependency (bsc#1012628). - fbdev: pm2fb: fix missing pci_disable_device() (bsc#1012628). - fbdev: via: Fix error in via_core_init() (bsc#1012628). - fbdev: vermilion: decrease reference count in error path (bsc#1012628). - fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (bsc#1012628). - fbdev: geode: don't build on UML (bsc#1012628). - fbdev: uvesafb: don't build on UML (bsc#1012628). - fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (bsc#1012628). - led: qcom-lpg: Fix sleeping in atomic (bsc#1012628). - perf tools: Fix "kernel lock contention analysis" test by not printing warnings in quiet mode (bsc#1012628). - perf stat: Use evsel__is_hybrid() more (bsc#1012628). - perf stat: Move common code in print_metric_headers() (bsc#1012628). - HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (bsc#1012628). - HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (bsc#1012628). - power: supply: fix residue sysfs file in error handle route of __power_supply_register() (bsc#1012628). - watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (bsc#1012628). - perf trace: Return error if a system call doesn't exist (bsc#1012628). - perf trace: Use macro RAW_SYSCALL_ARGS_NUM to replace number (bsc#1012628). - perf trace: Handle failure when trace point folder is missed (bsc#1012628). - perf symbol: correction while adjusting symbol (bsc#1012628). - power: supply: z2_battery: Fix possible memleak in z2_batt_probe() (bsc#1012628). - power: supply: cw2015: Fix potential null-ptr-deref in cw_bat_probe() (bsc#1012628). - HSI: omap_ssi_core: Fix error handling in ssi_init() (bsc#1012628). - power: supply: ab8500: Fix error handling in ab8500_charger_init() (bsc#1012628). - power: supply: Fix refcount leak in rk817_charger_probe (bsc#1012628). - power: supply: bq25890: Factor out regulator registration code (bsc#1012628). - power: supply: bq25890: Convert to i2c's .probe_new() (bsc#1012628). - power: supply: bq25890: Ensure pump_express_work is cancelled on remove (bsc#1012628). - perf branch: Fix interpretation of branch records (bsc#1012628). - power: supply: fix null pointer dereferencing in power_supply_get_battery_info (bsc#1012628). - gfs2: Partially revert gfs2_inode_lookup change (bsc#1012628). - leds: is31fl319x: Fix setting current limit for is31fl319{0,1,3} (bsc#1012628). - perf off_cpu: Fix a typo in BTF tracepoint name, it should be 'btf_trace_sched_switch' (bsc#1012628). - ftrace: Allow WITH_ARGS flavour of graph tracer with shadow call stack (bsc#1012628). - perf stat: Do not delay the workload with --delay (bsc#1012628). - RDMA/siw: Fix pointer cast warning (bsc#1012628). - fs/ntfs3: Avoid UBSAN error on true_sectors_per_clst() (bsc#1012628). - fs/ntfs3: Harden against integer overflows (bsc#1012628). - phy: marvell: phy-mvebu-a3700-comphy: Reset COMPHY registers before USB 3.0 power on (bsc#1012628). - phy: qcom-qmp-pcie: drop bogus register update (bsc#1012628). - dmaengine: idxd: Make max batch size attributes in sysfs invisible for Intel IAA (bsc#1012628). - dmaengine: apple-admac: Allocate cache SRAM to channels (bsc#1012628). - remoteproc: core: Auto select rproc-virtio device id (bsc#1012628). - phy: qcom-qmp-pcie: drop power-down delay config (bsc#1012628). - phy: qcom-qmp-pcie: replace power-down delay (bsc#1012628). - phy: qcom-qmp-pcie: fix sc8180x initialisation (bsc#1012628). - phy: qcom-qmp-pcie: fix ipq8074-gen3 initialisation (bsc#1012628). - phy: qcom-qmp-pcie: fix ipq6018 initialisation (bsc#1012628). - phy: qcom-qmp-usb: clean up power-down handling (bsc#1012628). - phy: qcom-qmp-usb: drop sc8280xp power-down delay (bsc#1012628). - phy: qcom-qmp-usb: drop power-down delay config (bsc#1012628). - phy: qcom-qmp-usb: clean up status polling (bsc#1012628). - phy: qcom-qmp-usb: drop start and pwrdn-ctrl abstraction (bsc#1012628). - phy: qcom-qmp-usb: correct registers layout for IPQ8074 USB3 PHY (bsc#1012628). - iommu/s390: Fix duplicate domain attachments (bsc#1012628). - iommu/sun50i: Fix reset release (bsc#1012628). - iommu/sun50i: Consider all fault sources for reset (bsc#1012628). - iommu/sun50i: Fix R/W permission check (bsc#1012628). - iommu/sun50i: Fix flush size (bsc#1012628). - iommu/sun50i: Implement .iotlb_sync_map (bsc#1012628). - iommu/rockchip: fix permission bits in page table entries v2 (bsc#1012628). - dmaengine: idxd: Make read buffer sysfs attributes invisible for Intel IAA (bsc#1012628). - phy: qcom-qmp-usb: fix sc8280xp PCS_USB offset (bsc#1012628). - phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices (bsc#1012628). - phy: usb: Use slow clock for wake enabled suspend (bsc#1012628). - phy: usb: Fix clock imbalance for suspend/resume (bsc#1012628). - include/uapi/linux/swab: Fix potentially missing __always_inline (bsc#1012628). - pwm: tegra: Improve required rate calculation (bsc#1012628). - pwm: tegra: Ensure the clock rate is not less than needed (bsc#1012628). - phy: qcom-qmp-pcie: split register tables into common and extra parts (bsc#1012628). - phy: qcom-qmp-pcie: split pcs_misc init cfg for ipq8074 pcs table (bsc#1012628). - phy: qcom-qmp-pcie: support separate tables for EP mode (bsc#1012628). - phy: qcom-qmp-pcie: Support SM8450 PCIe1 PHY in EP mode (bsc#1012628). - phy: qcom-qmp-pcie: Fix high latency with 4x2 PHY when ASPM is enabled (bsc#1012628). - phy: qcom-qmp-pcie: Fix sm8450_qmp_gen4x2_pcie_pcs_tbl[] register names (bsc#1012628). - fs/ntfs3: Fix slab-out-of-bounds read in ntfs_trim_fs (bsc#1012628). - dmaengine: idxd: Fix crc_val field for completion record (bsc#1012628). - rtc: rzn1: Check return value in rzn1_rtc_probe (bsc#1012628). - rtc: class: Fix potential memleak in devm_rtc_allocate_device() (bsc#1012628). - rtc: pcf2127: Convert to .probe_new() (bsc#1012628). - rtc: cmos: Call cmos_wake_setup() from cmos_do_probe() (bsc#1012628). - rtc: cmos: Call rtc_wake_setup() from cmos_do_probe() (bsc#1012628). - rtc: cmos: Eliminate forward declarations of some functions (bsc#1012628). - rtc: cmos: Rename ACPI-related functions (bsc#1012628). - rtc: cmos: Disable ACPI RTC event on removal (bsc#1012628). - rtc: snvs: Allow a time difference on clock register read (bsc#1012628). - rtc: pcf85063: Fix reading alarm (bsc#1012628). - iommu/mediatek: Check return value after calling platform_get_resource() (bsc#1012628). - iommu: Avoid races around device probe (bsc#1012628). - iommu/amd: Fix pci device refcount leak in ppr_notifier() (bsc#1012628). - iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (bsc#1012628). - macintosh: fix possible memory leak in macio_add_one_device() (bsc#1012628). - macintosh/macio-adb: check the return value of ioremap() (bsc#1012628). - powerpc/52xx: Fix a resource leak in an error handling path (bsc#1012628). - cxl: Fix refcount leak in cxl_calc_capp_routing (bsc#1012628). - powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1012628). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (bsc#1012628). - powerpc/pseries: fix the object owners enum value in plpks driver (bsc#1012628). - powerpc/pseries: Fix the H_CALL error code in PLPKS driver (bsc#1012628). - powerpc/pseries: Return -EIO instead of -EINTR for H_ABORTED error (bsc#1012628). - powerpc/pseries: fix plpks_read_var() code for different consumers (bsc#1012628). - kprobes: Fix check for probe enabled in kill_kprobe() (bsc#1012628). - powerpc: dts: turris1x.dts: Add channel labels for temperature sensor (bsc#1012628). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1012628). - powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe() (bsc#1012628). - powerpc/hv-gpci: Fix hv_gpci event list (bsc#1012628). - selftests/powerpc: Fix resource leaks (bsc#1012628). - iommu/mediatek: Add platform_device_put for recovering the device refcnt (bsc#1012628). - iommu/mediatek: Use component_match_add (bsc#1012628). - iommu/mediatek: Add error path for loop of mm_dts_parse (bsc#1012628). - iommu/mediatek: Validate number of phandles associated with "mediatek,larbs" (bsc#1012628). - iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (bsc#1012628). - pwm: sifive: Call pwm_sifive_update_clock() while mutex is held (bsc#1012628). - pwm: mtk-disp: Fix the parameters calculated by the enabled flag of disp_pwm (bsc#1012628). - pwm: mediatek: always use bus clock for PWM on MT7622 (bsc#1012628). - RISC-V: KVM: Fix reg_val check in kvm_riscv_vcpu_set_reg_config() (bsc#1012628). - remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() (bsc#1012628). - remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() (bsc#1012628). - remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove (bsc#1012628). - remoteproc: qcom_q6v5_pas: detach power domains on remove (bsc#1012628). - remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() (bsc#1012628). - remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() (bsc#1012628). - powerpc/pseries/eeh: use correct API for error log size (bsc#1012628). - dt-bindings: mfd: qcom,spmi-pmic: Drop PWM reg dependency (bsc#1012628). - mfd: axp20x: Do not sleep in the power off handler (bsc#1012628). - mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (bsc#1012628). - mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe() (bsc#1012628). - mfd: pm8008: Fix return value check in pm8008_probe() (bsc#1012628). - netfilter: flowtable: really fix NAT IPv6 offload (bsc#1012628). - rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (bsc#1012628). - rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() (bsc#1012628). - rtc: pcf85063: fix pcf85063_clkout_control (bsc#1012628). - iommu/mediatek: Fix forever loop in error handling (bsc#1012628). - nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (bsc#1012628). - net: macsec: fix net device access prior to holding a lock (bsc#1012628). - bonding: add missed __rcu annotation for curr_active_slave (bsc#1012628). - bonding: do failover when high prio link up (bsc#1012628). - mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (bsc#1012628). - mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (bsc#1012628). - mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (bsc#1012628). - block, bfq: fix possible uaf for 'bfqq->bic' (bsc#1012628). - selftests/bpf: Select CONFIG_FUNCTION_ERROR_INJECTION (bsc#1012628). - bpf: prevent leak of lsm program after failed attach (bsc#1012628). - media: v4l2-ctrls-api.c: add back dropped ctrl->is_new = 1 (bsc#1012628). - net: enetc: avoid buffer leaks on xdp_do_redirect() failure (bsc#1012628). - nfc: pn533: Clear nfc_target before being used (bsc#1012628). - unix: Fix race in SOCK_SEQPACKET's unix_dgram_sendmsg() (bsc#1012628). - r6040: Fix kmemleak in probe and remove (bsc#1012628). - net: dsa: mv88e6xxx: avoid reg_lock deadlock in mv88e6xxx_setup_port() (bsc#1012628). - igc: Enhance Qbv scheduling by using first flag bit (bsc#1012628). - igc: Use strict cycles for Qbv scheduling (bsc#1012628). - igc: Add checking for basetime less than zero (bsc#1012628). - igc: allow BaseTime 0 enrollment for Qbv (bsc#1012628). - igc: recalculate Qbv end_time by considering cycle time (bsc#1012628). - igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (bsc#1012628). - rtc: mxc_v2: Add missing clk_disable_unprepare() (bsc#1012628). - devlink: hold region lock when flushing snapshots (bsc#1012628). - selftests: devlink: fix the fd redirect in dummy_reporter_test (bsc#1012628). - openvswitch: Fix flow lookup to use unmasked key (bsc#1012628). - soc: mediatek: pm-domains: Fix the power glitch issue (bsc#1012628). - arm64: dts: mt8183: Fix Mali GPU clock (bsc#1012628). - devlink: protect devlink dump by the instance lock (bsc#1012628). - skbuff: Account for tail adjustment during pull operations (bsc#1012628). - mailbox: mpfs: read the system controller's status (bsc#1012628). - mailbox: arm_mhuv2: Fix return value check in mhuv2_probe() (bsc#1012628). - mailbox: zynq-ipi: fix error handling while device_register() fails (bsc#1012628). - net_sched: reject TCF_EM_SIMPLE case for complex ematch module (bsc#1012628). - rxrpc: Fix missing unlock in rxrpc_do_sendmsg() (bsc#1012628). - myri10ge: Fix an error handling path in myri10ge_probe() (bsc#1012628). - net: stream: purge sk_error_queue in sk_stream_kill_queues() (bsc#1012628). - mctp: serial: Fix starting value for frame check sequence (bsc#1012628). - cifs: don't leak -ENOMEM in smb2_open_file() (bsc#1012628). - net: dsa: microchip: remove IRQF_TRIGGER_FALLING in request_threaded_irq (bsc#1012628). - mctp: Remove device type check at unregister (bsc#1012628). - HID: amd_sfh: Add missing check for dma_alloc_coherent (bsc#1012628). - net: fec: check the return value of build_skb() (bsc#1012628). - rcu: Fix __this_cpu_read() lockdep warning in rcu_force_quiescent_state() (bsc#1012628). - arm64: make is_ttbrX_addr() noinstr-safe (bsc#1012628). - ARM: dts: aspeed: rainier,everest: Move reserved memory regions (bsc#1012628). - video: hyperv_fb: Avoid taking busy spinlock on panic path (bsc#1012628). - x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (bsc#1012628). - binfmt_misc: fix shift-out-of-bounds in check_special_flags (bsc#1012628). - arm64: dts: qcom: sm8450: disable SDHCI SDR104/SDR50 on all boards (bsc#1012628). - arm64: dts: qcom: sm6350: Add apps_smmu with streamID to SDHCI 1/2 nodes (bsc#1012628). - fs: jfs: fix shift-out-of-bounds in dbAllocAG (bsc#1012628). - udf: Avoid double brelse() in udf_rename() (bsc#1012628). - jfs: Fix fortify moan in symlink (bsc#1012628). - fs: jfs: fix shift-out-of-bounds in dbDiscardAG (bsc#1012628). - ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1012628). - ACPI: EC: Add quirk for the HP Pavilion Gaming 15-cx0041ur (bsc#1012628). - ACPICA: Fix error code path in acpi_ds_call_control_method() (bsc#1012628). - thermal/core: Ensure that thermal device is registered in thermal_zone_get_temp (bsc#1012628). - ACPI: video: Change GIGABYTE GB-BXBT-2807 quirk to force_none (bsc#1012628). - ACPI: video: Change Sony Vaio VPCEH3U1E quirk to force_native (bsc#1012628). - ACPI: video: Add force_vendor quirk for Sony Vaio PCG-FRV35 (bsc#1012628). - ACPI: video: Add force_native quirk for Sony Vaio VPCY11S1E (bsc#1012628). - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (bsc#1012628). - nilfs2: fix shift-out-of-bounds due to too large exponent of block size (bsc#1012628). - acct: fix potential integer overflow in encode_comp_t() (bsc#1012628). - x86/apic: Handle no CONFIG_X86_X2APIC on systems with x2APIC enabled by BIOS (bsc#1012628). - ACPI: x86: Add skip i2c clients quirk for Lenovo Yoga Tab 3 Pro (YT3-X90F) (bsc#1012628). - btrfs: do not panic if we can't allocate a prealloc extent state (bsc#1012628). - ACPI: x86: Add skip i2c clients quirk for Medion Lifetab S10346 (bsc#1012628). - hfs: fix OOB Read in __hfs_brec_find (bsc#1012628). - drm/etnaviv: add missing quirks for GC300 (bsc#1012628). - media: imx-jpeg: Disable useless interrupt to avoid kernel panic (bsc#1012628). - brcmfmac: return error when getting invalid max_flowrings from dongle (bsc#1012628). - wifi: ath9k: verify the expected usb_endpoints are present (bsc#1012628). - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (bsc#1012628). - ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (bsc#1012628). - ASoC: Intel: avs: Add quirk for KBL-R RVP platform (bsc#1012628). - ipmi: fix memleak when unload ipmi driver (bsc#1012628). - wifi: ath10k: Delay the unmapping of the buffer (bsc#1012628). - openvswitch: Use kmalloc_size_roundup() to match ksize() usage (bsc#1012628). - bnx2: Use kmalloc_size_roundup() to match ksize() usage (bsc#1012628). - drm/amd/display: skip commit minimal transition state (bsc#1012628). - drm/amd/display: prevent memory leak (bsc#1012628). - drm/edid: add a quirk for two LG monitors to get them to work on 10bpc (bsc#1012628). - Revert "drm/amd/display: Limit max DSC target bpp for specific monitors" (bsc#1012628). - drm/rockchip: use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() (bsc#1012628). - blk-mq: avoid double ->queue_rq() because of early timeout (bsc#1012628). - HID: apple: fix key translations where multiple quirks attempt to translate the same key (bsc#1012628). - HID: apple: enable APPLE_ISO_TILDE_QUIRK for the keyboards of Macs with the T2 chip (bsc#1012628). - wifi: ath11k: Fix qmi_msg_handler data structure initialization (bsc#1012628). - qed (gcc13): use u16 for fid to be big enough (bsc#1012628). - drm/meson: Fix return type of meson_encoder_cvbs_mode_valid() (bsc#1012628). - bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1012628). - net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() (bsc#1012628). - hamradio: baycom_epp: Fix return type of baycom_send_packet() (bsc#1012628). - wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (bsc#1012628). - wifi: brcmfmac: Fix potential NULL pointer dereference in 'brcmf_c_preinit_dcmds()' (bsc#1012628). - HID: input: do not query XP-PEN Deco LW battery (bsc#1012628). - HID: uclogic: Add support for XP-PEN Deco LW (bsc#1012628). - igb: Do not free q_vector unless new one was allocated (bsc#1012628). - drm/amdgpu: Fix type of second parameter in trans_msg() callback (bsc#1012628). - drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback (bsc#1012628). - s390/ctcm: Fix return type of ctc{mp,}m_tx() (bsc#1012628). - s390/netiucv: Fix return type of netiucv_tx() (bsc#1012628). - s390/lcs: Fix return type of lcs_start_xmit() (bsc#1012628). - drm/amd/display: Use min transition for SubVP into MPO (bsc#1012628). - drm/amd/display: Disable DRR actions during state commit (bsc#1012628). - drm/msm: Use drm_mode_copy() (bsc#1012628). - drm/rockchip: Use drm_mode_copy() (bsc#1012628). - drm/sti: Use drm_mode_copy() (bsc#1012628). - drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid() (bsc#1012628). - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (bsc#1012628). - md/raid0, raid10: Don't set discard sectors for request queue (bsc#1012628). - md/raid1: stop mdx_raid1 thread when raid1 array run failed (bsc#1012628). - drm/amd/display: Workaround to increase phantom pipe vactive in pipesplit (bsc#1012628). - drm/amd/display: fix array index out of bound error in bios parser (bsc#1012628). - nvme-auth: don't override ctrl keys before validation (bsc#1012628). - net: add atomic_long_t to net_device_stats fields (bsc#1012628). - ipv6/sit: use DEV_STATS_INC() to avoid data-races (bsc#1012628). - mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1012628). - net: ethernet: mtk_eth_soc: drop packets to WDMA if the ring is full (bsc#1012628). - bpf/verifier: Use kmalloc_size_roundup() to match ksize() usage (bsc#1012628). - ppp: associate skb with a device at tx (bsc#1012628). - drm/amd/display: Fix display corruption w/ VSR enable (bsc#1012628). - bpf: Fix a BTF_ID_LIST bug with CONFIG_DEBUG_INFO_BTF not set (bsc#1012628). - bpf: Prevent decl_tag from being referenced in func_proto arg (bsc#1012628). - ethtool: avoiding integer overflow in ethtool_phys_id() (bsc#1012628). - media: dvb-frontends: fix leak of memory fw (bsc#1012628). - media: dvbdev: adopts refcnt to avoid UAF (bsc#1012628). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (bsc#1012628). - media: mediatek: vcodec: Can't set dst buffer to done when lat decode error (bsc#1012628). - blk-mq: fix possible memleak when register 'hctx' failed (bsc#1012628). - ALSA: usb-audio: Add quirk for Tascam Model 12 (bsc#1012628). - drm/amdgpu: Fix potential double free and null pointer dereference (bsc#1012628). - drm/amd/display: Use the largest vready_offset in pipe group (bsc#1012628). - drm/amd/display: Fix DTBCLK disable requests and SRC_SEL programming (bsc#1012628). - ASoC: amd: yc: Add Xiaomi Redmi Book Pro 14 2022 into DMI table (bsc#1012628). - libbpf: Avoid enum forward-declarations in public API in C++ mode (bsc#1012628). - regulator: core: fix use_count leakage when handling boot-on (bsc#1012628). - wifi: mt76: do not run mt76u_status_worker if the device is not running (bsc#1012628). - hwmon: (nct6775) add ASUS CROSSHAIR VIII/TUF/ProArt B550M (bsc#1012628). - selftests/bpf: Fix conflicts with built-in functions in bpf_iter_ksym (bsc#1012628). - nfs: fix possible null-ptr-deref when parsing param (bsc#1012628). - mmc: f-sdh30: Add quirks for broken timeout clock capability (bsc#1012628). - mmc: renesas_sdhi: add quirk for broken register layout (bsc#1012628). - mmc: renesas_sdhi: better reset from HS400 mode (bsc#1012628). - mmc: sdhci-tegra: Issue CMD and DAT resets together (bsc#1012628). - media: si470x: Fix use-after-free in si470x_int_in_callback() (bsc#1012628). - clk: st: Fix memory leak in st_of_quadfs_setup() (bsc#1012628). - regulator: core: Use different devices for resource allocation and DT lookup (bsc#1012628). - ice: synchronize the misc IRQ when tearing down Tx tracker (bsc#1012628). - Bluetooth: hci_bcm: Add CYW4373A0 support (bsc#1012628). - Bluetooth: Add quirk to disable extended scanning (bsc#1012628). - Bluetooth: Add quirk to disable MWS Transport Configuration (bsc#1012628). - regulator: core: Fix resolve supply lookup issue (bsc#1012628). - crypto: hisilicon/hpre - fix resource leak in remove process (bsc#1012628). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1012628). - scsi: ufs: Reduce the START STOP UNIT timeout (bsc#1012628). - crypto: hisilicon/qm - increase the memory of local variables (bsc#1012628). - Revert "PCI: Clear PCI_STATUS when setting up device" (bsc#1012628). - scsi: elx: libefc: Fix second parameter type in state callbacks (bsc#1012628). - hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1012628). - scsi: smartpqi: Add new controller PCI IDs (bsc#1012628). - scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1012628). - drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (bsc#1012628). - drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (bsc#1012628). - scsi: target: iscsi: Fix a race condition between login_work and the login thread (bsc#1012628). - orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() (bsc#1012628). - orangefs: Fix kmemleak in orangefs_sysfs_init() (bsc#1012628). - orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() (bsc#1012628). - hwmon: (jc42) Fix missing unlock on error in jc42_write() (bsc#1012628). - ASoC: sof_es8336: fix possible use-after-free in sof_es8336_remove() (bsc#1012628). - ASoC: Intel: Skylake: Fix driver hang during shutdown (bsc#1012628). - ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (bsc#1012628). - ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() (bsc#1012628). - ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (bsc#1012628). - ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() (bsc#1012628). - ALSA: hda/hdmi: fix i915 silent stream programming flow (bsc#1012628). - ALSA: hda/hdmi: set default audio parameters for KAE silent-stream (bsc#1012628). - ALSA: hda/hdmi: fix stream-id config keep-alive for rt suspend (bsc#1012628). - ASoC: wm8994: Fix potential deadlock (bsc#1012628). - ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (bsc#1012628). - ASoC: rt5670: Remove unbalanced pm_runtime_put() (bsc#1012628). - drm/i915/display: Don't disable DDI/Transcoder when setting phy test pattern (bsc#1012628). - LoadPin: Ignore the "contents" argument of the LSM hooks (bsc#1012628). - lkdtm: cfi: Make PAC test work with GCC 7 and 8 (bsc#1012628). - pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (bsc#1012628). - drm/amd/pm: avoid large variable on kernel stack (bsc#1012628). - perf debug: Set debug_peo_args and redirect_to_stderr variable to correct values in perf_quiet_option() (bsc#1012628). - perf tools: Make quiet mode consistent between tools (bsc#1012628). - perf probe: Check -v and -q options in the right place (bsc#1012628). - MIPS: ralink: mt7621: avoid to init common ralink reset controller (bsc#1012628). - perf test: Fix "all PMU test" to skip parametrized events (bsc#1012628). - afs: Fix lost servers_outstanding count (bsc#1012628). - cfi: Fix CFI failure with KASAN (bsc#1012628). - pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (bsc#1012628). - ima: Simplify ima_lsm_copy_rule (bsc#1012628). - Input: iqs7222 - drop unused device node references (bsc#1012628). - Input: iqs7222 - report malformed properties (bsc#1012628). - Input: iqs7222 - add support for IQS7222A v1.13+ (bsc#1012628). - dt-bindings: input: iqs7222: Reduce 'linux,code' to optional (bsc#1012628). - dt-bindings: input: iqs7222: Correct minimum slider size (bsc#1012628). - dt-bindings: input: iqs7222: Add support for IQS7222A v1.13+ (bsc#1012628). - ALSA: usb-audio: Workaround for XRUN at prepare (bsc#1012628). - ALSA: usb-audio: add the quirk for KT0206 device (bsc#1012628). - ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB (bsc#1012628). - ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list (bsc#1012628). - HID: logitech-hidpp: Guard FF init code against non-USB devices (bsc#1012628). - usb: cdnsp: fix lack of ZLP for ep0 (bsc#1012628). - usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq (bsc#1012628). - arm64: dts: qcom: sm6350: fix USB-DP PHY registers (bsc#1012628). - arm64: dts: qcom: sm8250: fix USB-DP PHY registers (bsc#1012628). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (bsc#1012628). - clk: imx: imx8mp: add shared clk gate for usb suspend clk (bsc#1012628). - usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (bsc#1012628). - usb: dwc3: core: defer probe on ulpi_read_id timeout (bsc#1012628). - usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (bsc#1012628). - xhci: Prevent infinite loop in transaction errors recovery for streams (bsc#1012628). - HID: wacom: Ensure bootloader PID is usable in hidraw mode (bsc#1012628). - HID: mcp2221: don't connect hidraw (bsc#1012628). - loop: Fix the max_loop commandline argument treatment when it is set to 0 (bsc#1012628). - 9p: set req refcount to zero to avoid uninitialized usage (bsc#1012628). - security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6 (bsc#1012628). - reiserfs: Add missing calls to reiserfs_security_free() (bsc#1012628). - iio: fix memory leak in iio_device_register_eventset() (bsc#1012628). - iio: adc: ad_sigma_delta: do not use internal iio_dev lock (bsc#1012628). - iio: adc128s052: add proper .data members in adc128_of_match table (bsc#1012628). - iio: addac: ad74413r: fix integer promotion bug in ad74413_get_input_current_offset() (bsc#1012628). - regulator: core: fix deadlock on regulator enable (bsc#1012628). - spi: fsl_spi: Don't change speed while chipselect is active (bsc#1012628). - floppy: Fix memory leak in do_floppy_init() (bsc#1012628). - gcov: add support for checksum field (bsc#1012628). - test_maple_tree: add test for mas_spanning_rebalance() on insufficient data (bsc#1012628). - maple_tree: fix mas_spanning_rebalance() on insufficient data (bsc#1012628). - fbdev: fbcon: release buffer when fbcon_do_set_font() failed (bsc#1012628). - ovl: fix use inode directly in rcu-walk mode (bsc#1012628). - btrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range (bsc#1012628). - mm/gup: disallow FOLL_FORCE|FOLL_WRITE on hugetlb mappings (bsc#1012628). - scsi: qla2xxx: Fix crash when I/O abort times out (bsc#1012628). - blk-iolatency: Fix memory leak on add_disk() failures (bsc#1012628). - io_uring/net: introduce IORING_SEND_ZC_REPORT_USAGE flag (bsc#1012628). - io_uring: add completion locking for iopoll (bsc#1012628). - io_uring: dont remove file from msg_ring reqs (bsc#1012628). - io_uring: improve io_double_lock_ctx fail handling (bsc#1012628). - io_uring/net: fix cleanup after recycle (bsc#1012628). - io_uring: protect cq_timeouts with timeout_lock (bsc#1012628). - io_uring: remove iopoll spinlock (bsc#1012628). - net: stmmac: fix errno when create_singlethread_workqueue() fails (bsc#1012628). - media: dvbdev: fix build warning due to comments (bsc#1012628). - media: dvbdev: fix refcnt bug (bsc#1012628). - drm/amd/display: revert Disable DRR actions during state commit (bsc#1012628). - mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code (bsc#1012628). - pwm: tegra: Fix 32 bit build (bsc#1012628). - Update config files. - commit 7fea150 - ALSA: hda/hdmi: Static PCM mapping again with AMD HDMI codecs (bsc#1206759). - commit 8a7bf0c ------------------------------------------------------------------ ------------------ 2022-12-31 - Dec 31 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - don't try to generate libvdpau_virtio_gpu package on ppc64le; for some reason this driver doesn't get built on this platform ++++ Mesa-drivers: - don't try to generate libvdpau_virtio_gpu package on ppc64le; for some reason this driver doesn't get built on this platform ++++ kbd: - rebased cz-map.patch for console-setup 1.215 update; apparently 'U+00b0' needs to be 'dead_abovering' and not 'dead_grave' as we assumed before ------------------------------------------------------------------ ------------------ 2022-12-30 - Dec 30 2022 ------------------- ------------------------------------------------------------------ ++++ grub2: - Fix inappropriately including commented lines in crypttab (bsc#1206279) * 0010-templates-import-etc-crypttab-to-grub.cfg.patch ++++ kernel-default: - wifi: mac80211: fix initialization of rx->link and rx->link_sta (bsc#1206683). - commit 081acb5 ------------------------------------------------------------------ ------------------ 2022-12-29 - Dec 29 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - Update to version 22.3.0: * See https://docs.mesa3d.org/relnotes/22.3.0.html - Update to version 22.3.1: * See https://docs.mesa3d.org/relnotes/22.3.1.html - Update to version 22.3.2: * See https://docs.mesa3d.org/relnotes/22.3.2.html - Remove the libXvMC_nouveau and libXvMC_r600 packages as XVMC support was removed. - Add libvdpau_virtio_gpu package for VirtIO GPU. - Rebase n_drirc-disable-rgb10-for-chromium-on-amd.patch. - Rebase u_dep_xcb.patch. - Rebase U_fix-mpeg1_2-decode-mesa-20.2.patch. - Drop n_buildfix-21.3.0.patch: fixed upstream. ++++ Mesa-drivers: - Update to version 22.3.0: * See https://docs.mesa3d.org/relnotes/22.3.0.html - Update to version 22.3.1: * See https://docs.mesa3d.org/relnotes/22.3.1.html - Update to version 22.3.2: * See https://docs.mesa3d.org/relnotes/22.3.2.html - Remove the libXvMC_nouveau and libXvMC_r600 packages as XVMC support was removed. - Add libvdpau_virtio_gpu package for VirtIO GPU. - Rebase n_drirc-disable-rgb10-for-chromium-on-amd.patch. - Rebase u_dep_xcb.patch. - Rebase U_fix-mpeg1_2-decode-mesa-20.2.patch. - Drop n_buildfix-21.3.0.patch: fixed upstream. ++++ python-lxml: - update to version 4.9.2 * Bugs fixed + CVE-2022-2309: A Bug in libxml2 2.9.1[0-4] could let namespace declarations from a failed parser run leak into later parser runs. This bug was worked around in lxml and resolved in libxml2 2.10.0. https://gitlab.gnome.org/GNOME/libxml2/-/issues/378 * LP#1981760: ``Element.attrib`` now registers as ``collections.abc.MutableMapping``. * lxml now has a static build setup for macOS on ARM64 machines (not used for building wheels). Patch by Quentin Leffray. ------------------------------------------------------------------ ------------------ 2022-12-28 - Dec 28 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-firmware: - Update to version 20221216 (git commit c9c19583f717): * rtw89: 8852c: update fw to v0.27.56.9 * rtw89: 8852c: update fw to v0.27.56.8 * amdgpu: updated navi10 firmware for amd-5.4 * amdgpu: updated yellow carp firmware for amd-5.4 * amdgpu: updated raven2 firmware for amd-5.4 * amdgpu: updated raven firmware for amd-5.4 * amdgpu: updated PSP 13.0.8 firmware for amd-5.4 * amdgpu: updated GC 10.3.7 RLC firmware for amd-5.4 * amdgpu: updated vega20 firmware for amd-5.4 * amdgpu: updated PSP 13.0.5 firmware for amd-5.4 * amdgpu: add VCN 4.0.0 firmware for amd-5.4 * amdgpu: add SMU 13.0.0 firmware for amd-5.4 * amdgpu: Add SDMA 6.0.0 firmware for amd-5.4 * amdgpu: add PSP 13.0.0 firmware for amd-5.4 * amdgpu: add GC 11.0.0 firmware for amd-5.4 * amdgpu: add DCN 3.2.0 firmware for amd-5.4 * amdgpu: updated vega10 firmware for amd-5.4 * amdgpu: updated beige goby firmware for amd-5.4 * amdgpu: updated dimgrey cavefish firmware for amd-5.4 * amdgpu: updated vangogh firmware for amd-5.4 * amdgpu: updated picasso firmware for amd-5.4 * amdgpu: updated navy flounder firmware for amd-5.4 * amdgpu: updated green sardine firmware for amd-5.4 * amdgpu: updated sienna cichlid firmware for amd-5.4 * amdgpu: updated arcture firmware for amd-5.4 * amdgpu: updated navi14 firmware for amd-5.4 * amdgpu: updated renoir firmware for amd-5.4 * amdgpu: updated navi12 firmware for amd-5.4 * amdgpu: updated aldebaran firmware for amd-5.4 * sr150 : Add NXP SR150 UWB firmware * brcm: add/update firmware files for brcmfmac driver * rtl_bt: Update RTL8821C BT(USB I/F) FW to 0x75b8_f098 ++++ vim: - Updated to version 9.0.1107, fixes the following problems * build fails if the compiler doesn't allow for a declaration right after "case". * ASAN complains about NULL argument. * Can add text property with negative ID before virtual text property. * With the +vartabs feature indent folding may use wrong 'tabstop'. * Leaking memory when defining a user command fails. * The "kitty" terminfo entry is not widespread, resulting in the kitty terminal not working properly. * Using "->" with split lines does not always work. * Some jsonc files are not recognized. * Empty and comment lines in a class cause an error. * Code handling low level MS-Windows events cannot be tested. * Compiler warns for uninitialized variable. * Display wrong in Windows terminal after exiting Vim. * Autocommand test sometimes fails. * Clang warns for unused variable. * unnessary assignment * FHIR Shorthand files are not recognized. * Assignment to non-existing member causes a crash. (Yegappan Lakshmanan) * Search error message doesn't show used pattern. * Using freed memory of object member. (Yegappan Lakshmanan) * Compiler warning when HAS_MESSAGE_WINDOW is not defined. * Using freed memory when declaration fails. (Yegappan Lakshmanan) * Reallocating hashtab when the size didn't change. * Tests are failing. * Code uses too much indent. * Trying to resize a hashtab may cause a problem. ------------------------------------------------------------------ ------------------ 2022-12-27 - Dec 27 2022 ------------------- ------------------------------------------------------------------ ++++ libpsl: - update to 0.21.2: * Increased internal label size * Fix undefined behavior in library code * Ensure that calls to fopen() and stat() can handle largefiles - add multibuild definition ++++ libvirt: - Fix lxc container initialization with systemd and hybrid cgroups suse-fix-lxc-container-init.patch boo#1183247 ++++ lsof: - update to 4.96.5: * Avoid C89-only constructs is Configure - drop format.patch, now upstream ------------------------------------------------------------------ ------------------ 2022-12-26 - Dec 26 2022 ------------------- ------------------------------------------------------------------ ++++ libpwquality: - Update to version 1.4.5: + Minor bug fixes and documentation enhancements. + Updated translations. ------------------------------------------------------------------ ------------------ 2022-12-24 - Dec 24 2022 ------------------- ------------------------------------------------------------------ ++++ pam: - Also obsolete pam_unix-32bit to have clean upgrade path. ------------------------------------------------------------------ ------------------ 2022-12-23 - Dec 23 2022 ------------------- ------------------------------------------------------------------ ++++ dnsmasq: - update to 2.88: * Fix bug in --dynamic-host when an interface has /16 IPv4 * address. * Add --fast-dns-retry option. This gives dnsmasq the ability to originate retries for upstream DNS queries itself, rather than relying on the downstream client. This is most useful when doing DNSSEC over unreliable upstream networks. It comes with some cost in memory usage and network bandwidth. * Add --use-stale-cache option. When set, if a DNS name exists in the cache, but its time-to-live has expired, dnsmasq will return the data anyway. * handle removal of whole files or entries within files. ++++ grub2: - Make grub.cfg invariant to efi and legacy platforms (bsc#1205200) - Removed patch linuxefi * grub2-secureboot-provide-linuxefi-config.patch * grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch * grub2-secureboot-use-linuxefi-on-uefi.patch - Rediff * grub2-btrfs-05-grub2-mkconfig.patch * grub2-efi-xen-cmdline.patch * grub2-s390x-05-grub2-mkconfig.patch * grub2-suse-remove-linux-root-param.patch ++++ gstreamer-plugins-base: - Update to version 1.20.5: + audioconvert, audioresample, audiofilter: fix divide by 0 for input buffer without caps + cdparanoia: Ignore compiler warning coming from the cdparanoia header + oggdemux, parsebin: More leak fixes + opengl: - Fix automatic dispmanx detection for rpi4 - Fix usage of eglCreate/DestroyImage - Fix static linking on macOS + Bump core requirement in 1.20 branch to 1.20.4 + oggdemux: Don't leak incoming EOS event + opusdec: Various channel-related fixes + subparse: Fix non-closed tag handling. + textrender: - Don't blindly forward all events and don't blindly forward all events - Negotiate caps on a GAP event if none were negotiated yet + timeoverlay: fix pad leak + videodecoder: Only post latency message if it changed + videoscale: buffer meta handling fixes (NULL-terminate array of valid meta tags) + videosink: Don't return unknown end-time from get_times() ++++ iproute2: - update to 6.1: * man: ss.8: fix a typo * testsuite: fix build failure * genl: remove unused vars in Makefile * json: do not escape single quotes * ip-monitor: Do not error out when RTNLGRP_STATS is not available * ip-link: man: Document existence of netns argument in add command * macsec: add Extended Packet Number support * macsec: add user manual description for extended packet number feature * ip: xfrm: support "external" (`collect_md`) mode in xfrm interfaces * ip: xfrm: support adding xfrm metadata as lwtunnel info in routes * ip: add NLM_F_ECHO support * libnetlink: add offset for nl_dump_ext_ack_done * tc/tc_monitor: print netlink extack message * rtnetlink: add new function rtnl_echo_talk() * ip: fix return value for rtnl_talk failures * iplink_bridge: Add no_linklocal_learn option support * devlink: use dl_no_arg instead of checking dl_argc == 0 * devlink: remove dl_argv_parse_put * mnlg: remove unnused mnlg_socket structure * utils: extract CTRL_ATTR_MAXATTR and save it * devlink: expose nested devlink for a line card object * devlink: load port-ifname map on demand * devlink: fix parallel flash notifications processing * devlink: move use_iec into struct dl * devlink: fix typo in variable name in ifname_map_cb() * devlink: load ifname map on demand from ifname_map_rev_lookup() as well * dcb: unblock mnl_socket_recvfrom if not message received * libnetlink: Fix memory leak in __rtnl_talk_iov() * tc_util: Fix no error return when large parent id used * tc_util: Change datatype for maj to avoid overflow issue * ss: man: add missing entries for MPTCP * ss: man: add missing entries for TIPC * ss: usage: add missing parameters * ss: re-add TIPC query support * devlink: Fix setting parent for 'rate add' * link: display 'allmulti' counter * seg6: add support for flavors in SRv6 End* behaviors * tc: ct: Fix invalid pointer dereference * uapi: update from 6.1 pre rc1 * u32: fix json formatting of flowid * tc_stab: remove dead code * uapi: update for in.h and ip.h * remove #if 0 code * tc: add json support to size table * tc: put size table options in json object * tc/basic: fix json output filter * iplink: support JSON in MPLS output * tc: print errors on stderr * ip: print mpls errors on stderr * tc: make prefix const * man: add missing tc class show * iplink_can: add missing `]' of the bitrate, dbitrate and termination arrays * ip link: add sub-command to view and change DSA conduit interface ++++ libarchive: - update to 3.6.2 (bsc#1205629, CVE-2022-36227) * NULL pointer dereference vulnerability in archive_write.c * include ZSTD in Windows builds (#1688) * SSL fixes on Windows (#1714, #1723, #1724) * rar5 reader: fix possible garbled output with bsdtar -O (#1745) * mtree reader: support reading mtree files with tabs (#1783) * various small fixes for issues found by CodeQL ++++ libxshmfence: - update to 1.3.2: * configure: Use AC_SYS_LARGEFILE to enable large file support - spec file modernisation, add license and README ------------------------------------------------------------------ ------------------ 2022-12-22 - Dec 22 2022 ------------------- ------------------------------------------------------------------ ++++ ca-certificates-mozilla: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle "valid before nov 30 2022" and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 Patch: remove-trustcor.patch ++++ glib2: - Update to version 2.74.4: + Fix missing input validation in `GDBusMenuModel`. + Various GVariant security fixes when handling untrusted data. + Bugs fixed: glgo#GNOME/GLib#861, glgo#GNOME/GLib#2121, glgo#GNOME/GLib#2540, glgo#GNOME/GLib#2794, glgo#GNOME/GLib#2797, glgo#GNOME/GLib#2835, glgo#GNOME/GLib#2839, glgo#GNOME/GLib#2840, glgo#GNOME/GLib#2841, glgo#GNOME/GLib#2852, glgo#GNOME/GLib!3114, glgo#GNOME/GLib!3126, glgo#GNOME/GLib!3134, glgo#GNOME/GLib!3138, glgo#GNOME/GLib!3153, glgo#GNOME/GLib!3161, glgo#GNOME/GLib!3164. + Updated translations. - Add 1539540.patch: gthread-posix: need to #include . ++++ gstreamer: - update to 1.20.5: + This release only contains bugfixes and it should be safe to upgrade from 1.20.x. + systemclock waiting fixes for certain 32-bit platforms/libcs + alphacombine: robustness improvements for corner case scenarios + avfvideosrc: Report latency when doing screen capture + d3d11videosink: various thread-safety and stability fixes + decklink: fix performance issue when HDMI signal has been lost for a long time + flacparse: Fix handling of headers advertising 32 bits per sample + mpegts: Handle when iconv doesn't support ISO 6937 (e.g. musl libc) + opengl: fix automatic dispmanx detection for rpi4 and fix usage of eglCreate/DestroyImage + opusdec: Various channel-related fixes + textrender: event handling fixes, esp. for GAP event + subparse: Fix non-closed tag handling + videoscale: fix handling of unknown buffer metas + videosink: reverse playback handling fixes + qtmux: Prefill mode fixes, especially for raw audio + multiudpsink: allow binding to IPv6 address + rtspsrc: - Fix usage of IPv6 connections in SETUP - Only EOS on timeout if all streams are timed out/EOS + splitmuxsrc: fix playback stall if there are unlinked pads + v4l2: Fix SIGSEGV on state change during format changes + wavparse robustness fixes + Fix static linking on macOS (opengl, vulkan) + gstreamer-vaapi: fix headless build against mesa >= 22.3.0 + GStreamer Editing Services library: Fix build with tools disabled + webrtc example/demo fixes + unit test fixes for aesdec and rtpjitterbuffer + Cerbero: Fix ios cross-compile with cmake on M1; some recipe updates and other build fixes + Miscellaneous bug fixes, memory leak fixes, and other stability and reliability improvements + Performance improvements + Changes in gstreamer base package: - allocator: Copy allocator name in gst_allocator_register() - concat: Properly propagate EOS seqnum - fakesrc: avoid time overflow with datarate - Fix build of 1.20 branch with Meson 0.64.1 for those who have hotdoc installed on their system. - gst-inspect: Don't leak list - meson: fix check for pthread_setname_np() - miniobject: support higher refcount values - pads: Fix non-serialized sticky event push, e.g. instant change rate events - padtemplate: Fix annotations - systemclock: Use futex_time64 syscall on x32 and other platforms that always... - -Wimplicit-function-declaration in pthread_setname_np check (missing GNUSOURCE) ++++ kernel-default: - series.conf: cleanup - update upstream reference and move into sorted section: - patches.suse/io_uring-net-ensure-compat-import-handlers-clear-fre.patch - commit a76dc2b - Linux 6.1.1 (bsc#1012628). - KEYS: encrypted: fix key instantiation with user-provided data (bsc#1012628). - cifs: fix oops during encryption (bsc#1012628). - usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system for Raptor Lake (bsc#1012628). - usb: typec: ucsi: Resume in separate work (bsc#1012628). - igb: Initialize mailbox message for VF reset (bsc#1012628). - staging: r8188eu: fix led register settings (bsc#1012628). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (bsc#1012628). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (bsc#1012628). - USB: serial: f81534: fix division by zero on line-speed change (bsc#1012628). - USB: serial: f81232: fix division by zero on line-speed change (bsc#1012628). - USB: serial: cp210x: add Kamstrup RF sniffer PIDs (bsc#1012628). - USB: serial: option: add Quectel EM05-G modem (bsc#1012628). - usb: gadget: uvc: Prevent buffer overflow in setup handler (bsc#1012628). - udf: Fix extending file within last block (bsc#1012628). - udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1012628). - udf: Fix preallocation discarding at indirect extent boundary (bsc#1012628). - udf: Discard preallocation before extending file with a hole (bsc#1012628). - irqchip/ls-extirq: Fix endianness detection (bsc#1012628). - mips: ralink: mt7621: do not use kzalloc too early (bsc#1012628). - mips: ralink: mt7621: soc queries and tests as functions (bsc#1012628). - mips: ralink: mt7621: define MT7621_SYSC_BASE with __iomem (bsc#1012628). - PCI: mt7621: Add sentinel to quirks table (bsc#1012628). - libbpf: Fix uninitialized warning in btf_dump_dump_type_data (bsc#1012628). - x86/vdso: Conditionally export __vdso_sgx_enter_enclave() (bsc#1012628). - commit 181a470 ++++ libbpf: - update to v1.1.0: User space-side features and APIs: * user-space ring buffer (BPF_MAP_TYPE_USER_RINGBUF) support; * new documentation page listing all recognized SEC() definitions; * BTF dedup improvements: * unambiguous fwd declaration resolution for structs and unions; * better handling of some corner cases with identical structs and arrays; * mixed enum and enum64 forward declaration resolution logic; * bpf_{link,btf,pro,mapg}_get_fd_by_id_opts() and bpf_get_fd_by_id_opts() APIs; * libbpf supports loading raw BTF for BPF CO-RE from known search paths; * support for new cgroup local storage (BPF_MAP_TYPE_CGRP_STORAGE); * libbpf will only add BPF_F_MMAPABLE flag for data maps with global (i.e., non-static) vars; * latest Linux UAPI headers with lots of changes synced into include/uapi/linux. BPF-side features and APIs; * BPF_PROG2() macro added that supports struct-by-value arguments; * new BPF helpers: * bpf_user_ringbuf_drain(); * cgrp_storage_get() and cgrp_storage_delete(). Bug fixes * better handling of padding corner cases; * btf__align_of() determines packed structs better now; * improved handling of enums of non-standard sizes; * USDT spec parsing improvements; * overflow handling fixes for ringbufs; * Makefile fixes to support cross-compilation for 32-bit targets; * fix crash if SEC("freplace") programs don't have attach_prog_fd set; * better handling of file existence checks when running as non-root with enhanced capabilities; * a bunch of small fixes: * ELF handling improvements; * fix memory leak in USDT argument parsing logic; * fix NULL dereferences in few corner cases; * improved netlink attribute iteration handling. - drop libbpf-Use-elf_getshdrnum-instead-of-e_shnum.patch, libbpf-Fix-use-after-free-in-btf_dump_name_dups.patch, libbpf-Fix-memory-leak-in-parse_usdt_arg.patch libbpf-Fix-null-pointer-dereference-in-find_prog_by_.patch (upstream) ------------------------------------------------------------------ ------------------ 2022-12-21 - Dec 21 2022 ------------------- ------------------------------------------------------------------ ++++ curl: - Update to 7.87.0: * Security fixes: - CVE-2022-43551, bsc#1206308: another HSTS bypass via IDN - CVE-2022-43552, bsc#1206309: HTTP Proxy deny use-after-free * Changes - curl: add --url-query - CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit - lib: add CURL_WRITEFUNC_ERROR to signal write callback error - openssl: reduce CA certificate bundle reparsing by caching - version: add a feature names array to curl_version_info_data * Bugfixes - altsvc: fix rejection of negative port numbers - aws_sigv4: consult x-%s-content-sha256 for payload hash - aws_sigv4: fix typos in aws_sigv4.c - base64: better alloc size - base64: encode without using snprintf - base64: faster base64 decoding - build: assume assert.h is always available - build: assume errno.h is always available - c-hyper: CONNECT respones are not server responses - c-hyper: fix multi-request mechanism - CI: Change FreeBSD image from 12.3 to 12.4 - CI: LGTM.com will be shut down in December 2022 - ci: Remove zuul fuzzing job as it's superseded by CIFuzz - cmake: check for cross-compile, not for toolchain - CMake: fix build with `CURL_USE_GSSAPI` - cmake: really enable warnings with clang - cmake: set the soname on the shared library - cmdline-opts/gen.pl: fix the linkifier - cmdline-opts/page-footer: remove long option nroff formatting - config-mac: define HAVE_SYS_IOCTL_H - config-mac: fix typo: size_T -> size_t - config-mac: remove HAVE_SYS_SELECT_H - config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW - configure: require fork for NTLM-WB - contributors.sh: actually use $CURLWWW instead of just setting it - cookie: compare cookie prefixes case insensitively - cookie: expire cookies at once when max-age is negative - cookie: open cookie jar as a binary file - curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS - curl-rustls.m4: on macOS, rustls also needs the Security framework - curl.h: include on SerenityOS - curl.h: name all public function parameters - curl.h: reword comment to not use deprecated option - curl: override the numeric locale and set "C" by force - curl: timeout in the read callback - curl_endian: remove Curl_write64_le from header - curl_get_line: allow last line without newline char - curl_path: do not add '/' if homedir ends with one - curl_url_get.3: remove spurious backtick - curl_url_set.3: document CURLU_DISALLOW_USER - curl_url_set.3: fix typo - CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE - CURLOPT_COOKIEFILE.3: advice => advise - CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example - CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "raw" - CURLOPT_POST.3: Explain setting to 0 changes request type - docs/curl_ws_send: Fixed typo in websocket docs - docs/EARLY-RELEASE.md: how to determine an early release - docs/examples: spell correction ('Retrieve') - docs/INSTALL.md: expand on static builds - docs/WEBSOCKET.md: explain the URL use - docs: add missing parameters for --retry flag - docs: add more "SEE ALSO" links to CA related pages - docs: explain the noproxy CIDR notation support - docs: extend the dump-header documentation - docs: remove performance note in CURLOPT_SSL_VERIFYPEER - examples/10-at-a-time: fix possible skipped final transfers - examples: update descriptions - ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH - gen.pl: do not generate CURLHELP bitmask lines > 79 characters - GHA: clarify workflows permissions, set least possible privilege - GHA: NSS use clang instead of clang-9 - gnutls: use common gnutls init and verify code for ngtcp2 - headers: add endif comments - HTTP-COOKIES.md: mention that http://localhost is a secure context - HTTP-COOKIES.md: update the 6265bis link to draft-11 - http: do not send PROXY more than once - http: fix the ::1 comparison for IPv6 localhost for cookies - http: set 'this_is_a_follow' in the Location: logic - http: use the IDN decoded name in HSTS checks - hyper: classify headers as CONNECT and 1XX - hyper: fix handling of hyper_task's when reusing the same address - idn: remove Curl_win32_ascii_to_idn - INSTALL: update operating systems and CPU archs - KNOWN_BUGS: remove eight entries - lib1560: add some basic IDN host name tests - lib: connection filters (cfilter) addition to curl: - lib: feature deprecation warnings in gcc >= 4.3 - lib: fix some type mismatches and remove unneeded typecasts - lib: parse numbers with fixed known base 10 - lib: remove bad set.opt_no_body assignments - lib: rewind BEFORE request instead of AFTER previous - lib: sync guard for Curl_getaddrinfo_ex() definition and use - lib: use size_t or int etc instead of longs - libcurl-errors.3: remove duplicate word - libssh2: return error when ssh_hostkeyfunc returns error - limit-rate.d: see also --rate - log2changes.pl: wrap long lines at 80 columns - Makefile.mk: address minor issues - Makefile.mk: improve a GNU Make hack - Makefile.mk: portable Makefile.m32 - maketgz: set the right version in lib/libcurl.plist - mime: relax easy/mime structures binding - misc: Fix incorrect spelling - misc: remove duplicated include files - misc: typo and grammar fixes - negtelnetserver.py: have it call its close() method - netrc.d: provide mutext info - netware: remove leftover traces - noproxy: also match with adjacent comma - noproxy: guard against empty hostnames in noproxy check - noproxy: tailmatch like in 7.85.0 and earlier - nroff-scan.pl: detect double highlights - ntlm: improve comment for encrypt_des - ntlm: silence ubsan warning about copying from null target_info pointer - openssl/mbedtls: use %d for outputing port with failf (int) - openssl: prefix errors with '[lib]/[version]: ' - os400: use platform socklen_t in Curl_getnameinfo_a - page-header: grammar improvement (display transfer rate) - proxy: refactor haproxy protocol handling as connection filter - README.md: remove badges and xmas-tree garnish - rtsp: fix RTSP auth - runtests: --no-debuginfod now disables DEBUGINFOD_URLS - runtests: do CRLF replacements per section only - scripts/checksrc.pl: detect duplicated include files - sendf: change Curl_read_plain to wrap Curl_recv_plain - sendf: remove unnecessary if condition - setup: do not require __MRC__ defined for Mac OS 9 builds - smb/telnet: do not free the protocol struct in *_done() - socks: fix username max size is 255 (0xFF) - spellcheck.words: remove 'github' as an accepted word - ssl-reqd.d: clarify that this is for upgrading connections only - strcase: use curl_str(n)equal for case insensitive matches - styled-output.d: this option does not work on Windows - system.h: fix socklen_t, curl_off_t, long long for Classic Mac OS - system.h: support 64-bit curl_off_t for NonStop 32-bit - test1421: fix typo - test3026: reduce runtime in legacy mingw builds - tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+ - tests: add authorityInfoAccess to generated certs - tests: add HTTP/3 test case, custom location for proper nghttpx - tls: backends use connection filters for IO, enabling HTTPS-proxy - tool: determine the correct fopen option for -D - tool_cfgable: free the ssl_ec_curves on exit - tool_cfgable: make socks5_gssapi_nec a boolean - tool_formparse: avoid clobbering on function params - tool_getparam: make --no-get work as the opposite of --get - tool_operate: provide better errmsg for -G with bad URL - tool_operate: when aborting, make sure there is a non-NULL error buffer - tool_paramhlp: free the proto strings on exit - url: move back the IDN conversion of proxy names - urlapi: reject more bad letters from the host name: &+() - urldata: change port num storage to int and unsigned short - vms: remove SIZEOF_SHORT - vtls: fix build without proxy support - vtls: localization of state data in filters - WEBSOCKET.md: fix broken link - Websocket: fixes for partial frames and buffer updates - websockets: fix handling of partial frames - windows: fail early with a missing windres in autotools - windows: fix linking .rc to shared curl with autotools - winidn: drop WANT_IDN_PROTOTYPES - ws: if no connection is around, return error - ws: return CURLE_NOT_BUILT_IN when websockets not built in - x509asn1: avoid freeing unallocated pointers ++++ kernel-default: - Add Tegra repository to git_sort. - commit 69abba1 - tcp: Add TIME_WAIT sockets in bhash2 (bsc#1206466). - commit d8defbe - series.conf: cleanup - update upstream reference and resort: - patches.suse/NFSD-fix-use-after-free-in-__nfs42_ssc_open.patch - commit bf66071 ++++ util-linux: - restore lsblk and lslogins as well ++++ open-iscsi: - Update iscsid.service so it starts iscsid.socket, if needed (bsc#1206132). ++++ util-linux-systemd: - restore lsblk and lslogins as well ------------------------------------------------------------------ ------------------ 2022-12-20 - Dec 20 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.40.8: + Fixed a bug that caused devices (MACsec in particular) to be stuck in UNAVAILABLE state and not transition to DISCONNECTED if the carrier was ready too early. + Improved interoperability of MACsec with some Aruba switches by allowing CKN shorter than 64 characters. + Fixed an assertion failure when restarting NetworkManager with MACsec links configured. + Fixed a possible DHCP helper crash when handling failure to connect to D-Bus. + Corrected calculation of expiration time for items configured from IPv6 neighbor discovery messages. + Various fixes for platforms that don't allow unaligned memory access. - Drop iptables BuildRequires and -Diptables meson parameter: iptables is legacy (obsoleted in favor of nft). Additionally. meson has proper fallback detection to assume the correct path, should it need to use iptables. - Recommend nftables instead of iptables. ++++ permissions: - Update to version 20221220: * profiles: remove outdated kdesud, apptainer entries ++++ docker-compose: - Update to version 2.14.2: * build(deps): bump github.com/containerd/containerd from 1.6.12 to 1.6.14 * fix race condition on compose logs * update projectOptions to be public by renaming it to ProjectOptions * detect dependency failed to start * set CPU quota * Use `DOCKER_DEFAULT_PLATFORM` to determine platform when creating container * fix regression running pull --ignore-pull-failures * only list running containers when --all=false * volume: fix WCOW volume mounts ++++ glib2-branding-openSUSE: - Prefer file-roller over nautilus for archives. ++++ kernel-default: - io_uring/net: ensure compat import handlers clear free_iov (bsc#1206509). - commit 747fc96 ------------------------------------------------------------------ ------------------ 2022-12-19 - Dec 19 2022 ------------------- ------------------------------------------------------------------ ++++ grub2: - Setup multiple device paths for a nvmf boot device (bsc#1205666) * 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch ++++ kernel-default: - NFSD: fix use-after-free in __nfs42_ssc_open() (bsc#1206209 CVE-2022-4379). - commit 338ca73 ++++ avahi: - Drop %{_sysconfdir}/sysconfig/network/if-{up,down}.d scripts: they are not used, or supported, in a while already. ++++ util-linux: - reinstanciate logger ++++ open-iscsi: - Updated SPEC file dependencies for libopeniscsiusr to avoid conflicting package installation. ++++ systemd: - Fix systemd-coredump to not allow user to access coredumps with changed uid/gid/capabilities (bsc#1205000 CVE-2022-4415) Add 5000-coredump-adjust-whitespace.patch Add 5001-coredump-do-not-allow-user-to-access-coredumps-with-.patch ++++ openssh: - Adapt OpenSSH to build with OpenSSL 3, use new KDF API (bsc#1205042) Add openssh-openssl-3.patch ++++ policycoreutils: - Use %_pam_vendordir ++++ util-linux-systemd: - reinstanciate logger ++++ vim: - Updated to version 9.0.1075, fixes the following problems * refreshed vim-7.4-highlight_fstab.patch * Test for mapping with CmdlineChanged fails. * Cannot define a method in a class. * ASAN gives false alarm about array access. * Macro has confusing name and is duplicated. * Setting window height using Python may cause errors. * In a class object members cannot be initialized. * Class method disassemble test fails on MS-Windows. * Matchparen is slow. * With "screenline" in 'culopt' cursorline highlight is wrong. * Crash when opening a very small terminal window. * Using freed memory when assigning to variable twice. * After a failed CTRL-W ] next command splits window. * Using freed memory on exit when EXITFREE is defined. * Default constructor arguments are not optional. * Object member can't get type from initializer. * Coverity warns for using uninitialized memory. * Leaking memory when disassembling an object method. * Conflict between supercollider and scala filetype detection. * String value of class and object do not have useful information. * Build failure with some compilers that can't handle a declaration directly after a "case" statement. * Cannot display 'showcmd' somewhere else. * Some test function names do not match what they are doing. * When using Kitty a shell command may mess up the key protocol state. * Code for making 'shortmess' temporarily empty is repeated. * A shell command switching screens may still have a problem with the kitty keyboard protocol. * Test function name is wrong. * In diff mode virtual text is highlighted incorrectly. (Rick Howe) * No information about whether requesting term codes has an effect. * Diff mode highlight fails for special characters. * Reading beyond array size. * Codecov action version is too specific. * screenpos() column result in fold may be too small. * Using "xterm-kitty" for 'term' causes problems. * Class members are not supported yet. * build fails if the compiler doesn't allow for a declaration right after "case". ------------------------------------------------------------------ ------------------ 2022-12-18 - Dec 18 2022 ------------------- ------------------------------------------------------------------ ++++ ansible: - disable automatic generation of RPM dependencies from files in collections The files are not meant to be executed on the Ansible controller (i.e. the machine where this package is being installed), but rather on the targets that get modified. So e.g. python2 is not needed as a dependency on the ansible controller - do no longer change shebangs in files from collections ++++ lua54: - Added more numbered patches from upstream: * luabugs8.patch * luabugs9.patch ------------------------------------------------------------------ ------------------ 2022-12-17 - Dec 17 2022 ------------------- ------------------------------------------------------------------ ++++ harfbuzz: - Update to version 6.0.0: + Add API to pre-process the face and speed up future subsetting operations on that face. Provides up to a 95% reduction in subsetting times when the same face is subset more than once. + Shaping have been speedup by skipping entire lookups when the buffer contents don't intersect with the lookup. Shows up to a 10% speedup in shaping some fonts + The HarfBuzz subsetter can now drop axes by pinning them to specific values (also referred to as instancing) - Drop harfbuzz-5.3.1-Fix_check-symbols_failure.patch: Fixed upstream. ++++ xz: - update to 5.2.10: * xz: Don't modify argv[] when parsing the --memlimit* and - -block-list command line options. This fixes confusing arguments in process listing (like "ps auxf"). * GNU/Linux only: Use __has_attribute(__symver__) to detect if that attribute is supported. This fixes build on Mandriva where Clang is patched to define __GNUC__ to 11 by default (instead of 4 as used by Clang upstream). * liblzma: - Fixed an infinite loop in LZMA encoder initialization if dict_size >= 2 GiB. - Fixed two cases of invalid free() that can happen if a tiny allocation fails in encoder re-initialization or in lzma_filters_update(). These bugs had some similarities with the bug fixed in 5.2.7. - Fixed lzma_block_encoder() not allowing the use of LZMA_SYNC_FLUSH with lzma_code() even though it was documented to be supported. The sync-flush code in the Block encoder was already used internally via lzma_stream_encoder(), so this was just a missing flag in the lzma_block_encoder() API function. - GNU/Linux only: Don't put symbol versions into static liblzma as it breaks things in some cases (and even if it didn't break anything, symbol versions in static libraries are useless anyway). The downside of the fix is that if the configure options --with-pic or --without-pic are used then it's not possible to build both shared and static liblzma at the same time on GNU/Linux anymore; with those options --disable-static or --disable-shared must be used too. - drop unused xz-devel-static which is no longer supported when using - -with-pic (which is needed for shared libs) ------------------------------------------------------------------ ------------------ 2022-12-16 - Dec 16 2022 ------------------- ------------------------------------------------------------------ ++++ docker-compose: - Update to version 2.14.1: * apply uid/gid when creating secret from environment * load project from explicit --files when set * use recently introduced `withSelectedServicesOnly` to reduce code duplication * introduce --timestamp option on compose up * Address review comments * Add --include-deps to push command * align `--format` flag and UX with docker cli * align `compose ps` output with `docker ps` * use StatusError from docker/cli, not "dockerd" * resolve --env-file as absolute path * fix parsing of repository:tag * distinguish stdout and stderr in `up` logs * ContainerStart must run sequentially for engine to assing distinct ports within configured range * Fix corner case when there's no container to attach to * Don't stop pull for images that can be built * Squashed commit of the following: * build(deps): bump github.com/containerd/containerd from 1.6.10 to 1.6.12 * remove go.* from e2e tests directory * added table of contents inside readme * fix race condition collecting pulled images IDs * detect required service are gone to stop watching explicit API to stop the log printer * update to go1.19.4 * Cleanup tips from output * check only running containers in after down tests of profiles e2e tests * Update `e2e` mod deps * build(deps): bump go.opentelemetry.io/otel from 1.11.1 to 1.11.2 * introduce --parallel to limit concurrent engine calls * port: improve error-handling if port not found (#10039) ++++ grub2: - Increase the path buffer in the crypttab command for the long volume name (bsc#1206333) * grub2-increase-crypttab-path-buffer.patch ++++ kernel-default: - series.conf: cleanup - update upstream references and move into sorted section: - patches.suse/char-xillybus-Fix-trivial-bug-with-mutex.patch - patches.suse/char-xillybus-Prevent-use-after-free-due-to-race-con.patch - patches.suse/media-dvb-core-Fix-UAF-due-to-refcount-races-at-rele.patch - patches.suse/misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch - commit 7f1864f - mm, mremap: fix mremap() expanding vma with addr inside vma (bsc#1206359). - Delete patches.suse/Revert-mm-add-merging-after-mremap-resize.patch. - commit 3440c9c - mm, mremap: fix mremap() expanding vma with addr inside vma (bsc#1206359). - commit b61d296 ++++ shadow: - bsc#1205502: Fix useradd audit event logging of ID field * Add shadow-audit-no-id.patch ++++ pam: - Merge pam_unix back into pam, seperate package not needed anymore ++++ policycoreutils: - Error in spec file: No "config" tag in "/usr/ should be used. ------------------------------------------------------------------ ------------------ 2022-12-15 - Dec 15 2022 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 057+suse.353.g6dab83eb: * revert(fips): check for fipscheck in libexec (bsc#1206431) ++++ glibc: - floatn.patch: Update _FloatN header support for C++ in GCC 13 ++++ kernel-default: - Revert "mm: add merging after mremap resize" (bsc#1206335). - commit 52313a4 ++++ procps: - Extend patch procps-3.3.17-library-bsc1181475.patch (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ++++ protobuf: - update to v21.12: * Python * Fix broken enum ranges (#11171) * Stop requiring extension fields to have a sythetic oneof (#11091) * Python runtime 4.21.10 not works generated code can not load valid proto. ++++ openssh: - limit to openssl < 3.0 as this version is not compatible (bsc#1205042) next version update will fix it ++++ osinfo-db: - Update to database version 20221130 osinfo-db-20221130.tar.xz - Add support for SLE Micro 5.4 add-slem5.4-support.patch - Fix value add-slem5.3-support.patch ++++ pam: - Update pam-git.diff to current upstream - pam_env: Use vendor specific pam_env.conf and environment as fallback - pam_shells: Use the vendor directory obsoletes pam_env_econf.patch - Refresh docbook5.patch ++++ python-resolvelib: - add comment on why we need to stay with < 0.9.0 (bsc#1206225) ++++ selinux-policy: - Added fix_ipsec.patch: Allow AF_ALG socket creation for strongswan (bnc#1206445) ------------------------------------------------------------------ ------------------ 2022-12-14 - Dec 14 2022 ------------------- ------------------------------------------------------------------ ++++ bash: - Add upstream patches * bash52-013 Bash can leak memory when referencing a non-existent associative array element. * bash52-014 Bash defers processing additional terminating signals when running the EXIT trap while exiting due to a terminating signal. This patch allows the new terminating signal to kill the shell immediately. * bash52-015 There are several cases where bash is too aggressive when optimizing out forks in subshells. For example, `eval' and traps should never be optimized. ++++ fde-tools: - Fix several bugs in firstboot * The approach for reading the initial FDE pass phrase from /etc/default/grub is not supported in kiwi yet, so work around that * The kiwi KVM images have a strange EFI boot path that does not contain a File component. Try to work around that. * shim-install behaves differently between kiwi image build time and the installed system. Work around. ++++ util-linux: - Fix /usr/bin/findmnt to be in only one package (bsc#1206347) ++++ openssl-1_1: - POWER10 performance enhancements for cryptography [jsc#PED-512] * openssl-1_1-AES-GCM-performance-optimzation-with-stitched-method.patch * openssl-1_1-Fixed-counter-overflow.patch * openssl-1_1-chacha20-performance-optimizations-for-ppc64le-with-.patch * openssl-1_1-Fixed-conditional-statement-testing-64-and-256-bytes.patch * openssl-1_1-Fix-AES-GCM-on-Power-8-CPUs.patch ++++ openssl-3: - Fix X.509 Policy Constraints Double Locking [bsc#1206374, CVE-2022-3996] * Add patch: openssl-3-Fix-double-locking-problem.patch ++++ selinux-policy: - Added policy for wicked scripts under /etc/sysconfig/network/scripts (bnc#1205770) - Add fix_sendmail.patch * fix context of custom sendmail startup helper * fix context of /var/run/sendmail and add necessary rules to manage content in there ++++ util-linux-systemd: - Fix /usr/bin/findmnt to be in only one package (bsc#1206347) ------------------------------------------------------------------ ------------------ 2022-12-13 - Dec 13 2022 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 057+suse.351.ge78c8ff6: * feat(kernel-modules): exclude USB drivers in strict hostonly mode (bsc#1186056) * feat(multipath): warn if included with no multipath devices and no user conf (bsc#1069169) * fix(fips): check for fipscheck in libexec * fix(fips): install required sed binary ++++ fde-tools: - Fix source URL - Fix the fde-tpm-enroll.service file ++++ krb5: - Drop 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch, already fixed in release 1.20.0 ++++ sqlite3: - bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch: relying on --safe for execution of an untrusted CLI script ++++ psmisc: - Update to 23.6: * buildsys: Fix DEJAGNU work-around Debian #1015089 * killall: Use kill if pidfd_send_signal fails Debian #1015228 * fuser: Do not mention nonexistent - reset option #42 * fuser: Use modern statn where possible * pstree: Better AppArmor support !30 * killall: Check truncated names !28 * killall: Use openat and pidfd_send_signal #37 * killall: Don't check paths of sockets #35 * pstree: Check for process with show_parents #38 * pstree: Don't disable compaction with show pgids #34 * pstree: Fix storage leak !29 - Enable new apparmor support - Remove patch now upstream 0002-Use-new-statx-2-system-call-to-avoid-hangs-on-NFS.patch - Port patch psmisc-22.21-pstree.patch - Port patch psmisc-v23.4.dif which now becomes psmisc-v23.6.dif - Merge patch socket-fix.patch with ported patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch ++++ selinux-policy: - Updated fix_networkmanager.patch to fixe labeling of nm-dispatcher and nm-priv-helper until the packaging is adjusted (bsc#1206355) - Update fix_chronyd.patch to allow sendto towards NetworkManager_dispatcher_custom_t. Added new interface networkmanager_dispatcher_custom_dgram_send for this (bsc#1206357) - Update fix_dbus.patch to allow dbus to watch lib directories (bsc#1205895) ------------------------------------------------------------------ ------------------ 2022-12-12 - Dec 12 2022 ------------------- ------------------------------------------------------------------ ++++ cups: - Use %_pam_vendordir ++++ fde-tools: - Updated to version 0.6.1 - Fix tpm-enable subcommand - Add new add-secondary-key subcommand - Add a systemd unit file that triggers on the presence of the key file written by d-installer ++++ gnutls: - switch to pkgconfig(zlib) so that alternative providers can be used ++++ kernel-default: - series.conf: remove stale comment - commit ab17686 - Refresh patches.suse/Bluetooth-L2CAP-Fix-u8-overflow.patch. - Refresh patches.suse/can-slcan-fix-freed-work-crash.patch. Update upstream status. - commit a6c4f4e ++++ lcms2: - switch to pkgconfig(zlib) for alternative providers support ++++ pcre2: - pcre2 10.42: * Fix 10.41 regression that added the default definition of PCRE2_CALL_CONVENTION to pcre2posix.c instead of pcre2posix.h, which meant that programs including pcre2posix.h but not pcre2.h couldn't compile * Fix an intermittent JIT fault and minor issues - switch to pkgconfig(zlib) so that alternative providers can be used ++++ rpm: - switch to pkgconfig(zlib) so that alternative providers can be used ------------------------------------------------------------------ ------------------ 2022-12-11 - Dec 11 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update to 6.1 final - refresh configs (headers only) - commit d1335c0 ++++ expat: - add upstream signing key and validate source signature ++++ zlib: - build zlib with optflags again ++++ mdevctl: - Update to version 1.2.0: * Port CLI to clap v3 * start: provide useful hint for parent with wrong case * tests: Add ability to test error messages * tests: extract function for checking pass/fail expectations * MDev::create() does not need to be public * Fix new clippy warning ------------------------------------------------------------------ ------------------ 2022-12-10 - Dec 10 2022 ------------------- ------------------------------------------------------------------ ++++ cups: - Remove invalid %config directive on %_distconfdir/pam.d/cups ++++ openldap2: - add reproducible.patch to avoid using compile-time specific date/time constructs ------------------------------------------------------------------ ------------------ 2022-12-9 - Dec 9 2022 ------------------- ------------------------------------------------------------------ ++++ cups: - Migration PAM settings to /usr/etc: Fixed posttrans. Should only be used for TW. ++++ kernel-default: - Delete patches.suse/Input-synaptics-retry-query-upon-error.patch. The patch is not needed (bsc#1194086 comment 50). - commit d03b675 - Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch. Not needed anymore. kernel-firmware contains -72s since 06dbfbc74388 released in 20221109 already. - commit e1d0837 - Delete patches.suse/drm-sched-Fix-kernel-NULL-pointer-dereference-error.patch. This can be dropped thanks to commit bafaf67c42f4 (Revert "drm/sched: Use parent fence instead of finished") in v6.1-rc1. - commit 15d1c2b - Refresh patches.suse/media-dvb-core-Fix-UAF-due-to-refcount-races-at-rele.patch. Update upstream status. - commit d504053 - Delete patches.suse/dm-mpath-no-partitions-feature. (bsc#1189976) - commit e544c6d - Refresh patches.suse/misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch. Update to final version and update upstream status. - commit dd048d9 - Delete patches.suse/suse-hv-guest-os-id.patch. (bsc#1189965) - commit de46b50 - Delete patches.suse/dm-mpath-leastpending-path-update. (bsc#1189962) - commit fb9bee7 - Delete patches.suse/dm-table-switch-to-readonly. (bsc#1189963) - commit 3a71c4d - Delete patches.suse/kbd-ignore-gfx.patch. (bsc#1189975) - commit 900ecbb ++++ util-linux: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - Add util-linux-fix-tests-when-at-symbol-in-path.patch ++++ systemd: - Import commit bf3fef99886bd977a1c7a51d20087bc8977fff44 6372fb0cc4 btrfs-util: convert O_PATH if necessary, in btrfs quota call (bsc#1205560) 12e68eb0e5 blockdev-util: move O_PATH fd conversion into btrfs_get_block_device_fd() to shorten things bb2bafdc9d btrfs-util: convert to fd_reopen_condition() 1323232948 fd-util: add new helper fd_reopen_conditional() - Drop 6000-Revert-tmpfiles-whenever-creating-an-inode-immediate.patch It's no more needed as a fix for bsc#1205560 has been queued, see above. - Import commit 82898a14f5b0a965ba9c1efc1913fcdf29d446a8 (merge of v252.3) It includes the following fixes: 9410eb20eb cryptsetup: retry TPM2 unseal operation if it fails with TPM2_RC_PCR_CHANGED (bsc#1204944) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e7e931b07edd786dc6ca1dae6c23ff7b785f8efd...82898a14f5b0a965ba9c1efc1913fcdf29d446a8 Additionally, it also includes the following backports: - 17b2f9f196 utmp-wtmp: fix error in case isatty() fails - 8d5c487c87 sd-bus: handle -EINTR return from bus_poll() (bsc#1201982) - 2dd217c8b5 tree-wide: modernizations with RET_NERRNO() ++++ policycoreutils: - Migration PAM settings to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. ++++ rust-keylime: - Update to version 0.1.0+git.1670590616.e80c67a: * main: only read uuid from KeylimeConfig * Enabling more e2e tests in Packit CI * systemd: start agent after network is online * Cargo: Drop unused dependencies rust-ini and toml ++++ util-linux-systemd: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - Add util-linux-fix-tests-when-at-symbol-in-path.patch ++++ vim: - Updated to version 9.0.1040, fixes the following problems * Build errors without the +channel feature. (John Marriott) * ch_log() text can be hard to find in the log file. * The keyboard state response may end up in a shell command. * Build error in tiny version. * 'cursorline' not drawn before virtual text below. * Stray characters displayed when starting the GUI. * GUI: remote_foreground() does not always work. (Ron Aaron) * When using kitty keyboard protocol function keys may not work. (Kovid Goyal) * Build failure with tiny version. * File missing from list of distributed files. * Using feedkeys() does not show up in a channel log. * Popupwin test is more flaky on MacOS. * Callback name argument is changed by setqflist(). * Crash when reading help index with various options set. (Marius Gedminas) * Vim9 script: get E1096 when comment follows return. * Display errors when adding or removing text property type. * Tests for empty prop type name fail. * Padding before virtual text below is highlighted when 'number' and 'nowrap' are set. * If 'keyprotocol' is empty "xterm" still uses modifyOtherKeys. * Coverity warns for dead code. * "gk" may reset skipcol when not needed. * Memory may leak. * With 'smoothscroll' skipcol may be reset unnecessarily. * Classes are not documented or implemented yet. * Command list test fails. * Tiny build fails. * Suspend test sometimes fails on MacOS. * A failed test may leave a swap file behind. * Suspend test still sometimes fails on MacOS. * There is no way to get a list of swap file names. * Test for swapfilelist() fails on MS-Windows. * Test for catch after interrupt is flaky on MS-Windows. * Stray warnings for existing swap files. * ml_get error when using screenpos(). * Tests may get stuck in buffer with swap file. * Suspend test often fails on Mac OS. * Zir files are not recognized. * Without /dev/urandom srand() seed is too predictable. * screenpos() does not count filler lines for diff mode. * 'smoothscroll' and virtual text above don't work together. (Yee Cheng Chin) * Tests call GetSwapFileList() before it is defined. * Test trips over g:name. * Suspend test fails on Mac OS when suspending Vim. * WinScrolled is not triggered when filler lines change. * type of w_last_topfill is wrong. * LGTM is soon shutting down. * Mouse shape test is flaky, especially on Mac OS. * Autoload directory missing from distribution. * Using freed memory with the cmdline popup menu. * Vim9 class is not implemented yet. * Test fails when terminal feature is missing. * Tiny build fails because of conflicting typedef. * Reporting swap file when windows are split. * Object members are not being marked as used, garbage collection may free them. * Undo misbehaves when writing from an insert mode mapping. * lalloc(0) error for a class without members. * Function name does not match what it is used for. * Using a mapping CmdlineChanged may be triggered twice. * Test for mapping with CmdlineChanged fails. ------------------------------------------------------------------ ------------------ 2022-12-8 - Dec 8 2022 ------------------- ------------------------------------------------------------------ ++++ ansible: - update to 7.1.0: Ansible 7.1.0 will include ansible-core 2.14.1 as well as a curated set of Ansible collections to provide a vast number of modules and plugins. ++++ containerd: - Update to containerd v1.6.12 to fix CVE-2022-23471. Upstream release notes: ++++ cups: - Migration PAM settings to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. ++++ kernel-default: - Revert "config: update CONFIG_LSM defaults" This reverts commit a05e86cb8200d8cf785b866375a4c9d06c09ab47. Commit 0a20128a486 (Revert "config: Enable BPF LSM" (bsc#1197746)) indicates this needs more specific testing before merging. - commit 7453fbc - config: update CONFIG_LSM defaults (bsc#1205603). CONFIG_LSM determines what the default order of LSM usage is. The default order is set based on whether AppArmor or SELinux is preferred in the config (we still prefer AppArmor). The default set has changed over time and we haven't updated it, leading to things like bpf LSMs not working out of the box. This change just updates CONFIG_LSM to what the default would be now. - config: update CONFIG_LSM defaults CONFIG_LSM determines what the default order of LSM usage is. The default order is set based on whether AppArmor or SELinux is preferred in the config (we still prefer AppArmor). The default set has changed over time and we haven't updated it, leading to things like bpf LSMs not working out of the box. This change just updates CONFIG_LSM to what the default would be now. - commit b64d18c - Linux 6.0.12 (bsc#1012628). - btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (bsc#1012628). - drm/amdgpu: move setting the job resources (bsc#1012628). - drm/amdgpu: cleanup error handling in amdgpu_cs_parser_bos (bsc#1012628). - drm/amdgpu: fix userptr HMM range handling v2 (bsc#1012628). - drm/amd/pm: add smu_v13_0_10 driver if version (bsc#1012628). - drm/amd/pm: update driver-if header for smu_v13_0_10 (bsc#1012628). - drm/amd/pm: update driver if header for smu_13_0_7 (bsc#1012628). - clk: samsung: exynos7885: Correct "div4" clock parents (bsc#1012628). - clk: qcom: gdsc: add missing error handling (bsc#1012628). - clk: qcom: gdsc: Remove direct runtime PM calls (bsc#1012628). - iio: health: afe4403: Fix oob read in afe4403_read_raw (bsc#1012628). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (bsc#1012628). - iio: light: rpr0521: add missing Kconfig dependencies (bsc#1012628). - libbpf: Use correct return pointer in attach_raw_tp (bsc#1012628). - bpf, perf: Use subprog name when reporting subprog ksymbol (bsc#1012628). - scripts/faddr2line: Fix regression in name resolution on ppc64le (bsc#1012628). - ARM: at91: rm9200: fix usb device clock id (bsc#1012628). - libbpf: Handle size overflow for ringbuf mmap (bsc#1012628). - hwmon: (ltc2947) fix temperature scaling (bsc#1012628). - hwmon: (ina3221) Fix shunt sum critical calculation (bsc#1012628). - hwmon: (i5500_temp) fix missing pci_disable_device() (bsc#1012628). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (bsc#1012628). - clocksource/drivers/arm_arch_timer: Fix XGene-1 TVAL register math error (bsc#1012628). - bpf: Do not copy spin lock field from user in bpf_selem_alloc (bsc#1012628). - nvmem: rmem: Fix return value check in rmem_read() (bsc#1012628). - of: property: decrement node refcount in of_fwnode_get_reference_args() (bsc#1012628). - clk: qcom: gcc-sc8280xp: add cxo as parent for three ufs ref clks (bsc#1012628). - ixgbevf: Fix resource leak in ixgbevf_init_module() (bsc#1012628). - i40e: Fix error handling in i40e_init_module() (bsc#1012628). - fm10k: Fix error handling in fm10k_init_module() (bsc#1012628). - iavf: Fix error handling in iavf_init_module() (bsc#1012628). - e100: Fix possible use after free in e100_xmit_prepare (bsc#1012628). - net/mlx5: DR, Fix uninitialized var warning (bsc#1012628). - net/mlx5: E-switch, Destroy legacy fdb table when needed (bsc#1012628). - net/mlx5: E-switch, Fix duplicate lag creation (bsc#1012628). - net/mlx5: Fix uninitialized variable bug in outlen_write() (bsc#1012628). - net/mlx5e: Fix use-after-free when reverting termination table (bsc#1012628). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (bsc#1012628). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (bsc#1012628). - can: etas_es58x: es58x_init_netdev(): free netdev when register_candev() (bsc#1012628). - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (bsc#1012628). - can: m_can: Add check for devm_clk_get (bsc#1012628). - vfs: fix copy_file_range() averts filesystem freeze protection (bsc#1012628). - qlcnic: fix sleep-in-atomic-context bugs caused by msleep (bsc#1012628). - aquantia: Do not purge addresses when setting the number of rings (bsc#1012628). - wifi: cfg80211: fix buffer overflow in elem comparison (bsc#1012628). - wifi: cfg80211: don't allow multi-BSSID in S1G (bsc#1012628). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (bsc#1012628). - net: phy: fix null-ptr-deref while probe() failed (bsc#1012628). - net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe() (bsc#1012628). - net: net_netdev: Fix error handling in ntb_netdev_init_module() (bsc#1012628). - net/9p: Fix a potential socket leak in p9_socket_open (bsc#1012628). - net: ethernet: nixge: fix NULL dereference (bsc#1012628). - net: wwan: iosm: fix kernel test robot reported error (bsc#1012628). - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type (bsc#1012628). - net: wwan: iosm: fix crash in peek throughput test (bsc#1012628). - net: wwan: iosm: fix incorrect skb length (bsc#1012628). - dsa: lan9303: Correct stat name (bsc#1012628). - mptcp: don't orphan ssk in mptcp_close() (bsc#1012628). - mptcp: fix sleep in atomic at close time (bsc#1012628). - tipc: re-fetch skb cb after tipc_msg_validate (bsc#1012628). - net: hsr: Fix potential use-after-free (bsc#1012628). - net: mdiobus: fix unbalanced node reference count (bsc#1012628). - afs: Fix fileserver probe RTT handling (bsc#1012628). - net: tun: Fix use-after-free in tun_detach() (bsc#1012628). - net/mlx5: Lag, Fix for loop when checking lag (bsc#1012628). - packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE (bsc#1012628). - sctp: fix memory leak in sctp_stream_outq_migrate() (bsc#1012628). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (bsc#1012628). - afs: Fix server->active leak in afs_put_server (bsc#1012628). - hwmon: (coretemp) Check for null before removing sysfs attrs (bsc#1012628). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (bsc#1012628). - hwmon: (asus-ec-sensors) Add checks for devm_kcalloc (bsc#1012628). - riscv: vdso: fix section overlapping under some conditions (bsc#1012628). - riscv: mm: Proper page permissions after initmem free (bsc#1012628). - ALSA: dice: fix regression for Lexicon I-ONIX FW810S (bsc#1012628). - can: can327: can327_feed_frame_to_netdev(): fix potential skb leak when netdev is down (bsc#1012628). - error-injection: Add prompt for function error injection (bsc#1012628). - tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep" (bsc#1012628). - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (bsc#1012628). - pinctrl: intel: Save and restore pins in "direct IRQ" mode (bsc#1012628). - v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails (bsc#1012628). - mm: migrate: fix THP's mapcount on isolation (bsc#1012628). - net: stmmac: Set MAC's flow control register to reflect current settings (bsc#1012628). - mmc: mmc_test: Fix removal of debugfs file (bsc#1012628). - mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse() (bsc#1012628). - mmc: core: Fix ambiguous TRIM and DISCARD arg (bsc#1012628). - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (bsc#1012628). - mmc: sdhci-sprd: Fix no reset data and command after voltage switch (bsc#1012628). - mmc: sdhci: Fix voltage switch delay (bsc#1012628). - Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled (bsc#1012628). - drm/amdgpu: temporarily disable broken Clang builds due to blown stack-frame (bsc#1012628). - drm/amdgpu: enable Vangogh VCN indirect sram mode (bsc#1012628). - drm/i915: Fix negative value passed as remaining time (bsc#1012628). - drm/i915: Never return 0 if not all requests retired (bsc#1012628). - tracing/osnoise: Fix duration type (bsc#1012628). - tracing: Fix race where histograms can be called before the event (bsc#1012628). - tracing: Free buffers when a used dynamic event is removed (bsc#1012628). - ASoC: ops: Fix bounds check for _sx controls (bsc#1012628). - ASoC: tlv320adc3xxx: Fix build error for implicit function declaration (bsc#1012628). - pinctrl: single: Fix potential division by zero (bsc#1012628). - riscv: Sync efi page table's kernel mappings before switching (bsc#1012628). - riscv: fix race when vmap stack overflow (bsc#1012628). - riscv: kexec: Fixup irq controller broken in kexec crash path (bsc#1012628). - nvme: fix SRCU protection of nvme_ns_head list (bsc#1012628). - iommu/vt-d: Fix PCI device refcount leak in has_external_pci() (bsc#1012628). - iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (bsc#1012628). - ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference (bsc#1012628). - ipv4: Fix route deletion when nexthop info is not specified (bsc#1012628). - mm/damon: introduce struct damos_access_pattern (bsc#1012628). - mm/damon/sysfs: fix wrong empty schemes assumption under online tuning in damon_sysfs_set_schemes() (bsc#1012628). - i2c: Restore initial power state if probe fails (bsc#1012628). - i2c: npcm7xx: Fix error handling in npcm_i2c_init() (bsc#1012628). - i2c: qcom-geni: fix error return code in geni_i2c_gpi_xfer (bsc#1012628). - i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set (bsc#1012628). - ACPI: HMAT: remove unnecessary variable initialization (bsc#1012628). - ACPI: HMAT: Fix initiator registration for single-initiator systems (bsc#1012628). - Revert "clocksource/drivers/riscv: Events are stopped during CPU suspend" (bsc#1012628). - char: tpm: Protect tpm_pm_suspend with locks (bsc#1012628). - Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (bsc#1012628). - powerpc/bpf/32: Fix Oops on tail call tests (bsc#1012628). - ipc/sem: Fix dangling sem_array access in semtimedop race (bsc#1012628). - proc: avoid integer type confusion in get_proc_long (bsc#1012628). - proc: proc_skip_spaces() shouldn't think it is working on C strings (bsc#1012628). - commit 523a283 ++++ libXau: - update to 1.0.11: configure: Use AC_SYS_LARGEFILE to enable large file support - modernize spec file, install license into licensedir ++++ avahi: - Remove avahi-daemon-check-dns.sh, avahi-daemon-check-dns-suse.patch and avahi-daemon.if-up Doesn't work since about 9 years and will not be executed on a fresh default installation anymore ++++ util-linux: - Convert the build back to per-parts build, just use multibuild. ++++ protobuf: - update to 21.11: * Python * Add license file to pypi wheels (#10936) * Fix round-trip bug (#10158) ++++ python310-core: - Update to 3.10.9: - python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server lo This is done by changing the http.server BaseHTTPRequestHandler .log_message method to replace control characters with a \xHH hex escape before printin - Avoid publishing list of active per-interpreter audit hooks via the gc module - The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name. - Update bundled libexpat to 2.5.0 - Port XKCP’s fix for the buffer overflows in SHA-3 (CVE-2022-37454). - On Linux the multiprocessing module returns to using filesystem backed unix domain sockets for communication with the forkserver process instead of the Linux abstract socket namespace. Only code that chooses to use the “forkserver” start method is affected Abstract sockets have no permissions and could allow any user on the system in the same network namespace (often the whole system) to inject code into the multiprocessing forkserver process. This was a potential privilege escalation. Filesystem based socket permissions restrict this to the forkserver process user as was the default in Python 3.8 and earlier This prevents Linux CVE-2022-42919 - Fix a reference bug in _imp.create_builtin() after the creation of the first sub-interpreter for modules builtins and sys. Patch by Victor Stinner. - Fixed a bug that was causing a buffer overflow if the tokenizer copies a line missing the newline caracter from a file that is as long as the available tokenizer buffer. Patch by Pablo galindo - Update faulthandler to emit an error message with the proper unexpected signal number. Patch by Dong-hee Na. - Fix subscription of types.GenericAlias instances containing bare generic types: for example tuple[A, T][int], where A is a generic type, and T is a type variable. - Fix detection of MAC addresses for uuid on certain OSs. Patch by Chaim Sanders - Print exception class name instead of its string representation when raising errors from ctypes calls. - Allow pdb to locate source for frozen modules in the standard library. - Raise ValueError instead of SystemError when methods of uninitialized io.IncrementalNewlineDecoder objects are called. Patch by Oren Milman. - Fix a possible assertion failure in io.FileIO when the opener returns an invalid file descriptor. - Also escape s in the http.server BaseHTTPRequestHandler.log_message so that it is technically possible to parse the line and reconstruct what the original data was. Without this a xHH is ambiguious as to if it is a hex replacement we put in or the characters r”x” came through in the original request line. - asyncio.get_event_loop() now only emits a deprecation warning when a new event loop was created implicitly. It no longer emits a deprecation warning if the current event loop was set. - Fix bug when calling trace.CoverageResults with valid infile. - Fix a bug in handling class cleanups in unittest.TestCase. Now addClassCleanup() uses separate lists for different TestCase subclasses, and doClassCleanups() only cleans up the particular class. - Release the GIL when calling termios APIs to avoid blocking threads. - Fix ast.increment_lineno() to also cover ast.TypeIgnore when changing line numbers. - Fixed bug where inspect.signature() reported incorrect arguments for decorated methods. - Fix SystemError in ctypes when exception was not set during __initsubclass__. - Fix statistics.NormalDist pickle with 0 and 1 protocols. - Update the bundled copy of pip to version 22.3.1. - Apply bugfixes from importlib_metadata 4.11.4, namely: In PathDistribution._name_from_stem, avoid including parts of the extension in the result. In PathDistribution._normalized_name, ensure names loaded from the stem of the filename are also normalized, ensuring duplicate entry points by packages varying only by non-normalized name are hidden. - Clean up refleak on failed module initialisation in _zoneinfo - Clean up refleaks on failed module initialisation in in _pickle - Clean up refleak on failed module initialisation in _io. - Fix memory leak in math.dist() when both points don’t have the same dimension. Patch by Kumar Aditya. - Fix argument typechecks in _overlapped.WSAConnect() and _overlapped.Overlapped.WSASendTo() functions. - Fix internal error in the re module which in very rare circumstances prevented compilation of a regular expression containing a conditional expression without the “else” branch. - Fix asyncio.StreamWriter.drain() to call protocol.connection_lost callback only once on Windows. - Add a mutex to unittest.mock.NonCallableMock to protect concurrent access to mock attributes. - Fix hang on Windows in subprocess.wait_closed() in asyncio with ProactorEventLoop. Patch by Kumar Aditya. - Fix infinite loop in unittest when a self-referencing chained exception is raised - tkinter.Text.count() raises now an exception for options starting with “-” instead of silently ignoring them. - On uname_result, restored expectation that _fields and _asdict would include all six properties including processor. - Update the bundled copies of pip and setuptools to versions 22.3 and 65.5.0 respectively. - Fix bug in urllib.parse.urlparse() that causes certain port numbers containing whitespace, underscores, plus and minus signs, or non-ASCII digits to be incorrectly accepted. - Allow venv to pass along PYTHON* variables to ensurepip and pip when they do not impact path resolution - On macOS, fix a crash in syslog.syslog() in multi-threaded applications. On macOS, the libc syslog() function is not thread-safe, so syslog.syslog() no longer releases the GIL to call it. Patch by Victor Stinner. - Allow BUILTINS to be a valid field name for frozen dataclasses. - Make sure patch.dict() can be applied on async functions. - To avoid apparent memory leaks when asyncio.open_connection() raises, break reference cycles generated by local exception and future instances (which has exception instance as its member var). Patch by Dong Uk, Kang. - Prevent error when activating venv in nested fish instances. - Restrict use of sockets instead of pipes for stdin of subprocesses created by asyncio to AIX platform only. - shutil.copytree() now applies the ignore_dangling_symlinks argument recursively. - Fix IndexError in argparse.ArgumentParser when a store_true action is given an explicit argument. - Document that calling variadic functions with ctypes requires special care on macOS/arm64 (and possibly other platforms). - Skip test_normalization() of test_unicodedata if it fails to download NormalizationTest.txt file from pythontest.net. Patch by Victor Stinner. - Some C API tests were moved into the new Lib/test/test_capi/ directory. - Fix -Wimplicit-int, -Wstrict-prototypes, and - Wimplicit-function-declaration compiler warnings in configure checks. - Fix -Wimplicit-int compiler warning in configure check for PTHREAD_SCOPE_SYSTEM. - Specify the full path to the source location for make docclean (needed for cross-builds). - Fix NO_MISALIGNED_ACCESSES being not defined for the SHA3 extension when HAVE_ALIGNED_REQUIRED is set. Allowing builds on hardware that unaligned memory accesses are not allowed. - Fix handling of module docstrings in Tools/i18n/pygettext.py. - Remove upstreamed patches: - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch - CVE-2015-20107-mailcap-unsafe-filenames.patch - CVE-2022-42919-loc-priv-mulitproc-forksrv.patch - CVE-2022-45061-DoS-by-IDNA-decode.patch ++++ tpm2.0-abrmd: - Version 3.0.0 + Fixed * A bug in special command processing in TPM2_GetCapability when an audit session is in use cuased tpm2-abrmd to abort. + Added * New SELinux interfaces for communication with keylime + Changed * DBUS permissions in tpm2-abrmd.conf to match the in-kernel RM, ie /dev/tpmrm0, permissions. Now users MUST be in the tss group to send to tpm2-abrmd over DBUS. - Drop dbus-access.patch (merged in PR#805) ++++ python310: - Update to 3.10.9: - python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server lo This is done by changing the http.server BaseHTTPRequestHandler .log_message method to replace control characters with a \xHH hex escape before printin - Avoid publishing list of active per-interpreter audit hooks via the gc module - The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name. - Update bundled libexpat to 2.5.0 - Port XKCP’s fix for the buffer overflows in SHA-3 (CVE-2022-37454). - On Linux the multiprocessing module returns to using filesystem backed unix domain sockets for communication with the forkserver process instead of the Linux abstract socket namespace. Only code that chooses to use the “forkserver” start method is affected Abstract sockets have no permissions and could allow any user on the system in the same network namespace (often the whole system) to inject code into the multiprocessing forkserver process. This was a potential privilege escalation. Filesystem based socket permissions restrict this to the forkserver process user as was the default in Python 3.8 and earlier This prevents Linux CVE-2022-42919 - Fix a reference bug in _imp.create_builtin() after the creation of the first sub-interpreter for modules builtins and sys. Patch by Victor Stinner. - Fixed a bug that was causing a buffer overflow if the tokenizer copies a line missing the newline caracter from a file that is as long as the available tokenizer buffer. Patch by Pablo galindo - Update faulthandler to emit an error message with the proper unexpected signal number. Patch by Dong-hee Na. - Fix subscription of types.GenericAlias instances containing bare generic types: for example tuple[A, T][int], where A is a generic type, and T is a type variable. - Fix detection of MAC addresses for uuid on certain OSs. Patch by Chaim Sanders - Print exception class name instead of its string representation when raising errors from ctypes calls. - Allow pdb to locate source for frozen modules in the standard library. - Raise ValueError instead of SystemError when methods of uninitialized io.IncrementalNewlineDecoder objects are called. Patch by Oren Milman. - Fix a possible assertion failure in io.FileIO when the opener returns an invalid file descriptor. - Also escape s in the http.server BaseHTTPRequestHandler.log_message so that it is technically possible to parse the line and reconstruct what the original data was. Without this a xHH is ambiguious as to if it is a hex replacement we put in or the characters r”x” came through in the original request line. - asyncio.get_event_loop() now only emits a deprecation warning when a new event loop was created implicitly. It no longer emits a deprecation warning if the current event loop was set. - Fix bug when calling trace.CoverageResults with valid infile. - Fix a bug in handling class cleanups in unittest.TestCase. Now addClassCleanup() uses separate lists for different TestCase subclasses, and doClassCleanups() only cleans up the particular class. - Release the GIL when calling termios APIs to avoid blocking threads. - Fix ast.increment_lineno() to also cover ast.TypeIgnore when changing line numbers. - Fixed bug where inspect.signature() reported incorrect arguments for decorated methods. - Fix SystemError in ctypes when exception was not set during __initsubclass__. - Fix statistics.NormalDist pickle with 0 and 1 protocols. - Update the bundled copy of pip to version 22.3.1. - Apply bugfixes from importlib_metadata 4.11.4, namely: In PathDistribution._name_from_stem, avoid including parts of the extension in the result. In PathDistribution._normalized_name, ensure names loaded from the stem of the filename are also normalized, ensuring duplicate entry points by packages varying only by non-normalized name are hidden. - Clean up refleak on failed module initialisation in _zoneinfo - Clean up refleaks on failed module initialisation in in _pickle - Clean up refleak on failed module initialisation in _io. - Fix memory leak in math.dist() when both points don’t have the same dimension. Patch by Kumar Aditya. - Fix argument typechecks in _overlapped.WSAConnect() and _overlapped.Overlapped.WSASendTo() functions. - Fix internal error in the re module which in very rare circumstances prevented compilation of a regular expression containing a conditional expression without the “else” branch. - Fix asyncio.StreamWriter.drain() to call protocol.connection_lost callback only once on Windows. - Add a mutex to unittest.mock.NonCallableMock to protect concurrent access to mock attributes. - Fix hang on Windows in subprocess.wait_closed() in asyncio with ProactorEventLoop. Patch by Kumar Aditya. - Fix infinite loop in unittest when a self-referencing chained exception is raised - tkinter.Text.count() raises now an exception for options starting with “-” instead of silently ignoring them. - On uname_result, restored expectation that _fields and _asdict would include all six properties including processor. - Update the bundled copies of pip and setuptools to versions 22.3 and 65.5.0 respectively. - Fix bug in urllib.parse.urlparse() that causes certain port numbers containing whitespace, underscores, plus and minus signs, or non-ASCII digits to be incorrectly accepted. - Allow venv to pass along PYTHON* variables to ensurepip and pip when they do not impact path resolution - On macOS, fix a crash in syslog.syslog() in multi-threaded applications. On macOS, the libc syslog() function is not thread-safe, so syslog.syslog() no longer releases the GIL to call it. Patch by Victor Stinner. - Allow BUILTINS to be a valid field name for frozen dataclasses. - Make sure patch.dict() can be applied on async functions. - To avoid apparent memory leaks when asyncio.open_connection() raises, break reference cycles generated by local exception and future instances (which has exception instance as its member var). Patch by Dong Uk, Kang. - Prevent error when activating venv in nested fish instances. - Restrict use of sockets instead of pipes for stdin of subprocesses created by asyncio to AIX platform only. - shutil.copytree() now applies the ignore_dangling_symlinks argument recursively. - Fix IndexError in argparse.ArgumentParser when a store_true action is given an explicit argument. - Document that calling variadic functions with ctypes requires special care on macOS/arm64 (and possibly other platforms). - Skip test_normalization() of test_unicodedata if it fails to download NormalizationTest.txt file from pythontest.net. Patch by Victor Stinner. - Some C API tests were moved into the new Lib/test/test_capi/ directory. - Fix -Wimplicit-int, -Wstrict-prototypes, and - Wimplicit-function-declaration compiler warnings in configure checks. - Fix -Wimplicit-int compiler warning in configure check for PTHREAD_SCOPE_SYSTEM. - Specify the full path to the source location for make docclean (needed for cross-builds). - Fix NO_MISALIGNED_ACCESSES being not defined for the SHA3 extension when HAVE_ALIGNED_REQUIRED is set. Allowing builds on hardware that unaligned memory accesses are not allowed. - Fix handling of module docstrings in Tools/i18n/pygettext.py. - Remove upstreamed patches: - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch - CVE-2015-20107-mailcap-unsafe-filenames.patch - CVE-2022-42919-loc-priv-mulitproc-forksrv.patch - CVE-2022-45061-DoS-by-IDNA-decode.patch ++++ python-psutil: - Require unittest2 only for python2: make this suitable for the 15.4_py39 target in devel:languages:python:backports. - Merge skip-obs.patch into skip_failing_tests.patch and add test_linux.py::test_cpu_affinity because it depends on the obs vm-type or worker CPU. ++++ ovmf: - Add ovmf-OvmfPkg-PlatformInitLib-Fix-integrity-checking-faile.patch to avoid "NvVarStore Variable header State was invalid" issue when rebooting or booting second time. System hangs when booting. (bsc#1206078) The error message in ovmf log: Select Item: 0x19 Select Item: 0x25 Reserved variable store memory: 0x7FF7C000; size: 528kb NvVarStore Variable header State was invalid. ASSERT /home/abuild/rpmbuild/BUILD/edk2-edk2-stable202211/OvmfPkg/Library/PlatformInitLib/Platform.c(807): ((BOOLEAN)(0==1)) ++++ setroubleshoot: - Small adjustments in a spec file for dirs and files - Add documentation to be build in setroubleshoot-doc ++++ tpm2.0-tools: - Update to version 5.4 + Added: * tpm2_policyrestart: Added option --cphash to output the cpHash for the command PM2_CC_PolicyRestart. * tpm2_policynvwritten: Added option --cphash to output the cpHash for the command TPM2_CC_PolicyNvWritten. * tpm2_policylocality: Added option --cphash to output the cpHash for the command TPM2_CC_PolicyLocality. * tpm2_policycountertimer: Added option --cphash to output the cpHash for the command TPM2_CC_PolicyCounterTimer. * tpm2_policycommandcode: Added option --cphash to output the cpHash for the command TPM2_CC_PolicyCommandCode. * tpm2_policypassword: Added option --cphash to output the cpHash for the command TPM2_CC_PolicyPassword. * tpm2_policyauthvalue: Added option --cphash to output the cpHash for the command TPM2_CC_PolicyAuthValue. * tpm2_policyauthorize: Added option --cphash to output the cpHash for the command TPM2_CC_PolicyAuthorize. * tpm2_print: Support printing serialized ESYS_TR's * tpm2_create: Add a clarifying message to usage of -c when TPM2_CreateLoaded is not supported. * tpm2_getcap: Add support for vendor agnostic capabilites. Requires tpm2-tss version 4.0 and higher to enable. * Add a script, check_endorsement_cert.sh, to validate the endorsement certificate chain. It takes two inputs - A TPM2B_PUBLIC format EKpublic and a PEM format EKcertificate specified in that order as arguments. - Update to version 5.3 + Features: * lib/tpm2_tool.c: add --help=no-man for tpm2 option. Prior to this change the tool parsed no-man as an unrecognized option and errored out. Now it lists all the available tool options. * tpm2_encodeobject: New tool to encode TPM2 object. It takes public and private portions of an object and encode them in a combined PEM form called tssprivkey used by tpm2-tss-engine and other applications. * Support alternative ECC curves for which default EK templates exist (NIST_P256, NIST_P384, NIST_P521, and SM2_P256). * tools/misc/tpm2_checkquote: add sm2 verification of signature. * crypto: support the TPM2_ECC_SM2_P256 curveID. * fapi: add new command to enable the use of fapi objects for tpm2 tools. The new command tss2_gettpm2object was added. With this command context files which can be used for tpm2 tool commands can be created. * Support for sign and verify with sm2 algorithms. * tools/tpm2_startauthsession: add sym-algorithm argument for supported symmetric algorithm. * Attestation (certify, command audit, sessionaudit and quote): add scheme argument for supported signature schemes. This also enable support for SM signing. * tpm2_flushcontext: support all options at a time. Support the - t/-l/-s options all at once so folks don't have to call it multiple times. * tools/tpm2_nvread: add human readable output for NV content Enable parsing and YAML-style output for the different NV index types. * New event types in tpm2_eventlog: EV_EFI_PLATFORM_FIRMWARE_BLOB2, EV_EFI_HANDOFF_TABLES2, EV_EFI_VARIABLE_BOOT2 * VERSION: add version file - Generate the version file with bootstrap and include in the DIST tarball so endusers can call autoreconf on a dist tarball which doesn't have git. This alleviates git describe errors on release tarballs in the autoreconf case. * import: support restricted parents - Support a restricted parent with an aes128cfb symmetric parameter. * tpm2_load - Added capability to load pem files in TSS2-Private-Key format for interoperability with tpm2-tss-engine, tpm2-openssl provider tpm2-pkcs11, and tpm2-pytss. * tpm2_print - Added capability to parse out and print the public portion of a TSS Private Key in the PEM format with the arg option TSSPRIVKEY_OBJ. * tpm2_loadexternal: Added support to tpm2_loadexternal for parsing and loading the public portion of a TSS2 Privkey PEM file. The path to the PEM file must be specified using the -r option while skipping the -G option for key type. * Support added for calculating cpHash, rpHash, sessions for parameter encryption and auditing in: tpm2_nvwrite, tpm2_nvcertify, tpm2_nvincrement, tpm2_nvwritelock, tpm2_nvreadlock, tpm2_nvundefine and tpm2_nvreadpublic. * Support added for calculating cpHash in: tpm2_clear, tpm2_dictionarylockout, tpm2_clearcontrol, tpm2_sign, tpm2_setprimarypolicy, tpm2_setclock, tpm2_rsadecrypt, tpm2_duplicate, tpm2_clockrateadjust, tpm2_createprimary, tpm2_quote, tpm2_policysecret, tpm2_policynv, tpm2_policyauthorizenv, tpm2_import, tpm2_hmac, tpm2_hierarchycontrol, tpm2_load, tpm2_gettime, tpm2_evictcontrol, tpm2_encryptdecrypt, tpm2_getpolicydigest, tpm2_loadexternal, tpm2_commit, tpm2_ecdhkeygen, tpm2_ecdhzgen, tpm2_ecephemeral, tpm2_geteccparameters, tpm2_flushcontext, tpm2_pcrallocate, tpm2_pcrevent, tpm2_pcrreset, tpm2_pcrread. * Support for using tcti=none for cpHash calculations to avoid invoking checks for active TPM in: tpm2_nvreadpublic, tpm2_nvundefine, tpm2_nvreadlock, tpm2_nvwritelock, tpm2_nvincrement, tpm2_nvcertify, tpm2_nvdefine, tpm2_nvwrite. + Known issue: * FAPI tools will not work on 32bit user-static qemu on 64bit host because readdir returns NULL. Follow the issue on https://gitlab.com/qemu-project/qemu/-/issues/263 + Bug fixes: * tools/tpm2_pcrreset.c: fix build errors in 32bit systems. * Fix tssprivkey formatted PEM generation and load errors on 32 bit systems. * CI: Add testing of 32bit systems with multiarch/qemu-user-static containers. * tools/tpm2_evictcontrol: fix for calls to Esys_TR_Close on bad handles. * tools/tpm2_nvextend: fix for ESYS_TR handle not being used in calculating the object name. * tools/tpm2_nvwrite, tools/tpm2_nvread: Policy authorization must be re-instantiated on each iteration of the read/ write when size exceeds the allowed operating size (TPM2_PT_NV_BUFFER_MAX). However, information on the compounded policies cannot be retrieved from the only policy digest read from the session and hence the session cannot be re-instantiated. To avoid this scenario only a single iteration is allowed when policy authorization is in use. * Fix argument parsing in tpm2_policylocality to fix an issue causing almost always to generate PolicyLocality(0). There was a logical inversion that caused almost any argument (including invalid ones) to be interpreted as zero, except “zero" would be interpreted as one. * test/fapi/fapi-quote-verify.sh Fix check of qualifying data. Because of a bug in Fapi_VerifyQuote the qualifying data was not checked correctly. Errors that were not recognized before occur now. The order of the tests was cleaned up and for every quote and verify quote now the correct combination of the qualifying data and quote info containing the nonce is used. * tpm2_nvdefine: set TPMA_NV_PLATFORMCREATE when authenticating with the platform hierarchy. * tools/tpm2_getekcertificate: fixed the url link to ekop.intel.com. There were two places where the fix was needed: o In the tool source code where a forward slash was always appended irrespective of it already being part of the link specified by the user and o In the integration test where curl tests the link to the ekop.intel.com backend. It now requires the full link to include the base64 encoded ek pub hash. * tools/tpm2_tool.c: Fix an issue where LOG_WARN is always displayed Despite setting the 'quiet' flag with -Q. * fapi: fix usage of parameter pcrLog for tss2_quote. pcrLog is an optional parameter. If pcrLog is not used as parameter currently the pcr log is still calculated in Fapi_Quote. To avoid this calculation a NULL pointer will be passed to Fapi_Quote if the parameter pcrLog is not passed. So tss2_quote can be executed for a user which has no access rights to the files with the system measurements. * import: fix bug on using scheme wherein if scheme is specified in the template, the openssl load functions clobber the scheme value and set it to TPM2_ALG_NULL. * tools/tpm2_sign and tpm2_verifysignature: fix sm2 sign and verifysignature bugs : (1.) sm2 sign could not get output signature. (2.) sm2 verify tss format signature failed. * lib/tpm2.c: added workaround for a system api bug where in the flush handle is erroneously placed in the handle area instead of the parameter area. * nvreadpublic: drop ntoh on attributes The attributes get marshalled to correct endianess by libmu and don’t need to be changed again. * Removing unused '-i' option from tpm2_print * tpm2_policyor: fix unallocated policy list The TPML_DIGEST policy list was calloc'd for some reason, however it could just be statically allocated in the context. The side effect is that when no options or arguments were given a NPD occured when checking the count of the policy list. * tools/tpm2_certify: fix man page for short options and add tests The short options for the signing-key-auth and certified-key-auth were swapped. The case fix in the man page makes it less intuitive but have to go through with the change so that we don't break any existing scripts. This change does not affect the long options. Tests have been added to ensure the functionality. + CI: * ci: add ubuntu-22.04. This also requires the min tpm2-tss version to be at 3.2.0 to support the openSSL major version 3. * cirrus.yml: update freebsd version to 13.1 * .ci/download-deps.sh: update tpm2-abrmd dependency version to 2.4.1 - Drop 0001-tests-getekcertificate.sh-Skip-the-test-if-curl-is-n.patch (merged) - Drop add_missing_shut_down_call_on_cleanup.patch (merged) - Drop fix_check_of_qualifying_data.patch (merged) - Add echo_tcti_call_python3_binary.patch (upstreamed) ++++ util-linux-systemd: - Convert the build back to per-parts build, just use multibuild. ++++ xen: - Update to Xen 4.17.0 FCS release (jsc#PED-1858) xen-4.17.0-testing-src.tar.bz2 * On x86 "vga=current" can now be used together with GrUB2's gfxpayload setting. Note that this requires use of "multiboot2" (and "module2") as the GrUB commands loading Xen. * The "gnttab" option now has a new command line sub-option for disabling the GNTTABOP_transfer functionality. * The x86 MCE command line option info is now updated. * Out-of-tree builds for the hypervisor now supported. * __ro_after_init support, for marking data as immutable after boot. * The project has officially adopted 4 directives and 24 rules of MISRA-C, added MISRA-C checker build integration, and defined how to document deviations. * IOMMU superpage support on x86, affecting PV guests as well as HVM/PVH ones when they don't share page tables with the CPU (HAP / EPT / NPT). * Support for VIRT_SSBD and MSR_SPEC_CTRL for HVM guests on AMD. * Improved TSC, CPU, and APIC clock frequency calibration on x86. * Support for Xen using x86 Control Flow Enforcement technology for its own protection. Both Shadow Stacks (ROP protection) and Indirect Branch Tracking (COP/JOP protection). * Add mwait-idle support for SPR and ADL on x86. * Extend security support for hosts to 12 TiB of memory on x86. * Add command line option to set cpuid parameters for dom0 at boot time on x86. * Improved static configuration options on Arm. * cpupools can be specified at boot using device tree on Arm. * It is possible to use PV drivers with dom0less guests, allowing statically booted dom0less guests with PV devices. * On Arm, p2m structures are now allocated out of a pool of memory set aside at domain creation. * Improved mitigations against Spectre-BHB on Arm. * Support VirtIO-MMIO devices device-tree binding creation in toolstack on Arm. * Allow setting the number of CPUs to activate at runtime from command line option on Arm. * Grant-table support on Arm was improved and hardened by implementing "simplified M2P-like approach for the xenheap pages" * Add Renesas R-Car Gen4 IPMMU-VMSA support on Arm. * Add i.MX lpuart and i.MX8QM support on Arm. * Improved toolstack build system. * Add Xue - console over USB 3 Debug Capability. * gitlab-ci automation: Fixes and improvements together with new tests. * dropped support for the (x86-only) "vesa-mtrr" and "vesa-remap" command line options - Drop patches contained in new tarball or invalid 62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch xsa410-01.patch xsa410-02.patch xsa410-03.patch xsa410-04.patch xsa410-05.patch xsa410-06.patch xsa410-07.patch xsa410-08.patch xsa410-09.patch xsa410-10.patch xsa411.patch ------------------------------------------------------------------ ------------------ 2022-12-7 - Dec 7 2022 ------------------- ------------------------------------------------------------------ ++++ ansible-core: - update to 2.14.1: Full changelog https://github.com/ansible/ansible/blob/v2.14.1/changelogs/CHANGELOG-v2.14.rst * Minor Changes - ansible-test - Improve consistency of executed pylint commands by making the plugins ordered. * Bugfixes - Fixes leftover _valid_attrs usage. - ansible-galaxy - make initial call to Galaxy server on-demand only when installing, getting info about, and listing roles. - copy module will no longer move 'non files' set as src when remote_src=true. - display - reduce risk of post-fork output deadlocks (#79522) - jinja2_native: preserve quotes in strings (#79083) - updated error messages to include 'acl' and not just mode changes when failing to set required permissions on remote. ++++ cracklib: - update to 2.9.8: * rules: Drop using register keyword * add exec perms * translation updates * Use what's in the build environment and use a current autoconf * util/Makefile.am: fix link with lintl * Force grep to treat the input as text when formatting word files ++++ cyrus-sasl: - Do not set directories inside doc/ mode 644; otherwise the directories are set 644 as well, which means no files inside are accessible. This resulted in the past in doc/ actually not being added to the devel package. ++++ fde-tools: - Updated to version 0.6 - pcr-oracle is now a standalone project and package - Split off the jeos-firstboot stuff into a binary package of its own, because bare metal installations do not need it - Refactoring the scripts - Folded Gary's patches into git. ++++ kernel-default: - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - commit b072b1c ++++ libglvnd: - update to 1.6.0: * Read gl.symbols when generating stubs for libGL.so * Update GL headers and XML files * Add support for loongarch64 * GLX: Fix assembly stubs for x32 * Fix pthreads lookup on FreeBSD ++++ open-iscsi: - Moving DB files from /etc/iscsi/* to /var/lib/iscsi/* for SLE-15-SP5 and forward, as is done in Tumbleweed. - Added /etc/iscsi/README.DB-files-moved, and added SPEC file changes to support this, including a post-install script to move the DB files, only installed if DB files are moved. - Renamed shared library from libopeniscsiusr0_2_0 to libopeniscsiusr0, to correctly match SONAME in library. ++++ python-cryptography: - Update to version 38.0.4 * Fixed compilation when using LibreSSL 3.6.0. * Fixed error when using py2app to build an application with a cryptography dependency. ++++ python-pycairo: - Update to version 1.23.0 * Reminder to distro packagers: Building/installing pycairo using setup.py is deprecated, please use meson instead. * git: changed default branch from “master” to “main” * Windows: Update the cairo version included in the wheels from 1.17.2 to 1.17.6 #pr-243 * docs: Document how to look up pycairo headers without loading the module #pr-300 * tests: don’t error out if cairo wasn’t built with all features #pr-293 New APIs: * Status.DWRITE_ERROR #pr-294 * Format.RGB96F, Format.RGBA128F #pr-295 * PDFVersion.VERSION_1_6, PDFVersion.VERSION_1_7 #pr-296 * HAS_DWRITE_FONT #pr-297 * Context.set_hairline(), Context.get_hairline() #pr-298 * PDFSurface.set_custom_metadata() #pr-299 ------------------------------------------------------------------ ------------------ 2022-12-6 - Dec 6 2022 ------------------- ------------------------------------------------------------------ ++++ containerd: - Update to containerd v1.6.11. Upstream release notes: - Update to containerd v1.6.9 for Docker v20.10.21-ce. Also includes a fix for CVE-2022-27191. boo#1206065 bsc#1197284 Upstream release notes: ++++ docker: - Update to Docker 20.10.21-ce. See upstream changelog online at . bsc#1206065 - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch * 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch - The PRIVATE-REGISTRY patch will now output a warning if it is being used (in preparation for removing the feature). This feature was never meant to be used by users directly (and is only available in the -kubic/CaaSP version of the package anyway) and thus should not affect any users. ++++ hwdata: - update to 0.365: + Updated pci, usb and vendor ids. ++++ kdump: - maintain the spec file in git ++++ pcre2: - pcre2 10.41: * pcre2grep behaves more like GNU grep for multiple patterns that match more than once on a line ++++ pam: - pam_pwhistory-docu.patch, docbook5.patch: convert docu to docbook5 ++++ selinux-policy: - Updated fix_networkmanager.patch to allow NetworkManager to watch net_conf_t (bsc#1206109) ------------------------------------------------------------------ ------------------ 2022-12-5 - Dec 5 2022 ------------------- ------------------------------------------------------------------ ++++ docker-compose: - BuildRequires go1.19 - Update to version 2.14.0: * ci: upgrade to Go 1.19.3 & bump deps * schema: add support for tmpfs.mode in mount definition (#10031) * test: speed up Cucumber stop test (#10032) * Make use of Containers.filter() and isService() * Fix replacing "service:x" with "container:y" * use StringToBool to detect COMPOSE_IGNORE_ORPHANS * use api.Separator to print right image names * use DistributionInspect to resolve image digest * move image digests resolution to backend * Broken Link fixed in compose docs * add file header and cleanup profiles e2e tests * add e2e tests to check profile activation via targeted service * add e2e tests to check no profile usages * add e2e tests using explicitly profiles * pass services list to projectOrName function to add profiles for targeted services * only stop services started by `up` on interruption * docs: fix grammatical issues (#9997) * implement support for oom_score_adj * useDockerDefaultOrServicePlatform fct should return service.platform if defined and present in the build.platforms list (or if the list is empty) * configure buildx for plain output if --ansi=never has been set * change the default branch of the doc repository ++++ grub2: - Add tpm to signed grub.elf image (PED-1990) (bsc#1205912) - Increase initial heap size from 1/4 to 1/3 * 0001-ieee1275-Increase-initially-allocated-heap-from-1-4-.patch ++++ gtk3: - Update to version 3.24.35+10: + Flush drawable surface when getting a pixbuf. + wayland: Look for cursor themes in $HOME (boo#1206001). ++++ kernel-default: - Update to 6.1-rc8 - commit 6ba05d3 ++++ libX11: - Update to version 1.8.1 This release fixes the --enable-thread-safety-constructor option to the configure script to work as intended. In the previous release, the changes for this option may not have been enabled when the option was not specified or when the --enable option was specified. While we have enabled it by default, believing that doing so will reduce the number of bugs users encounter running libX11 clients, in some cases it may expose bugs in which clients had previously gotten away with calling libX11 functions while a libX11 lock is already held, and thus now deadlock, as discussed in https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/157 - let's hope this version doesn't suffer yet from the regressions reported in boo#1205778, boo#1205818 (reported against 1.8.2); we need libX11 thread safe for totem (GNOME 43) :-( - going back to version 1.7.5 for now to get rid of regressions, which were introduced by trying to get thread-safe in libX11 itself - re-introduced U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch which was not yet in 1.7.5 - supersedes the following patches * U_0001-Add-XFreeThreads-function.patch * U_0002-Don-t-use-pragma-inside-a-function-it-breaks-compili.patch * U_0003-Fix-797755-Allow-X-IfEvent-to-reenter-libX11.patch * U_0004-Indentation-fixes-around-recent-dpy-in_ifevent-chang.patch * U_0005-ChkIfEv.c-fix-wrong-handling-of-dpy-in_ifevent.patch ++++ libXdamage: - Update to version 1.1.6 * Update configure.ac bug URL for gitlab migration * Fix spelling/wording issues * gitlab CI: add a basic build test * Variable scope reduction as recommended by cppcheck * Mark two dpy parameters const as suggested by cppcheck * XDamageCloseDisplay: Mark codes as unused * Remove unnecessary casts from malloc() and free() calls * Handle -Wconversion warnings from clang * Handle -Wshorten-64-to-32 warnings from clang ++++ libXv: - Update to version 1.0.12: * Update README for gitlab migration * Update configure.ac bug URL for gitlab migration * Build xz tarballs instead of bzip2 * Fix spelling/wording issues * gitlab CI: add a basic build test * XvGetReq: remove trailing semicolon that caller is expected to provide * Variable scope reductions * Handle implicit conversion warnings from clang ++++ avahi: - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_avahi-daemon.service.patch * harden_avahi-dnsconfd.service.patch ++++ libcontainers-common: - Remove registry.suse.com from search unqualified-search-registries: registry.suse.com responds very slowly to pagination repository listings (https://docs.docker.com/registry/spec/api/#pagination) and thereby causes every `podman search` to take over 90s. We have to remove it until this regression is fixed. ++++ mozilla-nss: - update to NSS 3.85 * bmo#1792821 - Modification of the primes.c and dhe-params.c in order to have better looking tables * bmo#1796815 - Update zlib in NSS to 1.2.13 * bmo#1796504 - Skip building modutil and shlibsign when building in Firefox * bmo#1796504 - Use __STDC_VERSION__ rather than __STDC__ as a guard * bmo#1796407 - Fix -Wunused-but-set-variable warning from clang 15 * bmo#1796308 - Fix -Wtautological-constant-out-of-range-compare and -Wtype-limits warnings * bmo#1796281 - Followup: add missing stdint.h include * bmo#1796281 - Fix -Wint-to-void-pointer-cast warnings * bmo#1796280 - Fix -Wunused-{function,variable,but-set-variable} warnings on Windows * bmo#1796079 - Fix -Wstring-conversion warnings * bmo#1796075 - Fix -Wempty-body warnings * bmo#1795242 - Fix unused-but-set-parameter warning * bmo#1795241 - Fix unreachable-code warnings * bmo#1795222 - Mark _nss_version_c unused on clang-cl * bmo#1795668 - Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. ++++ protobuf: - update to 21.10: * Java * Use bit-field int values in buildPartial to skip work on unset groups of fields. (#10960) * Mark nested builder as clean after clear is called (#10984) ++++ snapper: - fix build with upcoming selinux - version 0.10.4 ++++ openSUSE-build-key: - Package OBS project key if available. Useful when forking openSUSE-build-key for use in appliances. ++++ perl-Bootloader: - merge gh#openSUSE/perl-bootloader#140 - add basic support for systemd-boot - 0.940 ++++ python-cffi: - Add python-py as test dependency ++++ python-iniconfig: - Add python-py as test dependency ------------------------------------------------------------------ ------------------ 2022-12-4 - Dec 4 2022 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - update to 6.0.2: * fix resize cancel not working in some cases * fix fileattr stream command format and add workaround when it cannot be applied * properly handle degraded raid56 reads * fi defrag: fix verbosity, don't print file names by default * receive: fix silent data loss after fall back from encoded write * fi mkswapfile: new command to create a formatted swapfile in one go - includes changes from 6.0.1: * send: minor speed up for v2 due to increased buffer size * resize: invalid command line options fail with error code * quota rescan: * add long options --status and --wait * new option to wait but don't start rescan * qgroup show: print path by default, updated format * qgroup: new subcommand clear-stale, remove qgroups without their subvolumes * experimental: * add warnings to commands that have it enabled (mkfs, image, btrfstune) * other: * documentation, help text, error message updates ++++ fuse-overlayfs: - update to 1.10: * main: use /proc/self/fd to read xattrs. * main: inherit ACLs for new files/dirs. * main: fix passing noatime. * main: add checks for valid /proc mount. * main: fix copy_file_range for deleted files. * main: fix creating links of just deleted files. * main: fix setting attributes on file without permissions. * main: ignore EOVERFLOW when copying xattrs. * main: set the correct value for RENAME_NOREPLACE when it is not already defined in the system headers. * main: create source whiteout only when needed * main: fix missing source whiteout when destination is whiteout * main: fix lookup if underlying path is a symlink, but a directory on a upper directory. * main: fix race when looking up an inode that was renamed. * main: fix type used for ioctl. * main: honor user.overlay. xattrs. Native overlay uses user.overlay to store the overlay metadata instead of trusted.overlay. * main: add a mount flag to disable ACLs. ++++ texinfo: - texinfo 7.0.1: * texi2any: avoid multiple crashes on empty @image argument and other conditions * avoid hang on @ref command inside section command * info: fix recoding of UTF-8 files to ASCII when run in C locale * js: index search fixed for new HTML output ++++ llvm15: - Update to version 15.0.6. * This release contains bug-fixes for the LLVM 15.0.0 release. This release is API and ABI compatible with 15.0.0. - Rebase llvm-do-not-install-static-libraries.patch. ++++ libXcomposite: - Update to version 0.4.6 * Fix spelling/wording issues * gitlab CI: add a basic build test * Mark two dpy parameters const as suggested by cppcheck * Remove unnecessary casts from malloc() and free() calls * Wrap XComposite*CheckExtension() in do { ... } while(0) * Handle implicit conversion warnings from clang * XCompositeCloseDisplay: Mark codes as unused ++++ setroubleshoot-plugins: - update to 3.3.14: * Update translations * Add 'fur' into shipped locales * Update translations ------------------------------------------------------------------ ------------------ 2022-12-3 - Dec 3 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - spefile: removed Release lines from libxatracker2, libxatracker-devel packages in the hope to have reproducibly builds also on Tumbleweed (boo#1205998) ++++ Mesa-drivers: - spefile: removed Release lines from libxatracker2, libxatracker-devel packages in the hope to have reproducibly builds also on Tumbleweed (boo#1205998) ++++ kernel-default: - Linux 6.0.11 (bsc#1012628). - binder: validate alloc->mm in ->mmap() handler (bsc#1012628). - ceph: Use kcalloc for allocating multiple elements (bsc#1012628). - ceph: fix NULL pointer dereference for req->r_session (bsc#1012628). - wifi: mac80211: fix memory free error when registering wiphy fail (bsc#1012628). - wifi: cfg80211: Fix bitrates overflow issue (bsc#1012628). - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (bsc#1012628). - spi: tegra210-quad: Don't initialise DMA if not supported (bsc#1012628). - riscv: dts: sifive unleashed: Add PWM controlled LEDs (bsc#1012628). - audit: fix undefined behavior in bit shift for AUDIT_BIT (bsc#1012628). - wifi: airo: do not assign -1 to unsigned char (bsc#1012628). - wifi: mac80211: Fix ack frame idr leak when mesh has no route (bsc#1012628). - selftests/net: don't tests batched TCP io_uring zc (bsc#1012628). - wifi: ath11k: Fix QCN9074 firmware boot on x86 (bsc#1012628). - s390/zcrypt: fix warning about field-spanning write (bsc#1012628). - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (bsc#1012628). - selftests/bpf: Add verifier test for release_reference() (bsc#1012628). - selftests/net: give more time to udpgro bg processes to complete startup (bsc#1012628). - Revert "net: macsec: report real_dev features when HW offloading is enabled" (bsc#1012628). - ACPI: video: Add backlight=native DMI quirk for Dell G15 5515 (bsc#1012628). - platform/x86: ideapad-laptop: Disable touchpad_switch (bsc#1012628). - platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 (bsc#1012628). - platform/x86/intel/pmt: Sapphire Rapids PMT errata fix (bsc#1012628). - platform/x86/intel/hid: Add some ACPI device IDs (bsc#1012628). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1012628). - scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC (bsc#1012628). - drm: panel-orientation-quirks: Add quirk for Nanote UMPC-01 (bsc#1012628). - drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017) (bsc#1012628). - block, bfq: fix null pointer dereference in bfq_bio_bfqg() (bsc#1012628). - s390: always build relocatable kernel (bsc#1012628). - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header (bsc#1012628). - nvme: quiet user passthrough command errors (bsc#1012628). - nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (bsc#1012628). - net: wwan: iosm: fix kernel test robot reported errors (bsc#1012628). - drm/amd/display: Zeromem mypipe heap struct before using it (bsc#1012628). - drm/amd/display: Fix FCLK deviation and tool compile issues (bsc#1012628). - drm/amd/display: Fix gpio port mapping issue (bsc#1012628). - Revert "drm/amdgpu: Revert "drm/amdgpu: getting fan speed pwm for vega10 properly"" (bsc#1012628). - drm/amdgpu: Drop eviction lock when allocating PT BO (bsc#1012628). - drm/amd/display: only fill dirty rectangles when PSR is enabled (bsc#1012628). - ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (bsc#1012628). - RISC-V: vdso: Do not add missing symbols to version section in linker script (bsc#1012628). - MIPS: pic32: treat port as signed integer (bsc#1012628). - io_uring/poll: lockdep annote io_poll_req_insert_locked (bsc#1012628). - xfrm: fix "disable_policy" on ipv4 early demux (bsc#1012628). - arm64: dts: rockchip: fix quartz64-a bluetooth configuration (bsc#1012628). - xfrm: replay: Fix ESN wrap around for GSO (bsc#1012628). - af_key: Fix send_acquire race with pfkey_register (bsc#1012628). - power: supply: ip5xxx: Fix integer overflow in current_now calculation (bsc#1012628). - power: supply: ab8500: Defer thermal zone probe (bsc#1012628). - ARM: dts: am335x-pcm-953: Define fixed regulators in root node (bsc#1012628). - ASoC: hdac_hda: fix hda pcm buffer overflow issue (bsc#1012628). - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (bsc#1012628). - ASoC: soc-pcm: Don't zero TDM masks in __soc_pcm_open() (bsc#1012628). - x86/hyperv: Restore VP assist page after cpu offlining/onlining (bsc#1012628). - scsi: storvsc: Fix handling of srb_status and capacity change events (bsc#1012628). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1012628). - arm64: dts: rockchip: Fix Pine64 Quartz4-B PMIC interrupt (bsc#1012628). - ASoC: max98373: Add checks for devm_kcalloc (bsc#1012628). - regulator: core: fix kobject release warning and memory leak in regulator_register() (bsc#1012628). - regulator: rt5759: fix OOB in validate_desc() (bsc#1012628). - spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() (bsc#1012628). - regulator: core: fix UAF in destroy_regulator() (bsc#1012628). - bus: sunxi-rsb: Remove the shutdown callback (bsc#1012628). - bus: sunxi-rsb: Support atomic transfers (bsc#1012628). - tee: optee: fix possible memory leak in optee_register_device() (bsc#1012628). - spi: tegra210-quad: Fix duplicate resource error (bsc#1012628). - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (bsc#1012628). - selftests: mptcp: gives slow test-case more time (bsc#1012628). - selftests: mptcp: run mptcp_sockopt from a new netns (bsc#1012628). - selftests: mptcp: fix mibit vs mbit mix up (bsc#1012628). - net: liquidio: simplify if expression (bsc#1012628). - net: neigh: decrement the family specific qlen (bsc#1012628). - ipvlan: hold lower dev to avoid possible use-after-free (bsc#1012628). - rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975] (bsc#1012628). - net: dsa: sja1105: disallow C45 transactions on the BASE-TX MDIO bus (bsc#1012628). - nfc/nci: fix race with opening and closing (bsc#1012628). - net: pch_gbe: fix potential memleak in pch_gbe_tx_queue() (bsc#1012628). - 9p/fd: fix issue of list_del corruption in p9_fd_cancel() (bsc#1012628). - netfilter: conntrack: Fix data-races around ct mark (bsc#1012628). - netfilter: nf_tables: do not set up extensions for end interval (bsc#1012628). - iavf: Fix a crash during reset task (bsc#1012628). - iavf: Do not restart Tx queues after reset task failure (bsc#1012628). - iavf: remove INITIAL_MAC_SET to allow gARP to work properly (bsc#1012628). - iavf: Fix race condition between iavf_shutdown and iavf_remove (bsc#1012628). - ARM: mxs: fix memory leak in mxs_machine_init() (bsc#1012628). - ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (bsc#1012628). - net: ethernet: mtk_eth_soc: fix error handling in mtk_open() (bsc#1012628). - net/mlx4: Check retval of mlx4_bitmap_init (bsc#1012628). - net: mvpp2: fix possible invalid pointer dereference (bsc#1012628). - net/qla3xxx: fix potential memleak in ql3xxx_send() (bsc#1012628). - octeontx2-af: debugsfs: fix pci device refcount leak (bsc#1012628). - net: pch_gbe: fix pci device refcount leak while module exiting (bsc#1012628). - nfp: fill splittable of devlink_port_attrs correctly (bsc#1012628). - nfp: add port from netdev validation for EEPROM access (bsc#1012628). - bonding: fix ICMPv6 header handling when receiving IPv6 messages (bsc#1012628). - macsec: Fix invalid error code set (bsc#1012628). - drm/i915: Fix warn in intel_display_power_*_domain() functions (bsc#1012628). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (bsc#1012628). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (bsc#1012628). - netfilter: ipset: regression in ip_set_hash_ip.c (bsc#1012628). - net/mlx5: Do not query pci info while pci disabled (bsc#1012628). - net/mlx5: Fix FW tracer timestamp calculation (bsc#1012628). - net/mlx5: SF: Fix probing active SFs during driver probe phase (bsc#1012628). - net/mlx5: cmdif, Print info on any firmware cmd failure to tracepoint (bsc#1012628). - net/mlx5: Fix handling of entry refcount when command is not issued to FW (bsc#1012628). - net/mlx5: E-Switch, Set correctly vport destination (bsc#1012628). - net/mlx5: Fix sync reset event handler error flow (bsc#1012628). - net/mlx5e: Offload rule only when all encaps are valid (bsc#1012628). - net: phy: at803x: fix error return code in at803x_probe() (bsc#1012628). - tipc: set con sock in tipc_conn_alloc (bsc#1012628). - tipc: add an extra conn_get in tipc_conn_alloc (bsc#1012628). - tipc: check skb_linearize() return value in tipc_disc_rcv() (bsc#1012628). - zonefs: Fix race between modprobe and mount (bsc#1012628). - xfrm: Fix oops in __xfrm_state_delete() (bsc#1012628). - xfrm: Fix ignored return value in xfrm6_init() (bsc#1012628). - net: wwan: iosm: use ACPI_FREE() but not kfree() in ipc_pcie_read_bios_cfg() (bsc#1012628). - sfc: fix potential memleak in __ef100_hard_start_xmit() (bsc#1012628). - net: sparx5: fix error handling in sparx5_port_open() (bsc#1012628). - net: sched: allow act_ct to be built without NF_NAT (bsc#1012628). - NFC: nci: fix memory leak in nci_rx_data_packet() (bsc#1012628). - regulator: twl6030: re-add TWL6032_SUBCLASS (bsc#1012628). - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (bsc#1012628). - dma-buf: fix racing conflict of dma_heap_add() (bsc#1012628). - tsnep: Fix rotten packets (bsc#1012628). - cpufreq: amd-pstate: change amd-pstate driver to be built-in type (bsc#1012628). - netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface (bsc#1012628). - netfilter: flowtable_offload: add missing locking (bsc#1012628). - fs: do not update freeing inode i_io_list (bsc#1012628). - blk-mq: fix queue reference leak on blk_mq_alloc_disk_for_queue failure (bsc#1012628). - test_kprobes: fix implicit declaration error of test_kprobes (bsc#1012628). - dccp/tcp: Reset saddr on failure after inet6?_hash_connect() (bsc#1012628). - net: ethernet: mtk_eth_soc: fix potential memory leak in mtk_rx_alloc() (bsc#1012628). - net: ethernet: mtk_eth_soc: fix resource leak in error path (bsc#1012628). - ipv4: Fix error return code in fib_table_insert() (bsc#1012628). - arcnet: fix potential memory leak in com20020_probe() (bsc#1012628). - net: dm9051: Fix missing dev_kfree_skb() in dm9051_loop_rx() (bsc#1012628). - net/cdc_ncm: Fix multicast RX support for CDC NCM devices with ZLP (bsc#1012628). - s390/ap: fix memory leak in ap_init_qci_info() (bsc#1012628). - s390/dasd: fix no record found for raw_track_access (bsc#1012628). - fscache: fix OOB Read in __fscache_acquire_volume (bsc#1012628). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (bsc#1012628). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (bsc#1012628). - nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION (bsc#1012628). - net: marvell: prestera: add missing unregister_netdev() in prestera_port_create() (bsc#1012628). - net: enetc: cache accesses to &priv->si->hw (bsc#1012628). - net: enetc: preserve TX ring priority across reconfiguration (bsc#1012628). - octeontx2-pf: Add check for devm_kcalloc (bsc#1012628). - net: wwan: t7xx: Fix the ACPI memory leak (bsc#1012628). - virtio_net: Fix probe failed when modprobe virtio_net (bsc#1012628). - octeontx2-af: Fix reference count issue in rvu_sdp_init() (bsc#1012628). - net: thunderx: Fix the ACPI memory leak (bsc#1012628). - s390/crashdump: fix TOD programmable field size (bsc#1012628). - io_uring/filetable: fix file reference underflow (bsc#1012628). - io_uring/poll: fix poll_refs race with cancelation (bsc#1012628). - lib/vdso: use "grep -E" instead of "egrep" (bsc#1012628). - can: gs_usb: remove dma allocations (bsc#1012628). - usb: dwc3: exynos: Fix remove() function (bsc#1012628). - usb: cdnsp: Fix issue with Clear Feature Halt Endpoint (bsc#1012628). - usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 (bsc#1012628). - dma-buf: Use dma_fence_unwrap_for_each when importing fences (bsc#1012628). - cifs: fix missing unlock in cifs_file_copychunk_range() (bsc#1012628). - cifs: Use after free in debug code (bsc#1012628). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1012628). - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (bsc#1012628). - iio: adc: aspeed: Remove the trim valid dts property (bsc#1012628). - iio: light: apds9960: fix wrong register for gesture gain (bsc#1012628). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (bsc#1012628). - iio: accel: bma400: Fix memory leak in bma400_get_steps_reg() (bsc#1012628). - dt-bindings: iio: adc: Remove the property "aspeed,trim-data-valid" (bsc#1012628). - mm/damon/sysfs-schemes: skip stats update if the scheme directory is removed (bsc#1012628). - virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1012628). - cpufreq: amd-pstate: cpufreq: amd-pstate: reset MSR_AMD_PERF_CTL register at init (bsc#1012628). - zonefs: Fix active zone accounting (bsc#1012628). - bus: ixp4xx: Don't touch bit 7 on IXP42x (bsc#1012628). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (bsc#1012628). - spi: spi-imx: spi_imx_transfer_one(): check for DMA transfer first (bsc#1012628). - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (bsc#1012628). - NFSD: Fix reads with a non-zero offset that don't end on a page boundary (bsc#1012628). - nios2: add FORCE for vmlinuz.gz (bsc#1012628). - drm/amdgpu: Enable SA software trap (bsc#1012628). - drm/amdkfd: update GFX11 CWSR trap handler (bsc#1012628). - drm/amd/display: Added debug option for forcing subvp num ways (bsc#1012628). - drm/amd/display: Add debug option for allocating extra way for cursor (bsc#1012628). - drm/amd/display: Update MALL SS NumWays calculation (bsc#1012628). - drm/amd/display: Fix calculation for cursor CAB allocation (bsc#1012628). - usb: dwc3: gadget: conditionally remove requests (bsc#1012628). - usb: dwc3: gadget: Return -ESHUTDOWN on ep disable (bsc#1012628). - usb: dwc3: gadget: Clear ep descriptor last (bsc#1012628). - io_uring: cmpxchg for poll arm refs release (bsc#1012628). - io_uring: make poll refs more robust (bsc#1012628). - io_uring: clear TIF_NOTIFY_SIGNAL if set and task_work not available (bsc#1012628). - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (bsc#1012628). - gcov: clang: fix the buffer overflow issue (bsc#1012628). - mm/cgroup/reclaim: fix dirty pages throttling on cgroup v1 (bsc#1012628). - mm: vmscan: fix extreme overreclaim and swap floods (bsc#1012628). - fpga: m10bmc-sec: Fix kconfig dependencies (bsc#1012628). - KVM: x86/mmu: Fix race condition in direct_page_fault (bsc#1012628). - KVM: x86/xen: Only do in-kernel acceleration of hypercalls for guest CPL0 (bsc#1012628). - KVM: x86/xen: Validate port number in SCHEDOP_poll (bsc#1012628). - drm/i915/gvt: Get reference to KVM iff attachment to VM is successful (bsc#1012628). - KVM: x86: nSVM: leave nested mode on vCPU free (bsc#1012628). - KVM: x86: forcibly leave nested mode on vCPU reset (bsc#1012628). - KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use (bsc#1012628). - KVM: x86: add kvm_leave_nested (bsc#1012628). - KVM: x86: remove exit_int_info warning in svm_handle_exit (bsc#1012628). - KVM: Update gfn_to_pfn_cache khva when it moves within the same page (bsc#1012628). - x86/tsx: Add a feature bit for TSX control MSR support (bsc#1012628). - x86/pm: Add enumeration check before spec MSRs save/restore setup (bsc#1012628). - x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (bsc#1012628). - mm: fix unexpected changes to {failslab|fail_page_alloc}.attr (bsc#1012628). - mm: correctly charge compressed memory to its memcg (bsc#1012628). - LoongArch: Clear FPU/SIMD thread info flags for kernel thread (bsc#1012628). - LoongArch: Set _PAGE_DIRTY only if _PAGE_WRITE is set in {pmd,pte}_mkdirty() (bsc#1012628). - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (bsc#1012628). - ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table (bsc#1012628). - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (bsc#1012628). - ASoC: Intel: soc-acpi: add ES83x6 support to IceLake (bsc#1012628). - tools: iio: iio_generic_buffer: Fix read size (bsc#1012628). - ASoC: hda: intel-dsp-config: add ES83x6 quirk for IceLake (bsc#1012628). - ASoC: SOF: ipc3-topology: use old pipeline teardown flow with SOF2.1 and older (bsc#1012628). - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on - >set_termios() (bsc#1012628). - Revert "tty: n_gsm: avoid call of sleeping functions from atomic context" (bsc#1012628). - Revert "tty: n_gsm: replace kicktimer with delayed_work" (bsc#1012628). - Input: goodix - try resetting the controller when no config is set (bsc#1012628). - bpf: Convert BPF_DISPATCHER to use static_call() (not ftrace) (bsc#1012628). - ASoC: sof_es8336: reduce pop noise on speaker (bsc#1012628). - Input: soc_button_array - add use_low_level_irq module parameter (bsc#1012628). - Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (bsc#1012628). - pinctrl: qcom: sc8280xp: Rectify UFS reset pins (bsc#1012628). - ASoC: stm32: dfsdm: manage cb buffers cleanup (bsc#1012628). - xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (bsc#1012628). - xen/platform-pci: add missing free_irq() in error path (bsc#1012628). - platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1012628). - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (bsc#1012628). - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (bsc#1012628). - platform/surface: aggregator_registry: Add support for Surface Pro 9 (bsc#1012628). - drm/amd/display: use uclk pstate latency for fw assisted mclk validation dcn32 (bsc#1012628). - drm/amdgpu: disable BACO support on more cards (bsc#1012628). - drm/amdkfd: Fix a memory limit issue (bsc#1012628). - zonefs: fix zone report size in __zonefs_io_error() (bsc#1012628). - platform/surface: aggregator_registry: Add support for Surface Laptop 5 (bsc#1012628). - platform/x86: hp-wmi: Ignore Smart Experience App event (bsc#1012628). - platform/x86: ideapad-laptop: Fix interrupt storm on fn-lock toggle on some Yoga laptops (bsc#1012628). - platform/x86: ideapad-laptop: Add module parameters to match DMI quirk tables (bsc#1012628). - tcp: configurable source port perturb table size (bsc#1012628). - block: make blk_set_default_limits() private (bsc#1012628). - dm-integrity: set dma_alignment limit in io_hints (bsc#1012628). - dm-log-writes: set dma_alignment limit in io_hints (bsc#1012628). - net: usb: qmi_wwan: add Telit 0x103a composition (bsc#1012628). - scsi: mpi3mr: Suppress command reply debug prints (bsc#1012628). - scsi: iscsi: Fix possible memory leak when device_register() failed (bsc#1012628). - gpu: host1x: Avoid trying to use GART on Tegra20 (bsc#1012628). - dm integrity: flush the journal on suspend (bsc#1012628). - dm integrity: clear the journal on suspend (bsc#1012628). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1012628). - wifi: wilc1000: validate pairwise and authentication suite offsets (bsc#1012628). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute (bsc#1012628). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute (bsc#1012628). - wifi: wilc1000: validate number of channels (bsc#1012628). - btrfs: free btrfs_path before copying root refs to userspace (bsc#1012628). - btrfs: free btrfs_path before copying inodes to userspace (bsc#1012628). - btrfs: free btrfs_path before copying fspath to userspace (bsc#1012628). - btrfs: free btrfs_path before copying subvol info to userspace (bsc#1012628). - btrfs: zoned: fix missing endianness conversion in sb_write_pointer (bsc#1012628). - btrfs: use kvcalloc in btrfs_get_dev_zone_info (bsc#1012628). - btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs() (bsc#1012628). - btrfs: do not modify log tree while holding a leaf from fs tree locked (bsc#1012628). - drm/i915/ttm: never purge busy objects (bsc#1012628). - drm/display/dp_mst: Fix drm_dp_mst_add_affected_dsc_crtcs() return code (bsc#1012628). - drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN (bsc#1012628). - drm/amd/display: No display after resume from WB/CB (bsc#1012628). - drm/amdgpu/psp: don't free PSP buffers on suspend (bsc#1012628). - drm/amdgpu: Enable Aldebaran devices to report CU Occupancy (bsc#1012628). - drm/amd/amdgpu: reserve vm invalidation engine for firmware (bsc#1012628). - drm/amd/display: Update soc bounding box for dcn32/dcn321 (bsc#1012628). - drm/amdgpu: always register an MMU notifier for userptr (bsc#1012628). - drm/amdgpu: Partially revert "drm/amdgpu: update drm_display_info correctly when the edid is read" (bsc#1012628). - drm/i915: fix TLB invalidation for Gen12 video and compute engines (bsc#1012628). - bpf: Add explicit cast to 'void *' for __BPF_DISPATCHER_UPDATE() (bsc#1012628). - Update config files. - commit d8f98b5 ++++ libX11: - U_0001-Add-XFreeThreads-function.patch U_0002-Don-t-use-pragma-inside-a-function-it-breaks-compili.patch U_0003-Fix-797755-Allow-X-IfEvent-to-reenter-libX11.patch U_0004-Indentation-fixes-around-recent-dpy-in_ifevent-chang.patch U_0005-ChkIfEv.c-fix-wrong-handling-of-dpy-in_ifevent.patch * adding all patches since 1.8.2 release in order to try fixing regressions after introducing thread safety constructor with 1.8.1 (boo#1205778, boo#1205818) - supersedes U_Fix-797755-Allow-X-IfEvent-to-reenter-libX11.patch - re-enabled thread safe constructor ++++ libtpms: - update to 0.9.5: * tpm2: Do not set RSA_FLAG_NO_BLINDING on RSA keys anymore * tpm2: Fix a potential overflow expression (coverity) * tpm2: Fix size check in CryptSecretDecrypt * tpm: #undef printf in case it is #define'd (OSS-Fuzz) * tpm2: Check return code of BN_div() * tpm2: Initialize variables due to gcc complaint (s390x, false positive) * tpm12: Initialize variables due to gcc complaint (s390x, false positive) * build-sys: Fix configure script to support _FORTIFY_SOURCE=3 ++++ python-charset-normalizer: - Update to 3.0.1 Fixed Multi-bytes cutter/chunk generator did not always cut correctly (PR #233) Changed Speedup provided by mypy/c 0.990 on Python >= 3.7 ------------------------------------------------------------------ ------------------ 2022-12-2 - Dec 2 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.40.6: + team: - Also set empty port configuration so teamd knows about the port. - Restore port configuration after teamd respawn. - Changes from version 1.40.4: + dhcp: revert restarting DHCP when MAC address changes, for example during a bond fail over. + Various documentation fixes. + Fix non-exported ABI in libnm which was wrongly present in the header files but unusable so far. + ifcfg-rh: fix writing ethtool pause settings to file. + core: set "proto static" for manual routing rules configured by NetworkManager. + Various minor bugfixes. ++++ glib2: - Update to version 2.74.3: + Fix regression in type checking `g_str_equal()` from C++ projects (glgo#GNOME/GLib#2820). + Bugs fixed: - glgo#GNOME/GLib#2820 g_str_equal: New macro version breaks compilation in C++ projects - glgo#GNOME/GLib!3096 Backport !3094 “gstrfuncs: Fix regression in C++ types accepted by g_str_equal()” to glib-2-74 - Changes from version 2.74.2: + Fix GVariant type depths checks on text format variants. + Fix an obscure corner case with FD handling in g_spawn_*() when a process has already closed the standard I/O FDs. + Fix regression in type checking on const arguments to g_str_equal(). + Bugs fixed: glgo#GNOME/GLib#2782 GVariant type depth not checked on typedecls in text format variants. glgo#GNOME/GLib#2795 [regression] gnome-keyring-daemon uses 100% CPU with glib-2.74.1. glgo#GNOME/GLib#2799 Wrong GTask tag on error return path in g_proxy_resolver_lookup_async(). glgo#GNOME/GLib#2809 g_str_equal switched to stricter API (typing). glgo#GNOME/GLib!3017 Backport !3008 “gio/gdesktopappinfo: Free the wrapped argv array on launch failure” to glib-2-74. glgo#GNOME/GLib!3038 Backport !3035 “portal: Fix broken header guard” to glib-2-74. glgo#GNOME/GLib!3039 Backport !3029 “Revert "Handling collision between standard i/o file descriptors and newly created ones" ” to glib-2-74. glgo#GNOME/GLib!3046 Backport !3045 “gproxyresolver: lookup_finish() should better parallel lookup_async()” to glib-2-74. glgo#GNOME/GLib!3063 Backport !3061 “gvariant-parser: Speed up maybe_wrapper() by an order of magnitude” to glib-2-74. glgo#GNOME/GLib!3084 Backport !3082 “gstrfuncs: Fix regression in types accepted by g_str_equal()” to glib-2-74. + Updated translations. - Drop ca905744.patch and a1151bc1.patch: Fixed upstream. - Rebase patches with quilt. ++++ libX11: - back to "--disable-thread-safety-constructor" for now; we see just too many regressions, e.g. firefox freezes and crashes, crashes with barrierc, crashes in Godot, assertions with vkquake (boo#1205818, boo#1205778) ++++ libeconf: - Update to version 0.5.0: * API calls econf_read*WithCallback supporting a general (void *) argument for user defined data with which the callback function is called. * Tagged following functions deprecated: econf_requireOwner, econf_requireGroup, econf_requirePermissions, econf_followSymlinks, econf_reset_security_settings Use one of the econf_read*WithCallback functions instead. ++++ pciutils: - update to 3.9.0: * We decode Compute Express Link (CXL) capabilities. * The tree mode of lspci is now compatible with filtering options. * When setpci is used with a named register, it checks whether the register is present in the particular header type. * Linux: The intel-conf[12] back-ends prefer to use ioperm() instead of iopl() to gain access to I/O ports. * mmio-conf1(-ext): Added a new back-end implementing the intel-conf1 interface over MMIO. This is useful on some ARM machines, but it requires manual configuration of the MMIO addresses. * As usually, updated pci.ids to the current snapshot of the database. ++++ rpm: - update to rpm-4.18.0 * documentation updates * fix query arguments containing ^ not working * add downgrade (--oldpackage) support to --freshe * add --path query for support for stateless file information * add --shell option for interactive macro shell to rpmspec * add --justdb counterpart --nodb option and matching API flag * fix intermediate symlinks not verified (CVE-2021-35939) * fix unowned directories created unsafely (bsc#1157880) (CVE-2021-35938) * fix %posttrans argument on upgrade * fix package build tree not getting removed on successful build * add new %conf spec section for build configuration * add %bcond macro as a nicer way of defining build conditionals * add new rpmuncompress cli tool * deprecate implicit "%patch number zero" syntax - refreshed patches: * brp-compress-no-img.patch * brp.diff * brpcompress.diff * db_conversion.diff * findsupplements.diff * headeradddb.diff * nextiteratorheaderblob.diff * posttrans.diff * rpmqpack.diff * rpmrc.diff * selinux_transactional_update.patch - removed patches: * dbrointerruptable.diff * leave-malloc-check-set.diff ++++ systemd: - Don't ship symlink /usr/lib/environment.d/99-environment.conf anymore. /etc/environment is owned and parsed (among other config files) by pam_env(8), which is included by 'systemd-user' PAM service anyway. ++++ python-Jinja2: - ignore 'pytest.PytestRemovedIn8Warning: Support for nose tests is deprecated and will be removed in a future release.' error from pytest 7.2 ++++ python-dasbus: - Update to dasbus-1.7 Document limitations of the DBus specification generator by @poncovka in #63 Fix testing with Travis CI by @poncovka in #68 Allow to run tests in a container by @poncovka in #69 Provide a language argument for the code blocks by @seahawk1986 in #71 Change the type of 'h' glib objects from 'File' to 'UnixFD' by @wdouglass in #70 Add functions for generating/consuming fdlists with variants by @wdouglass in #72 Use CentOS Stream for testing with Travis by @poncovka in #83 add remove dbus object function on bus and update tests by @mc18g13 in #74 properly measure coverage across multiprocess test cases by @wdouglass in #82 Extend the .coveragerc file by @poncovka in #86 Disable builds for Fedora ELN on commits by @poncovka in #85 Run tests for Debian and Ubuntu in Travis by @poncovka in #84 Fix pylint issues by @poncovka in #91 Support unixfd transfer via dbus by @wdouglass in #78 Raise TimeoutError if a DBus call times out by @poncovka in #92 UnixFD: Rename a parameter to server_arguments by @poncovka in #94 UnixFD: Revert a change in GLibClient._async_call_finish by @poncovka in #93 Don't use pylint from pip on Fedora Rawhide by @poncovka in #96 Simplify the code for replacing values of the UnixFD type by @poncovka in #95 UnixFD: Move the unit tests to a new file by @poncovka in #97 Use pylint from pip on Fedora Rawhide by @poncovka in #98 Always pull the latest container image by @poncovka in #99 CI: Run tests for all supported Python versions by @poncovka in #103 UnixFD: Move the support for Unix file descriptors to dasbus.unix by @poncovka in #100 UnixFD: Clean up tests of DBus calls with Unix file descriptors by @poncovka in #101 UnixFD: Handle DBus signals with Unix file descriptors by @poncovka in #102 Fix rpm lint warnings for OpenSUSE 15.3 by @cmcantalupo in #89 Fix bullet point lists by @poncovka in #107 Remove untracked files from the git repository interactively by @poncovka in #108 Simplify the hostname example by @poncovka in #106 UnixFD: Document the support for Unix file descriptors by @poncovka in #105 Improve the installation instruction by @poncovka in #109 ++++ python-rpm: - update to rpm-4.18.0 ++++ python-urllib3: - update to 1.26.13 * Deprecated the ``HTTPResponse.getheaders()`` and ``HTTPResponse.getheader()`` methods. * Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid. * Fixed a deprecation warning when using cryptography v39.0.0. * Removed the ``<4`` in the ``Requires-Python`` packaging metadata field. ++++ ovmf: - Add ovmf-Revert-OvmfPkg-PlatformInitLib-dynamic-mmio-window-s.patch to avoid Page-Fault exception when booting with edk2-stable202211 ovmf. (bsc#1205978) - This is a revert patch for workaround problem temporary. ------------------------------------------------------------------ ------------------ 2022-12-1 - Dec 1 2022 ------------------- ------------------------------------------------------------------ ++++ glib2-branding-openSUSE: - Adjust desktop file names of preferred applications: + evince.desktop => org.gnome.evince.desktop (since GNOME 3.30). + eog.desktop => org.gnome.eog.desktop (since GNOME 3.36). + file-roller.desktop => org.gnome.FileRoller.desktop - Fix name to impress: libreoffice-impress.destop. ++++ kernel-default: - can: slcan: fix freed work crash (bsc#1205597). - commit 1004618 - Refresh patches.suse/Input-i8042-Apply-probe-defer-to-more-ASUS-ZenBook-m.patch. Update upstream status. - commit 692368a ++++ util-linux: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ++++ xz: - Rename xz-static-devel -> xz-devel-static to follow the general naming used in openSUSE. ++++ libvirt: - Update to libvirt 8.10.0 - jsc#PED-1472 - New virt-qemu-sev-validate utility for validating the measurement reported for a domain launched with AMD SEV - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v8-10-0-2022-12-01 - Dropped patches: f81ee7b5-tests-Fix-libxlxml2domconfigtest.patch ++++ pam: - pam-git.diff: update to current git - obsoletes pam-hostnames-in-access_conf.patch - obsoletes tst-pam_env-retval.c - pam_env_econf.patch refresh ++++ python-libvirt-python: - Update to 8.10.0 - Add all new APIs and constants in libvirt 8.10.0 - jsc#PED-1472 ++++ util-linux-systemd: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ++++ vim: -Updated to version 9.0.0978, fixes the following problems * The first termcap entry of a builtin termcap is not used. * Two conditions are always false. * Coverity warns for not using return value of dict_add(). * Coverity warns for using a NULL pointer. * Using Ruby LDFLAGS may cause build problems. * Build failure with tiny version. (Tony Mechelynck) * Cannot debug the Kitty keyboard protocol with TermDebug. * Oblivion files are not recognized. * Kitty shows "already at oldest change" on startup. * Various code formatting issues. * When using dash it may not be recognize as filetype "sh". * Wrong type for "isunnamed" returned by getreginfo(). * Forked repositories send out useless email. * Still using simplified mappings when using the kitty keyboard protocol. * Crash when typing a letter in a terminal window. (Shane-XB-Qian) * CI failures in sound dummy. * Workflow Description Language files are not recognized. * Pretending to go out of Insert mode when Esc is received has side effects. * 'cursorline' causes virtual text highlight to continue. * Failures in the cursorline test. * CI: Error in Coverity flow is not reported. * Invalid memory access in substitute with function that goes to another file. * 'ttyfast' is set for arbitrary terminals. * Crash when unletting a variable while listing variables. * The pattern "\_s\zs" matches at EOL. * Trying every character position for a match is inefficient. * Eclipse preference files are not recognized. * Part of making search more efficient is missing. * Cannot detect whether modifyOtherKeys is enabled. * Libvterm does not support the XTQMODKEYS request. * Terminal tests fail when using key with modifier. * Tests fail without the terminal feature. * Messages test is flaky. * Error when using the "File Settings / Text Width" menu. * Error when using the "Tools / Spelling / Find More Languages" menu. * Using deletebufline() may jump to another window. * Virtual text below cannot be placed below empty lines. * Function name does not match autocmd event name. * Status line of other window not redrawn when dragging it when 'splitkeep' is set to "screen". * Using one window for executing autocommands is insufficient. * Some compilers don't allow a declaration after a label. * Leaking memory from autocmd windows. * GUI mouse event test is a bit flaky. * Matchparen highlight is not updated when switching buffers. * Coverity warns for uninitialized variable. * Escape sequences not recognized without the termresponse feature. * Build failure on some systems. * Kitty keyboard protocol key not decoded when it has an unsupported modifier, such as NumLock. * Even when Esc is encoded a timeout is used. * Virtual text below an empty line is misplaced when 'number' is set. ------------------------------------------------------------------ ------------------ 2022-11-30 - Nov 30 2022 ------------------- ------------------------------------------------------------------ ++++ gtk3: - Update to version 3.24.35: + GtkFontChooserWidget: Fix a critical. + GtkAccelLabel: Differentiate keypad keysyms in accelerators. + Input: - Recognize stylus devices as pens. - Fix problems with motion compression. + Windows: Build system improvements. + Wayland: - Fix problems with unreliable DND. - Use GLES if required. - Add support for titlebar gestures. - Refactor handling of IM client updates. - Fix cursor hotspots with scaled surfaces. - Use the xdg-activation protocol. - Load cursors on demand. - Fix cursor size on hi-dpi displays. + MacOS: Use a CVDisplayLink based frame clock. + Updated translations. - Drop upstream merged patch gtk3-gdkwayland-Update-selections-offer-before-updating-dnd.patch. ++++ kernel-default: - Add support for enabling livepatching related packages on -RT (jsc#PED-1706) - commit 9d41244 - char: xillybus: Fix trivial bug with mutex (bsc#1205764 CVE-2022-45888). - char: xillybus: Prevent use-after-free due to race condition (bsc#1205764 CVE-2022-45888). - char: xillybus: Fix trivial bug with mutex (bsc#1205764 CVE-2022-45888). - char: xillybus: Prevent use-after-free due to race condition (bsc#1205764 CVE-2022-45888). - commit 8ba91a0 ++++ kernel-firmware: - Update to version 20221130 (git commit 80ed874a4566): * amdgpu: update sdma_5.2.7 firmware * QCA: Add Bluetooth firmware for WCN785x This commit will add required Bluetooth firmware files for QCA WCN785x. The image version is 2.0.0-00515. * linux-firmware: update firmware for MT7916 * linux-firmware: update firmware for MT7915 * i915: Add DMC v2.08 for DG2 * amdgpu: update green sardine DMCUB firmware * i915: Add DMC v2.10 for MTL * linux-firmware: update firmware for MT7986 * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * linux-firmware: update firmware for MT7921 WiFi device - Update constraints for 8GB (bsc#1205811) ++++ libxcrypt: - Update to 4.4.33 * Fix variable name in crypt(3) for a datamember of 'struct crypt_data' * Fix -Werror=strict-overflow in lib/crypt-des.c, which is seen by GCC 12.x * Add some SHA-2 Maj() optimization in lib/alg-sha256.c * Fix -Werror=conversion in lib/alg-yescrypt-opt.c * Improvements to huge page handling in lib/alg-yescrypt-platform.c * Fix -Werror=sign-conversion in lib/alg-yescrypt-platform.c ++++ pango: - Update to version 1.50.12: + Fix weight conversion on MacOS. + Update to Unicode 15. + Some introspection annotation fixes. + Improve PangoAttrList serialization. + Fix char offset calculatiosn in multi-paragraph layouts. ++++ python-apipkg: - Generate the _version.py file in %prep to remove completely hatch-vcs from pyproject to make it build and run tests correctly - Remove python-hatch-vcs dependency - Remove python-py dependency ++++ selinux-policy: - Add fix_irqbalance.patch: support netlink socket operations (bsc#1205434) - Drop fix_irqbalance.patch: superseded by upstream ++++ setroubleshoot: - Fix dbus conf file location to /usr/share/dbus-1 ++++ timezone: - timezone update 2022g: * In the Mexican state of Chihuahua, the border strip near the US will change to agree with nearby US locations on 2022-11-30. The strip's western part, represented by Ciudad Juárez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. A new Zone America/Ciudad_Juarez splits from America/Ojinaga. * Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. * Changes for pre-1996 northern Canada * Update to past DST transition in Colombia (1993), Singapore (1981) * timegm is now supported by default ------------------------------------------------------------------ ------------------ 2022-11-29 - Nov 29 2022 ------------------- ------------------------------------------------------------------ ++++ containerd: - add devel subpackage, which is needed by open-vm-tools ++++ kernel-default: - config: arm64: Fix Freescale LPUART dependency (boo#1204063) Commit 8d7f37c61a07 inserted CONFIG_SERIAL_FSL_LPUART_CONSOLE=y but forgot to change CONFIG_SERIAL_FSL_LPUART=m to =y as dependency, as the upstream Kconfig appears to be missing it for this driver. - commit d33b52e - Refresh patches.suse/ALSA-usb-audio-Remove-redundant-workaround-for-Rolan.patch. Update upstream status. - commit ce72954 ++++ spice: - Update to v0.15.1 release * This is a bug fix release with no upstream changelog - Drop fix-build-with-gstreamer-1.20.patch ++++ python-apipkg: - Remove python_module macro definition - Update to 3.0.1: * restore tox.ini to support tox --current-env based packaging - 3.0.0 * add support for python 3.11 and drop dead pythons (thanks hukgo) * migrate to hatch * split up __init__.py * add some type annotations - 2.1.1 * drop the python 3.4 support marker, 2.1.0 broke it 2.1.0 will be yanked after release ++++ python-py: - Remove python_module macro definition - Add python-py dep for testing - Use autosetup insteado of setup + patch - More specific python_sitelib in %files ++++ ovmf: - In the PFLASH_CODE in ovmf-build-funcs.sh, Use readonly=on instead of readonly becuase we got the following message when building ovmf on SLE15-SP3/SP4 code base: [ 981s] qemu-system-x86_64: -drive if=pflash,format=raw,unit=0,readonly,file=ovmf-x86_64-ms-code.bin: warning: short-form boolean option 'readonly' deprecated [ 981s] Please use readonly=on instead [ 981s] char device redirected to /dev/pts/0 (label charserial1) ++++ suse-module-tools: - Update to version 16.0.28: * Split kernel scriptlets into separate sub-package, again (boo#1202353, boo#1205149) ------------------------------------------------------------------ ------------------ 2022-11-28 - Nov 28 2022 ------------------- ------------------------------------------------------------------ ++++ bash: - Add upstream patches * bash52-010 Bash-5.2 checks the first 128 characters of an executable file that execve() refuses to execute to see whether it's a binary file before trying to execute it as a shell script. This defeats some previously-supported use cases like "self-executing" jar files or "self-uncompressing" scripts. * bash52-011 Using timeouts and readline editing with the `read' builtin (read -e -t) can leave the readline timeout enabled, potentially resulting in an erroneous timeout on the next call. * bash52-012 When running in bash compatibility mode, nested command substitutions can leave the `extglob' option enabled. ++++ cryptsetup: - cryptsetup 2.6.0: * Introduce support for handling macOS FileVault2 devices (FVAULT2). * libcryptsetup: no longer use global memory locking through mlockall() * libcryptsetup: process priority is increased only for key derivation (PBKDF) calls. * Add new LUKS keyslot context handling functions and API. * The volume key may now be extracted using a passphrase, keyfile, or token. For LUKS devices, it also returns the volume key after a successful crypt_format call. * Fix --disable-luks2-reencryption configuration option. * cryptsetup: Print a better error message and warning if the format produces an image without space available for data. * Print error if anti-forensic LUKS2 hash setting is not available. If the specified hash was not available, activation quietly failed. * Fix internal crypt segment compare routine if the user specified cipher in kernel format (capi: prefix). * cryptsetup: Add token unassign action. This action allows removing token binding on specific keyslot. * veritysetup: add support for --use-tasklets option. This option sets try_verify_in_tasklet kernel dm-verity option (available since Linux kernel 6.0) to allow some performance improvement on specific systems. * Provide pkgconfig Require.private settings. While we do not completely provide static build on udev systems, it helps produce statically linked binaries in certain situations. * Always update automake library files if autogen.sh is run. For several releases, we distributed older automake scripts by mistake. * reencryption: Fix user defined moved segment size in LUKS2 decryption. The --hotzone-size argument was ignored in cases where the actual data size was less than the original LUKS2 data offset. * Delegate FIPS mode detection to configured crypto backend. System FIPS mode check no longer depends on /etc/system-fips file. * Update documentation, including FAQ and man pages. ++++ kernel-default: - Refresh patches.suse/misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch (CVE-2022-3424 bsc#1204166) Taken from v10 patch in char-misc subsystem tree - commit f73b1d5 - Bluetooth: L2CAP: Fix u8 overflow (CVE-2022-45934 bsc#1205796). - commit e554413 - Update to 6.1-rc7 - update configs - x86: X86_AMD_PSTATE=y (was "m") - commit bd1d686 ++++ libcontainers-common: - add requires on util-linux-systemd for findmnt in profile script - only set storage_driver env when no libpod exists - avoid quoting issue ++++ duktape: - duktape-link-m.patch: link against libm for sin() and related functions, in case the compiler with -Os creates external references. bsc#1205805 ++++ libiscsi: - Update to version 1.19.0+git.20221112: * ci/build.sh: Enable parallel compilation * ci: Fix the Appveyor Linux and Windows builds * ci: Add ci/install.bat * Add CodeQL workflow for GitHub code scanning * test-tool: remove a redundant semicolon * lib/scsi-lowlevel: Make the REPORT LUNS unmarshalling code more flexible * Fix segmentation fault problem. * Check return value of scsi_malloc in order to avoid dereferencing NULL return value. * fix iscsi-ls parameter parse * iscsi-swp: handle setting of debug_level correctly * Update iscsi-dd.c * iscsi-inq: handle setting of debug_level correctly * Retain the immediate data param during login processing ++++ ncurses: - Add ncurses patch 20221126 + fix an error in pathname of explain.txt (cf: 20200201). + fix an error in "@" command in test/ncurses.c F-menu (cf: 20190121). + improve formatting of ncurses-intro.html and hackguide.html + improve man/curs_clear.3x links to other pages ++++ python-pycairo: - Updtae to version 1.22.0: * Officially support Python 3.11. * PDFSurface.version_to_string(): Fix crash with negative versions. * typing: ImageSurface.get_stride() returns an int. * typing: Fix incorrect interface for Matrix constructor. * typing: Use Generic for Context. * docs: some cairo.Context fixes. * docs: try to make create_from_png/write_to_png more clear. * docs: add an example for how to convert a surface to pillow. * docs: cairo.Format.RGB24: document that unused bytes may be overwritten. * tests: don’t depend on specific ref counts. * tests: compatibility fixes for cairo 1.17.6. - Drop f5a795ea.patch: fixed upstream. ++++ ovmf: - Update to edk2-stable202211 (jsc#PED-1410) - Features (https://github.com/tianocore/edk2/releases): CryptoPkg remove EC PCD and merge optimized openssl libs Add GoogleTest unit test support to UnitTestFrameworkPkg Add Raw algorithm support using Arm FW-TRNG interface TDVF Lazy Accept in OvmfPkg Debug code to audit BIOS TPM extend operations Add a new feature to enable LoongArch prot for EDKII CryptoPkg: Need to add additional cipher algos and TLS API to meet WPA3 IntelFsp2(Wrapper)Pkg: Support FSP 2.4 MultiPhaseInit CryptoPkg: Need to support EC and BN API due to WPA3 feature Add PCI_DEVICE_PPI support for NvmExpressPei - Patches (git log --oneline --date-order edk2-stable202208..edk2-stable202211): fff6d81270 pip-requirements.txt: Update to edk2-pytool-extensions 0.20.0 2ddc8e1b67 pip-requirements.txt: Update to edk2-pytool-library 0.12.1 93629f2c7c ArmPkg/ArmTrngLib: Remove ASSERT in GetArmTrngVersion() 0cb30c3f5e Maintainers: Update the VmgExitLib to CcExitLib 765ba5bf05 OvmfPkg/UefiCpuPkg: Add CcExit prefix to the APIs of CcExitLib a89f558d3c OvmfPkg/UefiCpuPkg/UefiPayloadPkg: Rename VmgExitLib to CcExitLib b9e702c3c9 UefiCpuPkg/ResetVector:Add Option to reserve 4K region at 4GB 6d55ad9a59 MdePkg/Test: Add port of BaseSafeIntLib unit tests to GoogleTest 31377aba8f BaseTools/Plugin/HostBaseUnitTestRunner: Enable gtest xml output 80f097711b .pytool: Add googletest submodule to CISettings.py d4586fe3ae UnitTestFrameworkPkg/Library/CmockaLib: Generate symbol information cef0c5c684 UnitTestFrameworkPkg: Add googletest submodule and GoogleTestLib c1b073a9dc MdePkg/Include/Library: Undefine _ASSERT() if already defined 933b4c333c MdePkg/Include: Update Base.h to improve C++ compatibility 3182843f3b IntelFsp2Pkg: Improvement of supporting null UPD pointer in FSP-T c8fb724046 ArmPkg/ArmTrngLib: Fix incorrect GUID reference in DEBUG() output 3b1f3414f2 .github/workflows: Update CodeQL to install Python 3.10.6 c17c3c24d8 ShellPkg:Improved Smbios Type9 data under smbiosview 342813a3f7 pip-requirements.txt: Update edk2-pytool-library to 0.12.0 b0fd309719 edk2.qls: Allow error severity results and add new queries 179efe5d69 BaseTools: Fix wrong type of arguments to formatting functions 0be81a4d83 BaseTools/Source/C: Use /Z7 instead of /Zi for host tools 6032b46dce PrmPkg/PrmSsdtInstallDxe: Update PRMT Device CID to PNP0C02. 6c1a4a376e .github: Add initial CodeQL config and workflow files c7aecf2a4f Maintainers.txt: Add .github maintainers and reviewers 50bee4cc12 CryptoPkg: Sha1 functions causing build errors 239bcf7805 PrmPkg: Use UnitTestFrameworkPkg UEFI BS library 6e8b0b6913 UnitTestFrameworkPkg: Add UnitTestUefiBootServicesTableLib 82e70d9ac0 CryptoPkg/Readme.md: typo and grammar fixes 35043a5ec0 MdePkg/BaseLib: Fix out-of-bounds reads in SafeString b556f2445c ArmVirtPkg: Kvmtool: Add RNG support using Arm TRNG interface 9eb5ccda50 SecurityPkg/RngDxe: Add Arm support of RngDxe ff29cdb968 SecurityPkg/RngDxe: Rename AArch64/RngDxe.c 6cdddccf00 SecurityPkg/RngDxe: Add debug warning for NULL PcdCpuRngSupportedAlgorithm 863fe9e191 SecurityPkg/RngDxe: Add AArch64 RawAlgorithm support through ArmTrngLib 4b3e9d80be SecurityPkg/RngDxe: Check before advertising Cpu Rng algo 199031b2b0 SecurityPkg/RngDxe: Documentation/include/parameter cleanup 922bf317f1 SecurityPkg/RngDxe: Remove ArchGetSupportedRngAlgorithms() aade3b93fe SecurityPkg/RngDxe: Replace Pcd with Sp80090Ctr256Guid 8a89747844 SecurityPkg/RngDxe: Rename RdRandGenerateEntropy to generic name e00ec499c5 ArmPkg/ArmTrngLib: Add Arm TRNG library 351fe77666 ArmPkg: Add FID definitions for Arm TRNG ef4cf3d88d MdePkg/ArmTrngLib: Add NULL instance of Arm TRNG Library cbce5a1a93 MdePkg/ArmTrngLib: Definition for Arm TRNG library class interface 3d480a93de ArmPkg/ArmHvcLibNull: Add NULL instance of ArmHvcLib 9d8ed9c8ee ArmPkg: Sort HVC/SMC section alphbetically in ArmPkg.dsc aa0f522471 ArmPkg/ArmMonitorLib: Add ArmMonitorLib 9a50990cdb ArmPkg/ArmMonitorLib: Definition for ArmMonitorLib library class dcf8c79056 ArmPkg: PCD to select conduit for monitor calls cc650a0378 ArmPlatformPkg: Retire NorFlashDxe driver eff44c008d OvmfPkg/VmgExitLig: HALT on #VE when access to private memory 2695e49219 UefiPayloadPkg: Boot mode in PHIT HOB will not be updated ee3da09bb2 MdeModulePkg/Ufs :Coverity scan flags multiple issues in edk2-stable202205 eae9e51d98 MdeModulePkg/scsi :Coverity scan flags multiple issues in edk2-stable202205 b84f32ae5b IntelFsp2Pkg: FSP should support input UPD as NULL. cab1f02565 MdeModulePkg/PiSmmCore: SmmEntryPoint underflow (CVE-2021-38578) c46204e25f IntelFsp2Pkg: Update Function header to support IA32/X64. 957a15adaf UefiCpuPkg/SmmCpuFeaturesLib: Clean up header file inclusion in SmmStm.c ae62a6e44d UefiCpuPkg/SmmCpuFeaturesLib: Abstract arch dependent code ed8bfada03 UefiCpuPkg/SmmCpuFeaturesLib: Rename the common C file 8487ec0ee7 CryptoPkg/Test: Simplify BaseCryptLib host based unit tests b5dbf8267b pip-requirements.txt: Bump pytool extensions and library 85dba961c7 UnitTestFrameworkPkg: Support FILE_GUID override in host based unit tests 720c25ab41 OvmfPkg: Call gEdkiiMemoryAcceptProtocolGuid to accept pages 7dcc2f3870 OvmfPkg: Realize EdkiiMemoryAcceptProtocol in TdxDxe 2af33db365 MdePkg: The prototype definition of EdkiiMemoryAcceptProtocol d1e41c620f OvmfPkg: Introduce lazy accept in PlatformInitLib and PlatformPei 6ca9f410d1 ShellPkg: Update shell command memmap to show unaccepted memory 43e306806e MdeModulePkg: Update Dxe to handle unaccepted memory type 502c01c502 MdePkg: Add UEFI Unaccepted memory definition 9b648112a5 OvmfPkg: Use BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTED defined in MdeModulePkg 32c5a470ad MdePkg: Increase EFI_RESOURCE_MAX_MEMORY_TYPE 00bbb1e584 MdeModulePkg: Add PrePiHob.h df7ce74e6c RedfishPkg/RedfishDiscoverDxe: Fix memory free issue 66772bc852 Maintainers.txt: Add 'Pierre Gondois' as DynamicTablesPkg reviewer e9a3613ce0 ShellPkg/AcpiView: Update PCCT fields for ACPI 6.5 c9a4df88fd DynamicTablesPkg: Readme.md: Update available tables for generation 1729fb8a82 DynamicTablesPkg/AmlLib: Allow larger AccessSize for Pcc address space 8405b1480f DynamicTablesPkg: Add PCCT Generator dab7bac94c DynamicTablesPkg: Add PCCT related objects a5672d43a6 DynamicTablesPkg: Fix Ssdt PCI generation comments 5acd6489df DynamicTablesPkg: FdtHwInfoParserLib: Remove wrong comment 0bcd3cc06e DynamicTablesPkg: Remove deprecated APIs 2ef32f914a DynamicTablesPkg: Fix wrong/missing fields in CmObjParser a64cc43552 DynamicTablesPkg: Fix GTBlock and GTBlockTimerFrame CmObjParsers 3bcc2e22ef DynamicTablesPkg: Update CmObjParser for MinorRevision 44b7a856f0 DynamicTablesPkg: Update CmObjParser for IORT Rev E.d 48c6e7dbcd DynamicTablesPkg: Add PrintString to CmObjParser 020891f173 DynamicTablesPkg: Use correct print formatter 52199bf532 MdeModulePkg/ScsiDiskDxe: Update proper device name for ScsiDisk drive d98efb4682 UefiCpuPkg: Restore HpetTimer after CpuExceptionHandlerLib test 99338ef81e ArmVirtPkg/ArmVirtKvmTool: Migrate to OVMF's VirtNorFlashDxe b92298af82 ArmVirtPkg/ArmVirtQemu: migrate to OVMF's VirtNorFlashDxe 789a723285 OvmfPkg/VirtNorFlashDxe: use EFI_MEMORY_WC and drop AlignedCopyMem() 25589c4a76 OvmfPkg/VirtNorFlashDxe: avoid switching between modes in a tight loop ca01e6216a OvmfPkg/VirtNorFlashDxe: avoid array mode switch after each word write 83f11f9572 OvmfPkg/VirtNorFlashDxe: drop block I/O protocol implementation 68d234989b OvmfPkg/VirtNorFlashDxe: remove disk I/O protocol implementation 0a64106c56 OvmfPkg/VirtNorFlashDxe: remove CheckBlockLocked feature c1ff81f799 OvmfPkg/VirtNorFlashDxe: clone ArmPlatformPkg's NOR flash driver 16bf588b60 OvmfPkg: clone NorFlashPlatformLib into VirtNorFlashPlatformLib 115cebbe4d ArmVirtPkg/ArmVirtQemu: Clear XIP flags instead of overriding them b6efc505e4 ArmVirtPkg/ArmVirtQemu: omit PCD PEIM unless TPM support is enabled 7136d5491e ArmVirtPkg/QemuVirtMemInfoLib: use HOB not PCD to record the memory size fead469a3b ArmVirtPkg/ArmVirtQemu: avoid shadowing PEIMs unless necessary 75d2be4a37 ArmVirtPkg/ArmVirtQemu: Drop unused variable PEIM 07be1d34d9 ArmVirtPkg/ArmVirtQemu: enable initial ID map at early boot a26050f74d ArmVirtPkg/ArmVirtQemu: use first 128 MiB as permanent PEI memory 2eff4ddc77 ArmVirtPkg/ArmVirtQemu: implement ArmPlatformLib with static ID map 9ca2dc7bec ArmVirtPkg/ArmVirtQemu: wire up timeout PCD to Timeout variable 2997ae3873 ArmVirtPkg: make EFI_LOADER_DATA non-executable 9e2c88b16e Maintainers.txt: Update maintainers and reviewers for LoongArch64 9670f79937 Maintainers.txt: Update maintainers list 26638d2aa3 IntelFsp2WrapperPkg: Check header revision for MultiPhase support. 7464db4474 MdeModulePkg: Fix spelling error in PciSioSerialDxe 56035d1c8b ArmPlatformPkg/PrePeiCore: Print the firmware version early in boot db2c22633f Ps2KbdCtrller: Make wait for SUCCESS after BAT non-fatal fb493ac84e ArmPlatformPkg/PrePeiCore: permit entry with the MMU enabled b28acb22e0 ArmVirtPkg: do not enable iSCSI driver by default f4213fed34 ArmVirtPkg: remove EbcDxe from all platforms acb2acccfd BaseTools/Tests: Use quotes around PYTHON_COMMAND 4fcd5d2620 CryptoPkg/Library/OpensslLib: update auto-generated files 0882d6a32d CryptoPkg/Library/OpensslLib: Add generated flag to Accel INF d79295b5c5 CryptoPkg/Library/OpensslLib: Update process_files.pl INF generation 3b46a1e243 Revert "CryptoPkg: Update process_files.pl to auto add PCD config option" 244ce33bdd CryptoPkg: Add Readme.md 584b246e88 CryptoPkg: Fixed host-based unit tests 0c9744787e CryptoPkg: Update DSC to improve CI test coverage dfc7c3dc8c CryptoPkg: Remove PcdOpensslEcEnabled from CryptoPkg.dec a57b4c11a5 CryptoPkg/Library/OpensslLib: Remove PrintLib from INF files e75951ca89 CryptoPkg/Library/OpensslLib: Produce consistent set of APIs ea6d859b50 CryptoPkg/Library/OpensslLib: Combine all performance optimized INFs dd00f92b2f CryptoPkg/Library: Cleanup BaseCryptLib and TlsLib 961fadf60c CryptoPkg/Test/UnitTest/Library/BaseCryptLib: Unit test fixes 8f8372439d CryptoPkg/Library/BaseCryptLib: Update internal functions/variables 8437368c69 CryptoPkg/Library/BaseCryptLib: Add missing UNI file and fix format d7d9866ef4 CryptoPkg: Document and disable deprecated crypto services 4d29da411f remove GCC build warning 6fd754ec0f BaseTools: Fixed the multiple pairs brackets issue in GenFv 2355f0c09c BaseTools: Fix check for ${PYTHON_COMMAND} in Tests/GNUmakefile 913a308df9 BaseTools/Scripts/PatchCheck.py: Allow tab in Makefile c6720db5dd MdeModulePkg/XhciDxe: Add boundary check for TRB ring allocation 31b1638468 ArmPkg/ArmMmuLib: Reuse XIP MMU routines when splitting entries 999c53e2ca ArmPkg/ArmMmuLib: permit initial configuration with MMU enabled 0487cac09f ArmPkg/ArmMmuLib: Disable and re-enable MMU only when needed ab644cfac5 ArmPkg/ArmMmuLib: don't replace table entries with block entries 0f6eccdbf7 BaseTools: Add missing spaces for PCD expression values in AutoGenC 1d0ff11526 BaseTools: Correct initialization data size check for array PCDs d23eb3aa99 BaseTools/GenFds: Correct file type set for the PIC section 0a29933ea9 BaseTools: Support COMPAT16 section generation 225810a182 BaseTools: Add support for SUBTYPE_GUID section generation 81aeb94648 BaseTools: Correct BPDG tool error prints 09e74b81ba BaseTools/FMMT: Add Shrink Fv function 0e6db46b1b BaseTools/FMMT: Add Extract FV function b03dceb87f BaseTools: Remove duplicated words in Python tools c4663e7277 pip-requirement: Upgrade the edk2-basetools version from 0.1.29 to 0.1.39 9d6915ca91 UefiCpuPkg/Test: Add unit tests for MP service PPI and Protocol 6f1bb567aa UefiCpuPkg: Add R8/R9 etc in EccCheck ExceptionList 012e424601 UefiCpuPkg: Add Pei/DxeCpuExceptionHandlerLibUnitTest in dsc 055eaacc34 UefiCpuPkg: Add Unit tests for PeiCpuExceptionHandlerLib beabde5875 UefiCpuPkg: Add Unit tests for DxeCpuExceptionHandlerLib b8e54e15de UefiCpuPkg/CpuPageTableLib:Support PAE paging for PageTableParse a7e070808c UefiCpuPkg:Add RegisterExceptionHandler in PeiCpuExceptionHandlerLib d618fe05bf BaseTools: Remove duplicated words in C tools 8fc06b6e19 Fix bug on SRIOV ReservedBusNum when ARI enable. 4aa7e66c06 MdeModulePkg: Fixed extra 1 SR-IOV reserved bus e0200cc47a NetworkPkg: Add LoongArch64 architecture. 2ce4bfb843 MdeModulePkg/DxeIplPeim : LoongArch DxeIPL implementation. 380821a949 MdeModulePkg/CapsuleRuntimeDxe: Add LoongArch64 architecture. dad7fc29d9 MdeModulePkg/Logo: Add LoongArch64 architecture. ced203c3d5 MdePkg/BaseSafeIntLib: Add LoongArch64 architecture for BaseSafeIntLib. 104df6136f MdePkg/BaseSynchronizationLib: LoongArch cache related code. f89815a125 MdePkg/BaseCpuLib: LoongArch Base CPU library implementation. dbbb045ff1 MdePkg/BasePeCoff: Add LoongArch PE/Coff related code. 10d291f746 MdePkg/BaseIoLibIntrinsic: IoLibNoIo for LoongArch architecture. 264e930de0 MdePkg/BaseCacheMaintenanceLib: LoongArch cache maintenance implementation. cd24eb578b MdePkg/BaseLib: BaseLib for LOONGARCH64 architecture. f0a704f9b5 MdePkg/Include: LoongArch definitions. 76bf716a7a MdePkg: Add LoongArch LOONGARCH64 binding b1b5177a0c .pytool: Add LoongArch64 architecture on LoongArch64 EDK2 CI. ab9768cd46 .azurepipelines: Add LoongArch64 architecture on LoongArch64 EDK2 CI. bcdafe1179 BaseTools: Enable LoongArch64 architecture for LoongArch64 EDK2 CI. 114e6075b6 BaseTools: Add LoongArch64 binding. c53807cb7b BaseTools: Updated build tools to support new LoongArch. cb4f1dfcc1 BaseTools: Updated for GCC5 tool chain for LoongArch platfrom. 1aa311d175 BaseTools: Update GenFw/GenFv to support LoongArch platform. 082b563fc4 .python/SpellCheck: Add "Loongson" and "LOONGARCH" to "words" section 10daf3ee24 MdeModulePkg: Use LockBoxNullLib for LOONGARCH64 23d873f4cf MdePkg/DxeServicesLib: Add LOONGARCH64 architecture 6e1ddbab8d UnitTestFrameworkPkg: Add LOONGARCH64 architecture for EDK2 CI. 78b081334e ShellPkg: Add LOONGARCH64 architecture for EDK2 CI. 711ee4103a SecurityPkg: Add LOONGARCH64 architecture for EDK2 CI. d2c0d52ed6 MdePkg/Include: Add LOONGARCH related definitions EDK2 CI. c5f4b4fd03 CryptoPkg: Add LOONGARCH64 architecture for EDK2 CI. ee2ea7868a NetworkPkg/HttpBootDxe: Add LOONGARCH64 architecture for EDK2 CI. ad8f2b7251 NetworkPkg: Add LOONGARCH64 architecture for EDK2 CI. 2067672ded FmpDevicePkg: Add LOONGARCH64 architecture for EDK2 CI. d8c073c89b FatPkg: Add LOONGARCH64 architecture for EDK2 CI. e25963d458 MdePkg: Added LoongArch jump buffer register definition to MdePkg.ci.yaml 0371178d0b MdePkg: Added file of DebugSupport.h to MdePkg.ci.yaml 5bd2dbc698 UefiPayloadPkg: Remove deprecate Crypto Service e7d7f02c8e CryptoPkg: add Unit Test for X509 new function. 22745df666 CryptoPkg: add new X509 function to Crypto Service. 8ecae3d641 CryptoPkg: add new X509 function. 190f77f8f4 CryptoPkg: add new X509 function definition. 0371032289 CryptoPkg: add unit test for EC key interface. 69a50a249b CryptoPkg: Add EC key interface to DXE and protocol f21a1d48fe CryptoPkg: Add EC key retrieving and signature interface. f80580f56b OvmfPkg/VirtioNetDxe: Check ChildHandle argument in GetControllerName 8db4e9f9a0 CryptoPkg: Add new Tls APIs to DXE and protocol bb78d969b7 CryptoPkg: Extend Tls function library cafc573ac0 MdePkg: Add Tls configuration related define 3c9e2f239a CryptoPkg: Fix integer overflow de103f1981 MdeModulePkg: Handle InitialVFs=0 case for SR-IOV 4364d66168 UefiCpuPkg: Reset a parameter when BSP Exit in CPU relaxed mode. a670f12a74 UefiCpuPkg/CpuExceptionHandlerLib: Code optimization to allow bigger stack 406ad0582a OvmfPkg: rename QemuBootOrderNNNN to VMMBootOrderNNNN 3361336607 Revert "OvmfPkg/Microvm: no secure boot" 8916a4f67f OvmfPkg/Microvm: add SECURE_BOOT_FEATURE_ENABLED 9e6b552b4c OvmfPkg/PciHotPlugInitDxe: reserve more mmio space ecb778d0ac OvmfPkg/PlatformInitLib: dynamic mmio window size bbda386d25 OvmfPkg/PlatformInitLib: detect physical address space 8f9ef9c9a0 OvmfPkg/PlatformInitLib: qemu cpuid physbits detection 5ff7d712d4 MdeModulePkg/UefiBootManagerLib: Add Disk Info support for Ufs 710f83b79d .azurepipelines: Add SourceLevelDebugPkg to CI cf01fdd5d7 SourceLevelDebugPkg: Add package CI YAML file d6d4a81f8a SourceLevelDebugPkg: Fix spelling errors 1bd2ff1866 IntelFsp2WrapperPkg: Remove CI exception of PlatformMultiPhaseLib. f054beec54 IntelFsp2WrapperPkg: Add header for PlatformMultiPhaseLib. f931506815 .azurepipelines: Add SignedCapsulePkg to CI b3d379d188 SignedCapsulePkg: Add package CI YAML file 769879e2a6 .azurepipelines: Add IntelFsp2Pkg and IntelFsp2WrapperPkg to CI 9ecab62d40 IntelFsp2WrapperPkg: Add CI YAML file 7c424c28b0 IntelFsp2WrapperPkg: Fix code formatting errors 28b16c01cf IntelFsp2Pkg: Add CI YAML file a62bd922aa IntelFsp2Pkg/BaseFspMultiPhaseLib: Replace duplicate GUID 629709a51d IntelFsp2Pkg: Fix code formatting errors 12973359d0 EmbeddedPkg: Only run in CI for GCC5 43c1111530 EmbeddedPkg: Add CI YAML file 51e0599536 EmbeddedPkg/AcpiLib: Fix code formatting errors f01d3ee12c BaseTools/VolInfo: Update file and section type strings b6d324e06b BaseTools/VolInfo: Update copyright information 4e1133b946 BaseTools/VolInfo: Parse apriori files c24328ca62 BaseTools/VolInfo: Increase GUID base name string 8be33c6544 BaseTools/VolInfo: Fix EFI_SECTION_GUID_DEFINED parsing 9fc029ee62 BaseTools/VolInfo: Correct buffer for GenCrc32 tool 6a2b20ff97 MdeModulePkg/NonDiscoverablePciDeviceDxe: Allow partial FreeBuffer 7aa06237b8 SecurityPkg: Remove enforcement of final GoIdle transition for CRB commands b7213bbd59 OvmfPkg/QemuBootOrderLib: skip unsupported entries in StoreQemuBootOrder d63242bd69 OvmfPkg/QemuBootOrderLib: allow slash in rom filenames 2a0bd3bffc OvmfPkg/PlatformInitLib: q35 mtrr setup fix 3c0d567c37 UefiPayloadPkg: Provide a wrapper for UniversalPayloadBuild.py f4d539007c OvmfPkg/PeilessStartupLib: move mPageTablePool to stack b3dd9cb836 MdeModulePkg/XhciDxe: Input context update for Evaluate Context command 96f3efbd99 IntelFsp2WrapperPkg: Implement FSP 2.4 MultiPhase wrapper handlers. d97ee3244d CryptoPkg/Test: Add unit test for CryptoEc 2157a23a86 CryptoPkg: Add ECC related usage reference 3b382f5b38 CryptoPkg: Add EC APIs to DXE and protocol 988e4d8f5e CryptoPkg: Add EC support 0e7aa6bf9e CryptoPkg: Fix pem heap-buffer-overflow due to BIO_snprintf() 582a7c9995 CryptoPkg: Add missing library mappings to DSC file ef9974b298 EmbeddedPkg/PrePi: Check for enough space before aligning heap pointer 2500ce1011 DynamicTablesPkg: SSDT CPU _CPC generator 58350c0055 DynamicTablesPkg: AML Code generation to add _CPC entries 09c90532e7 DynamicTablesPkg: Add CM_ARM_CPC_INFO object 953438e466 ArmPkg/SmbiosMiscDxe: Get SMBIOS information from OemMiscLib e5eb0e3347 ArmPkg/SmbiosMiscDxe: Remove redundant updates in SMBIOS Type 2 7d74ea141e ArmPkg/SmbiosMiscDxe: Fix typo of "AssetTagType02" 130b649a8b ArmPkg/SmbiosMiscDxe: Support fetching System UUID 11b5093ce4 ArmPkg: Correct return value of "SMCCC_ARCH_SOC_ID" Function ID call 8467a263f9 ArmPkg/ProcessorSubClassDxe: Get processor version from OemMiscLib a8e8c43a0e CryptoPkg/OpensslLib: Update generated files for native X64 4102950a21 CryptoPkg/OpensslLib: Commit the auto-generated assembly files for IA32 03f708090b CryptoPkg/OpensslLib: Add native instruction support for IA32 0c9d4ad788 CryptoPkg/Test: Add unit test for CryptoBn 42951543dd CryptoPkg: Add BigNum API to DXE and protocol fd0ad0c346 CryptoPkg: Add BigNum support 5f403cdc6a CryptoPkg: add UnitTest for AeadAesGcm. 022787f806 CryptoPkg: add AeadAesGcm to Crypto Service. a23f76e184 CryptoPkg: add AeadAesGcm support. acbc5747bc CryptoPkg: add AeadAesGcm function() definition. b19793a2ec CryptoPkg: add Hkdf UnitTest. e919c390e8 CryptoPkg: add new Hkdf api to Crypto Service. 11b24ef0d7 CryptoPkg: add new Hkdf api in Crypt Lib. 1336476233 CryptoPkg: add new Hkdf api definition in Crypt Lib. f3c69cb5a1 CryptoPkg: add Hmac Sha384 to host UnitTest. 3f77ccb9c8 CryptoPkg: Add new hmac SHA api to Crypto Service. cbb3b6b950 CryptoPkg: Update CryptLib inf as the file name changed. 0b1a1bdc30 CryptoPkg: Add HMAC-SHA384 cipher support. 7bb42e3249 CryptoPkg: Add new hmac definition to cryptlib 238f5f9544 RedfishPkg/JsonLib: Fix JsonLib build failure 6f340acfb1 CryptoPkg/BaseCryptLib:Remove redundant init dd1e20b3c2 nasm_ext_dep.yaml: Remove leading zero in patch version 62f00dad22 BaseTools: Edk2ToolsBuild: Fixing pipeline build due to path too long 2c17d676e4 Maintainers.txt: Update email address 415fc406d6 UefiPayloadPkg/PayloadLoaderPeim: remove GCC build warning 3184e44df1 Maintainers.txt: Update maintainers/reviewers for CI and Test f46c7d1e36 IntelFsp2Pkg: Fix FspSecCoreI build failure. 981bf66d5a IntelFsp2Pkg: NvsBufferPtr is missing in Fsp24ApiEntryM.nasm 8c92a9508e DynamicTablesPkg: AcpiSsdtPcieLibArm: Allow use of segment number as UID 45297e6c9b BaseTools: 64bit FSP FV map file cannot be created correctly 1dccbd1a38 MdeModulePkg/AhciPei: Fix MMIO base assignment 838c730fe6 MdeModulePkg SmbiosMeasurementDxe: Add Type4 CurrentSpeed to filter table db7afaee91 MdeModulePkg: Use configurable PCD for AHCI command retries 970e262949 OvmfPkg: Allow runtime control of IPv4 and IPv6 support on QEMU d933ec115b OvmfPkg: gather common NetworkComponents overrides in .dsc.inc file 477b5b7d55 OvmfPkg: Introduce alternate UefiDriverEntrypoint to inhibit driver load 34969dd260 ArmPkg, ArmVirtPkg: put SpellCheck in AuditOnly mode cdb80a281f OvmfPkg/LegacyBootManagerLib: Fix debug macro arguments 8fdb4de628 NetworkPkg/TcpDxe: Fix debug macro arguments e8a537d28d DynamicTablesPkg/AcpiPpttLibArm: Fix debug macro arguments e495b1009a SecurityPkg/SmmTcg2PhysicalPresenceLib: Add missing debug print specifier c403de7bd4 RedfishPkg/RedfishRestExDxe: Remove extra debug macro argument 1096a9b04b MdeModulePkg: Fix imbalanced debug macros b4036b52b1 FatPkg/FatPei: Remove extraneous debug message argument 917a7e3f34 ArmPlatformPkg/NorFlashDxe: Remove unused debug print specifier 7b8f69d7e1 BaseTools/GenFw AARCH64: Convert more types of explicit GOT references d82ec90f51 pip-requirement: Upgrade the edk2-basetools version from 0.1.28 to 0.1.29 8465fd59d3 OvmfPkg: Update I/O port related to ACPI devices for CloudHv 54c8d5e432 UefiPayloadPkg: Allow DxeMain.inf to consume the new SerialPortLib 11a04bb4a6 UefiPayloadPkg: Implement a new SerialPortLib instance 512042eba8 OvmfPkg/QemuVideoDxe: fix bochs mode init 314799a926 pip-requirement: Upgrade the edk2-basetools version from 0.1.24 to 0.1.28 3d35a6c243 IntelFsp2Pkg: Adopt FSP 2.4 MultiPhase functions. 5eeb088ad6 OvmfPkg/QemuBootOrderLib: add StoreQemuBootOrder() db463e8e9d CloudHv/arm: switch PeiMemLib to its own dba79765c4 CloudHv/arm: add PeiMemInfoLib 520ba8e306 OvmfPkg/OvmfPkg*.dsc: Increase ACPI Reclaim memory size 18b5b14932 OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Sev guest f7da805b50 RedfishPkg/RedfishDiscoverDxe: Install protocol on each network interface 39596c41c8 OvmfPkg: Add build-flag SECURE_BOOT_FEATURE_ENABLED 3abaa281d3 OvmfPkg/TdxDxe: Set PcdEmuVariableNvStoreReserved 70165fa6e2 OvmfPkg/NvVarsFileLib: Shortcut ConnectNvVarsToFileSystem in secure-boot ee91d9ef24 OvmfPkg: Reserve and init EmuVariableNvStore in Pei-less Startup 58eb8517ad OvmfPkg/PlatformPei: Update ReserveEmuVariableNvStore 4f173db8b4 OvmfPkg/PlatformInitLib: Add functions for EmuVariableNvStore 0e72e8762a OvmfPkg/PeilessStartupLib: Delete TdxValidateCfv fb008dbe01 EmbeddedPkg: Add AllocateRuntimePages in PrePiMemoryAllocationLib 7cc7c52670 OvmfPkg: Set default Pci PCDs in Tdx guest 1b1c58ab32 OvmfPkg: Update CcProbeLib to DxeCcProbeLib c4bc1a9498 OvmfPkg: Add SecPeiCcProbeLib c05a218a97 EmbeddedPkg/GdbSerialDebugPortLib: fix compile warning b5d1dc94d0 OvmfPkg: increase max debug message length to 512 1a24f5fb12 OvmfPkg/BhyvePkg: use correct PlatformSecureLib a4037690d9 EmbeddedPkg: Remove duplicated words 05db766bee ArmPkg: Remove duplicated words 1926702c95 ArmPlatformPkg: Remove duplicated words 6dc4ac1347 ArmVirtPkg: Remove duplicated words e87ac5ef49 OvmfPkg: Remove duplicated words 0ccf955674 StandaloneMmPkg: Remove duplicated words 22c45b7c52 ArmPlatformPkg/PrePeiCore: Invoke constructors for SEC phase 52bf4eba45 ArmPkg: Handle warm reboot request correctly aefcc91805 OvmfPkg/PlatformDxe: Handle all requests in ExtractConfig and RouteConfig 165b5bcd68 OvmfPkg/PlatformDxe: Check RouteConfig arguments for spec compliance e61f3f4ef1 OvmfPkg: Add BUILD_SHELL flag for IA32, IA32X64, X64 08522341c4 UefiPayloadPkg: To replace the libraries for the capsule driver. ec87181192 IntelFsp2WrapperPkg: Rename PlatformMultiPhaseLibSample. 6edd257861 IntelFsp2WrapperPkg: Remove duplicated words ac55fcb051 DynamicTablesPkg: Fix typo in AmlCodeGenRdMemory32Fixed doxygen comment 7719bc3f71 DynamicTablesPkg: Fix nested processor containers 0a4079ad86 DynamicTablesPkg: AcpiSsdtPcieLibArm : Add UID to slot creation b9bb27e1ff DynamicTablesPkg: Add support to build _DSD 033ba8bb29 DynamicTablesPkg: AcpiSsdtPcieLibArm: Added function to reserve ECAM space 5236d47854 DynamicTablesPkg: DynamicTableManagerDxe: Added check for installed tables d9c8a9cf11 DynamicTablesPkg: DynamicPlatRepoLib: Adding more token fixers b18c0905ee DynamicTablesPkg: DynamicPlatRepoLib: Fix incorrect dereferencing 2081054636 DynamicTablesPkg: DynamicPlatRepoLib: Added MemoryAllocationLib to inf 9ca7ece8b3 MdeModulePkg/NvmExpressPei: Use PCI_DEVICE_PPI to manage Nvme device 31a94f7fba IntelFsp2WrapperPkg: Add FSP 2.4 MultiPhase interface. df25a5457f IntelFsp2Pkg: Add FSP 2.4 MultiPhase interface. 4b7bd4c591 UefiCpuPkg: Enhance logic in InitializeMpExceptionStackSwitchHandlers 9ab2b34dd4 UefiCpuPkg: Use Top of each AP's stack to save CpuMpData 76cf3d35e6 UefiCpuPkg: Simplify the implementation when separate exception stacks d1abb876f4 UefiCpuPkg/MpInitLib: Simplify logic in SwitchBsp 76ec17526b UefiCpuPkg: Add PCD to control SMRR enable & SmmFeatureControl support 367604b2f4 UefiCpuPkg/MpInitLib: Fix potential issue when IDT table is at above 4G 3c06953fd7 ShellPkg: Adds Local APIC parser to AcpiView 04ecdc38cd UefiCpuPkg/CpuPageTableLib/UnitTest: Add host based unit test 383d34159d .azurepipelines: Use Python 3.10.6+ 227a133a0a Maintainers.txt: Update Maintainers/reviewers for universal payload - Removed patches which are merged to mainline: - ovmf-add-exclude-shell-flag.patch to add BUILD_SHELL flag for IA32, IA32X64, X64 - e61f3f4ef1 edk2-stable202211~354 - Modified shim.spec, use BUILD_SHELL instead of EXCLUDE_SHELL - Remove "-D EXCLUDE_SHELL" from ovmf-x86_64 and ovmf-x86_64-smm. - Add "-D BUILD_SHELL=FALSE" to ovmf-x86_64 and ovmf-x86_64-smm. - ovmf-bsc1199156-OvmfPkg-IncompatiblePciDeviceSupportDxe-Ignore-Optio.patch to ovmf to ignore OptionRom in Sev guest - 18b5b14932 edk2-stable202211~328 ++++ virt-manager: - bsc#1205675 - [Build 20221122] virt-install: Specifying --boot no longer implies no_install=yes 1cb0be40-virtinstall-split-no_install-conditional-apart-to-track-code-coverage.patch e94786c0-virtinstall-fix-regression-with-boot-and-no-install-method.patch ------------------------------------------------------------------ ------------------ 2022-11-26 - Nov 26 2022 ------------------- ------------------------------------------------------------------ ++++ ansible-core: - fix boo#1204320 - do no longer exclude %{ansible_python_sitelib}/ansible_test - create subpackage for ansible-test - remove Conflicts for ansible-test ++++ iputils: - Update to version 20221126 https://github.com/iputils/iputils/releases/tag/20221126 - Update configure variables (ninfod, rarpd and rdisc were removed from upstream in next release => remove -DBUILD_NINFOD=false -DBUILD_RARPD=false - DBUILD_RDISC=false) - Remove 2 backported fixes from this release 0001-ping-Add-SA_RESTART-to-sa_flags.patch 0002-ping-Make-ping_rts-struct-static.patch ++++ kernel-default: - Linux 6.0.10 (bsc#1012628). - mtd: rawnand: qcom: handle ret from parse with codeword_fixup (bsc#1012628). - drm/msm/gpu: Fix crash during system suspend after unbind (bsc#1012628). - spi: tegra210-quad: Fix combined sequence (bsc#1012628). - ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe" (bsc#1012628). - ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe" (bsc#1012628). - ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe" (bsc#1012628). - ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (bsc#1012628). - ASoC: rt5682s: Fix the TDM Tx settings (bsc#1012628). - ASoC: rt1019: Fix the TDM settings (bsc#1012628). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (bsc#1012628). - spi: intel: Fix the offset to get the 64K erase opcode (bsc#1012628). - ASoC: codecs: jz4725b: add missed Line In power control bit (bsc#1012628). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (bsc#1012628). - ASoC: codecs: jz4725b: use right control for Capture Volume (bsc#1012628). - ASoC: codecs: jz4725b: fix capture selector naming (bsc#1012628). - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (bsc#1012628). - selftests/futex: fix build for clang (bsc#1012628). - selftests/intel_pstate: fix build for ARCH=x86_64 (bsc#1012628). - selftests/kexec: fix build for ARCH=x86_64 (bsc#1012628). - ASoC: Intel: sof_rt5682: Add quirk for Rex board (bsc#1012628). - ASoC: rt1308-sdw: add the default value of some registers (bsc#1012628). - ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo ThinkBook 16 Gen 4+ ARA to the Quirks List (bsc#1012628). - ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table (bsc#1012628). - drm/amdgpu: Adjust MES polling timeout for sriov (bsc#1012628). - platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1012628). - platform/x86/intel: pmc/core: Add Raptor Lake support to pmc core driver (bsc#1012628). - drm/amd/display: Remove wrong pipe control lock (bsc#1012628). - drm/amd/display: Don't return false if no stream (bsc#1012628). - drm/scheduler: fix fence ref counting (bsc#1012628). - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (bsc#1012628). - cxl/mbox: Add a check on input payload size (bsc#1012628). - RDMA/efa: Add EFA 0xefa2 PCI ID (bsc#1012628). - btrfs: raid56: properly handle the error when unable to find the missing stripe (bsc#1012628). - NFSv4: Retry LOCK on OLD_STATEID during delegation return (bsc#1012628). - SUNRPC: Fix crasher in gss_unwrap_resp_integ() (bsc#1012628). - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (bsc#1012628). - drm/rockchip: vop2: fix null pointer in plane_atomic_disable (bsc#1012628). - drm/rockchip: vop2: disable planes when disabling the crtc (bsc#1012628). - ksefltests: pidfd: Fix wait_states: Test terminated by timeout (bsc#1012628). - powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1012628). - block: blk_add_rq_to_plug(): clear stale 'last' after flush (bsc#1012628). - firmware: arm_scmi: Cleanup the core driver removal callback (bsc#1012628). - firmware: arm_scmi: Make tx_prepare time out eventually (bsc#1012628). - i2c: tegra: Allocate DMA memory for DMA engine (bsc#1012628). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (bsc#1012628). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (bsc#1012628). - btrfs: remove pointless and double ulist frees in error paths of qgroup tests (bsc#1012628). - drm/amd/display: Ignore Cable ID Feature (bsc#1012628). - drm/amd/display: Enable timing sync on DCN32 (bsc#1012628). - drm/amdgpu: set fb_modifiers_not_supported in vkms (bsc#1012628). - drm/amd: Fail the suspend if resources can't be evicted (bsc#1012628). - drm/amd/display: Fix DCN32 DSC delay calculation (bsc#1012628). - drm/amd/display: Use forced DSC bpp in DML (bsc#1012628). - drm/amd/display: Round up DST_after_scaler to nearest int (bsc#1012628). - drm/amd/display: Investigate tool reported FCLK P-state deviations (bsc#1012628). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (bsc#1012628). - cxl/pmem: Use size_add() against integer overflow (bsc#1012628). - x86/cpu: Add several Intel server CPU model numbers (bsc#1012628). - tools/testing/cxl: Fix some error exits (bsc#1012628). - cifs: always iterate smb sessions using primary channel (bsc#1012628). - ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" (bsc#1012628). - arm64/mm: fold check for KFENCE into can_set_direct_map() (bsc#1012628). - arm64: fix rodata=full again (bsc#1012628). - hugetlb: rename remove_huge_page to hugetlb_delete_from_page_cache (bsc#1012628). - hugetlbfs: don't delete error page from pagecache (bsc#1012628). - KVM: SVM: remove dead field from struct svm_cpu_data (bsc#1012628). - KVM: SVM: do not allocate struct svm_cpu_data dynamically (bsc#1012628). - KVM: SVM: restore host save area from assembly (bsc#1012628). - KVM: SVM: move MSR_IA32_SPEC_CTRL save/restore to assembly (bsc#1012628). - arm64: dts: qcom: ipq8074: correct APCS register space size (bsc#1012628). - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (bsc#1012628). - arm64: dts: qcom: sa8295p-adp: Specify which LDO modes are allowed (bsc#1012628). - arm64: dts: qcom: sc8280xp-crd: Specify which LDO modes are allowed (bsc#1012628). - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (bsc#1012628). - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (bsc#1012628). - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (bsc#1012628). - arm64: dts: qcom: sc8280xp: fix ufs_card_phy ref clock (bsc#1012628). - arm64: dts: qcom: sc8280xp: correct ref clock for ufs_mem_phy (bsc#1012628). - arm64: dts: qcom: sc8280xp: fix USB0 PHY PCS_MISC registers (bsc#1012628). - arm64: dts: qcom: sc8280xp: fix USB1 PHY RX1 registers (bsc#1012628). - arm64: dts: qcom: sc8280xp: fix USB PHY PCS registers (bsc#1012628). - arm64: dts: qcom: sc8280xp: drop broken DP PHY nodes (bsc#1012628). - arm64: dts: qcom: sc8280xp: fix UFS PHY serdes size (bsc#1012628). - arm64: dts: qcom: sc7280: Add the reset reg for lpass audiocc on SC7280 (bsc#1012628). - spi: stm32: Print summary 'callbacks suppressed' message (bsc#1012628). - ARM: dts: at91: sama7g5: fix signal name of pin PB2 (bsc#1012628). - ASoC: core: Fix use-after-free in snd_soc_exit() (bsc#1012628). - ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (bsc#1012628). - arm64: dts: qcom: sm8250: Disable the not yet supported cluster idle state (bsc#1012628). - ASoC: tas2770: Fix set_tdm_slot in case of single slot (bsc#1012628). - ASoC: tas2764: Fix set_tdm_slot in case of single slot (bsc#1012628). - ASoC: tas2780: Fix set_tdm_slot in case of single slot (bsc#1012628). - ARM: at91: pm: avoid soft resetting AC DLL (bsc#1012628). - serial: 8250: omap: Fix missing PM runtime calls for omap8250_set_mctrl() (bsc#1012628). - serial: 8250_omap: remove wait loop from Errata i202 workaround (bsc#1012628). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (bsc#1012628). - serial: 8250: omap: Flush PM QOS work on remove (bsc#1012628). - tty: serial: fsl_lpuart: don't break the on-going transfer when global reset (bsc#1012628). - serial: imx: Add missing .thaw_noirq hook (bsc#1012628). - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (bsc#1012628). - ASoC: rt5514: fix legacy dai naming (bsc#1012628). - ASoC: rt5677: fix legacy dai naming (bsc#1012628). - bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() (bsc#1012628). - bnxt_en: refactor bnxt_cancel_reservations() (bsc#1012628). - bnxt_en: fix the handling of PCIE-AER (bsc#1012628). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (bsc#1012628). - pinctrl: rockchip: list all pins in a possible mux route for PX30 (bsc#1012628). - mtd: onenand: omap2: add dependency on GPMC (bsc#1012628). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (bsc#1012628). - sctp: remove the unnecessary sinfo_stream check in sctp_prsctp_prune_unsent (bsc#1012628). - sctp: clear out_curr if all frag chunks of current msg are pruned (bsc#1012628). - erofs: clean up .read_folio() and .readahead() in fscache mode (bsc#1012628). - erofs: get correct count for unmapped range in fscache mode (bsc#1012628). - block: sed-opal: kmalloc the cmd/resp buffers (bsc#1012628). - nfsd: put the export reference in nfsd4_verify_deleg_dentry (bsc#1012628). - bpf: Fix memory leaks in __check_func_call (bsc#1012628). - io_uring: calculate CQEs from the user visible value (bsc#1012628). - pinctrl: mediatek: common-v2: Fix bias-disable for PULL_PU_PD_RSEL_TYPE (bsc#1012628). - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (bsc#1012628). - nvmet: fix a memory leak (bsc#1012628). - siox: fix possible memory leak in siox_device_add() (bsc#1012628). - parport_pc: Avoid FIFO port location truncation (bsc#1012628). - selftests/bpf: Fix casting error when cross-compiling test_verifier for 32-bit platforms (bsc#1012628). - selftests/bpf: Fix test_progs compilation failure in 32-bit arch (bsc#1012628). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (bsc#1012628). - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (bsc#1012628). - drm/panel: simple: set bpc field for logic technologies displays (bsc#1012628). - drm/drv: Fix potential memory leak in drm_dev_init() (bsc#1012628). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (bsc#1012628). - arm64: dts: imx8mm-tqma8mqml-mba8mx: Fix USB DR (bsc#1012628). - ARM: dts: imx7: Fix NAND controller size-cells (bsc#1012628). - arm64: dts: imx8mm: Fix NAND controller size-cells (bsc#1012628). - erofs: put metabuf in error path in fscache mode (bsc#1012628). - arm64: dts: imx8mn: Fix NAND controller size-cells (bsc#1012628). - arm64: dts: imx93-pinfunc: drop execution permission (bsc#1012628). - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (bsc#1012628). - ata: libata-transport: fix error handling in ata_tport_add() (bsc#1012628). - ata: libata-transport: fix error handling in ata_tlink_add() (bsc#1012628). - ata: libata-transport: fix error handling in ata_tdev_add() (bsc#1012628). - nfp: change eeprom length to max length enumerators (bsc#1012628). - MIPS: fix duplicate definitions for exported symbols (bsc#1012628). - MIPS: Loongson64: Add WARN_ON on kexec related kmalloc failed (bsc#1012628). - io_uring/poll: fix double poll req->flags races (bsc#1012628). - cifs: Fix connections leak when tlink setup failed (bsc#1012628). - bpf: Initialize same number of free nodes for each pcpu_freelist (bsc#1012628). - ata: libata-core: do not issue non-internal commands once EH is pending (bsc#1012628). - net: bgmac: Drop free_netdev() from bgmac_enet_remove() (bsc#1012628). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (bsc#1012628). - net: hinic: Fix error handling in hinic_module_init() (bsc#1012628). - net: phy: dp83867: Fix SGMII FIFO depth for non OF devices (bsc#1012628). - net: stmmac: ensure tx function is not running in stmmac_xdp_release() (bsc#1012628). - mctp i2c: don't count unused / invalid keys for flow release (bsc#1012628). - soc: imx8m: Enable OCOTP clock before reading the register (bsc#1012628). - net: liquidio: release resources when liquidio driver open failed (bsc#1012628). - mISDN: fix misuse of put_device() in mISDN_register_device() (bsc#1012628). - net: macvlan: Use built-in RCU list checking (bsc#1012628). - net: caif: fix double disconnect client in chnl_net_open() (bsc#1012628). - bnxt_en: Remove debugfs when pci_register_driver failed (bsc#1012628). - octeon_ep: delete unnecessary napi rollback under set_queues_err in octep_open() (bsc#1012628). - octeon_ep: ensure octep_get_link_status() successfully before octep_link_up() (bsc#1012628). - octeon_ep: fix potential memory leak in octep_device_setup() (bsc#1012628). - octeon_ep: ensure get mac address successfully before eth_hw_addr_set() (bsc#1012628). - drm/lima: Fix opp clkname setting in case of missing regulator (bsc#1012628). - net: mhi: Fix memory leak in mhi_net_dellink() (bsc#1012628). - net: dsa: make dsa_master_ioctl() see through port_hwtstamp_get() shims (bsc#1012628). - xen/pcpu: fix possible memory leak in register_pcpu() (bsc#1012628). - erofs: fix missing xas_retry() in fscache mode (bsc#1012628). - mlxsw: Avoid warnings when not offloaded FDB entry with IPv6 is removed (bsc#1012628). - net: ionic: Fix error handling in ionic_init_module() (bsc#1012628). - kcm: close race conditions on sk_receive_queue (bsc#1012628). - net: ena: Fix error handling in ena_init() (bsc#1012628). - net: hns3: fix incorrect hw rss hash type of rx packet (bsc#1012628). - net: hns3: fix return value check bug of rx copybreak (bsc#1012628). - net: hns3: fix setting incorrect phy link ksettings for firmware in resetting process (bsc#1012628). - bridge: switchdev: Fix memory leaks when changing VLAN protocol (bsc#1012628). - drbd: use after free in drbd_create_device() (bsc#1012628). - platform/x86/intel: pmc: Don't unconditionally attach Intel PMC when virtualized (bsc#1012628). - platform/surface: aggregator: Do not check for repeated unsequenced packets (bsc#1012628). - netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1012628). - netfs: Fix dodgy maths (bsc#1012628). - cifs: add check for returning value of SMB2_close_init (bsc#1012628). - net: ag71xx: call phylink_disconnect_phy if ag71xx_hw_enable() fail in ag71xx_open() (bsc#1012628). - net/x25: Fix skb leak in x25_lapb_receive_frame() (bsc#1012628). - net: dsa: don't leak tagger-owned storage on switch driver unbind (bsc#1012628). - nvmet: fix a memory leak in nvmet_auth_set_key (bsc#1012628). - cifs: Fix wrong return value checking when GETFLAGS (bsc#1012628). - net: lan966x: Fix potential null-ptr-deref in lan966x_stats_init() (bsc#1012628). - net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start() (bsc#1012628). - net: thunderbolt: Fix error handling in tbnet_init() (bsc#1012628). - s390: avoid using global register for current_stack_pointer (bsc#1012628). - cifs: add check for returning value of SMB2_set_info_init (bsc#1012628). - netdevsim: Fix memory leak of nsim_dev->fa_cookie (bsc#1012628). - block: make dma_alignment a stacking queue_limit (bsc#1012628). - dm-crypt: provide dma_alignment limit in io_hints (bsc#1012628). - ftrace: Fix the possible incorrect kernel message (bsc#1012628). - ftrace: Optimize the allocation for mcount entries (bsc#1012628). - ftrace: Fix null pointer dereference in ftrace_add_mod() (bsc#1012628). - ring_buffer: Do not deactivate non-existant pages (bsc#1012628). - tracing: Fix memory leak in tracing_read_pipe() (bsc#1012628). - tracing/ring-buffer: Have polling block on watermark (bsc#1012628). - tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (bsc#1012628). - tracing: Fix wild-memory-access in register_synth_event() (bsc#1012628). - tracing: Fix race where eprobes can be called before the event (bsc#1012628). - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (bsc#1012628). - tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (bsc#1012628). - rethook: fix a potential memleak in rethook_alloc() (bsc#1012628). - platform/x86/amd: pmc: Remove more CONFIG_DEBUG_FS checks (bsc#1012628). - platform/x86/amd: pmc: Add new ACPI ID AMDI0009 (bsc#1012628). - drm/amd/pm: enable runpm support over BACO for SMU13.0.7 (bsc#1012628). - drm/amd/pm: enable runpm support over BACO for SMU13.0.0 (bsc#1012628). - drm/amd/pm: fix SMU13 runpm hang due to unintentional workaround (bsc#1012628). - drm/display: Don't assume dual mode adaptors support i2c sub-addressing (bsc#1012628). - drm/amd/display: Fix invalid DPIA AUX reply causing system hang (bsc#1012628). - drm/amd/display: Add HUBP surface flip interrupt handler (bsc#1012628). - drm/amd/display: Fix access timeout to DPIA AUX at boot time (bsc#1012628). - drm/amd/display: Support parsing VRAM info v3.0 from VBIOS (bsc#1012628). - drm/amd/display: Fix optc2_configure warning on dcn314 (bsc#1012628). - drm/amd/display: don't enable DRM CRTC degamma property for DCE (bsc#1012628). - drm/amd/display: Fix prefetch calculations for dcn32 (bsc#1012628). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (bsc#1012628). - Revert "usb: dwc3: disable USB core PHY management" (bsc#1012628). - usb: dwc3: Do not get extcon device when usb-role-switch is used (bsc#1012628). - io_uring: update res mask in io_poll_check_events (bsc#1012628). - nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro (bsc#1012628). - nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV7000 (bsc#1012628). - slimbus: qcom-ngd: Fix build error when CONFIG_SLIM_QCOM_NGD_CTRL=y && CONFIG_QCOM_RPROC_COMMON=m (bsc#1012628). - slimbus: stream: correct presence rate frequencies (bsc#1012628). - speakup: fix a segfault caused by switching consoles (bsc#1012628). - speakup: replace utils' u_char with unsigned char (bsc#1012628). - USB: bcma: Make GPIO explicitly optional (bsc#1012628). - USB: serial: option: add Sierra Wireless EM9191 (bsc#1012628). - USB: serial: option: remove old LARA-R6 PID (bsc#1012628). - USB: serial: option: add u-blox LARA-R6 00B modem (bsc#1012628). - USB: serial: option: add u-blox LARA-L6 modem (bsc#1012628). - USB: serial: option: add Fibocom FM160 0x0111 composition (bsc#1012628). - usb: add NO_LPM quirk for Realforce 87U Keyboard (bsc#1012628). - usb: chipidea: fix deadlock in ci_otg_del_timer (bsc#1012628). - usb: cdns3: host: fix endless superspeed hub port reset (bsc#1012628). - usb: typec: mux: Enter safe mode only when pins need to be reconfigured (bsc#1012628). - usb: typec: tipd: Prevent uninitialized event{1,2} in IRQ handler (bsc#1012628). - iio: accel: bma400: Ensure VDDIO is enable defore reading the chip ID (bsc#1012628). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (bsc#1012628). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (bsc#1012628). - iio: adc: mp2629: fix wrong comparison of channel (bsc#1012628). - iio: adc: mp2629: fix potential array out of bound access (bsc#1012628). - iio: pressure: ms5611: fixed value compensation bug (bsc#1012628). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (bsc#1012628). - dm bufio: Fix missing decrement of no_sleep_enabled if dm_bufio_client_create failed (bsc#1012628). - dm ioctl: fix misbehavior if list_versions races with module loading (bsc#1012628). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (bsc#1012628). - serial: 8250: Flush DMA Rx on RLSI (bsc#1012628). - serial: 8250_lpss: Configure DMA also w/o DMA filter (bsc#1012628). - serial: 8250_lpss: Use 16B DMA burst with Elkhart Lake (bsc#1012628). - io_uring: fix tw losing poll events (bsc#1012628). - io_uring: fix multishot accept request leaks (bsc#1012628). - io_uring: fix multishot recv request leaks (bsc#1012628). - io_uring: disallow self-propelled ring polling (bsc#1012628). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1012628). - Input: iforce - invert valid length check when fetching device IDs (bsc#1012628). - maccess: Fix writing offset in case of fault in strncpy_from_kernel_nofault() (bsc#1012628). - net: phy: marvell: add sleep time after enabling the loopback bit (bsc#1012628). - scsi: zfcp: Fix double free of FSF request when qdio send fails (bsc#1012628). - iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (bsc#1012628). - iommu/vt-d: Set SRE bit only when hardware has SRS cap (bsc#1012628). - firmware: coreboot: Register bus in module init (bsc#1012628). - mmc: core: properly select voltage range without power cycle (bsc#1012628). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (bsc#1012628). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (bsc#1012628). - docs: update mediator contact information in CoC doc (bsc#1012628). - docs/driver-api/miscellaneous: Remove kernel-doc of serial_core.c (bsc#1012628). - s390/dcssblk: fix deadlock when adding a DCSS (bsc#1012628). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (bsc#1012628). - blk-cgroup: properly pin the parent in blkcg_css_online (bsc#1012628). - x86/sgx: Add overflow check in sgx_validate_offset_length() (bsc#1012628). - x86/fpu: Drop fpregs lock before inheriting FPU permissions (bsc#1012628). - perf/x86/amd/uncore: Fix memory leak for events array (bsc#1012628). - perf/x86/intel/pt: Fix sampling using single range output (bsc#1012628). - nvme: restrict management ioctls to admin (bsc#1012628). - nvme: ensure subsystem reset is single threaded (bsc#1012628). - ASoC: SOF: topology: No need to assign core ID if token parsing failed (bsc#1012628). - perf: Improve missing SIGTRAP checking (bsc#1012628). - vfio: Rename vfio_ioctl_check_extension() (bsc#1012628). - vfio: Split the register_device ops call into functions (bsc#1012628). - perf/x86/amd: Fix crash due to race between amd_pmu_enable_all, perf NMI and throttling (bsc#1012628). - ring-buffer: Include dropped pages in counting dirty patches (bsc#1012628). - tracing: Fix warning on variable 'struct trace_array' (bsc#1012628). - net: usb: smsc95xx: fix external PHY reset (bsc#1012628). - net: use struct_group to copy ip/ipv6 header addresses (bsc#1012628). - scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() (bsc#1012628). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (bsc#1012628). - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (bsc#1012628). - tracing: Fix potential null-pointer-access of entry in list 'tr->err_log' (bsc#1012628). - arm64/mm: fix incorrect file_map_count for non-leaf pmd/pud (bsc#1012628). - Input: i8042 - fix leaking of platform device on module removal (bsc#1012628). - macvlan: enforce a consistent minimal mtu (bsc#1012628). - tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1012628). - kcm: avoid potential race in kcm_tx_work (bsc#1012628). - KVM: x86/xen: Fix eventfd error handling in kvm_xen_eventfd_assign() (bsc#1012628). - 9p: trans_fd/p9_conn_cancel: drop client lock earlier (bsc#1012628). - gfs2: Check sb_bsize_shift after reading superblock (bsc#1012628). - gfs2: Switch from strlcpy to strscpy (bsc#1012628). - 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1012628). - netlink: Bounds-check struct nlmsgerr creation (bsc#1012628). - wifi: wext: use flex array destination for memcpy() (bsc#1012628). - rseq: Use pr_warn_once() when deprecated/unknown ABI flags are encountered (bsc#1012628). - mm: fs: initialize fsdata passed to write_begin/write_end interface (bsc#1012628). - net/9p: use a dedicated spinlock for trans_fd (bsc#1012628). - bpf: Prevent bpf program recursion for raw tracepoint probes (bsc#1012628). - ntfs: fix use-after-free in ntfs_attr_find() (bsc#1012628). - ntfs: fix out-of-bounds read in ntfs_attr_find() (bsc#1012628). - ntfs: check overflow when iterating ATTR_RECORDs (bsc#1012628). - commit 582305b ++++ libX11: - U_Fix-797755-Allow-X-IfEvent-to-reenter-libX11.patch * fixed Firefox freezes (regression since 1.8.2) (boo#1205778) ------------------------------------------------------------------ ------------------ 2022-11-25 - Nov 25 2022 ------------------- ------------------------------------------------------------------ ++++ ansible: - rework spec file to define %ansible_python version, which is the python version, that ansible is built against, as well as %ansible_python_sitelib and %ansible_python_executable ++++ ansible-core: - rework spec file to define %ansible_python version, which is the python version, that ansible is built against, as well as %ansible_python_sitelib - remove duplicate entries for changelog and license - fix wrong %fdupes ++++ kdump: - Make the kdump-save.service reboot after kdump-save is finished (bsc#1204000) ++++ libpng16: - Update to version 1.6.39: * cmake: Default to PNG_ARM_NEON=off for arm targets. + Turn large PNG chunks into benign errors. + Update, rename and clean up various scripts. + tools: Fix a buffer overflow involving a file name in pngfix. + tools: Fix a memory leak in pngcp. ++++ systemd: - Import commit e7e931b07edd786dc6ca1dae6c23ff7b785f8efd (merge of v252.2) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/64dc546913525e33e734500055a62ed0e963c227...e7e931b07edd786dc6ca1dae6c23ff7b785f8efd - Rebase 6000-Revert-tmpfiles-whenever-creating-an-inode-immediate.patch ++++ libtpms: - fix build for ppc64le: use -Wl,--no-as-needed in check-local [bsc#1204556] ++++ libzypp: - Avoid calling getsockopt when we know the info already. This patch hopefully fixes logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections. (for bsc#1178233) - Enhance yaml-cpp detection (fixes #428) - No need to redirect 'history.logfile=/dev/null' into the target. - MultiCurl: Make sure to reset the progress function when falling back. - version 17.31.6 (22) ++++ psmisc: - Add patch socket-fix.patch * Add test to check for named sockets as file as well as on mounts * Fix code to find named sockets - The former test requires nc at build aka netcat from openbsd to create a named socket on the fly ------------------------------------------------------------------ ------------------ 2022-11-24 - Nov 24 2022 ------------------- ------------------------------------------------------------------ ++++ docker-compose: - Update to version 2.13.0: * Update `e2e` module deps * ignore error parsing container number label, just warn * Update docs * Add `--build` option to `compose run` * use platform defined by DOCKER_DEFAULT_PLATFORM when pulling and no service platform defined * display creation warnings from the engine * add e2e tests to check build dependency between services * check if a missing image won't be build via a service declared in depends_on section * add --no-consistency flag to convert command * use COMPOSE_PROFILES value only if no command line arg profiles used * build(deps): bump github.com/containerd/containerd from 1.6.9 to 1.6.10 * exclude issues with the kind/feature label from stale bot process * ci: upgrade to compose-go v1.7.0 * ci: update dependencies to latest * ci: remove uses of deprecated gotest.tools v2 (#9935) * Update `e2e` module dependencies * build(deps): bump github.com/containerd/containerd from 1.6.8 to 1.6.9 * add support of deploy.reservation.memory * Update deps for `e2e` module * map deploy.restart_policy.condition to engine values * build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 * go.mod: update docker-credential-helpers v0.7.0 * go.mod: remove replace for runc * go mod: tidy and group "require" blocks, update comments ++++ filesystem: - Add %_user_tmpfilesdir to the filesystem ++++ kernel-default: - scripts/git_sort/git_sort.py: Add arm-soc for-next tree. - commit 011aefb ++++ mpfr: - Add mpfr-4.1.1-patch01.patch to fix bug with code using the mpfr_custom_get_kind macro. ++++ python-setuptools: - Update to 65.6.3: * #3709: Fix condition to patch distutils.dist.log to only apply when using distutils from the stdlib. - v65.6.2 * No significant changes. ++++ selinux-policy: - fix_sysnetwork.patch: firewalld uses /etc/sysconfig/network/ for network interface definition instead of /etc/sysconfig/network-scripts/, modified sysnetwork.fc to reflect that (bsc#1205580). ------------------------------------------------------------------ ------------------ 2022-11-23 - Nov 23 2022 ------------------- ------------------------------------------------------------------ ++++ ansible: - update to 7.0.0: Ansible 7.0.0 will include ansible-core 2.14.0 as well as a curated set of Ansible collections to provide a vast number of modules and plugins. This is a major version update from Ansible 6.x which included ansible-core 2.13 and there may be backwards incompatibilities in the core playbook language. * What's new in Ansible 7 - Ansible 7 requires Python 3.9 on the controller, same as ansible-core 2.14. - Variables are now evaluated lazily; only when they are actually used. For example, in ansible-core 2.14 an expression ``{{ defined_variable or undefined_variable }}`` does not fail on ``undefined_variable`` if the first part of ``or`` is evaluated to ``True`` as it is not needed to evaluate the second part. * Collections added to Ansible 7: - ibm.spectrum_virtualize (version 1.9.0) - inspur.ispim (version 1.0.1) - purestorage.fusion (version 1.1.1) - vultr.cloud (version 1.1.0) * The previously deprecated servicenow.servicenow collection has been removed. * NOTE: Read the full Ansible 7 porting guide at https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/porting_guides/porting_guide_7.rst for complete details. - The changelog for ansible-core 2.14 installed by this release of ansible is available here: https://github.com/ansible/ansible/blob/stable-2.14/changelogs/CHANGELOG-v2.14.rst - Collections which have opted into being a part of the Ansible-7 unified changelog will have an entry on this page: https://github.com/ansible-community/ansible-build-data/blob/main/7/CHANGELOG-v7.rst ++++ ansible-core: - add version contraints for both Requires and BuildRequires, that upstream defines: https://github.com/ansible/ansible/blob/devel/requirements.txt ++++ conmon: - Update to version 2.1.5: * don't leak syslog_identifier * logging: do not read more that the buf size * logging: fix error handling * Makefile: Fix install for FreeBSD * signal: Track changes to get_signal_descriptor in the FreeBSD version * Packit: initial enablement - Update to version 2.1.4: * Fix a bug where conmon crashed when it got a SIGCHLD ++++ gawk: - Update to gawk 5.2.1 * Issues related to the sign of NaN and Inf values on RiscV have been fixed * A few issues with the debugger have been fixed. * More subtle issues with untyped array elements being passed to functions have been fixed. * The rwarray extension's readall() function has had some bugs fixed. * The PMA allocator is now supported on FreeBSD, OpenBSD and Linux on S/390x. - double-free.patch, pma.patch, nan-sign.patch: Removed ++++ kernel-default: - arm64: Update config files. Enable configs for tegra234 serial console to work. - commit 64cc6c4 - config.conf: enable armv6/armv7hl configs - armv6/7hl: Update config files. - commit 93e7e5c ++++ libdrm: - Apply n_libdrm-drop-valgrind-dep-generic.patch and n_libdrm-drop-valgrind-dep-intel.patch only when the build uses meson < 0.64. With meson 0.64, we don't get the dependency on valgraind added. ++++ libeconf: - Update to version 0.4.9: * libeconf.h: added missing sys/types.h header (#171) * new API calls: econf_readFileWithCallback, econf_readDirsWithCallback, econf_readDirsHistoryWithCallback (#172) * Checking NULL comment parameter in the parsing functions. ++++ python-setuptools: - Update to 65.6.1: * #3689: Document that distutils.cfg might be ignored unless SETUPTOOLS_USE_DISTUTILS=stdlib. * #3678: Improve clib builds reproducibility by sorting sources -- by :user:`danigm`, fixing bsc#1201127 * #3684: Improved exception/traceback when invalid entry-points are specified. * #3690: Fixed logging errors: 'underlying buffer has been detached' (issue [#1631]). * #3693: Merge pypa/distutils@3e9d47e with compatibility fix for distutils.log.Log. * #3704: Fix temporary build directories interference with auto-discovery. - v65.6.0: * #3674: Sync with pypa/distutils@e0787fa, including pypa/distutils#183 updating distutils to use the Python logging framework. ++++ shim-leap: - Enhance cryptodisk code to recognize new variables in /etc/default/grub: * GRUB_CRYPTODISK_PASSWORD * GRUB_TPM2_SEALED_KEY * GRUB_TPM2_PCR_BANK and GRUB_TPM2_PCR_LIST - Introduce --no-grub-install option ++++ systemd-rpm-macros: - Bump to version 18 - Add %_user_tmpfilesdir macro ++++ vim: - Updated to version 9.0.0924, fixes the following problems * Aws config files are not recognized. * ":!" does not switch to the alternate screen. * CTRL-Z at end of file is always dropped. * Build error. * "!ls" does not work. * Still a build error, tests are failing. * Memory leak with empty shell command. * Crash when using win_move_statusline() in another tab page. * Crash when dragging the statusline with a mapping. * Mouse drag test fails. * Crash when using win_move_separator() in other tab page. * If 'endofline' is set the CTRL-Z may be written in the wrong place. * The key in tmux doesn't work when 'term' is set to "xterm". (Dominique Pellé) * Various typos. * Wrong counts in macro comment. * Compiler warning for redefining HAVE_DUP. * Deprecation warning causes build failure. * Warning for missing return type. * The window title is not redrawn when 'endoffile' changes. * Wrong error when using extend() with funcref. * append() reports failure when not appending anything. * Compiler warnings for unused variables. * Test may fail depending on sequence of events. * Cannot change a slice of a const list. (Takumi KAGIYAMA) * deletebufline() does not always return 1 on failure. * Unicode range for Apple SF symbols is outdated. * VHS tape files are not recognized. * Handling 'statusline' errors is spread out. * Shell command with just space gives strange error. * Using assert_fails() may cause hit-enter prompt. * CI: not totally clear what MS-Windows version is used. * Help item for --log argument is not aligned nicely. * Terminal mouse test is a bit flaky. * Terminal mouse test is still flaky. * Crypt test is skipped if xxd is not found. * No proper test for what 9.0.0846 fixes. * Comment not located above the code it refers to. * "!!sort" in a closed fold sorts too many lines. * Compiler warning for unused variable. * Solution for "!!sort" in closed fold is not optimal. * Default value of 'endoffile' is wrong. * col() and charcol() only work for the current window. * Crash when using "!!" without a previous shell command. * Duplicate arguments are not always detected. * No test for what patch 8.2.2207 fixes. * Wildmenu redrawing code is spread out. * Bogus error when string used after :elseif. * Get E967 when using text property in quickfix window. (Sergey Vlasov) * Using freed memory when clearing augroup at more prompt. * Code is indented more than needed. * Using freed memory when executing mapclear at the more prompt. * Using freed memory when executing unmenu at the more prompt. * Using freed memory when executing delfunc at the more prompt. * Code is indented more than needed. * Using freed memory with :comclear while listing commands. * Coverity warns for dead code. * Unnecessary nesting in makefile. * Preprocessor indenting is off. * Cannot get the currently showing mouse shape. * Using freed memory after SpellFileMissing autocmd uses bwipe. * A silent mapping may cause dots on the command line. * Mouse shape remains in op-pending mode after failed change. * Informational message has an error message number. * Horizontal mouse scroll only works in the GUI. * Cannot easily try out what codes various keys produce. * Keycode check script has a few flaws. * No test for what patch 9.0.0827 fixes. * Virtual text below after match has wrong highlight. * May redraw when not needed, causing slow scrolling. * 'smoothscroll' cursor calculations wrong when 'number' is set. * Virtual text property highlight ignores window background. * File renamed twice in test; missing feature check. * Test for home key fails when 'term' is "tmux". * Clinical Quality Language files are not recognized. * With 'smoothscroll' cursor is one screen line too far down. (Ernie Rael) * The builtin terminals are in one long list. * Cursor moves too far with 'smoothscroll'. * Setting w_leftcol and handling side effects is confusing. * Some mouse scroll code is not in a good place. * Key code checker doesn't check modifyOtherKeys resource. * Various comment and indent flaws. * Virtual text after the line wraps when 'wrap' is off. * Mouse scroll code is not optimal. * Restoring window after WinScrolled may fail. * With 'smoothscroll' cursor may end up in wrong position. * Error message for layout change does not match action. * Setting lines in another buffer may not work well. * With 'smoothscroll' set mouse click position may be wrong. * libvterm with modifyOtherKeys level 2 does not match xterm. * Only a change in the current window triggers the WinScrolled event. * deletebufline() may move marks in the wrong window. * WinScrolled may trigger immediately when defined. * getbufline() is inefficient for getting a single line. * The WinScrolled autocommand event is not enough. * MS-Windows: modifier keys do not work with mouse scroll events. * Build failure with tiny features. * Cannot find an import prefixed with "s:". (Doug Kearns) * Missing defined(PROTO) in #ifdef. * Mermaid files are not recognized. * Second SIGWINCH signal may be ignored. ------------------------------------------------------------------ ------------------ 2022-11-22 - Nov 22 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - update to AppArmor 3.1.2 - lots of cleanups, improvements and bugfixes in all areas - rework internal profile storage and handling in the aa-* tools - support boolean variable definitions in the aa-* tools - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.1 and https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.2 for the detailed upstream changelog - remove upstream(ed) patches: - apparmor-3.0.7-egrep.patch - dnsmasq.diff - profiles-permit-php-fpm-pid-files-directly-under-run.patch - zgrep-profile-mr870.diff - no longer ship precompiled profile cache for Tumbleweed (boo#1205659) - BuildRequire iproute2 (needed for aa-unconfined tests) ++++ grub2: - Make full utilization of btrfs bootloader area (bsc#1161823) * 0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch * 0002-Mark-environmet-blocks-as-used-for-image-embedding.patch - Patch removed * 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch ++++ iproute2: - Replace routel program by a non-python version [boo#1205632] ++++ kdump: - fix renaming of qeth interfaces (bsc#1204743, bsc#1144337) - ppc64: rebuild initrd image after migration (bsc#1191410) - kdumptool calibrate: modify fadump suggestions (jsc#IBM-1027) ++++ libapparmor: - update to AppArmor 3.1.2 - lots of cleanups, improvements and bugfixes in all areas - rework internal profile storage and handling in the aa-* tools - support boolean variable definitions in the aa-* tools - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.1 and https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.2 for the detailed upstream changelog - remove upstream(ed) patches: - apparmor-3.0.7-egrep.patch - dnsmasq.diff - profiles-permit-php-fpm-pid-files-directly-under-run.patch - zgrep-profile-mr870.diff - no longer ship precompiled profile cache for Tumbleweed (boo#1205659) - BuildRequire iproute2 (needed for aa-unconfined tests) ++++ libcontainers-common: - Update bundled common to 0.50.1 - Update bundled image to 5.23.1 - Update bundled storage to 1.44.0 - Drop bundled podman - Bump version to 20221122 - Install container-storage-driver.sh in /etc/ on Leap & SLE ++++ libdrm: - split n_libdrm-drop-valgrind-dep.patch into n_libdrm-drop-valgrind-dep-generic.patch and n_libdrm-drop-valgrind-dep-intel.patch to fix build on s390 and armv7l - Only apply libdrm-drop-valgrind-dep.patch if valgrnid_support is enabled (fix build on e.g. aarch64). - renamed libdrm-drop-valgrind-dep.patch to n_libdrm-drop-valgrind-dep.patch in order to mark it as 'never to be upstreamed' - Add libdrm-drop-valgrind-dep.patch (as source): drop dependency on valgrind on generated pkgconfig files. The .pc files are auto-generated by meson and are 'technically' correct, but we do not want to inject valgrind here (we can get away with this hack as it's only relevant when using pkg-config --static, and we do not provide static libs anyway). ++++ nfs-utils: - Add 0006-nfsd-allow-server-scope-to-be-set-with-config-or-com.patch Allow server scope to be set - removes the need to run nfsd inside a private UTS namespace for fail-over applications (bsc#1203746) ++++ systemd: - Import commit 3bd3e4e6c1efe0d6df776107efde47e15e58fe96 d28e81d65c test: fix the default timeout values described in README.testsuite d921c83f53 meson: install test-kernel-install only when -Dkernel-install=true c3b6c4b584 tests: update install_suse_systemd() 3c77335b19 tests: install dmi-sysfs module on openSUSE df632130cd tests: install systemd-resolved on openSUSE - Add 6000-Revert-tmpfiles-whenever-creating-an-inode-immediate.patch until upstream issue #25468 is fixed. - Drop 6000-meson-install-test-kernel-install-only-when-Dkernel-.patch, the patch has been merged in the SUSE git repo. ++++ lsof: - format.patch: Use correct scanf/printf format for uint64_t - Build with %{optflags} ++++ pam: - Move pam_env config files below /usr/etc ++++ podman: - switch to building with go 1.17 - use %%make_* macros - drop /usr/share/user-tmpfiles.d/podman-docker.conf on SLE & Leap - remove rpmlintrc (contained only obsolete filters) - remove obsolete with_libostree (we don't build on anything older than SLE 15) - add patch: 0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch (hotfix for https://github.com/containers/podman/issues/16765) - Update to version 4.3.1: 4.3.1: [#]## Bugfixes - Fixed a deadlock between the `podman ps` and `podman container inspect` commands [#]## Misc - Updated the containers/image library to v5.23.1 4.3.0: [#]## Features - A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers. - A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted ([#15067](https://github.com/containers/podman/issues/15067)). - A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command). - The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend. - Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers). - Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers). - The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml` ([#14955](https://github.com/containers/podman/issues/14955)). - The `podman kube play` command now supports the `emptyDir` volume type ([#13309](https://github.com/containers/podman/issues/13309)). - The `podman kube play` command now supports the `HostUsers` field in the pod spec. - The `podman play kube` command now supports `binaryData` in ConfigMaps. - The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options. - The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user ([#15402](https://github.com/containers/podman/issues/15402)). - The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out. - Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images. - The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge "PATH=$PATH:/my/app" ...`) ([#15288](https://github.com/containers/podman/issues/15288)). - The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container). - The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container) ([#15294](https://github.com/containers/podman/issues/15294)). - The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file ([#15523](https://github.com/containers/podman/issues/15523)). - The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options. - The `podman restart` command now supports the `--cidfile` and `--filter` options. - The `podman rm` command now supports the `--filter` option to select which containers will be removed. - The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images. - The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility. - The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility. - The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility ([#14767](https://github.com/containers/podman/issues/14767)). - The `podman manifest create` command now accepts a new option, `--amend`/`-a`. - The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility. - The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`. - The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets. - The `podman secret ls` command now accepts the `--quiet`/`-q` option. - The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format. - The `podman stats` command now accepts the `--no-trunc` option. - The `podman save` command now accepts the `--signature-policy` option ([#15869](https://github.com/containers/podman/issues/15869)). - The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods ([#15674](https://github.com/containers/podman/issues/15674)). - A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility. - The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set ([#14707](https://github.com/containers/podman/issues/14707)). [#]## Changes - Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match ([#4217](https://github.com/containers/podman/issues/4217)). - The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function. - A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success. - When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored. - The installer for the Windows Podman client has been improved. - The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers) ([#15666](https://github.com/containers/podman/issues/15666)). - Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container ([#15878](https://github.com/containers/podman/issues/15878)). - Events for containers that are part of a pod now include the ID of the pod in the event. - SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication. - The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this. - The `podman inspect` command on containers now includes the digest of the image used to create the container. - Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled. [#]## Bugfixes - Fixed a bug where the `podman network prune` and `podman container prune` commands did not properly support the `--filter label!=` option ([#14182](https://github.com/containers/podman/issues/14182)). - Fixed a bug where the `podman kube generate` command added an unnecessary `Secret: null` line to generated YAML ([#15156](https://github.com/containers/podman/issues/15156)). - Fixed a bug where the `podman kube generate` command did not set `enableServiceLinks` and `automountServiceAccountToken` to false in generated YAML ([#15478](https://github.com/containers/podman/issues/15478) and [#15243](https://github.com/containers/podman/issues/15243)). - Fixed a bug where the `podman kube play` command did not properly handle CPU limits ([#15726](https://github.com/containers/podman/issues/15726)). - Fixed a bug where the `podman kube play` command did not respect default values for liveness probes ([#15855](https://github.com/containers/podman/issues/15855)). - Fixed a bug where the `podman kube play` command did not bind ports if `hostPort` was not specified but `containerPort` was ([#15942](https://github.com/containers/podman/issues/15942)). - Fixed a bug where the `podman kube play` command sometimes did not create directories on the host for `hostPath` volumes. - Fixed a bug where the remote Podman client's `podman manifest push` command did not display progress. - Fixed a bug where the `--filter "{{.Config.Healthcheck}}"` option to `podman image inspect` did not print the image's configured healthcheck ([#14661](https://github.com/containers/podman/issues/14661)). - Fixed a bug where the `podman volume create -o timeout=` option could be specified even when no volume plugin was in use. - Fixed a bug where the `podman rmi` command did not emit `untag` events when removing tagged images ([#15485](https://github.com/containers/podman/issues/15485)). - Fixed a bug where API forwarding with `podman machine` VMs on windows could sometimes fail because the pipe was not created in time ([#14811](https://github.com/containers/podman/issues/14811)). - Fixed a bug where the `podman pod rm` command could error if removal of a container in the pod was interrupted by a reboot. - Fixed a bug where the `exited` and `exec died` events for containers did not include the container's labels ([#15617](https://github.com/containers/podman/issues/15617)). - Fixed a bug where running Systemd containers on a system not using Systemd as PID 1 could fail ([#15647](https://github.com/containers/podman/issues/15647)). - Fixed a bug where Podman did not pass all necessary environment variables (including `$PATH`) to Conmon when starting containers ([#15707](https://github.com/containers/podman/issues/15707)). - Fixed a bug where the `podman events` command could function improperly when no events were present ([#15688](https://github.com/containers/podman/issues/15688)). - Fixed a bug where the `--format` flag to various Podman commands did not properly handle template strings including a newline (`\n`) ([#13446](https://github.com/containers/podman/issues/13446)). - Fixed a bug where Systemd-managed pods would kill every container in a pod when a single container exited ([#14546](https://github.com/containers/podman/issues/14546)). - Fixed a bug where the `podman generate systemd` command would generate incorrect YAML for pods created without the `--name` option. - Fixed a bug where the `podman generate systemd --new` command did not properly set stop timeout ([#16149](https://github.com/containers/podman/issues/16149)). - Fixed a bug where a broken OCI spec resulting from the system rebooting while a container is being started could cause the `podman inspect` command to be unable to inspect the container until it was restarted. - Fixed a bug where creating a container with a working directory on an overlay volume would result in the container being unable to start ([#15789](https://github.com/containers/podman/issues/15789)). - Fixed a bug where attempting to remove a pod with running containers without `--force` would not error and instead would result in the pod, and its remaining containers, being placed in an unusable state ([#15526](https://github.com/containers/podman/issues/15526)). - Fixed a bug where memory limits reported by `podman stats` could exceed the maximum memory available on the system ([#15765](https://github.com/containers/podman/issues/15765)). - Fixed a bug where the `podman container clone` command did not properly handle environment variables whose value contained an `=` character ([#15836](https://github.com/containers/podman/issues/15836)). - Fixed a bug where the remote Podman client would not print the container ID when running the `podman-remote run --attach stdin` command. - Fixed a bug where the `podman machine list --format json` command did not properly show machine starting status. - Fixed a bug where automatic updates would not error when attempting to update a container with a non-fully qualified image name ([#15879](https://github.com/containers/podman/issues/15879)). - Fixed a bug where the `podman pod logs --latest` command could panic ([#15556](https://github.com/containers/podman/issues/15556)). - Fixed a bug where Podman could leave lingering network namespace mounts on the system if cleaning up the network failed. - Fixed a bug where specifying an unsupported URI scheme for `podman system service` to listen at would result in a panic. - Fixed a bug where the `podman kill` command would sometimes not transition containers to the exited state ([#16142](https://github.com/containers/podman/issues/16142)). [#]## API - Fixed a bug where the Compat DF endpoint reported incorrect reference counts for volumes ([#15720](https://github.com/containers/podman/issues/15720)). - Fixed a bug in the Compat Inspect endpoint for Networks where an incorrect network option was displayed, causing issues with `docker-compose` ([#15580](https://github.com/containers/podman/issues/15580)). - The Libpod Restore endpoint for Containers now features a new query parameter, `pod`, to set the pod that the container will be restored into ([#15018](https://github.com/containers/podman/issues/15018)). - Fixed a bug where the REST API could panic while retrieving images. - Fixed a bug where a cancelled connection to several endpoints could induce a memory leak. [#]## Misc - Error messages when attempting to remove an image used by a non-Podman container have been improved ([#15006](https://github.com/containers/podman/issues/15006)). - Podman will no longer print a warning that `/` is not a shared mount when run inside a container ([#15295](https://github.com/containers/podman/issues/15295)). - Work is ongoing to port Podman to FreeBSD. - The output of `podman generate systemd` has been adjusted to improve readability. - A number of performance improvements have been made to `podman create` and `podman run`. - A major reworking of the manpages to ensure duplicated options between commands have the same description text has been performed. - Updated Buildah to v1.28.0 - Updated the containers/image library to v5.23.0 - Updated the containers/storage library to v1.43.0 - Updated the containers/common library to v0.50.1 ++++ slirp4netns: - New upstream release 1.2.0: * Add slirp4netns --target-type=bess /path/to/bess.sock for supporting UML (#281) * Explicitly support DHCP (#270) * Update parson to v1.1.3 (#273) kgabis/parson@70dc239...2d7b3dd * Refactored tests (#271) - modernize spec file ------------------------------------------------------------------ ------------------ 2022-11-21 - Nov 21 2022 ------------------- ------------------------------------------------------------------ ++++ grub2: - Fix regression of reverting back to asking password twice when a keyfile is already used (bsc#1205309) * 0010-templates-import-etc-crypttab-to-grub.cfg.patch ++++ hicolor-icon-theme: - Add 1024x1024 directory for package ownership ++++ kernel-default: - Update to 6.1-rc6 - eliminate 1 patch - patches.suse/Input-i8042-Apply-probe-defer-to-more-ASUS-ZenBook-m.patch - update configs - INET_TABLE_PERTURB_ORDER=16 (default, previous value) - commit 4c01546 ++++ ncurses: - Add ncurses patch 20221119 + use static libraries for AdaCurses test-package for Mageia, since no gprbuild package is available. + updated test packages for Debian. ++++ orc: - Update to version 0.4.33: + Add support for aarch64 (64-bit ARM) architecture. + aarch32: Implement loadupdb instruction used e.g. for video pixel format packing/unpacking/conversions. + neon: Fix unsigned only implementation of loadoffb, loadoffw and loadoffl. + neon: Fix testsuite not passing on arm CPUs. + orccodemem: Fix use-after-free in error paths. + orccpu-powerpc: Fix build with kernel < 4.11. + Add support for macOS Hardened Runtime. + Enable only SSE and MMX backends for Windows. + Fix ORC_RESTRICT definition for MSVC. + pkgconfig: add -DORC_STATIC_COMPILATION flag to .pc file for static-only builds. ++++ python-testtools: - Skip rpmlint error python-tests-in-package. ++++ sudo: - Update to 1.9.12p1: * Changes in 1.9.12p1: - Sudo’s configure script now does a better job of detecting when the -fstack-clash-protection compiler option does not work. GitHub issue #191. - Fixed CVE-2022-43995, a potential out-of-bounds write for passwords smaller than 8 characters when passwd authentication is enabled. This does not affect configurations that use other authentication methods such as PAM, AIX authentication or BSD authentication. - Fixed a build error with some configurations compiling host_port.c. * Dropped sudo-CVE-2022-43995.patch ++++ suse-module-tools: - Update to version 16.0.27: * 80-hotplug-cpu-mem.rules: use CONST{arch} (bsc#1204423) ------------------------------------------------------------------ ------------------ 2022-11-20 - Nov 20 2022 ------------------- ------------------------------------------------------------------ ++++ libXrandr: - Update to version 1.5.3 * Fix spelling/wording issues * gitlab CI: add a basic build test * Xrandr.h: remove misleading comment for XRRGetScreenSizeRange() * XRRGetProviderInfo: Remove unneeded ProviderInfoExtra * Variable scope reductions as recommended by cppcheck * Remove unnecessary casts of return values from malloc() ------------------------------------------------------------------ ------------------ 2022-11-19 - Nov 19 2022 ------------------- ------------------------------------------------------------------ ++++ mpfr: - package license files correctly ------------------------------------------------------------------ ------------------ 2022-11-18 - Nov 18 2022 ------------------- ------------------------------------------------------------------ ++++ xz: - Update to 5.2.8: * xz: - If xz cannot remove an input file when it should, this is now treated as a warning (exit status 2) instead of an error (exit status 1). This matches GNU gzip and it is more logical as at that point the output file has already been successfully closed. - Fix handling of .xz files with an unsupported check type. Previously such printed a warning message but then xz behaved as if an error had occurred (didn't decompress, exit status 1). Now a warning is printed, decompression is done anyway, and exit status is 2. This used to work slightly before 5.0.0. In practice this bug matters only if xz has been built with some check types disabled. As instructed in PACKAGERS, such builds should be done in special situations only. - Fix "xz -dc --single-stream tests/files/good-0-empty.xz" which failed with "Internal error (bug)". That is, - -single-stream was broken if the first .xz stream in the input file didn't contain any uncompressed data. - Fix displaying file sizes in the progress indicator when working in passthru mode and there are multiple input files. Just like "gzip -cdf", "xz -cdf" works like "cat" when the input file isn't a supported compressed file format. In this case the file size counters weren't reset between files so with multiple input files the progress indicator displayed an incorrect (too large) value. * liblzma: - API docs in lzma/container.h: * Update the list of decoder flags in the decoder function docs. * Explain LZMA_CONCATENATED behavior with .lzma files in lzma_auto_decoder() docs. - OpenBSD: Use HW_NCPUONLINE to detect the number of available hardware threads in lzma_physmem(). - Fix use of wrong macro to detect x86 SSE2 support. __SSE2_MATH__ was used with GCC/Clang but the correct one is __SSE2__. The first one means that SSE2 is used for floating point math which is irrelevant here. The affected SSE2 code isn't used on x86-64 so this affects only 32-bit x86 builds that use -msse2 without -mfpmath=sse (there is no runtime detection for SSE2). It improves LZMA compression speed (not decompression). - Fix the build with Intel C compiler 2021 (ICC, not ICX) on Linux. It defines __GNUC__ to 10 but doesn't support the __symver__ attribute introduced in GCC 10. * Scripts: Ignore warnings from xz by using --quiet --no-warn. This is needed if the input .xz files use an unsupported check type. * Translations: - Updated Croatian and Turkish translations. - One new translations wasn't included because it needed technical fixes. It will be in upcoming 5.4.0. No new translations will be added to the 5.2.x branch anymore. - Renamed the French man page translation file from fr_FR.po to fr.po and thus also its install directory (like /usr/share/man/fr_FR -> .../fr). - Man page translations for upcoming 5.4.0 are now handled in the Translation Project. * Update doc/faq.txt a little so it's less out-of-date. ++++ mpfr: - Update to mpfr 4.1.1 * Bug fixes (see and/or the ChangeLog file), in particular for macros implementing functions. * Improved manual formatting. * Accumulated bugfixes - Remove mpfr-4.1.0-p7.diff, all patches are contained in the new version. - Update mpfr.keyring ++++ systemd: - Reenable build of sd_boot, it was mistakenly disabled during the integration of v252. ------------------------------------------------------------------ ------------------ 2022-11-17 - Nov 17 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - update to 22.2.4: * clover: windows: library filename has \`-1` suffix and a \`lib` prefix when built with mingw * radv, dxvk: Rendering errors in World of Tanks after "Switch to dynamic rendering only" * gen9 gt3e/gt4e skus fail dEQP-VK.pipeline.multisample.sample_locations_ext.* * v3d: Wrong colors (pink) in videos in Firefox (likely YUV->RGB shader issue) * panfrost t860 glmark-es2 regression * radv: Flickering in Spider-Man Remastered (Regression) (Bisected) * radv: Hitman 2 using Direct3D 12 has discolored squares on RDNA2 with DCC enabled * panfrost/midgard - on Duckstation PSX emulator: segfault on GLES 3.0 and bad shader compilations on 3.3 ++++ Mesa-drivers: - update to 22.2.4: * clover: windows: library filename has \`-1` suffix and a \`lib` prefix when built with mingw * radv, dxvk: Rendering errors in World of Tanks after "Switch to dynamic rendering only" * gen9 gt3e/gt4e skus fail dEQP-VK.pipeline.multisample.sample_locations_ext.* * v3d: Wrong colors (pink) in videos in Firefox (likely YUV->RGB shader issue) * panfrost t860 glmark-es2 regression * radv: Flickering in Spider-Man Remastered (Regression) (Bisected) * radv: Hitman 2 using Direct3D 12 has discolored squares on RDNA2 with DCC enabled * panfrost/midgard - on Duckstation PSX emulator: segfault on GLES 3.0 and bad shader compilations on 3.3 ++++ ansible-core: - update to 2.14.0: Full changelog https://github.com/ansible/ansible/blob/v2.14.0/changelogs/CHANGELOG-v2.14.rst ++++ filesystem: - Added zh_Hans (simplified Chinese) and zh_Hant (traditional chinese) locales ++++ kernel-default: - soundwire: intel: Initialize clock stop timeout (bsc#1205507). - commit 699b9c2 ++++ schily: - Update to release 2022.10.16 * bsh: Implement ^L support * libmdigest: Add support for BLAKE2 digests * mkisofs: No longer warn about Joliet being nonstandard. With the 2019 revision of ECMA 119, Joliet has been added as an annex to the standard. ++++ libcontainers-common: - add container-storage-driver.sh (bsc#1197093) ++++ nghttp2: - update to 1.51.0: * https://nghttp2.org/blog/2022/11/13/nghttp2-v1-51-0/ This release fixes affinity-cookie-stickiness parameter handling. ++++ sqlite3: - update to 3.40.0: * https://sqlite.org/releaselog/3_40_0.html * Add support for compiling SQLite to WASM and running it in wen browsers. * Add the recovery extension that might be able to recover some content from a corrupt database file. * For more changes, see https://sqlite.org/releaselog/3_40_0.html ++++ python-certifi: - Update to 2022.9.24: * (no changes) - from version 2022.09.24: * (no changes) - from version 2022.09.14: * (no changes) - from version 2022.06.15.2: * Only use importlib.resources's new files() / Traversable API on Python ≥3.11 (#204) - from version 2022.06.15.1: * Fix deprecation warning on Python 3.11 (#199) * fixes #198 -- update link in license - from version 2022.06.15: * Add py.typed to MANIFEST.in to package in sdist (#196) - from version 2022.05.18.1: * Add support for Python 3.10 and drop EOL 3.5 (#167) - from version 2022.05.18: * Automatically lock github issues after they've been closed for 90 days (#189) * Remove universal wheel, python 2 is unsupported (#187) * Add type annotations to package * Added Required Python Version (#152) * Fix homepage link (#145) - Refresh patches for new version * python-certifi-shipped-requests-cabundle.patch ------------------------------------------------------------------ ------------------ 2022-11-16 - Nov 16 2022 ------------------- ------------------------------------------------------------------ ++++ ansible: - remove lowlydba.sqlserver collection as rpmlint throws errors due to powershell: "E: wrong-script-interpreter (Badness: 490) [...]/ansible_collections/lowlydba/sqlserver/plugins/modules/restore.ps1 powershell" ++++ chrony: - Install chrony DHCP dispatcher script for Networkmanager * chrony.nm-dispatcher.dhcp.patch /var/run to /run ++++ curl: - Add 1.50.0 as the minimum libnghttp2 build requirement version as a bandaid. Curl's 7.86.0 release introduces the use of nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation, introduced by nghttp2 1.50.0 release, without introducing a check for the function/right version in their build scripts. This will make Zypper/cURL unusable in some corner cases where users installing something that requires libcurl4 before doing full system upgrade, thus updating the cURL stack, but not libnghttp2's. Background: boo#1204983, Factory mailing list threadd: "? broken dependency in curl and/or *zyp* ?", and forums thread: Curl-is-broken-after-an-update-which-subsequently-breaks-zypper. ++++ grub2: - Security fixes and hardenings * 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch * 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch - Fix CVE-2022-2601 (bsc#1205178) * 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch * 0004-font-Remove-grub_font_dup_glyph.patch * 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch * 0006-font-Fix-integer-overflow-in-BMP-index.patch * 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch * 0008-fbutil-Fix-integer-overflow.patch - Fix CVE-2022-3775 (bsc#1205182) * 0009-font-Fix-an-integer-underflow-in-blit_comb.patch * 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch * 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch * 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch - Bump upstream SBAT generation to 3 ++++ kernel-default: - Update patches.kernel.org/6.0.9-191-x86-cpu-Restore-AMD-s-DE_CFG-MSR-after-resume.patch (bsc#1012628 bsc#1205473). Add a bsc #. - commit 3e12b42 - Linux 6.0.9 (bsc#1012628). - thunderbolt: Add DP OUT resource when DP tunnel is discovered (bsc#1012628). - drm/i915/gvt: Add missing vfio_unregister_group_dev() call (bsc#1012628). - m68k: Rework BI_VIRT_RNG_SEED as BI_RNG_SEED (bsc#1012628). - KVM: debugfs: Return retval of simple_attr_open() if it fails (bsc#1012628). - drm/i915: Allow more varied alternate fixed modes for panels (bsc#1012628). - drm/i915: Simplify intel_panel_add_edid_alt_fixed_modes() (bsc#1012628). - drm/i915/sdvo: Grab mode_config.mutex during LVDS init to avoid WARNs (bsc#1012628). - drm/amd/display: Acquire FCLK DPM levels on DCN32 (bsc#1012628). - drm/amd/display: Limit dcn32 to 1950Mhz display clock (bsc#1012628). - drm/amd/display: Set memclk levels to be at least 1 for dcn32 (bsc#1012628). - drm/amdkfd: handle CPU fault on COW mapping (bsc#1012628). - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (bsc#1012628). - cxl/region: Recycle region ids (bsc#1012628). - HID: wacom: Fix logic used for 3rd barrel switch emulation (bsc#1012628). - hwspinlock: qcom: correct MMIO max register for newer SoCs (bsc#1012628). - phy: stm32: fix an error code in probe (bsc#1012628). - wifi: cfg80211: silence a sparse RCU warning (bsc#1012628). - wifi: cfg80211: fix memory leak in query_regdb_file() (bsc#1012628). - soundwire: qcom: reinit broadcast completion (bsc#1012628). - soundwire: qcom: check for outanding writes before doing a read (bsc#1012628). - ALSA: arm: pxa: pxa2xx-ac97-lib: fix return value check of platform_get_irq() (bsc#1012628). - spi: mediatek: Fix package division error (bsc#1012628). - bpf, verifier: Fix memory leak in array reallocation for stack state (bsc#1012628). - bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues (bsc#1012628). - wifi: mac80211: fix general-protection-fault in ieee80211_subif_start_xmit() (bsc#1012628). - wifi: mac80211: Set TWT Information Frame Disabled bit as 1 (bsc#1012628). - bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE (bsc#1012628). - HID: hyperv: fix possible memory leak in mousevsc_probe() (bsc#1012628). - drm/vc4: hdmi: Fix HSM clock too low on Pi4 (bsc#1012628). - bpf, sock_map: Move cancel_work_sync() out of sock lock (bsc#1012628). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1012628). - bpf: Add helper macro bpf_for_each_reg_in_vstate (bsc#1012628). - bpf: Fix wrong reg type conversion in release_reference() (bsc#1012628). - net: gso: fix panic on frag_list with mixed head alloc types (bsc#1012628). - macsec: delete new rxsc when offload fails (bsc#1012628). - macsec: fix secy->n_rx_sc accounting (bsc#1012628). - macsec: fix detection of RXSCs when toggling offloading (bsc#1012628). - macsec: clear encryption keys from the stack after setting up offload (bsc#1012628). - octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (bsc#1012628). - net: tun: Fix memory leaks of napi_get_frags (bsc#1012628). - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (bsc#1012628). - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (bsc#1012628). - net: fman: Unregister ethernet device on removal (bsc#1012628). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (bsc#1012628). - phy: ralink: mt7621-pci: add sentinel to quirks table (bsc#1012628). - KVM: s390: pv: don't allow userspace to set the clock under PV (bsc#1012628). - KVM: s390: pci: Fix allocation size of aift kzdev elements (bsc#1012628). - net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event() (bsc#1012628). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (bsc#1012628). - net: wwan: iosm: fix memory leak in ipc_wwan_dellink (bsc#1012628). - net: wwan: mhi: fix memory leak in mhi_mbim_dellink (bsc#1012628). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (bsc#1012628). - tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (bsc#1012628). - platform/x86: p2sb: Don't fail if unknown CPU is found (bsc#1012628). - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (bsc#1012628). - can: af_can: fix NULL pointer dereference in can_rx_register() (bsc#1012628). - drm/i915/psr: Send update also on invalidate (bsc#1012628). - drm/i915: Do not set cache_dirty for DGFX (bsc#1012628). - net: stmmac: dwmac-meson8b: fix meson8b_devm_clk_prepare_enable() (bsc#1012628). - dt-bindings: net: tsnep: Fix typo on generic nvmem property (bsc#1012628). - net: broadcom: Fix BCMGENET Kconfig (bsc#1012628). - tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header (bsc#1012628). - dmaengine: pxa_dma: use platform_get_irq_optional (bsc#1012628). - dmanegine: idxd: reformat opcap output to match bitmap_parse() input (bsc#1012628). - dmaengine: idxd: Fix max batch size for Intel IAA (bsc#1012628). - dmaengine: idxd: fix RO device state error after been disabled/reset (bsc#1012628). - dmaengine: apple-admac: Fix grabbing of channels in of_xlate (bsc#1012628). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (bsc#1012628). - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (bsc#1012628). - dmaengine: stm32-dma: fix potential race between pause and resume (bsc#1012628). - net: lapbether: fix issue of invalid opcode in lapbeth_open() (bsc#1012628). - net: ethernet: mtk-star-emac: disable napi when connect and start PHY failed in mtk_star_enable() (bsc#1012628). - octeontx2-pf: Fix SQE threshold checking (bsc#1012628). - drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (bsc#1012628). - perf stat: Fix crash with --per-node --metric-only in CSV mode (bsc#1012628). - perf stat: Fix printing os->prefix in CSV metrics output (bsc#1012628). - perf test: Fix skipping branch stack sampling test (bsc#1012628). - perf tools: Add the include/perf/ directory to .gitignore (bsc#1012628). - netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg() (bsc#1012628). - netfilter: Cleanup nft_net->module_list from nf_tables_exit_net() (bsc#1012628). - net: marvell: prestera: fix memory leak in prestera_rxtx_switch_init() (bsc#1012628). - net: tun: call napi_schedule_prep() to ensure we own a napi (bsc#1012628). - net: nixge: disable napi when enable interrupts failed in nixge_open() (bsc#1012628). - net: wwan: iosm: fix memory leak in ipc_pcie_read_bios_cfg (bsc#1012628). - net: wwan: iosm: fix invalid mux header type (bsc#1012628). - net/mlx5: Bridge, verify LAG state when adding bond to bridge (bsc#1012628). - net/mlx5: Allow async trigger completion execution on single CPU systems (bsc#1012628). - net/mlx5: E-switch, Set to legacy mode if failed to change switchdev mode (bsc#1012628). - net/mlx5: fw_reset: Don't try to load device in case PCI isn't working (bsc#1012628). - net/mlx5e: Add missing sanity checks for max TX WQE size (bsc#1012628). - net/mlx5e: Fix tc acts array not to be dependent on enum order (bsc#1012628). - net/mlx5e: TC, Fix wrong rejection of packet-per-second policing (bsc#1012628). - net/mlx5e: E-Switch, Fix comparing termination table instance (bsc#1012628). - ice: Fix spurious interrupt during removal of trusted VF (bsc#1012628). - iavf: Fix VF driver counting VLAN 0 filters (bsc#1012628). - net: cpsw: disable napi in cpsw_ndo_open() (bsc#1012628). - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (bsc#1012628). - stmmac: intel: Update PCH PTP clock rate from 200MHz to 204.8MHz (bsc#1012628). - mctp: Fix an error handling path in mctp_init() (bsc#1012628). - cxgb4vf: shut down the adapter when t4vf_update_port_info() failed in cxgb4vf_open() (bsc#1012628). - stmmac: dwmac-loongson: fix missing pci_disable_msi() while module exiting (bsc#1012628). - stmmac: dwmac-loongson: fix missing pci_disable_device() in loongson_dwmac_probe() (bsc#1012628). - stmmac: dwmac-loongson: fix missing of_node_put() while module exiting (bsc#1012628). - net: phy: mscc: macsec: clear encryption keys when freeing a flow (bsc#1012628). - net: atlantic: macsec: clear encryption keys from the stack (bsc#1012628). - ethernet: s2io: disable napi when start nic failed in s2io_card_up() (bsc#1012628). - net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open() (bsc#1012628). - ALSA: memalloc: Don't fall back for SG-buffer with IOMMU (bsc#1012628). - ethernet: tundra: free irq when alloc ring failed in tsi108_open() (bsc#1012628). - net: macvlan: fix memory leaks of macvlan_common_newlink (bsc#1012628). - riscv: process: fix kernel info leakage (bsc#1012628). - riscv: vdso: fix build with llvm (bsc#1012628). - riscv: fix reserved memory setup (bsc#1012628). - eth: sp7021: drop free_netdev() from spl2sw_init_netdev() (bsc#1012628). - arm64: efi: Fix handling of misaligned runtime regions and drop warning (bsc#1012628). - MIPS: jump_label: Fix compat branch range check (bsc#1012628). - drm/amdgpu: Fix the lpfn checking condition in drm buddy (bsc#1012628). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (bsc#1012628). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (bsc#1012628). - mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI (bsc#1012628). - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (bsc#1012628). - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (bsc#1012628). - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (bsc#1012628). - ALSA: hda/hdmi - enable runtime pm for more AMD display audio (bsc#1012628). - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (bsc#1012628). - ALSA: hda: fix potential memleak in 'add_widget_node' (bsc#1012628). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (bsc#1012628). - ALSA: hda/realtek: Add Positivo C6300 model quirk (bsc#1012628). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (bsc#1012628). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (bsc#1012628). - vmlinux.lds.h: Fix placement of '.data..decrypted' section (bsc#1012628). - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (bsc#1012628). - nilfs2: fix deadlock in nilfs_count_free_blocks() (bsc#1012628). - nilfs2: fix use-after-free bug of ns_writer on remount (bsc#1012628). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (bsc#1012628). - drm/amd/display: Fix reg timeout in enc314_enable_fifo (bsc#1012628). - drm/amd/pm: update SMU IP v13.0.4 msg interface header (bsc#1012628). - drm/amd/display: Update SR watermarks for DCN314 (bsc#1012628). - drm/amdgpu: workaround for TLB seq race (bsc#1012628). - drm/amdgpu: disable BACO on special BEIGE_GOBY card (bsc#1012628). - drm/amdkfd: Fix error handling in criu_checkpoint (bsc#1012628). - drm/amdkfd: Fix error handling in kfd_criu_restore_events (bsc#1012628). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (bsc#1012628). - wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (bsc#1012628). - btrfs: fix match incorrectly in dev_args_match_device (bsc#1012628). - btrfs: selftests: fix wrong error check in btrfs_free_dummy_root() (bsc#1012628). - btrfs: zoned: clone zoned device info when cloning a device (bsc#1012628). - btrfs: zoned: initialize device's zone info for seeding (bsc#1012628). - io_uring: check for rollover of buffer ID when providing buffers (bsc#1012628). - phy: qcom-qmp-combo: fix NULL-deref on runtime resume (bsc#1012628). - net: ethernet: ti: am65-cpsw: Fix segmentation fault at module unload (bsc#1012628). - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (bsc#1012628). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1012628). - spi: intel: Use correct mask for flash and protected regions (bsc#1012628). - arch/x86/mm/hugetlbpage.c: pud_huge() returns 0 when using 2-level paging (bsc#1012628). - mm: hugetlb_vmemmap: include missing linux/moduleparam.h (bsc#1012628). - dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (bsc#1012628). - mm/damon/dbgfs: check if rm_contexts input is for a real context (bsc#1012628). - mm/memremap.c: map FS_DAX device memory as decrypted (bsc#1012628). - mm/shmem: use page_mapping() to detect page cache for uffd continue (bsc#1012628). - can: j1939: j1939_send_one(): fix missing CAN header initialization (bsc#1012628). - can: isotp: fix tx state handling for echo tx processing (bsc#1012628). - can: rcar_canfd: Add missing ECC error checks for channels 2-7 (bsc#1012628). - KVM: x86/mmu: Block all page faults during kvm_zap_gfn_range() (bsc#1012628). - KVM: x86/pmu: Do not speculatively query Intel GP PMCs that don't exist yet (bsc#1012628). - KVM: x86: use a separate asm-offsets.c file (bsc#1012628). - KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (bsc#1012628). - KVM: SVM: adjust register allocation for __svm_vcpu_run() (bsc#1012628). - KVM: SVM: Only dump VMSA to klog at KERN_DEBUG level (bsc#1012628). - KVM: SVM: retrieve VMCB from assembly (bsc#1012628). - KVM: SVM: move guest vmsave/vmload back to assembly (bsc#1012628). - can: dev: fix skb drop check (bsc#1012628). - dmaengine: at_hdmac: Fix at_lli struct definition (bsc#1012628). - dmaengine: at_hdmac: Don't start transactions at tx_submit level (bsc#1012628). - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (bsc#1012628). - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (bsc#1012628). - dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (bsc#1012628). - dmaengine: at_hdmac: Protect atchan->status with the channel lock (bsc#1012628). - dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (bsc#1012628). - dmaengine: at_hdmac: Fix concurrency over descriptor (bsc#1012628). - dmaengine: at_hdmac: Free the memset buf without holding the chan lock (bsc#1012628). - dmaengine: at_hdmac: Fix concurrency over the active list (bsc#1012628). - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (bsc#1012628). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (bsc#1012628). - dmaengine: at_hdmac: Don't allow CPU to reorder channel enable (bsc#1012628). - dmaengine: at_hdmac: Fix impossible condition (bsc#1012628). - dmaengine: at_hdmac: Check return code of dma_async_device_register (bsc#1012628). - drm/amdkfd: Migrate in CPU page fault use current mm (bsc#1012628). - ALSA: memalloc: Try dma_alloc_noncontiguous() at first (bsc#1012628). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1012628). - commit 9c9388f ++++ krb5: - Update to 1.20.1; (bsc#1205126); (CVE-2022-42898); * Fix integer overflows in PAC parsing [CVE-2022-42898]. * Fix null deref in KDC when decoding invalid NDR. * Fix memory leak in OTP kdcpreauth module. * Fix PKCS11 module path search. ++++ llvm15: - Update to version 15.0.5. * This release contains bug-fixes for the LLVM 15.0.0 release. This release is API and ABI compatible with 15.0.0. - Remove obsolete lldb-swig-4.1.0-build-fix.patch. - Rebase llvm-do-not-install-static-libraries.patch. ++++ libXft: - Update to version 2.3.7 * libxft issue #15 https://gitlab.freedesktop.org/xorg/lib/libxft/-/issues/15 XftFontLoadGlyphs for mono font returns wrong info in extents from XftTextExtentsUtf8 for variable chars Patch by Scott Mcdermott, based on https://github.com/googlefonts/Inconsolata/issues/42 * fix compiler warning * libxft issue #16 https://gitlab.freedesktop.org/xorg/lib/libxft/-/issues/16 Stack gets smashed in fonts with colors when calling XftGlyphRender BGRA changes made incorrect comparison for local vs allocated buffer in XftGlyphSpecRender * stdint.h header is needed for SIZE_MAX ++++ lcms2: - Removed reverse-0001-fix-memory-leaks-on-testbed.patch and added 0001-fix-memory-corruption-when-unregistering-plugins.patch as final fix for https://github.com/hughsie/colord/issues/145 ++++ open-iscsi: - Updated to latest upstream. Changes: * iscsid/iscsiuio: fix OOM adjustment (github issue #377) ++++ qemu: - Raise the maximum number of vCPUs a VM can have to 1024 (jsc#PED-2592) * Patches added: pc-q35-Bump-max_cpus-to-1024.patch ++++ systemd-presets-common-SUSE: - enable user side autostart of drkonqi socket (bsc#1203493). ------------------------------------------------------------------ ------------------ 2022-11-15 - Nov 15 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - try to fix build on ppc64le due to running OOM (boo#1205441) * let's request 20G of physical memory via _constraints file ++++ Mesa-drivers: - try to fix build on ppc64le due to running OOM (boo#1205441) * let's request 20G of physical memory via _constraints file ++++ ansible: - update to 6.6.0: Ansible 6.6.0 will include ansible-core 2.13.6 as well as a curated set of Ansible collections to provide a vast number of modules and plugins. * The changelog for ansible-core 2.13 installed by this release of ansible is available here: https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst * Collections which have opted into being a part of the Ansible-6 unified changelog will have an entry on this page: https://github.com/ansible-community/ansible-build-data/blob/main/6/CHANGELOG-v6.rst ++++ ansible-core: - update to 2.13.6: Changelog https://github.com/ansible/ansible/blob/v2.13.6/changelogs/CHANGELOG-v2.13.rst * Minor Changes - ansible-test - Improve consistency of version specific documentation links. * Bugfixes - BSD network facts - Do not assume column indexes, look for netmask and broadcast for determining the correct columns when parsing inet line (#79117) - ansible-galaxy - make initial call to Galaxy server on-demand only when installing, getting info about, and listing roles. - ansible-test - Add wheel < 0.38.0 constraint for Python 3.6 and earlier. - ansible-test - Fix broken documentation link for aws test plugin error messages. - copy module will no longer move 'non files' set as src when remote_src=true. - file lookup now handles missing files more gracefully. - service_facts - Use python re to parse service output instead of grep (#78541) - updated error messages to include 'acl' and not just mode changes when failing to set required permissions on remote. ++++ dracut: - Update to version 057+suse.344.g021aead9: * fix(dracut-systemd): run systemctl daemon-reload after remove_hostonly_files * fix(dracut.sh): improve detection of installed kernel versions (bsc#1205175) * fix(network-manager): always install the library plugins directory (bsc#1202014) * feat(dracut-init.sh): add inst_libdir_dir() helper (bsc#1202014) ++++ hwdata: - update to 0.364: + Updated pci, usb and vendor ids. ++++ texinfo: - Update to version 7.0 (7 November 2022) * texi2any * LaTeX added as an output format, selected with --latex * EPUB 3 added as an output format, selected with --epub3 * reform throughout the code in general * thorough review of character encoding issues * new customization variables involved with character encoding: INPUT_FILE_NAME_ENCODING, OUTPUT_FILE_NAME_ENCODING, DOC_ENCODING_FOR_INPUT_FILE_NAME, DOC_ENCODING_FOR_OUTPUT_FILE_NAME, MESSAGE_ENCODING and COMMAND_LINE_ENCODING * warn if full-text commands (@ref, @footnote, @anchor) appear in @w * new variable NO_TOP_NODE_OUTPUT * IGNORE_BEFORE_SETFILENAME variable removed. former effect is now always on. * HTML output: * use manual_name_html as output directory for split HTML instead of manual_name or manual_name.html * default DOCTYPE declaration changed to plain HTML5 style rather than HTML4 DTD reference * output only the CSS rules that are needed in an output file . remove CSS_LINES variable and add SHOW_BUILTIN_CSS_RULES * (custom CSS can still be output using EXTRA_HEAD) * use tag for the output of @t and @verb instead of * use for @acronym instead of * link to table of contents from short table of contents only if a table of contents is actually output * prefix classes from @example arguments with `user-' * percent encode URL in @url/@uref, @email, @image and external manual file * new USE_XML_SYNTAX, HTML_ROOT_ELEMENT_ATTRIBUTES and NO_CUSTOM_HTML_ATTRIBUTE variables can be used to output valid XHTML * systematic addition of classes attribute in HTML elements based on the Texinfo @-command names. renaming of class attributes to avoid confusion with @-commands formatting and describe the role in the document rather than the formatting style. * COPIABLE_ANCHORS renamed to COPIABLE_LINKS * do not add a title by default; SHOW_TITLE or NO_TOP_NODE_OUTPUT has to be set * USE_TITLEPAGE_FOR_TITLE is now true by default * L2H variable removed, replaced by HTML_MATH set to `l2h' * rename OVERVIEW_LINK_TO_TOC to SHORT_TOC_LINK_TO_TOC * rename BEFORE_OVERVIEW to BEFORE_SHORT_TOC_LINE * rename AFTER_OVERVIEW to AFTER_SHORT_TOC_LINES * remove PRE_ABOUT, AFTER_ABOUT, and add PROGRAM_NAME_IN_ABOUT * remove KEEP_TOP_EXTERNAL_REF * new variables IGNORE_REF_TO_TOP_NODE_UP, CONVERT_TO_LATEX_IN_MATH, HTMLXREF_MODE and HTMLXREF_FILE * DocBook output: * do not output Top node or text before the first @node or sectioning @-command. NO_TOP_NODE_OUTPUT can be set to false to output Top node for now. * replace @definfocenlose defined @-commands by the argument as-is to be more consistent with printed output * HTML/DocBook output: * USE_NUMERIC_ENTITY changed to mean to use numeric entities instead of named entities. former effect is now always on. * ENABLE_ENCODING_USE_ENTITY variable removed. former effect is now always off. * Info output * quote problematic node names (with :, comma...) by default * new customization variable ASCII_PUNCTUATION to use plain ASCII characters for quotation marks and a few other symbols * texinfo.tex * `@microtype on' uses microtypography in formatting for pdfTeX and LuaTeX * do not ignore @part page immediately following Top node * do `@set txicodevaristt' to get slanted typewriter for @var in code, `@clear txicodevaristt' to use slanted, variable-width roman font for @var everywhere. flag is @set by default, but we may turn this off in the future. * new file doc/texinfo-zh.tex for Texinfo documents in Chinese. new support file doc/txi-zh.tex for Chinese. doc/short-sample-zh.texi is a sample document. * info * better support for index entries containing parentheses * better support for getting bold text etc. when displaying manpages * bug fixed where the first index entry in a file could be ignored * M-C-f closes as well as opens footnotes window * do not crash if run in Brazilian Portuguese locale * Language * @deftype* commands use typewriter font in argument list * new commands @latex, @iflatex, @ifnotlatex for new LaTeX output format * do `@set txidefnamenospace' to omit space after a definition name * Other * build fixed for glibc 2.34 - Delete patch 13a8894fe2.patch as now part of upstream tar ball ++++ kernel-default: - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100). - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100). - commit 218191a - Update config files (bsc#1205447). INTEGRITY_MACHINE_KEYRING=y IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=n - commit bbfbe90 ++++ snapper: - fix build with upcoming boost 1.81 ++++ virt-manager: - bsc#1203252 - virt-manager regression - cannot add second virtio-scsi controller virtman-fix-uninitialized-controller-index.patch ------------------------------------------------------------------ ------------------ 2022-11-14 - Nov 14 2022 ------------------- ------------------------------------------------------------------ ++++ libalternatives: - switch to a manual service rather than a buildtime tar service which introduces a bootstrap cycle between python and tar_scm ++++ grub2: - Removed 0001-linux-fix-efi_relocate_kernel-failure.patch as reported regression in some hardware being stuck in initrd loading (bsc#1205380) - Fix password asked twice if third field in crypttab not present (bsc#1205312) * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch ++++ kernel-firmware: - Update to version 20221109 (git commit 60310c2deb8c): * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * amdgpu: update DMCUB firmware for DCN 3.1.6 * rtl_bt: Update RTL8822C BT UART firmware to 0xFFB8_ABD6 * rtl_bt: Update RTL8822C BT USB firmware to 0xFFB8_ABD3 * WHENCE: mrvl: prestera: Add WHENCE entries for newly updated 4.1 FW images * mrvl: prestera: Update Marvell Prestera Switchdev FW to v4.1 * iwlwifi: add new FWs from core74_pv-60 release * qcom: drop split a530_zap firmware file * qcom/vpu-1.0: drop split firmware in favour of the mbn file * qcom/venus-4.2: drop split firmware in favour of the mbn file * qcom/venus-4.2: replace split firmware with the mbn file * qcom/venus-1.8: replace split firmware with the mbn file ++++ libeconf: - Update to version 0.4.8+git20221114.7ff7704: * Parsing files which are containing keys only (#170) All delimiters are allowed now : "", " =", " ", "=". But the user should use "" in order to be distinct. * /usr/etc/shells.d/ will not be parsed if /etc/shells.d/ is defined too. * Lto build fixed (#168) * New calls: econf_comment_tag, econf_delimiter_tag, econf_set_comment_tag, econf_set_delimiter_tag * Checking UID,GroupID, permissions,... of the parsed files (#165) New calls: econf_requireOwner, econf_requireGroup, econf_requirePermissions, econf_followSymlinks * Ignoring Group without brackets; Do not hold brackets in the internal data structure. (#164) * Error handling improved for nums and booleans (#163) ++++ ncurses: - Add ncurses patch 20221112 + build-fixes for AdaCurses RPM test-package. ++++ systemd: - Upgrade to v252.1 (commit 64dc546913525e33e734500055a62ed0e963c227) See https://github.com/openSUSE/systemd/blob/SUSE/v252/NEWS for details. This includes the following bug fixes: - upstream commit 67c3e1f63a5221b47a8fea85ae421671f29f3b7e (bsc#1200723) * Rebased 0001-conf-parser-introduce-early-drop-ins.patch 1000-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch * The new tools systemd-measure and systemd-pcrphase have been added to the experimental sub-package for now. * Add temporarly 6000-meson-install-test-kernel-install-only-when-Dkernel-.patch until this patch is mainstreamed. ++++ tiff: - security update: * CVE-2022-3970 [bsc#1205392] + tiff-CVE-2022-3970.patch ++++ python-setuptools: - Delete remove_mock.patch, that's not needed anymore, it's upstreamed - Update to 65.5.1: * #3638: Drop a test dependency on the mock package, always use :external+python:py:mod:`unittest.mock` -- by :user:`hroncok` * #3659: Fixed REDoS vector in package_index. ------------------------------------------------------------------ ------------------ 2022-11-13 - Nov 13 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update to 6.1-rc5 - update configs - CONFIG_DRM_RCAR_USE_MIPI_DSI=n (y on arm64, like DRM_RCAR_MIPI_DSI) - IOSM=n (except x86) - TEST_MAPLE_TREE=n - s390x/zfcpdump: RANDOMIZE_BASE=n - commit 4b98107 ++++ tiff: - security update: * CVE-2022-3597 [bsc#1204641] * CVE-2022-3626 [bsc#1204644] * CVE-2022-3627 [bsc#1204645] + tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch * CVE-2022-3599 [bsc#1204643] + tiff-CVE-2022-3599.patch * CVE-2022-3598 [bsc#1204642] + tiff-CVE-2022-3598.patch ------------------------------------------------------------------ ------------------ 2022-11-12 - Nov 12 2022 ------------------- ------------------------------------------------------------------ ++++ libappindicator: - Let the rpm provide libappindicator-gtk3 for EL8 compat ++++ nerdctl: - Update to version 1.0.0: * nerdctl run * Add --log-driver=syslog * Add --log-opt=log-path= option for json-file logging drivers * Add --mac-address flag * Support --pid=container: * nerdctl build: * Support --build-arg args without explicit value * Support --output=DIR as an alias of --output type=local,dest= * nerdctl compose: * Add nerdctl compose version command * nerdctl-full: * Update imgcrypt (1.1.7), BuildKit (0.10.5), stargz-snapshotter (0.12.1), Kubo (0.16.0) ++++ ovmf: - Change the size of ovmf-x86_64 back to 2MB, and remove EFI shell to reduce the fv image size. - Originally the reason of changing the size of ovmf-x86_64 to 4MB is for preventing OBS exposes the following error: [ 266s] GenFv: ERROR 3000: Invalid [ 266s] the required fv image size 0x1afed8 exceeds the set fv image size 0x1ac000 The fv image size is too big. But we found that change ovmf-x86_64 to 4MB causes live migration problem on qemu. (bsc#1204220) - So let's change the size of ovmf_x86_64 back to 2MB and remove EFI shell to reduce the fv image size. If user wants to use EFI shell, they should move to ovmf-x86_64-4m image. So we add the "-D EXCLUDE_SHELL" build option to ovmf-x86_64 flavor in ovmf.spec. (bsc#1204220) ------------------------------------------------------------------ ------------------ 2022-11-11 - Nov 11 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Linux 6.0.8 (bsc#1012628). - usb: dwc3: gadget: Force sending delayed status during soft disconnect (bsc#1012628). - usb: dwc3: gadget: Don't delay End Transfer on delayed_status (bsc#1012628). - RDMA/cma: Use output interface for net_dev check (bsc#1012628). - IB/hfi1: Correctly move list in sc_disable() (bsc#1012628). - RDMA/hns: Disable local invalidate operation (bsc#1012628). - RDMA/hns: Fix NULL pointer problem in free_mr_init() (bsc#1012628). - docs/process/howto: Replace C89 with C11 (bsc#1012628). - RDMA/rxe: Fix mr leak in RESPST_ERR_RNR (bsc#1012628). - NFSv4: Fix a potential state reclaim deadlock (bsc#1012628). - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (bsc#1012628). - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (bsc#1012628). - SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed (bsc#1012628). - NFSv4.2: Fixup CLONE dest file size for zero-length count (bsc#1012628). - nfs4: Fix kmemleak when allocate slot failed (bsc#1012628). - net: dsa: Fix possible memory leaks in dsa_loop_init() (bsc#1012628). - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (bsc#1012628). - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (bsc#1012628). - tools/nolibc: Fix missing strlen() definition and infinite loop with gcc-12 (bsc#1012628). - net: dsa: fall back to default tagger if we can't load the one from DT (bsc#1012628). - nfc: fdp: Fix potential memory leak in fdp_nci_send() (bsc#1012628). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (bsc#1012628). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (bsc#1012628). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (bsc#1012628). - net: fec: fix improper use of NETDEV_TX_BUSY (bsc#1012628). - ata: pata_legacy: fix pdc20230_set_piomode() (bsc#1012628). - ata: palmld: fix return value check in palmld_pata_probe() (bsc#1012628). - net: sched: Fix use after free in red_enqueue() (bsc#1012628). - net: tun: fix bugs for oversize packet when napi frags enabled (bsc#1012628). - netfilter: nf_tables: netlink notifier might race to release objects (bsc#1012628). - netfilter: nf_tables: release flow rule object from commit path (bsc#1012628). - sfc: Fix an error handling path in efx_pci_probe() (bsc#1012628). - nfsd: fix nfsd_file_unhash_and_dispose (bsc#1012628). - nfsd: fix net-namespace logic in __nfsd_file_cache_purge (bsc#1012628). - net: lan966x: Fix the MTU calculation (bsc#1012628). - net: lan966x: Adjust maximum frame size when vlan is enabled/disabled (bsc#1012628). - net: lan966x: Fix FDMA when MTU is changed (bsc#1012628). - net: lan966x: Fix unmapping of received frames using FDMA (bsc#1012628). - ipvs: use explicitly signed chars (bsc#1012628). - ipvs: fix WARNING in __ip_vs_cleanup_batch() (bsc#1012628). - ipvs: fix WARNING in ip_vs_app_net_cleanup() (bsc#1012628). - rose: Fix NULL pointer dereference in rose_send_frame() (bsc#1012628). - mISDN: fix possible memory leak in mISDN_register_device() (bsc#1012628). - isdn: mISDN: netjet: fix wrong check of device registration (bsc#1012628). - btrfs: fix inode list leak during backref walking at resolve_indirect_refs() (bsc#1012628). - btrfs: fix inode list leak during backref walking at find_parent_nodes() (bsc#1012628). - btrfs: fix ulist leaks in error paths of qgroup self tests (bsc#1012628). - netfilter: ipset: enforce documented limit to prevent allocating huge memory (bsc#1012628). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (bsc#1012628). - Bluetooth: hci_conn: Fix CIS connection dst_type handling (bsc#1012628). - Bluetooth: virtio_bt: Use skb_put to set length (bsc#1012628). - Bluetooth: L2CAP: Fix memory leak in vhci_write (bsc#1012628). - Bluetooth: hci_conn: Fix not restoring ISO buffer count on disconnect (bsc#1012628). - net: mdio: fix undefined behavior in bit shift for __mdiobus_register (bsc#1012628). - ibmvnic: Free rwi on reset success (bsc#1012628). - stmmac: dwmac-loongson: fix invalid mdio_node (bsc#1012628). - net/smc: Fix possible leaked pernet namespace in smc_init() (bsc#1012628). - net, neigh: Fix null-ptr-deref in neigh_table_clear() (bsc#1012628). - bridge: Fix flushing of dynamic FDB entries (bsc#1012628). - ipv6: fix WARNING in ip6_route_net_exit_late() (bsc#1012628). - vsock: fix possible infinite sleep in vsock_connectible_wait_data() (bsc#1012628). - iio: adc: stm32-adc: fix channel sampling time init (bsc#1012628). - media: rkisp1: Fix source pad format configuration (bsc#1012628). - media: rkisp1: Don't pass the quantization to rkisp1_csm_config() (bsc#1012628). - media: rkisp1: Initialize color space on resizer sink and source pads (bsc#1012628). - media: rkisp1: Use correct macro for gradient registers (bsc#1012628). - media: rkisp1: Zero v4l2_subdev_format fields in when validating links (bsc#1012628). - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (bsc#1012628). - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (bsc#1012628). - media: dvb-frontends/drxk: initialize err to 0 (bsc#1012628). - media: platform: cros-ec: Add Kuldax to the match table (bsc#1012628). - media: meson: vdec: fix possible refcount leak in vdec_probe() (bsc#1012628). - media: hantro: Store HEVC bit depth in context (bsc#1012628). - media: hantro: HEVC: Fix auxilary buffer size calculation (bsc#1012628). - media: hantro: HEVC: Fix chroma offset computation (bsc#1012628). - media: v4l: subdev: Fail graciously when getting try data for NULL state (bsc#1012628). - drm/vc4: hdmi: Check the HSM rate at runtime_resume (bsc#1012628). - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (bsc#1012628). - hwrng: bcm2835 - use hwrng_msleep() instead of cpu_relax() (bsc#1012628). - io_uring: don't iopoll from io_ring_ctx_wait_and_kill() (bsc#1012628). - scsi: core: Restrict legal sdev_state transitions via sysfs (bsc#1012628). - HID: saitek: add madcatz variant of MMO7 mouse device ID (bsc#1012628). - drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV case (bsc#1012628). - drm/amd/pm: skip loading pptable from driver on secure board for smu_v13_0_10 (bsc#1012628). - drm/amdkfd: Fix type of reset_type parameter in hqd_destroy() callback (bsc#1012628). - drm/amdgpu: Program GC registers through RLCG interface in gfx_v11/gmc_v11 (bsc#1012628). - drm/amdgpu: dequeue mes scheduler during fini (bsc#1012628). - nvme-pci: disable write zeroes on various Kingston SSD (bsc#1012628). - i2c: xiic: Add platform module alias (bsc#1012628). - bio: safeguard REQ_ALLOC_CACHE bio put (bsc#1012628). - clk: rs9: Fix I2C accessors (bsc#1012628). - arm64: dts: imx8mm: Enable CPLD_Dn pull down resistor on MX8Menlo (bsc#1012628). - efi/tpm: Pass correct address to memblock_reserve (bsc#1012628). - clk: renesas: r8a779g0: Fix HSCIF parent clocks (bsc#1012628). - clk: qcom: Update the force mem core bit for GPU clocks (bsc#1012628). - arm64: dts: verdin-imx8mp: fix ctrl_sleep_moci (bsc#1012628). - arm64: dts: imx8mm: remove otg1/2 power domain dependency on hsio (bsc#1012628). - arm64: dts: imx8mm: correct usb power domains (bsc#1012628). - arm64: dts: imx8mn: remove otg1 power domain dependency on hsio (bsc#1012628). - arm64: dts: imx8mn: Correct the usb power domain (bsc#1012628). - ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (bsc#1012628). - arm64: dts: imx8: correct clock order (bsc#1012628). - arm64: dts: imx93: add gpio clk (bsc#1012628). - arm64: dts: imx93: correct gpio-ranges (bsc#1012628). - arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (bsc#1012628). - arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (bsc#1012628). - arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (bsc#1012628). - drm/rockchip: dw_hdmi: filter regulator -EPROBE_DEFER error messages (bsc#1012628). - drm/rockchip: fix fbdev on non-IOMMU devices (bsc#1012628). - drm/i915: stop abusing swiotlb_max_segment (bsc#1012628). - ublk_drv: return flag of UBLK_F_URING_CMD_COMP_IN_TASK in case of module (bsc#1012628). - block: Fix possible memory leak for rq_wb on add_disk failure (bsc#1012628). - blk-mq: Fix kmemleak in blk_mq_init_allocated_queue (bsc#1012628). - ARM: dts: ux500: Add trips to battery thermal zones (bsc#1012628). - firmware: arm_scmi: Suppress the driver's bind attributes (bsc#1012628). - firmware: arm_scmi: Make Rx chan_setup fail on memory errors (bsc#1012628). - firmware: arm_scmi: Fix devres allocation device in virtio transport (bsc#1012628). - firmware: arm_scmi: Fix deferred_tx_wq release on error paths (bsc#1012628). - arm64: dts: juno: Add thermal critical trip points (bsc#1012628). - i2c: piix4: Fix adapter not be removed in piix4_remove() (bsc#1012628). - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (bsc#1012628). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (bsc#1012628). - fscrypt: stop using keyrings subsystem for fscrypt_master_key (bsc#1012628). - fscrypt: fix keyring memory leak on mount failure (bsc#1012628). - clk: renesas: r8a779g0: Add SASYNCPER clocks (bsc#1012628). - btrfs: fix lost file sync on direct IO write with nowait and dsync iocb (bsc#1012628). - btrfs: fix tree mod log mishandling of reallocated nodes (bsc#1012628). - btrfs: fix type of parameter generation in btrfs_get_dentry (bsc#1012628). - btrfs: don't use btrfs_chunk::sub_stripes from disk (bsc#1012628). - btrfs: fix a memory allocation failure test in btrfs_submit_direct (bsc#1012628). - ACPI: NUMA: Add CXL CFMWS 'nodes' to the possible nodes set (bsc#1012628). - cxl/pmem: Fix cxl_pmem_region and cxl_memdev leak (bsc#1012628). - cxl/region: Fix decoder allocation crash (bsc#1012628). - cxl/region: Fix region HPA ordering validation (bsc#1012628). - cxl/region: Fix cxl_region leak, cleanup targets at region delete (bsc#1012628). - cxl/region: Fix 'distance' calculation with passthrough ports (bsc#1012628). - ftrace: Fix use-after-free for dynamic ftrace_ops (bsc#1012628). - tracing/fprobe: Fix to check whether fprobe is registered correctly (bsc#1012628). - fprobe: Check rethook_alloc() return in rethook initialization (bsc#1012628). - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (bsc#1012628). - kprobe: reverse kp->flags when arm_kprobe failed (bsc#1012628). - tools/nolibc/string: Fix memcmp() implementation (bsc#1012628). - tracing/histogram: Update document for KEYS_MAX size (bsc#1012628). - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (bsc#1012628). - fuse: add file_modified() to fallocate (bsc#1012628). - fuse: fix readdir cache race (bsc#1012628). - selftests/landlock: Build without static libraries (bsc#1012628). - efi: random: reduce seed size to 32 bytes (bsc#1012628). - efi: random: Use 'ACPI reclaim' memory for random seed (bsc#1012628). - efi: efivars: Fix variable writes with unsupported query_variable_store() (bsc#1012628). - net/ulp: remove SOCK_SUPPORT_ZC from tls sockets (bsc#1012628). - arm64: entry: avoid kprobe recursion (bsc#1012628). - ARM: dts: imx6dl-yapp4: Do not allow PM to switch PU regulator off on Q/QP (bsc#1012628). - perf/x86/intel: Fix pebs event constraints for ICL (bsc#1012628). - perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[] (bsc#1012628). - perf/x86/intel: Fix pebs event constraints for SPR (bsc#1012628). - net: remove SOCK_SUPPORT_ZC from sockmap (bsc#1012628). - net: also flag accepted sockets supporting msghdr originated zerocopy (bsc#1012628). - parisc: Make 8250_gsc driver dependend on CONFIG_PARISC (bsc#1012628). - parisc: Export iosapic_serial_irq() symbol for serial port driver (bsc#1012628). - parisc: Avoid printing the hardware path twice (bsc#1012628). - ext4: fix warning in 'ext4_da_release_space' (bsc#1012628). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1012628). - ext4: update the backup superblock's at the end of the online resize (bsc#1012628). - x86/tdx: Prepare for using "INFO" call for a second purpose (bsc#1012628). - x86/tdx: Panic on bad configs that #VE on "private" memory access (bsc#1012628). - x86/syscall: Include asm/ptrace.h in syscall_wrapper header (bsc#1012628). - KVM: x86: Mask off reserved bits in CPUID.80000006H (bsc#1012628). - KVM: x86: Mask off reserved bits in CPUID.8000001AH (bsc#1012628). - KVM: x86: Mask off reserved bits in CPUID.80000008H (bsc#1012628). - KVM: x86: Mask off reserved bits in CPUID.80000001H (bsc#1012628). - KVM: x86: Mask off reserved bits in CPUID.8000001FH (bsc#1012628). - KVM: VMX: Advertise PMU LBRs if and only if perf supports LBRs (bsc#1012628). - KVM: VMX: Fold vmx_supported_debugctl() into vcpu_supported_debugctl() (bsc#1012628). - KVM: VMX: Ignore guest CPUID for host userspace writes to DEBUGCTL (bsc#1012628). - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (bsc#1012628). - KVM: Initialize gfn_to_pfn_cache locks in dedicated helper (bsc#1012628). - KVM: Reject attempts to consume or refresh inactive gfn_to_pfn_cache (bsc#1012628). - KVM: arm64: Fix bad dereference on MTE-enabled systems (bsc#1012628). - KVM: arm64: Fix SMPRI_EL1/TPIDR2_EL0 trapping on VHE (bsc#1012628). - KVM: x86: smm: number of GPRs in the SMRAM image depends on the image format (bsc#1012628). - KVM: x86: emulator: em_sysexit should update ctxt->mode (bsc#1012628). - KVM: x86: emulator: update the emulation mode after CR0 write (bsc#1012628). - ext4,f2fs: fix readahead of verity data (bsc#1012628). - cifs: fix regression in very old smb1 mounts (bsc#1012628). - drm/rockchip: dsi: Clean up 'usage_mode' when failing to attach (bsc#1012628). - drm/rockchip: dsi: Force synchronous probe (bsc#1012628). - drm/amdgpu: disable GFXOFF during compute for GFX11 (bsc#1012628). - drm/amd/display: Update latencies on DCN321 (bsc#1012628). - drm/amd/display: Update DSC capabilitie for DCN314 (bsc#1012628). - drm/i915/sdvo: Filter out invalid outputs more sensibly (bsc#1012628). - drm/i915/sdvo: Setup DDC fully before output init (bsc#1012628). - commit 1579d93 ++++ libX11: - Update to version 1.8.2 * This is primarily a bug fix release, including further work on improving the thread-safety-constructor and making it work with software which had incorrectly called libX11 functions from inside X*IfEvent() calls. - supersedes U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch ++++ mozilla-nss: - update to NSS 3.84 * bmo#1791699 - Bump minimum NSPR version to 4.35 * bmo#1792103 - Add a flag to disable building libnssckbi. ++++ lcms2: - Added reverse-0001-fix-memory-leaks-on-testbed.patch to fix colord's i586 build failure ++++ libslirp: - added patches fix https://gitlab.freedesktop.org/slirp/libslirp/-/issues/64 + libslirp-semicolon.patch ++++ libvirt: - tests: Fix libxlxml2domconfigtest f81ee7b5-tests-Fix-libxlxml2domconfigtest.patch bsc#1205204 ++++ python-testtools: - silent rpmlint - python-six is not required ------------------------------------------------------------------ ------------------ 2022-11-10 - Nov 10 2022 ------------------- ------------------------------------------------------------------ ++++ cni: - Update to version 1.1.2: * spec: fix format * libcni: handle empty version when parsing version * [exec-plugins]: support plugin lists This is a minor update to the CNI libraries and tooling. This does not bump the protocol / spec version, which remains at v1.0.0 ++++ glibc: - nscd: Convert to systemd-sysusers ++++ kernel-default: - Disable sysfb before creating simple-framebuffer (bsc#1204315) - commit 85b6c0f ++++ libcontainers-common: - postinstall script: slight cleanup, no functional change ++++ libnftnl: - Update to release 1.2.4 * rule, set_elem: remove trailing \n in userdata snprintf * libnftnl: Fix res_id byte order ++++ openssh: - Update openssh-8.1p1-audit.patch: Merge fix for race condition (bsc#1115550, bsc#1174162). - Add openssh-do-not-send-empty-message.patch, which prevents superfluous newlines with empty MOTD files (bsc#1192439). ------------------------------------------------------------------ ------------------ 2022-11-9 - Nov 9 2022 ------------------- ------------------------------------------------------------------ ++++ bash: - Add upstream patches * bash52-003 Command substitutions need to preserve newlines instead of replacing them with semicolons, especially in the presence of multiple here-documents. * bash52-004 Bash needs to keep better track of nested brace expansions to avoid problems with quoting and POSIX semantics. * bash52-005 Null pattern substitution replacement strings can cause a crash. * bash52-006 In interactive shells, interrupting the shell while entering a command substitution can inhibit alias expansion. * bash52-007 This patch fixes several problems with alias expansion inside command substitutions when in POSIX mode. * bash52-008 Array subscript expansion can inappropriately quote brackets if the expression contains < or >. * bash52-009 Bash arithmetic expansion should allow `@' and `*' to be used as associative array keys in expressions. ++++ elfutils: - align patches section - remove date/time handling weirdness, elfutils does no longer use __DATE__ or __TIME__ (as proven by the newly added -Werror=date-time) ++++ kernel-default: - Refresh patches.suse/Bluetooth-L2CAP-fix-use-after-free-in-l2cap_conn_del.patch. Update upstream status. - commit 9a7c768 - Delete synaptics touchpad workaround patch (bsc#1194086) This was confirmed to be superfluous now - commit 4ff425d - Update config files for enabling CONFIG_SECONDARY_TRUSTED_KEYRING In some architectures, e.g. ppc64, riscv64, x86_64, we have enabled the CONFIG_SECONDARY_TRUSTED_KEYRING and children kernel config. But we didn't enable it in other architectures. In the future, the CONFIG_SECONDARY_TRUSTED_KEYRING will be used with IMA in different architectures. So let's enable it in Tumbleweed in all architectures to align with SLE/Leap. Then user can use it for preparing IMA functions with secondary trusted keyring. (bsc#1203739) - commit 86a9f2f ++++ polkit: - read actions also from /etc/polkit-1/actions (jsc#PED-1405) added polkit-actions-in-etc.patch ++++ python310-core: - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding extremely long domain names. ++++ python310: - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding extremely long domain names. ++++ python-pyzmq: - Fix build with OpenSSL 3.0 [bsc#1205042] * Temporarily disable test_on_recv_basic ++++ qemu: - install SeaBIOS documentation ------------------------------------------------------------------ ------------------ 2022-11-8 - Nov 8 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - third bugfix release * some regressions in CI worked out * a bit of everything, and nothing too crazy - supersedes u_0001-gallivm-Fix-LLVM-optimization-with-the-new-pass-mana.patch - supersedes u_nouveau-corrupted-colors-boo1203949.patch - get rid of Mesa-libVulkan-devel(-32bit) package, which is no longer needed at all by providing/obsoleting it by libvulkan_intel ++++ Mesa-drivers: - third bugfix release * some regressions in CI worked out * a bit of everything, and nothing too crazy - supersedes u_0001-gallivm-Fix-LLVM-optimization-with-the-new-pass-mana.patch - supersedes u_nouveau-corrupted-colors-boo1203949.patch - get rid of Mesa-libVulkan-devel(-32bit) package, which is no longer needed at all by providing/obsoleting it by libvulkan_intel ++++ fontconfig: - update to 2.14.1: * Bump the cache version to 8 in doc/fontconfig-user.sgm * Enable 10-sub-pixel-rgb.conf by default * build fixes and translation updates * Avoid misuse of ctype ++++ gnutls: - Verify only the libgnutls library HMAC [bsc#1199881] * Do not use the brp-50-generate-fips-hmac script as this is now calculated with the internal fipshmac tool. * Add gnutls-verify-library-HMAC.patch ++++ kernel-default: - Move upstreamed tracing patch into sorted section - commit de51707 - ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111). - ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111). - commit 0d318d5 - rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE This new form was added in commit b8c86872d1dc (riscv: fix detection of toolchain Zicbom support). - commit e9f2ba6 ++++ libbpf: - Fix out-of-bound heap write (boo#1194248 boo#1194249 CVE-2021-45940 CVE-2021-45941) + libbpf-Use-elf_getshdrnum-instead-of-e_shnum.patch - Fix use-after-free in btf_dump_name_dups (boo#1204391 CVE-2022-3534) + libbpf-Fix-use-after-free-in-btf_dump_name_dups.patch - Fix memory leak in parse_usdt_arg() (boo#1204393 CVE-2022-3533) + libbpf-Fix-memory-leak-in-parse_usdt_arg.patch - Fix null pointer dereference in find_prog_by_sec_insn() (boo#1204502 CVE-2022-3606) + libbpf-Fix-null-pointer-dereference-in-find_prog_by_.patch ++++ gpgme: - Add gpgme-suse-nobetasuffix.patch * remove "-unknown" suffix from version string * boo#1205197 ++++ lcms2: - Update to 2.14: * lcms2 now implements ICC specification 4.4 * New multi-threaded plug-in * Several fixes to keep fuzzers happy * Removed check on DLL when CMS_NO_REGISTER_KEYWORD is used * Added more validation against broken profiles * Added more help to several tools * Revised documentation ++++ shadow: - Update to 4.13: * useradd.8: fix default group ID * Revert drop of subid_init() * Georgian translation * useradd: Avoid taking unneeded space: do not reset non-existent data in lastlog * relax username restrictions * selinux: check MLS enabled before setting serange * copy_tree: use fchmodat instead of chmod * copy_tree: don't block on FIFOs * add shell linter * copy_tree: carefully treat permissions * lib/commonio: make lock failures more detailed * lib: use strzero and memzero where applicable * Update Dutch translation * Don't test for NULL before calling free * Use libc MAX() and MIN() * chage: Fix regression in print_date * usermod: report error if homedir does not exist * libmisc: minimum id check for system accounts * fix usermod -rG x y wrongly adding a group * man: add missing space in useradd.8.xml * lastlog: check for localtime() return value * Raise limit for passwd and shadow entry length * Remove adduser-old.c * useradd: Fix buffer overflow when using a prefix * Don't warn when failed to open /etc/nsswitch.conf - Remove patches we took from upstream pre-release: * shadow-copytree-usermod-fifo.patch * shadow-chage-format.patch * shadow-prefix-overflow.patch - Remove chkname-regex.patch: Upstream now also relaxed the usernames requirements. They don't use regex for this but the result is similar. Plus they also check that the name is less than 32 characters long. - Rebase useradd-userkeleton.patch ++++ systemd: - Import commit 9cdd78585069b133bebcd479f3a204057ad25d76 (merge of v251.8) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/c212388f7de8d22a3f7c22b19553548ccc0cdd15...9cdd78585069b133bebcd479f3a204057ad25d76 ++++ pcr-oracle: - Establish pcr-oracle as standalone package, apart from fde-tools ------------------------------------------------------------------ ------------------ 2022-11-7 - Nov 7 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - Release 22.2.2 covers bugfixes for bsc#1197045,bsc#1197046,bsc#1200965,bsc#1202850 ++++ Mesa-drivers: - Release 22.2.2 covers bugfixes for bsc#1197045,bsc#1197046,bsc#1200965,bsc#1202850 ++++ NetworkManager: - Keep netconfig support. The rc-manager auto detection will select appropriate manager during runtime. ++++ elfutils: - Update to version 0.188: * readelf: Add -D, --use-dynamic option. * debuginfod-client: Add $DEBUGINFOD_HEADERS_FILE setting to supply outgoing debuginfod_find_section. * debuginfod: Add --disable-source-scan option. * libdwfl: Add new function dwfl_get_debuginfod_client. Add new function dwfl_frame_reg. Add new function dwfl_report_offline_memory. - Remove upstreamed patches: * 0001-libelf-Sync-elf.h-from-glibc.patch * 0002-backends-Handle-new-RISC-V-specific-definitions.patch * 0003-elflint-Allow-zero-p_memsz-for-PT_RISCV_ATTRIBUTES.patch * 0004-readelf-Handle-SHT_RISCV_ATTRIBUTES-like-SHT_GNU_ATT.patch * PR29474-debuginfod.patch * config-Move-the-2-dev-null-inside-the-sh-c-quotes-fo.patch * support-nullglob-in-profile.-.in-files.patch ++++ kernel-default: - Add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149) - commit 888e01e - Update to 6.1-rc4 - commit 3056fb1 ++++ libepoxy: - needed by jira#PED-1174 (Mesa needs sync with Xserver, which then needs updated libepoxy) ++++ ncurses: - Add ncurses patch 20221105 + regenerate configure scripts with autoconf 2.52.20221009 + modify "--with-manpage-format" to support bzip2 and xz compression (prompted by discussion with Sam James). + modify make-tar.sh scripts to make timestamps more predictable. ++++ shadow: - Add shadow-copytree-usermod-fifo.patch: Fix regression that prevented `usermod -m` to work when their home directory contained at least one fifo See https://github.com/shadow-maint/shadow/pull/565 ++++ libzypp: - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - properly reset range requests (bsc#1204548) - version 17.31.5 (22) ++++ python-M2Crypto: - add openssl-stop-parsing-header.patch (bsc#1205042) - add m2crypto-0.38-ossl3-tests.patch ++++ python-cssselect: - Update to 1.2.0 * Drop support for Python 2.7, 3.4-3.6, add support for Python 3.7-3.11. * Add type annotations (PEP 484 and PEP 561). * More features from the CSS Selectors Level 4: * The ``:is()`` pseudo-class. * The ``:where()`` pseudo-class. * The ``:has()`` pseudo-class, with some limitations. * Fix parsing ``:scope`` after a comma. * Add parentheses to fix condition precedence in some cases. * Private API changes related to the removal of the Python 2 support: * Remove ``_unicode`` and ``_unichr`` aliases from ``csselect.parser``. * Remove ``_basestring`` and ``_unicode`` aliases from ``csselect.xpath``. * Deprecate ``csselect.xpath._unicode_safe_getattr()`` and change it to just call ``getattr()``. * Include tests in the PyPI tarball. * Many CI additions and improvements. * Improve the test coverage. ++++ python-psutil: - update to version 5.9.4: * Enhancements - 2102: use Limited API when building wheels with CPython 3.6+ on Linux, macOS and Windows. This allows to use pre-built wheels in all future versions of cPython 3. (patch by Matthieu Darbois) * Bug fixes - 2077, [Windows]: Use system-level values for virtual_memory(). (patch by Daniel Widdis) - 2156, [Linux]: compilation may fail on very old gcc compilers due to missing SPEED_UNKNOWN definition. (patch by Amir Rossert) - 2010, [macOS]: on MacOS, arm64 IFM_1000_TX and IFM_1000_T are the same value, causing a build failure. (patch by Lawrence D'Anna) ++++ sed: - GNU sed 4.9: * 'sed --follow-symlinks -i' no longer loops forever when its operand is a symbolic link cycle. * a program with an execution line longer than 2GB can no longer trigger an out-of-bounds memory write. * using the R command to read an input line of length longer than 2GB can no longer trigger an out-of-bounds memory read. * In locales using UTF-8 encoding, the regular expression '.' no longer sometimes fails to match Unicode characters U+D400 through U+D7FF (some Hangul Syllables, and Hangul Jamo Extended-B) and Unicode characters U+108000 through U+10FFFF (half of Supplemental Private Use Area plane B). * I/O errors involving temp files no longer confuse sed into using a FILE * pointer after fclosing it, which has undefined behavior in C. * New: The 'r' command now accepts address 0, allowing inserting a file before the first line. * Sed now prints the less-surprising variant in a corner case of POSIX-unspecified behavior. Before, this would print "n". Now, it prints "X": printf n | sed 'sn\nnXn'; echo - drop patches now upstream: * gnulib-test-avoid-FP-perror-strerror.patch * sed-dont_close_twice.patch - disable profile guided optimization in build due to what seems to be a bug in gnulib ++++ virt-manager: - Refresh test skips - Drop the very old "Obsoletes: python-virtinst <= 0.600.4" virt-manager.spec ++++ zypper: - Update man page and explain '.no_auto_prune' (bsc#1204956) - Allow to (re)add a service with the same URL (bsc#1203715) - Explain outdatedness of repos (fixes #463) - BuildRequires: libzypp-devel >= 17.31.5 - version 1.14.58 ------------------------------------------------------------------ ------------------ 2022-11-6 - Nov 6 2022 ------------------- ------------------------------------------------------------------ ++++ llvm15: - Update to version 15.0.4. * This release contains bug-fixes for the LLVM 15.0.0 release. This release is API and ABI compatible with 15.0.0. - Rebase llvm-do-not-install-static-libraries.patch. ------------------------------------------------------------------ ------------------ 2022-11-4 - Nov 4 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - build against llvm15/clang15 on sle15-sp5/Leap 15.5 ++++ Mesa-drivers: - build against llvm15/clang15 on sle15-sp5/Leap 15.5 ++++ conmon: - Add patch to fix build with make >= 4.4: * 0001-Fix-tools-Makefile-with-GNU-make-4.4.patch ++++ kernel-default: - Update config files. - commit bd8c959 - Linux 6.0.7 (bsc#1012628). - platform/x86/amd: pmc: remove CONFIG_DEBUG_FS checks (bsc#1012628). - can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (bsc#1012628). - can: kvaser_usb: Fix possible completions during init_completion (bsc#1012628). - can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive (bsc#1012628). - can: rcar_canfd: fix channel specific IRQ handling for RZ/G2L (bsc#1012628). - ALSA: Use del_timer_sync() before freeing timer (bsc#1012628). - ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600 (bsc#1012628). - ALSA: control: add snd_ctl_rename() (bsc#1012628). - ALSA: hda/realtek: Use snd_ctl_rename() to rename a control (bsc#1012628). - ALSA: emu10k1: Use snd_ctl_rename() to rename a control (bsc#1012628). - ALSA: ac97: Use snd_ctl_rename() to rename a control (bsc#1012628). - ALSA: usb-audio: Use snd_ctl_rename() to rename a control (bsc#1012628). - ALSA: ca0106: Use snd_ctl_rename() to rename a control (bsc#1012628). - ALSA: au88x0: use explicitly signed char (bsc#1012628). - ALSA: rme9652: use explicitly signed char (bsc#1012628). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (bsc#1012628). - usb: gadget: uvc: limit isoc_sg to super speed gadgets (bsc#1012628). - Revert "usb: gadget: uvc: limit isoc_sg to super speed gadgets" (bsc#1012628). - usb: gadget: uvc: fix dropped frame after missed isoc (bsc#1012628). - usb: gadget: uvc: fix sg handling in error case (bsc#1012628). - usb: gadget: uvc: fix sg handling during video encode (bsc#1012628). - usb: gadget: aspeed: Fix probe regression (bsc#1012628). - usb: dwc3: gadget: Stop processing more requests on IMI (bsc#1012628). - usb: dwc3: gadget: Don't set IMI for no_interrupt (bsc#1012628). - usb: dwc3: gadget: Force sending delayed status during soft disconnect (bsc#1012628). - usb: dwc3: gadget: Don't delay End Transfer on delayed_status (bsc#1012628). - usb: typec: ucsi: Check the connection on resume (bsc#1012628). - usb: typec: ucsi: acpi: Implement resume callback (bsc#1012628). - usb: dwc3: st: Rely on child's compatible instead of name (bsc#1012628). - usb: dwc3: Don't switch OTG -> peripheral if extcon is present (bsc#1012628). - usb: bdc: change state when port disconnected (bsc#1012628). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (bsc#1012628). - mtd: rawnand: tegra: Fix PM disable depth imbalance in probe (bsc#1012628). - mtd: spi-nor: core: Ignore -ENOTSUPP in spi_nor_init() (bsc#1012628). - mtd: parsers: bcm47xxpart: Fix halfblock reads (bsc#1012628). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (bsc#1012628). - squashfs: fix read regression introduced in readahead code (bsc#1012628). - squashfs: fix extending readahead beyond end of file (bsc#1012628). - squashfs: fix buffer release race condition in readahead code (bsc#1012628). - xhci: Add quirk to reset host back to default state at shutdown (bsc#1012628). - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (bsc#1012628). - xhci: Remove device endpoints from bandwidth list when freeing the device (bsc#1012628). - tools: iio: iio_utils: fix digit calculation (bsc#1012628). - iio: light: tsl2583: Fix module unloading (bsc#1012628). - iio: temperature: ltc2983: allocate iio channels once (bsc#1012628). - iio: adxl372: Fix unsafe buffer attributes (bsc#1012628). - iio: adxl367: Fix unsafe buffer attributes (bsc#1012628). - fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (bsc#1012628). - fbdev: smscufx: Fix several use-after-free bugs (bsc#1012628). - cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1012628). - cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1012628). - fs/binfmt_elf: Fix memory leak in load_elf_binary() (bsc#1012628). - exec: Copy oldsighand->action under spin-lock (bsc#1012628). - mac802154: Fix LQI recording (bsc#1012628). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1012628). - drm/i915: Extend Wa_1607297627 to Alderlake-P (bsc#1012628). - drm/amdgpu: Remove ATC L2 access for MMHUB 2.1.x (bsc#1012628). - drm/amdgpu: disallow gfxoff until GC IP blocks complete s2idle resume (bsc#1012628). - drm/amdgpu: fix pstate setting issue (bsc#1012628). - drm/amd/display: Revert logic for plane modifiers (bsc#1012628). - drm/amdkfd: update gfx1037 Lx cache setting (bsc#1012628). - drm/amdkfd: correct the cache info for gfx1036 (bsc#1012628). - drm/msm: fix use-after-free on probe deferral (bsc#1012628). - drm/msm/dsi: fix memory corruption with too many bridges (bsc#1012628). - drm/msm/hdmi: fix memory corruption with too many bridges (bsc#1012628). - drm/msm/hdmi: fix IRQ lifetime (bsc#1012628). - drm/msm/dp: fix memory corruption with too many bridges (bsc#1012628). - drm/msm/dp: fix aux-bus EP lifetime (bsc#1012628). - drm/msm/dp: fix IRQ lifetime (bsc#1012628). - drm/msm/dp: fix bridge lifetime (bsc#1012628). - crypto: x86/polyval - Fix crashes when keys are not 16-byte aligned (bsc#1012628). - random: use arch_get_random*_early() in random_init() (bsc#1012628). - coresight: cti: Fix hang in cti_disable_hw() (bsc#1012628). - mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (bsc#1012628). - mmc: block: Remove error check of hw_reset on reset (bsc#1012628). - mmc: queue: Cancel recovery work on cleanup (bsc#1012628). - mmc: core: Fix kernel panic when remove non-standard SDIO card (bsc#1012628). - mmc: core: Fix WRITE_ZEROES CQE handling (bsc#1012628). - mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (bsc#1012628). - mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (bsc#1012628). - counter: microchip-tcb-capture: Handle Signal1 read and Synapse (bsc#1012628). - counter: 104-quad-8: Fix race getting function mode and direction (bsc#1012628). - mm/uffd: fix vma check on userfault for wp (bsc#1012628). - mm: migrate: fix return value if all subpages of THPs are migrated successfully (bsc#1012628). - mm,madvise,hugetlb: fix unexpected data loss with MADV_DONTNEED on hugetlbfs (bsc#1012628). - mm/kmemleak: prevent soft lockup in kmemleak_scan()'s object iteration loops (bsc#1012628). - mm/huge_memory: do not clobber swp_entry_t during THP split (bsc#1012628). - mm: prep_compound_tail() clear page->private (bsc#1012628). - kernfs: fix use-after-free in __kernfs_remove (bsc#1012628). - Revert "dt-bindings: pinctrl-zynqmp: Add output-enable configuration" (bsc#1012628). - pinctrl: Ingenic: JZ4755 bug fixes (bsc#1012628). - Revert "pinctrl: pinctrl-zynqmp: Add support for output-enable and bias-high-impedance" (bsc#1012628). - ARC: mm: fix leakage of memory allocated for PTE (bsc#1012628). - perf auxtrace: Fix address filter symbol name match for modules (bsc#1012628). - s390/boot: add secure boot trailer (bsc#1012628). - s390/cio: fix out-of-bounds access on cio_ignore free (bsc#1012628). - s390/uaccess: add missing EX_TABLE entries to __clear_user() (bsc#1012628). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1012628). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1012628). - ethtool: eeprom: fix null-deref on genl_info in dump (bsc#1012628). - fbdev/core: Avoid uninitialized read in aperture_remove_conflicting_pci_device() (bsc#1012628). - ACPI: PCC: Fix unintentional integer overflow (bsc#1012628). - powerpc/64s/interrupt: Fix clear of PACA_IRQS_HARD_DIS when returning to soft-masked context (bsc#1012628). - net: ieee802154: fix error return code in dgram_bind() (bsc#1012628). - media: amphion: release m2m ctx when releasing vpu instance (bsc#1012628). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (bsc#1012628). - media: ar0521: fix error return code in ar0521_power_on() (bsc#1012628). - media: ar0521: Fix return value check in writing initial registers (bsc#1012628). - media: ov8865: Fix an error handling path in ov8865_probe() (bsc#1012628). - media: sun6i-mipi-csi2: Depend on PHY_SUN6I_MIPI_DPHY (bsc#1012628). - media: atomisp: prevent integer overflow in sh_css_set_black_frame() (bsc#1012628). - media: sunxi: Fix some error handling path of sun8i_a83t_mipi_csi2_probe() (bsc#1012628). - media: sunxi: Fix some error handling path of sun6i_mipi_csi2_probe() (bsc#1012628). - media: sun6i-mipi-csi2: Add a Kconfig dependency on RESET_CONTROLLER (bsc#1012628). - media: sun8i-a83t-mipi-csi2: Add a Kconfig dependency on RESET_CONTROLLER (bsc#1012628). - media: sun6i-csi: Add a Kconfig dependency on RESET_CONTROLLER (bsc#1012628). - media: sun4i-csi: Add a Kconfig dependency on RESET_CONTROLLER (bsc#1012628). - media: sun8i-di: Add a Kconfig dependency on RESET_CONTROLLER (bsc#1012628). - media: sun8i-rotate: Add a Kconfig dependency on RESET_CONTROLLER (bsc#1012628). - media: cedrus: Add a Kconfig dependency on RESET_CONTROLLER (bsc#1012628). - drm/msm/a6xx: Replace kcalloc() with kvzalloc() (bsc#1012628). - drm/msm/dp: add atomic_check to bridge ops (bsc#1012628). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (bsc#1012628). - drm/msm/dp: cleared DP_DOWNSPREAD_CTRL register before start link training (bsc#1012628). - ASoC: codec: tlv320adc3xxx: add GPIOLIB dependency (bsc#1012628). - KVM: selftests: Fix number of pages for memory slot in memslot_modification_stress_test (bsc#1012628). - ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile (bsc#1012628). - drm/msm/a6xx: Fix kvzalloc vs state_kcalloc usage (bsc#1012628). - erofs: fix illegal unmapped accesses in z_erofs_fill_inode_lazy() (bsc#1012628). - erofs: fix up inplace decompression success rate (bsc#1012628). - pinctrl: qcom: Avoid glitching lines when we first mux to output (bsc#1012628). - spi: qup: support using GPIO as chip select line (bsc#1012628). - x86/fpu: Configure init_fpstate attributes orderly (bsc#1012628). - x86/fpu: Fix the init_fpstate size check with the actual size (bsc#1012628). - x86/fpu: Exclude dynamic states from init_fpstate (bsc#1012628). - perf: Fix missing SIGTRAPs (bsc#1012628). - sched/core: Fix comparison in sched_group_cookie_match() (bsc#1012628). - bpf: prevent decl_tag from being referenced in func_proto (bsc#1012628). - arc: iounmap() arg is volatile (bsc#1012628). - mtd: core: add missing of_node_get() in dynamic partitions code (bsc#1012628). - mtd: rawnand: intel: Remove unused nand_pa member from ebu_nand_cs (bsc#1012628). - mtd: rawnand: intel: Use devm_platform_ioremap_resource_byname() (bsc#1012628). - mtd: rawnand: intel: Add missing of_node_put() in ebu_nand_probe() (bsc#1012628). - pinctrl: ocelot: Fix incorrect trigger of the interrupt (bsc#1012628). - ASoC: codecs: tlv320adc3xxx: Wrap adc3xxx_i2c_remove() in __exit_p() (bsc#1012628). - ASoC: SOF: Intel: pci-mtl: fix firmware name (bsc#1012628). - selftests/ftrace: fix dynamic_events dependency check (bsc#1012628). - spi: aspeed: Fix window offset of CE1 (bsc#1012628). - ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (bsc#1012628). - ASoC: Intel: common: add ACPI matching tables for Raptor Lake (bsc#1012628). - ASoC: SOF: Intel: pci-tgl: use RPL specific firmware definitions (bsc#1012628). - ASoC: SOF: Intel: pci-tgl: fix ADL-N descriptor (bsc#1012628). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (bsc#1012628). - perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (bsc#1012628). - rcu: Keep synchronize_rcu() from enabling irqs in early boot (bsc#1012628). - tipc: fix a null-ptr-deref in tipc_topsrv_accept (bsc#1012628). - net: netsec: fix error handling in netsec_register_mdio() (bsc#1012628). - net: lan966x: Fix the rx drop counter (bsc#1012628). - selftests: net: Fix cross-tree inclusion of scripts (bsc#1012628). - selftests: net: Fix netdev name mismatch in cleanup (bsc#1012628). - net: hinic: fix incorrect assignment issue in hinic_set_interrupt_cfg() (bsc#1012628). - net: hinic: fix memory leak when reading function table (bsc#1012628). - net: hinic: fix the issue of CMDQ memory leaks (bsc#1012628). - net: hinic: fix the issue of double release MBOX callback of VF (bsc#1012628). - net: macb: Specify PHY PM management done by MAC (bsc#1012628). - nfc: virtual_ncidev: Fix memory leak in virtual_nci_send() (bsc#1012628). - RISC-V: KVM: Provide UAPI for Zicbom block size (bsc#1012628). - RISC-V: Fix compilation without RISCV_ISA_ZICBOM (bsc#1012628). - RISC-V: KVM: Fix kvm_riscv_vcpu_timer_pending() for Sstc (bsc#1012628). - x86/unwind/orc: Fix unreliable stack dump with gcov (bsc#1012628). - drm/bridge: ps8640: Add back the 50 ms mystery delay after HPD (bsc#1012628). - x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (bsc#1012628). - amd-xgbe: Yellow carp devices do not need rrc (bsc#1012628). - amd-xgbe: fix the SFP compliance codes check for DAC cables (bsc#1012628). - amd-xgbe: add the bit rate quirk for Molex cables (bsc#1012628). - drm/i915/dgfx: Keep PCI autosuspend control 'on' by default on all dGPU (bsc#1012628). - drm/i915/dp: Reset frl trained flag before restarting FRL training (bsc#1012628). - atlantic: fix deadlock at aq_nic_stop (bsc#1012628). - kcm: annotate data-races around kcm->rx_psock (bsc#1012628). - kcm: annotate data-races around kcm->rx_wait (bsc#1012628). - net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed (bsc#1012628). - net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY (bsc#1012628). - tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (bsc#1012628). - tcp: fix indefinite deferral of RTO with SACK reneging (bsc#1012628). - net-memcg: avoid stalls when under memory pressure (bsc#1012628). - drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (bsc#1012628). - net: lan966x: Stop replacing tx dcbs and dcbs_buf when changing MTU (bsc#1012628). - mptcp: set msk local address earlier (bsc#1012628). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (bsc#1012628). - can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (bsc#1012628). - PM: hibernate: Allow hybrid sleep to work with s2idle (bsc#1012628). - media: vivid: s_fbuf: add more sanity checks (bsc#1012628). - media: vivid: dev->bitmap_cap wasn't freed in all cases (bsc#1012628). - media: v4l2-dv-timings: add sanity checks for blanking values (bsc#1012628). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (bsc#1012628). - media: vivid: set num_in/outputs to 0 if not supported (bsc#1012628). - perf vendor events power10: Fix hv-24x7 metric events (bsc#1012628). - perf list: Fix PMU name pai_crypto in perf list on s390 (bsc#1012628). - ipv6: ensure sane device mtu in tunnels (bsc#1012628). - i40e: Fix ethtool rx-flow-hash setting for X722 (bsc#1012628). - i40e: Fix VF hang when reset is triggered on another VF (bsc#1012628). - i40e: Fix flow-type by setting GL_HASH_INSET registers (bsc#1012628). - net: ksz884x: fix missing pci_disable_device() on error in pcidev_init() (bsc#1012628). - riscv: jump_label: mark arguments as const to satisfy asm constraints (bsc#1012628). - PM: domains: Fix handling of unavailable/disabled idle states (bsc#1012628). - perf vendor events arm64: Fix incorrect Hisi hip08 L3 metrics (bsc#1012628). - net: fec: limit register access on i.MX6UL (bsc#1012628). - net: ethernet: ave: Fix MAC to be in charge of PHY PM (bsc#1012628). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (bsc#1012628). - ALSA: aoa: Fix I2S device accounting (bsc#1012628). - openvswitch: switch from WARN to pr_warn (bsc#1012628). - net: ehea: fix possible memory leak in ehea_register_port() (bsc#1012628). - net: bcmsysport: Indicate MAC is in charge of PHY PM (bsc#1012628). - nh: fix scope used to find saddr when adding non gw nh (bsc#1012628). - net: broadcom: bcm4908_enet: update TX stats after actual transmission (bsc#1012628). - netdevsim: fix memory leak in nsim_bus_dev_new() (bsc#1012628). - netdevsim: fix memory leak in nsim_drv_probe() when nsim_dev_resources_register() failed (bsc#1012628). - netdevsim: remove dir in nsim_dev_debugfs_init() when creating ports dir failed (bsc#1012628). - net/mlx5e: Do not increment ESN when updating IPsec ESN state (bsc#1012628). - net/mlx5: Wait for firmware to enable CRS before pci_restore_state (bsc#1012628). - net/mlx5: DR, Fix matcher disconnect error flow (bsc#1012628). - net/mlx5e: Extend SKB room check to include PTP-SQ (bsc#1012628). - net/mlx5e: Update restore chain id for slow path packets (bsc#1012628). - net/mlx5: ASO, Create the ASO SQ with the correct timestamp format (bsc#1012628). - net/mlx5: Fix possible use-after-free in async command interface (bsc#1012628). - net/mlx5e: TC, Reject forwarding from internal port to internal port (bsc#1012628). - net/mlx5: Update fw fatal reporter state on PCI handlers successful recover (bsc#1012628). - net/mlx5: Fix crash during sync firmware reset (bsc#1012628). - net: do not sense pfmemalloc status in skb_append_pagefrags() (bsc#1012628). - kcm: do not sense pfmemalloc status in kcm_sendpage() (bsc#1012628). - net: enetc: survive memory pressure without crashing (bsc#1012628). - riscv: mm: add missing memcpy in kasan_init (bsc#1012628). - riscv: fix detection of toolchain Zicbom support (bsc#1012628). - riscv: fix detection of toolchain Zihintpause support (bsc#1012628). - arm64: Add AMPERE1 to the Spectre-BHB affected list (bsc#1012628). - tcp/udp: Fix memory leak in ipv6_renew_options() (bsc#1012628). - commit 94ab6c8 ++++ kernel-firmware: - Update to version 20221031 (git commit 8bb75626e9dd): * linux-firmware: Add firmware for Cirrus CS35L41 on new ASUS Laptop * iwlwifi: add new PNVM binaries from core74-44 release * iwlwifi: add new FWs from core69-81 release * qcom: update venus firmware files for VPU-2.0 * qcom: remove split SC7280 venus firmware images * qcom: update venus firmware file for v5.4 * qcom: replace split SC7180 venus firmware images with symlink * rtw89: 8852b: update fw to v0.27.32.1 * rtlwifi: update firmware for rtl8192eu to v35.7 * rtlwifi: Add firmware v4.0 for RTL8188FU * i915: Add HuC 7.10.3 for DG2 * linux-firmware: Add firmware for Cirrus CS35L41 on ASUS Laptops * linux-firmware: Add firmware for Cirrus CS35L41 on Lenovo Laptops * linux-firmware: Add firmware for Cirrus CS35L41 on HP Laptops - Drop the CS35L41 firmware tarball that has been merged - Drop obsoleted cirrus-WHENCE-update.patch ++++ augeas: - Update to 1.13.0 * Fixes bsc#1204554 * Added augeas-1.13.0-replace_security_context_t-patch to fix a syntax error. * Rebased gcc9-disable-broken-test.patch * Dropped the following patches since they are now upstreamed: - augeas-new_options_for_chrony.patch - augeas-allow_printable_ASCII.patch - remove-unportable-tests.patch * General changes/additions - Add Dockerfile (Nicolas Gif) (Issue #650) - augtool: Improved readline integration to handle quoting issues (Pino Toscano) - typechecker: Allow including '/' in keys and labels. Thanks to felixdoerre for pointing out that this restriction was unnecessary. See issue #668 for the discussion. - Add function modified() to select nodes which are marked as dirty (George Hansper) (Issue #691) - Add CLI command 'preview' and API 'aug_preview' to preview file contents (George Hansper) (#690) - Add "else" operator to augeas path-filter expressions (priority selector) (George Hansper) (#692) - Add new axis 'seq' to allow /path/seq::*[expr] to match and create numeric nodes, as idempotent alternative to /path/*[expr] (George Hansper) (#706) * Lens changes/additions - Authinfo2: new lens to parse Authinfo2 format (Nicolas Gif) (Issue #649) - Chrony: add new options (Miroslav Lichvar) (Issue #698) - Cmdline: New lens to parse /proc/cmdline (Thomas Weißschuh) - Crypttab: support UUID in device and / in opt (Raphaël Pinson) (#713) - Fail2ban: new lens to parse Fail2ban format (Nicolas Gif) (Issue #651) - Grub: support '+' in kernel command line option names (Pino Toscano) (Issue #647) - Krb5: handle [plugins] subsection (Pino Toscano) (Issue #663) - Limits: support colons in the domain pattern of the limits lens (Xavier Mol) (Issue #645) - Logrotate: add hourly schedule (Jason A. Smith) (Issue #655) - Mke2fs: parse more common entries between [defaults] and the tags in [fs_types], fix the type of few entries, handle the [options] stanza (Pino Toscano) (Issue #642) - support quoted values (Pino Toscano) (Issue #661) - NetworkManager: allow # in values (mfilka) (#723) - Opendkim: update to match current conffile format (Issue #644) - Postfix_Master: Allow unix-dgram as type (Issue #635) - Postfix_transport: Allow underscore (Anton Baranov) (Issue #678) - Postgresql: Allow hyphen '-' in values that don't require quotes (Marcin Barczyński) (Issues #700 #701) - Properties: Allow "/" in property names (felixdoerre) (Issue #680) - Redis: add incl path /etc/redis.conf (Raphaël Pinson) (#726) - support "replicaof" (Raphaël Pinson) (#727) - fix support for "sentinel" (Raphaël Pinson) (#728) - Resolv: Support new options (Trevor Vaughan) (Issues #707 #708) - Rsyslog: support multiple actions in filters and selectors (Issue [#653]) - Shellvars: exclude more tcsh profile scripts (Pino Toscano) (Issue [#627]) - Simplevars: add ocsinventory-agent.cfg (Pat Riehecky) (Issue #637) - Sudoers: support new @include/@includedir directives (Pino Toscano) (Issue #693) - Sudoers: Allow AD groups (luchihoratiu) (Issue #696) - Support negative integers (Ando David Roots) (#724) - Ssh: add Match keyword support (granquet) (Issue #695) - Sshd: support quotes in Match conditions (Issue #739) - Systemd: fix parsing of envvars with spaces (Pino Toscano) (#659) - Add incl paths according to 'systemd.network(5)' (chruetli) (#683) - Tinc: new lens for Tinc VPN configuration files (Thomas Weißschuh) (#718) - Toml: support arrays (norec) in inline tables (Raphaël Pinson) (#703) - Tmpfiles: improvements to the types specification (Pino Toscano) (Issue #694) ++++ pixman: - Update to version 0.42.2 (boo#1205033 CVE-2022-44638): + This version contains a fix for a heap overflow. - Update URL, and tweak source URI. ++++ suse-module-tools: * Revert "Split kernel scriptlets into separate sub-package" (that change broke some package builds on OBS) - Update to version 16.0.25: * 80-hotplug-cpu-mem.rules: restrict cpu rule to x86_64 (bsc#1204423) ++++ virt-manager: - Upstream bug fixes (bsc#1027942) 11a887ec-cli-disk-Add-driver.metadata_cache-options.patch 7295ebfb-tests-cli-Fix-test-output-after-previous-commit.patch 58f5e36d-fsdetails-Fix-an-error-with-source.socket-of-virtiofs.patch c22a876e-tests-Add-a-compat-check-for-linux2020-in-amd-sev-test-case.patch fbdf0516-cli-cpu-Add-maxphysaddr.mode-bits-options.patch b0d05167-cloner-Sync-uuid-and-sysinfo-system-uuid.patch 999ccb85-virt-install-unattended-and-cloud-init-conflict.patch ------------------------------------------------------------------ ------------------ 2022-11-3 - Nov 3 2022 ------------------- ------------------------------------------------------------------ ++++ lvm2-device-mapper: - killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216) - bug-1203216_lvmlockd-purge-the-lock-resources-left-in-previous-l.patch ++++ libdrm: - Update to 2.4.114 * amdgpu.ids: use consistent formatting for RID * amdgpu.ids: sort the file * amdgpu.ids: update to the latest marketing name * amdgpu_ids: add MI marketing names * amdgpu: Add a default marketing name if none is found * meson: fast-fail on unsupported OSes * include/drm/drm_fourcc.h: Update from Linux v6.0-rc7 * include/drm/i915_drm.h: Update from Linux v6.0-rc7 * tests/util: add imx-lcdif driver * intel: move declarations to top in drm_intel_gem_bo_unreference() * build: automatically disable Intel if pciaccess is not found * xf86drm: handle DRM_FORMAT_BIG_ENDIAN in drmGetFormatName() * amdgpu: silence uninitialized variable warning * xf86drmMode: add helpers for dumb buffers * modetest: drop unused offset field in struct bo * modetest: use sized integers in struct bo * modetest: use dumb buffer helpers ++++ lvm2: - killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216) - bug-1203216_lvmlockd-purge-the-lock-resources-left-in-previous-l.patch ++++ python310-core: - Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid CVE-2022-42919 (bsc#1204886) avoiding Linux specific local privilege escalation via the multiprocessing forkserver start method. ++++ libsoup: - Update to version 3.2.2: + Various HTTP/2 Fixes: - Fix `content-sniffed` not being emitted for resources without content. - Fix leak of SoupServerConnection when stolen. - Enable tests on 32-bit again, fixed upstream. ++++ pvirsh: - version 2.1: * various lint fixes * improve help usage * add select_vm to choose VM on connected hypervisor * improve prompt * add some more xml files * remove unwanted import sys ++++ python310: - Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid CVE-2022-42919 (bsc#1204886) avoiding Linux specific local privilege escalation via the multiprocessing forkserver start method. ++++ python-cryptography: - update to 38.0.3: - Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.7, which resolves CVE-2022-3602 and CVE-2022-3786. ++++ qemu: - Enable KVM support on riscv64 ++++ sudo: - Added sudo-CVE-2022-43995.patch * CVE-2022-43995 * bsc#1204986 * Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend. ------------------------------------------------------------------ ------------------ 2022-11-2 - Nov 2 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - u_nouveau-corrupted-colors-boo1203949.patch * fixes corrupted colors in videos on nouveau with Kepler in Firefox (boo#1203949, issue#7416) - moved drirc.d config snippets from Mesa to Mea-dri package; radv driver specific conf was missing completely (boo#1204866) ++++ Mesa-drivers: - u_nouveau-corrupted-colors-boo1203949.patch * fixes corrupted colors in videos on nouveau with Kepler in Firefox (boo#1203949, issue#7416) - moved drirc.d config snippets from Mesa to Mea-dri package; radv driver specific conf was missing completely (boo#1204866) ++++ NetworkManager: - Use a with_netconfig define instead of relying on bcond: bcond is meant to have extrenally controllable build conditions (build -D, or OBS prjconf). ++++ bash: - Set DEFAULT_LOADABLE_BUILTINS_PATH to get BASH_LOADABLES_PATH correct (boo#1204567) ++++ gnutls: - Temporarily revert the jitterentropy patches in s390 and s390x architectures until a fix is provided [bsc#1204937] - Disable flaky test that fails in s390x architecture: * Add gnutls-disable-flaky-test-dtls-resume.patch ++++ kernel-default: - wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() (CVE-2022-3628 bsc#1204868). - commit a020866 - Drop the previous sound fix for Dell Dock (bsc#1204719) The patch turned out to be superfluous, the fix should be on pipewire instead. - commit a7f641a - ALSA: usb-audio: Fix regression with Dell Dock jack detection (bsc#1204719). - commit 286383c - KVM: x86: emulator: update the emulation mode after rsm (bsc#1200616). - KVM: x86: emulator: introduce emulator_recalc_and_set_mode (bsc#1200616). - commit 28a19ee - char: pcmcia: cm4040_cs: Fix use-after-free in reader_fops (bsc#1204922 CVE-2022-44033). - commit d6c5191 - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (bsc#1204705). - commit 57f1f7d ++++ ncurses: - Add ncurses patch 20221029 + improve curs_slk.3x discussion of extensions and portability (report by Bill Gray). ++++ openssl-1_1: - Updated openssl.keyring with key A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C - Update to 1.1.1s: * Fixed a regression introduced in 1.1.1r version not refreshing the certificate data to be signed before signing the certificate. - Update to 1.1.1r: * Fixed the linux-mips64 Configure target which was missing the SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that platform. * Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was causing incorrect results in some cases as a result. * Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to report correct results in some cases * Fixed a regression introduced in 1.1.1o for re-signing certificates with different key sizes * Added the loongarch64 target * Fixed a DRBG seed propagation thread safety issue * Fixed a memory leak in tls13_generate_secret * Fixed reported performance degradation on aarch64. Restored the implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode") for 64bit targets only, since it is reportedly 2-17% slower and the silicon errata only affects 32bit targets. The new algorithm is still used for 32 bit targets. * Added a missing header for memcmp that caused compilation failure on some platforms ++++ sqlite3: - update to 3.39.4: * Fix a long-standing problem in the btree balancer that might, in rare cases, cause database corruption if the application uses an application-defined page cache * Enhance SQLITE_DBCONFIG_DEFENSIVE so that it disallows CREATE TRIGGER statements if one or more of the statements in the body of the trigger write into shadow tables * Fix a possible integer overflow in the size computation for a memory allocation in FTS3. * Fix a misuse of the sqlite3_set_auxdata() interface in the ICU Extension ++++ shadow: - bsc#1204811: Fix chage date format string regression * Add shadow-chage-format.patch ++++ openssl: - updated to 1.1.s release ++++ python-libvirt-python: - Update to 8.9.0 - Add all new APIs and constants in libvirt 8.9.0 - jsc#PED-620, jsc#PED-1540 ------------------------------------------------------------------ ------------------ 2022-11-1 - Nov 1 2022 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - update to 6.0 * fi usage: in tabular output, print total size and slack size * mkfs: * option -O now accepts values from -R to unify the interface (-R will continue to work) * zone reset and discard is done in parallel on all devices * removed option --leafsize, deprecated long time ago * corrupt-block: recalculate checksum when changing generation * fixes: * convert: fix reserved range detection and overlaps * mkfs: fix creating files with reserved inode numbers with --rootdir * receive: escape filenames in command attributes * fix extent buffer leaks after transaction abort * experimental: * mkfs: support for block-group-tree (kernel 6.1) * fsverity in send (protocol v3, WIP) * btrfstune -b converts to block-group-tree * other: * cleanups, refactoring * new and updated tests * update documentation ++++ kernel-default: - Refresh patches.suse/drm-amdgpu-Fix-for-BO-move-issue.patch. Update upstream status. - commit 30b9c27 - char: pcmcia: scr24x_cs: Fix use-after-free in scr24x_fops (bsc#1204901 CVE-2022-44034). - char: pcmcia: cm4000_cs: Fix use-after-free in cm4000_fops (bsc#1204894 CVE-2022-44032). - char: pcmcia: scr24x_cs: Fix use-after-free in scr24x_fops (bsc#1204901 CVE-2022-44034). - char: pcmcia: cm4000_cs: Fix use-after-free in cm4000_fops (bsc#1204894 CVE-2022-44032). - commit 1e6f02d - Refresh patches.suse/ACPI-resource-do-IRQ-override-on-LENOVO-IdeaPad.patch. - Refresh patches.suse/ALSA-hda-realtek-Add-another-HP-ZBook-G9-model-quirk.patch. - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-ASUS-Zenbook-using-CS.patch. Update upstream status. - commit eaa1897 ++++ openssl-3: - Temporary disable tests test_ssl_new and test_sslapi because they are failing in openSUSE_Tumbleweed - Update to 3.0.7: [bsc#1204714, CVE-2022-3602,CVE-2022-3786] * Fixed two buffer overflows in punycode decoding functions. A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. An attacker can craft a malicious email address to overflow an arbitrary number of bytes containing the `.` character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). ([CVE-2022-3786]) An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution depending on stack layout for any given platform/compiler. ([CVE-2022-3602]) * Removed all references to invalid OSSL_PKEY_PARAM_RSA names for CRT parameters in OpenSSL code. Applications should not use the names OSSL_PKEY_PARAM_RSA_FACTOR, OSSL_PKEY_PARAM_RSA_EXPONENT and OSSL_PKEY_PARAM_RSA_COEFFICIENT. Use the numbered names such as OSSL_PKEY_PARAM_RSA_FACTOR1 instead. Using these invalid names may cause algorithms to use slower methods that ignore the CRT parameters. * Fixed a regression introduced in 3.0.6 version raising errors on some stack operations. * Fixed a regression introduced in 3.0.6 version not refreshing the certificate data to be signed before signing the certificate. * Added RIPEMD160 to the default provider. * Ensured that the key share group sent or accepted for the key exchange is allowed for the protocol version. - Update to 3.0.6: [bsc#1204226, CVE-2022-3358] * OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. * OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. * Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. ([CVE-2022-3358]) * Fix LLVM vs Apple LLVM version numbering confusion that caused build failures on MacOS 10.11 * Fixed the linux-mips64 Configure target which was missing the SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that platform. * Fix handling of a ticket key callback that returns 0 in TLSv1.3 to not send a ticket * Correctly handle a retransmitted ClientHello in DTLS * Fixed detection of ktls support in cross-compile environment on Linux * Fixed some regressions and test failures when running the 3.0.0 FIPS provider against 3.0.x * Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to report correct results in some cases * Fix UWP builds by defining VirtualLock * For known safe primes use the minimum key length according to RFC 7919. Longer private key sizes unnecessarily raise the cycles needed to compute the shared secret without any increase of the real security. This fixes a regression from 1.1.1 where these shorter keys were generated for the known safe primes. * Added the loongarch64 target * Fixed EC ASM flag passing. Flags for ASM implementations of EC curves were only passed to the FIPS provider and not to the default or legacy provider. * Fixed reported performance degradation on aarch64. Restored the implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode") for 64bit targets only, since it is reportedly 2-17% slower and the silicon errata only affects 32bit targets. The new algorithm is still used for 32 bit targets. * Added a missing header for memcmp that caused compilation failure on some platforms ++++ libvirt: - Update to libvirt 8.9.0 - jsc#PED-620, jsc#PED-1540 - Add support for modular daemons to the supportconfig plugin - New subpackage libvirt-client-qemu providing client utilities to interact with QEMU-specific features of libvirt - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v8-9-0-2022-11-01 ------------------------------------------------------------------ ------------------ 2022-10-31 - Oct 31 2022 ------------------- ------------------------------------------------------------------ ++++ lvm2-device-mapper: - dracut-initqueue timeouts with 5.3.18-150300.59.63 kernel on ppc64le (bsc#1199074) - in lvm2.spec, change device_mapper_version from 1.02.185 to %{lvm2_version}_1.02.185 ++++ glib2: - Add a1151bc1.patch: gio/gdesktopappinfo: Free the wrapped argv array on launch failure. - Add ca905744.patch: Revert "Handling collision between standard i/o file descriptors and newly created ones". The user-visible problem this solves is gnome-keyring-daemon eating 100% CPU. ++++ lvm2: - dracut-initqueue timeouts with 5.3.18-150300.59.63 kernel on ppc64le (bsc#1199074) - in lvm2.spec, change device_mapper_version from 1.02.185 to %{lvm2_version}_1.02.185 ++++ libxml2: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ++++ libxml2-python: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ++++ python-requests: - allow using newest version of charset-normalizer (3.0+) * requests-allow-charset-normalizer-3.patch ------------------------------------------------------------------ ------------------ 2022-10-30 - Oct 30 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update to 6.1-rc3 - eliminate 1 patch - patches.suse/scsi-mpi3mr-select-CONFIG_SCSI_SAS_ATTRS.patch - refresh configs - commit 6cba764 - Linux 6.0.6 (bsc#1012628). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1012628). - ACPI: video: Force backlight native for more TongFang devices (bsc#1012628). - ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1012628). - ext4: factor out ext4_fc_get_tl() (bsc#1012628). - ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1012628). - io_uring: don't gate task_work run on TIF_NOTIFY_SIGNAL (bsc#1012628). - wifi: mt76: mt7921e: fix random fw download fail (bsc#1012628). - iommu/vt-d: Clean up si_domain in the init_dmars() error path (bsc#1012628). - iommu/vt-d: Allow NVS regions in arch_rmrr_sanity_check() (bsc#1012628). - rv/dot2c: Make automaton definition static (bsc#1012628). - drbd: only clone bio if we have a backing device (bsc#1012628). - net: phy: dp83822: disable MDI crossover status change interrupt (bsc#1012628). - net: sched: fix race condition in qdisc_graft() (bsc#1012628). - net: hns: fix possible memory leak in hnae_ae_register() (bsc#1012628). - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (bsc#1012628). - sfc: include vport_id in filter spec hash and equal() (bsc#1012628). - io_uring/msg_ring: Fix NULL pointer dereference in io_msg_send_fd() (bsc#1012628). - net: Fix return value of qdisc ingress handling on success (bsc#1012628). - net: sched: sfb: fix null pointer access issue when sfb_init() fails (bsc#1012628). - net: sched: delete duplicate cleanup of backlog and qlen (bsc#1012628). - net: sched: cake: fix null pointer access issue when cake_init() fails (bsc#1012628). - nvmet: fix workqueue MEM_RECLAIM flushing dependency (bsc#1012628). - nvme-hwmon: kmalloc the NVME SMART log buffer (bsc#1012628). - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (bsc#1012628). - netfilter: nf_tables: relax NFTA_SET_ELEM_KEY_END set flags requirements (bsc#1012628). - netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces (bsc#1012628). - netfilter: rpfilter/fib: Populate flowic_l3mdev field (bsc#1012628). - ionic: catch NULL pointer issue on reconfig (bsc#1012628). - net: hsr: avoid possible NULL deref in skb_clone() (bsc#1012628). - bnxt_en: fix memory leak in bnxt_nvm_test() (bsc#1012628). - drm/amd/display: Increase frame size limit for display_mode_vba_util_32.o (bsc#1012628). - dm: remove unnecessary assignment statement in alloc_dev() (bsc#1012628). - cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1012628). - cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1012628). - cifs: Fix xid leak in cifs_flock() (bsc#1012628). - cifs: Fix xid leak in cifs_copy_file_range() (bsc#1012628). - cifs: Fix xid leak in cifs_create() (bsc#1012628). - ip6mr: fix UAF issue in ip6mr_sk_done() when addrconf_init_net() failed (bsc#1012628). - udp: Update reuse->has_conns under reuseport_lock (bsc#1012628). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1012628). - net: ethernet: mtk_eth_wed: add missing of_node_put() (bsc#1012628). - net: ethernet: mtk_eth_wed: add missing put_device() in mtk_wed_add_hw() (bsc#1012628). - net: ethernet: mtk_eth_soc: fix possible memory leak in mtk_probe() (bsc#1012628). - io_uring/rw: remove leftover debug statement (bsc#1012628). - blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1012628). - erofs: shouldn't churn the mapping page for duplicated copies (bsc#1012628). - skmsg: pass gfp argument to alloc_sk_msg() (bsc#1012628). - net: stmmac: Enable mac_managed_pm phylink config (bsc#1012628). - net: phylink: add mac_managed_pm in phylink_config structure (bsc#1012628). - net/smc: Fix an error code in smc_lgr_create() (bsc#1012628). - net: phy: dp83867: Extend RX strap quirk for SGMII mode (bsc#1012628). - net/atm: fix proc_mpc_write incorrect return value (bsc#1012628). - sfc: Change VF mac via PF as first preference if available (bsc#1012628). - HID: magicmouse: Do not set BTN_MOUSE on double report (bsc#1012628). - tls: strp: make sure the TCP skbs do not have overlapping data (bsc#1012628). - i40e: Fix DMA mappings leak (bsc#1012628). - net: dsa: qca8k: fix ethtool autocast mib for big-endian systems (bsc#1012628). - net: dsa: qca8k: fix inband mgmt for big-endian systems (bsc#1012628). - tipc: fix an information leak in tipc_topsrv_kern_subscr (bsc#1012628). - tipc: Fix recognition of trial period (bsc#1012628). - ACPI: extlog: Handle multiple records (bsc#1012628). - drm/vc4: hdmi: Enforce the minimum rate at runtime_resume (bsc#1012628). - drm/vc4: Add module dependency on hdmi-codec (bsc#1012628). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1012628). - btrfs: fix processing of delayed data refs during backref walking (bsc#1012628). - dm bufio: use the acquire memory barrier when testing for B_READING (bsc#1012628). - platform/x86/amd: pmc: Read SMU version during suspend on Cezanne systems (bsc#1012628). - x86/topology: Fix duplicated core ID within a package (bsc#1012628). - x86/topology: Fix multiple packages shown on a single-package system (bsc#1012628). - x86/Kconfig: Drop check for -mabi=ms for CONFIG_EFI_STUB (bsc#1012628). - media: venus: Fix NV12 decoder buffer discovery on HFI_VERSION_1XX (bsc#1012628). - media: venus: dec: Handle the case where find_format fails (bsc#1012628). - media: mceusb: set timeout to at least timeout provided (bsc#1012628). - media: ipu3-imgu: Fix NULL pointer dereference in active selection access (bsc#1012628). - KVM: arm64: vgic: Fix exit condition in scan_its_table() (bsc#1012628). - KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (bsc#1012628). - KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (bsc#1012628). - kvm: Add support for arch compat vm ioctls (bsc#1012628). - mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages (bsc#1012628). - drm/amdgpu: fix sdma doorbell init ordering on APUs (bsc#1012628). - cpufreq: qcom: fix memory leak in error path (bsc#1012628). - x86/resctrl: Fix min_cbm_bits for AMD (bsc#1012628). - ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS (bsc#1012628). - ata: ahci-imx: Fix MODULE_ALIAS (bsc#1012628). - hwmon/coretemp: Handle large core ID value (bsc#1012628). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1012628). - cpufreq: tegra194: Fix module loading (bsc#1012628). - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (bsc#1012628). - cpufreq: qcom: fix writes in read-only memory region (bsc#1012628). - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (bsc#1012628). - smb3: interface count displayed incorrectly (bsc#1012628). - ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1012628). - ocfs2: clear dinode links count in case of error (bsc#1012628). - video/aperture: Call sysfb_disable() before removing PCI devices (bsc#1012628). - commit ba5b066 ++++ lsof: - update to 4.96.4 * fix hash functions used for finding local tcp/udp IPCs * Show copyright notice in --version output. * Avoid some easy collissions for udp/udp6 sockets when hashing * Changing the number of ipcbuckets to 4096 * obtain correct information of memory-mapped file. - drop remove-hostname.patch now upstream ------------------------------------------------------------------ ------------------ 2022-10-29 - Oct 29 2022 ------------------- ------------------------------------------------------------------ ++++ libXext: - Update to version 1.3.5 * Fix spelling/wording issues * gitlab CI: add a basic build test * Xge.c, Xge.h: convert from ISO-8859-1 to UTF-8 * Add extutilP.h header for xgeExtRegister() prototype * Remove unnecessary casts of malloc/calloc results * Remove unnecessary (char *) casts from Xfree() arguments * Use calloc instead of malloc if we may not initialize all the bytes * Import reallocarray() from libX11 * Convert calls to Xmalloc arrays to use Xmallocarray instead * configure: Use AC_USE_SYSTEM_EXTENSIONS to set GNU_SOURCE & other defines * Remove "All rights reserved" from Oracle copyright notices. * COPYING: Add info for Xge.* and reallocarray.* files * add ACLOCAL_AMFLAGS = -I m4 to make aclocal pick ax_gcc_builtin.m4 ++++ libXinerama: - Update to version 1.1.6 * Update README for gitlab migration * Update configure.ac bug URL for gitlab migration * Fix spelling/wording issues * gitlab CI: add a basic build test * XineramaQueryScreens: fix -Wsign-compare warning * Remove "register" type qualifier from variable declarations ++++ protobuf: - update to 21.9: * Ruby * Replace libc strdup usage with internal impl to restore musl compat (#10818) * Auto capitalize enums name in Ruby (#10454) (#10763) * Other * Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721) * C++ * 21.x No longer define no_threadlocal on OpenBSD (#10743) * Java * Mark default instance as immutable first to avoid race during static initialization of default instances (#10771) * Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder. * Move proto wireformat parsing functionality from the private "parsing constructor" to the Builder class. * Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations. * Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance. * Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field. ++++ timezone: - timezone update 2022f: * Mexico will no longer observe DST except near the US border * Chihuahua moves to year-round -06 on 2022-10-30 * Fiji no longer observes DST * Move links to 'backward' * In vanguard form, GMT is now a Zone and Etc/GMT a link * zic now supports links to links, and vanguard form uses this * Simplify four Ontario zones * Fix a Y2438 bug when reading TZif data * Enable 64-bit time_t on 32-bit glibc platforms * Omit large-file support when no longer needed * In C code, use some C23 features if available * Remove no-longer-needed workaround for Qt bug 53071 ------------------------------------------------------------------ ------------------ 2022-10-28 - Oct 28 2022 ------------------- ------------------------------------------------------------------ ++++ grub2: - NVMeoFC support on grub (jsc#PED-996) * 0001-ieee1275-add-support-for-NVMeoFC.patch * 0002-ieee1275-ofpath-enable-NVMeoF-logical-device-transla.patch * 0003-ieee1275-change-the-logic-of-ieee1275_get_devargs.patch * 0004-ofpath-controller-name-update.patch - TDX: Enhance grub2 measurement to TD RTMR (jsc#PED-1265) * 0001-commands-efi-tpm-Refine-the-status-of-log-event.patch * 0002-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch * 0003-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch - Measure the kernel on POWER10 and extend TPM PCRs (PED-1990) * 0001-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch * 0002-ieee1275-implement-vec5-for-cas-negotiation.patch - Fix efi pcr snapshot related funtion is defined but not used on powerpc platform. * safe_tpm_pcr_snapshot.patch ++++ at-spi2-core: - Ensure xprop is required when xwayland is installed. ++++ python-pbr: - Update to 5.11.0 * Fix symbol identification in multiline message * Replace deprecated readfp method with read_file ------------------------------------------------------------------ ------------------ 2022-10-27 - Oct 27 2022 ------------------- ------------------------------------------------------------------ ++++ llvm15: - Update to version 15.0.3. * This release contains bug-fixes for the LLVM 15.0.0 release. This release is API and ABI compatible with 15.0.0. - Add llvm-armv7-fix-vector-compare-with-zero-lowering.patch: Fix lowering of non-canonical vector comparison with zero on armv7, preventing a crash (boo#1204267, gh#llvm/llvm-project#58514). - Add lldb-swig-4.1.0-build-fix.patch: Fix build with Swig 4.1.0. - Rebase llvm-do-not-install-static-libraries.patch. ++++ osinfo-db: - Update to database version 20221018 osinfo-db-20221018.tar.xz ++++ python-charset-normalizer: - Update to 3.0.0 Added * Extend the capability of explain=True when cp_isolation contains at most two entries (min one), will log in details of the Mess-detector results Support for alternative language frequency set in charset_normalizer.assets.FREQUENCIES Add parameter language_threshold in from_bytes, from_path and from_fp to adjust the minimum expected coherence ratio normalizer --version now specify if current version provide extra speedup (meaning mypyc compilation whl) * Changed Build with static metadata using 'build' frontend Make the language detection stricter Optional: Module md.py can be compiled using Mypyc to provide an extra speedup up to 4x faster than v2.1 * Fixed CLI with opt --normalize fail when using full path for files TooManyAccentuatedPlugin induce false positive on the mess detection when too few alpha character have been fed to it Sphinx warnings when generating the documentation * Removed Coherence detector no longer return 'Simple English' instead return 'English' Coherence detector no longer return 'Classical Chinese' instead return 'Chinese' Breaking: Method first() and best() from CharsetMatch UTF-7 will no longer appear as "detected" without a recognized SIG/mark (is unreliable/conflict with ASCII) Breaking: Class aliases CharsetDetector, CharsetDoctor, CharsetNormalizerMatch and CharsetNormalizerMatches Breaking: Top-level function normalize Breaking: Properties chaos_secondary_pass, coherence_non_latin and w_counter from CharsetMatch Support for the backport unicodedata2 ++++ tar: - Fix unexpected inconsistency when making directory, bsc#1203600 * tar-avoid-overflow-in-symlinks-tests.patch * tar-fix-extract-unlink.patch - Update race condition fix, bsc#1200657 * tar-fix-race-condition.patch - Refresh bsc1200657.patch ------------------------------------------------------------------ ------------------ 2022-10-26 - Oct 26 2022 ------------------- ------------------------------------------------------------------ ++++ curl: - Update to 7.86.0: * Security fixes: - POST following PUT confusion [bsc#1204383, CVE-2022-32221] - .netrc parser out-of-bounds access [bsc#1204384, CVE-2022-35260] - HTTP proxy double-free [bsc#1204385, CVE-2022-42915] - HSTS bypass via IDN [bsc#1204386, CVE-2022-42916] * Changes: - NPN: remove support for and use of - Websockets: initial support * Bugfixes: - altsvc: reject bad port numbers - autotools: reduce brute-force when detecting recv/send arg list - aws_sigv4: fix header computation - cli tool: do not use disabled protocols - connect: change verbose IPv6 address:port to [address]:port - connect: fix builds without AF_INET6 - connect: fix Curl_updateconninfo for TRNSPRT_UNIX - connect: fix the wrong error message on connect failures - content_encoding: use writer struct subclasses for different encodings - cookie: reject cookie names or content with TAB characters - curl/add_file_name_to_url: use the libcurl URL parser - curl/get_url_file_name: use libcurl URL parser - curl: warn for --ssl use, considered insecure - docs/libcurl/symbols-in-versions: add several missing symbols - ftp: ignore a 550 response to MDTM - functypes: provide the recv and send arg and return types - getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled - header: define public API functions as extern c - headers: reset the requests counter at transfer start - hostip: guard PF_INET6 use - hostip: lazily wait to figure out if IPv6 works until needed - http, vauth: always provide Curl_allow_auth_to_host() functionality - http2: make nghttp2 less picky about field whitespace - http: try parsing Retry-After: as a number first - http_proxy: restore the protocol pointer on error - lib: add missing limits.h includes - lib: prepare the incoming of additional protocols - lib: sanitize conditional exclusion around MIME - libssh: if sftp_init fails, don't get the sftp error code - mprintf: reject two kinds of precision for the same argument - mqtt: return error for too long topic - netrc: compare user name case sensitively - netrc: replace fgets with Curl_get_line - netrc: use the URL-decoded user - ngtcp2: fix build errors due to changes in ngtcp2 library - noproxy: support proxies specified using cidr notation - openssl: make certinfo available for QUIC - resolve: make forced IPv4 resolve only use A queries - schannel: ban server ALPN change during recv renegotiation - schannel: don't reset recv/send function pointers on renegotiation - schannel: when importing PFX, disable key persistence - setopt: use the handler table for protocol name to number conversions - setopt: when POST is set, reset the 'upload' field - single_transfer: use the libcurl URL parser when appending query parts - smb: replace CURL_WIN32 with WIN32 - tool: avoid generating ambiguous escaped characters in --libcurl - tool_main: exit at once if out of file descriptors - tool_operate: more transfer cleanup after parallel transfer fail - tool_operate: prevent over-queuing in parallel mode - tool_paramhelp: asserts verify maximum sizes for string loading - tool_xattr: save the original URL, not the final redirected one - url: a zero-length userinfo part in the URL is still a (blank) user - url: allow non-HTTPS HSTS-matching for debug builds - url: rename function due to name-clash in Watt-32 - url: use IDN decoded names for HSTS checks - urlapi: detect scheme better when not guessing - urlapi: fix parsing URL without slash with CURLU_URLENCODE - urlapi: reject more bad characters from the host name field * Remove patch upstream: - connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch ++++ dbus-1: - update to 1.14.4 (bsc#1204111, CVE-2022-42010, bsc#1204112, CVE-2022-42011, bsc#1204113, CVE-2022-42012): This is a security update for the dbus 1.14.x stable branch, fixing denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying security hardening (dbus#416). Behaviour changes: * On Linux, dbus-daemon and other uses of DBusServer now create a path-based Unix socket, unix:path=..., when asked to listen on a unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to unix:dir=... on all platforms. Previous versions would have created an abstract socket, unix:abstract=..., in this situation. This change primarily affects the well-known session bus when run via dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring dbus with --enable-user-session and running it on a systemd system, already used path-based Unix sockets and is unaffected by this change. This behaviour change prevents a sandbox escape via the session bus socket in sandboxing frameworks that can share the network namespace with the host system, such as Flatpak. This change might cause a regression in situations where the abstract socket is intentionally shared between the host system and a chroot or container, such as some use-cases of schroot(1). That regression can be resolved by using a bind-mount to share either the D-Bus socket, or the whole /tmp directory, with the chroot or container. (dbus#416, Simon McVittie) * Denial of service fixes: - Evgeny Vereshchagin discovered several ways in which an authenticated local attacker could cause a crash (denial of service) in dbus-daemon --system or a custom DBusServer. In uncommon configurations these could potentially be carried out by an authenticated remote attacker. - An invalid array of fixed-length elements where the length of the array is not a multiple of the length of the element would cause an assertion failure in debug builds or an out-of-bounds read in production builds. This was a regression in version 1.3.0. (dbus#413, CVE-2022-42011; Simon McVittie) - A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical example. (dbus#418, CVE-2022-42010; Simon McVittie) - A message in non-native endianness with out-of-band Unix file descriptors would cause a use-after-free and possible memory corruption in production builds, or an assertion failure in debug builds. This was a regression in version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie) - Preserve errno on failure to open /proc/self/oom_score_adj (dbus!285, Gentoo#834725; Mike Gilbert) - On Linux, don't log warnings if oom_score_adj is read-only but does not need to be changed (dbus!291, Simon McVittie) - Slightly improve error-handling for inotify (dbus!235, Simon McVittie) - Don't crash if dbus-daemon is asked to watch more than 128 directories for changes (dbus!302, Jan Tojnar) ++++ dnsmasq: - update to 2.87 (bsc#1197872, CVE-2022-0934): * Allow arbitrary prefix lengths in --rev-server and - -domain=....,local * Replace --address=/#/..... functionality which got missed in the 2.86 domain search rewrite. * Add --nftset option, like --ipset but for the newer nftables. * Add --filter-A and --filter-AAAA options, to remove IPv4 or IPv6 addresses from DNS answers. * Fix crash doing netbooting when --port is set to zero to disable the DNS server. Thanks to Drexl Johannes for the bug report. * Generalise --dhcp-relay. Sending via broadcast/multicast is now supported for both IPv4 and IPv6 and the configuration syntax made easier (but backwards compatible). * Add snooping of IPv6 prefix-delegations to the DHCP-relay system. * Finesse parsing of --dhcp-remoteid and --dhcp-subscrid. To be treated as hex, the pattern must consist of only hex digits AND contain at least one ':'. Thanks to Bengt-Erik Sandstrom who tripped over a pattern consisting of a decimal number which was interpreted surprisingly. * Include client address in TFTP file-not-found error reports. Thanks to Stefan Rink for the initial patch, which has been re-worked by me (srk). All bugs mine. * Note in manpage the change in behaviour of -address. This behaviour actually changed in v2.86, but was undocumented there. From 2.86 on, (eg) --address=/example.com/1.2.3.4 ONLY applies to A queries. All other types of query will be sent upstream. Pre 2.86, that would catch the whole example.com domain and queries for other types would get a local NODATA answer. The pre-2.86 behaviour is still available, by configuring --address=/example.com/1.2.3.4 --local=/example.com/ * Fix problem with binding DHCP sockets to an individual interface. Despite the fact that the system call tales the interface _name_ as a parameter, it actually, binds the socket to interface _index_. Deleting the interface and creating a new one with the same name leaves the socket bound to the old index. (Creating new sockets always allocates a fresh index, they are not reused). We now take this behaviour into account and keep up with changing indexes. * Add --conf-script configuration option. * Enhance --domain to accept, for instance, - -domain=net2.thekelleys.org.uk,eth2 so that hosts get a domain which relects the interface they are attached to in a way which doesn't require hard-coding addresses. Thanks to Sten Spans for the idea. * Fix write-after-free error in DHCPv6 server code. CVE-2022-0934 refers. * Add the ability to specify destination port in DHCP-relay mode. This change also removes a previous bug where --dhcp-alternate-port would affect the port used to relay _to_ as well as the port being listened on. The new feature allows configuration to provide bug-for-bug compatibility, if required. Thanks to Damian Kaczkowski for the feature suggestion. * Bound the value of UDP packet size in the EDNS0 header of forwarded queries to the configured or default value of edns-packet-max. There's no point letting a client set a larger value if we're unable to return the answer. Thanks to Bertie Taylor for pointing out the problem and supplying the patch. - drop dnsmasq-CVE-2022-0934.patch, dnsmasq-resolv-conf.patch (upstream) ++++ gdk-pixbuf: - Update to version 2.42.10: + Search for rst2man.py. + Update the memory size limit for JPEG images. + Updated translations. - Drop patch fixed upstream (with different limit): + 0001-jpeg-Increase-memory-limit-for-loading-image-data.patch ++++ glib-networking: - Fix build with gnutls 3.7.8: * tests: skip tls-exporter test for TLS 1.2 * https://gitlab.gnome.org/GNOME/glib-networking/-/issues/201 * Add glib-networking-gnutls-tls-exporter-tls12.patch ++++ glib2: - Update to version 2.74.1: + Update Unicode data to version 15 + Fix various build failures in different situations + Fix over-eager deprecated property warnings for construct properties + Fix a crash calling `g_param_value_is_valid()` on a `GParamSpecParam` + Fix floating `GVariant` leaks with GObject properties + Add inline optimised version of `g_str_equal()` + Fix `GVariant` type depths checks on text format variants + Fix regression with int64 and double hashing functions on big-endian architectures + Build the API documentation only when building GLib as a shared library + Ignore weird `/etc/localtime` configurations generated by toolbx + Avoid `EINTR` races when closing FDs in `g_spawn_*()` + Bugs fixed: glgo#GNOME/GLib#16, glgo#GNOME/GLib#333, glgo#GNOME/GLib#2735, glgo#GNOME/GLib#2740, glgo#GNOME/GLib#2742, glgo#GNOME/GLib#2748, glgo#GNOME/GLib#2758, glgo#GNOME/GLib#2759, glgo#GNOME/GLib#2766, glgo#GNOME/GLib#2767, glgo#GNOME/GLib#2770, glgo#GNOME/GLib#2774, glgo#GNOME/GLib#2775, glgo#GNOME/GLib#2782, glgo#GNOME/GLib#2787, glgo#GNOME/GLib#2788, glgo#GNOME/GLib!2852, glgo#GNOME/GLib!2857, glgo#GNOME/GLib!2864, glgo#GNOME/GLib!2866, glgo#GNOME/GLib!2880, glgo#GNOME/GLib!2885, glgo#GNOME/GLib!2892, glgo#GNOME/GLib!2896, glgo#GNOME/GLib!2899, glgo#GNOME/GLib!2901, glgo#GNOME/GLib!2903, glgo#GNOME/GLib!2904, glgo#GNOME/GLib!2905, glgo#GNOME/GLib!2907, glgo#GNOME/GLib!2911, glgo#GNOME/GLib!2913, glgo#GNOME/GLib!2915, glgo#GNOME/GLib!2916, glgo#GNOME/GLib!2920, glgo#GNOME/GLib!2922, glgo#GNOME/GLib!2924, glgo#GNOME/GLib!2928, glgo#GNOME/GLib!2931, glgo#GNOME/GLib!2933, glgo#GNOME/GLib!2938, glgo#GNOME/GLib!2939, glgo#GNOME/GLib!2946, glgo#GNOME/GLib!2948, glgo#GNOME/GLib!2949, glgo#GNOME/GLib!2958, glgo#GNOME/GLib!2960, glgo#GNOME/GLib!2973, glgo#GNOME/GLib!2975, glgo#GNOME/GLib!2982, glgo#GNOME/GLib!2983, glgo#GNOME/GLib!2988, glgo#GNOME/GLib!2989, glgo#GNOME/GLib!2995, glgo#GNOME/GLib!2996, glgo#GNOME/GLib!2998, glgo#GNOME/GLib!3010. + Updated translations. - Rebase patches with quilt. - Drop f0dd96c28751f15d0703b384bfc7c314af01caa8.diff: Fixed upstream. ++++ glibc: - dl-debug-bindings.patch: elf: Reinstate on DL_DEBUG_BINDINGS _dl_lookup_symbol_x (bsc#1204710) ++++ kernel-default: - Linux 6.0.5 (bsc#1012628). - Revert "btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure" (bsc#1012628). - clk: tegra: Fix Tegra PWM parent clock (bsc#1012628). - commit 7359656 - Linux 6.0.4 (bsc#1012628). - Revert "ALSA: hda: Fix page fault in snd_hda_codec_shutdown()" (bsc#1012628). - fbdev/core: Remove remove_conflicting_pci_framebuffers() (bsc#1012628). - io-wq: Fix memory leak in worker creation (bsc#1012628). - gcov: support GCC 12.1 and newer compilers (bsc#1012628). - efi: ssdt: Don't free memory if ACPI table was loaded successfully (bsc#1012628). - efi: efivars: Fix variable writes without query_variable_store() (bsc#1012628). - dm clone: Fix typo in block_device format specifier (bsc#1012628). - drm/amd/pm: update SMU IP v13.0.4 driver interface version (bsc#1012628). - drm/amd/pm: fulfill SMU13.0.0 cstate control interface (bsc#1012628). - drm/amd/pm: disable cstate feature for gpu reset scenario (bsc#1012628). - drm/amd/pm: add SMU IP v13.0.4 IF version define to V7 (bsc#1012628). - drm/amd/pm: fulfill SMU13.0.7 cstate control interface (bsc#1012628). - net: flag sockets supporting msghdr originated zerocopy (bsc#1012628). - HID: playstation: add initial DualSense Edge controller support (bsc#1012628). - HID: playstation: stop DualSense output work on remove (bsc#1012628). - io_uring/net: fail zc send when unsupported by socket (bsc#1012628). - thermal: intel_powerclamp: Use first online CPU as control_cpu (bsc#1012628). - pinctrl: amd: change dev_warn to dev_dbg for additional feature support (bsc#1012628). - drm/i915/bios: Use hardcoded fp_timing size for generating LFP data pointers (bsc#1012628). - drm/i915/bios: Validate fp_timing terminator presence (bsc#1012628). - commit 12375d5 - arm64: Update config files. (bsc#1203558) Enable Renesas serial console and earlycon. - commit 6516615 ++++ expat: - Update to 2.5.0: (bsc#1204708) * Security fixes: - CVE-2022-43680 -- Fix heap use-after-free after overeager destruction of a shared DTD in function XML_ExternalEntityParserCreate in out-of-memory situations. Expected impact is denial of service or potentially arbitrary code execution. * Bug fixes: - Fix curruption from undefined entities - Fix case when parsing was suspended while processing nested entities - Stop leaking opening tag bindings after a closing tag mismatch error where a parser is reset through XML_ParserReset and then reused to parse - CMake: Fix generation of pkg-config file - MinGW|CMake: Fix static library name * Other changes: - Protect header expat_config.h from multiple inclusion - examples: Make use of XML_GetBuffer and be more consistent across examples - Address compiler warnings - Version info bumped from 9:9:8 to 9:10:8; see https://verbump.de/ for what these numbers do ++++ multipath-tools: - Update to version 0.9.2+59+suse.ac8942d: * Fix segfault in "multipath -t" command (boo#1204731) ++++ qemu: - qtests test are not realiable when run inside OBS builders, so let's disable that part of the testsuite for now. There is work ongoing to run it somewhere else (on dedicated hosts) to avoid loosing coverage. (bsc#1204566) ++++ rebootmgr: - Update to version 2.0 - Remove outdated etcd code - Fix issue#10: Reboots happen at the first moment of the maintenance window ------------------------------------------------------------------ ------------------ 2022-10-25 - Oct 25 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Revert "ALSA: hda: Fix page fault in snd_hda_codec_shutdown()" (bsc#1204679). - commit df34d12 ++++ alsa: - Update to version 1.2.8: add FreeBSD/NetBD/OpenBSD build support, fixes in control namehint, various PCM plugins and UCM. For details, see: https://www.alsa-project.org/wiki/Changes_v1.2.7.2_v1.2.8 - Add keyring ++++ libcontainers-common: - set detached sigstore attachments for the SUSE controlled registries ++++ libidn2: - update to 2.3.4: * Support for Unicode 15.0.0 * Uses IDNA2008 from tables from unicode.org rather than IANA for consistency with other implementation and support for Unicode versions 12 through 15. This breaks backwards- compatibility regarding U+19DA and recent releases ++++ rpm: - Add selinux_transactional_update.patch to ignore errors when setting file labels during transactional updates. They will be set upon reboot once the new policy is loaded (bsc#1204605) ++++ systemd: - Import commit c212388f7de8d22a3f7c22b19553548ccc0cdd15 (merge of v251.7) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/f78bba8d037cc26c09bbdd167625b2d7fe1f5a30...c212388f7de8d22a3f7c22b19553548ccc0cdd15 - specfile: reindent comments ++++ libunistring: - Update to 1.1: * The data tables and algorithms have been updated to Unicode version 15.0.0. ++++ openSUSE-build-key: - add the SUSE Container key in PEM format too to new /usr/share/pki/containers/ directory. (bsc#1204706) ++++ rust-keylime: - Add cargo-audit service per policy - Update to version 0.1.0+git.1666019359.f5de47b: * README: mark Rust agent as the official one, fix cargo run command ++++ sudo: - Update to 1.9.12: * Dropped sudo-1.9.10-update_sudouser_to_utf8.patch * Changes in Sudo 1.9.12: * Fixed a bug when logging the command’s exit status in intercept mode. The wrong command could be logged with the exit status. * For ptrace-based intercept mode, sudo will now attempt to verify that the command path name, arguments and environment have not changed from the time when they were authorized by the security policy. The new intercept_verify sudoers setting can be used to control this behavior. * Fixed running commands with a relative path (e.g. ./foo) in intercept mode. Previously, this would fail if sudo’s current working directory was different from that of the command. * Sudo now supports passing the execve(2) system call the NULL pointer for the argv and/or envp arguments when in intercept mode. Linux treats a NULL pointer like an empty array. * The sudoers LDAP schema now allows sudoUser, sudoRunasUser and sudoRunasGroup to include UTF-8 characters, not just 7-bit ASCII. * Fixed a problem with sudo -i on SELinux when the target user’s home directory is not searchable by sudo. GitHub issue #160. * Neovim has been added to the list of visudo editors that support passing the line number on the command line. * Fixed a bug in sudo’s SHA384 and SHA512 message digest padding. * Added a new -N (no-update) command line option to sudo which can be used to prevent sudo from updating the user’s cached credentials. It is now possible to determine whether or not a user’s cached credentials are currently valid by running: $ sudo -Nnv and checking the exit value. One use case for this is to indicate in a shell prompt that sudo is “active” for the user. * PAM approval modules are no longer invoked when running sub-commands in intercept mode unless the intercept_authenticate option is set. There is a substantial performance penalty for calling into PAM for each command run. PAM approval modules are still called for the initial command. * Intercept mode on Linux now uses process_vm_readv(2) and process_vm_writev(2) if available. * The XDG_CURRENT_DESKTOP environment variable is now preserved by default. This makes it possible for graphical applications to choose the correct theme when run via sudo. * On 64-bit systems, if sudo fails to load a sudoers group plugin, it will use system-specific heuristics to try to locate a 64-bit version of the plugin. * The cvtsudoers manual now documents the JSON and CSV output formats. GitHub issue #172. * Fixed a bug where sub-commands were not being logged to a remote log server when log_subcmds was enabled. GitHub issue #174. * The new log_stdin, log_stdout, log_stderr, log_ttyin, and log_ttyout sudoers settings can be used to support more fine-grained I/O logging. The sudo front-end no longer allocates a pseudo-terminal when running a command if the I/O logging plugin requests logging of stdin, stdout, or stderr but not terminal input/output. * Quieted a libgcrypt run-time initialization warning. This fixes Debian bug #1019428 and Ubuntu bug #1397663. * Fixed a bug in visudo that caused literal backslashes to be removed from the EDITOR environment variable. GitHub issue #179. * The sudo Python plugin now implements the find_spec method instead of the the deprecated find_module. This fixes a test failure when a newer version of setuptools that doesn’t include find_module is found on the system. * Fixed a bug introduced in sudo 1.9.9 where sudo_logsrvd created the process ID file, usually /var/run/sudo/sudo_logsrvd.pid, as a directory instead of a plain file. The same bug could result in I/O log directories that end in six or more X’s being created literally in addition to the name being used as a template for the mkdtemp(3) function. * Fixed a long-standing bug where a sudoers rule with a command line argument of “”, which indicates the command may be run with no arguments, would also match a literal "" on the command line. GitHub issue #182. * Added the -I option to visudo which only edits the main sudoers file. Include files are not edited unless a syntax error is found. * Fixed sudo -l -U otheruser output when the runas list is empty. Previously, sudo would list the invoking user instead of the list user. GitHub issue #183. * Fixed the display of command tags and options in sudo -l output when the RunAs user or group changes. A new line is started for RunAs changes which means we need to display the command tags and options again. GitHub issue #184. * The sesh helper program now uses getopt_long(3) to parse the command line options. * The embedded copy of zlib has been updated to version 1.2.13. * Fixed a bug that prevented event log data from being sent to the log server when I/O logging was not enabled. This only affected systems without PAM or configurations where the pam_session and pam_setcred options were disabled in the sudoers file. * Fixed a bug where sudo -l output included a carriage return after the newline. This is only needed when displaying to a terminal in raw mode. Bug #1042. ------------------------------------------------------------------ ------------------ 2022-10-24 - Oct 24 2022 ------------------- ------------------------------------------------------------------ ++++ docker: - Fix wrong After: in docker.service, fixes bsc#1188447 ++++ gettext-runtime: - update keyring for the last version update ++++ grub2: - Include loopback into signed grub2 image (jsc#PED-2150) ++++ kernel-default: - Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() (CVE-2022-3640 bsc#1204619). - commit c41533c ++++ libffi: - Update to libffi 3.4.4 * Important aarch64 fixes, including support for linux builds with Link Time Optimization (-flto). * Fix x86 stdcall stack alignment. * Fix x86 Windows msvc assembler compatibility. * Fix moxie and or1k small structure args. - drop riscv64-handle-big-structures.patch - reenable LTO ++++ multipath-tools: - Update to version 0.9.2+57+suse.cf3c1e9: * Fix multipathd authorization bypass and symlink attack (bsc#1202739 CVE-2022-41973 CVE-2022-41974) * add multipath-dracut.conf: dracut config file to install tmpfiles.d/multipath.conf in initramfs * Use "queue_mode bio" for NVMeoF/TCP devices * Upstream bug fixes and hwtable updates - Drop recompress.service, it just slows down build ++++ ncurses: - Add ncurses patch 20221023 + change man_db.renames to template, to handle ncurses*-config script with the extra-suffix configure option. ++++ shadow: - Add shadow-prefix-overflow.patch: Fix buffer overflow when calling useradd with --prefix See https://github.com/shadow-maint/shadow/pull/588 ++++ zchunk: - update to 1.2.3: * Remove meson deprecation warning * Add license scan report and status * test/zck_cmp_uncomp: fix printf format types * meson: add option to build without docs * zck: declare write_data as static ++++ pam-config: - Update to Version 1.8 - Move systemd_home after all optional modules (#13) - Add pam_u2f support [bsc#1115512] ++++ qemu: - Improve dependency handling (e.g., what's recommended vs. what's required. - Add a subpackage (qemu-headless) that brings in all the packages that are needed for creating VMs with tools like virt-install or VirtManager, run either locally or from a remote host. (bsc#1202166) ++++ vim: - Updated to version 9.0.0814, fixes the following problems * Kitty terminal is not recognized. * GUI mouse scrollwheel mappings don't work. * Error if :echowin is preceded by a command modifier * readblob() returns empty when trying to read too much * Test for job writing to buffer fails * sonnet filetype detection has a typo * With 'smoothscroll' typing "0" may not go to the first column * 'langmap' works differently when there are modifiers * Filetype autocmd may cause freed memory access * Crash when trying to divice the largest negative number by -1 * readblob() cannot read from character device. * The modifyOtherKeys flag is set when it should not. * In compiled function ->() on next line not recognized * Clang format configuration files are not recognized. * Order of assert function arguments is reverted. * readblob() always reads the whole file. * At the hit-Enter prompt the End and Home keys may not work. * Dummy buffer ends up in a window * User command does not get number from :tab modifier * Memory leak with empty shell command * ":!" doesn't do anything but does update the previous command. * OpenVPN files are not recognized. * 'scroll' value computed in unexpected location * The libvterm code is outdated. * Quickfix commands may keep memory allocated. * With a Visual block a put command column may go negative. * Indent and option tests fail. * Cannot use 'indentexpr' for Lisp indenting. * Display test for 'listchars' "precedes" fails * Line number not visisble with smoothscroll'', 'nu' and 'rnu' * No autocmd event for changing text in a terminal window * 'scrolloff' does not work well with 'smoothscroll'. * Crash when popup closed in callback * Alloc/free of buffer for each quickfix entry is inefficient * Wrong cursor position when using "gj" and "gk" in a long line. * In script in autoload dir exported variable is not found. ------------------------------------------------------------------ ------------------ 2022-10-23 - Oct 23 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update to 6.1-rc2 - commit 796d87f ++++ python-urllib3: - Fix pycache when undbundling six ------------------------------------------------------------------ ------------------ 2022-10-22 - Oct 22 2022 ------------------- ------------------------------------------------------------------ ++++ docker-compose: - Update to version 2.12.2: * go.mod: docker 5aac513617f072b15322b147052cbda0d451d389 / v22.06-dev - Update to version 2.12.1: * update docker engine API to apply fix of CVE-2022-39253 * Update `e2e` module deps * build(deps): bump go.opentelemetry.io/otel from 1.11.0 to 1.11.1 * Skip flaky test in CI ++++ kernel-default: - ALSA: hda/realtek: Add another HP ZBook G9 model quirks (bsc#1203699). - commit a4522e2 - Linux 6.0.3 (bsc#1012628). - arm64: dts: qcom: sc8280xp-pmics: Remove reg entry & use correct node name for pmc8280c_lpg node (bsc#1012628). - Kconfig.debug: add toolchain checks for DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT (bsc#1012628). - Kconfig.debug: simplify the dependency of DEBUG_INFO_DWARF4/5 (bsc#1012628). - io_uring/rw: ensure kiocb_end_write() is always called (bsc#1012628). - io_uring: fix fdinfo sqe offsets calculation (bsc#1012628). - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (bsc#1012628). - powerpc/64s/interrupt: Fix lost interrupts when returning to soft-masked context (bsc#1012628). - net/ieee802154: don't warn zero-sized raw_sendmsg() (bsc#1012628). - Revert "net/ieee802154: reject zero-sized raw_sendmsg()" (bsc#1012628). - Revert "drm/amd/display: correct hostvm flag" (bsc#1012628). - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (bsc#1012628). - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (bsc#1012628). - ALSA: usb-audio: Fix last interface check for registration (bsc#1012628). - net: ieee802154: return -EINVAL for unknown addr type (bsc#1012628). - mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1012628). - io_uring/net: fix notif cqe reordering (bsc#1012628). - io_uring/net: don't skip notifs for failed requests (bsc#1012628). - io_uring/net: rename io_sendzc() (bsc#1012628). - io_uring/net: don't lose partial send_zc on fail (bsc#1012628). - io_uring/net: use io_sr_msg for sendzc (bsc#1012628). - io_uring/net: refactor io_sr_msg types (bsc#1012628). - perf intel-pt: Fix system_wide dummy event for hybrid (bsc#1012628). - perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc (bsc#1012628). - perf: Skip and warn on unknown format 'configN' attrs (bsc#1012628). - clk: bcm2835: Round UART input clock up (bsc#1012628). - usb: typec: ucsi: Don't warn on probe deferral (bsc#1012628). - dmaengine: dw-edma: Remove runtime PM support (bsc#1012628). - fsi: master-ast-cf: Fix missing of_node_put in fsi_master_acf_probe (bsc#1012628). - fsi: occ: Prevent use after free (bsc#1012628). - hwmon (occ): Retry for checksum failure (bsc#1012628). - blk-mq: use quiesced elevator switch when reinitializing queues (bsc#1012628). - usb: idmouse: fix an uninit-value in idmouse_open (bsc#1012628). - nvmet-tcp: add bounds check on Transfer Tag (bsc#1012628). - nvme: copy firmware_rev on each init (bsc#1012628). - nvme: handle effects after freeing the request (bsc#1012628). - ext2: Use kvmalloc() for group descriptor array (bsc#1012628). - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (bsc#1012628). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (bsc#1012628). - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (bsc#1012628). - io_uring: fix CQE reordering (bsc#1012628). - Revert "usb: storage: Add quirk for Samsung Fit flash" (bsc#1012628). - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (bsc#1012628). - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (bsc#1012628). - usb: dwc3: core: add gfladj_refclk_lpm_sel quirk (bsc#1012628). - usb: musb: Fix musb_gadget.c rxstate overflow bug (bsc#1012628). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (bsc#1012628). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (bsc#1012628). - HID: nintendo: check analog user calibration for plausibility (bsc#1012628). - HSI: ssi_protocol: fix potential resource leak in ssip_pn_open() (bsc#1012628). - HID: roccat: Fix use-after-free in roccat_read() (bsc#1012628). - soundwire: intel: fix error handling on dai registration issues (bsc#1012628). - soundwire: cadence: Don't overwrite msg->buf during write commands (bsc#1012628). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (bsc#1012628). - ata: libahci_platform: Sanity check the DT child nodes number (bsc#1012628). - blk-throttle: prevent overflow while calculating wait time (bsc#1012628). - staging: vt6655: fix potential memory leak (bsc#1012628). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (bsc#1012628). - usb: gadget: uvc: increase worker prio to WQ_HIGHPRI (bsc#1012628). - iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (bsc#1012628). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (bsc#1012628). - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (bsc#1012628). - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (bsc#1012628). - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1012628). - usb: host: xhci-plat: suspend/resume clks for brcm (bsc#1012628). - usb: host: xhci-plat: suspend and resume clocks (bsc#1012628). - RDMA/rxe: Delete error messages triggered by incoming Read requests (bsc#1012628). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (bsc#1012628). - media: platform: fix some double free in meson-ge2d and mtk-jpeg and s5p-mfc (bsc#1012628). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (bsc#1012628). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (bsc#1012628). - ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (bsc#1012628). - ARM: 9234/1: stacktrace: Avoid duplicate saving of exception PC value (bsc#1012628). - ARM: 9233/1: stacktrace: Skip frame pointer boundary check for call_with_stack() (bsc#1012628). - btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure (bsc#1012628). - btrfs: don't print information about space cache or tree every remount (bsc#1012628). - btrfs: scrub: try to fix super block errors (bsc#1012628). - btrfs: scrub: properly report super block errors in system log (bsc#1012628). - btrfs: dump extra info if one free space cache has more bitmaps than it should (bsc#1012628). - ARM: orion: fix include path (bsc#1012628). - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (bsc#1012628). - arm64: dts: imx8mm-kontron: Use the VSELECT signal to switch SD card IO voltage (bsc#1012628). - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (bsc#1012628). - ARM: dts: imx6sx-udoo-neo: don't use multiple blank lines (bsc#1012628). - ARM: dts: imx6sl: use tabs for code indent (bsc#1012628). - ARM: dts: imx6sx: add missing properties for sram (bsc#1012628). - ARM: dts: imx6sll: add missing properties for sram (bsc#1012628). - ARM: dts: imx6sl: add missing properties for sram (bsc#1012628). - ARM: dts: imx6qp: add missing properties for sram (bsc#1012628). - ARM: dts: imx6dl: add missing properties for sram (bsc#1012628). - ARM: dts: imx6q: add missing properties for sram (bsc#1012628). - arm64: dts: qcom: sc7280-idp: correct ADC channel node name and unit address (bsc#1012628). - ARM: dts: imx7d-sdb: config the max pressure for tsc2046 (bsc#1012628). - ARM: dts: imx6: delete interrupts property if interrupts-extended is set (bsc#1012628). - drm/amdkfd: Fix UBSAN shift-out-of-bounds warning (bsc#1012628). - drm/amd/display: polling vid stream status in hpo dp blank (bsc#1012628). - drm/amd/display: Remove interface for periodic interrupt 1 (bsc#1012628). - drm/dp: Don't rewrite link config when setting phy test pattern (bsc#1012628). - mmc: sdhci-msm: add compatible string check for sdm670 (bsc#1012628). - drm/meson: remove drm bridges at aggregate driver unbind time (bsc#1012628). - drm/meson: explicitly remove aggregate driver at module unload time (bsc#1012628). - drm/meson: reorder driver deinit sequence to fix use-after-free bug (bsc#1012628). - ASoC: amd: yc: Add Lenovo Yoga Slim 7 Pro X to quirks table (bsc#1012628). - ASoC: amd: yc: Add ASUS UM5302TA into DMI table (bsc#1012628). - drm/amdgpu: fix initial connector audio value (bsc#1012628). - drm/amd/display: correct hostvm flag (bsc#1012628). - drm/amd/display: Fix urgent latency override for DCN32/DCN321 (bsc#1012628). - drm/amdgpu: SDMA update use unlocked iterator (bsc#1012628). - ASoC: SOF: add quirk to override topology mclk_id (bsc#1012628). - ASoC: sunxi: sun4i-codec: set debugfs_prefix for CPU DAI component (bsc#1012628). - ASoC: SOF: pci: Change DMI match info to support all Chrome platforms (bsc#1012628). - ALSA: intel-dspconfig: add ES8336 support for AlderLake-PS (bsc#1012628). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (bsc#1012628). - platform/x86: hp-wmi: Setting thermal profile fails with 0x06 (bsc#1012628). - platform/chrome: cros_ec: Notify the PM of wake events during resume (bsc#1012628). - drm: panel-orientation-quirks: Add quirk for Aya Neo Air (bsc#1012628). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (bsc#1012628). - drm/vc4: vec: Fix timings for VEC modes (bsc#1012628). - ALSA: usb-audio: Register card at the last interface (bsc#1012628). - drm/admgpu: Skip CG/PG on SOC21 under SRIOV VF (bsc#1012628). - drm/amdgpu: Skip the program of MMMC_VM_AGP_* in SRIOV on MMHUB v3_0_0 (bsc#1012628). - drm/amd/display: Fix variable dereferenced before check (bsc#1012628). - drm: bridge: dw_hdmi: only trigger hotplug event on link change (bsc#1012628). - drm/amd: fix potential memory leak (bsc#1012628). - platform/x86: pmc_atom: Improve quirk message to be less cryptic (bsc#1012628). - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (bsc#1012628). - ALSA: usb-audio: Add quirk to enable Avid Mbox 3 support (bsc#1012628). - ALSA: hda: Fix page fault in snd_hda_codec_shutdown() (bsc#1012628). - drm/amd/display: fix overflow on MIN_I64 definition (bsc#1012628). - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (bsc#1012628). - drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook (bsc#1012628). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (bsc#1012628). - drm: Use size_t type for len variable in drm_copy_field() (bsc#1012628). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (bsc#1012628). - r8152: Rate limit overflow messages (bsc#1012628). - i2c: designware-pci: Group AMD NAVI quirk parts together (bsc#1012628). - libbpf: Fix overrun in netlink attribute iteration (bsc#1012628). - net: sched: cls_u32: Avoid memcpy() false-positive warning (bsc#1012628). - Bluetooth: L2CAP: Fix user-after-free (bsc#1012628). - bpf: use bpf_prog_pack for bpf_dispatcher (bsc#1012628). - bpf: Adjust kprobe_multi entry_ip for CONFIG_X86_KERNEL_IBT (bsc#1012628). - net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory (bsc#1012628). - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (bsc#1012628). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (bsc#1012628). - wifi: rt2x00: set SoC wmac clock register (bsc#1012628). - wifi: rt2x00: set VGC gain for both chains of MT7620 (bsc#1012628). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (bsc#1012628). - wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620 (bsc#1012628). - can: bcm: check the result of can_send() in bcm_can_tx() (bsc#1012628). - selftests/bpf: Free the allocated resources after test case succeeds (bsc#1012628). - bnxt_en: replace reset with config timestamps (bsc#1012628). - Bluetooth: hci_event: Make sure ISO events don't affect non-ISO connections (bsc#1012628). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (bsc#1012628). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (bsc#1012628). - wifi: rtw89: fix rx filter after scan (bsc#1012628). - wifi: rtw89: free unused skb to prevent memory leak (bsc#1012628). - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (bsc#1012628). - wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register() (bsc#1012628). - regulator: core: Prevent integer underflow (bsc#1012628). - Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (bsc#1012628). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (bsc#1012628). - iavf: Fix race between iavf_close and iavf_reset_task (bsc#1012628). - net: ftmac100: fix endianness-related issues from 'sparse' (bsc#1012628). - rtw89: ser: leave lps with mutex (bsc#1012628). - wifi: ath11k: Register shutdown handler for WCN6750 (bsc#1012628). - xfrm: Update ipcomp_scratches with NULL when freed (bsc#1012628). - net-next: Fix IP_UNICAST_IF option behavior for connected sockets (bsc#1012628). - net: axienet: Switch to 64-bit RX/TX statistics (bsc#1012628). - x86/apic: Don't disable x2APIC if locked (bsc#1012628). - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (bsc#1012628). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (bsc#1012628). - x86/mce: Retrieve poison range from hardware (bsc#1012628). - wifi: mac80211: accept STA changes without link changes (bsc#1012628). - micrel: ksz8851: fixes struct pointer issue (bsc#1012628). - tcp: annotate data-race around tcp_md5sig_pool_populated (bsc#1012628). - openvswitch: Fix overreporting of drops in dropwatch (bsc#1012628). - openvswitch: Fix double reporting of drops in dropwatch (bsc#1012628). - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (bsc#1012628). - bpftool: Clear errno after libcap's checks (bsc#1012628). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (bsc#1012628). - libbpf: Do not require executable permission for shared libraries (bsc#1012628). - libbpf: Ensure functions with always_inline attribute are inline (bsc#1012628). - NFSD: fix use-after-free on source server when doing inter-server copy (bsc#1012628). - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (bsc#1012628). - x86/entry: Work around Clang __bdos() bug (bsc#1012628). - ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (bsc#1012628). - ARM: decompressor: Include .data.rel.ro.local (bsc#1012628). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (bsc#1012628). - powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue (bsc#1012628). - MIPS: BCM47XX: Cast memcmp() of function to (void *) (bsc#1012628). - cpufreq: intel_pstate: Add Tigerlake support in no-HWP mode (bsc#1012628). - ACPI: tables: FPDT: Don't call acpi_os_map_memory() on invalid phys address (bsc#1012628). - fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL (bsc#1012628). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (bsc#1012628). - cpufreq: amd_pstate: fix wrong lowest perf fetch (bsc#1012628). - rcu-tasks: Ensure RCU Tasks Trace loops have quiescent states (bsc#1012628). - rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE() (bsc#1012628). - rcu: Back off upon fill_page_cache_func() allocation failure (bsc#1012628). - rcu: Avoid triggering strict-GP irq-work when RCU is idle (bsc#1012628). - fs: dlm: fix race in lowcomms (bsc#1012628). - module: tracking: Keep a record of tainted unloaded modules only (bsc#1012628). - ARM/dma-mapping: don't override ->dma_coherent when set from a bus notifier (bsc#1012628). - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (bsc#1012628). - tools/power turbostat: Use standard Energy Unit for SPR Dram RAPL domain (bsc#1012628). - f2fs: fix to account FS_CP_DATA_IO correctly (bsc#1012628). - f2fs: fix race condition on setting FI_NO_EXTENT flag (bsc#1012628). - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (bsc#1012628). - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (bsc#1012628). - random: schedule jitter credit for next jiffy, not in two jiffies (bsc#1012628). - crypto: cavium - prevent integer overflow loading firmware (bsc#1012628). - crypto: marvell/octeontx - prevent integer overflows (bsc#1012628). - kbuild: rpm-pkg: fix breakage when V=1 is used (bsc#1012628). - linux/export: use inline assembler to populate symbol CRCs (bsc#1012628). - kbuild: remove the target in signal traps when interrupted (bsc#1012628). - ftrace: Fix recursive locking direct_mutex in ftrace_modify_direct_caller (bsc#1012628). - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (bsc#1012628). - tracing: kprobe: Make gen test module work in arm and riscv (bsc#1012628). - tracing: kprobe: Fix kprobe event gen test module on exit (bsc#1012628). - iommu/iova: Fix module config properly (bsc#1012628). - cifs: return correct error in ->calc_signature() (bsc#1012628). - clocksource/drivers/timer-gxp: Add missing error handling in gxp_timer_probe (bsc#1012628). - clocksource/drivers/arm_arch_timer: Fix handling of ARM erratum 858921 (bsc#1012628). - crypto: qat - fix DMA transfer direction (bsc#1012628). - crypto: inside-secure - Change swab to swab32 (bsc#1012628). - crypto: ccp - Release dma channels before dmaengine unrgister (bsc#1012628). - crypto: akcipher - default implementation for setting a private key (bsc#1012628). - iommu/omap: Fix buffer overflow in debugfs (bsc#1012628). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1012628). - crypto: hisilicon/qm - fix missing put dfx access (bsc#1012628). - crypto: qat - fix default value of WDT timer (bsc#1012628). - hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear() (bsc#1012628). - hwrng: imx-rngc - use devm_clk_get_enabled (bsc#1012628). - cgroup: Honor caller's cgroup NS when resolving path (bsc#1012628). - crypto: ccp - Fail the PSP initialization when writing psp data file failed (bsc#1012628). - hwrng: arm-smccc-trng - fix NO_ENTROPY handling (bsc#1012628). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (bsc#1012628). - crypto: sahara - don't sleep when in softirq (bsc#1012628). - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (bsc#1012628). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (bsc#1012628). - powerpc: Fix SPE Power ISA properties for e500v1 platforms (bsc#1012628). - powerpc/64/interrupt: Fix return to masked context after hard-mask irq becomes pending (bsc#1012628). - powerpc/64: mark irqs hard disabled in boot paca (bsc#1012628). - powerpc/64/interrupt: Fix false warning in context tracking due to idle state (bsc#1012628). - powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5 (bsc#1012628). - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (bsc#1012628). - powerpc: Fix fallocate and fadvise64_64 compat parameter combination (bsc#1012628). - powerpc: dts: turris1x.dts: Fix labels in DSA cpu port nodes (bsc#1012628). - powerpc: dts: turris1x.dts: Fix NOR partitions labels (bsc#1012628). - cpuidle: riscv-sbi: Fix CPU_PM_CPU_IDLE_ENTER_xyz() macro usage (bsc#1012628). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1012628). - powerpc/pci_dn: Add missing of_node_put() (bsc#1012628). - powerpc/sysdev/fsl_msi: Add missing of_node_put() (bsc#1012628). - powerpc/math_emu/efp: Include module.h (bsc#1012628). - powerpc/configs: Properly enable PAPR_SCM in pseries_defconfig (bsc#1012628). - ipc: mqueue: fix possible memory leak in init_mqueue_fs() (bsc#1012628). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (bsc#1012628). - mailbox: mpfs: account for mbox offsets while sending (bsc#1012628). - mailbox: mpfs: fix handling of the reg property (bsc#1012628). - mailbox: imx: fix RST channel support (bsc#1012628). - clk: ast2600: BCLK comes from EPLL (bsc#1012628). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (bsc#1012628). - clk: ti: Balance of_node_get() calls for of_find_node_by_name() (bsc#1012628). - clk: imx: scu: fix memleak on platform_device_add() fails (bsc#1012628). - clk: imx8mp: tune the order of enet_qos_root_clk (bsc#1012628). - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (bsc#1012628). - clk: bcm2835: Make peripheral PLLC critical (bsc#1012628). - clk: baikal-t1: Add SATA internal ref clock buffer (bsc#1012628). - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (bsc#1012628). - clk: baikal-t1: Fix invalid xGMAC PTP clock divider (bsc#1012628). - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (bsc#1012628). - spmi: pmic-arb: correct duplicate APID to PPID mapping logic (bsc#1012628). - usb: mtu3: fix failed runtime suspend in host only mode (bsc#1012628). - HID: amd_sfh: Handle condition of "no sensors" for SFH1.1 (bsc#1012628). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (bsc#1012628). - io_uring/rw: defer fsnotify calls to task context (bsc#1012628). - clk: mediatek: Migrate remaining clk_unregister_*() to clk_hw_unregister_*() (bsc#1012628). - clk: mediatek: fix unregister function in mtk_clk_register_dividers cleanup (bsc#1012628). - clk: mediatek: clk-mt8195-mfg: Reparent mfg_bg3d and propagate rate changes (bsc#1012628). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (bsc#1012628). - mfd: da9061: Fix Failed to set Two-Wire Bus Mode (bsc#1012628). - mfd: sm501: Add check for platform_driver_register() (bsc#1012628). - mfd: fsl-imx25: Fix check for platform_get_irq() errors (bsc#1012628). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (bsc#1012628). - mfd: lp8788: Fix an error handling path in lp8788_probe() (bsc#1012628). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (bsc#1012628). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (bsc#1012628). - fsi: core: Check error number after calling ida_simple_get (bsc#1012628). - RDMA/rxe: Fix resize_finish() in rxe_queue.c (bsc#1012628). - RDMA/rxe: Set pd early in mr alloc routines (bsc#1012628). - nvmet-auth: don't try to cancel a non-initialized work_struct (bsc#1012628). - clk: qcom: gcc-sm6115: Override default Alpha PLL regs (bsc#1012628). - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (bsc#1012628). - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (bsc#1012628). - scsi: pm8001: Fix running_req for internal abort commands (bsc#1012628). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (bsc#1012628). - serial: 8250: Fix restoring termios speed after suspend (bsc#1012628). - firmware: google: Test spinlock on panic path to avoid lockups (bsc#1012628). - slimbus: qcom-ngd: Add error handling in of_qcom_slim_ngd_register (bsc#1012628). - staging: vt6655: fix some erroneous memory clean-up loops (bsc#1012628). - phy: qualcomm: call clk_disable_unprepare in the error handling (bsc#1012628). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (bsc#1012628). - serial: 8250: Toggle IER bits on only after irq has been set up (bsc#1012628). - drivers: serial: jsm: fix some leaks in probe (bsc#1012628). - usb: dwc3: core: fix some leaks in probe (bsc#1012628). - usb: typec: anx7411: Use of_get_child_by_name() instead of of_find_node_by_name() (bsc#1012628). - usb: gadget: function: fix dangling pnp_string in f_printer.c (bsc#1012628). - xhci: Don't show warning for reinit on known broken suspend (bsc#1012628). - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (bsc#1012628). - RDMA/cm: Use SLID in the work completion as the DLID in responder side (bsc#1012628). - md: Remove extra mddev_get() in md_seq_start() (bsc#1012628). - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (bsc#1012628). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (bsc#1012628). - md: Replace snprintf with scnprintf (bsc#1012628). - io_uring/fdinfo: fix sqe dumping for IORING_SETUP_SQE128 (bsc#1012628). - eventfd: guard wake_up in eventfd fs calls as well (bsc#1012628). - block: Fix the enum blk_eh_timer_return documentation (bsc#1012628). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (bsc#1012628). - ata: fix ata_id_has_dipm() (bsc#1012628). - ata: fix ata_id_has_ncq_autosense() (bsc#1012628). - ata: fix ata_id_has_devslp() (bsc#1012628). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (bsc#1012628). - RDMA/siw: Fix QP destroy to wait for all references dropped (bsc#1012628). - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall (bsc#1012628). - RDMA/srp: Fix srp_abort() (bsc#1012628). - RDMA/irdma: Validate udata inlen and outlen (bsc#1012628). - RDMA/irdma: Align AE id codes to correct flush code and event (bsc#1012628). - mtd: rawnand: fsl_elbc: Fix none ECC mode (bsc#1012628). - mtd: rawnand: intel: Remove undocumented compatible string (bsc#1012628). - mtd: rawnand: intel: Read the chip-select line from the correct OF node (bsc#1012628). - phy: phy-mtk-tphy: fix the phy type setting issue (bsc#1012628). - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (bsc#1012628). - phy: qcom-qmp-usb: disable runtime PM on unbind (bsc#1012628). - remoteproc: Harden rproc_handle_vdev() against integer overflow (bsc#1012628). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (bsc#1012628). - scsi: lpfc: Fix various issues reported by tools (bsc#1012628). - clk: qcom: sm6115: Select QCOM_GDSC (bsc#1012628). - dyndbg: drop EXPORTed dynamic_debug_exec_queries (bsc#1012628). - dyndbg: let query-modname override actual module name (bsc#1012628). - dyndbg: fix module.dyndbg handling (bsc#1012628). - dyndbg: fix static_branch manipulation (bsc#1012628). - usb: gadget: f_fs: stricter integer overflow checks (bsc#1012628). - iio: Use per-device lockdep class for mlock (bsc#1012628). - dmaengine: hisilicon: Add multi-thread support for a DMA channel (bsc#1012628). - dmaengine: hisilicon: Fix CQ head update (bsc#1012628). - dmaengine: hisilicon: Disable channels when unregister hisi_dma (bsc#1012628). - dmaengine: idxd: avoid deadlock in process_misc_interrupts() (bsc#1012628). - phy: rockchip-inno-usb2: Return zero after otg sync (bsc#1012628). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (bsc#1012628). - fpga: dfl-pci: Add IDs for Intel N6000, N6001 and C6100 cards (bsc#1012628). - misc: ocxl: fix possible refcount leak in afu_ioctl() (bsc#1012628). - clk: mediatek: mt8195-infra_ao: Set pwrmcu clocks as critical (bsc#1012628). - clk: mediatek: clk-mt8195-vdo1: Reparent and set rate on vdo1_dpintf's parent (bsc#1012628). - clk: mediatek: clk-mt8195-vdo0: Set rate on vdo0_dp_intf0_dp_intf's parent (bsc#1012628). - RDMA/rxe: Fix the error caused by qp->sk (bsc#1012628). - RDMA/rxe: Fix "kernel NULL pointer dereference" error (bsc#1012628). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (bsc#1012628). - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (bsc#1012628). - media: uvcvideo: Fix memory leak in uvc_gpio_parse (bsc#1012628). - media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (bsc#1012628). - media: amphion: fix a bug that vpu core may not resume after suspend (bsc#1012628). - media: amphion: don't change the colorspace reported by decoder (bsc#1012628). - media: amphion: adjust the encoder's value range of gop size (bsc#1012628). - media: amphion: insert picture startcode after seek for vc1g format (bsc#1012628). - media: mediatek: vcodec: Skip non CBR bitrate mode (bsc#1012628). - tty: xilinx_uartps: Fix the ignore_status (bsc#1012628). - tty: xilinx_uartps: Check clk_enable return value (bsc#1012628). - media: airspy: fix memory leak in airspy probe (bsc#1012628). - media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop (bsc#1012628). - clk: qcom: gcc-sdm660: Use floor ops for SDCC1 clock (bsc#1012628). - HSI: omap_ssi_port: Fix dma_map_sg error check (bsc#1012628). - HSI: omap_ssi: Fix refcount leak in ssi_probe (bsc#1012628). - HID: uclogic: Fix warning in uclogic_rdesc_template_apply (bsc#1012628). - HID: uclogic: Add missing suffix for digitalizers (bsc#1012628). - clk: samsung: exynosautov9: correct register offsets of peric0/c1 (bsc#1012628). - clk: tegra20: Fix refcount leak in tegra20_clock_init (bsc#1012628). - clk: tegra: Fix refcount leak in tegra114_clock_init (bsc#1012628). - clk: tegra: Fix refcount leak in tegra210_clock_init (bsc#1012628). - coresight: docs: Fix a broken reference (bsc#1012628). - clk: sprd: Hold reference returned by of_get_parent() (bsc#1012628). - clk: berlin: Add of_node_put() for of_get_parent() (bsc#1012628). - clk: qoriq: Hold reference returned by of_get_parent() (bsc#1012628). - clk: oxnas: Hold reference returned by of_get_parent() (bsc#1012628). - clk: st: Hold reference returned by of_get_parent() (bsc#1012628). - clk: meson: Hold reference returned by of_get_parent() (bsc#1012628). - usb: common: debug: Check non-standard control requests (bsc#1012628). - usb: common: usb-conn-gpio: Simplify some error message (bsc#1012628). - RDMA/mlx5: Don't compare mkey tags in DEVX indirect mkey (bsc#1012628). - iio: magnetometer: yas530: Change data type of hard_offsets to signed (bsc#1012628). - iio: ABI: Fix wrong format of differential capacitance channel ABI (bsc#1012628). - iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (bsc#1012628). - iio: inkern: only release the device node when done with it (bsc#1012628). - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (bsc#1012628). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (bsc#1012628). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (bsc#1012628). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (bsc#1012628). - selftests/cpu-hotplug: Reserve one cpu online at least (bsc#1012628). - selftests/cpu-hotplug: Delete fault injection related code (bsc#1012628). - selftests/cpu-hotplug: Use return instead of exit (bsc#1012628). - iomap: iomap: fix memory corruption when recording errors during writeback (bsc#1012628). - ARM: dts: exynos: fix polarity of VBUS GPIO of Origen (bsc#1012628). - arm64: dts: exynos: fix polarity of "enable" line of NFC chip in TM2 (bsc#1012628). - arm64: ftrace: fix module PLTs with mcount (bsc#1012628). - ext4: don't run ext4lazyinit for read-only filesystems (bsc#1012628). - ext4: continue to expand file system when the target size doesn't reach (bsc#1012628). - ARM: Drop CMDLINE_* dependency on ATAGS (bsc#1012628). - ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family (bsc#1012628). - arm64: dts: ti: k3-j7200: fix main pinmux range (bsc#1012628). - arm64: dts: qcom: sm8450: fix UFS PHY serdes size (bsc#1012628). - arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (bsc#1012628). - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (bsc#1012628). - soc/tegra: fuse: Add missing of_node_put() in tegra_init_fuse() (bsc#1012628). - arm64: dts: qcom: sm8350-sagami: correct TS pin property (bsc#1012628). - ia64: export memory_add_physaddr_to_nid to fix cxl build error (bsc#1012628). - arm64: dts: marvell: 98dx25xx: use correct property for i2c gpios (bsc#1012628). - ARM: dts: kirkwood: lsxl: remove first ethernet port (bsc#1012628). - ARM: dts: kirkwood: lsxl: fix serial line (bsc#1012628). - ARM: dts: turris-omnia: Fix mpp26 pin name and comment (bsc#1012628). - arm64: dts: qcom: sc7180-trogdor: Keep pm6150_adc enabled for TZ (bsc#1012628). - arm64: dts: qcom: pm8350c: Drop PWM reg declaration (bsc#1012628). - arm64: dts: qcom: sa8295p-adp: disallow regulator mode switches (bsc#1012628). - arm64: dts: qcom: sc8280xp-lenovo-thinkpad-x13s: disallow regulator mode switches (bsc#1012628). - arm64: dts: qcom: sc8280xp-crd: disallow regulator mode switches (bsc#1012628). - arm64: dts: qcom: sc7280: Update lpasscore node (bsc#1012628). - arm64: dts: qcom: sc7280: Cleanup the lpasscc node (bsc#1012628). - arm64: dts: qcom: sdm845-xiaomi-polaris: Fix sde_dsi_active pinctrl (bsc#1012628). - dt-bindings: clock: exynosautov9: correct clock numbering of peric0/c1 (bsc#1012628). - arm64: dts: renesas: r9a07g043: Fix SCI{Rx,Tx} interrupt types (bsc#1012628). - arm64: dts: renesas: r9a07g054: Fix SCI{Rx,Tx} interrupt types (bsc#1012628). - arm64: dts: renesas: r9a07g044: Fix SCI{Rx,Tx} interrupt types (bsc#1012628). - ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (bsc#1012628). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (bsc#1012628). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (bsc#1012628). - locks: fix TOCTOU race when granting write lease (bsc#1012628). - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (bsc#1012628). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (bsc#1012628). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (bsc#1012628). - ALSA: hda/hdmi: Don't skip notification handling during PM operation (bsc#1012628). - ASoC: rockchip: i2s: use regmap_read_poll_timeout_atomic to poll I2S_CLR (bsc#1012628). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (bsc#1012628). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (bsc#1012628). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (bsc#1012628). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (bsc#1012628). - ASoC: wcd-mbhc-v2: Revert "ASoC: wcd-mbhc-v2: use pm_runtime_resume_and_get()" (bsc#1012628). - ASoC: stm: Fix PM disable depth imbalance in stm32_i2s_probe (bsc#1012628). - ASoC: stm32: spdifrx: Fix PM disable depth imbalance in stm32_spdifrx_probe (bsc#1012628). - ASoC: stm32: dfsdm: Fix PM disable depth imbalance in stm32_adfsdm_probe (bsc#1012628). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (bsc#1012628). - ALSA: dmaengine: increment buffer pointer atomically (bsc#1012628). - ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() (bsc#1012628). - ASoC: codecs: tx-macro: fix kcontrol put (bsc#1012628). - virtio-gpu: fix shift wrapping bug in virtio_gpu_fence_event_create() (bsc#1012628). - drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() (bsc#1012628). - ASoC: SOF: ipc4-topology: Free the ida when IPC fails in sof_ipc4_widget_setup() (bsc#1012628). - ALSA: usb-audio: Properly refcounting clock rate (bsc#1012628). - ALSA: hda/hdmi: Fix the converter allocation for the silent stream (bsc#1012628). - ALSA: hda/hdmi: change type for the 'assigned' variable (bsc#1012628). - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (bsc#1012628). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (bsc#1012628). - drm/msm: lookup the ICC paths in both mdp5/dpu and mdss devices (bsc#1012628). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (bsc#1012628). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (bsc#1012628). - ASoC: rockchip: i2s: use regmap_read_poll_timeout to poll I2S_CLR (bsc#1012628). - drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue() (bsc#1012628). - drm/omap: dss: Fix refcount leak bugs (bsc#1012628). - ASoC: SOF: mediatek: mt8195: Import namespace SND_SOC_SOF_MTK_COMMON (bsc#1012628). - ASoC: mediatek: mt8195-mt6359: Properly register sound card for SOF (bsc#1012628). - drm/bochs: fix blanking (bsc#1012628). - drm/virtio: set fb_modifiers_not_supported (bsc#1012628). - ALSA: hda: beep: Simplify keep-power-at-enable behavior (bsc#1012628). - ASoC: wm_adsp: Handle optional legacy support (bsc#1012628). - ASoC: rsnd: Add check for rsnd_mod_power_on (bsc#1012628). - drm/bridge: it6505: Fix the order of DP_SET_POWER commands (bsc#1012628). - drm/bridge: megachips: Fix a null pointer dereference bug (bsc#1012628). - drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() (bsc#1012628). - platform/chrome: cros_ec_typec: Correct alt mode index (bsc#1012628). - platform/chrome: cros_ec_typec: Add bit offset for DP VDO (bsc#1012628). - drm: fix drm_mipi_dbi build errors (bsc#1012628). - drm/panel: use 'select' for Ili9341 panel driver helpers (bsc#1012628). - platform/x86: msi-laptop: Fix resource cleanup (bsc#1012628). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (bsc#1012628). - ASoC: tas2764: Fix mute/unmute (bsc#1012628). - ASoC: tas2764: Drop conflicting set_bias_level power setting (bsc#1012628). - ASoC: tas2764: Allow mono streams (bsc#1012628). - ASoC: soc-pcm.c: call __soc_pcm_close() in soc_pcm_close() (bsc#1012628). - drm/virtio: Fix same-context optimization (bsc#1012628). - drm/i915/dg2: Bump up CDCLK for DG2 (bsc#1012628). - platform/chrome: fix memory corruption in ioctl (bsc#1012628). - platform/chrome: fix double-free in chromeos_laptop_prepare() (bsc#1012628). - drm/msm: Make .remove and .shutdown HW shutdown consistent (bsc#1012628). - ASoC: amd: acp: add missing platform_device_unregister() in acp_pci_probe() (bsc#1012628). - ASoC: mt6359: fix tests for platform_get_irq() failure (bsc#1012628). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (bsc#1012628). - drm/dp_mst: fix drm_dp_dpcd_read return value checks (bsc#1012628). - drm/format-helper: Fix test on big endian architectures (bsc#1012628). - drm/bridge: parade-ps8640: Fix regulator supply order (bsc#1012628). - drm/bridge: tc358767: Add of_node_put() when breaking out of loop (bsc#1012628). - drm/bridge: anx7625: Fix refcount bug in anx7625_parse_dt() (bsc#1012628). - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (bsc#1012628). - video/aperture: Disable and unregister sysfb devices via aperture helpers (bsc#1012628). - drm/bridge: it6505: Power on downstream device in .atomic_enable (bsc#1012628). - drm/vc4: drv: Call component_unbind_all() (bsc#1012628). - drm/mipi-dsi: Detach devices when removing the host (bsc#1012628). - drm/bridge: Avoid uninitialized variable warning (bsc#1012628). - drm: bridge: adv7511: unregister cec i2c device after cec adapter (bsc#1012628). - drm: bridge: adv7511: fix CEC power down control register offset (bsc#1012628). - net: mvpp2: fix mvpp2 debugfs leak (bsc#1012628). - once: add DO_ONCE_SLOW() for sleepable contexts (bsc#1012628). - net/ieee802154: reject zero-sized raw_sendmsg() (bsc#1012628). - net: wwan: iosm: Call mutex_init before locking it (bsc#1012628). - eth: sp7021: fix use after free bug in spl2sw_nvmem_get_mac_address (bsc#1012628). - bnx2x: fix potential memory leak in bnx2x_tpa_stop() (bsc#1012628). - eth: lan743x: reject extts for non-pci11x1x devices (bsc#1012628). - net: prestera: acl: Add check for kmemdup (bsc#1012628). - af_unix: Fix memory leaks of the whole sk due to OOB skb (bsc#1012628). - net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks() (bsc#1012628). - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller (bsc#1012628). - Bluetooth: hci_sync: Fix not indicating power state (bsc#1012628). - spi: Ensure that sg_table won't be used after being freed (bsc#1012628). - tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited (bsc#1012628). - sctp: handle the error returned from sctp_auth_asoc_init_active_key (bsc#1012628). - mISDN: fix use-after-free bugs in l1oip timer handlers (bsc#1012628). - eth: alx: take rtnl_lock on resume (bsc#1012628). - vhost/vsock: Use kvmalloc/kvfree for larger packets (bsc#1012628). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (bsc#1012628). - wifi: rtl8xxxu: gen2: Enable 40 MHz channel width (bsc#1012628). - Bluetooth: Prevent double register of suspend (bsc#1012628). - spi: s3c64xx: Fix large transfers with DMA (bsc#1012628). - netfilter: nft_fib: Fix for rpath check with VRF devices (bsc#1012628). - xfrm: Reinject transport-mode packets through workqueue (bsc#1012628). - Bluetooth: hci_core: Fix not handling link timeouts propertly (bsc#1012628). - i2c: mlxbf: support lock mechanism (bsc#1012628). - libbpf: Don't require full struct enum64 in UAPI headers (bsc#1012628). - cw1200: fix incorrect check to determine if no element is found in list (bsc#1012628). - skmsg: Schedule psock work if the cached skb exists on the psock (bsc#1012628). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (bsc#1012628). - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (bsc#1012628). - spi: cadence-quadspi: Fix PM disable depth imbalance in cqspi_probe (bsc#1012628). - x86/cpu: Include the header of init_ia32_feat_ctl()'s prototype (bsc#1012628). - wifi: ath11k: fix peer addition/deletion error on sta band migration (bsc#1012628). - libbpf: restore memory layout of bpf_object_open_opts (bsc#1012628). - x86/microcode/AMD: Track patch allocation size explicitly (bsc#1012628). - mips: dts: ralink: mt7621: fix external phy on GB-PC2 (bsc#1012628). - wifi: ath11k: fix number of VHT beamformee spatial streams (bsc#1012628). - wifi: ath11k: fix failed to find the peer with peer_id 0 when disconnected (bsc#1012628). - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (bsc#1012628). - flow_dissector: Do not count vlan tags inside tunnel payload (bsc#1012628). - selftests/bpf: Adapt cgroup effective query uapi change (bsc#1012628). - bpftool: Fix wrong cgroup attach flags being assigned to effective progs (bsc#1012628). - bpf, cgroup: Reject prog_attach_flags array when effective query (bsc#1012628). - netfilter: conntrack: revisit the gc initial rescheduling bias (bsc#1012628). - netfilter: conntrack: fix the gc rescheduling delay (bsc#1012628). - libbpf: Fix NULL pointer exception in API btf_dump__dump_type_data (bsc#1012628). - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure (bsc#1012628). - wifi: ath11k: Include STA_KEEPALIVE_ARP_RESPONSE TLV header by default (bsc#1012628). - libbpf: Fix crash if SEC("freplace") programs don't have attach_prog_fd set (bsc#1012628). - bpf: Ensure correct locking around vulnerable function find_vpid() (bsc#1012628). - net: fs_enet: Fix wrong check in do_pd_setup (bsc#1012628). - Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release (bsc#1012628). - wifi: mt76: mt7921e: fix rmmod crash in driver reload test (bsc#1012628). - wifi: mt76: mt7915: do not check state before configuring implicit beamform (bsc#1012628). - wifi: mt76: fix uninitialized pointer in mt7921_mac_fill_rx (bsc#1012628). - wifi: mt76: mt7915: fix mcs value in ht mode (bsc#1012628). - wifi: mt76: mt7921: fix the firmware version report (bsc#1012628). - wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload (bsc#1012628). - wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_[start, stop]_ap (bsc#1012628). - wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nested_tlv (bsc#1012628). - wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup (bsc#1012628). - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload (bsc#1012628). - wifi: mt76: sdio: fix transmitting packet hangs (bsc#1012628). - wifi: mt76: mt7921: fix use after free in mt7921_acpi_read() (bsc#1012628). - wifi: mt76: mt7915: fix an uninitialized variable bug (bsc#1012628). - wifi: mt76: sdio: poll sta stat when device transmits data (bsc#1012628). - wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (bsc#1012628). - wifi: mt76: mt7921u: fix race issue between reset and suspend/resume (bsc#1012628). - wifi: mt76: mt7921s: fix race issue between reset and suspend/resume (bsc#1012628). - wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (bsc#1012628). - Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev() (bsc#1012628). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (bsc#1012628). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (bsc#1012628). - bpf: btf: fix truncated last_member_type_id in btf_struct_resolve (bsc#1012628). - spi: meson-spicc: do not rely on busy flag in pow2 clk ops (bsc#1012628). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (bsc#1012628). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (bsc#1012628). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (bsc#1012628). - wifi: mac80211: mlme: assign link address correctly (bsc#1012628). - selftests/xsk: Avoid use-after-free on ctx (bsc#1012628). - wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() (bsc#1012628). - wifi: wfx: prevent underflow in wfx_send_pds() (bsc#1012628). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (bsc#1012628). - wifi: rtw89: pci: correct TX resource checking in low power mode (bsc#1012628). - wifi: rtw89: pci: fix interrupt stuck after leaving low power mode (bsc#1012628). - bpf: Only add BTF IDs for socket security hooks when CONFIG_SECURITY_NETWORK is on (bsc#1012628). - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend (bsc#1012628). - bpf: Use this_cpu_{inc_return|dec} for prog->active (bsc#1012628). - bpf: Use this_cpu_{inc|dec|inc_return} for bpf_task_storage_busy (bsc#1012628). - wifi: ath11k: Fix incorrect QMI message ID mappings (bsc#1012628). - bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1012628). - bpf: Disable preemption when increasing per-cpu map_locked (bsc#1012628). - selftests/xsk: Add missing close() on netns fd (bsc#1012628). - xsk: Fix backpressure mechanism on Tx (bsc#1012628). - x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (bsc#1012628). - spi: mt7621: Fix an error message in mt7621_spi_probe() (bsc#1012628). - esp: choose the correct inner protocol for GSO on inter address family tunnels (bsc#1012628). - audit: free audit_proctitle only on task exit (bsc#1012628). - audit: explicitly check audit_context->context enum value (bsc#1012628). - ice: set tx_tstamps when creating new Tx rings via ethtool (bsc#1012628). - bpftool: Fix a wrong type cast in btf_dumper_int (bsc#1012628). - wifi: mac80211: allow bw change during channel switch in mesh (bsc#1012628). - wifi: mac80211_hwsim: fix link change handling (bsc#1012628). - wifi: mac80211: mlme: don't add empty EML capabilities (bsc#1012628). - wifi: mac80211: fix use-after-free (bsc#1012628). - wifi: cfg80211: get correct AP link chandef (bsc#1012628). - wifi: mac80211: properly set old_links when removing a link (bsc#1012628). - bpf: Fix reference state management for synchronous callbacks (bsc#1012628). - net: prestera: cache port state for non-phylink ports too (bsc#1012628). - tsnep: Fix TSNEP_INFO_TX_TIME register define (bsc#1012628). - leds: lm3601x: Don't use mutex after it was destroyed (bsc#1012628). - bpf: Fix ref_obj_id for dynptr data slices in verifier (bsc#1012628). - bpf: Cleanup check_refcount_ok (bsc#1012628). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (bsc#1012628). - wifi: ath10k: Set tx credit to one for WCN3990 snoc based devices (bsc#1012628). - wifi: rtlwifi: 8192de: correct checking of IQK reload (bsc#1012628). - libbpf: Initialize err in probe_map_create (bsc#1012628). - m68k: Process bootinfo records before saving them (bsc#1012628). - x86/paravirt: add extra clobbers with ZERO_CALL_USED_REGS enabled (bsc#1012628). - NFSD: Fix handling of oversized NFSv4 COMPOUND requests (bsc#1012628). - NFSD: Protect against send buffer overflow in NFSv2 READDIR (bsc#1012628). - SUNRPC: Fix svcxdr_init_encode's buflen calculation (bsc#1012628). - SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation (bsc#1012628). - nfsd: Fix a memory leak in an error handling path (bsc#1012628). - objtool: Preserve special st_shndx indexes in elf_update_symbol (bsc#1012628). - ACPI: PCC: Fix Tx acknowledge in the PCC address space handler (bsc#1012628). - ACPI: PCC: replace wait_for_completion() (bsc#1012628). - ACPI: PCC: Release resources on address space setup failure path (bsc#1012628). - ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (bsc#1012628). - ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd() (bsc#1012628). - ARM: 9243/1: riscpc: Unbreak the build (bsc#1012628). - erofs: use kill_anon_super() to kill super in fscache mode (bsc#1012628). - erofs: fix order >= MAX_ORDER warning due to crafted negative i_size (bsc#1012628). - MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create() (bsc#1012628). - MIPS: SGI-IP30: Fix platform-device leak in bridge_platform_create() (bsc#1012628). - sh: machvec: Use char[] for section boundaries (bsc#1012628). - cpufreq: amd-pstate: Fix initial highest_perf value (bsc#1012628). - thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() (bsc#1012628). - acl: return EOPNOTSUPP in posix_acl_fix_xattr_common() (bsc#1012628). - ntfs3: rework xattr handlers and switch to POSIX ACL VFS helpers (bsc#1012628). - userfaultfd: open userfaultfds with O_RDONLY (bsc#1012628). - ima: fix blocking of security.ima xattrs of unsupported algorithms (bsc#1012628). - selinux: use "grep -E" instead of "egrep" (bsc#1012628). - smb3: must initialize two ACL struct fields to zero (bsc#1012628). - drm/amdgpu: Enable F32_WPTR_POLL_ENABLE in mqd (bsc#1012628). - drm/amdgpu: Enable VCN PG on GC11_0_1 (bsc#1012628). - drm/amd/display: explicitly disable psr_feature_enable appropriately (bsc#1012628). - drm/amd/display: Add HUBP surface flip interrupt handler (bsc#1012628). - drm/amd/display: Fix vblank refcount in vrr transition (bsc#1012628). - drm/amd/display: Enable 2 to 1 ODM policy if supported (bsc#1012628). - drm/amd/display: Enable dpia support for dcn314 (bsc#1012628). - drm/amd/display: Validate DSC After Enable All New CRTCs (bsc#1012628). - drm/amd/display: zeromem mypipe heap struct before using it (bsc#1012628). - drm/amd/display: Update PMFW z-state interface for DCN314 (bsc#1012628). - drm/amd/display: Fix watermark calculation (bsc#1012628). - drm/i915: Fix display problems after resume (bsc#1012628). - drm/i915: Fix watermark calculations for DG2 CCS+CC modifier (bsc#1012628). - drm/i915: Fix watermark calculations for DG2 CCS modifiers (bsc#1012628). - drm/i915: Fix watermark calculations for gen12+ CCS+CC modifier (bsc#1012628). - drm/i915: Fix watermark calculations for gen12+ MC CCS modifier (bsc#1012628). - drm/i915: Fix watermark calculations for gen12+ RC CCS modifier (bsc#1012628). - drm/i915/guc: Fix revocation of non-persistent contexts (bsc#1012628). - drm/i915/gt: Use i915_vm_put on ppgtt_create error paths (bsc#1012628). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (bsc#1012628). - drm/nouveau/kms/nv140-: Disable interlacing (bsc#1012628). - staging: greybus: audio_helper: remove unused and wrong debugfs usage (bsc#1012628). - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (bsc#1012628). - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (bsc#1012628). - KVM: nVMX: Don't propagate vmcs12's PERF_GLOBAL_CTRL settings to vmcs02 (bsc#1012628). - KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" (bsc#1012628). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (bsc#1012628). - blk-wbt: call rq_qos_add() after wb_normal is initialized (bsc#1012628). - blk-throttle: fix that io throttle can only work for single bio (bsc#1012628). - media: cedrus: Fix endless loop in cedrus_h265_skip_bits() (bsc#1012628). - media: cedrus: Set the platform driver data earlier (bsc#1012628). - media: cedrus: Fix watchdog race condition (bsc#1012628). - efi: libstub: drop pointless get_memory_map() call (bsc#1012628). - thunderbolt: Explicitly enable lane adapter hotplug events at startup (bsc#1012628). - rpmsg: char: Avoid double destroy of default endpoint (bsc#1012628). - tracing: Fix reading strings from synthetic events (bsc#1012628). - tracing: Add "(fault)" name injection to kernel probes (bsc#1012628). - tracing: Move duplicate code of trace_kprobe/eprobe.c into header (bsc#1012628). - tracing: Do not free snapshot if tracer is on cmdline (bsc#1012628). - tracing: Add ioctl() to force ring buffer waiters to wake up (bsc#1012628). - tracing: Wake up waiters when tracing is disabled (bsc#1012628). - tracing: Wake up ring buffer waiters on closing of the file (bsc#1012628). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (bsc#1012628). - tracing/eprobe: Fix alloc event dir failed when event name no set (bsc#1012628). - ring-buffer: Fix race between reset page and reading page (bsc#1012628). - ring-buffer: Add ring_buffer_wake_waiters() (bsc#1012628). - ring-buffer: Check pending waiters when doing wake ups as well (bsc#1012628). - ring-buffer: Have the shortest_full queue be the shortest not longest (bsc#1012628). - ring-buffer: Allow splice to read previous partially read pages (bsc#1012628). - ftrace: Still disable enabled records marked as disabled (bsc#1012628). - ftrace: Properly unset FTRACE_HASH_FL_MOD (bsc#1012628). - livepatch: fix race between fork and KLP transition (bsc#1012628). - ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1012628). - ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1012628). - ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1012628). - ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1012628). - ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1012628). - ext4: fix i_version handling in ext4 (bsc#1012628). - ext4: place buffer head allocation before handle start (bsc#1012628). - ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1012628). - ext4: unconditionally enable the i_version counter (bsc#1012628). - ext4: don't increase iversion counter for ea_inodes (bsc#1012628). - ext4: fix check for block being out of directory size (bsc#1012628). - ext4: make ext4_lazyinit_thread freezable (bsc#1012628). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1012628). - ext4: avoid crash when inline data creation follows DIO write (bsc#1012628). - ext2: Add sanity checks for group and filesystem size (bsc#1012628). - jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1012628). - jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1012628). - jbd2: fix potential buffer head reference count leak (bsc#1012628). - jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1012628). - f2fs: allow direct read for zoned device (bsc#1012628). - f2fs: fix to do sanity check on summary info (bsc#1012628). - f2fs: fix to do sanity check on destination blkaddr during recovery (bsc#1012628). - f2fs: increase the limit for reserve_root (bsc#1012628). - f2fs: flush pending checkpoints when freezing super (bsc#1012628). - f2fs: complete checkpoints during remount (bsc#1012628). - f2fs: fix wrong continue condition in GC (bsc#1012628). - btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer (bsc#1012628). - btrfs: fix missed extent on fsync after dropping extent maps (bsc#1012628). - btrfs: fix race between quota enable and quota rescan ioctl (bsc#1012628). - btrfs: enhance unsupported compat RO flags handling (bsc#1012628). - btrfs: fix alignment of VMA for memory mapped files on THP (bsc#1012628). - fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1012628). - ksmbd: Fix user namespace mapping (bsc#1012628). - ksmbd: Fix wrong return value and message length check in smb2_ioctl() (bsc#1012628). - ksmbd: fix endless loop when encryption for response fails (bsc#1012628). - ksmbd: fix incorrect handling of iterate_dir (bsc#1012628). - smb3: do not log confusing message when server returns no network interfaces (bsc#1012628). - hwrng: core - let sleep be interrupted when unregistering hwrng (bsc#1012628). - fbdev: smscufx: Fix use-after-free in ufx_ops_open() (bsc#1012628). - pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback (bsc#1012628). - gpio: rockchip: request GPIO mux to pinctrl when setting direction (bsc#1012628). - scsi: qedf: Populate sysfs attributes for vport (bsc#1012628). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1012628). - slimbus: qcom-ngd: cleanup in probe error path (bsc#1012628). - slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure (bsc#1012628). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1012628). - powerpc/Kconfig: Fix non existing CONFIG_PPC_FSL_BOOKE (bsc#1012628). - powercap: intel_rapl: Use standard Energy Unit for SPR Dram RAPL domain (bsc#1012628). - LoadPin: Fix Kconfig doc about format of file with verity digests (bsc#1012628). - cpufreq: qcom-cpufreq-hw: Fix uninitialized throttled_freq warning (bsc#1012628). - NFSD: Protect against send buffer overflow in NFSv3 READ (bsc#1012628). - NFSD: Protect against send buffer overflow in NFSv2 READ (bsc#1012628). - NFSD: Protect against send buffer overflow in NFSv3 READDIR (bsc#1012628). - serial: 8250: Request full 16550A feature probing for OxSemi PCIe devices (bsc#1012628). - serial: 8250: Let drivers request full 16550A feature probing (bsc#1012628). - serial: ar933x: Deassert Transmit Enable on ->rs485_config() (bsc#1012628). - serial: Deassert Transmit Enable on probe in driver-specific way (bsc#1012628). - serial: stm32: Deassert Transmit Enable on ->rs485_config() (bsc#1012628). - serial: cpm_uart: Don't request IRQ too early for console port (bsc#1012628). - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (bsc#1012628). - xen/gntdev: Accommodate VMA splitting (bsc#1012628). - xen/gntdev: Prevent leaking grants (bsc#1012628). - mm/mmap: undo ->mmap() when arch_validate_flags() fails (bsc#1012628). - mm/uffd: fix warning without PTE_MARKER_UFFD_WP compiled in (bsc#1012628). - mm/damon: validate if the pmd entry is present before accessing (bsc#1012628). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1012628). - clocksource/drivers/arm_arch_timer: Fix CNTPCT_LO and CNTVCT_LO value (bsc#1012628). - arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored (bsc#1012628). - arm64: mte: move register initialization to C (bsc#1012628). - drm/udl: Restore display mode on resume (bsc#1012628). - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (bsc#1012628). - drm/virtio: Unlock reservations on dma_resv_reserve_fences() error (bsc#1012628). - drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error (bsc#1012628). - drm/virtio: Check whether transferred 2D BO is shmem (bsc#1012628). - dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg (bsc#1012628). - dmaengine: qcom-adm: fix wrong sizeof config in slave_config (bsc#1012628). - dmaengine: mxs: use platform_driver_register (bsc#1012628). - dm: verity-loadpin: Only trust verity targets with enforcement (bsc#1012628). - Revert "drm/amdgpu: use dirty framebuffer helper" (bsc#1012628). - nvme-multipath: fix possible hang in live ns resize with ANA access (bsc#1012628). - nvmem: core: Fix memleak in nvmem_register() (bsc#1012628). - UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK (bsc#1012628). - riscv: Pass -mno-relax only on lld < 15.0.0 (bsc#1012628). - riscv: always honor the CONFIG_CMDLINE_FORCE when parsing dtb (bsc#1012628). - riscv: Make VM_WRITE imply VM_READ (bsc#1012628). - riscv: Allow PROT_WRITE-only mmap() (bsc#1012628). - riscv: vdso: fix NULL deference in vdso_join_timens() when vfork (bsc#1012628). - parisc: Fix userspace graphics card breakage due to pgtable special bit (bsc#1012628). - parisc: fbdev/stifb: Align graphics memory size to 4MB (bsc#1012628). - RISC-V: Make port I/O string accessors actually work (bsc#1012628). - RISC-V: Re-enable counter access from userspace (bsc#1012628). - riscv: topology: fix default topology reporting (bsc#1012628). - arm64: topology: move store_cpu_topology() to shared code (bsc#1012628). - regulator: qcom_rpm: Fix circular deferral regression (bsc#1012628). - net: thunderbolt: Enable DMA paths only after rings are enabled (bsc#1012628). - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (bsc#1012628). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (bsc#1012628). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (bsc#1012628). - arm64: dts: qcom: sdm845-mtp: correct ADC settle time (bsc#1012628). - platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure (bsc#1012628). - quota: Check next/prev free block number after reading from quota file (bsc#1012628). - HID: multitouch: Add memory barriers (bsc#1012628). - mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1012628). - btf: Export bpf_dynptr definition (bsc#1012628). - fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1012628). - fs: dlm: handle -EBUSY first in lock arg validation (bsc#1012628). - fs: dlm: fix race between test_bit() and queue_work() (bsc#1012628). - i2c: designware: Fix handling of real but unexpected device interrupts (bsc#1012628). - mmc: sdhci-sprd: Fix minimum clock limit (bsc#1012628). - mmc: sdhci-tegra: Use actual clock rate for SW tuning correction (bsc#1012628). - mmc: renesas_sdhi: Fix rounding errors (bsc#1012628). - can: kvaser_usb_leaf: Fix CAN state after restart (bsc#1012628). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (bsc#1012628). - can: kvaser_usb_leaf: Fix overread with an invalid command (bsc#1012628). - can: kvaser_usb: Fix use of uninitialized completion (bsc#1012628). - mmc: core: Add SD card quirk for broken discard (bsc#1012628). - usb: add quirks for Lenovo OneLink+ Dock (bsc#1012628). - usb: gadget: uvc: Fix argument to sizeof() in uvc_register_video() (bsc#1012628). - xhci: dbc: Fix memory leak in xhci_alloc_dbc() (bsc#1012628). - iio: pressure: dps310: Reset chip after timeout (bsc#1012628). - iio: pressure: dps310: Refactor startup procedure (bsc#1012628). - iio: adc: ad7923: fix channel readings for some variants (bsc#1012628). - iio: ltc2497: Fix reading conversion results (bsc#1012628). - iio: dac: ad5593r: Fix i2c read protocol requirements (bsc#1012628). - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1012628). - cifs: destage dirty pages before re-reading them for cache=none (bsc#1012628). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1012628). - io_uring: correct pinned_vm accounting (bsc#1012628). - io_uring/af_unix: defer registered files gc to io_uring release (bsc#1012628). - io_uring/net: handle -EINPROGRESS correct for IORING_OP_CONNECT (bsc#1012628). - io_uring: limit registration w/ SINGLE_ISSUER (bsc#1012628). - io_uring/net: don't update msg_name if not provided (bsc#1012628). - io_uring/net: fix fast_iov assignment in io_setup_async_msg() (bsc#1012628). - io_uring/rw: don't lose short results on io_setup_async_rw() (bsc#1012628). - io_uring/rw: fix unexpected link breakage (bsc#1012628). - io_uring/net: don't lose partial send/recv on fail (bsc#1012628). - io_uring/rw: don't lose partial IO result on fail (bsc#1012628). - io_uring: add custom opcode hooks on fail (bsc#1012628). - mtd: rawnand: atmel: Unmap streaming DMA mappings (bsc#1012628). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (bsc#1012628). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (bsc#1012628). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (bsc#1012628). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (bsc#1012628). - ALSA: usb-audio: Fix NULL dererence at error path (bsc#1012628). - ALSA: usb-audio: Fix potential memory leaks (bsc#1012628). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (bsc#1012628). - ALSA: oss: Fix potential deadlock at unregistration (bsc#1012628). - commit beade21 ++++ kernel-firmware: - Update to version 20221017 (git commit 48407ffd7adb): * cnm: update chips&media wave521c firmware. * brcm: add symlink for Pi Zero 2 W NVRAM file * rtw89: 8852b: add initial fw v0.27.32.0 * iwlwifi: add new FWs from core72-129 release * iwlwifi: update 9000-family firmwares to core72-129 * rtl_bt: Update RTL8852C BT USB firmware to 0xD5B8_A40A * amdgpu: update GC 10.3.6 RLC firmware * amdgpu: update GC 10.3.7 RLC firmware * amdgpu: update Yellow Carp RLC firmware * amdgpu: update Beige Goby RLC firmware * amdgpu: update Dimgrey Cavefish RLC firmware * amdgpu: update Navy Flounder RLC firmware * amdgpu: update Sienna Cichlid RLC firmware * mediatek: Update mt8195 SOF firmware to v0.4.1 * qcom: add squashed version of a530 zap shader * rtw89: 8852c: update fw to v0.27.56.1 * rtw89: 8852c: update fw to v0.27.56.0 * mediatek: Update mt8186 SCP firmware - Update Cirrus CS35L41 firmware (bsc#1203699) cirrus-WHENCE-update.patch - Update aliases from 6.1-rc1 kernel ++++ libXrender: - Update to version 0.9.11 * Update README for gitlab migration * Update configure.ac bug URL for gitlab migration * Fix spelling/wording issues * gitlab CI: add a basic build test * Remove unnecessary casts from malloc & free calls * Reduce variable scopes as recommended by cppcheck * Resolve -Wsign-compare warnings * Rename xDepth to xPDepth to quiet -Wshadow warnings * fix coredumps in XRenderComputeTrapezoids (issue #1) * autogen.sh: use quoted string variables * autogen: add default patch prefix * WIP: Documentation * autogen.sh: use exec instead of waiting for configure to finish * Add missing HAVE_CONFIG_H guard to Xrenderint.h * amend cppcheck-scope change, fixing c89 build * additional cppcheck-scope warning * cppcheck (removing unused assignment lets variable scope reduction) * use casts to reduce compiler warnings (no object change) * use _Xconst with DataInt32/DataInt16/memcpy to reduce strict compiler warnings * use _X_UNUSED for compiler-warnings * whitespace fix * fix regression * fix coredumps in XRenderComputeTrapezoids (issue #1) * autogen.sh: use quoted string variables * autogen: add default patch prefix * WIP: Documentation * autogen.sh: use exec instead of waiting for configure to finish * Add missing HAVE_CONFIG_H guard to Xrenderint.h * amend cppcheck-scope change, fixing c89 build * additional cppcheck-scope warning * cppcheck (removing unused assignment lets variable scope reduction) * use casts to reduce compiler warnings (no object change) * use _Xconst with DataInt32/DataInt16/memcpy to reduce strict compiler warnings * use _X_UNUSED for compiler-warnings * whitespace fix * fix regression ++++ python-psutil: - update to version 5.9.3: * Enhancements + 2040, [macOS]: provide wheels for arm64 architecture. (patch by Matthieu Darbois) * Bug fixes + 2116, [macOS], [critical]: `psutil.net_connections`_ fails with RuntimeError. + 2135, [macOS]: Process.environ() may contain garbage data. Fix out-of-bounds read around sysctl_procargs. (patch by Bernhard Urban-Forster) + 2138, [Linux], [critical]: can't compile psutil on Android due to undefined ethtool_cmd_speed symbol. + 2142, [POSIX]: net_if_stats() 's flags on Python 2 returned unicode instead of str. (patch by Matthieu Darbois) + 2147, [macOS] Fix disk usage report on macOS 12+. (patch by Matthieu Darbois) + 2150, [Linux] Process.threads() may raise NoSuchProcess. Fix race condition. (patch by Daniel Li) + 2153, [macOS] Fix race condition in test_posix.TestProcess.test_cmdline. (patch by Matthieu Darbois) ------------------------------------------------------------------ ------------------ 2022-10-21 - Oct 21 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - Add patch to fix LLVM optimization to avoid failure on armv7 (https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/19217, boo#1204267): * u_0001-gallivm-Fix-LLVM-optimization-with-the-new-pass-mana.patch ++++ Mesa-drivers: - Add patch to fix LLVM optimization to avoid failure on armv7 (https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/19217, boo#1204267): * u_0001-gallivm-Fix-LLVM-optimization-with-the-new-pass-mana.patch ++++ gstreamer: - Update to version 1.20.4: + Highlighted bugfixes in 1.20.4: - avaudiodec: fix playback issue with WMA files, would throw an error at EOS with FFmpeg 5.x - Fix deadlock when loading gst-editing-services plugin - Fix input buffering capacity in live mode for aggregator, video/audio aggregator subclasses, muxers - glimagesink: fix crash on Android - subtitle handling and subtitle overlay fixes - matroska-mux: allow width + height changes for avc3|hev1|vp8|vp9 - rtspsrc: fix control url handling for spec compliant servers and add fallback for incompliant servers - WebRTC fixes - RTP retransmission fixes - video: fixes for formats with 4x subsampling and horizontal co-sited chroma (Y41B, YUV9, YVU9 and IYU9) - Fix consuming of the macOS package as a framework in XCode - Performance improvements - Miscellaneous bug fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - buffer: drop parent meta in deep copy/foreach_metadata - devicemonitor: Use a sync bus handler for the provider to avoid accumulating all messages until the provider is stopped - element: Fix requesting of pads with string templates - gst: . Protect initialization state with a recursive mutex . Add missing define guard for build without gstreamer debug logging support - gst_init: Initialize static plugins just before dynamic plugins - info: Parse "NONE" as a valid level name - meta: Set the parent refcount of the GstStructure correctly - pluginloader: Don't hang on short reads/writes - tracers: leaks: . Fix potentially invalid memory access when trying to detect object type . Fix object-refings.class flags - uri: When setting the same string again do nothing - value: Don't loop forever when serializing invalid flag + Base Libraries: - aggregator: . Fix input buffering in live mode (was too low before in many cases) . Fix reversed active/flushing arguments in debug log output . Reset EOS flag after receiving a stream-start event + Core Elements: queue2: - Hold the lock when modifying sinkresult - Fix deadlock when deactivate is called in pull mode ++++ gstreamer-plugins-base: - Update to version 1.20.4: + decodebin3: - Fix mutex leaks - Fix memory issues with active selection list - uridecodebin3, urisourcebin: Event handling fixes - Fix EOS event sequence + parsebin: - Avoid crash with unknown streams - SIGSEGV during HLS stream using souphttpsrc + glimagesink: - Only allow setting the GL display/context if it is a valid value - Segfault on android devices + gstgl: Fix several memory leaks in macOS + opusenc: improve inband-fec property documentation + playsink: Hold a reference to the soft volume element + pbutils: descriptions: fix gst_pb_utils_get_caps_description_flags() + rtspurl: Use gst_uri_join_strings() in gst_rtsp_url_get_request_uri_with_control() instead of a hand-crafted, wrong version + rtspconnection: protect cancellable by a mutex + sdpmessage: Don't set SDP medias from caps without media/payload/clock-rate fields + samiparse: fix handling of self-closing tags + ssaparse: include required system headers for isspace() and sscanf() functions + subparse: fix crash when parsing invalid timestamps in mpl2 + subparse fixes + textoverlay: Don't miscalculate text running times + videoaggregator: always convert when user provides converter-config + video: Fix scaling in 4x horizontal co-sited chroma (Y41B, YUV9, YVU9 and IYU9) + xmptag: register musicbrainz tags during init to fix critical in jpegparse + xvimagesink: fix image leaks in error code path + tests: skip unit tests for dependency-less elements that have been disabled ++++ kernel-default: - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (bsc#1203922). - commit fc9be74 - Refresh patches.suse/drm-amdgpu-Fix-for-BO-move-issue.patch. Update upstream status. - commit 48205db ++++ harfbuzz: - Update to version 5.3.1: + Subsetter repacker fixes + Adjust Grapheme clusters for Katakana voiced sound marks + New hb-subset option --preprocess-face - Add harfbuzz-5.3.1-Fix_check-symbols_failure.patch: Fix failing tests. ++++ python310-core: - Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to allow building of documentation with the latest Sphinx 5.3.0 (gh#python/cpython#98366). ++++ readline: - Extend version linker map file to detect usage of new symbols (boo#1204336) ++++ systemd: - Import commit f78bba8d037cc26c09bbdd167625b2d7fe1f5a30 (merge of v251.6) Beside the merge of v251.6, it also includes the following backport: - 07aaa898bd pstore: do not try to load all known pstore modules For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/07aa29e3942fb46b0aed5405c88e8d3179ca958f...f78bba8d037cc26c09bbdd167625b2d7fe1f5a30 ++++ python310: - Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to allow building of documentation with the latest Sphinx 5.3.0 (gh#python/cpython#98366). ++++ python-pyOpenSSL: - Upstream post-release doc fix (gh#pyca/pyopenssl#1150) * The minimum cryptography version is now 38.0.x (and we now pin releases against cryptography major versions to prevent future breakage) - Add pyOpenSSL-pr1158-conditional-__all__.patch gh#pyca/pyopenssl#1158 ++++ rsync: - New version fixes bug (boo#1203727): implicit containing directory sometimes rejected as unrequested - update to 3.2.7 * BUG FIXES: - Fixed the client-side validating of the remote sender's filtering behavior. - More fixes for the "unrequested file-list name" name, including a copy of "/" with `--relative` enabled and a copy with a lot of related paths with `--relative` enabled (often derived from a `--files-from` list). - When rsync gets an unpack error on an ACL, mention the filename. - Avoid over-setting sanitize_paths when a daemon is serving "/" (even if "use chroot" is false). * ENHANCEMENTS: - Added negotiated daemon-auth support that allows a stronger checksum digest to be used to validate a user's login to the daemon. Added SHA512, SHA256, and SHA1 digests to MD5 & MD4. These new digests are at the highest priority in the new daemon-auth negotiation list. - Added support for the SHA1 digest in file checksums. While this tends to be overkill, it is available if someone really needs it. This overly-long checksum is at the lowest priority in the normal checksum negotiation list. See [`--checksum-choice`](rsync.1#opt) (`--cc`) and the `RSYNC_CHECKSUM_LIST` environment var for how to customize this. - Improved the xattr hash table to use a 64-bit key without slowing down the key's computation. This should make extra sure that a hash collision doesn't happen. - If the `--version` option is repeated (e.g. `-VV`) then the information is output in a (still readable) JSON format. Client side only. - The script `support/json-rsync-version` is available to get the JSON style version output from any rsync. The script accepts either text on stdin * *or** an arg that specifies an rsync executable to run with a doubled `--version` option. If the text we get isn't already in JSON format, it is converted. Newer rsync versions will provide more complete json info than older rsync versions. Various tweaks are made to keep the flag names consistent across versions. - The [`use chroot`](rsyncd.conf.5#) daemon parameter now defaults to "unset" so that rsync can use chroot when it works and a sanitized copy when chroot is not supported (e.g., for a non-root daemon). Explicitly setting the parameter to true or false (on or off) behaves the same way as before. - The `--fuzzy` option was optimized a bit to try to cut down on the amount of computations when considering a big pool of files. The simple heuristic from Kenneth Finnegan resuled in about a 2x speedup. - If rsync is forced to use protocol 29 or before (perhaps due to talking to an rsync before 3.0.0), the modify time of a file is limited to 4-bytes. Rsync now interprets this value as an unsigned integer so that a current year past 2038 can continue to be represented. This does mean that years prior to 1970 cannot be represented in an older protocol, but this trade-off seems like the right choice given that (1) 2038 is very rapidly approaching, and (2) newer protocols support a much wider range of old and new dates. - The rsync client now treats an empty destination arg as an error, just like it does for an empty source arg. This doesn't affect a `host:` arg (which is treated the same as `host:.`) since the arg is not completely empty. The use of [`--old-args`](rsync.1#opt) (including via `RSYNC_OLD_ARGS`) allows the prior behavior of treating an empty destination arg as a ".". * PACKAGING RELATED: - The checksum code now uses openssl's EVP methods, which gets rid of various deprecation warnings and makes it easy to support more digest methods. On newer systems, the MD4 digest is marked as legacy in the openssl code, which makes openssl refuse to support it via EVP. You can choose to ignore this and allow rsync's MD4 code to be used for older rsync connections (when talking to an rsync prior to 3.0.0) or you can choose to configure rsync to tell openssl to enable legacy algorithms (see below). - A simple openssl config file is supplied that can be installed for rsync to use. If you install packaging/openssl-rsync.cnf to a public spot (such as `/etc/ssl/openssl-rsync.cnf`) and then run configure with the option `--with-openssl-conf=/path/name.cnf`, this will cause rsync to export the configured path in the OPENSSL_CONF environment variable (when the variable is not already set). This will enable openssl's MD4 code for rsync to use. - The packager may wish to include an explicit "use chroot = true" in the top section of their supplied /etc/rsyncd.conf file if the daemon is being installed to run as the root user (though rsync should behave the same even with the value unset, a little extra paranoia doesn't hurt). - I've noticed that some packagers haven't installed support/nameconvert for users to use in their chrooted rsync configs. Even if it is not installed as an executable script (to avoid a python3 dependency) it would be good to install it with the other rsync-related support scripts. - It would be good to add support/json-rsync-version to the list of installed support scripts. ------------------------------------------------------------------ ------------------ 2022-10-20 - Oct 20 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - update to 22.2.2 * This is the second bug fix release, back on the regular schedule. There's a lot here: nir, panfrost, gallium video, freedreno, nouveau, turnip, r300, gallium core, r600, virgl, core vulkan, anv, clover, d3d12, utils, radv, and plenty of zink. ++++ Mesa-drivers: - update to 22.2.2 * This is the second bug fix release, back on the regular schedule. There's a lot here: nir, panfrost, gallium video, freedreno, nouveau, turnip, r300, gallium core, r600, virgl, core vulkan, anv, clover, d3d12, utils, radv, and plenty of zink. ++++ bash: - Explicit require versioned libreadline8 as we face new ABI functions used by the bash (boo#1204336) ++++ kernel-default: - drm/amdgpu: Fix for BO move issue (bsc#1204160). - commit b9e3808 - drm/amdgpu: Fix VRAM BO swap issue (bsc#1204160). - commit 51f20d5 ++++ gcc12: - Update to gcc-12 branch head, 0aaef83351473e8f4eb774f8f99, git537 ++++ setroubleshoot: - Update to version 3.3.30 (bnc#1204344) Summary of changes from 3.3.26 to 3.3.30: * sedispatch: check read_size * SafeConfigParser is deprecated and will be dropped * Fix typos in --help, man pages and developer's guide * Improve DSP module reporting * Look for modules in /usr/share/selinux/packages * Always use rpm source package for reporting * Improve after_first email filter behavior * Set right ownership on /var/lib/setroubleshoot * Install systemd-sysusers config * Remove Requires(pre) useradd & groupadd * Introduce email.use_sendmail option * Update translations * Miscellaneous python and build system changes * Fix couple of typos * Drop Python2 support * Use inspect.signature() instead of instead.getargspec() Spec file modification to reflect openSUSE dependencies and paths. Removed old patches * setroubleshoot-Stop-SetroubleshootFixit-after-10-seconds-of-inactiv.patch * setroubleshoot-Do-not-use-Python-slip-package.patch * setroubleshoot-Gracefully-handle-unavailable-libreport.patch ------------------------------------------------------------------ ------------------ 2022-10-19 - Oct 19 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - lib/Kconfig.debug: Add check for non-constant .{s,u}leb128 support to DWARF5 (bsc#1012628). - Update config files. - hid: topre: Add driver fixing report descriptor (bsc#1012628). - Update config files. - arm64: errata: Add Cortex-A55 to the repeat tlbi list (bsc#1012628). - Update config files. - commit f78cd12 ++++ libX11: - U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch * security update for CVE-2022-3554 (bsc#1204422) ++++ libgcrypt: - Update to 1.10.1: * Bug fixes: - Fix minor memory leaks in FIPS mode. - Build fixes for MUSL libc. * Other: - More portable integrity check in FIPS mode. - Add X9.62 OIDs to sha256 and sha512 modules. * Add the hardware optimizations config file hwf.deny to the /etc/gcrypt/ directory. This file can be used to globally disable the use of hardware based optimizations. * Remove not needed separate_hmac256_binary hmac256 package ++++ python310-core: - Update to 3.10.8: - Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. (originally filed as CVE-2022-37460, later withdrawn) - Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. - When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. - The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed). - os.sched_yield() now release the GIL while calling sched_yield(2). - Bugfix: PyFunction_GetAnnotations() should return a borrowed reference. It was returning a new reference. - Fixed a missing incref/decref pair in Exception.__setstate__(). - Fix overly-broad source position information for chained comparisons used as branching conditions. - Fix undefined behaviour in _testcapimodule.c. - At Python exit, sometimes a thread holding the GIL can wait forever for a thread (usually a daemon thread) which requested to drop the GIL, whereas the thread already exited. To fix the race condition, the thread which requested the GIL drop now resets its request before exiting. - Fix a possible assertion failure, fatal error, or SystemError if a line tracing event raises an exception while opcode tracing is enabled. - Fix undefined behaviour in C code of null pointer arithmetic. - Do not expose KeyWrapper in _functools. - When loading a file with invalid UTF-8 inside a multi-line string, a correct SyntaxError is emitted. - Disable incorrect pickling of the C implemented classmethod descriptors. - Fix AttributeError missing name and obj attributes in . object.__getattribute__() bpo-42316: Document some places . where an assignment expression needs parentheses . - Wrap network errors consistently in urllib FTP support, so the test suite doesn’t fail when a network is available but the public internet is not reachable. - Fixes AttributeError when subprocess.check_output() is used with argument input=None and either of the arguments encoding or errors are used. - Avoid spurious tracebacks from asyncio when default executor cleanup is delayed until after the event loop is closed (e.g. as the result of a keyboard interrupt). - Avoid a crash in the C version of asyncio.Future.remove_done_callback() when an evil argument is passed. - Remove tokenize.NL check from tabnanny. - Make Semaphore run faster. - Fix generation of the default name of tkinter.Checkbutton. Previously, checkbuttons in different parent widgets could have the same short name and share the same state if arguments “name” and “variable” are not specified. Now they are globally unique. - Update bundled libexpat to 2.4.9 - Fix race condition in asyncio where process_exited() called before the pipe_data_received() leading to inconsistent output. - Fixed check in multiprocessing.resource_tracker that guarantees that the length of a write to a pipe is not greater than PIPE_BUF. - Corrected type annotation for dataclass attribute pstats.FunctionProfile.ncalls to be str. - Fix the faulthandler implementation of faulthandler.register(signal, chain=True) if the sigaction() function is not available: don’t call the previous signal handler if it’s NULL. - In inspect, fix overeager replacement of “typing.” in formatting annotations. - Fix asyncio.streams.StreamReaderProtocol to keep a strong reference to the created task, so that it’s not garbage collected - Fix handling compiler warnings (SyntaxWarning and DeprecationWarning) in codeop.compile_command() when checking for incomplete input. Previously it emitted warnings and raised a SyntaxError. Now it always returns None for incomplete input without emitting any warnings. - Fixed flickering of the turtle window when the tracer is turned off. - Allow asyncio.StreamWriter.drain() to be awaited concurrently by multiple tasks. - Fix broken asyncio.Semaphore when acquire is cancelled. - Fix ast.unparse() when ImportFrom.level is None - Improve performance of urllib.request.getproxies_environment when there are many environment variables - Fix ! in c domain ref target syntax via a conf.py patch, so it works as intended to disable ref target resolution. - Clarified the conflicting advice given in the ast documentation about ast.literal_eval() being “safe” for use on untrusted input while at the same time warning that it can crash the process. The latter statement is true and is deemed unfixable without a large amount of work unsuitable for a bugfix. So we keep the warning and no longer claim that literal_eval is safe. - Update tutorial introduction output to use 3.10+ SyntaxError invalid range. - Remove upstreamed test-int-timing.patch. ++++ systemd: - Don't create /var/lib/systemd/random-seed in %post (bsc#1181458) To make sure that the same seed is not replicated when installing from a 'golden' image. For regular installations the random seed file is initialized by the installer itself (bsc#1174964). Even if it didn't, the random seed file would be created on first boot anyway. ++++ python310: - Update to 3.10.8: - Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. (originally filed as CVE-2022-37460, later withdrawn) - Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. - When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. - The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed). - os.sched_yield() now release the GIL while calling sched_yield(2). - Bugfix: PyFunction_GetAnnotations() should return a borrowed reference. It was returning a new reference. - Fixed a missing incref/decref pair in Exception.__setstate__(). - Fix overly-broad source position information for chained comparisons used as branching conditions. - Fix undefined behaviour in _testcapimodule.c. - At Python exit, sometimes a thread holding the GIL can wait forever for a thread (usually a daemon thread) which requested to drop the GIL, whereas the thread already exited. To fix the race condition, the thread which requested the GIL drop now resets its request before exiting. - Fix a possible assertion failure, fatal error, or SystemError if a line tracing event raises an exception while opcode tracing is enabled. - Fix undefined behaviour in C code of null pointer arithmetic. - Do not expose KeyWrapper in _functools. - When loading a file with invalid UTF-8 inside a multi-line string, a correct SyntaxError is emitted. - Disable incorrect pickling of the C implemented classmethod descriptors. - Fix AttributeError missing name and obj attributes in . object.__getattribute__() bpo-42316: Document some places . where an assignment expression needs parentheses . - Wrap network errors consistently in urllib FTP support, so the test suite doesn’t fail when a network is available but the public internet is not reachable. - Fixes AttributeError when subprocess.check_output() is used with argument input=None and either of the arguments encoding or errors are used. - Avoid spurious tracebacks from asyncio when default executor cleanup is delayed until after the event loop is closed (e.g. as the result of a keyboard interrupt). - Avoid a crash in the C version of asyncio.Future.remove_done_callback() when an evil argument is passed. - Remove tokenize.NL check from tabnanny. - Make Semaphore run faster. - Fix generation of the default name of tkinter.Checkbutton. Previously, checkbuttons in different parent widgets could have the same short name and share the same state if arguments “name” and “variable” are not specified. Now they are globally unique. - Update bundled libexpat to 2.4.9 - Fix race condition in asyncio where process_exited() called before the pipe_data_received() leading to inconsistent output. - Fixed check in multiprocessing.resource_tracker that guarantees that the length of a write to a pipe is not greater than PIPE_BUF. - Corrected type annotation for dataclass attribute pstats.FunctionProfile.ncalls to be str. - Fix the faulthandler implementation of faulthandler.register(signal, chain=True) if the sigaction() function is not available: don’t call the previous signal handler if it’s NULL. - In inspect, fix overeager replacement of “typing.” in formatting annotations. - Fix asyncio.streams.StreamReaderProtocol to keep a strong reference to the created task, so that it’s not garbage collected - Fix handling compiler warnings (SyntaxWarning and DeprecationWarning) in codeop.compile_command() when checking for incomplete input. Previously it emitted warnings and raised a SyntaxError. Now it always returns None for incomplete input without emitting any warnings. - Fixed flickering of the turtle window when the tracer is turned off. - Allow asyncio.StreamWriter.drain() to be awaited concurrently by multiple tasks. - Fix broken asyncio.Semaphore when acquire is cancelled. - Fix ast.unparse() when ImportFrom.level is None - Improve performance of urllib.request.getproxies_environment when there are many environment variables - Fix ! in c domain ref target syntax via a conf.py patch, so it works as intended to disable ref target resolution. - Clarified the conflicting advice given in the ast documentation about ast.literal_eval() being “safe” for use on untrusted input while at the same time warning that it can crash the process. The latter statement is true and is deemed unfixable without a large amount of work unsuitable for a bugfix. So we keep the warning and no longer claim that literal_eval is safe. - Update tutorial introduction output to use 3.10+ SyntaxError invalid range. - Remove upstreamed test-int-timing.patch. ++++ python-setuptools: - Skip test_pbr_integration because it tries to install pbr using pip from network - Add fix-get-python-lib-python38.patch to fix get_python_lib() method in python3.8 bsc#1204395 - Update to version 65.5.0: * #3624: Fixed editable install for multi-module/no-package src-layout projects. * #3626: Minor refactorings to support distutils using stdlib logging module. * #3419: Updated the example version numbers to be compliant with PEP-440 on the "Specifying Your Project’s Version" page of the user guide. * #3569: Improved information about conflicting entries in the current working directory and editable install (in documentation and as an informational warning). * #3576: Updated version of validate_pyproject. - v65.4.1 * #3613: Fixed encoding errors in expand.StaticModule when system default encoding doesn't match expectations for source files. * #3617: Merge with pypa/distutils@6852b20 including fix for pypa/distutils#181. - v65.4.0 * #3609: Merge with pypa/distutils@d82d926 including support for DIST_EXTRA_CONFIG in pypa/distutils#177. - v65.3.0 * #3547: Stop ConfigDiscovery.analyse_name from splatting the Distribution.name attribute -- by :user:`jeamland` * #3554: Changed requires to requests in the pyproject.toml example in the :doc:`Dependency management section of the Quickstart guide ` -- by :user:`mfbutner` * #3561: Fixed accidental name matching in editable hooks. - v65.2.0 * #3553: Sync with pypa/distutils@22b9bcf, including fixed cross-compiling support and removing deprecation warning per pypa/distutils#169. - v65.1.1 * #3551: Avoided circular imports in meta path finder for editable installs when a missing module has the same name as its parent. - v65.1.0 * #3536: Remove monkeypatching of msvc9compiler. * #3538: Corrected documentation on how to use the legacy-editable mode. - v65.0.2 * #3505: Restored distutils msvccompiler and msvc9compiler modules and marked as deprecated (pypa/distutils@c802880). - v65.0.1 * #3529: Added clarification to :doc:`/userguide/quickstart` about support to setup.py. * #3526: Fixed backward compatibility of editable installs and custom build_ext commands inheriting directly from distutils. * #3528: Fixed buid_meta.prepare_metadata_for_build_wheel when given metadata_directory is ".". - v65.0.0 * #3505: Removed 'msvccompiler' and 'msvc9compiler' modules from distutils. * #3521: Remove bdist_msi and bdist_wininst commands, which have been deprecated since Python 3.9. Use older Setuptools for these behaviors if needed. * #3519: Changed the note in keywords documentation regarding editable installations to specify which setuptools version require a minimal setup.py file or not. - v64.0.3 * #3515: Fixed "inline" file copying for editable installations and optional extensions. * #3517: Fixed editable_wheel to ensure other commands are finalized before using them. This should prevent errors with plugins trying to use different commands or reinitializing them. * #3517: Augmented filter to prevent transient/temporary source files from being considered package_data or data_files. - v64.0.2 * #3506: Suppress errors in custom build_py implementations when running editable installs in favor of a warning indicating what is the most appropriate migration path. This is a transitional measure. Errors might be raised in future versions of setuptools. * #3512: Added capability of handling namespace packages created accidentally/purposefully via discovery configuration during editable installs. This should emulate the behaviour of a non-editable installation. - v64.0.1 * #3497: Fixed editable_wheel for legacy namespaces. * #3502: Fixed issue with editable install and single module distributions. * #3503: Added filter to ignore external .egg-info files in manifest. * Some plugins might rely on the fact that the .egg-info directory is produced inside the project dir, which may not be the case in editable installs (the .egg-info directory is produced inside the metadata directory given by the build frontend via PEP 660 hooks). - v64.0.0 * #3380: Passing some types of parameters via --global-option to setuptools PEP 517/PEP 660 backend is now considered deprecated. The user can pass the same arbitrary parameter via --build-option (--global-option is now reserved for flags like --verbose or --quiet). * Both --build-option and --global-option are supported as a transitional effort (a.k.a. "escape hatch"). In the future a proper list of allowed config_settings may be created. * #3265: Added implementation for editable install hooks (PEP 660). * #3380: Improved the handling of the config_settings parameter in both PEP 517 and PEP 660 interfaces: * #3392: Exposed get_output_mapping() from build_py and build_ext subcommands. This interface is reserved for the use of setuptools Extensions and third part packages are explicitly disallowed to calling it. However, any implementation overwriting build_py or build_ext are required to honour this interface. * #3412: Added ability of collecting source files from custom build sub-commands to sdist. This allows plugins and customization scripts to automatically add required source files in the source distribution. * #3414: Users can temporarily specify an environment variable SETUPTOOLS_ENABLE_FEATURES=legacy-editable as a escape hatch for the PEP 660 behavior. This setting is transitional and may be removed in the future. * #3484: Added transient compat mode to editable installs. This more will be temporarily available (to facilitate the transition period) for those that want to emulate the behavior of the develop command (in terms of what is added to sys.path). This mode is provided "as is", with limited support, and will be removed in future versions of setuptools. * #3414: Updated :doc:`Development Mode ` to reflect on the implementation of PEP 660. - v63.4.3 * #3496: Update to pypa/distutils@b65aa40 including more robust support for library/include dir handling in msvccompiler (pypa/distutils#153) and test suite improvements. - v63.4.2 * #3453: Bump vendored version of :pypi:`pyparsing` to 3.0.9. * #3481: Add warning for potential install_requires and extras_require misconfiguration in setup.cfg * #3487: Modified pyproject.toml validation exception handling to make relevant debugging information easier to spot. - v63.4.1 * #3482: Sync with pypa/distutils@274758f1c02048d295efdbc13d2f88d9923547f8, restoring compatibility shim in bdist.format_commands. - v63.4.0 * #2971: upload_docs command is deprecated once again. * #3443: Installed sphinx-hoverxref extension to show tooltips on internal an external references. -- by :user:`humitos` * #3444: Installed sphinx-notfound-page extension to generate nice 404 pages. - - by :user:`humitos` * #3480: Merge with pypa/distutils@c397f4c - v63.3.0 * #3475: Merge with pypa/distutils@129480b, including substantial delinting and cleanup, some refactoring around compiler logic, better messaging in cygwincompiler (pypa/distutils#161). ++++ selinux-policy: - Update to version 20221019. Refreshed: * distro_suse_to_distro_redhat.patch * fix_apache.patch * fix_chronyd.patch * fix_cron.patch * fix_init.patch * fix_kernel_sysctl.patch * fix_networkmanager.patch * fix_rpm.patch * fix_sysnetwork.patch * fix_systemd.patch * fix_systemd_watch.patch * fix_unconfined.patch * fix_unconfineduser.patch * fix_unprivuser.patch * fix_xserver.patch - Dropped fix_cockpit.patch as this is now packaged with cockpit itself - Remove the ipa module, freeip ships their own module - Added fix_alsa.patch to allow reading of config files in home directories - Extended fix_networkmanager.patch and fix_postfix.patch to account for SUSE systems - Added dontaudit_interface_kmod_tmpfs.patch to prevent AVCs when startproc queries the running processes - Updated fix_snapper.patch to allow snapper to talk to rpm via dbus ------------------------------------------------------------------ ------------------ 2022-10-18 - Oct 18 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.40.2: + Ensure that resolv.conf gets updated when the configuration changes. + Fix setting as bond primary an interface that doesn't exist yet when the bond is activated. + The number of autoconnect retries is now accounted independently for each device when there are profiles with multi-connect=multiple. + Don't print duplicate entries in the output of "NetworkManager - -print-config". + Fix the ifcfg-rh plugin to properly read infiniband P-Key connection profiles without an explicit interface name. + Allow the removal of a bond port connection profile from the bond via nmcli. + Fix race condition during the activation of veth profiles when the peer already exists. + Decline the DHCPv6 lease if all addresses fail IPv6 duplicate address detection (DAD). + Wait that devices get carrier before trying to resolve the system hostname on them via DNS. + Fix race condition during the initial activation of OVS interfaces. + Profiles generated by nm-initrd-generator now have lower than default priority. + Fix error when adding many SR-IOV virtual functions (VFs). ++++ docker-compose: - Update to version 2.12.0: * log the error object instead of the string message only * replace deprecated functions * bump docker dependencies version * Fix Makefile target `validate-go-mod` to only run correct bakefile target * Update `e2e` module deps * Add Codecov * port: fix container name in error message (#9909) * github: add feature request template * github: switch to issue template form * build(deps): bump go.opentelemetry.io/otel from 1.10.0 to 1.11.0 * Update e2e mod dependencies * build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 * docs: update with result of `make docs` * Add support to push images quietly via compose cli * Bump e2e module deps * build(deps): bump gotest.tools/v3 from 3.3.0 to 3.4.0 * don't fail when trying to remove an orphan container during down command * Update to go 1.19.2 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 * ci: update docs repo path * Adjust modules sync validating script * Add `validate-modules` target to CI matrix * Add Makefile, buildx target to ensure root and e2e go.mod are kept in sync * Create new `e2e` module to separate out test dependencies, move cucumber tests * Removed tests that were replaced by Cucumber features * Update go.mod replace * Rename start cucumber feature * Convert `cascade_stop_test.go` into a cucumber feature `stop.feature` * Cucumber test setup/fixtures ++++ libXmu: - Update to version 1.1.4 This release includes two notable changes to XmuConvertStandardSelection(): 1) It no longer supports XA_IP_ADDRESS, which only supported IPv4 addresses and simply provided the output of gethostbyname() on the local hostname. 2) XA_OWNER_OS no longer reports "BSD" for any Unix-like OS (including Linux) that it hadn't been coded to handle, instead relying on uname() where available to provide the OS name. The lack of bug reports about the previously misleading output for these suggests they're not widely used, with codesearch.debian.net only finding matches in libXmu and the rust bindings to libXmu, and not any consumers of these interfaces. ++++ libpciaccess: - Update to version 0.17 * Fix spelling/wording issues * meson: install man page in mandir/man1/, not mandir/1/ * gitlab CI: add a basic build test for both autotools and meson * gitlab CI: stop requiring Signed-off-by in commits * configure.ac: Use pkg-config to find zlib dependency info * Obtain correct value of is_64 and is_prefetchable PCI device fields * hurd_pci: Use __pci_conf_ variants of pci_conf_ * x86: Use gnumach device instead of /dev/mem on GNU systems && factorise ifdefs * x86: Remove mapping of regions during probe - otherwise remapping later fails * x86: Remove probe during create, other backends don't do this * hurd: device_open(pci), /servers/bus/pci fallback * x86: Sort devices by B/D/F due to recursive scan * hurd: Don't necessarily look up _SERVERS_BUS_PCI * Add a meson build system * autoconf: Add meson files to dist tarball * pciaccess.pc.in: add Libs.Private * Hurd: avoid using the deprecated RPC pci_get_ndevs() * hurd: Implement device memory mapping * Hurd: Fix initialization order * Add pci_device_disable() function * missed library installation in meson * hurd: Add missing round up size in map_dev_mem * hurd: Fix letting map_dev_mem map anywhere * hurd: Fix map_dev_mem from non-zero address * hurd: Restore initialization order * hurd: Fix pci_device_hurd_map_legacy * Add support for building on macOS w/o X11, using endian code from "portable_endian.h"... * Add parentheses to the macro definition * pci_sys set NULL after free * Add header protection macro in linux_devmem.h * Delete redundant symbols ';' - switched to meson build system ++++ libxshmfence: - Update to version 1.3.1 * Update README for gitlab migration * Update configure.ac bug URL for gitlab migration * Fix spelling/wording issues * gitlab CI: add a basic build test * alloc: prefer atomic close-on-exec without O_TMPFILE as well * alloc: prefer SHM_ANON on FreeBSD a la memfd_create ------------------------------------------------------------------ ------------------ 2022-10-17 - Oct 17 2022 ------------------- ------------------------------------------------------------------ ++++ glib2-branding-openSUSE: - Fix default openSUSE wallpaper is not present in dark mode (boo#1204138). ++++ gpg2: - GnuPG 2.3.8: * gpg: Do not consider unknown public keys as non-compliant while decrypting. * gpg: Avoid to emit a compliance mode line if Libgcrypt is non-compliant. * gpg: Improve --edit-key setpref command to ease c+p. * gpg: Emit an ERROR status if --quick-set-primary-uid fails and allow to pass the user ID by hash. * gpg: Actually show symmetric+pubkey encrypted data as de-vs compliant. Add extra compliance checks for symkey_enc packets. * gpg: In de-vs mode use SHA-256 instead of SHA-1 as implicit preference. * gpgsm: Fix reporting of bad passphrase error during PKCS#11 import. * agent: Fix a regression in "READKEY --format=ssh". * agent: New option --need-attr for KEYINFO. * agent: New attribute "Remote-list" for use by KEYINFO. * scd: Fix problem with Yubikey 5.4 firmware. * dirmngr: Fix CRL Distribution Point fallback to other schemes. * dirmngr: New LDAP server flag "areconly" (A-record-only). * dirmngr: Fix upload of multiple keys for an LDAP server specified using the colon format. * dirmngr: Use LDAP schema v2 when a Base DN is specified. * dirmngr: Avoid caching expired certificates. * wkd: Fix path traversal attack in gpg-wks-server. Add the mail address to the pending request data. * wkd: New command --mirror for gpg-wks-client. * gpg-auth: New tool for authentication. * New common.conf option no-autostart. * Silence warnings from AllowSetForegroundWindow unless GNUPG_EXEC_DEBUG_FLAGS is used. * Rebase gnupg-detect_FIPS_mode.patch * Remove patch upstream: - gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch ++++ kernel-default: - update submitted patch - update to v2 and rename - patches.suse/scsi-mpi3mr-add-explicit-dependency-on-CONFIG_SCSI_S.patch - > patches.suse/scsi-mpi3mr-select-CONFIG_SCSI_SAS_ATTRS.patch - update config/x86_64/kvmsmall - SCSI_SAS_ATTRS=m (new dependency in 6.1-rc1) - commit d8f9c79 - config.conf: Reenable arm64 - Update config files (arm64). copy 6.1-rc1 from x86_64, enable all new SOC erratas, enable all new modules. - commit 8d7f37c - scsi: mpi3mr: add explicit dependency on CONFIG_SCSI_SAS_ATTRS. Fix x86_64/kvmsmall build failure. - commit 2fa879f - rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. - commit bdc0bf7 - Update to 6.1-rc1 - eliminate 21 patches (18 stable, 3 mainline) - patches.suse/ALSA-hda-realtek-Add-quirk-for-HP-Zbook-Firefly-14-G.patch - patches.suse/ALSA-hda-realtek-More-robust-component-matching-for-.patch - patches.suse/watchdog-wdat_wdt-fix-min-max-timer-value.patch - disable - patches.suse/suse-hv-guest-os-id.patch (bsc#1189965) - refresh - patches.suse/Input-i8042-Apply-probe-defer-to-more-ASUS-ZenBook-m.patch - patches.suse/add-suse-supported-flag.patch - patches.suse/kernel-add-product-identifying-information-to-kernel-build.patch - add DRM crash fix - patches.suse/drm-sched-Fix-kernel-NULL-pointer-dereference-error.patch - disable ARM architectures (need config update) - new config options - Processor type and features - XEN_PV_MSR_SAFE=y - Power management and ACPI options - X86_AMD_PSTATE_UT=n - General architecture-dependent options - CFI_CLANG=n - Memory Management options - LRU_GEN=y - LRU_GEN_ENABLED=n - LRU_GEN_STATS=n - Cryptographic API - CRYPTO_ARIA_AESNI_AVX_X86_64=m - Library routines - FORCE_NR_CPUS=n - Kernel hacking - DEBUG_MAPLE_TREE=n - TEST_DYNAMIC_DEBUG=n - Network device support - NGBE=m - NET_VENDOR_ADI=y - ADIN1110=m - MLX5_EN_MACSEC=y - PSE_CONTROLLER=y - PSE_REGULATOR=m - Input device support - KEYBOARD_PINEPHONE=m - TOUCHSCREEN_COLIBRI_VF50=m - Hardware Monitoring support - SENSORS_MAX31760=m - SENSORS_TPS546D24=m - SENSORS_EMC2305=m - Multifunction device drivers - MFD_MT6370=n - MFD_OCELOT=n - MFD_SY7636A=n - MFD_RT5120=n - Graphics support - DRM_USE_DYNAMIC_DEBUG=y - Sound card support - SND_SOC_AMD_PS=m - SND_SOC_AMD_PS_MACH=m - SND_SOC_SOF_AMD_REMBRANDT=m - SND_SOC_SOF_SKYLAKE=m - SND_SOC_SOF_KABYLAKE=m - SND_SOC_CS42L83=n - SND_SOC_SRC4XXX_I2C=n - HID support - HID_VRC2=m - HID_PXRC=m - HID_TOPRE=m - Industrial I/O support - MSA311=n - MAX11205=n - RICHTEK_RTQ6056=n - BOSCH_BNO055_SERIAL=n - BOSCH_BNO055_I2C=n - LTRF216A=n - Misc devices - GP_PCI1XXXX=m - AHCI_DWC=m - SERIAL_FSL_LPUART_CONSOLE=y - I2C_PCI1XXXX=m - SPI_MICROCHIP_CORE_QSPI=m - PINCTRL_CY8C95X0=m - EXAR_WDT=m - STAGING_MEDIA_DEPRECATED=n - CROS_TYPEC_SWITCH=m - AMD_PMF=m - OF dependent (i386, ppc64/ppc64le, riscv64) - PATA_OF_PLATFORM=m - COMMON_CLK_VC7=m - NVMEM_U_BOOT_ENV=m - ppc64le / ppc64 - ARCH_FORCE_MAX_ORDER=9 (default) - INPUT_IBM_PANEL=m - KFENCE=y - KFENCE_SAMPLE_INTERVAL=0 - KFENCE_NUM_OBJECTS=255 - KFENCE_DEFERRABLE=n - KFENCE_STATIC_KEYS=y - KFENCE_STRESS_TEST_FAULTS=0 - riscv64 - EFI_ZBOOT=n - PINCTRL_STARFIVE_JH7100=m - CHARGER_RK817=m - SND_SOC_ES8326=m - SIFIVE_CCACHE=y - RESET_POLARFIRE_SOC=y - commit 79462df - Update patches.kernel.org/6.0.2-022-wifi-cfg80211-mac80211-reject-bad-MBSSID-elemen.patch (bsc#1012628 bsc#1203770 CVE-2022-41674). - Update patches.kernel.org/6.0.2-023-wifi-mac80211-fix-MBSSID-parsing-use-after-free.patch (bsc#1012628 bsc#1204051 CVE-2022-42719). - Update patches.kernel.org/6.0.2-025-wifi-cfg80211-fix-BSS-refcounting-bugs.patch (bsc#1012628 bsc#1204059 CVE-2022-42720). - Update patches.kernel.org/6.0.2-026-wifi-cfg80211-avoid-nontransmitted-BSS-list-cor.patch (bsc#1012628 bsc#1204060 CVE-2022-42721). - Update patches.kernel.org/6.0.2-028-wifi-mac80211-fix-crash-in-beacon-protection-fo.patch (bsc#1012628 bsc#1204125 CVE-2022-42722). Add CVE references. - commit af756fb ++++ libgpg-error: - Update to 1.46: * Support for bidirectional pipes under Windows. * REG_DWORD types are now support in the Windows Registry. * Added ES_SYSHD_SOCK support for gpgrt_sysopen under Windows. * Fixed gpgrt_log_get_fd for the file case. * Avoids header problem with C11 and "noreturn". * The gpg-error-config command is not installed by default, because it is now replaced by use of pkg-config/gpgrt-config with gpg-error.pc. Supply --enable-install-gpg-error-config configure option, if it's really needed. * Fixed support of posix-lock for FreeBSD. * Build fixes for some Mingw tool chain versions. * Removed remaining support for WindowsCE. * Updated config.guess, config.sub, and config.rpath. * gpg-error-config is now only installed when enabled. * System paths are now stripped from --cflags --and --libs. ++++ libksba: - libksba 1.6.2: [bsc#1204357, CVE-2022-3515] * Fix integer overflow in the CRL parser. ++++ ncurses: - Add ncurses patch 20221015 + fix another memory-leak in tic. + update install-sh script from autoconf, to fix install problem for Ada95 with Arch; as noted in https://lists.gnu.org/archive/html/automake/2018-09/msg00005.html there are unaddressed issues. + update CF_XOPEN_SOURCE, adding GNU libc suffixes for abi64, abin32, x32 (report by Sven Joachim): + correct ifdef's for _nc_set_read_thread() (patch by Mikhail Korolev, cf: 20220813). ++++ tiff: - security update: * CVE-2022-2519 [bsc#1202968] * CVE-2022-2520 [bsc#1202973] * CVE-2022-2521 [bsc#1202971] + tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch ++++ libzypp: - Do not clean up MediaSetAccess before using the geoip file (fixes #424) - version 17.31.4 (22) ------------------------------------------------------------------ ------------------ 2022-10-16 - Oct 16 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Linux 6.0.2 (bsc#1012628). - nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() (bsc#1012628). - nilfs2: fix use-after-free bug of struct nilfs_root (bsc#1012628). - nilfs2: fix leak of nilfs_root in case of writer thread creation failure (bsc#1012628). - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (bsc#1012628). - nvme-pci: set min_align_mask before calculating max_hw_sectors (bsc#1012628). - random: restore O_NONBLOCK support (bsc#1012628). - random: clamp credited irq bits to maximum mixed (bsc#1012628). - ALSA: hda: Fix position reporting on Poulsbo (bsc#1012628). - efi: Correct Macmini DMI match in uefi cert quirk (bsc#1012628). - scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets" (bsc#1012628). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1012628). - scsi: stex: Properly zero out the passthrough command structure (bsc#1012628). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (bsc#1012628). - Revert "USB: fixup for merge issue with "usb: dwc3: Don't switch OTG -> peripheral if extcon is present"" (bsc#1012628). - Revert "usb: dwc3: Don't switch OTG -> peripheral if extcon is present" (bsc#1012628). - Revert "powerpc/rtas: Implement reentrant rtas call" (bsc#1012628). - Revert "crypto: qat - reduce size of mapped region" (bsc#1012628). - random: avoid reading two cache lines on irq randomness (bsc#1012628). - random: use expired timer rather than wq for mixing fast pool (bsc#1012628). - wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() (bsc#1012628). - wifi: cfg80211/mac80211: reject bad MBSSID elements (bsc#1012628). - wifi: mac80211: fix MBSSID parsing use-after-free (bsc#1012628). - wifi: cfg80211: ensure length byte is present before access (bsc#1012628). - wifi: cfg80211: fix BSS refcounting bugs (bsc#1012628). - wifi: cfg80211: avoid nontransmitted BSS list corruption (bsc#1012628). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (bsc#1012628). - wifi: mac80211: fix crash in beacon protection for P2P-device (bsc#1012628). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (bsc#1012628). - mctp: prevent double key removal and unref (bsc#1012628). - Input: xpad - add supported devices as contributed on github (bsc#1012628). - Input: xpad - fix wireless 360 controller breaking after suspend (bsc#1012628). - misc: pci_endpoint_test: Aggregate params checking for xfer (bsc#1012628). - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (bsc#1012628). - commit 7fb6561 ++++ mozilla-nss: - update to NSS 3.83 * bmo#1788875 - Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * bmo#1563221 - remove older oses that are unused part3/ BeOS * bmo#1563221 - remove older unix support in NSS part 3 Irix * bmo#1563221 - remove support for older unix in NSS part 2 DGUX * bmo#1563221 - remove support for older unix in NSS part 1 OSF * bmo#1778413 - Set nssckbi version number to 2.58 * bmp#1785297 - Add two SECOM root certificates to NSS * bmo#1787075 - Add two DigitalSign root certificates to NSS * bmo#1778412 - Remove Camerfirma Global Chambersign Root from NSS * bmo#1771100 - Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * bmo#1779361 - Removed skipping of ECH on equality of private and public server name * bmo#1779357 - Added comment and bug reference to ECHRandomHRRExtension bogo test * bmo#1779370 - Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * bmo#1779234 - Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * bmo# 1771100 - Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * bmo#1771100 - Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * bmo#1771100 - Update BoGo tests to recent BoringSSL version * bmo#1785846 - Bump minimum NSPR version to 4.34.1 ++++ mozilla-nspr: - update to version 4.35 * fixes for building with clang * use the number of online processors for the PR_GetNumberOfProcessors() API on some platforms * fix build on mips+musl libc * Add support for the LoongArch 64-bit architecture ------------------------------------------------------------------ ------------------ 2022-10-15 - Oct 15 2022 ------------------- ------------------------------------------------------------------ ++++ gettext-runtime: - Update to Version 0.21.1 * Runtime behaviour: - On AIX, locale names with a script or with an uppercase language are now supported. For example, sr_Cyrl_RS.UTF-8 is treated like sr_RS.UTF-8@cyrillic, and EN_US.UTF-8 is treated like en_US.UTF-8. * The base Unicode standard is now updated to 14.0.0. * Portability: - Building on macOS 11/arm64 is now supported. - Building on Linux/powerpc64le with glibc ≥ 2.35 is now supported. ------------------------------------------------------------------ ------------------ 2022-10-14 - Oct 14 2022 ------------------- ------------------------------------------------------------------ ++++ elfutils: - Add RISC-V specific patches: * 0001-libelf-Sync-elf.h-from-glibc.patch * 0002-backends-Handle-new-RISC-V-specific-definitions.patch * 0003-elflint-Allow-zero-p_memsz-for-PT_RISCV_ATTRIBUTES.patch * 0004-readelf-Handle-SHT_RISCV_ATTRIBUTES-like-SHT_GNU_ATT.patch * 0005-backends-Add-RISC-V-object-attribute-printing.patch ++++ fde-tools: - Add bsc1204037-mokutil-check-sb-state.patch to check the SecureBoot state with mokutil (bsc#1204037) ++++ gnutls: - Consolidate the FIPS hmac files [bsc#1203245] * Use the gnutls fipshmac tool instead of the brp-check-suse and rename it to reflect on the library version. * Remove not needed gnutls-FIPS-Run-CFB8-without-offset.patch - Add a gnutls.rpmlintrc file to remove a hidden-file-or-dir false positive for the FIPS hmac calculation. ++++ kernel-default: - series.conf: cleanup - update upstream reference and move into sorted section: - patches.suse/watchdog-wdat_wdt-fix-min-max-timer-value.patch - commit 64a2b58 - Refresh patches.suse/ACPI-resource-Add-ASUS-model-S5402ZA-to-quirks.patch. - Refresh patches.suse/ACPI-resource-Skip-IRQ-override-on-Asus-Vivobook-K34.patch. Update upstream status. They were merged already. - commit 098c340 - ACPI: resource: do IRQ override on LENOVO IdeaPad (bsc#1203794). - ACPI: resource: Add ASUS model S5402ZA to quirks (bsc#1203794). - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (bsc#1203794). - commit c7a2f55 ++++ libxml2: - Update to version 2.10.3 (bsc#1204366, CVE-2022-40303, bsc#1204367, CVE-2022-40304): + Security: - [CVE-2022-40304] Fix dict corruption caused by entity reference cycles - [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE - Fix overflow check in SAX2.c + Build system: cmake: Set SOVERSION - Rebase patches with quilt. ++++ libzypp: - Improve download of optional files (fixes #416) - Do not use geoip rewrites if the repo has explicit country settings. - Implement geoIP feature for zypp. This patch adds a feature to rewrite request URLs to the repo servers by querying a geoIP file from download.opensuse.org. This file can return a redirection target depending on the clients IP adress, this way we can directly contact a local mirror of d.o.o instead. The redir target stays valid for 24hrs. This feature can be disabled in zypp.conf by setting 'download.use_geoip_mirror = false'. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - version 17.31.3 (22) ++++ pvirsh: - first package release ++++ libxml2-python: - Update to version 2.10.3 (bsc#1204366, CVE-2022-40303, bsc#1204367, CVE-2022-40304): + Security: - [CVE-2022-40304] Fix dict corruption caused by entity reference cycles - [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE - Fix overflow check in SAX2.c + Build system: cmake: Set SOVERSION - Rebase patches with quilt. ------------------------------------------------------------------ ------------------ 2022-10-13 - Oct 13 2022 ------------------- ------------------------------------------------------------------ ++++ ansible: - update to 6.5.0: Ansible 6.5.0 will include ansible-core 2.13.5 as well as a curated set of Ansible collections to provide a vast number of modules and plugins. * The changelog for ansible-core 2.13 installed by this release of ansible is available here: https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst * Collections which have opted into being a part of the Ansible-6 unified changelog will have an entry on this page: https://github.com/ansible-community/ansible-build-data/blob/main/6/CHANGELOG-v6.rst ++++ dbus-1: - Disable asserts (bsc#1087072) ++++ dracut: - Update to version 057+suse.337.g4162a70e: * fix(network-legacy): misleading duplicate address detection using wicked (bsc#1201235) A series of fixes for NVMeoF boot (bsc#1203368): * fix(man): dracut.cmdline.7: clarify "rd.nvmf.discover=fc,auto" * fix(network): avoid double brackets around IPv6 address * feat(nvmf): set rd.neednet=1 if tcp records encountered * fix(man): dracut.cmdline(7): correct syntax for rd.nonvmf * fix(network): don't use same ifname multiple times * fix(nvmf): run cmdline hook before parse-ip-opts.sh * fix(nvmf): avoid calling "exit" in a cmdline hook * fix(nvmf): make sure "rd.nvmf.discover=fc,auto" takes precedence * fix(nvmf): don't use "finished" queue for autoconnect * fix(nvmf): don't create did-setup file * fix(nvmf): no need to load the nvme module * fix(nvmf): don't try to validate network connections in cmdline hook * fix(nvmf): nvme list-subsys prints the address using commas as separator * fix(systemd): add missing modprobe@.service (bsc#1203749) * fix(i18n): do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267) ++++ fde-tools: - Add bsc1204037-update-grub.cfg-for-pw-only.patch to update grub.cfg when the user only chooses the pass phrase to encrypt the disk. (bsc#1204037) ++++ hwdata: - update to 0.363: + Updated pci, usb and vendor ids. ++++ rdma-core: - Add rdma-ndd-disable-systemd-ProtectHostName-feature.patch to fix issue where rdma-ndd would not be aware of dynamic hostnames retrived through DHCP ++++ gcc12: - Update embedded newlib to version 4.2.0 * includes newlib-4.1.0-aligned_alloc.patch ++++ unbound: - update to 1.17.0 * Features - Merge #753: ACL per interface. (New interface-* configuration options). - Merge #760: PROXYv2 downstream support. (New proxy-protocol-port configuration option). * Bug Fixes - Fix #728: alloc_reg_obtain() core dump. Stop double alloc_reg_release when serviced_create fails. - Fix edns subnet so that scope 0 answers only match sourcemask 0 queries for answers from cache if from a query with sourcemask 0. - Fix unittest for edns subnet change. - Merge #730 from luisdallos: Fix startup failure on Windows 8.1 due to unsupported IPV6_USER_MTU socket option being set. - Fix ratelimit inconsistency, for ip-ratelimits the value is the amount allowed, like for ratelimits. - Fix #734 [FR] enable unbound-checkconf to detect more (basic) errors. - Fix to log accept error ENFILE and EMFILE errno, but slowly, once per 10 seconds. Also log accept failures when no slow down is used. - Fix to avoid process wide fcntl calls mixed with nonblocking operations after a blocked write. - Patch from Vadim Fedorenko that adds MSG_DONTWAIT to receive operations, so that instruction reordering does not cause mistakenly blocking socket operations. - Fix to wait for blocked write on UDP sockets, with a timeout if it takes too long the packet is dropped. - Fix for wait for udp send to stop when packet is successfully sent. - Fix #741: systemd socket activation fails on IPv6. - Fix to update config tests to fix checking if nonblocking sockets work on OpenBSD. - Slow down log frequency of write wait failures. - Fix to set out of file descriptor warning to operational verbosity. - Fix to log a verbose message at operational notice level if a thread is not responding, to stats requests. It is logged with thread identifiers. - Remove include that was there for debug purposes. - Fix to check pthread_t size after pthread has been detected. - Convert tdir tests to use the new skip_test functionality. - Remove unused testcode/mini_tpkg.sh file. - Better output for skipped tdir tests. - Fix doxygen warning in respip.h. - Fix to remove erroneous TC flag from TCP upstream. - Fix test tdir skip report printout. - Fix windows compile, the identifier interface is defined in headers. - Fix to close errno block in comm_point_tcp_handle_read outside of ifdef. - Fix static analysis report to remove dead code from the rpz_callback_from_iterator_module function. - Fix to clean up after the acl_interface unit test. - Merge #764: Leniency for target discovery when under load (for NRDelegation changes). - Use DEBUG_TDIR from environment in mini_tdir.sh for debugging. - Fix string comparison in mini_tdir.sh. - Make ede.tdir test more predictable by using static data. - Fix checkconf test for dnscrypt and proxy port. - Fix dnscrypt compile for proxy protocol code changes. - Fix to stop responses with TC flag from resulting in partial responses. It retries to fetch the data elsewhere, or fails the query and in depth fix removes the TC flag from the cached item. - Fix proxy length debug output printout typecasts. - Fix to stop possible loops in the tcp reuse code (write_wait list and tcp_wait list). Based on analysis and patch from Prad Seniappan and Karthik Umashankar. - Fix PROXYv2 header read for TCP connections when no proxied addresses are provided. ++++ python-contextvars: - use https for urls ++++ ovmf: - Update to edk2-stable202208 (jsc#PED-1410) - Features (https://github.com/tianocore/edk2/releases): Add CRC16 and CRC32C to MdePkg IntelFsp2Pkg/ConfigEditor: Support FSP 2.3 header Extend SecureBootVariableLib interfaces UEFI HTTPS Boot Support for HTTP Client Authentication (Basic or Digest) Support 64bit FspResetType for X64 build IntelFsp2Pkg/FspSecCore: Add FSP-I entry for SMM support Add PCI_DEVICE_PPI definition to EDK2 Support to assign the subject name to sign the capsule file - Patches (git log --oneline --reverse edk2-stable202205..edk2-stable202208): 7f0890776e MdeModulePkg/UniversalPayload: Align Identifier value with UPL spec b4be5f05dd UefiPayloadPkg: Align Identifier value with UPL spec dac2fc8146 UefiPayloadPkg: Align SpecRevision value with UPL spec 3ca7326b37 OvmfPkg/VirtioGpuDxe: replace struct copy with CopyMem call fa2b212d61 IntelFsp2Pkg: Add FSP 2.3 header support 11d8abcba2 IntelFsp2Pkg: FSP_TEMP_RAM_INIT call must follow X64 Calling Convention df1c7e91b4 IntelFsp2WrapperPkg: FSP_TEMP_RAM_INIT call for X64 Calling Convention 62044aa99b OvmfPkg/ResetVector: Removing SEV-ES CPUID bit check 54cd0d9b2f OvmfPkg: Fix TDVMCALL error in ApRunLoop.nasm 64706ef761 OvmfPkg: Search EFI_RESOURCE_MEMORY_UNACCEPTED for Fw hoblist 81ab97b7b9 OvmfPkg/AmdSev: remove unused SMM bits from .dsc and .fdf files 0223898f3e OvmfPkg/Microvm: drop CODE and VARS files b57911c84c OvmfPkg/FdtPciHostBridgeLib: io range is not mandatory 47f44097eb OvmfPkg/Platform: unfix PcdPciExpressBaseAddress ad3bafa7d5 OvmfPkg/Microvm/pcie: no vbeshim please bd10d4e201 OvmfPkg/Microvm/pcie: mPhysMemAddressWidth tweak 632574ced1 OvmfPkg/Microvm/pcie: add pcie support 5c9f151e0c OvmfPkg: CloudHv: Fix FW_BASE_ADDRESS 43f3cfce19 OvmfPkg: Check for QemuFwCfg availability before accessing it 3129ed374c OvmfPkg: CloudHv: Rely on QemuFwCfgLibNull implementation bf25f27e00 OvmfPkg: Don't access A20 gate register on Cloud Hypervisor 72c5afd0b4 Security: Add HashLibTdx b1567b2e15 CryptoPkg: Add SecCryptLib dc443e4437 SecurityPkg: Add definition of EFI_CC_EVENT_HOB_GUID a708536dce OvmfPkg: Introduce SecMeasurementLib 4b0a622635 OvmfPkg/IntelTdx: Measure Td HobList and Configuration FV ac03c339de OvmfPkg: Add PCDs for LAML/LASA field in CC EVENTLOG ACPI table f8264e1303 MdePkg: Define CC Measure EventLog ACPI Table 57a6ee3461 OvmfPkg/IntelTdx: Add TdTcg2Dxe 0a4019ec9d OvmfPkg/IntelTdx: Enable RTMR based measurement and measure boot 0b36dea3f8 BaseTools: Fix dependency issue in PcdValueInit 4f89e4b3e8 .pytool: UncrustifyCheck: Set IgnoreFiles path relative to package path 2818fda9bc Security: Add SecTpmMeasurementLibTdx ff0ffe5999 OvmfPkg: Implement MeasureHobList/MeasureFvImage a81a650da1 OvmfPkg: Delete SecMeasurementLibTdx ff36b2550f OvmfPkg/Sec: fix stack switch 21a9b605b8 CpuException: Avoid allocating code pages for DXE instance 34d505123e CpuException: Init global variables in-place 2fbc5ff0a5 CpuException: Avoid allocating page but using global variables 2a09527ebc CpuException: Remove InitializeCpuInterruptHandlers e7abb94d1f CpuException: Add InitializeSeparateExceptionStacks 54aeed7e00 MpInitLib: Allocate code buffer for PEI phase 76323c3145 MpInitLib: remove unneeded global ASM_PFX b4d7b9d2b5 MpInitLib: Put SEV logic in separate file 283ab9437a MpInitLib: Only allocate below 1MB memory for 16bit code ccc269756f MpInitLib: Move the Above1Mb vector allocation to MpInitLibInitialize f0b97e165e Revert "OvmfPkg/Sec: fix stack switch" b09ada6edc MdePkg: Remove "assert" from SmmCpuRendevousLibNull.c 92288f4334 MdePkg/BaseLib: Add CRC16-ANSI and CRC32c implementations e2ae0bed29 ArmPkg/ArmExceptionLib: Follow new CpuExceptionHandlerLib APIs 6676162f64 DxeMain: Fix the bug that StackGuard is not enabled 16d97fa601 OvmfPkg: Use PcdOvmfWorkAreaBase instead of PcdSevEsWorkAreaBase 05e57cc9ce SecurityPkg/HashLibTdx: Return EFI_UNSUPPORTED if it is not Tdx guest 92ab049719 BaseTools: output the intermediate library instance when error occurs cc2db6ebfb UefiPayloadPkg: Increase the PcdMaximumUnicodeStringLength e8034b534a UefiPayloadPkg: Always split page table entry to 4K if it covers stack. cfe165140a UefiPayloadPkg: UniversalPayloadBuild.py to support --pcd feature b97243dea3 MdeModulePkg/XhciDxe: Check return value of XHC_PAGESIZE register 3930d1791a ArmPlatformPkg: Remove overly verbose DEBUG lines in LcdGraphicsBlt aa1bce0e5e OvmfPkg: reduce the number of dsc include files for tpm libs 6c9f218bc0 OvmfPkg/Library: Create base HardwareInfoLib for PCI Host Bridges 2b1a5b8c61 Ovmf/HardwareInfoLib: Create Pei lib to parse directly from fw-cfg a1bd79c514 Ovmf/HardwareInfoLib: Add Dxe lib to dynamically parse heterogenous data 3497fd5c26 Ovmf/PlatformPei: Use host-provided GPA end if available 3f5b1b9132 OvmfPkg/PciHostBridgeUtilityLib: Initialize RootBridges apertures with spec f304308e1c ArmPlatformPkg: Add PCD for serial debug port interrupt 4bfd668e5e UefiCpuPkg: CpuDxe: Set RW and P Attributes on Split Pages 2aee08c0b6 UefiPayloadPkg: Backward support with python 3.6 8f0722434b ArmVirtPkg: Include DxeHardwareInfoLib library class in dsc 15b25045e6 Ovmf: Include HardwareInfoLib library classes for IntelTdx b600f253b3 BaseTools/Ecc: Fix grammar in Ecc error message 7f4eca4cc2 MdeModulePkg/XhciDxe: Add access xHCI Extended Capabilities Pointer 5914128871 BaseTools: Fix the GenMake bug for .cpp source file c13377153f MdePkg/Acpi62: Add type 7 NFIT Platform Capabilities Structure support 21e6ef7522 UefiPayloadPkg: Align Attribute value with UPL spec 8d0564deaf pip-requirements.txt: Update basetools version to 0.1.24 f966093f5b OvmfPkg/PlatformCI: add IntelTdxBuild.py 70586d4e3a MdePkg/Acpi62: Add bit definitions to NFIT Platform Capabilities Structure 7861b24dc9 ArmPkg/Drivers: ArmGicIsInterruptEnabled returns incorrect value e1eef3a8b0 NetworkPkg: Add Wi-Fi Wpa3 support in WifiConnectManager 134fbd552c SecurityPkg: UefiSecureBoot: Definitions of cert and payload structures d6bee54c45 SecurityPkg: PlatformPKProtectionLib: Added PK protection interface 56c717aafa SecurityPkg: SecureBootVariableLib: Updated time based payload creator 6de7c084db SecurityPkg: SecureBootVariableLib: Updated signature list creator 6eb4079475 SecurityPkg: SecureBootVariableLib: Added newly supported interfaces fe73e9cd89 SecurityPkg: SecureBootVariableProvisionLib: Updated implementation d2a0f379d5 SecurityPkg: Secure Boot Drivers: Added common header files 5678ebb42b SecurityPkg: SecureBootConfigDxe: Updated invocation pattern dbc4e3675f SecurityPkg: SecureBootVariableLib: Added unit tests 152e37cc5a OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency f193b945ea EmulatorPkg: Pipeline: Resolve SecureBootVariableLib dependency 9ab18fec82 StandaloneMmPkg: Fix issue about SpPcpuSharedBufSize field 31d3eeb103 StandaloneMmPkg: Replace DEBUG_INFO with DEBUG_ERROR 5496c763aa StandaloneMmPkg: Fix check buffer address failed issue from TF-A e93bc6309b UefiCpuPkg/SecCore: Add debug messages to illuminate data flow 86a0f84470 ArmVirtPkg: Pipeline: Resolving newly introduced dependency c8e30482fd .gitignore: Ignore build tools build logs f6f3cc7ead UefiPayloadPkg: Add CryptoDxe driver to UefiPayload 12dd064a18 MdePkg/include: Update DMAR definitions to Intel VT-d spec ver4.0 9ab389c01b UefiCpuPkg: Update SEC_IDT_TABLE struct 470206ba7f IntelFsp2Pkg: Update SEC_IDT_TABLE struct 0d23c447d6 DynamicTablesPkg: Add support to specify FADT minor revision 07c8e5e59b UefiPayloadPkg/PlatformBootManagerLib: Evenly space boot prompt 176016387f BaseTools: add '-p' for Linux 'cp' command. 039bdb4d3e BaseTools: Fix DSC LibraryClass precedence rule fc4a132c0e DynamicTables: Fix DT PCI interrupt flags parsing 792ebb6374 DynamicTablesPkg: Fix generated _HID value for SBSA c966204049 IntelFsp2Pkg: Add Definition of EDKII_PEI_VARIABLE_PPI 586b4a104b Maintainers.txt: Add IntelFsp2*Pkg Maintainer e18a5f813c Maintainers.txt: Update Maintainers/reviewers for UefiPayloadPkg e21b203911 UefiPayloadPkg: Add macro to support selective driver in UPL f0064ac3af Maintainers.txt: Update email address 6cda306da1 DynamicTablesPkg: AcpiSsdtPcieLibArm: Correct translation value 9ac155bf0b DynamicTablesPkg: AcpiSsdtPcieLibArm: Support UID > 0xF 19a8768365 DynamicTablesPkg: AcpiSsdtPcieLibArm: Create support library 671b0cea51 NetworkPkg/HttpBootDxe: Add Support for HTTP Boot Basic Authentication 140446cd59 IntelFsp2Pkg: Support 64bit FspResetType for X64 build. 24eac4caf3 IntelFsp2WrapperPkg: Support 64bit FspResetType for X64 build. 4824924377 IntelFsp2Pkg/FspSecCore: Add FSP-I API for SMM support. 3b8cee1781 Maintainers.txt: update Gary's email address 7ef91af84c EmulatorPkg/PosixFileSystem: Add NULL check on memory allocation 494f333aba MdeModulePkg/CoreDxe: Allow DXE Drivers to use untested memory 343f37b5c0 MdeModulePkg/SetupBrowserDxe:Follow spec'd way to reconnect driver c8af26627a ArmPkg/CpuDxe: drop ARM_PROCESSOR_TABLE pseudo-ACPI table 5a3641bfcd IntelFsp2Pkg: Add FSPI_ARCH_UPD. bf1ff540d9 MdePkg/UefiDevicePathLib: Add support for PEIMs 6964b5c48c MdeModulePkg/Include: Long debug string is truncated to 104 char d32a84b5ad BaseTools: INF should use latest Pcd value instead of default value 8ee26529d1 BaseTools/VolInfo: Correct alignment attributes display c0b7679aac BaseTools/VolInfo: Increase define for highest section value fca5de51e1 BaseTools/VolInfo: Correct EFI_SECTION_VERSION display 8a5782d704 UefiCpuPkg: Fix nasm warning "signed byte value exceeds" a47241f133 UefiPayloadPkg: Add macro to support selection of CryptoDxe driver 69f76d0f72 Maintainers.txt: Remove OvmfPkg/XenTimerDxe reference a8c4fe23c4 Maintainers.txt: Add missing github ids 7f1c89f167 Maintainers.txt: Remove reviewer Harry Han b68d566439 BaseTools/Capsule: Support signtool input subject name to sign capsule file e3d468acb9 BaseTools/VolInfo: Show encapsulation sections 2677286307 UefiPayloadPkg: Fix RelaAddress type always mismatch in if condition f26b70cb9f UefiPayloadPkg: Add support for logging to CBMEM console 57783adfb5 OvmfPkg: Change default to disable MptScsi and PvScsi 1774a44ad9 Maintainers.txt: Remove MptScsi and PvScsi reviewers 0e7add1d75 OvmfPkg/XenHypercallLib: Fix naming of AArch64 3eca64f157 IntelFsp2Pkg: FSPI_UPD is not mandatory. 0d0bfcb457 IntelFsp2Pkg: Fix GenCfgOpt bug for FSPI_UPD support. 8a210b9ac0 ShellPkg: Acpiview: Abbreviate field names to preserve alignment 65c4f3f2be DynamicTablesPkg: Handle error when IdMappingToken is NULL f5cea604a6 DynamicTablesPkg: IORT set reference to Id array only if present 238f903e8d DynamicTablesPkg: IORT set reference to interrupt array if present 4c55f6394f MdePkg: IORT header update for IORT Rev E.d spec cd67efa1b2 ShellPkg: Acpiview: IORT parser update for IORT Rev E.d spec de200b7e2c DynamicTablesPkg: Update ArmNameSpaceObjects for IORT Rev E.d e9150618ec DynamicTablesPkg: IORT generator updates for Rev E.d spec 6f4e10d6db SecurityPkg: Add retry mechanism for tpm command 19cbfaa431 OvmfPkg/QemuVideoDxe: Zero out PixelInformation in QueryMode a551de0d93 ArmVirtPkg: Fix KVM Guest Firmware 0dc9b78a46 Maintainers.txt: Add missing Github IDs for OvmfPkg TPM/TGC modules d219119721 UefiPayloadPkg/PlatformBootManagerLib: Correct spacing in boot prompt 79aab22fca UefiPayloadPkg: Add a Macro to enable Boot Logo 444260d45e UefiPayloadPkg: Load Boot Logo into ACPI table 86757f0b47 MdeModulePkg: Add EDKII_PCI_DEVICE_PPI definition a8f59e2eb4 MdeModulePkg/AhciPei: Use PCI_DEVICE_PPI to manage AHCI device 3e599bbc10 DynamicTablesPkg: Fix using RmrNodeCount unitlitialised a0a03b5154 BaseTools/GenSec: Fix typo f5f8c08db9 BaseTools/VolInfo: Show FV section boundaries d241a09afb BaseTools/VolInfo: Parse EFI_SECTION_FREEFORM_SUBTYPE_GUID header cf02322c98 BaseTools/GenSec: Support EFI_SECTION_FREEFORM_SUBTYPE_GUID sections 1ee1622817 Basetools/GenFw: Allow AARCH64 builds to use the --prm flag 9f197e44b1 PrmPkg: Enable external visibility on PRM symbols 21200d9fe6 PrmPkg: Build Prm Samples with GCC for AARCH64 57faeb782a PrmPkg: Support AArch64 builds using GCC 1da2012d93 PrmPkg: Add details on AArch64 build to the Readme. 0f7bccf584 UefiCpuPkg: Simplify InitializeSeparateExceptionStacks 9a24c3546e MdeModulePkg: Move CPU_EXCEPTION_INIT_DATA to UefiCpuPkg f1688ec9da UefiCpuPkg: Simplify the struct definition of CPU_EXCEPTION_INIT_DATA 75e3c2435c UefiCpuPkg: Create CpuPageTableLib for manipulating X86 paging structs f336e30ba1 UefiCpuPkg/CpuPageTableLib: Return error on invalid parameters bf334513b3 CpuPageTableLib: Fix a bug when a bit is 1 in Attribute, 0 in Mask 13a0471bfd CpuPageTableLib: Refactor the logic 9cb8974f06 CpuPageTableLib: Split the page entry when LA is aligned but PA is not c16f02f776 CpuPageTableLib: Avoid treating non-leaf entry as leaf one f4c845e46b CpuPageTableLib: Fix parent attributes are not inherited properly 9f53fd4ba7 CpuPageTableLib: Fix a bug to avoid unnecessary changing to page table 927113c83b CpuPageTableLib: Fix bug that wrongly requires extra size for mapping e9e2ecab2d CpuPageTableLib: define IA32_PAGE_LEVEL enum type internally e76496530c MdePkg/Library/UefiDevicePathLib: Add back StandaloneMm INF file bd06717863 MdeModulePkg: Enhance bus scan for all root bridge instances 74f44d920a ShellPkg/SmbiosView: Display extended memory info in smbiosview -t 17 83d5871184 UefiCpuPkg/PiSmmCpuDxeSmm: Add a new mIsShadowStack flag 7b4754904e UefiCpuPkg/PiSmmCpuDxeSmm: Remove mInternalCr3 in PiSmmCpuDxeSmm 62391b4ce9 MdeModulePkg/DxeIpl: Remove clearing CR0.WP when protecting pagetable 803ed060ee UefiPayloadPkg: Remove clearing CR0.WP when protecting pagetable a2b61de2f6 IntelFsp2Pkg: FSPM_ARCH2_UPD mismatching bug. 809b5a3d2a MdeModulePkg: Update the SMBIOS version by UPL 2812668bfc UefiCpuPkg/CpuPageTableLib/UnitTest: Add host based unit test 30d62f5e31 OvmfPkg/PlatformDxe: Check ExtractConfig and RouteConfig arguments b94836b224 OvmfPkg/VirtioGpuDxe: Check QueryMode arguments 3f282f4510 OvmfPkg/VirtioFsDxe: Check GetDriverName arguments 64a20bea97 MdeModulePkg/DumpDynPcd: Remove unsupported format specifiers 9102518d29 MdePkg: Improved Smbios Type9 table and Smbios spec v3.5.0 Changes 35d167ef3c ShellPkg: Improved Smbios Type 9 table changes in PrintInfo.c 68bf712d4f MdePkg: Added support for SMBIOS spec v3.6.0 to Smbios.h e2ac68a23b BaseTools/Source/C/GenSec: Fix EFI_SECTION_FREEFORM_SUBTYPE_GUID header d5fd86f256 ShellPkg: Adds Local APIC parser to AcpiView 2bb0020675 UefiPayloadPkg: Return PciRootBridges instead of NULL c15c9fa420 UefiPayloadPkg: Add macro to control NvmExpressDxe 938430741f RedfishPkg/RedfishDiscoverDxe: USB Redfish host interface is not supported eebef1b3b7 RedfishPkg: Redfish modules may need to use the functions which are private f2bf043aaa RedfishPkg: Redfish functions for REST requests are not fully spec complied dfdba857a6 UefiPayloadPkg: Fix Coverity report defect 4d83ee04f4 ShellPkg: Add revision check for DSDT Header on Arm 0ede7cad73 Maintainers.txt: Update maintainers list 722e03bc2e Revert "UefiCpuPkg/CpuPageTableLib/UnitTest: Add host based unit test" 166c49c212 Revert "ShellPkg: Adds Local APIC parser to AcpiView" 39ff9769ca Revert "BaseTools: Fix DSC LibraryClass precedence rule" ba0e0e4c6a BaseTools: Fix DevicePath GNUmakefile for macOS - Respin the following patches: ovmf-Revert-UefiCpuPkg-Replace-Opcode-with-the-correspond.patch ++++ vim: - Updated to version 9.0.0743, fixes the following problems * Virtual text "after" not correct with 'nowrap'. * Quitting/unloading/hiding a terminal buffer does not always work properly. * SubStation Alpha files are not recognized. * Wrong column when calling setcursorcharpos() with zero lnum. * of MenuPopup event is expanded like a file name. * With 'nowrap' two virtual text below not displayed correctly. * Wrong argument for append() gives two error messages. * With 'nowrap' virtual text "after" does not scroll left. * Compiler warning for unused variable in tiny build. * Extra empty line between two virtual text "below" when 'wrap' and 'number' are set. * Too many delete() calls in tests. * Virtual text "above" with padding not displayed correctly. * Virtual text "after" does not show with 'list' set. * Extra empty line below virtual text when 'list' is set. * Closure in compiled function gets same variable in block. * Virtual text "after" wraps to next line even when 'wrap' is off and 'list' is set. * Looping over list of lists and changing the list contents works in Vim9 script, not in a compiled function. * Help in the repository differs from patched version too much. * extend() test fails. * The rightleft and arabic features are disabled. * Startup test fails with right-left feature. * clang-tidy configuration files are not recognized. * No check for white space before and after "=<<". (Doug Kearns) * Use of strftime() is not safe. * Cursor position invalid when scrolling with 'smoothscroll' set. (Ernie Rael) * Breakindent and scrolloff tests fail. * Quickfix listing does not handle very long messages. * Lisp word only recognized when a space follows. * Cannot suppress completion "scanning" messages. * Mouse column not correctly used for popup_setpos. * prop_add_list() gives multiple errors for invalid argument. * Cannot specify an ID for each item with prop_add_list(). (Sergey Vlasov) * Starting cscope on Unix does not quote the arguments correctly. (Gary Johnson) ------------------------------------------------------------------ ------------------ 2022-10-12 - Oct 12 2022 ------------------- ------------------------------------------------------------------ ++++ ansible-core: - update to 2.13.5: Changelog https://github.com/ansible/ansible/blob/v2.13.5/changelogs/CHANGELOG-v2.13.rst * Bugfixes - ansible-galaxy - remove extra server api call during dependency resolution for requirements and dependencies that are already satisfied (#77443). - ansible-test - Allow disabled, unsupported, unstable and destructive integration test targets to be selected using their respective prefixes. - ansible-test - Allow unstable tests to run when targeted changes are made and the --allow-unstable-changed option is specified (resolves #74213). - apt - Fix module failure when a package is not installed and only_upgrade=True. Skip that package and check the remaining requested packages for upgrades. (#78762) - apt module should not traceback on invalid type given as package. issue 78663. - known_hosts - do not return changed status when a non-existing key is removed (#78598) - paramiko - Add back support for ssh_args, ssh_common_args, and ssh_extra_args for parsing the ProxyCommand (#78750) - plugin loader, fix detection for existing configuration before initializing for a plugin - Remove unneeded BuildRequires on python3-mock ++++ bash: - Don't strip binaries - Work around a signal mask issue with qemu linux-user emulation - Remove backup of patched tests ++++ lvm2-device-mapper: - lvm.conf should re-enable commented out option use_lvmlockd (bsc#1204219) - re-enable "use_lvmlockd = 0" in lvm.conf ++++ kernel-default: - Linux 6.0.1 (bsc#1012628). - xsk: Inherit need_wakeup flag for shared sockets (bsc#1012628). - fs: fix UAF/GPF bug in nilfs_mdt_destroy (bsc#1012628). - sparc: Unbreak the build (bsc#1012628). - Makefile.extrawarn: Move -Wcast-function-type-strict to W=1 (bsc#1012628). - hardening: Remove Clang's enable flag for - ftrivial-auto-var-init=zero (bsc#1012628). - docs: update mediator information in CoC docs (bsc#1012628). - hwmon: (aquacomputer_d5next) Fix Quadro fan speed offsets (bsc#1012628). - usb: mon: make mmapped memory read only (bsc#1012628). - USB: serial: ftdi_sio: fix 300 bps rate for SIO (bsc#1012628). - gpiolib: acpi: Add support to ignore programming an interrupt (bsc#1012628). - gpiolib: acpi: Add a quirk for Asus UM325UAZ (bsc#1012628). - RISC-V: Print SSTC in canonical order (bsc#1012628). - bpf: Gate dynptr API behind CAP_BPF (bsc#1012628). - net: ethernet: mtk_eth_soc: fix state in __mtk_foe_entry_clear (bsc#1012628). - bpf: Fix resetting logic for unreferenced kptrs (bsc#1012628). - Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works (bsc#1012628). - Update config files. - commit 0c45fd2 ++++ lvm2: - lvm.conf should re-enable commented out option use_lvmlockd (bsc#1204219) - re-enable "use_lvmlockd = 0" in lvm.conf ++++ libsoup: - Update to version 3.2.1: + When built against nghttp2 1.50.0+ be relaxed about header whitespace. + Fix possible crash when cancelling an HTTP/2 message. + Fix regresion where soup_server_message_get_socket() could return NULL. + Fix minor memory leak. - Disable tests on 32-bit while waiting for https://gitlab.gnome.org/GNOME/libsoup/-/issues/309 ++++ systemd: - Avoid expanding of macro in comment which leads to an error on installation (workaround for bsc#1203847) ++++ python-immutables: - Update to version 0.19 * Support for Python 3.11 ++++ rust-keylime: - Drop bindgen.patch as is already upstream - Update to version 0.1.0+git.1664480840.0ea0492: * Increase unit testing * Test all features with cargo tarpaulin * Cargo.toml: tss-esapi bindings ------------------------------------------------------------------ ------------------ 2022-10-11 - Oct 11 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - update to 22.2.1 * lots of stuff here: llvmpipe, lavapipe, freedreno, aco, mesa, turnip, virgl, r600, zink, radv, core gallium, and nir. All in all, lots of good fixes all over the tree. ++++ Mesa-drivers: - update to 22.2.1 * lots of stuff here: llvmpipe, lavapipe, freedreno, aco, mesa, turnip, virgl, r600, zink, radv, core gallium, and nir. All in all, lots of good fixes all over the tree. ++++ tcpd: - Add hosts.allow and hosts.deny config files from the netcfg package, as they are tcpd specific, bsc#1099755 ++++ netcfg: - Remove hosts.allow and hosts.deny config files as they are only used by tcpd, which is not installed by default, bsc#1099755 ++++ pam: - pam_env: Using libeconf for reading configuration and environment files. (Patch: pam_env_econf.patch; Testcase: tst-pam_env-retval.c) ++++ patterns-alp: - skip kdump on non-supported architectures (bsc#1204214) ++++ timezone: - timezone update 2022e: * Jordan and Syria switch from +02/+03 with DST to year-round +03 ------------------------------------------------------------------ ------------------ 2022-10-10 - Oct 10 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Disabling netconfig compiling option for openSUSE Tumbleweed. ++++ kernel-default: - misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os (CVE-2022-3424 bsc#1204166). - commit cf55d04 ++++ kernel-firmware: - Apply the same workaround to uncompressed flat package, too (bsc#1204103) ++++ libffi: - add riscv64-handle-big-structures.patch ++++ ncurses: - Add ncurses patch 20221008 + correct a switch-statement case in configure script to allow for test builds with ABI=7. + modify misc/gen-pkgconfig.in to allow for the case where the library directory does not yet exist, since this is processed before doing an install (report by Michal Liszcz). ++++ zlib: - Add Power8 optimizations: * zlib-1.2.12-add-optimized-slide_hash-for-power.patch * zlib-1.2.12-add-vectorized-longest_match-for-power.patch * zlib-1.2.12-adler32-vector-optimizations-for-power.patch * zlib-1.2.12-fix-invalid-memory-access-on-ppc-and-ppc64.patch - Update zlib-1.2.12-IBM-Z-hw-accelerated-deflate-s390x.patch ++++ qemu: - Build fails due to exceeding 10 GB disk limit (10430 MB): raise disk space contraint to 12 GB ------------------------------------------------------------------ ------------------ 2022-10-9 - Oct 9 2022 ------------------- ------------------------------------------------------------------ ++++ gnutls: - Update to 3.7.8: * libgnutls: In FIPS140 mode, RSA signature verification is an approved operation if the key has modulus with known sizes (1024, 1280, 1536, and 1792 bits), in addition to any modulus sizes larger than 2048 bits, according to SP800-131A rev2. * libgnutls: gnutls_session_channel_binding performs additional checks when GNUTLS_CB_TLS_EXPORTER is requested. According to RFC9622 4.2, the "tls-exporter" channel binding is only usable when the handshake is bound to a unique master secret (i.e., either TLS 1.3 or extended master secret extension is negotiated). Otherwise the function now returns error. * libgnutls: usage of the following functions, which are designed to loosen restrictions imposed by allowlisting mode of configuration, has been additionally restricted. Invoking them is now only allowed if system-wide TLS priority string has not been initialized yet: - gnutls_digest_set_secure - gnutls_sign_set_secure - gnutls_sign_set_secure_for_certs - gnutls_protocol_set_enabled * Delete gnutls-3.6.6-set_guile_site_dir.patch and use the - -with-guile-extension-dir configure option to properly handle the guile extension directory. * Rebase gnutls-Make-XTS-key-check-failure-not-fatal.patch * Update gnutls.keyring * Add a build depencency on gtk-doc required by autoreconf ++++ harfbuzz: - Update to version 5.3.0: + Don’t add glyphs from dropped MATH or COLR tables to the subset glyphs + Map rlig to appropriate AAT feature selectors + Update USE data files to latest version + Check CBDT extents first before outline tables, to help with fonts that also include an empty glyf table + More work towards variable font instancing in the subsetter + Subsetter repacker improvements ++++ vim: - Updated to version 9.0.0709, fixes the following problems * Too many delete() calls in tests. * "const" and "final" both make the type a constant. (Daniel Steinberg) * Coverity warns for not checking return value. * Get an error for using const only when executing. * In Vim9 script a numbered function cannot be called. * Too many delete() calls in tests. * Calling a function from an "expr" option has too much overhead. * FEAT_TITLE was removed but is still used. * Evaluating "expr" options has more overhead than needed. * Build error and compiler warnings. * Underline color does not work in terminals that don't send a termresponse. * Syntax of commands in Vim9 script depends on +eval feature. * Popup menu highlight wrong on top of preview popup. (Yegappan Lakshmanan) * Checking for popup in screen_char() is too late, the attribute has already been changed. * Cannot scroll by screen line if a line wraps. * Missing part of the new option code. * Breakindent test fails. * Smoothscroll test fails. * 'smoothscroll' is not copied to a new window on :split. * CTRL-Y does not stop at line 1. (John Marriott) * with 'smoothscroll' set CTRL-E does not work properly when 'foldmethod' is set to "indent". (Yee Cheng Chin) * The 'splitscroll' option is not a good name. * When using powershell input redirection does not work. * No indication when the first line is broken for 'smoothscroll'. * Some tests are failing. * Build fails without the +conceal feature. * 'smoothscroll' not tested with 'number' and "n" in 'cpo'. * BS and DEL do not work properly in an interacive shell. (Gary Johnson) * Breakindent test fails. * passing modifier codes to a shell running in the GUI. (Gary Johnson) * Cannot specify another character to use instead of '@' at the end of the window. * Too many #ifdefs. * Wrong type of comment in SetSyn() function. * Mapping with CTRL keys does not work in the GUI. * Multi-byte "lastline" item in 'fillchars' does not work properly when the window is two columns wide. * Concealed characters do not work correctly. * Tests check for +cmdwin feature which is always present. * Bad redrawing with spell checking, using "C" and "$" in 'cpo'. * Setting 'cmdheight' has no effect if last window was resized. * Spacing-combining characters handled as composing, causing text to take more space than expected. * ml_get error when 'splitkeep' is "screen". (Marius Gedminas) * Too many delete() calls in tests. * No space for command line when there is a tabline. * Negative topline using CTRL-Y with 'smoothscroll' and 'diff'. (Ernie Rael) * Cursor line only partly shows with 'smoothscroll' and 'scrolloff' zero. * First line not scrolled properly with 'smoothscroll' and 'scrolloff' zero and using "k". * Search test screendump is outdated. * Breakindent test accepts wrong result. * Using exclamation marks on :function. * Tests failing with 'smoothscroll', 'number' and "n" in 'cpo'. * Tests failing with 'breakindent', 'number' and "n" in 'cpo'. * "<<<" shows for 'smoothscroll' even when 'showbreak is set. * Crash when popup with deleted timer is closed. (Igbanam Ogbuluijah) * Cannot specify a time for :echowindow. * FORTIFY_SOURCE causes a crash in Vim9 script. * "export def" does not work in a nested block. * Debugger does not display the whole command. * Compiler warning for unused function. * Buffer size for expanding tab not correctly computed. * lalloc(0) error in listchars test. * PoE filter files are not recognized. * browse() first argument cannot be a bool. * No native sound support on Mac OS. * Failing check for dictionary type for const any. * It is unclear if the +rightleft and +arabic features are actively being used. * Cursor in wrong position with Visual substitute. * VisVim is outdated, does not work with current Visual Studio. * Tiny build fails. * There is no real need for a "big" build. * With 'smoothscroll' the cursor position s not adjusted in a long line. * Incomplete testing cursor position after change with 'linebreak' set. * Failing check for argument type for const any. * CI runs "tiny" and "small" builds, which are the same. * Virtual text truncation does not take padding into account. * :help in a narrow window always opens at the top. * With 'smoothscroll' and 'scrolloff' non-zero the cursor position is not properly adjusted in a long line. * :confirm does not work properly for a terminal buffer. * Virtual text "after" not correct with 'nowrap'. ------------------------------------------------------------------ ------------------ 2022-10-8 - Oct 8 2022 ------------------- ------------------------------------------------------------------ ++++ curl: - Update connection info when using UNIX socket as endpoint connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch ++++ iproute2: - update to 6.0: * ipstats: Add param.h for musl * Update kernel headers * libbpf: add xdp program name support * iplink: bond_slave: add per port prio support * seg6: add support for SRv6 Headend Reduced Encapsulation * lib: Introduce ppp protocols * f_flower: Introduce PPPoE support ++++ kernel-firmware: - Workaround for update failure of kernel-firmware-qcom package due to the change from a directory to a symlink (bsc#1204103) ------------------------------------------------------------------ ------------------ 2022-10-7 - Oct 7 2022 ------------------- ------------------------------------------------------------------ ++++ glib2: - Add upstream patch to solve GIMP crashes: + f0dd96c28751f15d0703b384bfc7c314af01caa8.diff: glgo#GNOME/GLib!2770 Empty values are not valid GParamSpec. ++++ gnutls: - FIPS: Set error state when jent init failed in FIPS mode [bsc#1202146] * Add patch gnutls-FIPS-Set-error-state-when-jent-init-failed.patch ++++ kernel-default: - series.conf: cleanup - move upstreamed patches to sorted section: - patches.suse/ALSA-hda-realtek-Add-quirk-for-HP-Zbook-Firefly-14-G.patch - patches.suse/ALSA-hda-realtek-More-robust-component-matching-for-.patch - commit e926c4b ++++ kernel-default-base: - Add _diag modules for included socket types (boo#1204042) ++++ libbsd: - update to 0.11.7: * man: Discourage using the library in non-overlay mode * include: Adjust reallocarray() per glibc adoption * include: Adjust arc4random() per glibc adoption * include: explicit_bzero() requires _DEFAULT_SOURCE * include: Simplify glibc version dependent macro handling * doc: Switch references from pkg-config to pkgconf * doc: Add missing empty line to separate README sections * doc: Refer to the main git repository as primary * test: Fix explicit_bzero() test on the Hurd * fgetwln: Add comment about lack of getwline(3) for recommendation * setmode: Dot not use saveset after free * man: Rewrite gerprogname(3bsd) from scratch * man: Lowercase man page title * man: Document that some arc4random(3) functions are now in glibc 2.36 * Sync arc4random(3) implementation from OpenBSD * Fix ELF support for big endian SH * man: Use -compact also for alternative functions in libbsd(7) * getentropy: Fix function cast for getauxval() ++++ qemu: - Fixes bsc#1204082 * Patches added: block-io_uring-revert-Use-io_uring_regis.patch ------------------------------------------------------------------ ------------------ 2022-10-6 - Oct 6 2022 ------------------- ------------------------------------------------------------------ ++++ ansible-core: - add Conflict with ansible-test ++++ bash: - Add upstream patches * bash52-001 Expanding unset arrays in an arithmetic context can cause a segmentation fault. * bash52-002 Starting bash with an invalid locale specification for LC_ALL/LANG/LC_CTYPE can cause the shell to crash. - Do not run checks in parallel as it eats memory, a lot of memory - Disable alternate array implementation as it eats a lot of memory ++++ grub2: - Fix firmware oops after disk decrypting failure (bsc#1204037) * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch ++++ kernel-default: - fix coredump breakage (coredump fix). - commit 97b0626 ++++ ceph: - Update to 16.2.9-539-gea74dd900cd: + (bsc#1202292) ceph.spec.in: Add -DFMT_DEPRECATED_OSTREAM to CXXFLAGS ++++ readline: - Add patch readline82-001 and its signing readline82-001 * Starting a readline application with an invalid locale specification for LC_ALL/LANG/LC_CTYPE can cause it crash on the first call to readline. ++++ pam-config: - Update to Version 1.7 - Correctly handle --service option with /usr/lib/pam.d and /usr/etc/pam.d [bsc#1196613] ++++ salt: - Make pass renderer configurable and fix detected issues - Workaround fopen line buffering for binary mode (bsc#1203834) - Handle non-UTF-8 bytes in core grains generation (bsc#1202165) - Fix Syndic authentication errors (bsc#1199562) - Added: * make-pass-renderer-configurable-other-fixes-532.patch * ignore-non-utf8-characters-while-reading-files-with-.patch * fopen-workaround-bad-buffering-for-binary-mode-563.patch * backport-syndic-auth-fixes.patch ------------------------------------------------------------------ ------------------ 2022-10-5 - Oct 5 2022 ------------------- ------------------------------------------------------------------ ++++ glibc: - get-nscd-addresses.patch: get_nscd_addresses: Fix subscript typos (BZ [#29605]) - x86-64-avx2-string-functions.patch: check for required cpu features in AVX2 string functions (BZ #29611) - nscd-aicache.patch: nscd: Drop local address tuple variable (BZ #29607) ++++ kernel-default: - Revert "constraints: increase disk space for all architectures" (bsc#1203693). This reverts commit 43a9011f904bc7328d38dc340f5e71aecb6b19ca. - commit 3d33373 ++++ libfido2: - Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Support for hidraw(4) on FreeBSD; gh#597. * Improved support for FIDO 2.1 authenticators. * New API calls: + es384_pk_free; + es384_pk_from_EC_KEY; + es384_pk_from_EVP_PKEY; + es384_pk_from_ptr; + es384_pk_new; + es384_pk_to_EVP_PKEY; + fido_cbor_info_certs_len; + fido_cbor_info_certs_name_ptr; + fido_cbor_info_certs_value_ptr; + fido_cbor_info_maxrpid_minpinlen; + fido_cbor_info_minpinlen; + fido_cbor_info_new_pin_required; + fido_cbor_info_rk_remaining; + fido_cbor_info_uv_attempts; + fido_cbor_info_uv_modality. * Documentation and reliability fixes. - Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise "uv" instead of "clientPin". * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: + fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. ++++ libvirt: - Update to libvirt 8.8.0 - jsc#PED-620, jsc#PED-1540 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v8-8-0-2022-10-03 - spec: Switch from monolithic to modular daemons for Factory ++++ libzypp: - Resolver: Fix missing --[no]-recommends initialization in update (fixes #openSUSE/zypper#459, bsc#1201972) - Log ONLY_NAMESPACE_RECOMMENDED because this is what corresponds to --[no]-recommends. - version 17.31.2 (22) ++++ python-libvirt-python: - Update to 8.8.0 - Add all new APIs and constants in libvirt 8.8.0 - jsc#PED-620, jsc#PED-1540 ++++ qemu: - Due to change in where some documentation files are, if qemu-guest-agent is installed, we need to make sure we update it to our version (bsc#1203995) - The links in the forsplit dirs, in each subpackage, born to deal with package & subpackage splitting, are not really used. In fact, they're "Provides:"-ed by a bunch of subpackages, but there's no "Requires:" for any of them. Let's just get rid of them. ++++ zypper: - BuildRequires: libzypp-devel >= 17.31.2. - Fix --[no]-allow-vendor-change feedback in install command (bsc#1201972) - version 1.14.57 ------------------------------------------------------------------ ------------------ 2022-10-4 - Oct 4 2022 ------------------- ------------------------------------------------------------------ ++++ gnutls: - FIPS: Make XTS key check failure not fatal [bsc#1203779] * Add gnutls-Make-XTS-key-check-failure-not-fatal.patch ++++ kernel-default: - ALSA: hda/realtek: More robust component matching for CS35L41 (bsc#1203699). - ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model (bsc#1203699). - commit 25aa080 ++++ kexec-tools: - add kexec-tools-riscv64.patch ++++ llvm15: - Update to version 15.0.2. * This release contains bug-fixes for the LLVM 15.0.0 release. This release is API and ABI compatible with 15.0.0. - Rebase llvm-do-not-install-static-libraries.patch. ++++ libbpf: - update to 1.0.1: * fix inadvertently changed struct bpf_object_open_opts memory layout; * fix btf.h header relying on struct enum64 type defined in kernel UAPI headers; * fix NULL pointer exception in API btf_dump__dump_type_data; * remove struct btf_map_def accidentally left in bpf_helpers.h header. * All deprecated APIs and features removed! * support for syscall-specific kprobe/kretprobe (SEC("ksyscall/") and SEC("kretsyscall/")); * support for sleepable uprobe BPF programs (SEC("uprobe.s")); * support for per-cgroup LSM BPF programs (SEC("lsm_cgroup")); * support for new BPF CO-RE relocation TYPE_MATCHES; * bpf_prog_load() and bpf_map_create() are now smarter about handling program and map name on old kernels (it will be ignored if kernel doesn't support names); * BTF_KIND_ENUM64 support; * increase tracing attachment (kprobe/uprobe/tracepoint) robustness by using tracefs or debugfs, whichever is mounted; * new APIs for converting BPF enums to their string representation: * libbpf_bpf_prog_type_str(); * libbpf_bpf_map_type_str(); * libbpf_bpf_link_type_str(); * libbpf_bpf_attach_type_str(); * bpf_program__set_autoattach() and bpf_program__autoattach() to allow opting out from auto-attaching of BPF program by BPF skeleton; * perf_buffer__buffer() API to give access to underlying per-CPU buffer for BPF ringbuf; * bpf_obj_get_opts() API for more flexible fetching of BPF kernel objects' information. - see https://github.com/libbpf/libbpf/releases/tag/v1.0.0 for detailed changelog ++++ xz: - Move localised man pages to lang subpackage ++++ ncurses: - Add ncurses patch 20221001 + modify configure/scripts to work around interference by GNU grep 3.8 (report by Sam James). + update CF_XOPEN_SOURCE, adding variants "gnueabi" and "gnueabihf" to get _DEFAULT_SOURCE special case (report by Adam Sampson) - Port patch ncurses-6.3.dif ++++ libosinfo: - jsc#PED-2113 [Virt Tools] Refresh Virtualization Tools for Xen and KVM Management ++++ pango: - Update to version 1.50.11: + Don't crash for lack of fonts. + Avoid a crash in shaping. - Drop 639.patch: Fixed upstream. ++++ systemd: - Import commit 07aa29e3942fb46b0aed5405c88e8d3179ca958f (merge of v251.5) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/532faa39ebaa6f56e493cc938a91a40df082b74f...07aa29e3942fb46b0aed5405c88e8d3179ca958f ++++ osinfo-db: - jsc#PED-2113 [Virt Tools] Refresh Virtualization Tools for Xen and KVM Management ++++ qemu: - The old qemu-binfmt weappers around the various qemu-$ARCH Linux user emulation binaries (see, e.g., bsc#1186256) are not necessary any longer, and bsc#1143725 can now be considered fixed. * Patches dropped: linux-user-add-binfmt-wrapper-for-argv-0.patch linux-user-binfmt-support-host-binaries.patch - Fix bsc#1204001. Patches are not upstream, and have been picked up and backported from the ML. This is something we usually prefer to avoid, but this is urgent, and the patches looks fine, with high chances for them to be included as they are (and if they're not, we will revisit this, i.e., drop them and re-include the ones that are actually committed) * Patches added: linux-user-add-more-compat-ioctl-definit.patch linux-user-drop-conditionals-for-obsolet.patch linux-user-remove-conditionals-for-many-.patch meson-enforce-a-minimum-Linux-kernel-hea.patch - Improve the output of update_git.sh, by including the list of repos to which we have downstream patches. ++++ virt-manager: - jsc#PED-2113 [Virt Tools] Refresh Virtualization Tools for Xen and KVM Management ++++ xkeyboard-config: - Update to version 2.37 * bugfixes - supersedes U_Fixes-regression-from-c3c5d02-were-mistakenly-replac.patch ------------------------------------------------------------------ ------------------ 2022-10-3 - Oct 3 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - Add build_orig conditional switch for video codecs define. ++++ Mesa-drivers: - Add build_orig conditional switch for video codecs define. ++++ NetworkManager: - Drop dependency on sysconfig-netconfig: the collection of shell scripts is not required for regular operation. ++++ iputils: - Backport 2 fixes for bsc#1203957: 0001-ping-Add-SA_RESTART-to-sa_flags.patch 0002-ping-Make-ping_rts-struct-static.patch ++++ kernel-default: - Refresh patches.suse/vduse-prevent-uninitialized-memory-accesses.patch. Update upstream status. - commit 39efccd ++++ kernel-firmware: - Update to version 20220930 (git commit fdf1a6525852): * linux-firmware: Update AMD cpu microcode * mediatek: mt8195: Update scp.img to v2.0.11956 * mediatek: Add new mt8195 SOF firmware * mediatek: Update mt8186 SOF firmware to v0.2.1 * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * rtl_bt: Update RTL8852A BT USB firmware to 0xD9B8_8207 * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for MT7921 WiFi device * cxgb4: Update firmware to revision 1.27.0.0 (jsc#PED-1501) * i915: Add versionless HuC files for current platforms * i915: Add GuC v70.5.1 for DG1, DG2, TGL and ADL-P * qca: Update firmware files for BT chip WCN3991. * Removing crnv32 * amdgpu: update yellow carp DMCUB firmware * amdgpu: add firmware for VCN 3.1.2 IP block * amdgpu: add firmware for SDMA 5.2.6 IP block * amdgpu: add firmware for PSP 13.0.5 IP block * amdgpu: add firmware for GC 10.3.6 IP block * amdgpu: add firmware for DCN 3.1.5 IP block * qcom: rename Lenovo ThinkPad X13s firmware paths * rtw89: 8852c: update fw to v0.27.42.0 * rtw89: 8852c: update fw to v0.27.36.0 - Fix install-split.sh for dealing with a symlink of directory ++++ systemd-rpm-macros: - Bump to version 17 - Fix syntax error in %tmpfiles_create_package() (bsc#1203945) ++++ xkeyboard-config: - Reduce python3 to python3-base ------------------------------------------------------------------ ------------------ 2022-10-2 - Oct 2 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update to 6.0 final - eliminate 1 patch - patches.suse/vduse-prevent-uninitialized-memory-accesses.patch - refresh configs (headers only) - commit a7dafe3 ++++ lttng-ust: - Update to version 2.13.5: * Fix: bytecode validator: reject specialised load field/context ref instructions. * Fix: bytecode validator: reject specialised load instructions. * Fix: event notification capture: validate buffer length. * Fix: event notification capture error handling. * Fix: lttng-ust-comm: wait on wrong child process. * fix: 'make dist' without javah. ------------------------------------------------------------------ ------------------ 2022-10-1 - Oct 1 2022 ------------------- ------------------------------------------------------------------ ++++ libglvnd: - update to 1.5.0: * Add BTI landing pads for aarch64 * Set current thread state to NULL in teardown * Moving setspecific to before DestroyThreadState * Fix a memory leak in libGLdispatch * Use assembly stubs on armv6 - drop libglvnd-add-bti.patch (upstream) ------------------------------------------------------------------ ------------------ 2022-9-30 - Sep 30 2022 ------------------- ------------------------------------------------------------------ ++++ curl: - Change the deprecated configure option --enable-hidden-symbols to the new --enable-symbol-hiding. ++++ transactional-update: - Version 4.1.0 - t-u: Add a "setup-kdump" command; implements [jsc#PED-1441] - Export TRANSACTIONAL_UPDATE_ROOT (the path to the snapshot) in the update environment; implements [jsc#PED-1078] - Add support for "notify" reboot method for desktop use [gh#openSUSE/transactional-update#93] - Fix kdump initrd recreation detection; the check was performed in the active snapshot instead of the target snapshot - Document register command [bsc#1202900] - Avoid unnecessary snapshots for register command [bsc#1202901] - Various optimizations for register command - Remove bogus error message when triggering reboot - Rework /etc overlay documentation in "The Transactional Update Guide" - Fix incorrect manpage formatting - Remove leftover "salt" reboot method in configuration example file - Replace deprecated std::mem_fn with lambdas ++++ fde-tools: - add build support for other architectures - spec file clean ups ++++ xz: - update to 5.2.7: * liblzma: - Add API doc note about the .xz decoder LZMA_MEMLIMIT_ERROR bug. - Add dest and src NULL checks to lzma_index_cat. The documentation states LZMA_PROG_ERROR can be returned from lzma_index_cat. Previously, lzma_index_cat could not return LZMA_PROG_ERROR. Now, the validation is similar to lzma_index_append, which does a NULL check on the index parameter. - Fix copying of check type statistics in lzma_index_cat(). The check type of the last Stream in dest was never copied to dest->checks (the code tried to copy it but it was done too late). This meant that the value returned by lzma_index_checks() would only include the check type of the last Stream when multiple lzma_indexes had been concatenated. In xz --list this meant that the summary would only list the check type of the last Stream, so in this sense this was only a visual bug. However, it's possible that some applications use this information for purposes other than merely showing it to the users in an informational message. I'm not aware of such applications though and it's quite possible that such applications don't exist. Regular streamed decompression in xz or any other application doesn't use lzma_index_cat() and so this bug cannot affect them. - Stream decoder: Fix restarting after LZMA_MEMLIMIT_ERROR. If lzma_code() returns LZMA_MEMLIMIT_ERROR it is now possible to use lzma_memlimit_set() to increase the limit and continue decoding. This was supposed to work from the beginning but there was a bug. With other decoders (.lzma or threaded .xz) this already worked correctly. - lzma_filters_copy: Keep dest[] unmodified if an error occurs. lzma_stream_encoder() and lzma_stream_encoder_mt() always assumed this. Before this patch, failing lzma_filters_copy() could result in free(invalid_pointer) or invalid memory reads in stream_encoder.c or stream_encoder_mt.c. To trigger this, allocating memory for a filter options structure has to fail. These are tiny allocations so in practice they very rarely fail. Certain badness in the filter chain array could also make lzma_filters_copy() fail but both stream_encoder.c and stream_encoder_mt.c validate the filter chain before trying to copy it, so the crash cannot occur this way. - lzma_index_append: Add missing integer overflow check. The documentation in src/liblzma/api/lzma/index.h suggests that both the unpadded (compressed) size and the uncompressed size are checked for overflow, but only the unpadded size was checked. The uncompressed check is done first since that is more likely to occur than the unpadded or index field size overflows. - Vaccinate against an ill patch from RHEL/CentOS 7. * xzgrep: - Fix compatibility with old shells. Turns out that some old shells don't like apostrophes (') inside command substitutions. The problem was introduced by commits 69d1b3fc29677af8ade8dc15dba83f0589cb63d6 (2022-03-29), bd7b290f3fe4faeceb7d3497ed9bf2e6ed5e7dc5 (2022-07-18), and a648978b20495b7aa4a8b029c5a810b5ad9d08ff (2022-07-19). 5.2.6 is the only stable release that included this problem. * Translations: Add Turkish translation. ++++ patterns-alp: - enable patterns building for riscv64 ++++ qemu: - Fix: bsc#1202665, CVE-2022-2962 * Patches added: net-tulip-Restrict-DMA-engine-to-memorie.patch - skip tests that don't work under qemu-linux-user emulation ++++ selinux-policy: - Updated quilt couldn't unpack tarball. This will cause ongoing issues so drop the sed statement in the %prep section and add distro_suse_to_distro_redhat.patch to add the necessary changes via a patch ++++ vim: - Updated to version 9.0.0626, fixes the following problems - fix boo#1203924 - CVE-2022-3352 * Error for modifying a const is not detected at compile time. * Leaking argument type array. * Too many delete() calls in tests. * When quitting the cmdline window with CTRL-C it remains visible. * Warning for using uninitialized value in mouse test. * A closure in a nested loop in a :def function does not work. * Build failure. * Various problems with 'nosplitscroll'. * Line number argument for :badd does not work. * Command line cleared when using :redrawstatus in CmdlineChanged autocommand event. * When the channel test fails there is no clue why. * Confusing error for "saveas" command with "nofile" buffer. * Chatito files are not recognized. * Unnecessary scrolling for message of only one line. * Cannot redraw the status lines when editing a command. * May not be able to use a pattern ad the debug prompt. * Terminal test sometimes hangs. * Virtual text highlight starts too early when 'number' is set. * Virtual text "above" highlights gap after it. * When at the command line :redrawstatus does not work well. * Virtual text highlight starts too early with 'nowrap' and 'number' set. * The win_line() function is much too long. * Declaring a loop variable at the start of a block is clumsy. * Compiler warns for unused argument in small version. * Build fails on Appveyor. * more compiler warnings for arguments in small version * Manually deleting temp test files. * Long sign text may overflow buffer. * Appveyor setup contains outdated lines. * Using freed memory when autocmd changes mark. * The win_line() function is much too long. * Edit test is flaky when run under valgrind. * The win_line() function is much too long. * Line number is displayed at virtual text "above". * Closure gets wrong value in for loop with two loop variables. * The do_set() function is much too long. * Manually deleting test temp files. * Long message test can be flaky. * Assigning stack variable to argument confuses Coverity. * Terminal pwd test fails with a very long path name. * Insufficient testing for assert and test functions. * Minor issues with setting a string option. * When a test is slow and CI times out there is no time info. * Supporting Ruby 1.8 makes code complicated. * Looping over empty out_loop[] entries. * reduce() with a compiled lambda could be faster. * Duplicated code in calling a :def function. * Crash when closing a tabpage and buffer is NULL. * Mode message is delayed when :echowin was used. (Maxim Kim) * Crash when using NUL in buffer that uses :source. * No error for "|" after "{" in lamda. * Using freed memory when command follows lambda. * Scrolling with 'nosplitscroll' in callback changing curwin. * Leaking memory with nested functions. * Valgrind reports possibly leaked memory. * Coverity warns for possibly using NULL pointer. * Timer test may get stuck at hit-enter prompt. * Elapsed time since testing started is not visible. * When a test gets stuck it just hangs forever. * HSL playlist files are not recognized. * Timer_info() test fails. * Cscope test causes problems when code for test timeout timer is included (even when commented out). * Nim files are not recognized. * 'completeopt' "longest" is not used for complete(). * Autocmd code is indented more than needed. * Cannot easily get out when using "vim file | grep word". * Insert complete tests leave a mapping behind. * Outdated dependencies go unnoticed. * Timer garbage collect test hangs on Mac M1. * The getchar() function behaves strangely with bracketed paste. * Unused loop variables. * Buffer underflow with unexpected :finally. * Using freed memory when 'tagfunc' wipes out buffer that holds 'complete'. * Adding a character for incsearch fails at end of line. * Only recognizing .m3u8 files is inconsistent. * Cscope test with wrong executable name fails. * When long message test fails the error message is not visible. * Missing change in test. * Unicode tables are outdated. * After exiting Insert mode spelling is not checked in the next line. * Message window popup shows on only one tab page. (Naruhiko Nishino) * Display not cleared when scrolling back in messages, a background color is set and t_ut is empty. * Makefile error message causes a shell error. * Extra newline in messages after a verbose shell message. * Cannot close a tab page with the middle mouse button. * Using negative array index with negative width window. * Latexmkrc files are not recognized. * GYP files are not recognized. * Too much indent. * New TypeScript extensions are not recognized. * With 'nosplitscroll' folds are not handled correctly. * Luacheckrc file is not recognized. * Dump file missing. * system() opens a terminal window when using the GUI and "!" is in 'guioptions'. * With spell checking, deleting a full stop at the end of a line does not update SpellCap at the start of the next line. * Blockedit test fails because of wrong indent. * Global interrupt test fails when run under valgrind. * Tests delete files with a separate delete() call. * Blockedit test passes with wrong result. * Running source tests leaves file behind. * SpellFileMissing autocmd may delete buffer. * Using reduce() on a list from range() is a bit slow. * Spell test fails because error message changed. * Calling function for reduce() has too much overhead. * Too many delete() calls in tests. * matchaddpos() can get slow when adding many matches. * Filetype test leaves file behind. * matchaddpos() can only add up to 8 matches. ------------------------------------------------------------------ ------------------ 2022-9-29 - Sep 29 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - re-disable video codecs https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/15258 ++++ Mesa-drivers: - re-disable video codecs https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/15258 ++++ docker: - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux. - Fix syntax of boolean dependency ++++ kdump: - update to kdump-1.0.2+git20: * Use inst_binary to install kdump-save - disable build on arm 32bit (bsc#1203888) ++++ libXxf86vm: - modernize spec file, add license ++++ libcap: - update to 2.66: * Fix documentation typos in cap_from_text.3 * Some getpcaps code clean up and a fix for PID argument parsing from Jakub Wilk. * Slightly more robust Makefiles to address an error with make -j48 test observed * Include a simple Go program, captrace, to trace kernel capability validation checks * This program can be used to figure out what capabilities a program needs to operate. * captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for capability checks and whether or not they succeed for the system, a specific PID or a program's direct execution. * Trim down the default file capabilities for contrib/sucap/su to those actually needed and set USER and HOME environment variables so bash doesn't complain about a sourcing error. ++++ osinfo-db: - Update to database version 20220830 osinfo-db-20220830.tar.xz ++++ python-cryptography: - update to 38.0.1: * Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically seen in large CRLs). * Final deprecation of OpenSSL 1.1.0. The next release of ``cryptography`` will drop support. * We no longer ship ``manylinux2010`` wheels. Users should upgrade to the latest ``pip`` to ensure this doesn't cause issues downloading wheels on their platform. We now ship ``manylinux_2_28`` wheels for users on new enough platforms. * Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0. Users with the latest ``pip`` will typically get a wheel and not need Rust installed, but check :doc:`/installation` for documentation on installing a newer ``rustc`` if required. * :meth:`~cryptography.fernet.Fernet.decrypt` and related methods now accept both ``str`` and ``bytes`` tokens. * Parsing ``CertificateSigningRequest`` restores the behavior of enforcing that the ``Extension`` ``critical`` field must be correctly encoded DER. See `the issue `_ for complete details. * Added two new OpenSSL functions to the bindings to support an upcoming ``pyOpenSSL`` release. * When parsing :class:`~cryptography.x509.CertificateRevocationList` and :class:`~cryptography.x509.CertificateSigningRequest` values, it is now enforced that the ``version`` value in the input must be valid according to the rules of :rfc:`2986` and :rfc:`5280`. * Using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder` and other X.509 builders is deprecated and support will be removed in the next version. * Added additional APIs to :class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp`, including :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_hash_algorithm`, :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_algorithm`, :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature`, and :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.extension_bytes`. * Added :attr:`~cryptography.x509.Certificate.tbs_precertificate_bytes`, allowing users to access the to-be-signed pre-certificate data needed for signed certificate timestamp verification. * :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFHMAC` and :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC` now support :attr:`~cryptography.hazmat.primitives.kdf.kbkdf.CounterLocation.MiddleFixed` counter location. * Fixed :rfc:`4514` name parsing to reverse the order of the RDNs according to the section 2.1 of the RFC, affecting method :meth:`~cryptography.x509.Name.from_rfc4514_string`. * It is now possible to customize some aspects of encryption when serializing private keys, using :meth:`~cryptography.hazmat.primitives.serialization.PrivateFormat.encryption_builder`. * Removed several legacy symbols from our OpenSSL bindings. Users of pyOpenSSL versions older than 22.0 will need to upgrade. * Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES128` and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES256` classes. These classes do not replace :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES` (which allows all AES key lengths), but are intended for applications where developers want to be explicit about key length. ++++ python-pyOpenSSL: - update to 22.1.0: * Remove support for SSLv2 and SSLv3. * The minimum ``cryptography`` version is now 37.0.2. * The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored, changing its internal attributes. * Add ``OpenSSL.SSL.Connection.set_verify`` and ``OpenSSL.SSL.Connection.get_verify_mode`` to override the context object's verification flags. * Add ``OpenSSL.SSL.Connection.use_certificate`` and ``OpenSSL.SSL.Connection.use_privatekey`` to set a certificate per connection (and not just per context) ++++ python-requests: - requires python 3.7 or newer ++++ selinux-policy: - Update fix_networkmanager.patch to ensure NetworkManager chrony dispatcher is properly labled and update fix_chronyd.patch to ensure chrony helper script has proper label to be used by NetworkManager. Also allow NetworkManager_dispatcher_custom_t to query systemd status (bsc#1203824) ------------------------------------------------------------------ ------------------ 2022-9-28 - Sep 28 2022 ------------------- ------------------------------------------------------------------ ++++ docker-compose: - Update to version 2.11.2: * deps: fix race condition during graph traversal (#9878) * ci: limit job permissions from default (#9874) * remove unnecessary code * add more information when service.platform isn't part of service.build.platforms * ci: upgrade to compose-go v1.6.0 * cli: add shell completion function (#9269) * run: clean service command if entrypoint is overridden (#9836) * Remove support for `DOCKER_HOST` in `.env` files (#9871) * keep the platform defined, in priority, via DOCKER_DEFAULT_PLATFORM or the service.plaform one if no build platforms provided * Restore `-s` in `uname` OS detection logic in `Makefile` * Streamline GHA workflow * Upgrade `actions/setup-go` to v3 * Skip some tests in CI due to flakiness * Increase E2E test timeouts to reduce flakiness * Temporarily disable broken E2E tests on Windows * Rework Makefile for better Windows support * Add GitHub Action workflow to run tests on Mac/Windows runners * configure default builder export when no build.platforms defined * Remove `/rebase` GitHub Action since it's no longer necessary ++++ kernel-default: - Linux 5.19.12 (bsc#1012628). - drm/i915: Extract intel_edp_fixup_vbt_bpp() (bsc#1012628). - drm/i915/pps: Split pps_init_delays() into distinct parts (bsc#1012628). - drm/i915/bios: Split parse_driver_features() into two parts (bsc#1012628). - drm/i915/bios: Split VBT parsing to global vs. panel specific parts (bsc#1012628). - drm/i915/bios: Split VBT data into per-panel vs. global parts (bsc#1012628). - drm/i915/dsi: filter invalid backlight and CABC ports (bsc#1012628). - drm/i915/dsi: fix dual-link DSI backlight and CABC ports for display 11+ (bsc#1012628). - smb3: Move the flush out of smb2_copychunk_range() into its callers (bsc#1012628). - smb3: fix temporary data corruption in collapse range (bsc#1012628). - smb3: fix temporary data corruption in insert range (bsc#1012628). - usb: add quirks for Lenovo OneLink+ Dock (bsc#1012628). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (bsc#1012628). - smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait (bsc#1012628). - Revert "usb: add quirks for Lenovo OneLink+ Dock" (bsc#1012628). - Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio" (bsc#1012628). - xfrm: fix XFRMA_LASTUSED comment (bsc#1012628). - block: remove QUEUE_FLAG_DEAD (bsc#1012628). - block: stop setting the nomerges flags in blk_cleanup_queue (bsc#1012628). - block: simplify disk shutdown (bsc#1012628). - scsi: core: Fix a use-after-free (bsc#1012628). - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1012628). - USB: core: Fix RST error in hub.c (bsc#1012628). - USB: serial: option: add Quectel BG95 0x0203 composition (bsc#1012628). - USB: serial: option: add Quectel RM520N (bsc#1012628). - Revert "ALSA: usb-audio: Split endpoint setups for hw_params and prepare" (bsc#1012628). - ALSA: core: Fix double-free at snd_card_new() (bsc#1012628). - ALSA: hda/tegra: set depop delay for tegra (bsc#1012628). - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation (bsc#1012628). - ALSA: hda: Fix Nvidia dp infoframe (bsc#1012628). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (bsc#1012628). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (bsc#1012628). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop (bsc#1012628). - ALSA: hda/realtek: Re-arrange quirk table entries (bsc#1012628). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (bsc#1012628). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (bsc#1012628). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (bsc#1012628). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (bsc#1012628). - ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED (bsc#1012628). - iommu/vt-d: Check correct capability for sagaw determination (bsc#1012628). - exfat: fix overflow for large capacity partition (bsc#1012628). - btrfs: fix hang during unmount when stopping block group reclaim worker (bsc#1012628). - btrfs: fix hang during unmount when stopping a space reclaim worker (bsc#1012628). - btrfs: zoned: wait for extent buffer IOs before finishing a zone (bsc#1012628). - libperf evlist: Fix polling of system-wide events (bsc#1012628). - media: flexcop-usb: fix endpoint type check (bsc#1012628). - usb: dwc3: core: leave default DMA if the controller does not support 64-bit DMA (bsc#1012628). - thunderbolt: Add support for Intel Maple Ridge single port controller (bsc#1012628). - efi: x86: Wipe setup_data on pure EFI boot (bsc#1012628). - efi: libstub: check Shim mode using MokSBStateRT (bsc#1012628). - wifi: mt76: fix reading current per-tid starting sequence number for aggregation (bsc#1012628). - gpio: mockup: fix NULL pointer dereference when removing debugfs (bsc#1012628). - gpio: mockup: Fix potential resource leakage when register a chip (bsc#1012628). - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully (bsc#1012628). - riscv: fix a nasty sigreturn bug.. (bsc#1012628). - riscv: fix RISCV_ISA_SVPBMT kconfig dependency warning (bsc#1012628). - drm/i915/gem: Flush contexts on driver release (bsc#1012628). - drm/i915/gem: Really move i915_gem_context.link under ref protection (bsc#1012628). - xen/xenbus: fix xenbus_setup_ring() (bsc#1012628). - kasan: call kasan_malloc() from __kmalloc_*track_caller() (bsc#1012628). - can: flexcan: flexcan_mailbox_read() fix return value for drop = true (bsc#1012628). - net: mana: Add rmb after checking owner bits (bsc#1012628). - mm/slub: fix to return errno if kmalloc() fails (bsc#1012628). - mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context (bsc#1012628). - KVM: x86: Reinstate kvm_vcpu_arch.guest_supported_xcr0 (bsc#1012628). - KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES (bsc#1012628). - KVM: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled (bsc#1012628). - perf/arm-cmn: Add more bits to child node address offset field (bsc#1012628). - arm64: topology: fix possible overflow in amu_fie_setup() (bsc#1012628). - vmlinux.lds.h: CFI: Reduce alignment of jump-table to function alignment (bsc#1012628). - batman-adv: Fix hang up with small MTU hard-interface (bsc#1012628). - firmware: arm_scmi: Harden accesses to the reset domains (bsc#1012628). - firmware: arm_scmi: Fix the asynchronous reset requests (bsc#1012628). - arm64: dts: rockchip: Lower sd speed on quartz64-b (bsc#1012628). - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (bsc#1012628). - arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (bsc#1012628). - drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks (bsc#1012628). - arm64: dts: imx8mm: Reverse CPLD_Dn GPIO label mapping on MX8Menlo (bsc#1012628). - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (bsc#1012628). - arm64: dts: imx8mn: remove GPU power domain reset (bsc#1012628). - arm64: dts: imx8ulp: add #reset-cells for pcc (bsc#1012628). - dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() (bsc#1012628). - arm64: dts: rockchip: fix property for usb2 phy supply on rock-3a (bsc#1012628). - arm64: dts: rockchip: fix property for usb2 phy supply on rk3568-evb1-v10 (bsc#1012628). - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (bsc#1012628). - arm64: dts: rockchip: Remove 'enable-active-low' from rk3566-quartz64-a (bsc#1012628). - arm64: dts: imx8mm-verdin: extend pmic voltages (bsc#1012628). - netfilter: nf_conntrack_sip: fix ct_sip_walk_headers (bsc#1012628). - netfilter: nf_conntrack_irc: Tighten matching on DCC message (bsc#1012628). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1012628). - ice: Don't double unplug aux on peer initiated reset (bsc#1012628). - ice: Fix crash by keep old cfg when update TCs more than queues (bsc#1012628). - iavf: Fix cached head and tail value for iavf_get_tx_pending (bsc#1012628). - ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header (bsc#1012628). - net: core: fix flow symmetric hash (bsc#1012628). - wifi: iwlwifi: Mark IWLMEI as broken (bsc#1012628). - arm64: dts: tqma8mqml: Include phy-imx8-pcie.h header (bsc#1012628). - drm/mediatek: Fix wrong dither settings (bsc#1012628). - arm64: dts: imx8mp-venice-gw74xx: fix CAN STBY polarity (bsc#1012628). - arm64: dts: imx8mp-venice-gw74xx: fix ksz9477 cpu port (bsc#1012628). - ARM: dts: lan966x: Fix the interrupt number for internal PHYs (bsc#1012628). - net: phy: aquantia: wait for the suspend/resume operations to finish (bsc#1012628). - arm64: dts: imx8mp-venice-gw74xx: fix port/phy validation (bsc#1012628). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1012628). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (bsc#1012628). - net: bonding: Share lacpdu_mcast_addr definition (bsc#1012628). - net: bonding: Unsync device addresses on ndo_stop (bsc#1012628). - net: team: Unsync device addresses on ndo_stop (bsc#1012628). - drm/panel: simple: Fix innolux_g121i1_l01 bus_format (bsc#1012628). - mm/slab_common: fix possible double free of kmem_cache (bsc#1012628). - MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko (bsc#1012628). - MIPS: Loongson32: Fix PHY-mode being left unspecified (bsc#1012628). - um: fix default console kernel parameter (bsc#1012628). - iavf: Fix bad page state (bsc#1012628). - mlxbf_gige: clear MDIO gateway lock after read (bsc#1012628). - iavf: Fix set max MTU size with port VLAN and jumbo frames (bsc#1012628). - i40e: Fix VF set max MTU size (bsc#1012628). - i40e: Fix set max_tx_rate when it is lower than 1 Mbps (bsc#1012628). - netdevsim: Fix hwstats debugfs file permissions (bsc#1012628). - sfc: fix TX channel offset when using legacy interrupts (bsc#1012628). - sfc: fix null pointer dereference in efx_hard_start_xmit (bsc#1012628). - bnxt_en: fix flags to check for supported fw version (bsc#1012628). - gve: Fix GFP flags when allocing pages (bsc#1012628). - drm/hisilicon: Add depends on MMU (bsc#1012628). - of: mdio: Add of_node_put() when breaking out of for_each_xx (bsc#1012628). - net: ipa: properly limit modem routing table use (bsc#1012628). - sfc/siena: fix TX channel offset when using legacy interrupts (bsc#1012628). - sfc/siena: fix null pointer dereference in efx_hard_start_xmit (bsc#1012628). - wireguard: ratelimiter: disable timings test by default (bsc#1012628). - wireguard: netlink: avoid variable-sized memcpy on sockaddr (bsc#1012628). - net: enetc: move enetc_set_psfp() out of the common enetc_set_features() (bsc#1012628). - net: enetc: deny offload of tc-based TSN features on VF interfaces (bsc#1012628). - ipv6: Fix crash when IPv6 is administratively disabled (bsc#1012628). - net/sched: taprio: avoid disabling offload when it was never enabled (bsc#1012628). - net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs (bsc#1012628). - ice: config netdev tc before setting queues number (bsc#1012628). - ice: Fix interface being down after reset with link-down-on-close flag on (bsc#1012628). - netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain() (bsc#1012628). - netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain() (bsc#1012628). - netfilter: ebtables: fix memory leak when blob is malformed (bsc#1012628). - netfilter: nf_ct_ftp: fix deadlock when nat rewrite is needed (bsc#1012628). - net: ravb: Fix PHY state warning splat during system resume (bsc#1012628). - net: sh_eth: Fix PHY state warning splat during system resume (bsc#1012628). - gpio: tqmx86: fix uninitialized variable girq (bsc#1012628). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (bsc#1012628). - perf stat: Fix BPF program section name (bsc#1012628). - perf stat: Fix cpu map index in bperf cgroup code (bsc#1012628). - perf jit: Include program header in ELF files (bsc#1012628). - perf kcore_copy: Do not check /proc/modules is unchanged (bsc#1012628). - perf tools: Honor namespace when synthesizing build-ids (bsc#1012628). - drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() (bsc#1012628). - ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (bsc#1012628). - net/smc: Stop the CLC flow if no link to map buffers on (bsc#1012628). - net: phy: micrel: fix shared interrupt on LAN8814 (bsc#1012628). - bonding: fix NULL deref in bond_rr_gen_slave_id (bsc#1012628). - net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD (bsc#1012628). - net: sched: fix possible refcount leak in tc_new_tfilter() (bsc#1012628). - bnxt: prevent skb UAF after handing over to PTP worker (bsc#1012628). - selftests: forwarding: add shebang for sch_red.sh (bsc#1012628). - io_uring: ensure that cached task references are always put on exit (bsc#1012628). - serial: fsl_lpuart: Reset prior to registration (bsc#1012628). - serial: Create uart_xmit_advance() (bsc#1012628). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (bsc#1012628). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (bsc#1012628). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1012628). - phy: marvell: phy-mvebu-a3700-comphy: Remove broken reset support (bsc#1012628). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (bsc#1012628). - drm/i915/display: Fix handling of enable_psr parameter (bsc#1012628). - blk-mq: fix error handling in __blk_mq_alloc_disk (bsc#1012628). - block: call blk_mq_exit_queue from disk_release for never added disks (bsc#1012628). - block: Do not call blk_put_queue() if gendisk allocation fails (bsc#1012628). - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (bsc#1012628). - drm/gma500: Fix BUG: sleeping function called from invalid context errors (bsc#1012628). - drm/gma500: Fix WARN_ON(lock->magic != lock) error (bsc#1012628). - drm/gma500: Fix (vblank) IRQs not working after suspend/resume (bsc#1012628). - gpio: ixp4xx: Make irqchip immutable (bsc#1012628). - drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards (bsc#1012628). - drm/amdgpu: use dirty framebuffer helper (bsc#1012628). - drm/amdgpu: change the alignment size of TMR BO to 1M (bsc#1012628). - drm/amdgpu: add HDP remap functionality to nbio 7.7 (bsc#1012628). - drm/amdgpu: Skip reset error status for psp v13_0_0 (bsc#1012628). - drm/amd/display: Limit user regamma to a valid value (bsc#1012628). - drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport() (bsc#1012628). - drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule() (bsc#1012628). - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage (bsc#1012628). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (bsc#1012628). - gpio: mt7621: Make the irqchip immutable (bsc#1012628). - pmem: fix a name collision (bsc#1012628). - fsdax: Fix infinite loop in dax_iomap_rw() (bsc#1012628). - workqueue: don't skip lockdep work dependency in cancel_work_sync() (bsc#1012628). - i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible (bsc#1012628). - i2c: mlxbf: incorrect base address passed during io write (bsc#1012628). - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (bsc#1012628). - i2c: mlxbf: Fix frequency calculation (bsc#1012628). - i2c: mux: harden i2c_mux_alloc() against integer overflows (bsc#1012628). - drm/amdgpu: don't register a dirty callback for non-atomic (bsc#1012628). - certs: make system keyring depend on built-in x509 parser (bsc#1012628). - Makefile.debug: set -g unconditional on CONFIG_DEBUG_INFO_SPLIT (bsc#1012628). - Makefile.debug: re-enable debug info for .S files (bsc#1012628). - devdax: Fix soft-reservation memory description (bsc#1012628). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1012628). - ext4: limit the number of retries after discarding preallocations blocks (bsc#1012628). - ext4: make mballoc try target group first even with mb_optimize_scan (bsc#1012628). - ext4: avoid unnecessary spreading of allocations among groups (bsc#1012628). - ext4: use locality group preallocation for small closed files (bsc#1012628). - ext4: use buckets for cr 1 block scan instead of rbtree (bsc#1012628). - ext4: fixup possible uninitialized variable access in ext4_mb_choose_next_group_cr1() (bsc#1012628). - ext4: make directory inode spreading reflect flexbg size (bsc#1012628). - Update config files. - commit 95fa5b8 ++++ qemu: - Runs of the test-suite seem much more stable now, in this version of QEMU. (bsc#1203610) We are also fine re-enabling running them in parallel. - Switch QEMU Linux user to emulate the same CPU as the one of the host by default. This is a bit conrtoversial and tricky, when thinking about system emulation/virtualization. But for linux-user, it should be just fine. (bsc#1203684) * Patches added: linux-user-use-max-as-default-CPU-model-.patch ++++ xen: - bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may take excessively long (XSA-410) xsa410-01.patch xsa410-02.patch xsa410-03.patch xsa410-04.patch xsa410-05.patch xsa410-06.patch xsa410-07.patch xsa410-08.patch xsa410-09.patch xsa410-10.patch - bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in transitive grant copy handling (XSA-411) xsa411.patch ------------------------------------------------------------------ ------------------ 2022-9-27 - Sep 27 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - Pass -Dvideo-codecs=h264dec,h264enc,h265dec,h265enc,vc1dec to meson, keep support for hardware codecs inside vaapi, vdpau and vulkan. These were previously enabled automatically. - enabled "swrast" and "amd" Vulkan drivers on riscv64, which is upstream default anyway ... ++++ Mesa-drivers: - Pass -Dvideo-codecs=h264dec,h264enc,h265dec,h265enc,vc1dec to meson, keep support for hardware codecs inside vaapi, vdpau and vulkan. These were previously enabled automatically. - enabled "swrast" and "amd" Vulkan drivers on riscv64, which is upstream default anyway ... ++++ bash: - Update to final bash 5.2 a. When replacing a history entry, make sure the existing entry has a non-NULL timestamp before copying it; it may have been added by the application, not the history library. - Modernize run-tests ++++ kernel-default: - constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. - commit 43a9011 - ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel systems (bsc#1203767). - commit 2d94a9f - Refresh patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk.patch. Update to upstream version. - commit b4b8524 ++++ libXxf86vm: - Update to version 1.1.5 * Update README for gitlab migration * Update configure.ac bug URL for gitlab migration * Fix spelling/wording issues * gitlab CI: add a basic build test * Fix -Wsign-compare warning * Variable scope reductions as suggested by cppcheck * Update GetOldReq to use _XGetRequest() * autogen.sh: use quoted string variables * autogen: add default patch prefix * autogen.sh: use exec instead of waiting for configure to finish ++++ readline: - Update to final readline-8.2 r. When replacing a history entry, make sure the existing entry has a non-NULL timestamp before copying it; it may have been added by the application, not the history library. ++++ libvirt: - spec: Only drop redefinition of libexecdir on Factory and newer bsc#1203775 ++++ qemu: - Be less verbose when packaging documentation. In fact, with just a couple of (minor) re-arrangements, we can get rid of having to list all the files all the time - Package /etc/qemu/bridge.conf as '%config(noreplace). Next step will probably be to move it to /usr/etc/qemu (bsc#1201944) ++++ selinux-policy: - Update fix_xserver.patch to add greetd support (bsc#1198559) ------------------------------------------------------------------ ------------------ 2022-9-26 - Sep 26 2022 ------------------- ------------------------------------------------------------------ ++++ coreutils: - coreutils-tests-workaround-make-fdleak.patch: Add patch to work around a GNU make bug which leaks file descriptors when using the jobserver; this makes some tests fail. - coreutils.spec: Reference the patch. ++++ dtc: - makefile-bison-rule.patch: Makefile: fix infinite recursion by dropping non-existent `%.output` ++++ gcc12: - add gcc12-riscv-inline-atomics.patch, gcc12-riscv-pthread.patch: handle subword size inline atomics (needed by several openSUSE packages) ++++ openldap2: - bsc#1202931 - CVE-2022-31253 - Openldap start script allowed the ldap user to privilege escalate to root due to unbound chown commands. ++++ ncurses: - Add ncurses patch 20220924 + modify configure macro CF_BUILD_CC to check if the build-compiler works, rather than that it is different from the cross-compiler, e.g., to accommodate a compiler which can be used for either purpose with different flags (report by Mikhail Korolev). + fix another memory-leak in tic. + correct change for cppcheck in menu library (report/analysis by "tuxway", cf: 20220903). + update config.guess, config.sub - Correct offsets of patches * ncurses-6.3.dif ++++ open-iscsi: - Update to upstream version 2.1.8, which includes some bug fixes, and adds the ability to build using meson. The SPEC file was updated to use meson. Also, some files have moved: * the "lock" file has moved from /etc/iscsi to /var/lock/iscsi * the "database files" have moved from /etc/iscsi to /var/lib/iscsi ++++ rpm-config-SUSE: - Update to version 20220926: * Revert macros.debuginfo and prefer a direct rpm patch * Fix kernel builds after #59 * Redefine %__debug_install_post to simplify debuginfo setup * Fix bug not using custom name for summary and description in language packages (boo#1137381) ++++ rust-keylime: - Rebase bindgen.patch and upstream the change - Rebase keylime-agent.conf.diff - Store the configuration file in /usr/etc/keylime/agent.conf - Fix keylime user creation - Drop webapp service port in firewall XML service file - Update to version 0.1.0+git.1663769444.6318234: * Update comments in the configuration file * config: Align config locations with the python components * config: Add configuration file version * config: Add back support for KEYLIME_DIR env var * Change configuration format to TOML * Add support for using passphrase protected key * Do not try to load TPM data generated by another TPM * Allow using existing key and certificate * Remove the agent TPM data from the config struct * Rename the configuration options * Use password to generate EK when provided * Add tpm_ownerpassword option to keylime.conf * Add cargo audit to CI static tests * Add agent and faked_measured_boot_log tests context * Appease clippy ------------------------------------------------------------------ ------------------ 2022-9-25 - Sep 25 2022 ------------------- ------------------------------------------------------------------ ++++ ansible: - update to 6.4.0: Ansible 6.4.0 will include ansible-core 2.13.4 as well as a curated set of Ansible collections to provide a vast number of modules and plugins. * The changelog for ansible-core 2.13 installed by this release of ansible is available here: https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst * Collections which have opted into being a part of the Ansible-6 unified changelog will have an entry on this page: https://github.com/ansible-community/ansible-build-data/blob/main/6/CHANGELOG-v6.rst ++++ kernel-default: - Update to 6.0-rc7 - refresh configs - commit 74aafe0 ++++ pango: - Add 639.patch: layout: Fix crash when no font is installed. ++++ liburing: - skip checks on qemu_linux_user builds ++++ python-pyzmq: - update to version 24.0.1: * Fix several possible resource warnings and deprecation warnings when cleaning up contexts and sockets, especially in pyzmq's own tests and when implicit teardown of objects is happening during process teardown. ++++ timezone: - timezone update 2022d: * Palestine transitions are now Saturdays at 02:00 * Simplify three Ukraine zones into one ------------------------------------------------------------------ ------------------ 2022-9-24 - Sep 24 2022 ------------------- ------------------------------------------------------------------ ++++ bash: - add checks ++++ gawk: - double-free.patch: Yet another fix for Node_elem_new ++++ libdbusmenu-gtk2: - conditionalize valgrind dependency - it is optional and not available on all architectures ++++ libdbusmenu-gtk3: - conditionalize valgrind dependency - it is optional and not available on all architectures ++++ nghttp2: - update to 1.50.0: * https://nghttp2.org/blog/2022/09/21/nghttp2-v1-50-0/ This release adds nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation which disables checking leading and trailing white spaces against HTTP field value. ++++ openssl-1_1: - Added openssl-1_1-paramgen-default_to_rfc7919.patch * bsc#1180995 * Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode. ++++ libverto: - update to 0.3.2: * Fix use-after-free in verto_reinitialize * Fix use-after-free in verto_free() * Remove broken tevent support ------------------------------------------------------------------ ------------------ 2022-9-23 - Sep 23 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit-machines: - Require qemu-block-curl for installing over https (bsc#1199672) ++++ grub2: - Add patch to fix kernel relocation error in low memory * 0001-linux-fix-efi_relocate_kernel-failure.patch ++++ gtk3: - Fix unstable drag-and-drop on Wayland KDE, add: * gtk3-gdkwayland-Update-selections-offer-before-updating-dnd.patch https://gitlab.gnome.org/GNOME/gtk/-/commit/56100ab4 ++++ kernel-default: - Linux 5.19.11 (bsc#1012628). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (bsc#1012628). - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (bsc#1012628). - pinctrl: qcom: sc8180x: Fix wrong pin numbers (bsc#1012628). - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (bsc#1012628). - pinctrl: sunxi: Fix name for A100 R_PIO (bsc#1012628). - SUNRPC: Fix call completion races with call_decode() (bsc#1012628). - NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (bsc#1012628). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (bsc#1012628). - NFSv4.2: Update mode bits after ALLOCATE and DEALLOCATE (bsc#1012628). - Revert "SUNRPC: Remove unreachable error condition" (bsc#1012628). - drm/panel-edp: Fix delays for Innolux N116BCA-EA1 (bsc#1012628). - drm/meson: Correct OSD1 global alpha value (bsc#1012628). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (bsc#1012628). - drm/rockchip: vop2: Fix eDP/HDMI sync polarities (bsc#1012628). - drm/i915/vdsc: Set VDSC PIC_HEIGHT before using for DP DSC (bsc#1012628). - drm/i915/guc: Don't update engine busyness stats too frequently (bsc#1012628). - drm/i915/guc: Cancel GuC engine busyness worker synchronously (bsc#1012628). - block: blk_queue_enter() / __bio_queue_enter() must return - EAGAIN for nowait (bsc#1012628). - parisc: ccio-dma: Add missing iounmap in error path in ccio_probe() (bsc#1012628). - of/device: Fix up of_dma_configure_id() stub (bsc#1012628). - io_uring/msg_ring: check file type before putting (bsc#1012628). - cifs: revalidate mapping when doing direct writes (bsc#1012628). - cifs: don't send down the destination address to sendmsg for a SOCK_STREAM (bsc#1012628). - cifs: always initialize struct msghdr smb_msg completely (bsc#1012628). - blk-lib: fix blkdev_issue_secure_erase (bsc#1012628). - parisc: Allow CONFIG_64BIT with ARCH=parisc (bsc#1012628). - tools/include/uapi: Fix for parisc and xtensa (bsc#1012628). - drm/i915/gt: Fix perf limit reasons bit positions (bsc#1012628). - drm/i915: Set correct domains values at _i915_vma_move_to_active (bsc#1012628). - drm/amdgpu: make sure to init common IP before gmc (bsc#1012628). - drm/amdgpu: Don't enable LTR if not supported (bsc#1012628). - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (bsc#1012628). - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (bsc#1012628). - net: Find dst with sk's xfrm policy not ctl_sk (bsc#1012628). - dt-bindings: apple,aic: Fix required item "apple,fiq-index" in affinity description (bsc#1012628). - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (bsc#1012628). - ALSA: hda/sigmatel: Keep power up while beep is enabled (bsc#1012628). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (bsc#1012628). - commit b35e71f - config(arm*): disable CONFIG_PM_AUTOSLEEP and CONFIG_PM_WAKELOCKS (bsc#1189677) - commit 1c0b96b ++++ libaio: - skip testsuite on qemu_linux_user builds ++++ libffi: - update to 3.4.3: * All struct args are passed by value, regardless of size, as per ABIs. * Enable static trampolines for Cygwin. * Add support for Loongson's LoongArch64 architecture. * Fix x32 static trampolines. * Fix 32-bit x86 stdcall stack corruption. * Fix ILP32 aarch64 support. - includes fix for RISCV64 - disable LTO due to (ffi#733) ++++ nghttp2: - disable asio by default as it is deprecated by upstream and will be removed in the next release ++++ rpm: - Update the macros file to simplify the debuginfo installation We don't support parallel installation of the same debuginfo - and so don't patch the binaries to create unique build ids (easing pressure on reproducable builds when compiling twice) Patching this in rpm-config-SUSE is technically not possible (as you can't reliable undefine things defined in upstream macro). We tried in https://github.com/openSUSE/rpm-config-SUSE/pull/59 and /60: ++++ suse-module-tools: - Update to version 16.0.24: * Split kernel scriptlets into separate sub-package "suse-module-tools-scriptlets" on Tumbleweed (gh#openSUSE/suse-module-tools#64) ------------------------------------------------------------------ ------------------ 2022-9-22 - Sep 22 2022 ------------------- ------------------------------------------------------------------ ++++ gobject-introspection: - Switch to pcre2grep (pcre is dead upstream) ++++ kernel-default: - config.conf: reenable armv6hl configs - commit cd71399 - Refresh patches.suse/Revert-iommu-vt-d-Fix-possible-recursive-locking-in-.patch. Update upstream status. - commit a267615 ++++ llvm15: - Update to version 15.0.1. * This release contains bug-fixes for the LLVM 15.0.0 release. This release is API and ABI compatible with 15.0.0. - Rebase llvm-do-not-install-static-libraries.patch. ------------------------------------------------------------------ ------------------ 2022-9-21 - Sep 21 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - update to 22.2.0 * AMD RDNA3 Prep, Intel Arc Graphics, Many Vulkan Improvements; more details on Phoronix: https://www.phoronix.com/news/Mesa-22.2-Released - supersedes llvm15.patch - refreshed n_no-sse2-on-ix86-except-for-intel-drivers.patch ++++ Mesa-drivers: - update to 22.2.0 * AMD RDNA3 Prep, Intel Arc Graphics, Many Vulkan Improvements; more details on Phoronix: https://www.phoronix.com/news/Mesa-22.2-Released - supersedes llvm15.patch - refreshed n_no-sse2-on-ix86-except-for-intel-drivers.patch ++++ permissions: - skip tests on qemu user builds ++++ lvm2-device-mapper: - lvmlockd is not supporting sanlock (bsc#1203482) - set 1 for _supportsanlock in lvm2.spec for enabling sanlock. ++++ docker-compose: - Update to version 2.11.1: * keep the platform defined via DOCKER_DEFAULT_PLATFORM during build if no build platforms provided * Fix linting issues * Don't overwrite existing dependency condition * Add unit tests for `PrepareVolumes` * keep the platform defined at service level during build if no build platforms provided ++++ glibc: - makeflags.patch: Makerules: fix MAKEFLAGS assignment for upcoming make-4.4 (BZ# 29564) ++++ kernel-default: - media: dvb-core: Fix UAF due to refcount races at releasing (CVE-2022-41218 bsc#1202960). - commit 66556c1 - arm64: enable CONFIG_ARCH_RENESAS (bsc#1203558) Also compile everything as modules that isn't debug or deprecated that was previously disabled by the global RENESAS disablement. - commit b1f13b9 - config.conf: Reenable arm64 configs - Update config files, taken from 6.0-rc1 update from x86_64, enabling all new erratas, enabling all new modules - commit 9b3cde4 - Revert "iommu/vt-d: Fix possible recursive locking in intel_iommu_init()" (iommu bug). - commit 9392b7d ++++ llvm15: - Always drop -gnu from triple for consistency. Patch a test that was looking for -linux- in clang-test-xfail-gnuless-triple.patch. ++++ lvm2: - lvmlockd is not supporting sanlock (bsc#1203482) - set 1 for _supportsanlock in lvm2.spec for enabling sanlock. ++++ systemd: - Drop the old band aid used during the breakage introduced by the switch of /tmp to tmpfs This was done to address the regression reported in boo#1175779 but shouldn't be necessary anymore since the (few) affected users should have updated systemd during the last 2 years. - Move nss-systemd and nss-myhostname NSS modules into the main package ++++ unbound: - update to 1.16.3 fixes Non-Responsive Delegation Attack (CVE-2022-3204) ++++ podman: - Update to version 4.2.1: * Bump to v4.2.1 * Add release notes for v4.2.1 * remove SkipIfNotFedora() from events test * fix podman events with custom format * Drop stale config value resulting in asymmetric config * Fix list of default capabilities * Add container GID to additional groups (CVE-2022-2989 / bsc#1202809, removes patch 0001-Add-container-GID-to-additional-groups.patch) * libpod: Ensure that generated container names are random * Fix bind-mount-option annotation in gen/play kube * Improved Windows compatibility for machine command * updated apiv2 tests to reflect hash compat fix * api: return imageID instead of imageName, for "Image" when Podman API is queried * Inhibit SIGTERM during Conmon startup * Fix example sections to follow the same format * Fix template name inconsistency * service: make move to sub-cgroup non fatal * Remove duplicate annotations in generated service yaml * Compat API image remove events now have 'delete' status * [CI:DOCS] Automatically set podman version in pkginstaller * Allow colons in windows file paths * Fixes isRootfull check using qemu machine on Windows * vendor containers/psgo@v1.7.3 * Allow podman to run in an environment with keys containing spaces * Document restrictions on transport in FROM * Improved Windows compatibility * pass environment variables to container clone * podman save: update --compress validation * sort hc.Binds returned from compat api * Cirrus: Update podman-machine comment * podman images and friends can take one image as argument * [CI:DOCS] Add .DS_Store to gitignore * podman-kube@.service.in: Remove Restart=never option with typo * Fix #15499 already connected network * [CI:DOCS] Cirrus: Update meta-task for EC2 image * fix CI: remove hardcodeded alpine version * fix CI: remove hardcodeded alpine version * Preserve all unknown PolicyRequirement fields on (podman image trust set) * Reorganize the types in policy.go a bit * Add support for showing keyPaths in (podman image trust show) * Support (image trust show) for sigstoreSigned entries * BREAKING CHANGE: Change how (podman image trust show) represents multiple requirements * Reorganize descriptionsOfPolicyRequirements a bit * Use the full descriptionsOfPolicyRequirements for the default scope * Rename haveMatchRegistry to registriesDConfigurationForScope * Rename tempTrustShowOutput to entry * Split descriptionsOfPolicyRequirements out of getPolicyShowOutput * Recognize the new lookaside names for simple signing sigstore * Add a unit test for trust.PolicyDescription * Make the output of (podman image trust show) deterministic * Make most of pkg/trust package-private * Move most of ImageEngine.ShowTrust into pkg/trust.PolicyDescription * Add support for sigstoreSigned in (podman image trust set) * Create new policy entries together with validating input * Improve validation of data in ImageEngine.SetTrust * Move most of imageEngine.SetTrust to pkg/trust.AddPolicyEntries * Add a variable for scope * Make trust.CreateTempFile private * Reorganize pkg/trust * Remove an unused trust.ShowOutput type * Remove commented out code * libpod: UpdateContainerStatus: do not wait for container * Skip / update some tests under runc * Bump to v4.2.1-dev * test: update apply-podman-deltas for new tests * build: implement --cache-to,--cache-from and --cache-ttl * vendor: bump buildah to v1.27.0 ++++ qemu: - Switch to %autosetup for all products (this required some changes in update_git.sh) - Run check-qtest sequentially, as it's more reliable, when in OBS - Build with libbpf, fdt and capstone support - Drop the patch adding our support document, and deal with that in the spec file directly * Patches dropped: doc-add-our-support-doc-to-the-main-proj.patch ------------------------------------------------------------------ ------------------ 2022-9-20 - Sep 20 2022 ------------------- ------------------------------------------------------------------ ++++ bash: - Enable parallel builds by splitting clean and all at make time (Thanks to Christopher Yeleighton) - Do not copy more than 1 byte for \(aq becoming a "'" in quotes-man2html.patch ++++ cockpit: - new version 276.1 - login: Use valid selectors when testing for :is() / :where() support. - stability and performance improvements - previous changes https://cockpit-project.org/blog/cockpit-275.html - css-overrides.patch, hide-docs.patch, remove-pwscore.patch: refreshed - kdump-close.patch, kdump-refactor.patch, kdump-suse.patch: upstreamed and removed ++++ cockpit-podman: - new version 53. Changes since 49.1 include, * Use NumberInput for Image Run Dialog * Fix events with large number of containers * Translation updates * Add Volumes and Env Variables to container details * Show volume permission in container integration tab * Allow no system users to set restart policy * Show image history * Stability and performance improvements ++++ gawk: - double-free.patch: Fix Node_elem_new op, replacing upref.patch - pma.patch: Replace with upstream solution - nan-sign.patch: Fix negative NaN issue on RiscV, replacing nan-tests.patch ++++ grep: - efgrep-warning.patch: remove warning from [ef]grep ++++ kernel-default: - Linux 5.19.10 (bsc#1012628). - Input: goodix - add compatible string for GT1158 (bsc#1012628). - RDMA/irdma: Use s/g array in post send only when its valid (bsc#1012628). - gpio: 104-idio-16: Make irq_chip immutable (bsc#1012628). - gpio: 104-dio-48e: Make irq_chip immutable (bsc#1012628). - LoongArch: Fix arch_remove_memory() undefined build error (bsc#1012628). - LoongArch: Fix section mismatch due to acpi_os_ioremap() (bsc#1012628). - platform/x86: asus-wmi: Increase FAN_CURVE_BUF_LEN to 32 (bsc#1012628). - usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (bsc#1012628). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (bsc#1012628). - perf/arm_pmu_platform: fix tests for platform_get_irq() failure (bsc#1012628). - net: dsa: hellcreek: Print warning only once (bsc#1012628). - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (bsc#1012628). - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (bsc#1012628). - nvme-pci: add NVME_QUIRK_BOGUS_NID for Lexar NM610 (bsc#1012628). - drm/amd/pm: use vbios carried pptable for all SMU13.0.7 SKUs (bsc#1012628). - drm/amdgpu: disable FRU access on special SIENNA CICHLID card (bsc#1012628). - Input: iforce - add support for Boeder Force Feedback Wheel (bsc#1012628). - ieee802154: cc2520: add rc code in cc2520_tx() (bsc#1012628). - gpio: mockup: remove gpio debugfs when remove device (bsc#1012628). - r8152: add PID for the Lenovo OneLink+ Dock (bsc#1012628). - tg3: Disable tg3 device on system reboot to avoid triggering AER (bsc#1012628). - Bluetooth: MGMT: Fix Get Device Flags (bsc#1012628). - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (bsc#1012628). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (bsc#1012628). - dt-bindings: iio: gyroscope: bosch,bmg160: correct number of pins (bsc#1012628). - kvm: x86: mmu: Always flush TLBs when enabling dirty logging (bsc#1012628). - peci: cpu: Fix use-after-free in adev_release() (bsc#1012628). - drm/msm/rd: Fix FIFO-full deadlock (bsc#1012628). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (bsc#1012628). - Input: goodix - add support for GT1158 (bsc#1012628). - ACPI: resource: skip IRQ override on AMD Zen platforms (bsc#1012628). - RDMA/mlx5: Fix UMR cleanup on error flow of driver init (bsc#1012628). - RDMA/mlx5: Add a umr recovery flow (bsc#1012628). - RDMA/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (bsc#1012628). - net/mlx5: Use software VHCA id when it's supported (bsc#1012628). - net/mlx5: Introduce ifc bits for using software vhca id (bsc#1012628). - iommu/vt-d: Fix kdump kernels boot failure with scalable mode (bsc#1012628). - commit 28d7d4c ++++ expat: - update to 2.4.9: (bsc#1203438) * Security fixes: - CVE-2022-40674 -- Heap use-after-free vulnerability in function doContent. Expected impact is denial of service or potentially arbitrary code execution. * Bug fixes: - MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0 - docs: Fix documentation on effect of switch XML_DTD on symbol visibility in doc/reference.html * Other changes: - MinGW: Make fix-xmltest-log.sh drop more Wine bug output - Autotools: Sync CMake templates with CMake 3.22 - CMake: Migrate from use of CMAKE_*_POSTFIX to dedicated variables EXPAT_*_POSTFIX to stop affecting other projects - Windows|CMake: Add missing -DXML_STATIC to test runners and fuzzers - Windows|CMake: Render .def file from a template to fix linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON - MinGW|CMake: Apply MSVC .def file when linking - MinGW|CMake: Sync library name with GNU Autotools, i.e. produce libexpat-1.dll rather than libexpat.dll by default. Filename libexpat.dll.a is unaffected. - MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in toolchain file "cmake/mingw-toolchain.cmake" to avoid error "windres: Command not found" on e.g. Ubuntu 20.04 - CMake: Unify inconsistent use of set() and option() in context of public build time options to take need for set(.. FORCE) in projects using Expat by means of add_subdirectory(..) off Expat's users' shoulders - Stop exporting API symbols when building a static library - Resolve use of deprecated "fgrep" by "grep -F" - CMake: Make documentation on variables a bit more consistent - CMake: Drop leading whitespace from a #cmakedefine line in file expat_config.h.cmake - xmlwf: Fix harmless variable mix-up in function nsattcmp - Address Cppcheck warnings - Address Clang 15 compiler warnings - Version info bumped from 9:8:8 to 9:9:8; see https://verbump.de/ for what these numbers do * Infrastructure: - CI: Windows: Start covering MSVC 2022 - CI: macOS: Migrate off deprecated macOS 10.15 - CI: Linux: Make migration off deprecated Ubuntu 18.04 work - CI: Upgrade Clang from 14 to 15 - apply-clang-format.sh: Add support for BSD find - coverage.sh: Exclude MinGW headers - coverage.sh: Fix name collision for -funsigned-char ++++ harfbuzz: - Update to version 5.2.0: + Fix regressions in hb-ft font functions for FT_Faces with transformation matrix. + The experimental hb-repacker API now supports splitting several GPOS subtable types when needed. + The HarfBuzz extensions to OpenType font format are now opt-in behind build-time flags. + The experimental hb-subset variable fonts instantiation API can now instantiate more font tables and arbitrary axis locations. + Unicode 15 support. + Various documentation improvements. + The hb-view command line tool now detects WezTerm inline images support. + Fix FreeType and ICU dependency lookup with meson. + New API: - +HB_SCRIPT_KAWI - +HB_SCRIPT_NAG_MUNDARI - Drop patch fixed upstream: + harfbuzz-5.1.0-repacker-fix-signedness-of-char-in-tests.patch ++++ systemd: - Give the instructions to create a home directory with systemd-homed in the description of the systemd-experimental sub-package ++++ qemu: - Updated to latest upstream version 7.1 * https://wiki.qemu.org/ChangeLog/7.1 Be sure to also check the following pages: * https://qemu-project.gitlab.io/qemu/about/removed-features.html * https://qemu-project.gitlab.io/qemu/about/deprecated.html Some notable changes: * [x86] Support for architectural LBRs on KVM virtual machines * [x86] The libopcode-based disassembler has been removed. Use Capstone instead * [LoongArch] Add initial support for the LoongArch64 architecture. * [ARM] The emulated SMMUv3 now advertises support for SMMUv3.2-BBML2 * [ARM] The xlnx-zynqmp SoC model now implements the 4 TTC timers * [ARM] The versal machine now models the Cortex-R5s in the Real-Time Processing Unit (RPU) subsystem * [ARM] The virt board now supports emulation of the GICv4.0 * [ARM] New emulated CPU types: Cortex-A76, Neoverse-N1 * [HPPA] Fix serial port pass-through from host to guest * [HPPA] Lots of general code improvements and tidy-ups * [RISC-V] RISC-V * [RISC-V] Add support for privileged spec version 1.12.0 * [RISC-V] Use privileged spec version 1.12.0 for virt machine by default * [RISC-V] Allow software access to MIP SEIP * [RISC-V] Add initial support for the Sdtrig extension * [RISC-V] Optimisations and improvements for the vector extension * [VFIO] Experimental support for exposing emulated PCI devices over the new vfio-user protocol (a vfio-user client is not yet available in QEMU, though) * [QMP] The on-cbw-error option for copy-before-write filter, to specify behavior on CBW (copy before write) operation failure. * [QMP] The cbw-timeout option for copy-before-write filter, to specify timeout for CBW operation. * [QMP] New commands query-stats and query-stats-schema to retrieve statistics from various QEMU subsystems (right now only from KVM). * [QMP] The PanicAction can now be configured to report an exit-failure (useful for automated testing) * [Networking] QEMU can be compiled with the system slirp library even when using CFI. This requires libslirp 4.7. * [Migration] Support for zero-copy-send on Linux, which reduces CPU usage on the source host. Note that locked memory is needed to support this * Patches added: Revert-tests-qtest-enable-more-vhost-use.patch meson-remove-pkgversion-from-CONFIG_STAM.patch * Patches dropped: AIO-Reduce-number-of-threads-for-32bit-h.patch Makefile-Don-t-check-pc-bios-as-pre-requ.patch Revert-8dcb404bff6d9147765d7dd3e9c849337.patch Revert-qht-constify-qht_statistics_init.patch XXX-dont-dump-core-on-sigabort.patch acpi_piix4-Fix-migration-from-SLE11-SP2.patch configure-only-populate-roms-if-softmmu.patch configure-remove-pkgversion-from-CONFIG_.patch coroutine-ucontext-use-QEMU_DEFINE_STATI.patch coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch coroutine-win32-use-QEMU_DEFINE_STATIC_C.patch hostmem-default-the-amount-of-prealloc-t.patch hw-usb-hcd-ehci-fix-writeback-order.patch i8254-Fix-migration-from-SLE11-SP2.patch intc-exynos4210_gic-replace-snprintf-wit.patch modules-generates-per-target-modinfo.patch modules-introduces-module_kconfig-direct.patch pc-bios-s390-ccw-net-avoid-warning-about.patch pci-fix-overflow-in-snprintf-string-form.patch qemu-cvs-gettimeofday.patch qemu-cvs-ioctl_debug.patch qemu-cvs-ioctl_nodirection.patch qht-Revert-some-constification-in-qht.c.patch qom-handle-case-of-chardev-spice-module-.patch scsi-lsi53c895a-fix-use-after-free-in-ls.patch scsi-lsi53c895a-really-fix-use-after-fre.patch softmmu-Always-initialize-xlat-in-addres.patch sphinx-change-default-language-to-en.patch test-add-mapping-from-arch-of-i686-to-qe.patch tests-Fix-block-tests-to-be-compatible-w.patch tests-qtest-Move-the-fuzz-tests-to-x86-o.patch usb-Help-compiler-out-to-avoid-a-warning.patch ------------------------------------------------------------------ ------------------ 2022-9-19 - Sep 19 2022 ------------------- ------------------------------------------------------------------ ++++ bash: - Small change in quotes-man2html.patch * Use a simple "'" aka quote instead of "′" for "\(aq" ++++ grub2: - Add safety measure to pcr snapshot by checking platform and tpm status * safe_tpm_pcr_snapshot.patch ++++ ncurses: - Add ncurses patch 20220917 + reduce memory-leak in tic by separating allocations for struct entry from TERMTYPE2 (cf: 20220430). + improve interaction between tic -v option and NCURSES_TRACE, by processing the latter only when -v option does not set _nc_tracing. + modify curses_trace() to show the trace-mask as symbols, e.g., TRACE_ORDINARY, DEBUG_LEVEL(3). ++++ protobuf: - update to 21.6: C++: * Reduce memory consumption of MessageSet parsing ++++ patterns-alp: - cockpit pattern: explicitly require libpwquality-tools to resolve image build dependency issue ++++ python-lxml: - Update BR for libxml2-devel to the current version. - Add missing BR for python-base. ++++ ovmf: - Add patches to disable option ROM on sev (bsc#1199156) ovmf-bsc1199156-OvmfPkg-IncompatiblePciDeviceSupportDxe-Ignore-Optio.patch ++++ vim: - Updated to version 9.0.0500, fixes the following problems - boo#1203508 - CVE-2022-3234 - boo#1203509 - CVE-2022-3235 * On an AZERTY keyboard digit keys get the shift modifier. * Incorrect color for modeless selection with GTK. * A few problems with 'splitscroll'. * Function called at debug prompt is also debugged. * Substitute prompt does not highlight an empty match. * Splitting a line with a text prop "above" moves it to a new line below. * Vim9: block in for loop doesn't behave like a code block. * Loop variable can't be found. * 'scroll' is not always updated. * ASAN warning for integer overflow. * Command line test leaves directory behind. * With virtual text "above" indenting doesn't work well. * Cursor moves when cmdwin is closed when 'splitscroll' is off. * Virtual text wrong after adding line break after line. * Build failure. * Exectution stack underflow without the +eval feature. (Dominique Pellé) * Cursor moves if cmdwin is closed when 'splitscroll' is off. * In a :def function all closures in a loop get the same variables. * No test for what patch 9.0.0469 fixes. * Virtual text "below" doesn't show in list mode. * fullcommand() only works for the current script version. * fullcommand() test failure. * Not using deferred delete in tests. * Varargs does not work for replacement function of substitute(). * Missing dependency may cause crashes on incomplete build. * Test for 'splitscroll' takes too much time. * Valva Date Format files are not recognized. * Cannot use a :def varargs function with substitute(). * In a :def function all closures in a loop get the same variables. * "g0" moves to wrong location with virtual text "above". * Illegal memory access when replacing in virtualedit mode. * In a :def function all closures in a loop get the same variables. * Text scrolled with 'nosplitscroll', autocmd win opened and help window closed. * Using freed memory with combination of closures. * Cursor in wrong position with virtual text "above" and 'showbreak'. * Using "end_lnum" with virtual text causes problems. * Using freed memory with cmdwin and BufEnter autocmd. * No good reason to build without the float feature. * Cmdwin test fails on MS-Windows. * Perl test fails. * Small build misses float function declaraitons. * Closure doesn't work properly in nested loop. * No good reason to keep supporting Windows-XP. * LyRiCs files are not recognized. * Various small issues. * In :def function list created after const is locked. * When quitting the cmdline window with CTRL-C it remains visible. ------------------------------------------------------------------ ------------------ 2022-9-18 - Sep 18 2022 ------------------- ------------------------------------------------------------------ ++++ gobject-introspection: - Update to version 1.74.0: + Update the GIR data for GLib, GObject, GModule, and GIO. ++++ glib2: - Update to version 2.74.0: + Use EPOLL_CLOEXEC by default + Fixed various regression on GRegex as per the PCRE2 porting + Fixed various memory leaks + Bugs fixed: glgo#GNOME/gtksourceview#278, glgo#GNOME/gtksourceview#283, glgo#GNOME/GLib#2688, glgo#GNOME/GLib#2713, glgo#GNOME/GLib#2719, glgo#GNOME/GLib#2729, glgo#GNOME/GLib#2733, glgo#GNOME/GLib#2737, glgo#GNOME/GLib#2741, glgo#GNOME/gtk#4400, glgo#GNOME/GLib!2820, glgo#GNOME/GLib!2855, glgo#GNOME/GLib!2861, glgo#GNOME/GLib!2868, glgo#GNOME/GLib!2873, glgo#GNOME/GLib!2874, glgo#GNOME/GLib!2875, glgo#GNOME/GLib!2876, glgo#GNOME/GLib!2879, glgo#GNOME/GLib!2881, glgo#GNOME/GLib!2882, glgo#GNOME/GLib!2883, glgo#GNOME/GLib!2900. + Updated translations. ++++ gsettings-desktop-schemas: - Update to version 43.0: + Updated translations. ++++ kernel-default: - Update to 6.0-rc6 - commit 2132e28 ++++ libksba: - libksba 1.6.1: * Allow an OCSP server not to return the sent nonce - fix rpmlint warnings ++++ python310-core: - test-int-timing.patch: gh-96710: Make the test timing more lenient for the int/str DoS regression test. (#96717) ++++ python310: - test-int-timing.patch: gh-96710: Make the test timing more lenient for the int/str DoS regression test. (#96717) ------------------------------------------------------------------ ------------------ 2022-9-17 - Sep 17 2022 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - update to 5.19.1: * fix memory leaks (extent buffer, path) * check: verify block device size vs item * rescue fix-device-size: allow to shrink device item * receive: fix crash on wrong pinter free() * other: * experimental: support for block-group-tree * documentation updates * new tests ++++ filesystem: - Update /usr/etc/skel per XDG Directory Specification: * Add .local/bin to eventually replace bin for user executable files * Use .local/share/fonts instead of .fonts for user specific fonts * Add missing dirs: .local/share .local/state ++++ at-spi2-core: - Update to version 2.46.0: + Fix GetInterfaces documentation on org.a11y.atspi.Accessible interface. ++++ mozilla-nss: - update to NSS 3.82 * bmo#1330271 - check for null template in sec_asn1{d,e}_push_state * bmo#1735925 - QuickDER: Forbid NULL tags with non-zero length * bmo#1784724 - Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * bmo#1784191 - Cast the result of GetProcAddress * bmo#1681099 - pk11wrap: Tighten certificate lookup based on PKCS #11 URI. ++++ popt: - popt 1.19: * various build system fixes * various developer visible fixes * Fix the handling of superfluous args passed with = * Fix multiple resource and memory leaks * Fix '=' getting shown for short options * Improve random number handling * translation updates and documentation improvements - refresh spec file, run tests, package license in every package, and treat all compiler warnings and errors ++++ python-charset-normalizer: - update to 2.1.1: * Function `normalize` scheduled for removal in 3.0 * Removed useless call to decode in fn is_unprintable (#206) ++++ python-pyzmq: - update to version 24.0.0: * Breaking changes: + Due to a libzmq bug causing unavoidable crashes for some users, Windows wheels no longer bundle libzmq with AF_UNIX support. In order to enable AF_UNIX on Windows, pyzmq must be built from source, linking an appropriate build of libzmq (e.g. libzmq-v142). AF_UNIX support will be re-enabled in pyzmq wheels when libzmq published fixed releases. + Using a {class}zmq.Context as a context manager or deleting a context without closing it now calls {meth}zmq.Context.destroy at exit instead of {meth}zmq.Context.term. This will have little effect on most users, but changes what happens when user bugs result in a context being implicitly destroyed while sockets are left open. In almost all cases, this will turn what used to be a hang into a warning. However, there may be some cases where sockets are actively used in threads, which could result in a crash. To use sockets across threads, it is critical to properly and explicitly close your contexts and sockets, which will always avoid this issue. ------------------------------------------------------------------ ------------------ 2022-9-16 - Sep 16 2022 ------------------- ------------------------------------------------------------------ ++++ fde-tools: - Move the (shipped) keyfile into /root to avoid issues with r/o root ++++ grub2: - Fix installation failure due to unavailable nvram device on ppc64le (bsc#1201361) * 0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch - Add patches to dynamically allocate additional memory regions for EFI systems (bsc#1202438) * 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch * 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch * 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch * 0004-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch * 0005-kern-efi-mm-Implement-runtime-addition-of-pages.patch - Enlarge the default heap size and defer the disk cache invalidation (bsc#1202438) * 0001-kern-efi-mm-Enlarge-the-default-heap-size.patch * 0002-mm-Defer-the-disk-cache-invalidation.patch ++++ at-spi2-core: - Add libatk-1_0-0 and libatk-bridge-2_0-0 to baselibs.conf, build 32bit support. ++++ colord: - Add colord-CVE-2021-42523.patch: fix a small memory leak on db open failure (boo#1202802 CVE-2021-42523). ++++ pango: - Update to version 1.50.10: + Avoid some unnecessary strdups. + Fix line height computations with a non-trivial CTM. ++++ libpng16: - update to 1.6.38: * Added configurations and scripts for continuous integration. * Fixed various errors in the handling of tRNS, hIST and eXIf. * Implemented many stability improvements across all platforms. * Updated the internal documentation. ++++ microos-tools: - Update to version 2.17: - selinux-autorelabel-generator: Don't cross partition boundaries for /.snapshots when relabeling [issue#11] ++++ python-idna: - update to 3.4: * Update to Unicode 15.0.0 * Migrate to pyproject.toml for build information (PEP 621) * Correct another instance where generic exception was raised instead of IDNAError for malformed input * Source distribution uses zeroized file ownership for improved reproducibility ------------------------------------------------------------------ ------------------ 2022-9-15 - Sep 15 2022 ------------------- ------------------------------------------------------------------ ++++ bash: - Add patch quotes-man2html.patch * Fix boo#1203091 -- BASH(1) Manual Page: Unprocessed macro aq ++++ docker-compose: - Update to version 2.11.0: * update compose-go version to v1.5.1 * add license to file * small cleanup + godoc * down: refactor image pruning * pull: improve output for services with both image+build (#9829) * build(deps): bump go.opentelemetry.io/otel from 1.9.0 to 1.10.0 * build(deps): bump github.com/AlecAivazis/survey/v2 from 2.3.5 to 2.3.6 (#9830) * Update README.md * logs: filter to services from current Compose file (#9811) * convert: do not escape $ into $$ when using the --no-interpolate option (#9703) * Cleanup E2E tests * Add unit tests to graph building logic in `dependencies.go` * Restrict compose project to selected services and dependencies on `compose start` * Apply newly loaded envvars to "DockerCli" and "APIClient" * build(deps): bump go.opentelemetry.io/otel from 1.4.1 to 1.9.0 * build: label built images for reliable cleanup on `down` * ci: upgrade golangci-lint * ci: upgrade to Go 1.19.1 * Cleanup E2E tests * patch: build.go access custom labels directly cause panic * build(deps): bump github.com/cnabio/cnab-to-oci from 0.3.6 to 0.3.7 * always use 'docker' export entry when building with 'up' or 'run' commands * don't push images at the end of multi-arch build (and simplify e2e tests) support DOCKER_DEFAULT_PLATFORM when 'compose up --build' add tests to check behaviour when DOCKER_DEFAULT_PLATFORM is defined * add a test with multiple service builds using platforms in the same compose file * fix panic when using 'compose up --build' * add support of platforms in build section * build(deps): bump github.com/docker/go-units from 0.4.0 to 0.5.0 * api: fix typo on Push godoc (#9798) * ci: reduce noise from dependabot on Docker deps (#9770) * Add E2E tests for starting/stopping single services * Fix `down` with `--rmi` * Only capture exit codes from `exit` events * Add E2E tests for `up --exit-code-from` ++++ e2fsprogs: - Refresh e2fsprogs.keyring based on currently provided keys. ++++ glib-networking: - Update to version 2.74.0: + Updated translations. ++++ grub2: - Add patches for ALP FDE support * 0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch * 0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch * 0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch * 0004-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch * 0005-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch * 0006-EFI-console-Do-not-set-colorstate-until-the-first-te.patch * 0007-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch * 0008-linuxefi-Use-common-grub_initrd_load.patch * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch * 0010-templates-import-etc-crypttab-to-grub.cfg.patch * grub-read-pcr.patch * efi-set-variable-with-attrs.patch * tpm-record-pcrs.patch * tpm-protector-dont-measure-sealed-key.patch * tpm-protector-export-secret-key.patch * grub-install-record-pcrs.patch * grub-unseal-debug.patch ++++ kernel-default: - Linux 5.19.9 (bsc#1012628). - efi: libstub: Disable struct randomization (bsc#1012628). - efi: capsule-loader: Fix use-after-free in efi_capsule_write (bsc#1012628). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (bsc#1012628). - fs: only do a memory barrier for the first set_buffer_uptodate() (bsc#1012628). - soc: fsl: select FSL_GUTS driver for DPIO (bsc#1012628). - Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()" (bsc#1012628). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1012628). - scsi: core: Allow the ALUA transitioning state enough time (bsc#1012628). - scsi: megaraid_sas: Fix double kfree() (bsc#1012628). - drm/gem: Fix GEM handle release errors (bsc#1012628). - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (bsc#1012628). - drm/amdgpu: fix hive reference leak when adding xgmi device (bsc#1012628). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (bsc#1012628). - drm/amdgpu: Remove the additional kfd pre reset call for sriov (bsc#1012628). - drm/radeon: add a force flush to delay work when radeon (bsc#1012628). - scsi: ufs: core: Reduce the power mode change timeout (bsc#1012628). - Revert "parisc: Show error if wrong 32/64-bit compiler is being used" (bsc#1012628). - parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() (bsc#1012628). - parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines (bsc#1012628). - arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (bsc#1012628). - netfilter: conntrack: work around exceeded receive window (bsc#1012628). - thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR (bsc#1012628). - cpufreq: check only freq_table in __resolve_freq() (bsc#1012628). - net/core/skbuff: Check the return value of skb_copy_bits() (bsc#1012628). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (bsc#1012628). - fbdev: omapfb: Fix tests for platform_get_irq() failure (bsc#1012628). - fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1012628). - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (bsc#1012628). - x86/sev: Mark snp_abort() noreturn (bsc#1012628). - drm/amdgpu: add sdma instance check for gfx11 CGCG (bsc#1012628). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (bsc#1012628). - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (bsc#1012628). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (bsc#1012628). - ALSA: hda: Once again fix regression of page allocations with IOMMU (bsc#1012628). - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (bsc#1012628). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (bsc#1012628). - ALSA: usb-audio: Clear fixed clock rate at closing EP (bsc#1012628). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (bsc#1012628). - tracefs: Only clobber mode/uid/gid on remount if asked (bsc#1012628). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (bsc#1012628). - tracing: Fix to check event_mutex is held while accessing trigger list (bsc#1012628). - btrfs: zoned: set pseudo max append zone limit in zone emulation mode (bsc#1012628). - btrfs: zoned: fix API misuse of zone finish waiting (bsc#1012628). - vfio/type1: Unpin zero pages (bsc#1012628). - kprobes: Prohibit probes in gate area (bsc#1012628). - perf: RISC-V: fix access beyond allocated array (bsc#1012628). - debugfs: add debugfs_lookup_and_remove() (bsc#1012628). - sched/debug: fix dentry leak in update_sched_domain_debugfs (bsc#1012628). - drm/amd/display: fix memory leak when using debugfs_lookup() (bsc#1012628). - driver core: fix driver_set_override() issue with empty strings (bsc#1012628). - nvmet: fix a use-after-free (bsc#1012628). - drm/i915/bios: Copy the whole MIPI sequence block (bsc#1012628). - drm/i915/slpc: Let's fix the PCODE min freq table setup for SLPC (bsc#1012628). - drm/i915: Implement WaEdpLinkRateDataReload (bsc#1012628). - scsi: mpt3sas: Fix use-after-free warning (bsc#1012628). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1012628). - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree (bsc#1012628). - cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock (bsc#1012628). - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1012628). - smb3: missing inode locks in zero range (bsc#1012628). - spi: bitbang: Fix lsb-first Rx (bsc#1012628). - ASoC: cs42l42: Only report button state if there was a button interrupt (bsc#1012628). - Revert "soc: imx: imx8m-blk-ctrl: set power device name" (bsc#1012628). - arm64: dts: imx8mm-verdin: update CAN clock to 40MHz (bsc#1012628). - arm64: dts: imx8mm-verdin: use level interrupt for mcp251xfd (bsc#1012628). - ASoC: qcom: sm8250: add missing module owner (bsc#1012628). - regmap: spi: Reserve space for register address/padding (bsc#1012628). - arm64: dts: imx8mp-venice-gw74xx: fix sai2 pin settings (bsc#1012628). - arm64: dts: imx8mq-tqma8mq: Remove superfluous interrupt-names (bsc#1012628). - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (bsc#1012628). - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (bsc#1012628). - ARM: dts: imx6qdl-vicut1.dtsi: Fix node name backlight_led (bsc#1012628). - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (bsc#1012628). - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (bsc#1012628). - arm64: dts: ls1028a-qds-65bb: don't use in-band autoneg for 2500base-x (bsc#1012628). - soc: imx: gpcv2: Assert reset before ungating clock (bsc#1012628). - arm64: dts: verdin-imx8mm: add otg2 pd to usbphy (bsc#1012628). - arm64: dts: imx8mm-venice-gw7901: fix port/phy validation (bsc#1012628). - arm64: dts: freescale: verdin-imx8mm: fix atmel_mxt_ts reset polarity (bsc#1012628). - arm64: dts: freescale: verdin-imx8mp: fix atmel_mxt_ts reset polarity (bsc#1012628). - regulator: core: Clean up on enable failure (bsc#1012628). - ASoC: SOF: Kconfig: Make IPC_FLOOD_TEST depend on SND_SOC_SOF (bsc#1012628). - ASoC: SOF: Kconfig: Make IPC_MESSAGE_INJECTOR depend on SND_SOC_SOF (bsc#1012628). - tee: fix compiler warning in tee_shm_register() (bsc#1012628). - RDMA/irdma: Fix drain SQ hang with no completion (bsc#1012628). - arm64: dts: renesas: r8a779g0: Fix HSCIF0 interrupt number (bsc#1012628). - RDMA/cma: Fix arguments order in net device validation (bsc#1012628). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (bsc#1012628). - RDMA/hns: Fix supported page size (bsc#1012628). - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (bsc#1012628). - RDMA/hns: Remove the num_qpc_timer variable (bsc#1012628). - wifi: wilc1000: fix DMA on stack objects (bsc#1012628). - ARM: at91: pm: fix self-refresh for sama7g5 (bsc#1012628). - ARM: at91: pm: fix DDR recalibration when resuming from backup and self-refresh (bsc#1012628). - ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges (bsc#1012628). - ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges (bsc#1012628). - ARM: dts: at91: sama7g5ek: specify proper regulator output ranges (bsc#1012628). - ARM: dts: at91: sama5d27_wlsom1: don't keep ldo2 enabled all the time (bsc#1012628). - ARM: dts: at91: sama5d2_icp: don't keep vdd_other enabled all the time (bsc#1012628). - netfilter: br_netfilter: Drop dst references before setting (bsc#1012628). - netfilter: nf_tables: clean up hook list when offload flags check fails (bsc#1012628). - riscv: dts: microchip: use an mpfs specific l2 compatible (bsc#1012628). - netfilter: nf_conntrack_irc: Fix forged IP logic (bsc#1012628). - RDMA/srp: Set scmnd->result only when scmnd is not NULL (bsc#1012628). - ALSA: usb-audio: Inform the delayed registration more properly (bsc#1012628). - ALSA: usb-audio: Register card again for iface over delayed_register option (bsc#1012628). - rxrpc: Fix ICMP/ICMP6 error handling (bsc#1012628). - rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2() (bsc#1012628). - afs: Use the operation issue time instead of the reply time for callbacks (bsc#1012628). - kunit: fix assert_type for comparison macros (bsc#1012628). - Revert "net: phy: meson-gxl: improve link-up behavior" (bsc#1012628). - sch_sfb: Don't assume the skb is still around after enqueueing to child (bsc#1012628). - tipc: fix shift wrapping bug in map_get() (bsc#1012628). - net: introduce __skb_fill_page_desc_noacc (bsc#1012628). - tcp: TX zerocopy should not sense pfmemalloc status (bsc#1012628). - ice: Fix DMA mappings leak (bsc#1012628). - ice: use bitmap_free instead of devm_kfree (bsc#1012628). - i40e: Fix kernel crash during module removal (bsc#1012628). - iavf: Detach device during reset task (bsc#1012628). - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (bsc#1012628). - block: don't add partitions if GD_SUPPRESS_PART_SCAN is set (bsc#1012628). - RDMA/siw: Pass a pointer to virt_to_page() (bsc#1012628). - bonding: use unspecified address if no available link local address (bsc#1012628). - bonding: add all node mcast address when slave up (bsc#1012628). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1012628). - IB/core: Fix a nested dead lock as part of ODP flow (bsc#1012628). - RDMA/mlx5: Set local port to one when accessing counters (bsc#1012628). - btrfs: zoned: fix mounting with conventional zones (bsc#1012628). - erofs: fix error return code in erofs_fscache_{meta_,}read_folio (bsc#1012628). - erofs: fix pcluster use-after-free on UP platforms (bsc#1012628). - nvme-tcp: fix UAF when detecting digest errors (bsc#1012628). - nvme-tcp: fix regression that causes sporadic requests to time out (bsc#1012628). - tcp: fix early ETIMEDOUT after spurious non-SACK RTO (bsc#1012628). - btrfs: fix the max chunk size and stripe length calculation (bsc#1012628). - nvmet: fix mar and mor off-by-one errors (bsc#1012628). - RDMA/irdma: Report the correct max cqes from query device (bsc#1012628). - RDMA/irdma: Return error on MR deregister CQP failure (bsc#1012628). - RDMA/irdma: Return correct WC error for bind operation failure (bsc#1012628). - RDMA/irdma: Report RNR NAK generation in device caps (bsc#1012628). - net: dsa: felix: disable cut-through forwarding for frames oversized for tc-taprio (bsc#1012628). - net: dsa: felix: access QSYS_TAG_CONFIG under tas_lock in vsc9959_sched_speed_set (bsc#1012628). - net: ethernet: mtk_eth_soc: fix typo in __mtk_foe_entry_clear (bsc#1012628). - net: ethernet: mtk_eth_soc: check max allowed hash in mtk_ppe_check_skb (bsc#1012628). - net/smc: Fix possible access to freed memory in link clear (bsc#1012628). - io_uring: recycle kbuf recycle on tw requeue (bsc#1012628). - net: phy: lan87xx: change interrupt src of link_up to comm_ready (bsc#1012628). - sch_sfb: Also store skb len before calling child enqueue (bsc#1012628). - libperf evlist: Fix per-thread mmaps for multi-threaded targets (bsc#1012628). - perf dlfilter dlfilter-show-cycles: Fix types for print format (bsc#1012628). - perf script: Fix Cannot print 'iregs' field for hybrid systems (bsc#1012628). - perf record: Fix synthesis failure warnings (bsc#1012628). - hwmon: (tps23861) fix byte order in resistance register (bsc#1012628). - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (bsc#1012628). - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (bsc#1012628). - lsm,io_uring: add LSM hooks for the new uring_cmd file op (bsc#1012628). - selinux: implement the security_uring_cmd() LSM hook (bsc#1012628). - Smack: Provide read control for io_uring_cmd (bsc#1012628). - MIPS: loongson32: ls1c: Fix hang during startup (bsc#1012628). - kbuild: disable header exports for UML in a straightforward way (bsc#1012628). - i40e: Refactor tc mqprio checks (bsc#1012628). - i40e: Fix ADQ rate limiting for PF (bsc#1012628). - net: bonding: replace dev_trans_start() with the jiffies of the last ARP/NS (bsc#1012628). - bonding: accept unsolicited NA message (bsc#1012628). - swiotlb: avoid potential left shift overflow (bsc#1012628). - iommu/amd: use full 64-bit value in build_completion_wait() (bsc#1012628). - s390/boot: fix absolute zero lowcore corruption on boot (bsc#1012628). - time64.h: consolidate uses of PSEC_PER_NSEC (bsc#1012628). - net: dsa: felix: tc-taprio intervals smaller than MTU should send at least one packet (bsc#1012628). - hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map" not defined (bsc#1012628). - hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors (bsc#1012628). - hwmon: (mr75203) fix voltage equation for negative source input (bsc#1012628). - hwmon: (mr75203) fix multi-channel voltage reading (bsc#1012628). - hwmon: (mr75203) enable polling for all VM channels (bsc#1012628). - iommu/vt-d: Fix possible recursive locking in intel_iommu_init() (bsc#1012628). - perf evlist: Always use arch_evlist__add_default_attrs() (bsc#1012628). - perf stat: Fix L2 Topdown metrics disappear for raw events (bsc#1012628). - Revert "arm64: kasan: Revert "arm64: mte: reset the page tag in page->flags"" (bsc#1012628). - hwmon: (asus-ec-sensors) add support for Strix Z690-a D4 (bsc#1012628). - hwmon: (asus-ec-sensors) add support for Maximus XI Hero (bsc#1012628). - hwmon: (asus-ec-sensors) add missing sensors for X570-I GAMING (bsc#1012628). - hwmon: (asus-ec-sensors) add definitions for ROG ZENITH II EXTREME (bsc#1012628). - hwmon: (asus-ec-sensors) autoload module via DMI data (bsc#1012628). - arm64/bti: Disable in kernel BTI when cross section thunks are broken (bsc#1012628). - iommu/vt-d: Correctly calculate sagaw value of IOMMU (bsc#1012628). - iommu/virtio: Fix interaction with VFIO (bsc#1012628). - Update config files. - commit 0312ea1 ++++ util-linux: - Do not set SUID permissions for util-linux-mini. ++++ polkit: - obsolete libpolkit0 also from baselibs. ++++ libsoup: - Update to version 3.2.0: + No changes, stable bump only. ++++ libvirt: - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. ++++ python310-pyparsing: - Fix incorrect usage of non-bundled pip revealed by python-rpm-macros update. ++++ qemu: - pcre-devel-static is only needed when building against glib2 < 2.73. After that, glib2 was migrated to pcre2. ++++ shim-leap: - Override shim-install to write tpm_record_pcrs into grub.cfg. (jsc#PED-922) ++++ util-linux-systemd: - Do not set SUID permissions for util-linux-mini. ------------------------------------------------------------------ ------------------ 2022-9-14 - Sep 14 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - llvm15.patch: backport of commits 2037c34f245, 301bcbac0e5, 6983c8580a2 to support LLVM 15 ++++ Mesa-drivers: - llvm15.patch: backport of commits 2037c34f245, 301bcbac0e5, 6983c8580a2 to support LLVM 15 ++++ ansible-core: - update to 2.13.4: Changelog https://github.com/ansible/ansible/blob/v2.13.4/changelogs/CHANGELOG-v2.13.rst * Bugfixes - Fix for network_cli not getting all relevant connection options - ansible-galaxy - Fix detection of --role-file in arguments for implicit role invocation (#78204) - ansible-galaxy - Fix exit codes for role search and delete (#78516) - ansible-test - Fix change detection for ansible-test's own integration tests. - ansible-test - ansible-doc sanity test - Correctly determine the fully-qualified collection name for plugins in subdirectories, resolving #78490. - apt - don't actually update the cache in check mode with update_cache=true. - apt - don't mark existing packages as manually installed in check mode (#66413). - apt - fix package selection to include /etc/apt/preferences(.d) (#77969) - urls - Guard imports of urllib3 by catching Exception instead of ImportError to prevent exceptions in the import process of optional dependencies from preventing use of urls.py (#78648) - wait_for - Read file and perform comparisons using bytes to avoid decode errors (#78214) ++++ diffutils: - Skip gnulib test test-free under qemu emulation (bsc#1202260) ++++ dracut: - Update to version 057+suse.315.gd210fc38: * chore(suse): update spec Fix "directories not owned by a package" caused by bash-completion directories not owned by dracut. Do not install modules incompatible with the system architecture. * chore(suse): change default persistent policy * ci(suse.conf.example): update SUSE-specific config * chore(suse): fix 99-debug.conf ++++ e2fsprogs: - Spec file cleanup: + Drop remainders regarding -mini packages, which was not a thing since Jan 2014. + Split build of fuse2fs out into a sep build (_multibuild enabled). ++++ file: - Add patch file-zstd.patch from upstream mailing list * Add zstd decompression support - Run also upstream standard checks ++++ gnutls: - FIPS: Run the CFB8 cipher selftest without offset [bsc#1203245] * CFB8 list of ciphers: GNUTLS_CIPHER_AES_{128,192,256}_CFB8 * Add gnutls-FIPS-Run-CFB8-without-offset.patch ++++ hwdata: - update to 0.362: + Updated pci, usb and vendor ids. ++++ less: - Update to 608: * Add the --header option (github #43). * Add the --no-number-headers option (github #178). * Add the --status-line option. * Add the --redraw-on-quit option (github #36). * Add the --search-options option (github #213). * Add the --exit-follow-on-close option (github #244). * Add 'H' color type to set color of header lines. * Add #version conditional to lesskey. * Add += syntax to variable section in lesskey files. * Allow option name in -- command to end with '=' in addition to '\n'. * Add $HOME/.config to possible locations of lesskey file (github #153). * Add $XDG_STATE_HOME and $HOME/.local/state to possible locations of history file (github #223). * Don't read or write history file in secure mode (github #201). * Fix display of multibyte and double-width chars in prompt. * Fix ESC-BACKSPACE command when BACKSPACE key does not send 0x08 (github #188). * Add more \k codes to lesskey format. * Fix bug when empty file is modified while viewing it. * Fix bug when parsing a malformed lesskey file (githb #234). * Fix bug scrolling history when --incsearch is set (github #214). * Fix buffer overflow when invoking lessecho with more than 63 -m/-n options (github #198). * Fix buffer overflow in bin_file (github #271). * Fix bug restoring color at end of highlighted text. * Fix bug in parsing lesskey file. * Defer moving cursor to lower left in some more cases. * Suppress TAB filename expansion in some cases where it doesn't make sense. * Fix termlib detection when compiler doesn't accept calls to undeclared functions. * Escape filenames when invoking LESSCLOSE. * Fix bug using multibyte UTF-8 char in search string with --incsearch (github #273). ++++ libgcrypt: - Update to 1.10.0: * New and extended interfaces: - New control codes to check for FIPS 140-3 approved algorithms. - New control code to switch into non-FIPS mode. - New cipher modes SIV and GCM-SIV as specified by RFC-5297. - Extended cipher mode AESWRAP with padding as specified by RFC-5649. - New set of KDF functions. - New KDF modes Argon2 and Balloon. - New functions for combining hashing and signing/verification. * Performance: - Improved support for PowerPC architectures. - Improved ECC performance on zSeries/s390x by using accelerated scalar multiplication. - Many more assembler performance improvements for several architectures. * Bug fixes: - Fix Elgamal encryption for other implementations. [bsc#1190239, CVE-2021-40528] - Check the input length of the point in ECDH. - Fix an abort in gcry_pk_get_param for "Curve25519". * Other features: - The control code GCRYCTL_SET_ENFORCED_FIPS_FLAG is ignored because it is useless with the FIPS 140-3 related changes. - Update of the jitter entropy RNG code. - Simplification of the entropy gatherer when using the getentropy system call. * Interface changes relative to the 1.10.0 release: - GCRYCTL_SET_DECRYPTION_TAG NEW control code. - GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER NEW control code. - GCRYCTL_FIPS_SERVICE_INDICATOR_KDF NEW control code. - GCRYCTL_NO_FIPS_MODE = 83 NEW control code. - GCRY_CIPHER_MODE_SIV NEW mode. - GCRY_CIPHER_MODE_GCM_SIV NEW mode. - GCRY_CIPHER_EXTENDED NEW flag. - GCRY_SIV_BLOCK_LEN NEW macro. - gcry_cipher_set_decryption_tag NEW macro. - GCRY_KDF_ARGON2 NEW constant. - GCRY_KDF_BALLOON NEW constant. - GCRY_KDF_ARGON2D NEW constant. - GCRY_KDF_ARGON2I NEW constant. - GCRY_KDF_ARGON2ID NEW constant. - gcry_kdf_hd_t NEW type. - gcry_kdf_job_fn_t NEW type. - gcry_kdf_dispatch_job_fn_t NEW type. - gcry_kdf_wait_all_jobs_fn_t NEW type. - struct gcry_kdf_thread_ops NEW struct. - gcry_kdf_open NEW function. - gcry_kdf_compute NEW function. - gcry_kdf_final NEW function. - gcry_kdf_close NEW function. - gcry_pk_hash_sign NEW function. - gcry_pk_hash_verify NEW function. - gcry_pk_random_override_new NEW function. * Rebase libgcrypt-1.8.4-allow_FSM_same_state.patch and rename to libgcrypt-1.10.0-allow_FSM_same_state.patch * Remove unused CAVS tests and related patches: - cavs_driver.pl cavs-test.sh - libgcrypt-1.6.1-fips-cavs.patch - drbg_test.patch * Remove DSA sign/verify patches for the FIPS CAVS test since DSA has been disabled in FIPS mode: - libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch - libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch * Rebase libgcrypt-FIPS-SLI-pk.patch * Rebase libgcrypt_indicators_changes.patch and libgcrypt-indicate-shake.patch and merge both into libgcrypt-FIPS-SLI-hash-mac.patch * Rebase libgcrypt-FIPS-kdf-leylength.patch and rename to libgcrypt-FIPS-SLI-kdf-leylength.patch * Rebase libgcrypt-jitterentropy-3.4.0.patch * Rebase libgcrypt-FIPS-rndjent_poll.patch * Rebase libgcrypt-out-of-core-handler.patch and rename to libgcrypt-1.10.0-out-of-core-handler.patch * Since the FIPS .hmac file is now calculated with the internal tool hmac256, only the "module is complete" trigger .fips file is checked. Rename libgcrypt-1.6.1-use-fipscheck.patch to libgcrypt-1.10.0-use-fipscheck.patch * Remove patches fixed upstream: - libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch - libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff - libgcrypt-fix-rng.patch - libgcrypt-1.8.3-fips-ctor.patch - libgcrypt-1.8.4-use_xfree.patch - libgcrypt-1.8.4-getrandom.patch - libgcrypt-1.8.4-fips_ctor_skip_integrity_check.patch - libgcrypt-dsa-rfc6979-test-fix.patch - libgcrypt-fix-tests-fipsmode.patch - libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch - libgcrypt-1.8.4-fips-keygen.patch - libgcrypt-invoke-global_init-from-constructor.patch - libgcrypt-Restore-self-tests-from-constructor.patch - libgcrypt-FIPS-GMAC_AES-benckmark.patch - libgcrypt-global_init-constructor.patch - libgcrypt-random_selftests-testentropy.patch - libgcrypt-rsa-no-blinding.patch - libgcrypt-ecc-ecdsa-no-blinding.patch - libgcrypt-PCT-DSA.patch - libgcrypt-PCT-ECC.patch - libgcrypt-PCT-RSA.patch - libgcrypt-fips_selftest_trigger_file.patch - libgcrypt-pthread-in-t-lock-test.patch - libgcrypt-FIPS-hw-optimizations.patch - libgcrypt-FIPS-module-version.patch - libgcrypt-FIPS-disable-3DES.patch - libgcrypt-FIPS-fix-regression-tests.patch - libgcrypt-FIPS-RSA-keylen.patch - libgcrypt-FIPS-RSA-keylen-tests.patch - libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch - libgcrypt-FIPS-verify-unsupported-KDF-test.patch - libgcrypt-FIPS-HMAC-short-keylen.patch - libgcrypt-FIPS-service-indicators.patch - libgcrypt-FIPS-disable-DSA.patch - libgcrypt-jitterentropy-3.3.0.patch - libgcrypt-FIPS-Zeroize-hmac.patch * Update libgcrypt.keyring ++++ openssl-3: - Do not make libopenssl3-32bit obsolete libopenssl1_1-32bit. They are independent libraries and can be installed simultaneously. ++++ logrotate: - Ignoring vendor logs settings in /usr/etc/logrotate.d if they have already been defined by the the admin in the /etc/logrotate.d directory (bsc#1173319). - Removed logrotate-3.20.0-man_logrotate.patch. - Added logrotate-vendor-dir.patch ++++ rsync: - Use bundled SLP patch now that upstream fixed it: * Remove rsync-3.2.5-slp.patch ------------------------------------------------------------------ ------------------ 2022-9-13 - Sep 13 2022 ------------------- ------------------------------------------------------------------ ++++ bash: - Update to bash 5.2 rc4 Pos. aa is now enabled by default. m. Readline now checks for changes to locale settings (LC_ALL/LC_CTYPE/LANG) each time it is called, and modifies the appropriate locale-specific display - Port patches * bash-2.03-manual.patch * bash-5.2.dif ++++ permissions: - Update to version 20220912: * chkstat: also consider group controlled paths (bsc#1203018, CVE-2022-31252) ++++ cockpit: - Fix cockpit-storage dependencies - Merge SUSE branding into cockpit package ++++ cryptsetup: - Add virtual provides for 'integritysetup' and 'veritysetup' to match package names provided by Fedora/RHEL, to allow the same set of dependencies to be used across all RPM distributions. ++++ e2fsprogs: - enabled fuse2fs build which enable to mount ext2/3/4 via FUSE ++++ fde-tools: - Introduce a specific unit script that takes care of mounting root early (to avoid conflicts with ignition). ++++ file: - update to 5.43: * Add octal indirect magic * avoid infinite loop in non-wide code * Obey MAGIC_CONTINUE with multiple magic files * Fix bug with large flist * PR/364: Detect non-nul-terminated core filenames from QEMU * PR/359: Add support for http://ndjson.org/ * PR/362: Fix wide printing * PR/358: Fix width for -f - - drop file-boo1201350.patch (upstream) ++++ gawk: - upref.patch: Add missing UPREF ++++ gnutls: - provide a libgnutls30-hmac-32bit to avoid uninstallable wine when pattern-base-fips is installed [boo#1203353] ++++ libdrm: - disabled intel driver on s390x ++++ rdma-core: - Update to v42.0 - Fixes for all providers - Dropped patches merged upstream: - util-Add-barriers-support-for-RISC-V.patch - cmake-Make-modprobe.d-path-configurable.patch - Update gen-pandoc.sh to support python3 ++++ readline: - Update to readline-8.2-rc4 m. Readline now checks for changes to locale settings (LC_ALL/LC_CTYPE/LANG) each time it is called, and modifies the appropriate locale-specific display and key binding variables when the locale changes. - Port patch readline-8.2.dif ++++ python-pycairo: - Update to version 1.21.0: * Require Python 3.7+ * Require meson 0.53+ * Using setup.py directly to build/install pycairo is deprecated. Use meson instead. * setup.py now requires setuptools. Previously it was optional. * The complete API reference is now included in the typing stubs, so it can be consumed/shown by IDEs. - Add f5a795ea.patch: Some test improvements for cairo 1.17.6 ++++ vim: - Updated to version 9.0.0453, fixes the following problems - boo#1203272 - CVE-2022-3153 - boo#1203194 - CVE-2022-3134 - boo#1203110 - CVE-2022-3099 * Writefile test leaves files behind. * Freeing the wrong string on failure. * Coverity complains about unused value. * Covertity still complains about using return value of getc(). * GUI: when CTRL-D is mapped in Insert mode it gets inserted. (Yasuhiro Matsumoto) * Some code blocks are nested too deep. * repeating a mapping does not use the right script context. * The do_arg_all() function is too long. * Crash when 'tagfunc' closes the window. * Cannot use a partial with :defer. * Using separate delete() call instead of writefile() 'D' flag. * Inverted condition is a bit confusing. * Signals test often fails on FreeBSD. * Cygwin: multibyte characters may be broken in terminal window. * Clang warnings for function prototypes. * :findrepl does not escape '&' and '~' properly. * :defer not tested with exceptions and ":qa!". * Members of funccall_T are inconsistently named. * Using :defer in expression funcref not tested. * GUI test sometimes hangs on CI. * CI uses older clang version. * Javascript module files are not recoginzed. * 'equalalways' may be off when 'laststatus' is zero. * Crash when passing invalid arguments to assert_fails(). * Arguments in a partial not used by a :def function. * Deferred functions not invoked when partial func exits. * matchstr() does match column offset. (Yasuhiro Matsumoto) * GUI test sometimes fails on MS-Windows. * #{g:x} was seen as a curly-braces expression. * Struct member cts_lnum is unused. * Only created files can be cleaned up with one call. * Compiler warning for unused argument. * ASAN reports a memory leak. * matchstr() still does not match column offset when done after a text search. * ml_get error when appending lines in popup window. * Jsonnet files are not recognized. * Manually deleting temp test files. * The :defer command does not check the function argument count and types. * Function went missing. * Not enough testing of the :all command. * "for" and "while" not recognized after :vim9cmd and :legacy. (Emanuele Torre) * gitattributes files are not recognized. * Autocmd test is a bit flaky on MS-Windows. * Failed flaky tests report only start time. * Drupal theme files are not recognized. * Autocmd test uses common file name. * Not all keys are tested for the MS-Windows GUI. * Cannot use repeat() with a blob. * Current mode shows in message window. * Crash when using for loop variable in closure. * Coverity warns for not checking allocation failure. * gitignore files are not recognized. * Compiler warning for uninitialized variable. * CI: running tests in parallel causes flakiness. * No error when a custom completion function returns something else than the expected list. * Cannot put virtual text above a line. * Cursor wrong if inserting before line with virtual text above. * Crash when using mkdir() with "R" flag in compiled function. * Closure in for loop test fails on some systems. * Virtual text "above" doesn't handel line numbers. * Blueprint files are not recognized. * Trying to declare g:variable gives confusing error. * When opening/closing window text moves up/down. * Message window may be positioned too low. * Using :echowin while at the hit-enter prompt causes problems. * SubRip files are not recognized. * There is no easy way to translate a string with a key code into a readable string. * Return value of argument check functions is inconsistent. * Virtual text "above" does not work with 'nowrap'. * Visual highlighting extends into virtual text prop. * On an AZERTY keyboard digit keys get the shift modifier. ------------------------------------------------------------------ ------------------ 2022-9-12 - Sep 12 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - commit a5f18a6 - iommu: Fix false ownership failure on AMD systems with PASID activated (bsc#1202492). - commit c4990ab - Drop temporary workaround patch for HD-audio IOMMU bug (bsc#1202492) The proper upstream fix will be merged instead - commit 23d9d61 ++++ llvm15: - Use correct LLVM_HOST_TRIPLE for riscv64 ++++ util-linux: - Fix pam directory for the staging package. - Add util-linux-rpmlintrc removing unneeded warnings. ++++ libdrm: - update to 2.4.113: * amdgpu: update marketing names * sync i915_pciids with kernel * atomic: fix atomic_add_unless() fallback's return value * intel: Avoid aliasing violation * intel: Hook up new platforms IDs * meson: auto-enable etnaviv on arm, arc, mips and loongarch architectures * modetest: use drmGetFormatName() * lots of testsuite and CI improvements - enable intel support everywhere as there are now discrete intel GPUs - enable vc4 support on armv7/aarch64 - simplify valgrind support ifdefery ++++ jitterentropy: - updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ++++ ncurses: - Add ncurses patch 20220910 + amend verbose-option change to make this affect level 3, e.g., using "tic -cv3 terminfo". + work around musl's nonstandard use of feature test macros by adding a definition for NCURSES_WIDECHAR to the generated ".pc" and *-config files (report by Sam James). - Add ncurses patch 20220903 + modify verbose-option of infocmp, tic, toe to enable debug-tracing if that is configured. - Add ncurses patch 20220827 + modify configure scripts to use overlooked cases for LD and PKG_CONFIG variables (report by Alan Webb, Gentoo #866398). + modify nsterm to use xterm+alt1049 (report by Paul Handly) -TD + modify putty to use xterm+alt1049 -TD - Correct offsets of patches * ncurses-5.9-ibm327x.dif * ncurses-6.3.dif ++++ rpm: - update to rpm-4.17.1.1 * Fix upstream branch setting in "%autosetup -S git" * Revert "Strip the target triplet GNU suffix more precisely." ++++ ovmf: - Modified ovmf.changes log, using PED-1410 instead of PED-1359 for pushing to SLE15-SP5. ++++ rsync: - update to 3.2.6: * More path-cleaning improvements in the file-list validation code to avoid rejecting of valid args. * A file-list validation fix for a --files-from file that ends without a line-terminating character. * Added a safety check that prevents the sender from removing destination files when a local copy using --remove-source-files has some files that are shared between the sending & receiving hierarchies, including the case where the source dir & destination dir are identical. * Fixed a bug in the internal MD4 checksum code that could cause the digest to be sporadically incorrect (the openssl version was/is fine). * A minor tweak to rrsync added "copy-devices" to the list of known args, but left it disabled by default. ++++ selinux-policy: - Revamped rtorrent module ++++ suse-module-tools: - Update to version 16.0.23: * cert-script: skip cert handling if efivarfs is not writable (bsc#1201066) * driver-check.sh, unblacklist: convert egrep to grep -E (bsc#1203092) ++++ util-linux-systemd: - Fix pam directory for the staging package. - Add util-linux-rpmlintrc removing unneeded warnings. ------------------------------------------------------------------ ------------------ 2022-9-11 - Sep 11 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update to 6.0-rc5 - eliminate 5 patches: - patches.suse/ASoC-nau8540-Implement-hw-constraint-for-rates.patch - patches.suse/ASoC-nau8821-Implement-hw-constraint-for-rates.patch - patches.suse/ASoC-nau8824-Fix-semaphore-unbalance-at-error-paths.patch - patches.suse/ASoC-nau8824-Implement-hw-constraint-for-rates.patch - patches.suse/ASoC-nau8825-Implement-hw-constraint-for-rates.patch - refresh configs - commit f7dcc92 ++++ python310-core: - Update to 3.10.7: - Fix for CVE-2020-10735 (bsc#1203125) Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. - Other bug fixes: - Fixed a bug that caused _PyCode_GetExtra to return garbage for negative indexes. - Fix format string in _PyPegen_raise_error_known_location that can lead to memory corruption on some 64bit systems. The function was building a tuple with i (int) instead of n (Py_ssize_t) for Py_ssize_t arguments. - Fix misleading contents of error message when converting an all-whitespace string to float. - coroutine.throw() now properly initializes the frame.f_back when resuming a stack of coroutines. This allows e.g. traceback.print_stack() to work correctly when an exception (such as CancelledError) is thrown into a coroutine. - ast.parse() will no longer parse function definitions with positional-only params when passed feature_version less than (3, 8). - Correct conversion of numbers.Rational’s to float. - Fix a performance regression in logging TimedRotatingFileHandler. Only check for special files when the rollover time has passed. - Fix unused localName parameter in the Attr class in xml.dom.minidom. - Update bundled pip to 22.2.2. - Fail gracefully if EPERM or ENOSYS is raised when loading crypt methods. This may happen when trying to load MD5 on a Linux kernel with FIPS enabled. - Improve discoverability of the higher level concurrent.futures module by providing clearer links from the lower level threading and multiprocessing modules. - Update the default RFC base URL from deprecated tools.ietf.org to datatracker.ietf.org - Fix stylesheet not working in Windows CHM htmlhelp docs. - The documentation now lists which members of C structs are part of the Limited API/Stable ABI. - Mitigate the inherent race condition from using find_unused_port() in testSockName() by trying to find an unused port a few times before failing. - Build and test with OpenSSL 1.1.1q - Document handling of extensions in Save As dialogs. - Include prompts when saving Shell (interactive input and output). ++++ python310: - Update to 3.10.7: - Fix for CVE-2020-10735 (bsc#1203125) Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. - Other bug fixes: - Fixed a bug that caused _PyCode_GetExtra to return garbage for negative indexes. - Fix format string in _PyPegen_raise_error_known_location that can lead to memory corruption on some 64bit systems. The function was building a tuple with i (int) instead of n (Py_ssize_t) for Py_ssize_t arguments. - Fix misleading contents of error message when converting an all-whitespace string to float. - coroutine.throw() now properly initializes the frame.f_back when resuming a stack of coroutines. This allows e.g. traceback.print_stack() to work correctly when an exception (such as CancelledError) is thrown into a coroutine. - ast.parse() will no longer parse function definitions with positional-only params when passed feature_version less than (3, 8). - Correct conversion of numbers.Rational’s to float. - Fix a performance regression in logging TimedRotatingFileHandler. Only check for special files when the rollover time has passed. - Fix unused localName parameter in the Attr class in xml.dom.minidom. - Update bundled pip to 22.2.2. - Fail gracefully if EPERM or ENOSYS is raised when loading crypt methods. This may happen when trying to load MD5 on a Linux kernel with FIPS enabled. - Improve discoverability of the higher level concurrent.futures module by providing clearer links from the lower level threading and multiprocessing modules. - Update the default RFC base URL from deprecated tools.ietf.org to datatracker.ietf.org - Fix stylesheet not working in Windows CHM htmlhelp docs. - The documentation now lists which members of C structs are part of the Limited API/Stable ABI. - Mitigate the inherent race condition from using find_unused_port() in testSockName() by trying to find an unused port a few times before failing. - Build and test with OpenSSL 1.1.1q - Document handling of extensions in Save As dialogs. - Include prompts when saving Shell (interactive input and output). ------------------------------------------------------------------ ------------------ 2022-9-10 - Sep 10 2022 ------------------- ------------------------------------------------------------------ ++++ libXft: - Update to version 2.3.6 * Fixes a regression in 2.3.5 for XftTextExtents* length-checks. ++++ python-psutil: - update to version 5.9.2: * Bug fixes + 2093_, [FreeBSD], **[critical]**: `pids()`_ may fail with ENOMEM. Dynamically increase the "malloc()" buffer size until it's big enough. + 2095_, [Linux]: `net_if_stats()`_ returns incorrect interface speed for 100GbE network cards. + 2113_, [FreeBSD], **[critical]**: `virtual_memory()`_ may raise ENOMEM due to missing "#include " directive. (patch by Peter Jeremy) + 2128_, [NetBSD]: `swap_memory()`_ was miscalculated. (patch by Thomas Klausner) ++++ sudo: - Modified sudo-sudoers.patch * bsc#1177578 * Removed redundant and confusing 'secure_path' settings in sudo-sudoers file. ------------------------------------------------------------------ ------------------ 2022-9-9 - Sep 9 2022 ------------------- ------------------------------------------------------------------ ++++ dmidecode: 2 recommended fixes from upstream: - news-fix-typo.patch: We ship the NEWS file so avoid including a typo in it. - dmioem-fix-segmentation-fault-in-dmi_hp_240_attr.patch: Passing NULL to a %s printf conversion specifier is illegal, and can result in a segmentation fault. Current version of glibc doesn't mind, but alternative, past or future libc implementations could crash, so let's fix it. ++++ dnsmasq: - Ensure the dnsmasq user's group is used - Remove nogroup requirement ++++ multipath-tools: - Update to version 0.9.1+52+suse.be8809e: * Code-identical to 0.9.1+48+suse.9c6c435 (merge in git repo to preserve history; fix revision in _service file). ++++ numactl: - Update to version 2.0.15.0.g01a39cb: * Create codeql.yml * Create makefile.yml * Fix crash when memhog uses local policy * Fix memhog uses the wrong policy but still works properly * Fix the example usage in the man manual. * fix memory and file handle leaks * Do not reuse variable names in subscopes and delete useless blank lines * Delete unused header files * Limit the scope of function * avoid declaring a global variable * Fix build error on riscv64 by linking libatomic ++++ patterns-base: - drop recommends for ucode-intel and ucode-amd, these packages have supplements to be pulled in on the respective cpus and there is no point having both installed (doubling the number of reboot-needed updates) ++++ rsync: - Build SLE version with g++-11 to work around nondeterministic g++-7 (boo#1193895) ------------------------------------------------------------------ ------------------ 2022-9-8 - Sep 8 2022 ------------------- ------------------------------------------------------------------ ++++ glib2: - Replace pkgconfig(libpcre) with pkgconfig(libpcre2-8) BuildRequires. No longer used by glib (replaced by pcre2 in 2.73.2). ++++ glibc: - errlist-edeadlock.patch: errlist: add missing entry for EDEADLOCK (BZ [#29545]) ++++ kernel-default: - Linux 5.19.8 (bsc#1012628). - drm/msm/dp: make eDP panel as the first connected connector (bsc#1012628). - drm/msm/dsi: fix the inconsistent indenting (bsc#1012628). - drm/msm/dpu: populate wb or intf before reset_intf_cfg (bsc#1012628). - drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 (bsc#1012628). - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (bsc#1012628). - drm/msm/dsi: Fix number of regulators for SDM660 (bsc#1012628). - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (bsc#1012628). - platform/x86: x86-android-tablets: Fix broken touchscreen on Chuwi Hi8 with Windows BIOS (bsc#1012628). - xsk: Fix corrupted packets for XDP_SHARED_UMEM (bsc#1012628). - drm/msm/gpu: Drop qos request if devm_devfreq_add_device() fails (bsc#1012628). - peci: aspeed: fix error check return value of platform_get_irq() (bsc#1012628). - iio: adc: mcp3911: make use of the sign bit (bsc#1012628). - skmsg: Fix wrong last sg check in sk_msg_recvmsg() (bsc#1012628). - bpf: Restrict bpf_sys_bpf to CAP_PERFMON (bsc#1012628). - ip_tunnel: Respect tunnel key's "flow_flags" in IP tunnels (bsc#1012628). - bpf, cgroup: Fix kernel BUG in purge_effective_progs (bsc#1012628). - drm/i915/gvt: Fix Comet Lake (bsc#1012628). - ieee802154/adf7242: defer destroy_workqueue call (bsc#1012628). - bpf: Fix a data-race around bpf_jit_limit (bsc#1012628). - drm/i915/ttm: fix CCS handling (bsc#1012628). - drm/i915/display: avoid warnings when registering dual panel backlight (bsc#1012628). - ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array (bsc#1012628). - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (bsc#1012628). - xhci: Fix null pointer dereference in remove if xHC has only one roothub (bsc#1012628). - Revert "xhci: turn off port power in shutdown" (bsc#1012628). - bpf: Allow helpers to accept pointers with a fixed size (bsc#1012628). - bpf: Tidy up verifier check_func_arg() (bsc#1012628). - bpf: Do mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO (bsc#1012628). - Bluetooth: hci_event: Fix vendor (unknown) opcode status handling (bsc#1012628). - Bluetooth: hci_sync: Fix suspend performance regression (bsc#1012628). - Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1012628). - Bluetooth: hci_sync: hold hdev->lock when cleanup hci_conn (bsc#1012628). - net: sparx5: fix handling uneven length packets in manual extraction (bsc#1012628). - net: smsc911x: Stop and start PHY during suspend and resume (bsc#1012628). - openvswitch: fix memory leak at failed datapath creation (bsc#1012628). - nfp: flower: fix ingress police using matchall filter (bsc#1012628). - net: dsa: xrs700x: Use irqsave variant for u64 stats update (bsc#1012628). - drm/i915: fix null pointer dereference (bsc#1012628). - net: sched: tbf: don't call qdisc_put() while holding tree lock (bsc#1012628). - net/sched: fix netdevice reference leaks in attach_default_qdiscs() (bsc#1012628). - net: phy: micrel: Make the GPIO to be non-exclusive (bsc#1012628). - net: lan966x: improve error handle in lan966x_fdma_rx_get_frame() (bsc#1012628). - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (bsc#1012628). - cachefiles: fix error return code in cachefiles_ondemand_copen() (bsc#1012628). - cachefiles: make on-demand request distribution fairer (bsc#1012628). - mlxbf_gige: compute MDIO period based on i1clk (bsc#1012628). - kcm: fix strp_init() order and cleanup (bsc#1012628). - sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb (bsc#1012628). - tcp: annotate data-race around challenge_timestamp (bsc#1012628). - Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb" (bsc#1012628). - net/smc: Remove redundant refcount increase (bsc#1012628). - soundwire: qcom: fix device status array range (bsc#1012628). - mm/slab_common: Deleting kobject in kmem_cache_destroy() without holding slab_mutex/cpu_hotplug_lock (bsc#1012628). - platform/mellanox: mlxreg-lc: Fix coverity warning (bsc#1012628). - platform/mellanox: mlxreg-lc: Fix locking issue (bsc#1012628). - serial: fsl_lpuart: RS485 RTS polariy is inverse (bsc#1012628). - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (bsc#1012628). - staging: rtl8712: fix use after free bugs (bsc#1012628). - staging: r8188eu: Add Rosewill USB-N150 Nano to device tables (bsc#1012628). - staging: r8188eu: add firmware dependency (bsc#1012628). - Revert "powerpc: Remove unused FW_FEATURE_NATIVE references" (bsc#1012628). - powerpc: align syscall table for ppc32 (bsc#1012628). - powerpc/rtas: Fix RTAS MSR[HV] handling for Cell (bsc#1012628). - vt: Clear selection before changing the font (bsc#1012628). - musb: fix USB_MUSB_TUSB6010 dependency (bsc#1012628). - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (bsc#1012628). - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (bsc#1012628). - iio: light: cm3605: Fix an error handling path in cm3605_probe() (bsc#1012628). - iio: ad7292: Prevent regulator double disable (bsc#1012628). - iio: adc: mcp3911: correct "microchip,device-addr" property (bsc#1012628). - iio: adc: mcp3911: use correct formula for AD conversion (bsc#1012628). - misc: fastrpc: fix memory corruption on probe (bsc#1012628). - misc: fastrpc: fix memory corruption on open (bsc#1012628). - firmware_loader: Fix use-after-free during unregister (bsc#1012628). - firmware_loader: Fix memory leak in firmware upload (bsc#1012628). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (bsc#1012628). - landlock: Fix file reparenting without explicit LANDLOCK_ACCESS_FS_REFER (bsc#1012628). - mmc: core: Fix UHS-I SD 1.8V workaround branch (bsc#1012628). - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (bsc#1012628). - binder: fix UAF of ref->proc caused by race condition (bsc#1012628). - binder: fix alloc->vma_vm_mm null-ptr dereference (bsc#1012628). - cifs: fix small mempool leak in SMB2_negotiate() (bsc#1012628). - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (bsc#1012628). - riscv: kvm: move extern sbi_ext declarations to a header (bsc#1012628). - clk: ti: Fix missing of_node_get() ti_find_clock_provider() (bsc#1012628). - drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported" (bsc#1012628). - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (bsc#1012628). - Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops" (bsc#1012628). - clk: core: Fix runtime PM sequence in clk_core_unprepare() (bsc#1012628). - Input: rk805-pwrkey - fix module autoloading (bsc#1012628). - powerpc/papr_scm: Fix nvdimm event mappings (bsc#1012628). - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (bsc#1012628). - clk: bcm: rpi: Prevent out-of-bounds access (bsc#1012628). - clk: bcm: rpi: Add missing newline (bsc#1012628). - hwmon: (gpio-fan) Fix array out of bounds access (bsc#1012628). - gpio: pca953x: Add mutex_lock for regcache sync in PM (bsc#1012628). - gpio: realtek-otto: switch to 32-bit I/O (bsc#1012628). - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (bsc#1012628). - powerpc/papr_scm: Ensure rc is always initialized in papr_scm_pmu_register() (bsc#1012628). - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (bsc#1012628). - mm: pagewalk: Fix race between unmap and page walker (bsc#1012628). - xen-blkback: Advertise feature-persistent as user requested (bsc#1012628). - xen-blkfront: Advertise feature-persistent as user requested (bsc#1012628). - xen-blkfront: Cache feature_persistent value before advertisement (bsc#1012628). - thunderbolt: Use the actual buffer in tb_async_error() (bsc#1012628). - thunderbolt: Check router generation before connecting xHCI (bsc#1012628). - usb: dwc3: pci: Add support for Intel Raptor Lake (bsc#1012628). - media: mceusb: Use new usb_control_msg_*() routines (bsc#1012628). - xhci: Add grace period after xHC start to prevent premature runtime suspend (bsc#1012628). - usb: dwc3: disable USB core PHY management (bsc#1012628). - usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop (bsc#1012628). - usb: dwc3: fix PHY disable sequence (bsc#1012628). - USB: serial: ch341: fix lost character on LCR updates (bsc#1012628). - USB: serial: ch341: fix disabled rx timer on older devices (bsc#1012628). - USB: serial: cp210x: add Decagon UCA device id (bsc#1012628). - USB: serial: option: add support for OPPO R11 diag port (bsc#1012628). - USB: serial: option: add Quectel EM060K modem (bsc#1012628). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (bsc#1012628). - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (bsc#1012628). - usb: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (bsc#1012628). - usb: typec: tcpm: Return ENOTSUPP for power supply prop writes (bsc#1012628). - usb: dwc2: fix wrong order of phy_power_on and phy_init (bsc#1012628). - usb: cdns3: fix issue with rearming ISO OUT endpoint (bsc#1012628). - usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer (bsc#1012628). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (bsc#1012628). - usb-storage: Add ignore-residue quirk for NXP PN7462AU (bsc#1012628). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1012628). - s390: fix nospec table alignments (bsc#1012628). - USB: core: Prevent nested device-reset calls (bsc#1012628). - usb: xhci-mtk: relax TT periodic bandwidth allocation (bsc#1012628). - usb: xhci-mtk: fix bandwidth release issue (bsc#1012628). - usb: gadget: f_uac2: fix superspeed transfer (bsc#1012628). - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (bsc#1012628). - USB: gadget: Fix obscure lockdep violation for udc_mutex (bsc#1012628). - dma-buf/dma-resv: check if the new fence is really later (bsc#1012628). - arm64/kexec: Fix missing extra range for crashkres_low (bsc#1012628). - driver core: Don't probe devices after bus_type.match() probe deferral (bsc#1012628). - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected (bsc#1012628). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (bsc#1012628). - ip: fix triggering of 'icmp redirect' (bsc#1012628). - net: Use u64_stats_fetch_begin_irq() for stats fetch (bsc#1012628). - net: mac802154: Fix a condition in the receive path (bsc#1012628). - ALSA: memalloc: Revive x86-specific WC page allocations again (bsc#1012628). - ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 (bsc#1012628). - ALSA: seq: oss: Fix data-race for max_midi_devs access (bsc#1012628). - ALSA: seq: Fix data-race at module auto-loading (bsc#1012628). - drm/i915/backlight: Disable pps power hook for aux based backlight (bsc#1012628). - drm/i915/guc: clear stalled request after a reset (bsc#1012628). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (bsc#1012628). - drm/i915: Skip wm/ddb readout for disabled pipes (bsc#1012628). - tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (bsc#1012628). - tty: n_gsm: initialize more members at gsm_alloc_mux() (bsc#1012628). - tty: n_gsm: replace kicktimer with delayed_work (bsc#1012628). - tty: n_gsm: avoid call of sleeping functions from atomic context (bsc#1012628). - commit 0330383 - Refresh patches.suse/Revert-usb-typec-ucsi-add-a-common-function-ucsi_unr.patch. Update upstream info. - commit 9b6c180 ++++ fuse3: - Update to release 3.12.0 * The max_idle_threads parameter has been deprecated in favor of the new max_threads* parameter * struct fuse_loop_config is now private and has to be constructed using fuse_loop_cfg_create() * fuse_session_loop_mt() now accepts struct fuse_loop_config * as NULL pointer. * fuse_parse_cmdline() now accepts a max_threads option. ++++ libgcrypt: - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] * Add libgcrypt-FIPS-rndjent_poll.patch * Rebase libgcrypt-jitterentropy-3.4.0.patch ++++ open-isns: - Update to version 0.102: * Preparing for version v0.102 * meson: just specify subdir for header-file install. * build: only specify version in one place * Fix two compiler warnings in slp.c * meson: update README * meson: small option usage cleanup * meson: several updates based on review * meson: fix error building shared lib with version * meson: convert some args to 'features' * meson: update README with meson info * Add a decprecation warning to configure script. * meson: Add ability to disable static library build * meson builds now working * git: ignore all shared library files * build: Remove these two files, no longer used * Add a package config file for libisns.a * isnsd: socket: Make sure to create IPv6 socket default * isnsadm: Fix unparse command line options "-V" and "-r" * Typo: s/overried/override/ * Removed bash-specific function definitions. Also, added patch to quiet compiler (soon upstream): * Quiet-a-commpiler-warning.patch This changes the SPEC file to use the new meson build system, supported in open-isns starting with version 0.102, instead of autoconf/make. Changes in the code: * no longer deliver isnsetup script or man page (development only) * now deliver a package config file for the library * now deliver both the static library and a shared library ------------------------------------------------------------------ ------------------ 2022-9-7 - Sep 7 2022 ------------------- ------------------------------------------------------------------ ++++ ansible: - update to 6.3.0: * Ansible 6.3.0 will include ansible-core 2.13.3 as well as a curated set of Ansible collections to provide a vast number of modules and plugins. * The changelog for ansible-core 2.13 installed by this release of ansible is available here: https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst * Collections which have opted into being a part of the Ansible-6 unified changelog will have an entry on this page: https://github.com/ansible-community/ansible-build-data/blob/main/6/CHANGELOG-v6.rst - update to 6.2.0: * Ansible 6.2.0 will include ansible-core 2.13.2 as well as a curated set of Ansible collections to provide a vast number of modules and plugins. * The changelog for ansible-core 2.13 installed by this release of ansible is available here: https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst * Collections which have opted into being a part of the Ansible-6 unified changelog will have an entry on this page: https://github.com/ansible-community/ansible-build-data/blob/main/6/CHANGELOG-v6.rst ++++ ansible-core: - update to 2.13.3: Changelog https://github.com/ansible/ansible/blob/v2.13.3/changelogs/CHANGELOG-v2.13.rst * Bugfixes - Avoid 'unreachable' error when chmod on AIX has 255 as return code. - Fix PluginLoader to mimic Python import machinery by adding module to sys.modules before exec - Fix dnf module documentation to indicate that comparison operators for package version require spaces around them (#78295) - ansible-connection - decrypt vaulted parameters before sending over the socket, as vault secrets are not available on the other side. - ansible-galaxy - Fix reinitializing the whole collection directory with ansible-galaxy collection init ns.coll --force. Now directories and files that are not included in the collection skeleton will be removed. - ansible-galaxy - do not require mandatory keys in the galaxy.yml of source collections when listing them (#70180). - ansible-galaxy - fix listing collections that contains metadata but the namespace or name are not strings. - ansible-galaxy - fix setting the cache for paginated responses from Galaxy NG/AH (#77911). - ansible-test - Delegation for commands which generate output for programmatic consumption no longer redirect all output to stdout. The affected commands and options are shell, sanity --lint, sanity --list-tests, integration --list-targets, coverage analyze - ansible-test - Delegation now properly handles arguments given after -- on the command line. - ansible-test - Test configuration for collections is now parsed only once, prior to delegation. Fixes issue: #78334 - ansible-test - The shell command no longer redirects all output to stdout when running a provided command. Any command output written to stderr will be mixed with the stderr output from ansible-test. - ansible-test - The shell command no longer requests a TTY when using delegation unless an interactive shell is being used. An interactive shell is the default behavior when no command is given to pass to the shell. - dnf - fix output parsing on systems with LANGUAGE set to a language other than English (#78193) - if a config setting prevents running ansible it should at least show it's "origin". - prevent type annotation shim failures from causing runtime failures (#77860) - template module/lookup - fix convert_data option that was effectively always set to True for Jinja macros (#78141) - uri - properly use uri parameter use_proxy (#58632) - yum - fix traceback when releasever is specified with latest (#78058) ++++ docker-compose: - Update to version 2.10.2: * Makefile: mutualize local and Dockerfile build opts (#9776) * Revert "Apply newly loaded envvars to `DockerCli` and `APIClient`" (#9792) - Update to version 2.10.1: * ci: bring back individual checksum files * build(deps): bump github.com/moby/buildkit from 0.10.3 to 0.10.4 (#9780) * ci: fix checksums checking * Pull image regardless of whether it exists locally if `tag=latest` * Remove error message showing exit code when using --exit-code-from * pull: only skip pull when policy is `missing`/`if_not_present` * Wake up! ++++ filesystem: - Add /usr/lib/environment.d: new base directory for XDG_CONFIG_DIRS (boo#1201802). ++++ k3s-selinux: - Update to version 1.2.stable.2: * Bump pip/setuptools version; switch to https for git clone * Use SHA256 to sign packages instead of default SHA1 ++++ kernel-default: - Revert "Revert "btrfs: check if root is readonly while setting security" (bsc#1203114) This reverts commit 2b3da4915c03713f32e48582d3a1130238586489. iWe can revert it as microos-tools are fixed now: https://build.opensuse.org/request/show/1001364 - commit 9291084 ++++ libgcrypt: - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. * Add libgcrypt-FIPS-kdf-leylength.patch - FIPS: Zeroize buffer and digest in check_binary_integrity() * Add libgcrypt-FIPS-Zeroize-hmac.patch [bsc#1191020] ++++ multipath-tools: - Update to version 0.9.1+48+suse.9c6c435: * Upstream version update * kpartx_id: remove bashism * Doc: add multipathc.8 manual page ++++ libssh: - Update to version 0.10.4 * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.4 ------------------------------------------------------------------ ------------------ 2022-9-6 - Sep 6 2022 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - Update to version 84.87+git20220822.6b9f7a3: * Simplify XDG_CONFIG_DIRS (boo#1201802) ++++ librsvg: - Update to version 2.55.1: + As an experiment, I'll move librsvg from even-odd versioning (odd minor version is unstable, even minor version is stable), to the versioning scheme that GNOME uses these days. So, 2.55.x is the new stable series. + There is a new development guide for librsvg, for people who want to help in its development. I hope this will be especially useful to Outreachy and Summer of Code interns: https://gnome.pages.gitlab.gnome.org/librsvg/devel-docs/index.html + Define missing crate metadata for Cargo.toml. + Add some tests that were missing for the C API. + Fix the basic test suite in Windows. + Miscellaneous fixes for the build and CI. ++++ glibc: - syslog-large-messages.patch: syslog: Fix large messages (CVE-2022-39046, bsc#1203011, BZ #29536) - dlmopen-libc-early-init.patch: elf: Call __libc_early_init for reused namespaces (BZ #29528) - ldd-vdso-dependency.patch: elf: Restore how vDSO dependency is printed with LD_TRACE_LOADED_OBJECTS (BZ #29539) - syslog-extra-whitespace.patch: syslog: Remove extra whitespace between timestamp and message (BZ #29544) ++++ gnutls: - FIPS: Additional modifications to the SLI. [bsc#1190698] * Mark CMAC and GMAC and non-approved in gnutls_pbkfd2(). * Mark HMAC keylength less than 112 bits as non-approved in gnutls_pbkfd2(). * Adapt the pbkdf2 selftest and the regression tests accordingly. * Add gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch ++++ gsettings-desktop-schemas: - Update to version 43.rc.1: + Update default background file extension to webp + Updated translations. ++++ health-checker: - Update to version 1.7 * Before rollback make sure /.snapshots is mounted rw * Fix typos and spelling errors. Note: in case an application is parsing the output it will need to adopt to the new strings. ++++ kernel-default: - vduse: prevent uninitialized memory accesses (CVE-2022-2308 bsc#1202573). - commit 70d9c50 ++++ kernel-firmware: - Update to version 20220902 (git commit 2f2f0181581d): * Mellanox: Add new mlxsw_spectrum firmware xx.2010.3146 * amdgpu: update beige goby VCN firmware * amdgpu: update dimgrey cavefish VCN firmware * amdgpu: update navy flounder VCN firmware * amdgpu: update sienna cichlid VCN firmware (bsc#1202707) * rtl_bt: Update RTL8852C BT USB firmware to 0xDFB8_5A33 * mediatek: reference the LICENCE file for MediaTek firmwares * mediatek: Add new mt8186 SOF firmware * ice: Update package to 1.3.30.0 * QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00438 * brcm: Add nvram for Lenovo Yoga Tablet 2 830F/L and 1050F/L tablets * brcm: Add nvram for the Xiaomi Mi Pad 2 tablet * brcm: Add nvram for the Asus TF103C tablet * Add amd-ucode README file * qca: Update firmware files for BT chip WCN6750. This commit will update required firmware files for WCN6750. * amdgpu: Update Yellow Carp VCN firmware * qcom: Add firmware for Lenovo ThinkPad X13s - Update aliases from 6.0-rc - Update topics list for mtk-sof ++++ llvm15: - Update to version 15.0.0. * For details, see the release notes: - https://releases.llvm.org/15.0.0/docs/ReleaseNotes.html - https://releases.llvm.org/15.0.0/tools/clang/docs/ReleaseNotes.html - https://releases.llvm.org/15.0.0/tools/clang/tools/extra/docs/ReleaseNotes.html - https://releases.llvm.org/15.0.0/projects/libcxx/docs/ReleaseNotes.html - https://releases.llvm.org/15.0.0/tools/lld/docs/ReleaseNotes.html * New LLVM tools: - llvm-debuginfod: Provides debug info to remote hosts. - llvm-dwarfutil: Can copy and manipulate debug info. - llvm-remark-size-diff: Compute diff between remark files. * New Clang tools: - clang-offload-packager: Bundle multiple objects into single fat binaries including offload code. - clang-pseudo: Approximate heuristic parser for C++. - Rebase patches: * check-no-llvm-exegesis.patch * link-clang-tools-extra-shared.patch * lld-default-sha1.patch * llvm-do-not-install-static-libraries.patch * lto-disable-cache.patch - Drop patches that have landed upstream: * clang-repl-private-deps.patch * llvm-glibc-2-36.patch * llvm-scev-fix-isImpliedViaMerge.patch - Drop llvm-lifetime-for-rust.patch: this is now solved via attributes and LLVM doesn't need a hardcoded list of allocation functions anymore. - Add llvm-link-atomic.patch to fix build on ppc. - Add libcxx-test-library-path.patch to fix libc++ tests failing without RUNPATH on libc++.so. - Add libcxxabi-fix-armv7-test.patch to fix tests on armv7l. - Thanks to Andreas Schwab for most of the rebasing! ++++ libXft: - Update to version 2.3.5 * bugfix release ++++ libyaml: - Add baselibs.conf: produce libyaml-0-2-32bit, required by libcamera -> pipewire. ++++ ovmf: - Because 5 revert patches in edk2-stable202205 for nasm-2.14 is against 15-SP4/Leap 15.4 and earlier version. So add suse_version and sle_version checking logic in ovmf.spec when applying revert patches. (jsc#PED-1410) ++++ sysuser-tools: - Use append so if a pre file already exists it isn't overridden ------------------------------------------------------------------ ------------------ 2022-9-5 - Sep 5 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - Update kdump-suse.patch to match upstream. ++++ gawk: - Update to gawk 5.2.0 * Numeric scalars now compare in the same way as C for the relational operators. Comparison order for sorting has not changed * If the AWK_HASH environment variable is set to "fnv1a" gawk will use the FNV1-A hash function for associative arrays * There is now a new function, mkbool(), that creates Boolean-typed values * As BWK awk has supported interval expressions since 2019, they are now enabled even if --traditional is supplied * The rwarray extension has two new functions, writeall() and readall() * The new `gawkbug' script should be used for reporting bugs * The manual page (doc/gawk.1) has been considerably reduced in size * Gawk now supports Terence Kelly's "persistent malloc" (pma), allowing gawk to preserve its variables, arrays and user-defined functions between runs * Some subtle issues with untyped array elements being passed to functions have been fixed * Syntax errors are now immediately fatal - gawk-5.1.1-Disable-racy-test-in-test-iolint.awk.patch: removed - pma.patch: Handle hole bigger than half the address space - nan-tests.patch: fix non-portable NaN tests ++++ gsettings-desktop-schemas: - Update to version 43.rc: + Add setting for touchpad acceleration profiles + Add specific schema for trackpoint pointer devices + Updated translations. ++++ kernel-default: - Refresh patches.kernel.org/5.19.5-001-kbuild-dummy-tools-avoid-tmpdir-leak-in-dummy-.patch. Make it really create the file. Sometimes, quilt is confused. - commit 11a0be1 - Revert "btrfs: check if root is readonly while setting security xattr" (bsc#1203114). - commit 2b3da49 - Linux 5.19.7 (bsc#1012628). - arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level (bsc#1012628). - net: neigh: don't call kfree_skb() under spin_lock_irqsave() (bsc#1012628). - net/af_packet: check len when min_header_len equals to 0 (bsc#1012628). - android: binder: fix lockdep check on clearing vma (bsc#1012628). - btrfs: tree-checker: check for overlapping extent items (bsc#1012628). - btrfs: fix lockdep splat with reloc root extent buffers (bsc#1012628). - btrfs: move lockdep class helpers to locking.c (bsc#1012628). - ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1012628). - platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (bsc#1012628). - testing: selftests: nft_flowtable.sh: use random netns names (bsc#1012628). - netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y (bsc#1012628). - drm/amdgpu: Fix interrupt handling on ih_soft ring (bsc#1012628). - drm/amdgpu: Add secure display TA load for Renoir (bsc#1012628). - drm/amdgpu: Add decode_iv_ts helper for ih_v6 block (bsc#1012628). - drm/amd/display: avoid doing vm_init multiple time (bsc#1012628). - drm/amd/display: Fix plug/unplug external monitor will hang while playback MPO video (bsc#1012628). - drm/amdgpu: Increase tlb flush timeout for sriov (bsc#1012628). - drm/amd/display: Fix pixel clock programming (bsc#1012628). - drm/amd/pm: add missing ->fini_xxxx interfaces for some SMU13 asics (bsc#1012628). - drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid (bsc#1012628). - drm/amdgpu: disable 3DCGCG/CGLS temporarily due to stability issue (bsc#1012628). - ksmbd: don't remove dos attribute xattr on O_TRUNC open (bsc#1012628). - s390/hypfs: avoid error message under KVM (bsc#1012628). - ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41 (bsc#1012628). - neigh: fix possible DoS due to net iface start/stop loop (bsc#1012628). - net: lan966x: fix checking for return value of platform_get_irq_byname() (bsc#1012628). - ksmbd: return STATUS_BAD_NETWORK_NAME error status if share is not configured (bsc#1012628). - drm/amd/pm: Fix a potential gpu_metrics_table memory leak (bsc#1012628). - drm/amdkfd: Handle restart of kfd_ioctl_wait_events (bsc#1012628). - drm/amd/pm: skip pptable override for smu_v13_0_7 (bsc#1012628). - drm/amd/display: Fix TDR eDP and USB4 display light up issue (bsc#1012628). - drm/amd/display: clear optc underflow before turn off odm clock (bsc#1012628). - drm/amd/display: For stereo keep "FLIP_ANY_FRAME" (bsc#1012628). - drm/amd/display: Fix HDMI VSIF V3 incorrect issue (bsc#1012628). - drm/amd/display: Avoid MPC infinite loop (bsc#1012628). - drm/amd/display: Device flash garbage before get in OS (bsc#1012628). - drm/amd/display: Add a missing register field for HPO DP stream encoder (bsc#1012628). - rtla: Fix tracer name (bsc#1012628). - ASoC: rt5640: Fix the JD voltage dropping issue (bsc#1012628). - ASoC: sh: rz-ssi: Improve error handling in rz_ssi_probe() error path (bsc#1012628). - fs/ntfs3: Fix work with fragmented xattr (bsc#1012628). - mmc: sdhci-of-dwcmshc: Re-enable support for the BlueField-3 SoC (bsc#1012628). - mmc: sdhci-of-dwcmshc: rename rk3568 to rk35xx (bsc#1012628). - mmc: sdhci-of-dwcmshc: add reset call back for rockchip Socs (bsc#1012628). - mmc: mtk-sd: Clear interrupts when cqe off/disable (bsc#1012628). - HID: intel-ish-hid: ipc: Add Meteor Lake PCI device ID (bsc#1012628). - HID: thrustmaster: Add sparco wheel and fix array length (bsc#1012628). - HID: nintendo: fix rumble worker null pointer deref (bsc#1012628). - HID: asus: ROG NKey: Ignore portion of 0x5a report (bsc#1012628). - HID: Add Apple Touchbar on T2 Macs in hid_have_special_driver list (bsc#1012628). - HID: AMD_SFH: Add a DMI quirk entry for Chromebooks (bsc#1012628). - HID: add Lenovo Yoga C630 battery quirk (bsc#1012628). - HID: input: fix uclogic tablets (bsc#1012628). - ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 (bsc#1012628). - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (bsc#1012628). - bpf: Don't redirect packets with invalid pkt_len (bsc#1012628). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (bsc#1012628). - fbdev: fb_pm2fb: Avoid potential divide by zero error (bsc#1012628). - net: fix refcount bug in sk_psock_get (2) (bsc#1012628). - HID: hidraw: fix memory leak in hidraw_release() (bsc#1012628). - USB: gadget: Fix use-after-free Read in usb_udc_uevent() (bsc#1012628). - media: pvrusb2: fix memory leak in pvr_probe (bsc#1012628). - udmabuf: Set the DMA mask for the udmabuf device (v2) (bsc#1012628). - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (bsc#1012628). - Revert "PCI/portdrv: Don't disable AER reporting in get_port_device_capability()" (bsc#1012628). - Bluetooth: L2CAP: Fix build errors in some archs (bsc#1012628). - arm64: errata: Add Cortex-A510 to the repeat tlbi list (bsc#1012628). - Update config files. Set CONFIG_ARM64_ERRATUM_2441009=y as per default. - docs: kerneldoc-preamble: Test xeCJK.sty before loading (bsc#1012628). - crypto: lib - remove unneeded selection of XOR_BLOCKS (bsc#1012628). - firmware: tegra: bpmp: Do only aligned access to IPC memory area (bsc#1012628). - drm/vc4: hdmi: Depends on CONFIG_PM (bsc#1012628). - drm/vc4: hdmi: Rework power up (bsc#1012628). - commit 6d5067d ++++ libsoup: - Update to version 3.1.4: + Numerous improvements to HTTP/2 reliablity. + Fix `http` proxy authentication with default proxy resolver. + Fix undefined ``ssize_t`` with MSVC. ++++ sqlite3: - update to 3.39.3: * Use a statement journal on DML statement affecting two or more database rows if the statement makes use of a SQL functions that might abort. * Use a mutex to protect the PRAGMA temp_store_directory and PRAGMA data_store_directory statements, even though they are decremented and documented as not being threadsafe. ++++ libssh: - Update to version 0.10.3 * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.3 ++++ systemd: - rc-local.service.8 belongs to the systemd-sysvcompat sub-package (bsc#1203053) ++++ tcpd: - use _libdir (boo#1191098) ++++ microos-tools: - Update to version 2.16: - 98selinux-microos: Make the btrfs subvolume writable temporarily [boo#1202395] ++++ patterns-base: - Add microos-tools to transactional_base (boo#1199520) ++++ vim: - Updated to version 9.0.0381, fixes the following problems - boo#1202962 - CVE-2022-3037 * Using common name in tests leads to flaky tests. * VDM files are not recognized. * Shell command is displayed in message window. * Screen flickers when 'cmdheight' is zero. * When updating the whole screen a popup may not be redrawn. * Clearing screen causes flicker. * Godot shader files are not recognized. * Command line type of CmdlineChange differs from getcmdtype(). * Cannot use the message popup window directly. * Crash when no errors and 'quickfixtextfunc' is set. * Using common name in tests leads to flaky tests. * Some changes for cmdheight=0 are not needed. * items() does not work on a list. (Sergey Vlasov) * OLD_DIGRAPHS is unused. * ":highlight" hangs when 'cmdheight' is zero. * Method tests fail. * Cannot use items() on a string. * Overwrite check may block BufWriteCmd. * Method test fails. * Test does not properly clean up. * Checks for Dictionary argument often give a vague error message. * Tests are flaky because of using a common file name. * Flicker when resetting cmdline_row after updating the screen. * Return value of list_append_list() not always checked. * No check if the return value of XChangeGC() is NULL. * The 'cmdheight' zero support causes too much trouble. * mapset() does not restore mapping properly. * ":wincmd =" equalizes in two directions. * ColorScheme autocommand triggered when colorscheme is not found. (Romain Lafourcade) * Error message for list argument could be clearer. * :horizontal modifier not fully supported. * Filetype of *.sil files not well detected. * :echowindow does not work in a compiled function. * Message window may obscure the command line. * using :echowindow in a timer clears part of message * Missing entry in switch. * Check for uppercase char in autoload name is wrong, it checks the name of the script. * :echowindow sets the in_echowindow flag too early. * 'linebreak' interferes with text property highlight if there is syntax highlighting. * 'breakindent' does not indent non-lists with "breakindentopt=list:-1". * Error message for wrong argument type is not specific. * Crash when invalid line number on :for is ignored. * Removing a listener may result in a memory leak and remove subsequent listerns. * Expanding ":e %" does not work for remote files. * Common names in test files causes tests to be flaky. * Clang static analyzer gives warnings. * File name used in test is unusual. * Cannot use import->Func() in lambda. (Israel Chauca Fuentes) * Coverity complains about dropping sign of character. * Old Coverity warning for using NULL pointer. * A failing flaky test doesn't mention the time. * Cleaning up afterwards can make a function messy. * Compiler warning for uninitialized variable. * Coverity warns for NULL check and unused return value. * Coverity still complains about dropping sign of character. * The footer feature is unused. * Clang warns for dead assignments. * Argument assignment does not work. * Compiler warning for uninitialized variable. (Tony Mechelynck) * Cleaning up after writefile() is a hassle. * Deleting files in tests is a hassle. * Writefile test leaves files behind. ------------------------------------------------------------------ ------------------ 2022-9-4 - Sep 4 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - aa-decode: use grep -E instead of deprecated egrep (boo#1203092) add apparmor-3.0.7-egrep.patch ++++ grep: - GNU grep 3.8: * The -P option is now based on PCRE2 instead of the older PCRE (boo#1201803) * egrep and fgrep commands, deprecated since release 2.5.3 (2007), now warn that they are obsolescent and should be replaced by grep -E and grep -F * The confusing GREP_COLOR environment variable is now obsolescent * Regular expressions with stray backslashes now cause warnings * Regular expressions like [:space:] are now errors even if POSIXLY_CORRECT is set, since POSIX now allows the GNU behavior * In locales using UTF-8 encoding, the regular expression '.' no longer sometimes fails to match Unicode characters * The -s option no longer suppresses "binary file matches" messages. - doc: fix man page syntax errors (bsc#1201001) ++++ kernel-default: - Update to 6.0-rc4 - refresh configs - commit c26d0f0 ++++ libapparmor: - aa-decode: use grep -E instead of deprecated egrep (boo#1203092) add apparmor-3.0.7-egrep.patch ++++ avahi: - avahi-daemon-check-dns.sh: convert obsolete egrep call to grep -E (boo#1203092) ++++ rpm: - remove-translations.diff: convert deprecated egrep to grep -E (boo#1203092) ++++ libsoup: - Update to version 3.1.3: + Fix compile error when `SOUP_VERSION_MAX_ALLOWED` is defined. - Changes from version 3.1.2: + Replace HTTP/2 tests using Quart with internal HTTP/2 server tests. + Improve version macros including adding ability to define `SOUP_DISABLE_DEPRECATION_WARNINGS`. - Drop -D http2_tests=disabled meson paramter: no longer supported. - Drop 299.patch: merged upstream. ++++ patterns-base: - Remove joe text editor. nano is already recommended and it's more well known and updated more frequently ------------------------------------------------------------------ ------------------ 2022-9-3 - Sep 3 2022 ------------------- ------------------------------------------------------------------ ++++ gobject-introspection: - Update to version 1.73.1: + Update the GIR data for GLib, GObject, GModule, and GIO + Disable rpath on Windows + Add llvm/mingw support on Windows + Fix annotations in libgirepository + Support C99 designated initializers when parsing C declarations + Add some more types to win32 GIR + Let doctool prepend emitting objects in GJS signals + Require a C99 toolchain like GLib ++++ llvm15: - Make sure we keep -DNDEBUG. At some point %{optflags} must have lost it, perhaps because CMake usually adds it on top. So when overriding CMAKE_{C,CXX}_FLAGS_RELWITHDEBINFO, we make sure to take over the other flags. We drop LLVM_ENABLE_ASSERTIONS=OFF, because that's the default anyway and hasn't helped here. - Add llvm-scev-fix-isImpliedViaMerge.patch: fixes a miscompilation caused by mixing up values of the current and previous iteration. (See gh#llvm/llvm-project#56242.) ++++ multipath-tools: - Update to version 0.9.0+134+suse.dbf2e2d: * Add multipathc command under GPL3.0, and split off libmpathutil (bsc#1202616) * Fix command completion in interactive mode (bsc#1201483) * multipathd: fix use-after-free in handle_path_wwid_change() (bsc#1201483) * Improve startup time for very large multipath.conf (bsc#1200523) * Avoid checker blocking event handling for huge number of devices (boo#1203085) * Cleanup sysfs accessors in libmultipath * Minor upstream bug fixes * Spelling fixes * Documentation: add ALUA info to README.md, delete README.alua ++++ libsoup: - Update to version 3.1.1: + Reintroduce some thread-safety to SoupSession (see https://libsoup.org/libsoup-3.0/client-thread-safety.html) + Add SoupServerMessage:tls-peer-certificate and SoupServerMessage:tls-peer-certificate-errors + Port docs to gi-docgen + Update documentation. - Replace pkgconfig(gtk-doc) with pkgconfig(gi-docgen) BuildRequires (and update options passed to meson) following upstreams port. - Add 299.patch: multithread-test: show error information in case of request failure. multithread-test: skip proxy tests if apache is not available. - Use ldconfig_scriptlets for post(un) handling. ------------------------------------------------------------------ ------------------ 2022-9-2 - Sep 2 2022 ------------------- ------------------------------------------------------------------ ++++ libsoup: - Update to version 3.0.8: + Fix `http` proxy authentication with default proxy resolver. + Numerous improvments to HTTP/2 reliability. ++++ libssh: - Update to version 0.10.2 * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.2 - Removed libssh-weak-attribute.patch ++++ systemd: - Enable building and include libcryptsetup-plugins provided by systemd Now that dracut 057 has been released we can enable building libcryptsetup plugins. These can be used by cryptsetup to extend functionality including fido2, pkcs11 and tpm2 support. ++++ libzypp: - UsrEtc: Store logrotate files in %{_distconfdir} if defined (fixes #402) - Log backtrace on SIGABRT too. - Need to explicitly enable building experimental code. Otherwise an old Notcurses++ package which happens to be present in the buildenv breaks the build (fixes #412). - Work around libyui/libyui#78 on code 15.4 and older. - Stop using std::*ary_function; deprecated and removed in c++17. - Don't expose header files which use types not available in c++11. In 15.3 and older, YAST and PK compile with -std=c++11. - Remove no longer needed %post code (bsc#1203649) - Enable zck support for SLE15-SP4 and newer. On Leap it is enabled since 15.1 (bsc#1189282) - version 17.31.1 (22) ++++ osinfo-db: - bsc#1202827 - Fail to deploy sle15sp5 guest via virt-install with osinfo add-sle15sp5-support.patch ++++ setools: - Added README.SUSE and drop recommend for python3-networkx altogether (bsc#1202676) ++++ zypper: - UsrEtc: Store logrotate files in %{_distconfdir} if defined (fixes #441, fixes #444) - Remove unneeded code to compute the PPP status. Since libzypp 17.23.0 the PPP status is auto established. No extra solver run is needed. - Make sure 'up' respects solver related CLI options (bsc#1201972) - Fix tests to use locale "C.UTF-8" rather than "en_US". - Fix man page (fixes #451) - version 1.14.56 ------------------------------------------------------------------ ------------------ 2022-9-1 - Sep 1 2022 ------------------- ------------------------------------------------------------------ ++++ chrony: - Update to 4.3: * Add local option to refclock directive to stabilise system clock with more stable free-running clock (e.g. TCXO, OCXO). * Add maxdelayquant option to server/pool/peer directive to replace maxdelaydevratio filter with long-term quantile-based filtering. * Add selection option to log directive. * Allow external PPS in PHC refclock without configurable pin. * Don't accept first interleaved response to minimise error in delay. * Don't use arc4random on Linux to avoid server performance loss. * Improve filter option to better handle missing NTP samples. * Improve stability with hardware timestamping and PHC refclock. * Update seccomp filter - Update clknetsim to snapshot f00531b. - Use a more specific conditional for the /usr/etc stuff. ++++ lvm2-device-mapper: - Update lvm2 from LVM2.2.03.15 to LVM2.2.03.16 * ** WHATS_NEW for 2.03.16 *** Version 2.03.16 - 18th May 2022 =============================== Fix segfault when handling selection with historical LVs. Add support --vdosettings with lvcreate, lvconvert, lvchange. Filtering multipath devices respects blacklist setting from multipath configuration. lvmdevices support for removing by device id using --deviceidtype and --deldev. Display writecache block size with lvs -o writecache_block_size. Improve cachesettings description in man lvmcache. Fix lossing of delete message on thin-pool extension. - Drop patches that have been merged into upstream - 0001-post-release.patch - 0002-asan-fix-some-reports-from-libasan.patch - 0003-make-generate.patch - 0004-tests-udev-pvscan-vgchange-fix-service-wait.patch - 0005-devices-file-do-not-clear-PVID-of-unread-devices.patch - 0006-tests-skip-vgchange-pvs-online.sh-on-rhel5.patch - 0007-dev_manager-fix-dm_task_get_device_list.patch - 0008-dev_manager-failing-status-is-not-internal-error.patch - 0009-clang-add-extra-check.patch - 0010-clang-possible-better-compilation-with-musl-c.patch - 0011-dev_manager-do-not-query-for-open_count.patch - 0012-dev_manager-use-list-info-for-preset-devs.patch - 0013-man-lvmcache-add-more-writecache-cachesettings-info.patch - 0014-man-update-cachesettings-option-description.patch - 0015-man-lvmcache-mention-writecache-memory-usage.patch - 0016-writecache-display-block-size-from-lvs.patch - 0017-devices-simplify-dev_cache_get_by_devt.patch - 0018-devices-drop-incorrect-paths-from-aliases-list.patch - 0019-devices-initial-use-of-existing-option.patch - 0020-devices-fix-dev_name-assumptions.patch - 0021-devices-use-dev-cache-aliases-handling-from-label-sc.patch - 0022-devices-only-close-PVs-on-LVs-when-scan_lvs-is-enabl.patch - 0023-writecache-check-memory-usage.patch - 0024-pvscan-don-t-use-udev-for-external-device-info.patch - 0025-vgchange-monitor-don-t-use-udev-info.patch - Add upstream patch - 0001-devices-file-move-clean-up-after-command-is-run.patch - 0002-devices-file-fail-if-devicesfile-filename-doesn-t-ex.patch - 0003-filter-mpath-handle-other-wwid-types-in-blacklist.patch - 0004-filter-mpath-get-wwids-from-sysfs-vpd_pg83.patch - 0005-pvdisplay-restore-reportformat-option.patch - 0006-exit-with-error-when-devicesfile-name-doesn-t-exist.patch - 0007-report-fix-pe_start-column-type-from-NUM-to-SIZ.patch - 0008-_vg_read_raw_area-fix-segfault-caused-by-using-null-.patch - 0009-mm-remove-libaio-from-being-skipped.patch - 0010-dmsetup-check-also-for-ouf-of-range-value.patch - 0011-devices-drop-double-from-sysfs-path.patch - 0012-devices-file-fix-pvcreate-uuid-matching-pvid-entry-w.patch - 0013-vgimportdevices-change-result-when-devices-are-not-a.patch - 0014-vgimportdevices-fix-locking-when-creating-devices-fi.patch - Update patch - bug-1184687_Add-nolvm-for-kernel-cmdline.patch - update lvm2.spec - indent some lines for easy read - add new man: lvm_import_vdo.8 dmfilemapd.8 - remove config item '--enable-cmirrord', which was obsoleted. - remove config item '--enable-realtime', which became default setting. - add config item "--enable-dmfilemapd" for new daemon dmfilemapd - lvm.conf - align upstream style, comment out default values ++++ transactional-update: - Migration of logrotate configuration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. ++++ gobject-introspection: - gi-find-deps.sh: extend js script parser to detect imports in the form import 'gi://GeocodeGlib?version=2.0'. ++++ glib-networking: - Update to version 2.74.rc: + Support PKCS #12 encrypted certificates. + Various improvements to Meson build system. + Multiple fixes for proxy tests. ++++ gtk3: - Drop pkgconfig(rest-0.7) BuildRequires: it seems to serve no purpose, nor can I find anything to suggest that gtk depends on it. ++++ kernel-default: - rpm/kernel-source.spec.in: simplify finding of broken symlinks "find -xtype l" will report them, so use that to make the search a bit faster (without using shell). - commit 13bbc51 - Linux 5.19.6 (bsc#1012628). - NFS: Fix another fsync() issue after a server reboot (bsc#1012628). - audit: fix potential double free on error path from fsnotify_add_inode_mark (bsc#1012628). - cgroup: Fix race condition at rebind_subsystems() (bsc#1012628). - parisc: Make CONFIG_64BIT available for ARCH=parisc64 only (bsc#1012628). - parisc: Fix exception handler for fldw and fstw instructions (bsc#1012628). - kernel/sys_ni: add compat entry for fadvise64_64 (bsc#1012628). - kprobes: don't call disarm_kprobe() for disabled kprobes (bsc#1012628). - mm/uffd: reset write protection when unregister with wp-mode (bsc#1012628). - mm/hugetlb: support write-faults in shared mappings (bsc#1012628). - mt76: mt7921: fix command timeout in AP stop period (bsc#1012628). - xfrm: fix refcount leak in __xfrm_policy_check() (bsc#1012628). - Revert "xfrm: update SA curlft.use_time" (bsc#1012628). - xfrm: clone missing x->lastused in xfrm_do_migrate (bsc#1012628). - af_key: Do not call xfrm_probe_algs in parallel (bsc#1012628). - xfrm: policy: fix metadata dst->dev xmit null pointer dereference (bsc#1012628). - fs: require CAP_SYS_ADMIN in target namespace for idmapped mounts (bsc#1012628). - Revert "net: macsec: update SCI upon MAC address change." (bsc#1012628). - NFSv4.2 fix problems with __nfs42_ssc_open (bsc#1012628). - SUNRPC: RPC level errors should set task->tk_rpc_status (bsc#1012628). - mm/smaps: don't access young/dirty bit if pte unpresent (bsc#1012628). - ntfs: fix acl handling (bsc#1012628). - rose: check NULL rose_loopback_neigh->loopback (bsc#1012628). - r8152: fix the units of some registers for RTL8156A (bsc#1012628). - r8152: fix the RX FIFO settings when suspending (bsc#1012628). - nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout (bsc#1012628). - ice: xsk: prohibit usage of non-balanced queue id (bsc#1012628). - ice: xsk: use Rx ring's XDP ring when picking NAPI context (bsc#1012628). - net/mlx5e: Properly disable vlan strip on non-UL reps (bsc#1012628). - net/mlx5: LAG, fix logic over MLX5_LAG_FLAG_NDEVS_READY (bsc#1012628). - net/mlx5: Eswitch, Fix forwarding decision to uplink (bsc#1012628). - net/mlx5: Disable irq when locking lag_lock (bsc#1012628). - net/mlx5: Fix cmd error logging for manage pages cmd (bsc#1012628). - net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (bsc#1012628). - net/mlx5e: Fix wrong application of the LRO state (bsc#1012628). - net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (bsc#1012628). - net: dsa: microchip: ksz9477: cleanup the ksz9477_switch_detect (bsc#1012628). - net: dsa: microchip: move switch chip_id detection to ksz_common (bsc#1012628). - net: dsa: microchip: move tag_protocol to ksz_common (bsc#1012628). - net: dsa: microchip: move vlan functionality to ksz_common (bsc#1012628). - net: dsa: microchip: move the port mirror to ksz_common (bsc#1012628). - net: dsa: microchip: update the ksz_phylink_get_caps (bsc#1012628). - net: dsa: microchip: keep compatibility with device tree blobs with no phy-mode (bsc#1012628). - net: ipa: don't assume SMEM is page-aligned (bsc#1012628). - net: phy: Don't WARN for PHY_READY state in mdio_bus_phy_resume() (bsc#1012628). - net: moxa: get rid of asymmetry in DMA mapping/unmapping (bsc#1012628). - bonding: 802.3ad: fix no transmission of LACPDUs (bsc#1012628). - net: ipvtap - add __init/__exit annotations to module init/exit funcs (bsc#1012628). - netfilter: ebtables: reject blobs that don't provide all entry points (bsc#1012628). - netfilter: nft_tproxy: restrict to prerouting hook (bsc#1012628). - bnxt_en: Use PAGE_SIZE to init buffer when multi buffer XDP is not in use (bsc#1012628). - bnxt_en: set missing reload flag in devlink features (bsc#1012628). - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (bsc#1012628). - bnxt_en: fix LRO/GRO_HW features in ndo_fix_features callback (bsc#1012628). - netfilter: nf_tables: disallow updates of implicit chain (bsc#1012628). - netfilter: nf_tables: make table handle allocation per-netns friendly (bsc#1012628). - netfilter: nft_payload: report ERANGE for too long offset and length (bsc#1012628). - netfilter: nft_payload: do not truncate csum_offset and csum_type (bsc#1012628). - netfilter: nf_tables: do not leave chain stats enabled on error (bsc#1012628). - netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families (bsc#1012628). - netfilter: nft_tunnel: restrict it to netdev family (bsc#1012628). - netfilter: nf_tables: disallow binding to already bound chain (bsc#1012628). - netfilter: flowtable: add function to invoke garbage collection immediately (bsc#1012628). - netfilter: flowtable: fix stuck flows on cleanup due to pending work (bsc#1012628). - net: Fix data-races around sysctl_[rw]mem_(max|default) (bsc#1012628). - net: Fix data-races around weight_p and dev_weight_[rt]x_bias (bsc#1012628). - net: Fix data-races around netdev_max_backlog (bsc#1012628). - net: Fix data-races around netdev_tstamp_prequeue (bsc#1012628). - ratelimit: Fix data-races in ___ratelimit() (bsc#1012628). - net: Fix data-races around sysctl_optmem_max (bsc#1012628). - net: Fix a data-race around sysctl_tstamp_allow_data (bsc#1012628). - net: Fix a data-race around sysctl_net_busy_poll (bsc#1012628). - net: Fix a data-race around sysctl_net_busy_read (bsc#1012628). - net: Fix a data-race around netdev_budget (bsc#1012628). - net: Fix data-races around sysctl_max_skb_frags (bsc#1012628). - net: Fix a data-race around netdev_budget_usecs (bsc#1012628). - net: Fix data-races around sysctl_fb_tunnels_only_for_init_net (bsc#1012628). - net: Fix data-races around sysctl_devconf_inherit_init_net (bsc#1012628). - net: Fix a data-race around gro_normal_batch (bsc#1012628). - net: Fix a data-race around netdev_unregister_timeout_secs (bsc#1012628). - net: Fix a data-race around sysctl_somaxconn (bsc#1012628). - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (bsc#1012628). - i40e: Fix incorrect address type for IPv6 flow rules (bsc#1012628). - net: ethernet: mtk_eth_soc: enable rx cksum offload for MTK_NETSYS_V2 (bsc#1012628). - net: ethernet: mtk_eth_soc: fix hw hash reporting for MTK_NETSYS_V2 (bsc#1012628). - rxrpc: Fix locking in rxrpc's sendmsg (bsc#1012628). - ionic: clear broken state on generation change (bsc#1012628). - ionic: fix up issues with handling EAGAIN on FW cmds (bsc#1012628). - ionic: VF initial random MAC address if no assigned mac (bsc#1012628). - net: stmmac: work around sporadic tx issue on link-up (bsc#1012628). - net: lantiq_xrx200: confirm skb is allocated before using (bsc#1012628). - net: lantiq_xrx200: fix lock under memory pressure (bsc#1012628). - net: lantiq_xrx200: restore buffer if memory allocation failed (bsc#1012628). - btrfs: fix silent failure when deleting root reference (bsc#1012628). - btrfs: replace: drop assert for suspended replace (bsc#1012628). - btrfs: add info when mount fails due to stale replace target (bsc#1012628). - btrfs: fix space cache corruption and potential double allocations (bsc#1012628). - btrfs: check if root is readonly while setting security xattr (bsc#1012628). - btrfs: fix possible memory leak in btrfs_get_dev_args_from_path() (bsc#1012628). - btrfs: update generation of hole file extent item when merging holes (bsc#1012628). - x86/boot: Don't propagate uninitialized boot_params->cc_blob_address (bsc#1012628). - perf/x86/intel: Fix pebs event constraints for ADL (bsc#1012628). - perf/x86/lbr: Enable the branch type for the Arch LBR by default (bsc#1012628). - x86/entry: Fix entry_INT80_compat for Xen PV guests (bsc#1012628). - x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (bsc#1012628). - x86/sev: Don't use cc_platform_has() for early SEV-SNP calls (bsc#1012628). - x86/bugs: Add "unknown" reporting for MMIO Stale Data (bsc#1012628). - x86/nospec: Unwreck the RSB stuffing (bsc#1012628). - x86/PAT: Have pat_enabled() properly reflect state when running on Xen (bsc#1012628). - loop: Check for overflow while configuring loop (bsc#1012628). - writeback: avoid use-after-free after removing device (bsc#1012628). - audit: move audit_return_fixup before the filters (bsc#1012628). - asm-generic: sections: refactor memory_intersects (bsc#1012628). - mm/damon/dbgfs: avoid duplicate context directory creation (bsc#1012628). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (bsc#1012628). - bootmem: remove the vmemmap pages from kmemleak in put_page_bootmem (bsc#1012628). - mm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte (bsc#1012628). - mm/mprotect: only reference swap pfn page if type match (bsc#1012628). - cifs: skip extra NULL byte in filenames (bsc#1012628). - s390: fix double free of GS and RI CBs on fork() failure (bsc#1012628). - fbdev: fbcon: Properly revert changes when vc_resize() failed (bsc#1012628). - Revert "memcg: cleanup racy sum avoidance code" (bsc#1012628). - shmem: update folio if shmem_replace_page() updates the page (bsc#1012628). - ACPI: processor: Remove freq Qos request for all CPUs (bsc#1012628). - nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf (bsc#1012628). - smb3: missing inode locks in punch hole (bsc#1012628). - ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (bsc#1012628). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (bsc#1012628). - riscv: signal: fix missing prototype warning (bsc#1012628). - riscv: traps: add missing prototype (bsc#1012628). - riscv: dts: microchip: correct L2 cache interrupts (bsc#1012628). - io_uring: fix issue with io_write() not always undoing sb_start_write() (bsc#1012628). - mm/hugetlb: fix hugetlb not supporting softdirty tracking (bsc#1012628). - Revert "md-raid: destroy the bitmap after destroying the thread" (bsc#1012628). - md: call __md_stop_writes in md_stop (bsc#1012628). - arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76 (bsc#1012628). - binder_alloc: add missing mmap_lock calls when using the VMA (bsc#1012628). - x86/nospec: Fix i386 RSB stuffing (bsc#1012628). - drm/amdkfd: Fix isa version for the GC 10.3.7 (bsc#1012628). - Documentation/ABI: Mention retbleed vulnerability info file for sysfs (bsc#1012628). - blk-mq: fix io hung due to missing commit_rqs (bsc#1012628). - perf python: Fix build when PYTHON_CONFIG is user supplied (bsc#1012628). - perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (bsc#1012628). - perf/x86/intel/ds: Fix precise store latency handling (bsc#1012628). - perf stat: Clear evsel->reset_group for each stat run (bsc#1012628). - arm64: fix rodata=full (bsc#1012628). - arm64/signal: Flush FPSIMD register state when disabling streaming mode (bsc#1012628). - arm64/sme: Don't flush SVE register state when allocating SME storage (bsc#1012628). - arm64/sme: Don't flush SVE register state when handling SME traps (bsc#1012628). - scsi: ufs: core: Enable link lost interrupt (bsc#1012628). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (bsc#1012628). - scsi: core: Fix passthrough retry counter handling (bsc#1012628). - riscv: dts: microchip: mpfs: fix incorrect pcie child node name (bsc#1012628). - riscv: dts: microchip: mpfs: remove ti,fifo-depth property (bsc#1012628). - riscv: dts: microchip: mpfs: remove bogus card-detect-delay (bsc#1012628). - riscv: dts: microchip: mpfs: remove pci axi address translation property (bsc#1012628). - bpf: Don't use tnum_range on array range checking for poke descriptors (bsc#1012628). - Delete patches.suse/mm-mprotect-fix-soft-dirty-check-in-can_change_pte_w.patch. - commit 9e364bb ++++ lvm2: - Update lvm2 from LVM2.2.03.15 to LVM2.2.03.16 * ** WHATS_NEW for 2.03.16 *** Version 2.03.16 - 18th May 2022 =============================== Fix segfault when handling selection with historical LVs. Add support --vdosettings with lvcreate, lvconvert, lvchange. Filtering multipath devices respects blacklist setting from multipath configuration. lvmdevices support for removing by device id using --deviceidtype and --deldev. Display writecache block size with lvs -o writecache_block_size. Improve cachesettings description in man lvmcache. Fix lossing of delete message on thin-pool extension. - Drop patches that have been merged into upstream - 0001-post-release.patch - 0002-asan-fix-some-reports-from-libasan.patch - 0003-make-generate.patch - 0004-tests-udev-pvscan-vgchange-fix-service-wait.patch - 0005-devices-file-do-not-clear-PVID-of-unread-devices.patch - 0006-tests-skip-vgchange-pvs-online.sh-on-rhel5.patch - 0007-dev_manager-fix-dm_task_get_device_list.patch - 0008-dev_manager-failing-status-is-not-internal-error.patch - 0009-clang-add-extra-check.patch - 0010-clang-possible-better-compilation-with-musl-c.patch - 0011-dev_manager-do-not-query-for-open_count.patch - 0012-dev_manager-use-list-info-for-preset-devs.patch - 0013-man-lvmcache-add-more-writecache-cachesettings-info.patch - 0014-man-update-cachesettings-option-description.patch - 0015-man-lvmcache-mention-writecache-memory-usage.patch - 0016-writecache-display-block-size-from-lvs.patch - 0017-devices-simplify-dev_cache_get_by_devt.patch - 0018-devices-drop-incorrect-paths-from-aliases-list.patch - 0019-devices-initial-use-of-existing-option.patch - 0020-devices-fix-dev_name-assumptions.patch - 0021-devices-use-dev-cache-aliases-handling-from-label-sc.patch - 0022-devices-only-close-PVs-on-LVs-when-scan_lvs-is-enabl.patch - 0023-writecache-check-memory-usage.patch - 0024-pvscan-don-t-use-udev-for-external-device-info.patch - 0025-vgchange-monitor-don-t-use-udev-info.patch - Add upstream patch - 0001-devices-file-move-clean-up-after-command-is-run.patch - 0002-devices-file-fail-if-devicesfile-filename-doesn-t-ex.patch - 0003-filter-mpath-handle-other-wwid-types-in-blacklist.patch - 0004-filter-mpath-get-wwids-from-sysfs-vpd_pg83.patch - 0005-pvdisplay-restore-reportformat-option.patch - 0006-exit-with-error-when-devicesfile-name-doesn-t-exist.patch - 0007-report-fix-pe_start-column-type-from-NUM-to-SIZ.patch - 0008-_vg_read_raw_area-fix-segfault-caused-by-using-null-.patch - 0009-mm-remove-libaio-from-being-skipped.patch - 0010-dmsetup-check-also-for-ouf-of-range-value.patch - 0011-devices-drop-double-from-sysfs-path.patch - 0012-devices-file-fix-pvcreate-uuid-matching-pvid-entry-w.patch - 0013-vgimportdevices-change-result-when-devices-are-not-a.patch - 0014-vgimportdevices-fix-locking-when-creating-devices-fi.patch - Update patch - bug-1184687_Add-nolvm-for-kernel-cmdline.patch - update lvm2.spec - indent some lines for easy read - add new man: lvm_import_vdo.8 dmfilemapd.8 - remove config item '--enable-cmirrord', which was obsoleted. - remove config item '--enable-realtime', which became default setting. - add config item "--enable-dmfilemapd" for new daemon dmfilemapd - lvm.conf - align upstream style, comment out default values ++++ libvirt: - Update to libvirt 8.7.0 - jsc#PED-620, jsc#PED-1540 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v8-7-0-2022-09-01 - Dropped patches: 9493c9b7-lxc-containter-fix-build-with-glibc-2.36.patch, c0d9adf2-virfile-Fix-build-with-glibc-2.36.patch ++++ libxml2: - Build for now with --with-legacy to enable APIs that have been deprecated recently. (bsc#1202965) ++++ patterns-alp: - rename MicroOS to ALP ++++ salt: - Add Amazon EC2 detection for virtual grains (bsc#1195624) - Fix the regression in schedule module releasded in 3004 (bsc#1202631) - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Change the delimeters to prevent possible tracebacks on some packages with dpkg_lowpkg - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) - Added: * fix-the-regression-in-schedule-module-releasded-in-3.patch * retry-if-rpm-lock-is-temporarily-unavailable-547.patch * change-the-delimeters-to-prevent-possible-tracebacks.patch * add-amazon-ec2-detection-for-virtual-grains-bsc-1195.patch * fix-state.apply-in-test-mode-with-file-state-module-.patch ++++ python-libvirt-python: - Update to 8.7.0 - Add all new APIs and constants in libvirt 8.7.0 - jsc#PED-620, jsc#PED-1540 ++++ libxml2-python: - Build for now with --with-legacy to enable APIs that have been deprecated recently. (bsc#1202965) ++++ rsync: - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. ++++ wpa_supplicant: - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. ------------------------------------------------------------------ ------------------ 2022-8-31 - Aug 31 2022 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - update to 5.19: * send: support protocol version 2 * fi show: print all missing devices * device stats: add tabular output * replace: add alias to device group (device replace) * check: validate free space tree items * fixes: * convert: support large filesystems (block count > 32bit) * recognize filesystems with verity enabled * mkfs and DUP could write out of order, fix it for zoned mode * build: * optional support for LZO and ZSTD in receive * compatibility with glibc 2.36 (mount.h) * add fallbacks for new GCC builtins * other: * corrupt-block: target specific items, offsets * documentation updates, new pages from wiki * new tests ++++ curl: - Update to 7.85.0: * Security fixes: [bsc#1202593, CVE-2022-35252] - control code in cookie denial of service * Changes: - quic: add support via wolfSSL - schannel: Add TLS 1.3 support - setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR * Bugfixes: - asyn-thread: fix socket leak on OOM - asyn-thread: make getaddrinfo_complete return CURLcode - base64: base64url encoding has no padding - configure: fix broken m4 syntax in TLS options - configure: if asked to use TLS, fail if no TLS lib was detected - connect: add quic connection information - connect: set socktype/protocol correctly - cookie: reject cookies with "control bytes" - cookie: treat a blank domain in Set-Cookie: as non-existing - curl: output warning when a cookie is dropped due to size - Curl_close: call Curl_resolver_cancel to avoid memory-leak - digest: fix memory leak, fix not quoted 'opaque' - digest: fix missing increment of 'nc' value for auth-int - digest: pass over leading spaces in qop values - digest: reject broken header with session protocol but without qop - doh: use https protocol by default - easy_lock.h: include sched.h if available to fix build - easy_lock.h: use __asm__ instead of asm to fix build - easy_lock: switch to using atomic_int instead of bool - ftp: use a correct expire ID for timer expiry - h2h3: fix overriding the 'TE: Trailers' header - hostip: resolve *.localhost to 127.0.0.1/::1 - HTTP3.md: update to msh3 v0.4.0 - hyper: use wakers for curl pause/resume - lib3026: reduce the number of threads to 100 - libssh2: make atime/mtime date overflow return error - libssh2: provide symlink name in SFTP dir listing - multi: have curl_multi_remove_handle close CONNECT_ONLY transfer - multi: use larger dns hash table for multi interface - multi_wait: fix skipping to populate revents for extra_fds - netrc: Use the password from lines without login - ngtcp2: Fix build error due to change in nghttp3 prototypes - ngtcp2: fix stall or busy loop on STOP_SENDING with upload data - ngtcp2: implement cb_h3_stop_sending and cb_h3_reset_stream callbacks - openssl: add 'CURL_BORINGSSL_VERSION' to identify BoringSSL - openssl: add cert path in error message - openssl: add details to "unable to set client certificate" error - openssl: fix BoringSSL symbol conflicts with LDAP and Schannel - select: do not return fatal error on EINTR from poll() - sendf: fix paused header writes since after the header API - sendf: skip storing HTTP headers if HTTP disabled - url: really use the user provided in the url when netrc entry exists - url: reject URLs with hostnames longer than 65535 bytes - url: treat missing usernames in netrc as empty - urldata: reduce size of several struct fields - vtls: make Curl_ssl_backend() return the enum type curl_sslbackend * Remove tests-for-32bit.patch fixed in the update * Rebase libcurl-ocloexec.patch ++++ kdump: - mkdumprd: replace mkinitrd with native dracut (bsc#1202443) ++++ kernel-default: - mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there. - commit 403d89f - kernel-source: include the kernel signature file We assume that the upstream tarball is used for released kernels. Then we can also include the signature file and keyring in the kernel-source src.rpm. Because of mkspec code limitation exclude the signature and keyring from binary packages always - mkspec does not parse spec conditionals. - commit e76c4ca - kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages - commit 4b42fb2 - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - commit 1bd288c ++++ cairo: - Update to version 1.17.6: + This snapshot sees the removal of the following backends and platform support: Qt4, BeOS, OS/2, DirectFB, DRM, Cogl, OpenVG. + Thanks to all past contributors for their work on them. If you were using any of these backends then you will need to stick to Cairo 1.16. + This snapshot is going to be the **last** release of Cairo with the Autotools build system. The Meson build has seen many improvements and it is considerably easier to maintain and faster to build. - Changes from version 1.17.4: + A particularly noteworthy improvement in this release is the addition of the meson build system as an alternative to autotools. + The cogl Cairo backend underwent significant development this cycle. + Subpixel positioning support allows improved glyph outlines with the Freetype font backend. + For a complete log of changes, please see https://cairographics.org/releases/ChangeLog.1.17.4 - Changes from version 1.17.2: + This snapshot provides the new support for writing floating point formats as 16 bpc PNGs, with support for RGBA128F and RGB96F formats. This new feature increases Cairo's pixman version requirement to 0.36.0. + Beyond this are a range of bugfixes. For a complete log of changes, please see https://cairographics.org/releases/ChangeLog.1.17.2 - Drop patches fixed upstream: + cairo-Use-FT_Done_MM_Var-instead-of-free-when-available.patch + cairo-composite_color_glyphs.patch + cairo-pdf-add-missing-flush.patch + cairo-do-not-override-explicitly-requested-grayscale-aa.patch - Rebase remaining patches with quilt. - Add 0001-Set-default-LCD-filter-to-FreeType-s-default.patch: Set default LCD filter to FreeType's default (patch merged upstream). - Use ldconfig_scriptlets macro for post(un) handling. ++++ schily: - pbosh.1: replace broken ".so sh.1" refernce with a symlink to bosh.1 ++++ gcc12: - Prune invalid-license rpmlint warnings, the SLE12 codestream doesn't get fixed but FF applies there, too. [bsc#1185337] ++++ libosinfo: - Add 3a0fef72.patch: build: Add option to select libsoup ABI. Following this, add conditional pkgconfig(libsoup-3.0) BuildRequires. - Modernize spec, use ldconfig_scriptlets macro for post(un) handling, package COPYING with license macro. ++++ openslp: - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. ++++ microos-tools: - Update to version 2.15 - 98selinux-microos: Add grep as dependency ++++ runc: - Update to runc v1.1.4. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.4. bsc#1202021 * Fix mounting via wrong proc fd. When the user and mount namespaces are used, and the bind mount is followed by the cgroup mount in the spec, the cgroup was mounted using the bind mount's mount fd. * Switch kill() in libcontainer/nsenter to sane_kill(). * Fix "permission denied" error from runc run on noexec fs. * Fix failed exec after systemctl daemon-reload. Due to a regression in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded. (boo#1202821) ++++ xen: - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. ------------------------------------------------------------------ ------------------ 2022-8-30 - Aug 30 2022 ------------------- ------------------------------------------------------------------ ++++ gdk-pixbuf: - Add 0001-jpeg-Increase-memory-limit-for-loading-image-data.patch: fix loading of larger images (glgo#GNOME/gdk-pixbuf#216). ++++ kernel-default: - Refresh patches.rpmify/kbuild-dummy-tools-pretend-we-understand-__LONG_DOUB.patch. - Refresh patches.suse/Revert-zram-remove-double-compression-logic.patch. - Refresh patches.suse/mm-gup-fix-FOLL_FORCE-COW-security-issue-and-remove-.patch. - wifi: mt76: mt7921e: fix crash in chip reset fail (bsc#1201845). Update to upstream versions and shuffle in series. - commit b7da698 - Update patches.kernel.org/5.19.2-1109-dm-fix-dm-raid-crash-if-md_handle_request-spl.patch (bsc#1012628 bsc#1202369). Add a bsc#. - commit 86a8641 ++++ libxslt: - Update to version 1.1.37: * Improvements: + Don't use deprecated libxml2 macros + Don't mess with xmlDefaultSAXHandler * Build system: + Require automake-1.16.3 or later + Remove generated files from distribution + Add missing compile definition for static builds to Autotools ++++ gcc12: - Update to gcc-12 branch head, e927d1cf141f221c5a32574bde0, git416 * includes GCC 12.2 release * includes recent fixes backported from trunk ++++ lua54: - Add more upstream patches: * luabugs6.patch * luabugs7.patch ++++ snapper: - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. - version 0.10.3 ++++ libssh: - Update to version 0.10.1 * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.1 - Enable client and server testing * Added libssh-weak-attribute.patch ++++ libxml2: - Update to version 2.10.2: * Improvements: + Remove set-but-unused variable in xmlXPathScanName + Silence -Warray-bounds warning * Build system + build: require automake-1.16.3 or later + Remove generated files from distribution * Test suite: Don't create missing.xml when running testapi - Add configure --with-python=%{__python3} inbefore python build, as upstream no longer ships pre-grenerated files. - Use sed to fix env-script-interpreter in documentation example. - Pass with-ftp to configure, build ftp support. ++++ microos-tools: - Update to version 2.14 - Fix Makefile to install sysext-add-debug - Update to version 2.13 - 98selinux-microos: Don't rely on selinux=1 [bsc#1202449] - Add sysext-add-debug - Make sure /var/lib/overlay exists before relabeling ++++ libxml2-python: - Update to version 2.10.2: * Improvements: + Remove set-but-unused variable in xmlXPathScanName + Silence -Warray-bounds warning * Build system + build: require automake-1.16.3 or later + Remove generated files from distribution * Test suite: Don't create missing.xml when running testapi - Add configure --with-python=%{__python3} inbefore python build, as upstream no longer ships pre-grenerated files. - Use sed to fix env-script-interpreter in documentation example. - Pass with-ftp to configure, build ftp support. ++++ vim: - ignore-flaky-test-failure.patch: Ignore failure of flaky tests - disable-unreliable-tests-arch.patch: Removed ------------------------------------------------------------------ ------------------ 2022-8-29 - Aug 29 2022 ------------------- ------------------------------------------------------------------ ++++ ca-certificates-mozilla: - Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 Removed: - Hellenic Academic and Research Institutions RootCA 2011 ++++ fde-tools: - Make the firstboot workflow smarter (offer different key protectors) ++++ librsvg: - Update of vendored dependencies. ++++ glib2: - Drop 99783e0408f8ae9628d2c7a30eb99806087da711.patch for 2.73.x branch, fixed upstream already. ++++ grub2: - Fix out of memory error cannot be prevented via disabling tpm (bsc#1202438) * 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch ++++ kernel-default: - Revert "block: freeze the queue earlier in del_gendisk" (bsc#1202534 bsc#1202589). - commit 157e5ea - Delete patches.suse/Revert-Revert-tcp-change-pingpong-threshold-to-3.patch. The test was disabled in python-eventlet. The code is correct, unlike the test. - commit 22072b3 - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1012628). - Linux 5.19.5 (bsc#1012628). - Refresh patches.kernel.org/5.19.4-144-kbuild-dummy-tools-avoid-tmpdir-leak-in-dummy-.patch. - commit 8b6f0a1 - Refresh patches.kernel.org/5.19.4-144-kbuild-dummy-tools-avoid-tmpdir-leak-in-dummy-.patch. Reenable the patch after fixing it (missing plugin-version.h in the patch). - commit 2ea108c - Update to 6.0-rc3 - eliminate 2 patches - patches.suse/0001-scsi-sd-Revert-Rework-asynchronous-resume-support.patch - patches.suse/Revert-zram-remove-double-compression-logic.patch - commit 824e6f8 ++++ util-linux: - Update to version 2.38.1: * column: fix buffer overflow when -l specified, fix greedy mode on -l * dmesg: fix --since and --until * libmount: when moving a mount point, all sub mount entries in utab should also be updated (bsc#1198731) * libuuid: improve cache handling (bsc#1201959, PED-1150) * lsblk: fix JSON output when without --bytes * lsfd:fix crash triggered by an empty filter expression * sulogin: fix includes (obsoletes linux-fs.patch) * Many other fixes, improvements and code cleanup. For the complete list see https://www.kernel.org/pub/linux/utils/util-linux/v2.38/v2.38.1-ReleaseNotes - Fix some rpmlintrc warnings and remove util-linux-rpmlintrc. ++++ gcc12: - Add gcc12-fifo-jobserver-support.patch that adds support for FIFO jobserver for make. ++++ lttng-ust: - Update to release 2.13.4 * Added missing closedir in _get_max_cpuid_from_sysfs() * File descriptor was leaked in get_possible_cpu_mask_from_sysfs * sessiond wait futex: handle spurious futex wakeups ++++ systemd: - Let systemd trust the RTC for 30 years after the last update instead of 15 (bsc#1202356) To allow for our systems to be used in edge locations without systemd updates for a long time. ++++ util-linux-systemd: - Update to version 2.38.1: * column: fix buffer overflow when -l specified, fix greedy mode on -l * dmesg: fix --since and --until * libmount: when moving a mount point, all sub mount entries in utab should also be updated (bsc#1198731) * libuuid: improve cache handling (bsc#1201959, PED-1150) * lsblk: fix JSON output when without --bytes * lsfd:fix crash triggered by an empty filter expression * sulogin: fix includes (obsoletes linux-fs.patch) * Many other fixes, improvements and code cleanup. For the complete list see https://www.kernel.org/pub/linux/utils/util-linux/v2.38/v2.38.1-ReleaseNotes - Fix some rpmlintrc warnings and remove util-linux-rpmlintrc. ++++ vim: - Updated to version 9.0.0313, fixes the following problems - boo#1202862 - CVE-2022-3016 - boo#1203155 - CVE-2022-2980 - boo#1203152 - CVE-2022-2982 - boo#1202689 - CVE-2022-2946 - boo#1202687 - CVE-2022-2923 - boo#1202599 - CVE-2022-2889 * Using NULL pointer when skipping compiled code. * Using freed memory with multiple line breaks in expression. * job_start() test may fail under valgrind. * Cannot read error message when abort() is called. * Crash when pattern looks below the last line. * Vim9: error message for missing type is not clear. * No error for comma missing in list in :def function. * Expanding "**" may loop forever with directory links. * Test with BufNewFile autocmd is flaky. * Removing multiple text properties takes many calls. * Cannot make difference between the end of :normal and a character in its argument. * 'autoshelldir' does not work with chunked respose. * Popup menu not removed when 'wildmenu' reset while it is visible. * Mac: cannot build if dispatch.h is not available. * Shift-Tab shows matches on cmdline when 'wildmenu' is off. * Build failure without the +wildmenu feature. * Crash when using ":mkspell" with an empty .dic file. * "make install" does not install shared syntax file. (James McCoy) * "make install" still fails. (Wilhelm Payne) * Text properties "below" sort differently on MS-Windows. * Cannot easily get the list of sourced scripts. * Mechanism to prevent recursive screen updating is incomplete. * Using freed memory when 'tagfunc' deletes the buffer. * Cannot add padding to virtual text without highlight. * Duplicate code in finding a script in the execution stack. * No test for what 9.0.0234 fixes. * Slightly inconsistent error messages. * Test output shows up in git. * Cursor in wrong place after virtual text. * A symlink to an autoload script results in two entries in the list of scripts, items expected in one are actually in the other. * Typo in function name. * Build failure without the eval feature. * Compiler warning for uninitialized variables. * "->" in ":scriptnames" output not tested yet. * Crash with mouse click when not initialized. * Using freed memory when using 'quickfixtextfunc' recursively. * bufload() reads a file even if the name is not a file name. (Cyker Way) * Build failure without the +quickfix feature. * Too many #ifdefs. * No good reason why the "gf" command is not in the tiny version. * Compiler warning for unused argument. * Build error without the +eval feature. * getscriptinfo() does not include the version. Cannot select entries by script name. * Some values of 'path' and 'tags' do not work in the tiny version. * Using INIT() in non-header files. * BufReadCmd not triggered when loading a "nofile" buffer. (Maxim Kim) * Konsole termresponse not recognized. * Netrw plugin does not show remote files. * BufEnter not triggered when using ":edit" in "nofile" buffer. * 'buftype' values not sufficiently tested. * Coverity CI: update-alternatives not needed with Ubuntu 20.04. * The +wildignore feature is nearly always available. * The tiny version has the popup menu but not 'wildmenu'. * The builtin termcap list depends on the version. * Build failure without the +eval feature. * A nested timout stops the previous timeout. * Cannot complete "syn list @cluster". * Using static buffer for multiple completion functions. * It is not easy to change the command line from a plugin. * Using freed memory when location list changed in autocmd. * Irix systems no longer exist. * When 'cmdheight' is zero some messages are not displayed. * Invalid memory write. * Compiler warning for variable set but not used. * Test failing. * Test causes another test to fail. * Messages window not hidden when starting a command line. * Crash when 'cmdheight' is 0 and popup_clear() used. * GUI drop files test sometimes fails. * Message in popup is shortened unnecessary. * Cursor position wrong after right aligned virtual text. (Iizuka Masashi) * Compiler warning for size_t to int conversion. * Error messages for setcmdline() could be better. * 'cpoptions' tests are flaky. * The message window popup is delayed after an error message. * CI for Coverity is bothered by deprecation warnings. * It is not easy to get information about a script. * WinScrolled is not triggered when only skipcol changes. * CI lists useless deprecation warnings. * Buffer write message is two lines in message popup window. * :echomsg doesn't work properly with cmdheight=0. * When cmdheight is zero the attention prompt doesn't show. * Invalid memory access when cmdheight is zero. * Output of :messages dissappears when cmdheight is zero. * Test for hit-Enter prompt fails. * Test for cmdheight zero fails. * Using common name in tests leads to flaky tests. ++++ xen: - bsc#1201994 - Xen DomU unable to emulate audio device 62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch ------------------------------------------------------------------ ------------------ 2022-8-28 - Aug 28 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - update to AppArmor 3.0.7 - fix setuptools version detection in buildpath.py - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.7 for the detailed upstream changelog - add dnsmasq-cpu-possible.diff: allow reading /sys/devices/system/cpu/possible in dnsmasc//libvirt-leaseshelper profile (boo#1202849) ++++ libapparmor: - update to AppArmor 3.0.7 - fix setuptools version detection in buildpath.py - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.7 for the detailed upstream changelog - add dnsmasq-cpu-possible.diff: allow reading /sys/devices/system/cpu/possible in dnsmasc//libvirt-leaseshelper profile (boo#1202849) ++++ fmt: - Update to release 9.1 * fmt::formatted_size now works at compile time * Fixed handling of invalid UTF-8 (#3038) * Improved Unicode support in ostream overloads of print * Added support for wide streams to fmt::streamed * Added the n specifier that disables the output of delimiters when formatting ranges (#2981) - Delete 0001-Fix-large-shift-in-uint128_fallback.patch 0002-Use-FMT_USE_FLOAT128-instead-of-__SIZEOF_FLOAT128__.patch 0001-Make-sure-the-correct-fmod-overload-is-called.patch (merged) ------------------------------------------------------------------ ------------------ 2022-8-27 - Aug 27 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Disable aac289653fa5adf9e9985e4912c1d24a3e8cbab2. It breaks with dummy tools. - commit 15b473a - Update config files. CONFIG_VIRTIO_HARDEN_NOTIFICATION was marked as BROKEN. - Linux 5.19.4 (bsc#1012628). - Revert "ALSA: hda: Fix page fault in snd_hda_codec_shutdown()" (bsc#1012628). - scsi: ufs: ufs-mediatek: Fix build error and type mismatch (bsc#1012628). - f2fs: fix null-ptr-deref in f2fs_get_dnode_of_data (bsc#1012628). - f2fs: revive F2FS_IOC_ABORT_VOLATILE_WRITE (bsc#1012628). - MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 (bsc#1012628). - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (bsc#1012628). - venus: pm_helpers: Fix warning in OPP during probe (bsc#1012628). - powerpc/64: Init jump labels before parse_early_param() (bsc#1012628). - smb3: check xattr value length earlier (bsc#1012628). - f2fs: fix to do sanity check on segment type in build_sit_entries() (bsc#1012628). - f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() (bsc#1012628). - ALSA: control: Use deferred fasync helper (bsc#1012628). - ALSA: pcm: Use deferred fasync helper (bsc#1012628). - ALSA: timer: Use deferred fasync helper (bsc#1012628). - ALSA: core: Add async signal helpers (bsc#1012628). - powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1012628). - ovl: warn if trusted xattr creation fails (bsc#1012628). - ASoC: codecs: va-macro: use fsgen as clock (bsc#1012628). - powerpc/32: Don't always pass -mcpu=powerpc to the compiler (bsc#1012628). - powerpc/32: Set an IBAT covering up to _einittext during init (bsc#1012628). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1012628). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1012628). - watchdog: export lockup_detector_reconfigure (bsc#1012628). - ASoC: Intel: sof_nau8825: Move quirk check to the front in late probe (bsc#1012628). - ASoC: Intel: sof_es8336: ignore GpioInt when looking for speaker/headset GPIO lines (bsc#1012628). - ASoC: Intel: sof_es8336: Fix GPIO quirks set via module option (bsc#1012628). - ASoC: SOF: Intel: hda: add sanity check on SSP index reported by NHLT (bsc#1012628). - ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops (bsc#1012628). - RISC-V: Add fast call path of crash_kexec() (bsc#1012628). - riscv: mmap with PROT_WRITE but no PROT_READ is invalid (bsc#1012628). - ASoC: nau8821: Don't unconditionally free interrupt (bsc#1012628). - riscv: dts: canaan: Add k210 topology information (bsc#1012628). - riscv: dts: sifive: Add fu740 topology information (bsc#1012628). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_irq_ctrl() (bsc#1012628). - ASoC: SOF: sof-client-probes: Only load the driver if IPC3 is used (bsc#1012628). - ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot (bsc#1012628). - ASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot (bsc#1012628). - modules: Ensure natural alignment for .altinstructions and __bug_table sections (bsc#1012628). - ALSA: hda: Fix page fault in snd_hda_codec_shutdown() (bsc#1012628). - ASoC: Intel: avs: Set max DMA segment size (bsc#1012628). - iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit (bsc#1012628). - mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start (bsc#1012628). - vfio: Clear the caps->buf to NULL after free (bsc#1012628). - KVM: PPC: Book3S HV: Fix "rm_exit" entry in debugfs timings (bsc#1012628). - tty: serial: Fix refcount leak bug in ucc_uart.c (bsc#1012628). - lib/list_debug.c: Detect uninitialized lists (bsc#1012628). - ext4: avoid resizing to a partial cluster size (bsc#1012628). - ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1012628). - ext4: avoid remove directory when directory is corrupted (bsc#1012628). - drivers:md:fix a potential use-after-free bug (bsc#1012628). - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (bsc#1012628). - md/raid5: Make logic blocking check consistent with logic that blocks (bsc#1012628). - md: Notify sysfs sync_completed in md_reap_sync_thread() (bsc#1012628). - phy: samsung: phy-exynos-pcie: sanitize init/power_on callbacks (bsc#1012628). - openrisc: io: Define iounmap argument as volatile (bsc#1012628). - Revert "RDMA/rxe: Create duplicate mapping tables for FMRs" (bsc#1012628). - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (bsc#1012628). - dmaengine: tegra: Add terminate() for Tegra234 (bsc#1012628). - selftests/kprobe: Do not test for GRP/ without event failures (bsc#1012628). - csky/kprobe: reclaim insn_slot on kprobe unregistration (bsc#1012628). - RDMA/rxe: Limit the number of calls to each tasklet (bsc#1012628). - ACPI: PPTT: Leave the table mapped for the runtime usage (bsc#1012628). - mmc: renesas_sdhi: newer SoCs don't need manual tap correction (bsc#1012628). - dmaengine: dw-axi-dmac: ignore interrupt if no descriptor (bsc#1012628). - dmaengine: dw-axi-dmac: do not print NULL LLI during error (bsc#1012628). - of: overlay: Move devicetree_corrupt() check up (bsc#1012628). - um: add "noreboot" command line option for PANIC_TIMEOUT=-1 setups (bsc#1012628). - PCI/ACPI: Guard ARM64-specific mcfg_quirks (bsc#1012628). - cxl: Fix a memory leak in an error handling path (bsc#1012628). - pinctrl: intel: Check against matching data instead of ACPI companion (bsc#1012628). - scsi: ufs: ufs-exynos: Change ufs phy control sequence (bsc#1012628). - mmc: tmio: avoid glitches when resetting (bsc#1012628). - habanalabs/gaudi: mask constant value before cast (bsc#1012628). - habanalabs/gaudi: fix shift out of bounds (bsc#1012628). - habanalabs/gaudi: invoke device reset from one code block (bsc#1012628). - habanalabs: add terminating NULL to attrs arrays (bsc#1012628). - coresight: etm4x: avoid build failure with unrolled loops (bsc#1012628). - gadgetfs: ep_io - wait until IRQ finishes (bsc#1012628). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1012628). - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1012628). - clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description (bsc#1012628). - zram: do not lookup algorithm in backends table (bsc#1012628). - uacce: Handle parent device removal or parent driver module rmmod (bsc#1012628). - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (bsc#1012628). - vboxguest: Do not use devm for irq (bsc#1012628). - usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch (bsc#1012628). - scsi: iscsi: Fix HW conn removal use after free (bsc#1012628). - usb: renesas: Fix refcount leak bug (bsc#1012628). - usb: host: ohci-ppc-of: Fix refcount leak bug (bsc#1012628). - usb: typec: mux: Add CONFIG guards for functions (bsc#1012628). - scsi: ufs: ufs-mediatek: Fix the timing of configuring device regulators (bsc#1012628). - clk: ti: Stop using legacy clkctrl names for omap4 and 5 (bsc#1012628). - drm/meson: Fix overflow implicit truncation warnings (bsc#1012628). - irqchip/tegra: Fix overflow implicit truncation warnings (bsc#1012628). - scsi: ufs: core: Add UFSHCD_QUIRK_HIBERN_FASTAUTO (bsc#1012628). - scsi: ufs: core: Add UFSHCD_QUIRK_BROKEN_64BIT_ADDRESS (bsc#1012628). - PCI: aardvark: Fix reporting Slot capabilities on emulated bridge (bsc#1012628). - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (bsc#1012628). - usb: gadget: uvc: calculate the number of request depending on framesize (bsc#1012628). - usb: cdns3 fix use-after-free at workaround 2 (bsc#1012628). - staging: r8188eu: add error handling of rtw_read32 (bsc#1012628). - staging: r8188eu: add error handling of rtw_read16 (bsc#1012628). - staging: r8188eu: add error handling of rtw_read8 (bsc#1012628). - platform/chrome: cros_ec_proto: don't show MKBP version if unsupported (bsc#1012628). - PCI: Add ACS quirk for Broadcom BCM5750x NICs (bsc#1012628). - HID: multitouch: new device class fix Lenovo X12 trackpad sticky (bsc#1012628). - thunderbolt: Change downstream router's TMU rate in both TMU uni/bidir mode (bsc#1012628). - x86/kvm: Fix "missing ENDBR" BUG for fastop functions (bsc#1012628). - x86/ibt, objtool: Add IBT_NOSEAL() (bsc#1012628). - net: mscc: ocelot: report ndo_get_stats64 from the wraparound-resistant ocelot->stats (bsc#1012628). - net: mscc: ocelot: make struct ocelot_stat_layout array indexable (bsc#1012628). - net: mscc: ocelot: fix race between ndo_get_stats64 and ocelot_check_stats_work (bsc#1012628). - net: mscc: ocelot: turn stats_lock into a spinlock (bsc#1012628). - KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (bsc#1012628). - KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (bsc#1012628). - drm/amdgpu: Fix use-after-free on amdgpu_bo_list mutex (bsc#1012628). - drm/sun4i: dsi: Prevent underflow when computing packet sizes (bsc#1012628). - drm/bridge: lvds-codec: Fix error checking of drm_of_lvds_get_data_mapping() (bsc#1012628). - drm/amdgpu: Avoid another list of reset devices (bsc#1012628). - drm/i915/ttm: don't leak the ccs state (bsc#1012628). - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (bsc#1012628). - drm/imx/dcss: get rid of HPD warning message (bsc#1012628). - can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() (bsc#1012628). - gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file (bsc#1012628). - kbuild: fix the modules order between drivers and libs (bsc#1012628). - igb: Add lock to avoid data race (bsc#1012628). - stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() (bsc#1012628). - dt-bindings: display: sun4i: Add D1 TCONs to conditionals (bsc#1012628). - fec: Fix timer capture timing in `fec_ptp_enable_pps()` (bsc#1012628). - tools/rtla: Fix command symlinks (bsc#1012628). - blk-mq: run queue no matter whether the request is the last request (bsc#1012628). - i40e: Fix to stop tx_timeout recovery if GLOBR fails (bsc#1012628). - regulator: pca9450: Remove restrictions for regulator-name (bsc#1012628). - i40e: Fix tunnel checksum offload with fragmented traffic (bsc#1012628). - i2c: imx: Make sure to unregister adapter on remove() (bsc#1012628). - modpost: fix module versioning when a symbol lacks valid CRC (bsc#1012628). - ice: Ignore error message when setting same promiscuous mode (bsc#1012628). - ice: Fix clearing of promisc mode with bridge over bond (bsc#1012628). - ice: Ignore EEXIST when setting promisc mode (bsc#1012628). - ice: Fix double VLAN error when entering promisc mode (bsc#1012628). - ice: Fix VF not able to send tagged traffic with no VLAN filters (bsc#1012628). - ice: Fix call trace with null VSI during VF reset (bsc#1012628). - ice: Fix VSI rebuild WARN_ON check for VF (bsc#1012628). - net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() (bsc#1012628). - net: dsa: don't warn in dsa_port_set_state_now() when driver doesn't support it (bsc#1012628). - net: genl: fix error path memory leak in policy dumping (bsc#1012628). - net: mscc: ocelot: fix address of SYS_COUNT_TX_AGING counter (bsc#1012628). - net: mscc: ocelot: fix incorrect ndo_get_stats64 packet counters (bsc#1012628). - net: dsa: felix: fix ethtool 256-511 and 512-1023 TX packet counters (bsc#1012628). - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (bsc#1012628). - net: sched: fix misuse of qcpu->backlog in gnet_stats_add_queue_cpu (bsc#1012628). - net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg (bsc#1012628). - net: fix potential refcount leak in ndisc_router_discovery() (bsc#1012628). - net: moxa: pass pdev instead of ndev to DMA functions (bsc#1012628). - mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice (bsc#1012628). - virtio_net: fix endian-ness for RSS (bsc#1012628). - net: qrtr: start MHI channel after endpoit creation (bsc#1012628). - net: dsa: mv88e6060: prevent crash on an unused port (bsc#1012628). - net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() (bsc#1012628). - spi: meson-spicc: add local pow2 clock ops to preserve rate between messages (bsc#1012628). - powerpc/pci: Fix get_phb_number() locking (bsc#1012628). - netfilter: nf_tables: check NFT_SET_CONCAT flag if field_count is specified (bsc#1012628). - netfilter: nf_tables: disallow NFT_SET_ELEM_CATCHALL and NFT_SET_ELEM_INTERVAL_END (bsc#1012628). - netfilter: nf_tables: NFTA_SET_ELEM_KEY_END requires concat and interval flags (bsc#1012628). - netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag (bsc#1012628). - netfilter: nf_tables: fix scheduling-while-atomic splat (bsc#1012628). - netfilter: nf_tables: really skip inactive sets when allocating name (bsc#1012628). - netfilter: nf_tables: possible module reference underflow in error path (bsc#1012628). - netfilter: nf_ct_irc: cap packet search space to 4k (bsc#1012628). - netfilter: nf_ct_ftp: prefer skb_linearize (bsc#1012628). - netfilter: nf_ct_h323: cap packet size at 64k (bsc#1012628). - netfilter: nf_ct_sane: remove pseudo skb linearization (bsc#1012628). - netfilter: nf_tables: disallow NFTA_SET_ELEM_KEY_END with NFT_SET_ELEM_INTERVAL_END flag (bsc#1012628). - fs/ntfs3: uninitialized variable in ntfs_set_acl_ex() (bsc#1012628). - netfilter: nf_tables: use READ_ONCE and WRITE_ONCE for shared generation id access (bsc#1012628). - netfilter: nfnetlink: re-enable conntrack expectation events (bsc#1012628). - RDMA/cxgb4: fix accept failure due to increased cpl_t5_pass_accept_rpl size (bsc#1012628). - RDMA/mlx5: Use the proper number of ports (bsc#1012628). - IB/iser: Fix login with authentication (bsc#1012628). - ASoC: codec: tlv320aic32x4: fix mono playback via I2S (bsc#1012628). - ASoC: tas2770: Fix handling of mute/unmute (bsc#1012628). - ASoC: tas2770: Drop conflicting set_bias_level power setting (bsc#1012628). - ASoC: tas2770: Allow mono streams (bsc#1012628). - ASoC: tas2770: Set correct FSYNC polarity (bsc#1012628). - ASoC: DPCM: Don't pick up BE without substream (bsc#1012628). - ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf() (bsc#1012628). - ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (bsc#1012628). - ASoC: Intel: avs: Fix potential buffer overflow by snprintf() (bsc#1012628). - iavf: Fix deadlock in initialization (bsc#1012628). - iavf: Fix reset error handling (bsc#1012628). - iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (bsc#1012628). - iavf: Fix adminq error handling (bsc#1012628). - nios2: add force_successful_syscall_return() (bsc#1012628). - nios2: restarts apply only to the first sigframe we build.. (bsc#1012628). - nios2: fix syscall restart checks (bsc#1012628). - nios2: traced syscall does need to check the syscall number (bsc#1012628). - nios2: don't leave NULLs in sys_call_table[] (bsc#1012628). - nios2: page fault et.al. are *not* restartable syscalls.. (bsc#1012628). - fs/ntfs3: Fix missing i_op in ntfs_read_mft (bsc#1012628). - fs/ntfs3: Do not change mode if ntfs_set_ea failed (bsc#1012628). - fs/ntfs3: Fix double free on remount (bsc#1012628). - fs/ntfs3: Don't clear upper bits accidentally in log_replay() (bsc#1012628). - fs/ntfs3: Fix NULL deref in ntfs_update_mftmirr (bsc#1012628). - fs/ntfs3: Fix using uninitialized value n when calling indx_read (bsc#1012628). - dpaa2-eth: trace the allocated address instead of page struct (bsc#1012628). - perf tests: Fix Track with sched_switch test for hybrid case (bsc#1012628). - perf parse-events: Fix segfault when event parser gets an error (bsc#1012628). - i2c: qcom-geni: Fix GPI DMA buffer sync-back (bsc#1012628). - perf probe: Fix an error handling path in 'parse_perf_probe_command()' (bsc#1012628). - nvme-fc: fix the fc_appid_store return value (bsc#1012628). - geneve: fix TOS inheriting for ipv4 (bsc#1012628). - fscache: don't leak cookie access refs if invalidation is in progress or failed (bsc#1012628). - atm: idt77252: fix use-after-free bugs caused by tst_timer (bsc#1012628). - tsnep: Fix tsnep_tx_unmap() error path usage (bsc#1012628). - xen/xenbus: fix return type in xenbus_file_read() (bsc#1012628). - nfp: ethtool: fix the display error of `ethtool -m DEVNAME` (bsc#1012628). - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (bsc#1012628). - tools build: Switch to new openssl API for test-libcrypto (bsc#1012628). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1012628). - tools/testing/cxl: Fix cxl_hdm_decode_init() calling convention (bsc#1012628). - vdpa_sim_blk: set number of address spaces and virtqueue groups (bsc#1012628). - vdpa_sim: use max_iotlb_entries as a limit in vhost_iotlb_init (bsc#1012628). - clk: imx93: Correct the edma1's parent clock (bsc#1012628). - ceph: don't leak snap_rwsem in handle_cap_grant (bsc#1012628). - tools/vm/slabinfo: use alphabetic order when two values are equal (bsc#1012628). - tools/testing/cxl: Fix decoder default state (bsc#1012628). - ceph: use correct index when encoding client supported features (bsc#1012628). - spi: dt-bindings: qcom,spi-geni-qcom: allow three interconnects (bsc#1012628). - dt-bindings: opp: opp-v2-kryo-cpu: Fix example binding checks (bsc#1012628). - spi: dt-bindings: zynqmp-qspi: add missing 'required' (bsc#1012628). - spi: dt-bindings: cadence: add missing 'required' (bsc#1012628). - dt-bindings: PCI: qcom: Fix reset conditional (bsc#1012628). - dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources (bsc#1012628). - dt-bindings: arm: qcom: fix MSM8994 boards compatibles (bsc#1012628). - dt-bindings: arm: qcom: fix MSM8916 MTP compatibles (bsc#1012628). - dt-bindings: arm: qcom: fix Longcheer L8150 compatibles (bsc#1012628). - dt-bindings: gpio: zynq: Add missing compatible strings (bsc#1012628). - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (bsc#1012628). - vsock: Fix memory leak in vsock_connect() (bsc#1012628). - plip: avoid rcu debug splat (bsc#1012628). - ipv6: do not use RT_TOS for IPv6 flowlabel (bsc#1012628). - mlx5: do not use RT_TOS for IPv6 flowlabel (bsc#1012628). - vxlan: do not use RT_TOS for IPv6 flowlabel (bsc#1012628). - geneve: do not use RT_TOS for IPv6 flowlabel (bsc#1012628). - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (bsc#1012628). - octeontx2-af: Fix key checking for source mac (bsc#1012628). - octeontx2-af: Fix mcam entry resource leak (bsc#1012628). - octeontx2-af: suppress external profile loading warning (bsc#1012628). - octeontx2-af: Apply tx nibble fixup always (bsc#1012628). - octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (bsc#1012628). - dt-bindings: input: iqs7222: Extend slider-mapped GPIO to IQS7222C (bsc#1012628). - dt-bindings: input: iqs7222: Correct bottom speed step size (bsc#1012628). - dt-bindings: input: iqs7222: Remove support for RF filter (bsc#1012628). - Input: iqs7222 - remove support for RF filter (bsc#1012628). - Input: iqs7222 - handle reset during ATI (bsc#1012628). - Input: iqs7222 - acknowledge reset before writing registers (bsc#1012628). - Input: iqs7222 - protect volatile registers (bsc#1012628). - Input: iqs7222 - fortify slider event reporting (bsc#1012628). - Input: iqs7222 - correct slider event disable logic (bsc#1012628). - Input: mt6779-keypad - match hardware matrix organization (bsc#1012628). - Input: exc3000 - fix return value check of wait_for_completion_timeout (bsc#1012628). - rtc: spear: set range max (bsc#1012628). - pinctrl: qcom: sm8250: Fix PDC map (bsc#1012628). - dt-bindings: pinctrl: mt8186: Add and use drive-strength-microamp (bsc#1012628). - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (bsc#1012628). - dt-bindings: pinctrl: mt8195: Add and use drive-strength-microamp (bsc#1012628). - dt-bindings: pinctrl: mt8195: Fix name for mediatek,rsel-resistance-in-si-unit (bsc#1012628). - pinctrl: amd: Don't save/restore interrupt status and wake status bits (bsc#1012628). - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (bsc#1012628). - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (bsc#1012628). - dt-bindings: pinctrl: mt8192: Use generic bias instead of pull-*-adv (bsc#1012628). - dt-bindings: pinctrl: mt8192: Add drive-strength-microamp (bsc#1012628). - pinctrl: renesas: rzg2l: Return -EINVAL for pins which have input disabled (bsc#1012628). - dt-bindings: arm: qcom: fix Alcatel OneTouch Idol 3 compatibles (bsc#1012628). - selftests: forwarding: Fix failing tests with old libnet (bsc#1012628). - net: atm: bring back zatm uAPI (bsc#1012628). - net: bgmac: Fix a BUG triggered by wrong bytes_compl (bsc#1012628). - net: dsa: felix: suppress non-changes to the tagging protocol (bsc#1012628). - net: phy: c45 baset1: do not skip aneg configuration if clock role is not specified (bsc#1012628). - net: bcmgenet: Indicate MAC is in charge of PHY PM (bsc#1012628). - net: phy: Warn about incorrect mdio_bus_phy_resume() state (bsc#1012628). - devlink: Fix use-after-free after a failed reload (bsc#1012628). - virtio-blk: Avoid use-after-free on suspend/resume (bsc#1012628). - virtio_net: fix memory leak inside XPD_TX with mergeable (bsc#1012628). - virtio: VIRTIO_HARDEN_NOTIFICATION is broken (bsc#1012628). - ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared (bsc#1012628). - SUNRPC: Don't reuse bvec on retransmission of the request (bsc#1012628). - SUNRPC: Reinitialise the backchannel request buffers before reuse (bsc#1012628). - SUNRPC: Fix xdr_encode_bool() (bsc#1012628). - sunrpc: fix expiry of auth creds (bsc#1012628). - m68k: coldfire/device.c: protect FLEXCAN blocks (bsc#1012628). - net: atlantic: fix aq_vec index out of range error (bsc#1012628). - can: j1939: j1939_session_destroy(): fix memory leak of skbs (bsc#1012628). - can: mcp251x: Fix race condition on receive interrupt (bsc#1012628). - bpf: Check the validity of max_rdwr_access for sock local storage map iterator (bsc#1012628). - bpf: Acquire map uref in .init_seq_private for sock{map,hash} iterator (bsc#1012628). - bpf: Acquire map uref in .init_seq_private for sock local storage map iterator (bsc#1012628). - bpf: Acquire map uref in .init_seq_private for hash map iterator (bsc#1012628). - bpf: Acquire map uref in .init_seq_private for array map iterator (bsc#1012628). - bpf: Don't reinit map value in prealloc_lru_pop (bsc#1012628). - bpf: Disallow bpf programs call prog_run command (bsc#1012628). - BPF: Fix potential bad pointer dereference in bpf_sys_bpf() (bsc#1012628). - selftests: mptcp: make sendfile selftest work (bsc#1012628). - mptcp: do not queue data on closed subflows (bsc#1012628). - mptcp: move subflow cleanup in mptcp_destroy_common() (bsc#1012628). - mptcp, btf: Add struct mptcp_sock definition when CONFIG_MPTCP is disabled (bsc#1012628). - NFSv4/pnfs: Fix a use-after-free bug in open (bsc#1012628). - NFSv4.1: RECLAIM_COMPLETE must handle EACCES (bsc#1012628). - NFSv4: Fix races in the legacy idmapper upcall (bsc#1012628). - NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (bsc#1012628). - NFSv4.1: Don't decrease the value of seq_nr_highest_sent (bsc#1012628). - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (bsc#1012628). - netfilter: nf_tables: fix crash when nf_trace is enabled (bsc#1012628). - Documentation: ACPI: EINJ: Fix obsolete example (bsc#1012628). - apparmor: Fix memleak in aa_simple_write_to_buffer() (bsc#1012628). - apparmor: fix reference count leak in aa_pivotroot() (bsc#1012628). - apparmor: fix overlapping attachment computation (bsc#1012628). - apparmor: fix setting unconfined mode on a loaded profile (bsc#1012628). - apparmor: fix aa_label_asxprint return check (bsc#1012628). - apparmor: Fix failed mount permission check error message (bsc#1012628). - apparmor: fix absroot causing audited secids to begin with = (bsc#1012628). - apparmor: fix quiet_denied for file rules (bsc#1012628). - can: ems_usb: fix clang's -Wunaligned-access warning (bsc#1012628). - dt-bindings: usb: mtk-xhci: Allow wakeup interrupt-names to be optional (bsc#1012628). - ALSA: hda: Fix crash due to jack poll in suspend (bsc#1012628). - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (bsc#1012628). - tracing: Have filter accept "common_cpu" to be consistent (bsc#1012628). - tracing/probes: Have kprobes and uprobes use $COMM too (bsc#1012628). - tracing/eprobes: Have event probes be consistent with kprobes and uprobes (bsc#1012628). - tracing/eprobes: Fix reading of string fields (bsc#1012628). - tracing/eprobes: Do not hardcode $comm as a string (bsc#1012628). - tracing/eprobes: Do not allow eprobes to use $stack, or % for regs (bsc#1012628). - tracing/perf: Fix double put of trace event when init fails (bsc#1012628). - x86/kprobes: Fix JNG/JNLE emulation (bsc#1012628). - cifs: Fix memory leak on the deferred close (bsc#1012628). - drm/i915: pass a pointer for tlb seqno at vma_invalidate_tlb() (bsc#1012628). - drm/i915/gt: Batch TLB invalidations (bsc#1012628). - drm/i915/gt: Skip TLB invalidations once wedged (bsc#1012628). - drm/i915/gt: Invalidate TLB of the OA unit at TLB invalidations (bsc#1012628). - drm/i915/gt: Ignore TLB invalidations on idle engines (bsc#1012628). - drm/amdgpu: change vram width algorithm for vram_info v3_0 (bsc#1012628). - btrfs: fix warning during log replay when bumping inode link count (bsc#1012628). - btrfs: fix lost error handling when looking up extended ref on log replay (bsc#1012628). - btrfs: reset RO counter on block group if we fail to relocate (bsc#1012628). - btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() (bsc#1012628). - mmc: meson-gx: Fix an error handling path in meson_mmc_probe() (bsc#1012628). - mmc: pxamci: Fix an error handling path in pxamci_probe() (bsc#1012628). - mmc: pxamci: Fix another error handling path in pxamci_probe() (bsc#1012628). - ata: libata-eh: Add missing command name (bsc#1012628). - s390/ap: fix crash on older machines based on QCI info missing (bsc#1012628). - drm/amd/display: Check correct bounds for stream encoder instances for DCN303 (bsc#1012628). - drm/amdgpu: Only disable prefer_shadow on hawaii (bsc#1012628). - drm/ttm: Fix dummy res NULL ptr deref bug (bsc#1012628). - drm/nouveau: recognise GA103 (bsc#1012628). - locking/atomic: Make test_and_*_bit() ordered on failure (bsc#1012628). - drm/i915/gem: Remove shared locking on freeing objects (bsc#1012628). - rds: add missing barrier to release_refill (bsc#1012628). - x86/mm: Use proper mask when setting PUD mapping (bsc#1012628). - KVM: Unconditionally get a ref to /dev/kvm module when creating a VM (bsc#1012628). - RDMA: Handle the return code from dma_resv_wait_timeout() properly (bsc#1012628). - ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU (bsc#1012628). - ALSA: info: Fix llseek return value when using callback (bsc#1012628). - commit 631b6cd ++++ libXau: - Update to version 1.0.10 * gitlab CI: add a basic build test * Fix spelling/wording issues * Autest.c: Fix -Wdiscarded-qualifiers warnings * Remove unnnecessary casts from malloc() and free() calls * XauReadAuth: move failure handling code to a common code block ++++ at-spi2-core: - Update to version 2.45.91: + Send device event controller events using the same signature as other events. + Document the Accessible, Action, and Cache dbus interfaces. + Fix license of atspi-gmain.c. - Add fdupes BuildRequires and macro, remove duplicate files. - Provide and Obsolete atk from libatk sub-package. ++++ schily: - Fix update-alternatives for rmt.1 ------------------------------------------------------------------ ------------------ 2022-8-26 - Aug 26 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.40.0: + During the build, stop relying on intltool for i18n and use gettext only. + Undeprecate nm_remote_connection_get_secrets() in libnm. + NetworkManager now will restart DHCP if the MAC changes on a device. - Drop intltool BuildRequires following upstream changes. - Refresh patches with quilt. - Stop passing dnssec_trigger=%{_libexecdir}/dnssec-trigger-script to meson, support dropped upstream. ++++ apparmor: - add profiles-permit-php-fpm-pid-files-directly-under-run.patch https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344) ++++ librsvg: - Update to version 2.55.0: + The Minimum Supported Rust Version (MSRV) is now Rust 1.58. + The release tarball no longer contains vendored Rust dependencies. Most distributions now have infrastructure to pull these themselves, so let's make the tarball smaller. + Accept patterns with userSpaceOnUse units for the stroke of axis-aligned lines. + Small reductions in memory consumption of the DOM tree. + Updates for the gtk-rs API. - Update to version 2.54.5: + Accept patterns with userSpaceOnUse units for the stroke of axis-aligned lines. ++++ llvm15: - Add llvm-lifetime-for-rust.patch to have Rust memory management functions considered as lifetime markers. This should aid dead store elimination to dynamically allocated memory in Rust code. ++++ libapparmor: - add profiles-permit-php-fpm-pid-files-directly-under-run.patch https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344) ++++ libcbor: - Install manual page in the correct man section ++++ nfs-utils: - sysconfig.nfs, nfs.conf: allow NFSv4 grace time to be set via sysconfig. SLE12 allowed this, SLE15 lost the ability. Add it back with the name NFSV4GRACETIME. Also improve description for NFSV4LEASETIME. (bsc#1202592) ++++ libssh: - Update to version 0.10.0 * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.0 - Removed 0001-Soften-behaviour-of-the-Compression-no-yes-option.patch ++++ selinux-policy: - Move SUSE directory from manual page section to html docu ------------------------------------------------------------------ ------------------ 2022-8-25 - Aug 25 2022 ------------------- ------------------------------------------------------------------ ++++ file: - Move magic files to /usr/share/file from /usr/share/misc, and then create symlinks from /usr/share/misc back to /usr/share/file as per FHS 3.0 ++++ glib2: - Add 99783e0408f8ae9628d2c7a30eb99806087da711.patch: gsocketclient: Fix passing NULL to g_task_get_cancellable(). Fix a regression from commit abddb42d14, where it could pass `NULL` to `g_task_get_cancellable()`, triggering a critical warning. This could happen because the lifetime of `data->task` is not as long as the lifetime of the `ConnectionAttempt`, but the code assumed it was. Fix the problem by keeping a strong ref to that `GCancellable` around until the `ConnectionAttempt` is finished being destroyed. ++++ kernel-default: - series.conf: cleanup - move recently added patches to "almost mainline" section - patches.suse/Revert-zram-remove-double-compression-logic.patch - patches.suse/ASoC-nau8821-Implement-hw-constraint-for-rates.patch - patches.suse/ASoC-nau8824-Fix-semaphore-unbalance-at-error-paths.patch - patches.suse/ASoC-nau8824-Implement-hw-constraint-for-rates.patch - patches.suse/ASoC-nau8825-Implement-hw-constraint-for-rates.patch - patches.suse/ASoC-nau8540-Implement-hw-constraint-for-rates.patch - commit 18ca0fb - Refresh USB type-C workaround patch (bsc#1202386) It landed in the upstream subsystem repo; also correct the bug reference - commit bf02544 - ASoC: nau8540: Implement hw constraint for rates (bsc#1201418). - ASoC: nau8825: Implement hw constraint for rates (bsc#1201418). - ASoC: nau8824: Implement hw constraint for rates (bsc#1201418). - ASoC: nau8824: Fix semaphore unbalance at error paths (bsc#1201418). - ASoC: nau8821: Implement hw constraint for rates (bsc#1201418). - commit ef72ecc ++++ libxml2: - Update to version 2.10.1: * Regressions: Fix xmlCtxtReadDoc with encoding * Bug fixes: Fix HTML parser with threads and --without-legacy * Build system: + Fix build with Python 3.10 + cmake: Disable version script on macOS + Remove Makefile rule to build testapi.c * Documentation: + Switch back to HTML output for API documentation + Port doc/examples/index.py to Python 3 + Fix order of exports in libxml2-api.xml + Remove libxml2-refs.xml ++++ osinfo-db: - Add support for openSUSE Leap 15.5, SLES 15.5, and SLE Micro 5.3 add-opensuse-leap-15.5-support.patch add-sle15sp5-support.patch add-slem5.3-support.patch ++++ pinentry: - update to 1.2.1: * qt: Support building with Qt 5.9. [T5592] * curses: Handle an error at curses initialization. [T5623] * curses: Specify fg/bg when an extention of Ncurses is not available. * qt: Fix translation of context menu entries. [T5786] * qt: Further improve the accessibility. [T5863] * qt: Fix moving focus to second input field when pressing Enter in first input field. [T5866] * qt: Update the cursor position when reformatting the text. [T5972] * qt: Use foreground raising code also with the confirm prompt. * Make the legacy qt4 version build again. [T5569] * Make sure an entered PIN is always cleared from memory. [T5977] * Build fixes for Windows. [T5893] ++++ libxml2-python: - Update to version 2.10.1: * Regressions: Fix xmlCtxtReadDoc with encoding * Bug fixes: Fix HTML parser with threads and --without-legacy * Build system: + Fix build with Python 3.10 + cmake: Disable version script on macOS + Remove Makefile rule to build testapi.c * Documentation: + Switch back to HTML output for API documentation + Port doc/examples/index.py to Python 3 + Fix order of exports in libxml2-api.xml + Remove libxml2-refs.xml ------------------------------------------------------------------ ------------------ 2022-8-24 - Aug 24 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - Add kdump-close.patch required by patches below. - Add kdump-refactor.patch and kdump-suse.patch to support SUSE kdump config management in cockpit. - Use a list of available brandings to include in cockpit-ws package instead of resolving by symlinks. ++++ fillup: - Makefile is not parallel-safe ++++ glibc: - nscd-netlink-cache-invalidation.patch: nscd: Fix netlink cache invalidation if epoll is used (boo#1199964, BZ #29415) ++++ kernel-default: - Update patches.kernel.org/5.19.2-1136-net_sched-cls_route-remove-from-list-when-han.patch references (add CVE-2022-2588 bsc#1202096). - Update patches.kernel.org/5.19.3-003-net_sched-cls_route-disallow-handle-of-0.patch references (add bsc#1202393). - commit cc8e6d6 ++++ jbigkit: - Makefile is not parallel-safe ++++ multipath-tools: - Update to version 0.9.0+55+suse.33d8854: * Avoid linking to libreadline to avoid licensing issue (bsc#1202616) ++++ ndctl: - Update to version 74 (jsc#PED-1080): * Many CXL fixes * Some build system fixes * monitor: Fix the monitor config file parsing * ndctl/bus: Handle missing scrub commands more gracefully * ndctl/dimm: Flush invalidated labels after overwrite - Remove upstreamed patch - ndctl-build-Fix-systemd-unit-directory-detection.patch - ndctl-meson-make-modprobedatadir-an-option.patch ++++ libtasn1: - libtasn1 4.19.0: * Clarify libtasn1.map license * Fix ETYPE_OK out of bounds read * Update gnulib files and various maintenance fixes ++++ libvirt: - spec: Suppress error messages about nonexistent or unreadable files from grep ++++ tcpd: - Makefile is not parallel-safe ------------------------------------------------------------------ ------------------ 2022-8-23 - Aug 23 2022 ------------------- ------------------------------------------------------------------ ++++ llvm15: - Don't declare python3-clang as noarch: Python packages are installed into %{_libdir}. ++++ libgcrypt: - FIPS: gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] * Add libgcrypt-out-of-core-handler.patch ++++ zlib: - Update to 1.2.12: * A lot of bug fixes * Improve speed of crc32 functions * Use ARM crc32 instructions if the ARM architecture has them For the complete changes, see ChangeLog - Fixes CVE-2022-37434, heap-based buffer over-read or buffer overflow in inflate.c via a large gzip header extra field (CVE-2022-37434, bsc#1202175) - Added patches: * zlib-1.2.11-covscan-issues-rhel9.patch * zlib-1.2.11-covscan-issues.patch * zlib-1.2.12-s390-vectorize-crc32.patch * zlib-1.2.12-optimized-crc32-power8.patch * zlib-1.2.12-IBM-Z-hw-accelerated-deflate-s390x.patch * zlib-1.2.12-fix-configure.patch * zlib-1.2.12-correct-inputs-provided-to-crc-func.patch * zlib-1.2.12-fix-CVE-2022-37434.patch * zlib-1.2.5-minizip-fixuncrypt.patch - Removed patches: * bsc1197459.patch (upstreamed) * zlib-power8-fate325307.patch (replaced by zlib-1.2.12-optimized-crc32-power8.patch) * bsc1174736-DFLTCC_LEVEL_MASK-set-to-0x1ff.patch (replaced by zlib-1.2.12-IBM-Z-hw-accelrated-deflate-s390x.patch) * 410.patch (replaced by zlib-1.2.12-IBM-Z-hw-accelrated-deflate-s390x.patch) - Refreshed patches: * zlib-format.patch * zlib-no-version-check.patch - Disable profiling since it breaks tests - Update zlib-rpmlintrc ++++ ovmf: - Removed patches in ovmf-bsc1196879-sev-fix.patch which are merged to edk2-stable202205: - OvmfPkg/AmdSev: reserve snp pages - de463163d9 edk2-stable202205-rc1~292 - OvmfPkg/ResetVector: cache the SEV status MSR value - 63c50d3ff2 edk2-stable202205-rc1~291 - OvmfPkg/BaseMemEncryptLib: use the SEV_STATUS MSR - f1d1c337e7 edk2-stable202205-rc1~290 ++++ xen: - Things are compiling fine now with gcc12. Drop gcc12-fixes.patch ------------------------------------------------------------------ ------------------ 2022-8-22 - Aug 22 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - update to 22.1.7: * fixes and cleanups all over the tree * most of the fixes are for zink * nice batch of fixes for the gallium dx9 frontend * some other fixes across the board ++++ Mesa-drivers: - update to 22.1.7: * fixes and cleanups all over the tree * most of the fixes are for zink * nice batch of fixes for the gallium dx9 frontend * some other fixes across the board ++++ boost-base: - ppc64le: added some new math libraries (bsc#1202594) ++++ cryptsetup: - cryptsetup 2.5.0: * Split manual pages into per-action pages and use AsciiDoc format. * Remove cryptsetup-reencrypt tool from the project and move reencryption to already existing "cryptsetup reencrypt" command. If you need to emulate the old cryptsetup-reencrypt binary, use simple wrappers script running "exec cryptsetup reencrypt $@". * LUKS2: implement --decryption option that allows LUKS removal. * Fix decryption operation with --active-name option and restrict it to be used only with LUKS2. * Do not refresh reencryption digest when not needed. This should speed up the reencryption resume process. * Store proper resilience data in LUKS2 reencrypt initialization. Resuming reencryption now does not require specification of resilience type parameters if these are the same as during initialization. * Properly wipe the unused area after reencryption with datashift in the forward direction. * Check datashift value against larger sector size. For example, it could cause an issue if misaligned 4K sector appears during decryption. * Do not allow sector size increase reencryption in offline mode. * Do not allow dangerous sector size change during reencryption. * Ask the user for confirmation before resuming reencryption. * Do not resume reencryption with conflicting parameters. * Add --force-offline-reencrypt option. * Do not allow nested encryption in LUKS reencrypt. * Support all options allowed with luksFormat with encrypt action. * Add resize action to integritysetup. * Remove obsolete dracut plugin reencryption example. * Fix possible keyslot area size overflow during conversion to LUKS2. * Allow use of --header option for cryptsetup close. * Fix activation of LUKS2 device with integrity and detached header. * Add ZEROOUT IOCTL support for crypt_wipe API call. * VERITY: set loopback sector size according to dm-verity block sizes. * veritysetup: dump device sizes. * LUKS2 token: prefer token PIN query before passphrase in some cases. When a user provides --token-type or specific --token-id, a token PIN query is preferred to a passphrase query. * LUKS2 token: allow tokens to be replaced with --token-replace option for cryptsetup token command. * LUKS2 token: do not continue operation when interrupted in PIN prompt. * Add --progress-json parameter to utilities. * Add support for --key-slot option in luksResume action. - move man pages to separate subpackage - drop backports handling ++++ transactional-update: - Version 4.0.1 - create_dirs_from_rpmdb: Just warn if no default SELinux context found [gh#openSUSE/transactional-update#88], [bsc#1188215] - create_dirs_from_rpmdb: Don't update the rpmdb cookie on failure [gh#openSUSE/transactional-update#88] - Handle directories owned by multiple packages [gh#openSUSE/transactional-update#90], [bsc#1188215] ++++ filesystem: - Revert last change, fr should be used like we do for all languages in all packages, no excpetion for xz with fr_FR. ++++ kernel-default: - scsi: sd: Revert "Rework asynchronous resume support" (rc1 testing). - commit 4aad010 - Update to 6.0-rc2 - drop upstreamed patch - patches.rpmify/kbuild-dummy-tools-pretend-we-understand-__LONG_DOUB.patch - refresh configs - commit 712f762 ++++ util-linux: - Update to version 2.38: * first release with translated util-linux man-pages * mount: new options --mkdir as shortcut for X-mount.mkdir * mount, libmount: new mount options X-mount.subdir= * lsfd: new command * dmesg: new option --json to print kernel log in JSON format * libfdisk: improved to set correct CHS addresses in MBR * fstrim: ignores all /ect/fstab entries with X-fstrim.notrim (jsc#SLE-17942) * hardlink: now supports reflinks and new option --method= * hwclock: new command line options --param-get and --param-set * irqtop: new option --cpu-stat * libblkid: supports zoned disks for btrfs * lsblk: new options --noempty to ignore all devices with zero size, and --zoned to print information about zones * mkswap: new option --quiet * nsenter: new option --wdns to change working directory within namespace * rename: new options --all and --last to replace all or last occurrences of expression rather than the first one * su: now resets RLIMIT_AS, RLIMIT_{NICE,RTPRIO}, RLIMIT_FSIZE and RLIMIT_NOFILE reourse limits. * unshare: new options --map-users= and --map-groups= to map block of group IDs; new option --map-auto to map the first block of user IDs owned by the effective user from /etc/subuid * wdctl: new options --setpregovernor to set pre-timeout governor name, and --setpretimeout to set watchdog pre-timeout in seconds * Many other new features and fixes. For the complete list see https://www.kernel.org/pub/linux/utils/util-linux/v2.38/v2.38-ReleaseNotes - Changed packaging style from multi spec build to multibuild with python multi-flavor build (PED-1007). Advantages: * Easily prevents bootstrap build loops. * No artificial package splitting needed any more. * Less complicated spec file. * Can run full test suite. * python*-libmount available for more python versions. * Enable asciidoctor to build documentation. * Enable support for libmagic. * Turn technically incorrect Recommends to Requires. - Fix rpmling warning by setting attr for clock.txt ghost file. - Drop upstreamed util-linux-sulogin4bsc1175514.patch ++++ ncurses: - Add ncurses patch 20220820 + fix some cppcheck warnings, mostly style, in ncurses and c++ libraries and progs directory. + add curses_trace to ifdef's for START_TRACE in test/test.priv.h + update config.guess ++++ nghttp2: - update to 1.49.0: * https://nghttp2.org/blog/2022/08/22/nghttp2-v1-49-0/ ++++ shadow: - Update to 4.12.3: Revert removal of subid_init, which should have bumped soname. So note that 4.12 through 4.12.2 were broken for subid users. ++++ python-immutables: - Don't do mypy static type checking of the sources in order to avoid mypy in Ring1. The functionality of the binary rpm package is not affected by properly typed python sources. - Remove obsolete setup.py sed fix - Don't catchall sitearch files in %files section ++++ python-urllib3: - update to 1.26.12: * Deprecated the `urllib3[secure]` extra and the `urllib3.contrib.pyopenssl` module. Both will be removed in v2.x. See this `GitHub issue `_ for justification and info on how to migrate. ++++ trousers: - BuildRequire pkkconfig(udev) instead of udev: allow OBS to shortcut through the -mini flavors. ++++ util-linux-systemd: - Update to version 2.38: * first release with translated util-linux man-pages * mount: new options --mkdir as shortcut for X-mount.mkdir * mount, libmount: new mount options X-mount.subdir= * lsfd: new command * dmesg: new option --json to print kernel log in JSON format * libfdisk: improved to set correct CHS addresses in MBR * fstrim: ignores all /ect/fstab entries with X-fstrim.notrim (jsc#SLE-17942) * hardlink: now supports reflinks and new option --method= * hwclock: new command line options --param-get and --param-set * irqtop: new option --cpu-stat * libblkid: supports zoned disks for btrfs * lsblk: new options --noempty to ignore all devices with zero size, and --zoned to print information about zones * mkswap: new option --quiet * nsenter: new option --wdns to change working directory within namespace * rename: new options --all and --last to replace all or last occurrences of expression rather than the first one * su: now resets RLIMIT_AS, RLIMIT_{NICE,RTPRIO}, RLIMIT_FSIZE and RLIMIT_NOFILE reourse limits. * unshare: new options --map-users= and --map-groups= to map block of group IDs; new option --map-auto to map the first block of user IDs owned by the effective user from /etc/subuid * wdctl: new options --setpregovernor to set pre-timeout governor name, and --setpretimeout to set watchdog pre-timeout in seconds * Many other new features and fixes. For the complete list see https://www.kernel.org/pub/linux/utils/util-linux/v2.38/v2.38-ReleaseNotes - Changed packaging style from multi spec build to multibuild with python multi-flavor build (PED-1007). Advantages: * Easily prevents bootstrap build loops. * No artificial package splitting needed any more. * Less complicated spec file. * Can run full test suite. * python*-libmount available for more python versions. * Enable asciidoctor to build documentation. * Enable support for libmagic. * Turn technically incorrect Recommends to Requires. - Fix rpmling warning by setting attr for clock.txt ghost file. - Drop upstreamed util-linux-sulogin4bsc1175514.patch ------------------------------------------------------------------ ------------------ 2022-8-21 - Aug 21 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Linux 5.19.3 (bsc#1012628). - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1012628). - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1012628). - btrfs: raid56: don't trust any cached sector in __raid56_parity_recover() (bsc#1012628). - btrfs: only write the sectors in the vertical stripe which has data stripes (bsc#1012628). - net_sched: cls_route: disallow handle of 0 (bsc#1012628). - tee: add overflow check in register_shm_helper() (bsc#1012628). - Revert "mm: kfence: apply kmemleak_ignore_phys on early allocated pool" (bsc#1012628). - commit 0140109 ++++ gcc12: - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ------------------------------------------------------------------ ------------------ 2022-8-20 - Aug 20 2022 ------------------- ------------------------------------------------------------------ ++++ sudo: - Update to 1.9.11p3: * Changes in Sudo 1.9.11 * Fixed a crash in the Python module with Python 3.9.10 on some systems. Additionally, make check now passes for Python 3.9.10. * Error messages sent via email now include more details, including the file name and the line number and column of the error. Multiple errors are sent in a single message. Previously, only the first error was included. * Fixed logging of parse errors in JSON format. Previously, the JSON logger would not write entries unless the command and runuser were set. These may not be known at the time a parse error is encountered. * Fixed a potential crash parsing sudoers lines larger than twice the value of LINE_MAX on systems that lack the getdelim() function. * The tests run by make check now unset the LANGUAGE environment variable. Otherwise, localization strings will not match if LANGUAGE is set to a non-English locale. Bug #1025. * The “starttime” test now passed when run under Debian faketime. Bug #1026. * The Kerberos authentication module now honors the custom password prompt if one has been specified. * The embedded copy of zlib has been updated to version 1.2.12. * Updated the version of libtool used by sudo to version 2.4.7. * Sudo now defines _TIME_BITS to 64 on systems that define __TIMESIZE in the header files (currently only GNU libc). This is required to allow the use of 64-bit time values on some 32-bit systems. * Sudo’s intercept and log_subcmds options no longer force the command to run in its own pseudo-terminal. It is now also possible to intercept the system(3) function. * Fixed a bug in sudo_logsrvd when run in store-first relay mode where the commit point messages sent by the server were incorrect if the command was suspended or received a window size change event. * Fixed a potential crash in sudo_logsrvd when the tls_dhparams configuration setting was used. * The intercept and log_subcmds functionality can now use ptrace(2) on Linux systems that support seccomp(2) filtering. This has the advantage of working for both static and dynamic binaries and can work with sudo’s SELinux RBAC mode. The following architectures are currently supported: i386, x86_64, aarch64, arm, mips (log_subcmds only), powerpc, riscv, and s390x. The default is to use ptrace(2) where possible; the new intercept_type sudoers setting can be used to explicitly set the type. * New Georgian translation from translationproject.org. * Fixed creating packages on CentOS Stream. * Fixed a bug in the intercept and log_subcmds support where the execve(2) wrapper was using the current environment instead of the passed environment pointer. Bug #1030. * Added AppArmor integration for Linux. A sudoers rule can now specify an APPARMOR_PROFILE option to run a command confined by the named AppArmor profile. * Fixed parsing of the server_log setting in sudo_logsrvd.conf. Non-paths were being treated as paths and an actual path was treated as an error. * Changes in Sudo 1.9.11p1: * Correctly handle EAGAIN in the I/O read/right events. This fixes a hang seen on some systems when piping a large amount of data through sudo, such as via rsync. Bug #963. * Changes to avoid implementation or unspecified behavior when bit shifting signed values in the protobuf library. * Fixed a compilation error on Linux/aarch64. * Fixed the configure check for seccomp(2) support on Linux. * Corrected the EBNF specification for tags in the sudoers manual page. GitHub issue #153. * Changes in Sudo 1.9.11p2: * Fixed a compilation error on Linux/x86_64 with the x32 ABI. * Fixed a regression introduced in 1.9.11p1 that caused a warning when logging to sudo_logsrvd if the command returned no output. * Changes in Sudo 1.9.11p3: * Fixed “connection reset” errors on AIX when running shell scripts with the intercept or log_subcmds sudoers options enabled. Bug #1034. * Fixed very slow execution of shell scripts when the intercept or log_subcmds sudoers options are set on systems that enable Nagle’s algorithm on the loopback device, such as AIX. Bug #1034. * Modified sudo-sudoers.patch - Added sudo-1.9.10-update_sudouser_to_utf8.patch * [bsc#1197998] * Enable sudouser LDAP schema to use UTF-8 encodings. * Sourced from https://github.com/sudo-project/sudo/pull/163 * Credit to William Brown, william.brown@suse.com ++++ tar: - drop tar-recursive--files-from.patch (causes bsc#918487) ------------------------------------------------------------------ ------------------ 2022-8-19 - Aug 19 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - skip code linting for packaging * removes pyflakes from the build requirements and thus Ring1 * see also https://gitlab.com/apparmor/apparmor/-/issues/121 ++++ docker-compose: - Update to version 2.10.0: * Fix breaking test * Update docs for new `compose kill` `--remove-orphans` option * Apply compose model on `compose kill`, add `--remove-orphans` * Code formatting * Give environment variables precedence back to OS over .env * Reset the DockerCli and APIClient after loading the environment file * up/start/run: don't wait for disabled service * create: pull all services logic out of loop; add DependsOn deps * build(deps): bump github.com/mattn/go-isatty from 0.0.14 to 0.0.16 (#9754) * build windows/arm64 and linux/riscv64 binaries * ci: fix checksums file * Use compose to pull image twice * root: filter out commandConn.Close* warning message * Use alpine:3.13.12 to be unique across the test cases * readme: fix badges * Fix package name * Try changing package used to avoid any race condition in tests * Better sandboxed workflow and enhanced cross compilation * build(deps): bump github.com/containerd/containerd from 1.6.7 to 1.6.8 * make compose pull tests more expressive * lint: add `nolintlint` and clean up `nolint` directives (#9738) * lint: run gofmt from Go 1.19 (#9728) * don't apply default pull policy from command line if one is define in service configuration * build(deps): bump github.com/containerd/containerd from 1.6.6 to 1.6.7 * update Docker CLI version use in CI to v20.10.17 * fix version of golangci-lint to v1.47.3, issue with v1.48.0 for now * build(deps): bump github.com/cnabio/cnab-to-oci from 0.3.5 to 0.3.6 * config: use correct YAML marshal func (#9712) * docs: remove extra whitespaces in help text (#9710) * ci: use latest stable dockerfile syntax & rename docs Dockerfile (#9711) * Change `projectOrName()` to check COMPOSE_PROJECT_NAME env var * Filter `compose ps` output by provided compose model * Add E2E tests for `compose stop` with compose file * if command is ran with a compose file, apply the compose model, not just project name * up: do not stop dependency containers (#9701) * config: case-insensitive env vars on Windows (#9438) * build: upgrade BuildKit & docker/distribution * build: bump to Go 1.18.5 * update usage strings for consistency * remove unused workflows, especially the pr-closed which always failed * Fix breaking TestComposePull test case * Avoid pulling same images multiple times ⚡️ ++++ kernel-default: - Revert "usb: typec: ucsi: add a common function ucsi_unregister_connectors()" (bsc#120238). - commit 46d0607 ++++ libapparmor: - skip code linting for packaging * removes pyflakes from the build requirements and thus Ring1 * see also https://gitlab.com/apparmor/apparmor/-/issues/121 ++++ lttng-ust: - Update to version 2.13.3: * Document ust lock async-signal-safety. * Fix: don't use strerror() from ust lock nocheck. * Fix: remove non-async-signal-safe fflush from ERR(). * Fix: Pointers are rejected by integer element compile time assertion for array and sequence. * Fix: statedump: invalid read during iter_end. * Fix: bytecode interpreter context_get_index() leaves byte order uninitialised. ++++ shadow: - Update to 4.12.2: * Address CVE-2013-4235 (TOCTTOU when copying directories) [bsc#916845] - Refresh useradd-userkeleton.patch: LSTAT() was removed with https://github.com/shadow-maint/shadow/pull/545 Let's use fstatat() now. ++++ libtirpc: - update to 1.3.3 (bsc#1201680, CVE-2021-46828): * Fix DoS vulnerability in libtirpc * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr * rpcb_clnt.c add mechanism to try v2 protocol first * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c - drop 0001-Fix-DoS-vulnerability-in-libtirpc.patch (upstream) ++++ userspace-rcu: - Update to version 0.13.2: * Revert "Fix: remove type constness in URCU_FORCE_CAST's C++ version". * Fix: futex.h: include headers outside extern C. * Fix: add missing unused attribute to _rcu_dereference. * Fix: change method used by _rcu_dereference to strip type constness. * Fix: remove type constness in URCU_FORCE_CAST's C++ version. * Move extern "C" down in include/urcu/urcu-bp.h. * Fix: ifdef linux specific cpu count compat. * Set git-review branch to stable-0.13. * Fix: sysconf(_SC_NPROCESSORS_CONF) can be less than max cpu id. * Fix: revise obsolete command in README.md. * Fix: workqueue: remove unused variable "ret". * Fix: futex wait: handle spurious futex wakeups. * Fix: Use %lu rather than %ld to print count. ++++ libvirt: - spec: Place 'Requires:' on compression binaries instead of their associated packages boo#1202569 ++++ python-pbr: - update to 5.10.0: * Specify Changelog procedure * Allow leading spaces when determining symbols * Adding python classifiers py38 & py39 ------------------------------------------------------------------ ------------------ 2022-8-18 - Aug 18 2022 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 057+suse.309.gb71946f6: * fix(dracut-initramfs-restore.sh): hide unpack errors (bsc#1199341) * chore(suse): remove suse-module-tools build requirement * fix(suse-initrd): always check that MACHINE_ID is not empty (bsc#1201780) ++++ grub2: - Fix tpm error stop tumbleweed from booting (bsc#1202374) * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch - Patch Removed * 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch ++++ kernel-default: - Update config files (bsc#1201361 bsc#1192968 https://github.com/rear/rear/issues/2554). ppc64: NVRAM=y - commit e3d4124 - Update config files: CONFIG_SPI_AMD=m on x86 (bsc#1201418) - commit 017ef8a - Workaround for missing HD-audio on AMD platforms (bsc#1202492). - commit 60e6173 - Linux 5.19.2 (bsc#1012628). - Revert "pNFS: nfs3_set_ds_client should set NFS_CS_NOPING" (bsc#1012628). - scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" (bsc#1012628). - pNFS/flexfiles: Report RDMA connection errors to the server (bsc#1012628). - nfsd: eliminate the NFSD_FILE_BREAK_* flags (bsc#1012628). - ALSA: usb-audio: Add quirk for Behringer UMC202HD (bsc#1012628). - ALSA: bcd2000: Fix a UAF bug on the error path of probing (bsc#1012628). - ALSA: hda/realtek: Add quirk for Clevo NV45PZ (bsc#1012628). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (bsc#1012628). - ALSA: hda/realtek: Add quirk for Lenovo Yoga9 14IAP7 (bsc#1012628). - ASoC: amd: yc: Update DMI table entries (bsc#1012628). - hwmon: (nct6775) Fix platform driver suspend regression (bsc#1012628). - wifi: mac80211_hwsim: fix race condition in pending packet (bsc#1012628). - wifi: mac80211_hwsim: add back erroneously removed cast (bsc#1012628). - wifi: mac80211_hwsim: use 32-bit skb cookie (bsc#1012628). - add barriers to buffer_uptodate and set_buffer_uptodate (bsc#1012628). - lockd: detect and reject lock arguments that overflow (bsc#1012628). - HID: hid-input: add Surface Go battery quirk (bsc#1012628). - HID: nintendo: Add missing array termination (bsc#1012628). - HID: wacom: Only report rotation for art pen (bsc#1012628). - HID: wacom: Don't register pad_input for touch switch (bsc#1012628). - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (bsc#1012628). - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (bsc#1012628). - KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 (bsc#1012628). - KVM: s390: pv: don't present the ecall interrupt twice (bsc#1012628). - KVM: Drop unused @gpa param from gfn=>pfn cache's __release_gpc() helper (bsc#1012628). - KVM: Put the extra pfn reference when reusing a pfn in the gpc cache (bsc#1012628). - KVM: Fully serialize gfn=>pfn cache refresh via mutex (bsc#1012628). - KVM: Fix multiple races in gfn=>pfn cache refresh (bsc#1012628). - KVM: Do not incorporate page offset into gfn=>pfn cache user address (bsc#1012628). - KVM: x86: Split kvm_is_valid_cr4() and export only the non-vendor bits (bsc#1012628). - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (bsc#1012628). - KVM: nVMX: Account for KVM reserved CR4 bits in consistency checks (bsc#1012628). - KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4 (bsc#1012628). - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (bsc#1012628). - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (bsc#1012628). - KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT (bsc#1012628). - KVM: SVM: Disable SEV-ES support if MMIO caching is disable (bsc#1012628). - KVM: x86: Tag kvm_mmu_x86_module_init() with __init (bsc#1012628). - KVM: x86/mmu: Fully re-evaluate MMIO caching when SPTE masks change (bsc#1012628). - KVM: x86: do not report preemption if the steal time cache is stale (bsc#1012628). - KVM: x86: revalidate steal time cache if MSR value changes (bsc#1012628). - KVM: x86/xen: Initialize Xen timer only once (bsc#1012628). - KVM: x86/xen: Stop Xen timer before changing IRQ (bsc#1012628). - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (bsc#1012628). - ALSA: hda/cirrus - support for iMac 12,1 model (bsc#1012628). - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (bsc#1012628). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (bsc#1012628). - LoongArch: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK (bsc#1012628). - tty: 8250: Add support for Brainboxes PX cards (bsc#1012628). - tty: vt: initialize unicode screen buffer (bsc#1012628). - vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1012628). - fs: Add missing umask strip in vfs_tmpfile (bsc#1012628). - thermal: sysfs: Fix cooling_device_stats_setup() error code path (bsc#1012628). - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (bsc#1012628). - fbcon: Fix accelerated fbdev scrolling while logo is still shown (bsc#1012628). - usbnet: Fix linkwatch use-after-free on disconnect (bsc#1012628). - usbnet: smsc95xx: Fix deadlock on runtime resume (bsc#1012628). - fix short copy handling in copy_mc_pipe_to_iter() (bsc#1012628). - crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak (bsc#1012628). - ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh() (bsc#1012628). - parisc: Fix device names in /proc/iomem (bsc#1012628). - parisc: Drop pa_swapper_pg_lock spinlock (bsc#1012628). - parisc: Check the return value of ioremap() in lba_driver_probe() (bsc#1012628). - parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode (bsc#1012628). - riscv:uprobe fix SR_SPIE set/clear handling (bsc#1012628). - riscv: lib: uaccess: fix CSR_STATUS SR_SUM bit (bsc#1012628). - dt-bindings: riscv: fix SiFive l2-cache's cache-sets (bsc#1012628). - riscv: dts: starfive: correct number of external interrupts (bsc#1012628). - RISC-V: cpu_ops_spinwait.c should include head.h (bsc#1012628). - RISC-V: Declare cpu_ops_spinwait in (bsc#1012628). - RISC-V: kexec: Fixup use of smp_processor_id() in preemptible context (bsc#1012628). - RISC-V: Fixup get incorrect user mode PC for kernel mode regs (bsc#1012628). - RISC-V: Fixup schedule out issue in machine_crash_shutdown() (bsc#1012628). - RISC-V: Add modules to virtual kernel memory layout dump (bsc#1012628). - RISC-V: Fix counter restart during overflow for RV32 (bsc#1012628). - RISC-V: Fix SBI PMU calls for RV32 (bsc#1012628). - RISC-V: Update user page mapping only once during start (bsc#1012628). - wireguard: selftests: set CONFIG_NONPORTABLE on riscv32 (bsc#1012628). - rtc: rx8025: fix 12/24 hour mode detection on RX-8035 (bsc#1012628). - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (bsc#1012628). - drm/shmem-helper: Add missing vunmap on error (bsc#1012628). - drm/vc4: hdmi: Disable audio if dmas property is present but empty (bsc#1012628). - drm/ingenic: Use the highest possible DMA burst size (bsc#1012628). - drm/fb-helper: Fix out-of-bounds access (bsc#1012628). - drm/hyperv-drm: Include framebuffer and EDID headers (bsc#1012628). - drm/dp/mst: Read the extended DPCD capabilities during system resume (bsc#1012628). - drm/nouveau: fix another off-by-one in nvbios_addr (bsc#1012628). - drm/nouveau: Don't pm_runtime_put_sync(), only pm_runtime_put_autosuspend() (bsc#1012628). - drm/nouveau/acpi: Don't print error when we get -EINPROGRESS from pm_runtime (bsc#1012628). - drm/nouveau/kms: Fix failure path for creating DP connectors (bsc#1012628). - drm/tegra: Fix vmapping of prime buffers (bsc#1012628). - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (bsc#1012628). - bpf: Fix KASAN use-after-free Read in compute_effective_progs (bsc#1012628). - btrfs: reject log replay if there is unsupported RO compat flag (bsc#1012628). - mtd: rawnand: arasan: Fix clock rate in NV-DDR (bsc#1012628). - mtd: rawnand: arasan: Update NAND bus clock instead of system clock (bsc#1012628). - um: Remove straying parenthesis (bsc#1012628). - um: seed rng using host OS rng (bsc#1012628). - iio: fix iio_format_avail_range() printing for none IIO_VAL_INT (bsc#1012628). - iio: light: isl29028: Fix the warning in isl29028_remove() (bsc#1012628). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1012628). - scsi: sg: Allow waiting for commands to complete on removed device (bsc#1012628). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1012628). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1012628). - soundwire: qcom: Check device status before reading devid (bsc#1012628). - ksmbd: fix memory leak in smb2_handle_negotiate (bsc#1012628). - ksmbd: prevent out of bound read for SMB2_TREE_CONNNECT (bsc#1012628). - ksmbd: prevent out of bound read for SMB2_WRITE (bsc#1012628). - ksmbd: fix use-after-free bug in smb2_tree_disconect (bsc#1012628). - ksmbd: fix heap-based overflow in set_ntacl_dacl() (bsc#1012628). - fuse: limit nsec (bsc#1012628). - fuse: ioctl: translate ENOSYS (bsc#1012628). - fuse: write inode in fuse_release() (bsc#1012628). - fuse: fix deadlock between atomic O_TRUNC and page invalidation (bsc#1012628). - serial: mvebu-uart: uart2 error bits clearing (bsc#1012628). - md-raid: destroy the bitmap after destroying the thread (bsc#1012628). - md-raid10: fix KASAN warning (bsc#1012628). - mbcache: don't reclaim used entries (bsc#1012628). - mbcache: add functions to delete entry if unused (bsc#1012628). - media: isl7998x: select V4L2_FWNODE to fix build error (bsc#1012628). - media: [PATCH] pci: atomisp_cmd: fix three missing checks on list iterator (bsc#1012628). - ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() (bsc#1012628). - powerpc: Restore CONFIG_DEBUG_INFO in defconfigs (bsc#1012628). - powerpc/64e: Fix early TLB miss with KUAP (bsc#1012628). - powerpc/fsl-pci: Fix Class Code of PCIe Root Port (bsc#1012628). - powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E (bsc#1012628). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1012628). - MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK (bsc#1012628). - coresight: Clear the connection field properly (bsc#1012628). - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (bsc#1012628). - USB: HCD: Fix URB giveback issue in tasklet function (bsc#1012628). - Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" (bsc#1012628). - ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC (bsc#1012628). - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (bsc#1012628). - usb: dwc3: gadget: refactor dwc3_repare_one_trb (bsc#1012628). - usb: dwc3: gadget: fix high speed multiplier setting (bsc#1012628). - netfilter: nf_tables: do not allow SET_ID to refer to another table (bsc#1012628). - netfilter: nf_tables: do not allow CHAIN_ID to refer to another table (bsc#1012628). - netfilter: nf_tables: do not allow RULE_ID to refer to another chain (bsc#1012628). - netfilter: nf_tables: upfront validation of data via nft_data_init() (bsc#1012628). - netfilter: nf_tables: disallow jump to implicit chain from set element (bsc#1012628). - netfilter: nf_tables: fix null deref due to zeroed list head (bsc#1012628). - epoll: autoremove wakers even more aggressively (bsc#1012628). - x86: Handle idle=nomwait cmdline properly for x86_idle (bsc#1012628). - arch: make TRACE_IRQFLAGS_NMI_SUPPORT generic (bsc#1012628). - arm64: kasan: do not instrument stacktrace.c (bsc#1012628). - arm64: stacktrace: use non-atomic __set_bit (bsc#1012628). - arm64: Do not forget syscall when starting a new thread (bsc#1012628). - arm64: fix oops in concurrently setting insn_emulation sysctls (bsc#1012628). - arm64: kasan: Revert "arm64: mte: reset the page tag in page->flags" (bsc#1012628). - arm64: errata: Remove AES hwcap for COMPAT tasks (bsc#1012628). - ext2: Add more validity checks for inode counts (bsc#1012628). - sched/fair: Introduce SIS_UTIL to search idle CPU based on sum of util_avg (bsc#1012628). - genirq: Don't return error on missing optional irq_request_resources() (bsc#1012628). - irqchip/mips-gic: Only register IPI domain when SMP is enabled (bsc#1012628). - genirq: GENERIC_IRQ_IPI depends on SMP (bsc#1012628). - sched/fair: fix case with reduced capacity CPU (bsc#1012628). - sched/core: Always flush pending blk_plug (bsc#1012628). - irqchip/mips-gic: Check the return value of ioremap() in gic_of_init() (bsc#1012628). - ARM: dts: imx6ul: add missing properties for sram (bsc#1012628). - ARM: dts: imx6ul: change operating-points to uint32-matrix (bsc#1012628). - ARM: dts: imx6ul: fix keypad compatible (bsc#1012628). - ARM: dts: imx6ul: fix csi node compatible (bsc#1012628). - ARM: dts: imx6ul: fix lcdif node compatible (bsc#1012628). - ARM: dts: imx6ul: fix qspi node compatible (bsc#1012628). - ARM: dts: BCM5301X: Add DT for Meraki MR26 (bsc#1012628). - ARM: dts: ux500: Fix Janice accelerometer mounting matrix (bsc#1012628). - ARM: dts: ux500: Fix Codina accelerometer mounting matrix (bsc#1012628). - ARM: dts: ux500: Fix Gavini accelerometer mounting matrix (bsc#1012628). - arm64: dts: qcom: timer should use only 32-bit size (bsc#1012628). - spi: synquacer: Add missing clk_disable_unprepare() (bsc#1012628). - ARM: OMAP2+: display: Fix refcount leak bug (bsc#1012628). - ARM: OMAP2+: pdata-quirks: Fix refcount leak bug (bsc#1012628). - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (bsc#1012628). - ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk (bsc#1012628). - ACPI: PM: save NVS memory for Lenovo G40-45 (bsc#1012628). - ACPI: LPSS: Fix missing check in register_device_clock() (bsc#1012628). - ARM: dts: qcom: sdx55: Fix the IRQ trigger type for UART (bsc#1012628). - arm64: dts: qcom: sc7280: Rename sar sensor labels (bsc#1012628). - arm64: dts: qcom: add missing AOSS QMP compatible fallback (bsc#1012628). - arm64: dts: qcom: ipq8074: fix NAND node name (bsc#1012628). - arm64: dts: allwinner: a64: orangepi-win: Fix LED node name (bsc#1012628). - ARM: shmobile: rcar-gen2: Increase refcount for new reference (bsc#1012628). - firmware: tegra: Fix error check return value of debugfs_create_file() (bsc#1012628). - hwmon: (dell-smm) Add Dell XPS 13 7390 to fan control whitelist (bsc#1012628). - PM: EM: convert power field to micro-Watts precision and align drivers (bsc#1012628). - ACPI: video: Use native backlight on Dell Inspiron N4010 (bsc#1012628). - hwmon: (sht15) Fix wrong assumptions in device remove callback (bsc#1012628). - PM: hibernate: defer device probing when resuming from hibernation (bsc#1012628). - selinux: fix memleak in security_read_state_kernel() (bsc#1012628). - selinux: Add boundary check in put_entry() (bsc#1012628). - io_uring: fix io_uring_cqe_overflow trace format (bsc#1012628). - kasan: test: Silence GCC 12 warnings (bsc#1012628). - wait: Fix __wait_event_hrtimeout for RT/DL tasks (bsc#1012628). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (bsc#1012628). - arm64: dts: renesas: beacon: Fix regulator node names (bsc#1012628). - spi: spi-altera-dfl: Fix an error handling path (bsc#1012628). - ARM: bcm: Fix refcount leak in bcm_kona_smc_init (bsc#1012628). - ACPI: processor/idle: Annotate more functions to live in cpuidle section (bsc#1012628). - ARM: dts: imx7d-colibri-emmc: add cpu1 supply (bsc#1012628). - ARM: dts: imx7-colibri: overhaul display/touch functionality (bsc#1012628). - ARM: dts: imx7-colibri: add usb dual-role switching using extcon (bsc#1012628). - ARM: dts: imx7-colibri: improve wake-up with gpio key (bsc#1012628). - ARM: dts: imx7-colibri: move aliases, chosen, extcon and gpio-keys (bsc#1012628). - ARM: dts: imx7-colibri-eval-v3: correct can controller comment (bsc#1012628). - soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values (bsc#1012628). - soc: amlogic: Fix refcount leak in meson-secure-pwrc.c (bsc#1012628). - arm64: dts: renesas: Fix thermal-sensors on single-zone sensors (bsc#1012628). - Revert "ARM: dts: imx6qdl-apalis: Avoid underscore in node name" (bsc#1012628). - x86/pmem: Fix platform-device leak in error path (bsc#1012628). - ARM: dts: ast2500-evb: fix board compatible (bsc#1012628). - ARM: dts: ast2600-evb: fix board compatible (bsc#1012628). - ARM: dts: ast2600-evb-a1: fix board compatible (bsc#1012628). - arm64: dts: mt8192: Fix idle-states nodes naming scheme (bsc#1012628). - arm64: dts: mt8192: Fix idle-states entry-method (bsc#1012628). - arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (bsc#1012628). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (bsc#1012628). - locking/lockdep: Fix lockdep_init_map_*() confusion (bsc#1012628). - arm64: dts: qcom: sc7180: Remove ipa_fw_mem node on trogdor (bsc#1012628). - soc: fsl: guts: machine variable might be unset (bsc#1012628). - spi: s3c64xx: constify fsd_spi_port_config (bsc#1012628). - block: fix infinite loop for invalid zone append (bsc#1012628). - arm64: dts: qcom: sdm845-akatsuki: Round down l22a regulator voltage (bsc#1012628). - ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg (bsc#1012628). - ARM: OMAP2+: Fix refcount leak in omapdss_init_of (bsc#1012628). - ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init (bsc#1012628). - arm64: dts: qcom: sdm630: disable GPU by default (bsc#1012628). - arm64: dts: qcom: sdm630: fix the qusb2phy ref clock (bsc#1012628). - arm64: dts: qcom: sdm630: fix gpu's interconnect path (bsc#1012628). - arm64: dts: qcom: sdm636-sony-xperia-ganges-mermaid: correct sdc2 pinconf (bsc#1012628). - cpufreq: zynq: Fix refcount leak in zynq_get_revision (bsc#1012628). - arm64: dts: renesas: r8a779m8: Drop operating points above 1.5 GHz (bsc#1012628). - arm64: dts: renesas: r9a07g054l2-smarc: Correct SoC name in comment (bsc#1012628). - regulator: qcom_smd: Fix pm8916_pldo range (bsc#1012628). - ACPI: APEI: Fix _EINJ vs EFI_MEMORY_SP (bsc#1012628). - ARM: dts: qcom: replace gcc PXO with pxo_board fixed clock (bsc#1012628). - ARM: dts: qcom-msm8974: fix irq type on blsp2_uart1 (bsc#1012628). - soc: qcom: ocmem: Fix refcount leak in of_get_ocmem (bsc#1012628). - soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register (bsc#1012628). - ARM: dts: qcom: msm8974: add required ranges to OCMEM (bsc#1012628). - ARM: dts: qcom: pm8841: add required thermal-sensor-cells (bsc#1012628). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (bsc#1012628). - lib: overflow: Do not define 64-bit tests on 32-bit (bsc#1012628). - stack: Declare {randomize_,}kstack_offset to fix Sparse warnings (bsc#1012628). - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node (bsc#1012628). - arm64: dts: qcom: msm8994: add required ranges to OCMEM (bsc#1012628). - perf/x86/intel: Fix PEBS memory access info encoding for ADL (bsc#1012628). - perf/x86/intel: Fix PEBS data source encoding for ADL (bsc#1012628). - arm64: dts: exynosautov9: correct spi11 pin names (bsc#1012628). - ACPI: VIOT: Fix ACS setup (bsc#1012628). - m68k: virt: Fix missing platform_device_unregister() on error in virt_platform_init() (bsc#1012628). - arm64: dts: qcom: sm6125: Move sdc2 pinctrl from seine-pdx201 to sm6125 (bsc#1012628). - arm64: dts: qcom: sm6125: Append -state suffix to pinctrl nodes (bsc#1012628). - arm64: dts: qcom: msm8996: correct #clock-cells for QMP PHY nodes (bsc#1012628). - arm64: dts: qcom: sc7280: drop PCIe PHY clock index (bsc#1012628). - arm64: dts: qcom: sm8250: add missing PCIe PHY clock-cells (bsc#1012628). - arm64: dts: mt7622: fix BPI-R64 WPS button (bsc#1012628). - arm64: tegra: Mark BPMP channels as no-memory-wc (bsc#1012628). - arm64: tegra: Fix SDMMC1 CD on P2888 (bsc#1012628). - arm64: dts: qcom: sc7280: fix PCIe clock reference (bsc#1012628). - erofs: wake up all waiters after z_erofs_lzma_head ready (bsc#1012628). - erofs: avoid consecutive detection for Highmem memory (bsc#1012628). - spi: Return deferred probe error when controller isn't yet available (bsc#1012628). - blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created (bsc#1012628). - spi: dw: Fix IP-core versions macro (bsc#1012628). - spi: Fix simplification of devm_spi_register_controller (bsc#1012628). - spi: tegra20-slink: fix UAF in tegra_slink_remove() (bsc#1012628). - hwmon: (sch56xx-common) Add DMI override table (bsc#1012628). - hwmon: (drivetemp) Add module alias (bsc#1012628). - blktrace: Trace remapped requests correctly (bsc#1012628). - PM: domains: Ensure genpd_debugfs_dir exists before remove (bsc#1012628). - dm writecache: return void from functions (bsc#1012628). - dm writecache: count number of blocks read, not number of read bios (bsc#1012628). - dm writecache: count number of blocks written, not number of write bios (bsc#1012628). - dm writecache: count number of blocks discarded, not number of discard bios (bsc#1012628). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (bsc#1012628). - soc: qcom: Make QCOM_RPMPD depend on PM (bsc#1012628). - soc: qcom: socinfo: Fix the id of SA8540P SoC (bsc#1012628). - arm64: dts: qcom: msm8998: Make regulator voltages multiple of step-size (bsc#1012628). - arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment (bsc#1012628). - ARM: dts: qcom: msm8974: Disable remoteprocs by default (bsc#1012628). - irqdomain: Report irq number for NOMAP domains (bsc#1012628). - perf: RISC-V: Add of_node_put() when breaking out of for_each_of_cpu_node() (bsc#1012628). - drivers/perf: arm_spe: Fix consistency of SYS_PMSCR_EL1.CX (bsc#1012628). - nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() (bsc#1012628). - sched: only perform capability check on privileged operation (bsc#1012628). - sched/numa: Initialise numa_migrate_retry (bsc#1012628). - x86/extable: Fix ex_handler_msr() print condition (bsc#1012628). - io_uring: move to separate directory (bsc#1012628). - io_uring: define a 'prep' and 'issue' handler for each opcode (bsc#1012628). - io_uring: Don't require reinitable percpu_ref (bsc#1012628). - selftests/seccomp: Fix compile warning when CC=clang (bsc#1012628). - thermal/tools/tmon: Include pthread and time headers in tmon.h (bsc#1012628). - tools/power turbostat: Fix file pointer leak (bsc#1012628). - dm: return early from dm_pr_call() if DM device is suspended (bsc#1012628). - pwm: sifive: Simplify offset calculation for PWMCMP registers (bsc#1012628). - pwm: sifive: Ensure the clk is enabled exactly once per running PWM (bsc#1012628). - pwm: sifive: Shut down hardware only after pwmchip_remove() completed (bsc#1012628). - pwm: lpc18xx: Fix period handling (bsc#1012628). - erofs: update ctx->pos for every emitted dirent (bsc#1012628). - dt-bindings: display: bridge: ldb: Fill in reg property (bsc#1012628). - drm/i915: remove unused GEM_DEBUG_DECL() and GEM_DEBUG_BUG_ON() (bsc#1012628). - drm/rockchip: vop2: unlock on error path in vop2_crtc_atomic_enable() (bsc#1012628). - drm: bridge: DRM_FSL_LDB should depend on ARCH_MXC (bsc#1012628). - drm/bridge: anx7625: Use DPI bus type (bsc#1012628). - drm/mgag200: Acquire I/O lock while reading EDID (bsc#1012628). - drm/meson: Fix refcount leak in meson_encoder_hdmi_init (bsc#1012628). - drm/dp: Export symbol / kerneldoc fixes for DP AUX bus (bsc#1012628). - drm/bridge: tc358767: Handle dsi_lanes == 0 as invalid (bsc#1012628). - drm/bridge: tc358767: Make sure Refclk clock are enabled (bsc#1012628). - ath10k: do not enforce interrupt trigger type (bsc#1012628). - ath11k: Fix warning on variable 'sar' dereference before check (bsc#1012628). - ath11k: Init hw_params before setting up AHB resources (bsc#1012628). - drm/edid: reset display info in drm_add_edid_modes() for NULL edid (bsc#1012628). - drm/bridge: lt9611: Use both bits for HDMI sensing (bsc#1012628). - drm/st7735r: Fix module autoloading for Okaya RH128128T (bsc#1012628). - drm/panel: Fix build error when CONFIG_DRM_PANEL_SAMSUNG_ATNA33XC20=y && CONFIG_DRM_DISPLAY_HELPER=m (bsc#1012628). - drm: bridge: adv7511: Move CEC definitions to adv7511_cec.c (bsc#1012628). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (bsc#1012628). - wifi: wilc1000: use correct sequence of RESET for chip Power-UP/Down (bsc#1012628). - ath11k: fix netdev open race (bsc#1012628). - ath11k: fix IRQ affinity warning on shutdown (bsc#1012628). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (bsc#1012628). - drm/ssd130x: Only define a SPI device ID table when built as a module (bsc#1012628). - selftests/bpf: Fix test_run logic in fexit_stress.c (bsc#1012628). - sample: bpf: xdp_router_ipv4: Allow the kernel to send arp requests (bsc#1012628). - selftests/bpf: Fix tc_redirect_dtime (bsc#1012628). - libbpf: Fix is_pow_of_2 (bsc#1012628). - ath11k: fix missing skb drop on htc_tx_completion error (bsc#1012628). - ath11k: Fix incorrect debug_mask mappings (bsc#1012628). - ath11k: Avoid REO CMD failed prints during firmware recovery (bsc#1012628). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (bsc#1012628). - drm/mediatek: Modify dsi funcs to atomic operations (bsc#1012628). - drm/mediatek: Separate poweron/poweroff from enable/disable and define new funcs (bsc#1012628). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (bsc#1012628). - drm/meson: encoder_cvbs: Fix refcount leak in meson_encoder_cvbs_init (bsc#1012628). - drm/meson: encoder_hdmi: Fix refcount leak in meson_encoder_hdmi_init (bsc#1012628). - drm/bridge: lt9611uxc: Cancel only driver's work (bsc#1012628). - drm/amdgpu: fix scratch register access method in SRIOV (bsc#1012628). - drm/amdgpu/display: Prepare for new interfaces (bsc#1012628). - i2c: npcm: Remove own slave addresses 2:10 (bsc#1012628). - i2c: npcm: Correct slave role behavior (bsc#1012628). - i2c: mxs: Silence a clang warning (bsc#1012628). - virtio-gpu: fix a missing check to avoid NULL dereference (bsc#1012628). - drm/virtio: Fix NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1012628). - libbpf: Fix uprobe symbol file offset calculation logic (bsc#1012628). - drm: adv7511: override i2c address of cec before accessing it (bsc#1012628). - crypto: sun8i-ss - fix error codes in allocate_flows() (bsc#1012628). - crypto: sun8i-ss - Fix error codes for dma_mapping_error() (bsc#1012628). - crypto: sun8i-ss - fix a NULL vs IS_ERR() check in sun8i_ss_hashkey (bsc#1012628). - net: fix sk_wmem_schedule() and sk_rmem_schedule() errors (bsc#1012628). - can: netlink: allow configuring of fixed bit rates without need for do_set_bittiming callback (bsc#1012628). - drm/vkms: check plane_composer->map[0] before using it (bsc#1012628). - can: netlink: allow configuring of fixed data bit rates without need for do_set_data_bittiming callback (bsc#1012628). - drm/bridge: anx7625: Zero error variable when panel bridge not present (bsc#1012628). - drm/bridge: it6505: Add missing CRYPTO_HASH dependency (bsc#1012628). - i2c: Fix a potential use after free (bsc#1012628). - libbpf: Fix internal USDT address translation logic for shared libraries (bsc#1012628). - selftests/bpf: Don't force lld on non-x86 architectures (bsc#1012628). - tcp: fix possible freeze in tx path under memory pressure (bsc#1012628). - crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs() (bsc#1012628). - net: ag71xx: fix discards 'const' qualifier warning (bsc#1012628). - ping: convert to RCU lookups, get rid of rwlock (bsc#1012628). - raw: use more conventional iterators (bsc#1012628). - raw: convert raw sockets to RCU (bsc#1012628). - raw: Fix mixed declarations error in raw_icmp_error() (bsc#1012628). - media: atmel: atmel-sama7g5-isc: fix warning in configs without OF (bsc#1012628). - media: camss: csid: fix wrong size passed to devm_kmalloc_array() (bsc#1012628). - media: tw686x: Register the irq at the end of probe (bsc#1012628). - media: amphion: return error if format is unsupported by vpu (bsc#1012628). - media: Hantro: Correct G2 init qp field (bsc#1012628). - media: imx-jpeg: Correct some definition according specification (bsc#1012628). - media: imx-jpeg: Leave a blank space before the configuration data (bsc#1012628). - media: imx-jpeg: Align upwards buffer size (bsc#1012628). - media: imx-jpeg: Implement drain using v4l2-mem2mem helpers (bsc#1012628). - media: rcar-vin: Fix channel routing for Ebisu (bsc#1012628). - wifi: mac80211: set STA deflink addresses (bsc#1012628). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (bsc#1012628). - wifi: rtw89: 8852a: rfk: fix div 0 exception (bsc#1012628). - drm/radeon: fix incorrrect SPDX-License-Identifiers (bsc#1012628). - drm/amd: Don't show warning on reading vbios values for SMU13 3.1 (bsc#1012628). - drm/amdkfd: correct sdma queue number of sdma 6.0.1 (bsc#1012628). - torture: Adjust to again produce debugging information (bsc#1012628). - rcutorture: Fix ksoftirqd boosting timing and iteration (bsc#1012628). - test_bpf: fix incorrect netdev features (bsc#1012628). - drm/display: Fix build error without CONFIG_OF (bsc#1012628). - selftests/bpf: Fix rare segfault in sock_fields prog test (bsc#1012628). - crypto: ccp - During shutdown, check SEV data pointer before using (bsc#1012628). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (bsc#1012628). - media: imx-jpeg: Disable slot interrupt when frame done (bsc#1012628). - media: amphion: output firmware error message (bsc#1012628). - drm/mcde: Fix refcount leak in mcde_dsi_bind (bsc#1012628). - media: hdpvr: fix error value returns in hdpvr_read (bsc#1012628). - media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set (bsc#1012628). - media: sta2x11: remove VIRT_TO_BUS dependency (bsc#1012628). - media: mediatek: vcodec: Initialize decoder parameters after getting dec_capability (bsc#1012628). - media: mediatek: vcodec: Skip SOURCE_CHANGE & EOS events for stateless (bsc#1012628). - media: driver/nxp/imx-jpeg: fix a unexpected return value problem (bsc#1012628). - media: tw686x: Fix memory leak in tw686x_video_init (bsc#1012628). - media: mediatek: vcodec: Fix non subdev architecture open power fail (bsc#1012628). - drm/vc4: kms: Use maximum FIFO load for the HVS clock rate (bsc#1012628). - drm/vc4: plane: Remove subpixel positioning check (bsc#1012628). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (bsc#1012628). - drm/vc4: dsi: Release workaround buffer and DMA (bsc#1012628). - drm/vc4: dsi: Correct DSI divider calculations (bsc#1012628). - drm/vc4: dsi: Correct pixel order for DSI0 (bsc#1012628). - drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type (bsc#1012628). - drm/vc4: dsi: Fix dsi0 interrupt support (bsc#1012628). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (bsc#1012628). - drm/vc4: hdmi: Add all the vc5 HDMI registers into the debugfs dumps (bsc#1012628). - drm/vc4: hdmi: Clear unused infoframe packet RAM registers (bsc#1012628). - drm/vc4: hdmi: Avoid full hdmi audio fifo writes (bsc#1012628). - drm/vc4: hdmi: Reset HDMI MISC_CONTROL register (bsc#1012628). - drm/vc4: hdmi: Switch to pm_runtime_status_suspended (bsc#1012628). - drm/vc4: hdmi: Move HDMI reset to pm_resume (bsc#1012628). - drm/vc4: hdmi: Fix timings for interlaced modes (bsc#1012628). - drm/vc4: hdmi: Force modeset when bpc or format changes (bsc#1012628). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (bsc#1012628). - drm/vc4: hdmi: Move pixel doubling from Pixelvalve to HDMI block (bsc#1012628). - mm: Account dirty folios properly during splits (bsc#1012628). - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (bsc#1012628). - selftests/xsk: Destroy BPF resources only when ctx refcount drops to 0 (bsc#1012628). - net: dsa: felix: update base time of time-aware shaper when adjusting PTP time (bsc#1012628). - net: dsa: felix: keep reference on entire tc-taprio config (bsc#1012628). - net: dsa: felix: drop oversized frames with tc-taprio instead of hanging the port (bsc#1012628). - selftests: net: fib_rule_tests: fix support for running individual tests (bsc#1012628). - drm/rockchip: vop: Don't crash for invalid duplicate_state() (bsc#1012628). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (bsc#1012628). - drm/mediatek: dpi: Remove output format of YUV (bsc#1012628). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (bsc#1012628). - drm/msm/dpu: move intf and wb assignment to dpu_encoder_setup_display() (bsc#1012628). - drm/msm/dpu: fix maxlinewidth for writeback block (bsc#1012628). - drm/msm/dpu: remove hard-coded linewidth limit for writeback (bsc#1012628). - drm/msm/hdmi: fill the pwr_regs bulk regulators (bsc#1012628). - drm: bridge: sii8620: fix possible off-by-one (bsc#1012628). - drm/msm: Fix fence rollover issue (bsc#1012628). - net: sched: provide shim definitions for taprio_offload_{get,free} (bsc#1012628). - net: dsa: felix: build as module when tc-taprio is module (bsc#1012628). - hinic: Use the bitmap API when applicable (bsc#1012628). - net: hinic: fix bug that ethtool get wrong stats (bsc#1012628). - net: hinic: avoid kernel hung in hinic_get_stats64() (bsc#1012628). - drm/bridge: anx7625: Fix NULL pointer crash when using edp-panel (bsc#1012628). - drm/msm: Avoid unclocked GMU register access in 6xx gpu_busy (bsc#1012628). - libbpf, riscv: Use a0 for RC register (bsc#1012628). - drm/msm/mdp5: Fix global state lock backoff (bsc#1012628). - drm/radeon: avoid bogus "vram limit (0) must be a power of 2" warning (bsc#1012628). - crypto: hisilicon/sec - don't sleep when in softirq (bsc#1012628). - crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq (bsc#1012628). - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment (bsc#1012628). - media: amphion: release core lock before reset vpu core (bsc#1012628). - drm/msm/dpu: Fix for non-visible planes (bsc#1012628). - media: atomisp: revert "don't pass a pointer to a local variable" (bsc#1012628). - media: mediatek: vcodec: decoder: Fix 4K frame size enumeration (bsc#1012628). - media: mediatek: vcodec: decoder: Fix resolution clamping in TRY_FMT (bsc#1012628). - media: mediatek: vcodec: decoder: Skip alignment for default resolution (bsc#1012628). - media: mediatek: vcodec: decoder: Drop max_{width,height} from mtk_vcodec_ctx (bsc#1012628). - media: mediatek: vcodec: Initialize decoder parameters for each instance (bsc#1012628). - media: amphion: defer setting last_buffer_dequeued until resolution changes are processed (bsc#1012628). - media: hantro: Be more accurate on pixel formats step_width constraints (bsc#1012628). - media: hantro: Fix RK3399 H.264 format advertising (bsc#1012628). - media: amphion: sync buffer status with firmware during abort (bsc#1012628). - media: amphion: only insert the first sequence startcode for vc1l format (bsc#1012628). - mt76: mt7915: fix endianness in mt7915_rf_regval_get (bsc#1012628). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (bsc#1012628). - mt76: mt7915: fix endian bug in mt7915_rf_regval_set() (bsc#1012628). - mt76: mt7921s: fix firmware download random fail (bsc#1012628). - mt76: mt7921: not support beacon offload disable command (bsc#1012628). - wifi: mac80211: reject WEP or pairwise keys with key ID > 3 (bsc#1012628). - wifi: cfg80211: do some rework towards MLO link APIs (bsc#1012628). - wifi: mac80211: move some future per-link data to bss_conf (bsc#1012628). - mt76: mt7615: do not update pm stats in case of error (bsc#1012628). - mt76: mt7921: do not update pm states in case of error (bsc#1012628). - mt76: mt7921s: fix possible sdio deadlock in command fail (bsc#1012628). - mt76: mt7921: fix aggregation subframes setting to HE max (bsc#1012628). - mt76: mt7921: enlarge maximum VHT MPDU length to 11454 (bsc#1012628). - mt76: mt7921: rely on mt76_dev in mt7921_mac_write_txwi signature (bsc#1012628). - mt76: mt7915: rely on mt76_dev in mt7915_mac_write_txwi signature (bsc#1012628). - mt76: connac: move mac connac2 defs in mt76_connac2_mac.h (bsc#1012628). - mt76: connac: move connac2_mac_write_txwi in mt76_connac module (bsc#1012628). - mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (bsc#1012628). - mt76: mt7615: fix throughput regression on DFS channels (bsc#1012628). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (bsc#1012628). - mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node() (bsc#1012628). - skmsg: Fix invalid last sg check in sk_msg_recvmsg() (bsc#1012628). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (bsc#1012628). - bpf, x64: Add predicate for bpf2bpf with tailcalls support in JIT (bsc#1012628). - bpf, x86: fix freeing of not-finalized bpf_prog_pack (bsc#1012628). - tcp: make retransmitted SKB fit into the send window (bsc#1012628). - libbpf: Fix the name of a reused map (bsc#1012628). - kunit: executor: Fix a memory leak on failure in kunit_filter_tests (bsc#1012628). - selftests: timers: valid-adjtimex: build fix for newer toolchains (bsc#1012628). - selftests: timers: clocksource-switch: fix passing errors from child (bsc#1012628). - bpf: Fix subprog names in stack traces (bsc#1012628). - wifi: nl80211: acquire wdev mutex for dump_survey (bsc#1012628). - media: v4l: async: Also match secondary fwnode endpoints (bsc#1012628). - media: ov7251: add missing disable functions on error in ov7251_set_power_on() (bsc#1012628). - fs: check FMODE_LSEEK to control internal pipe splicing (bsc#1012628). - media: cedrus: h265: Fix flag name (bsc#1012628). - media: uapi: HEVC: Change pic_order_cnt definition in v4l2_hevc_dpb_entry (bsc#1012628). - media: cedrus: h265: Fix logic for not low delay flag (bsc#1012628). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (bsc#1012628). - wifi: p54: Fix an error handling path in p54spi_probe() (bsc#1012628). - wifi: p54: add missing parentheses in p54_flush() (bsc#1012628). - drm/amdgpu: use the same HDP flush registers for all nbio 7.4.x (bsc#1012628). - drm/amdgpu: use the same HDP flush registers for all nbio 2.3.x (bsc#1012628). - drm/amdgpu: restore original stable pstate on ctx fini (bsc#1012628). - bpf: fix potential 32-bit overflow when accessing ARRAY map element (bsc#1012628). - libbpf: make RINGBUF map size adjustments more eagerly (bsc#1012628). - selftests/bpf: fix a test for snprintf() overflow (bsc#1012628). - libbpf: fix an snprintf() overflow check (bsc#1012628). - can: pch_can: do not report txerr and rxerr during bus-off (bsc#1012628). - can: rcar_can: do not report txerr and rxerr during bus-off (bsc#1012628). - can: sja1000: do not report txerr and rxerr during bus-off (bsc#1012628). - can: hi311x: do not report txerr and rxerr during bus-off (bsc#1012628). - can: sun4i_can: do not report txerr and rxerr during bus-off (bsc#1012628). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (bsc#1012628). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (bsc#1012628). - can: usb_8dev: do not report txerr and rxerr during bus-off (bsc#1012628). - can: error: specify the values of data[5..7] of CAN error frames (bsc#1012628). - libbpf: Fix str_has_sfx()'s return value (bsc#1012628). - can: pch_can: pch_can_error(): initialize errc before using it (bsc#1012628). - Bluetooth: hci_intel: Add check for platform_driver_register (bsc#1012628). - Bluetooth: When HCI work queue is drained, only queue chained work (bsc#1012628). - Bluetooth: mgmt: Fix refresh cached connection info (bsc#1012628). - Bluetooth: hci_sync: Fix resuming scan after suspend resume (bsc#1012628). - Bluetooth: hci_sync: Fix not updating privacy_mode (bsc#1012628). - Bluetooth: Add default wakeup callback for HCI UART driver (bsc#1012628). - i2c: cadence: Support PEC for SMBus block read (bsc#1012628). - i2c: qcom-geni: Use the correct return value (bsc#1012628). - btrfs: update stripe_sectors::uptodate in steal_rbio (bsc#1012628). - ip_tunnels: Add new flow flags field to ip_tunnel_key (bsc#1012628). - bpf: Set flow flag to allow any source IP in bpf_tunnel_key (bsc#1012628). - bpf: Fix bpf_xdp_pointer return pointer (bsc#1012628). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (bsc#1012628). - wifi: ath11k: Fix register write failure on QCN9074 (bsc#1012628). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (bsc#1012628). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (bsc#1012628). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (bsc#1012628). - media: cedrus: hevc: Add check for invalid timestamp (bsc#1012628). - hantro: Remove incorrect HEVC SPS validation (bsc#1012628). - drm/amd/display: fix signedness bug in execute_synaptics_rc_command() (bsc#1012628). - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (bsc#1012628). - net/mlx5e: TC, Fix post_act to not match on in_port metadata (bsc#1012628). - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (bsc#1012628). - net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ size (bsc#1012628). - net/mlx5e: Fix calculations related to max MPWQE size (bsc#1012628). - net/mlx5e: Modify slow path rules to go to slow fdb (bsc#1012628). - net/mlx5: Adjust log_max_qp to be 18 at most (bsc#1012628). - net/mlx5: DR, Fix SMFS steering info dump format (bsc#1012628). - net/mlx5: Fix driver use of uninitialized timeout (bsc#1012628). - ax25: fix incorrect dev_tracker usage (bsc#1012628). - crypto: hisilicon/hpre - don't use GFP_KERNEL to alloc mem during softirq (bsc#1012628). - crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of (bsc#1012628). - crypto: hisilicon/sec - fix auth key size error (bsc#1012628). - net: allow unbound socket for packets in VRF when tcp_l3mdev_accept set (bsc#1012628). - netdevsim: fib: Fix reference count leak on route deletion failure (bsc#1012628). - wifi: rtw88: check the return value of alloc_workqueue() (bsc#1012628). - iavf: Fix max_rate limiting (bsc#1012628). - iavf: Fix 'tc qdisc show' listing too many queues (bsc#1012628). - netdevsim: Avoid allocation warnings triggered from user space (bsc#1012628). - net: rose: fix netdev reference changes (bsc#1012628). - net: ice: fix error NETIF_F_HW_VLAN_CTAG_FILTER check in ice_vsi_sync_fltr() (bsc#1012628). - net: ionic: fix error check for vlan flags in ionic_set_nic_features() (bsc#1012628). - dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock (bsc#1012628). - net: usb: make USB_RTL8153_ECM non user configurable (bsc#1012628). - net/mlx5e: xsk: Discard unaligned XSK frames on striding RQ (bsc#1012628). - wireguard: ratelimiter: use hrtimer in selftest (bsc#1012628). - wireguard: allowedips: don't corrupt stack when detecting overflow (bsc#1012628). - HID: amd_sfh: Don't show client init failed as error when discovery fails (bsc#1012628). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (bsc#1012628). - mtd: maps: Fix refcount leak in of_flash_probe_versatile (bsc#1012628). - mtd: maps: Fix refcount leak in ap_flash_init (bsc#1012628). - mtd: rawnand: meson: Fix a potential double free issue (bsc#1012628). - clk: renesas: rzg2l: Fix reset status function (bsc#1012628). - of: check previous kernel's ima-kexec-buffer against memory bounds (bsc#1012628). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1012628). - scsi: qla2xxx: edif: bsg refactor (bsc#1012628). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1012628). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1012628). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1012628). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1012628). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1012628). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1012628). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1012628). - KVM: SVM: Unwind "speculative" RIP advancement if INTn injection "fails" (bsc#1012628). - KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (bsc#1012628). - KVM: x86/mmu: Drop RWX=0 SPTEs during ept_sync_page() (bsc#1012628). - phy: samsung: exynosautov9-ufs: correct TSRV register configurations (bsc#1012628). - PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains() (bsc#1012628). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (bsc#1012628). - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (bsc#1012628). - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (bsc#1012628). - mtd: partitions: Fix refcount leak in parse_redboot_of (bsc#1012628). - mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset (bsc#1012628). - mtd: spear_smi: Don't skip cleanup after mtd_device_unregister() failed (bsc#1012628). - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (bsc#1012628). - mtd: spear_smi: Drop if with an always false condition (bsc#1012628). - mtd: st_spi_fsm: Warn about failure to unregister mtd device (bsc#1012628). - mtd: st_spi_fsm: Disable clock only after device was unregistered (bsc#1012628). - PCI: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (bsc#1012628). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (bsc#1012628). - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (bsc#1012628). - usb: cdns3: fix random warning message when driver load (bsc#1012628). - usb: gadget: uvc: Fix comment blocks style (bsc#1012628). - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (bsc#1012628). - usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init() (bsc#1012628). - usbip: vudc: Don't enable IRQs prematurely (bsc#1012628). - usb: host: ohci-at91: add support to enter suspend using SMC (bsc#1012628). - usb: xhci: tegra: Fix error check (bsc#1012628). - dmaengine: dw: dmamux: Export the module device table (bsc#1012628). - dmaengine: dw: dmamux: Fix build without CONFIG_OF (bsc#1012628). - netfilter: xtables: Bring SPDX identifier back (bsc#1012628). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1012628). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1012628). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1012628). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1012628). - scsi: qla2xxx: edif: Fix session thrash (bsc#1012628). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1012628). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1012628). - iio: accel: bma400: Fix the scale min and max macro values (bsc#1012628). - platform/chrome: cros_ec: Always expose last resume result (bsc#1012628). - iio: sx9324: Fix register field spelling (bsc#1012628). - iio: accel: bma400: Reordering of header files (bsc#1012628). - iio: accel: bma400: conversion to device-managed function (bsc#1012628). - iio: accel: bma400: Add triggered buffer support (bsc#1012628). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (bsc#1012628). - iio: accel: adxl313: Fix alignment for DMA safety (bsc#1012628). - iio: accel: adxl355: Fix alignment for DMA safety (bsc#1012628). - iio: accel: adxl367: Fix alignment for DMA safety (bsc#1012628). - iio: accel: bma220: Fix alignment for DMA safety (bsc#1012628). - iio: accel: sca3000: Fix alignment for DMA safety (bsc#1012628). - iio: accel: sca3300: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ad7266: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ad7280a: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ad7292: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ad7298: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ad7476: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ad7606: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ad7766: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ad7768-1: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ad7887: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ad7923: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ad7949: Fix alignment for DMA safety (bsc#1012628). - iio: adc: hi8435: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ltc2496: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ltc2497: Fix alignment for DMA safety (bsc#1012628). - iio: adc: max1027: Fix alignment for DMA safety (bsc#1012628). - iio: adc: max11100: Fix alignment for DMA safety (bsc#1012628). - iio: adc: max1118: Fix alignment for DMA safety (bsc#1012628). - iio: adc: max1241: Fix alignment for DMA safety (bsc#1012628). - iio: adc: mcp320x: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-adc0832: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-adc108s102: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-adc12138: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-ads131e08: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-ads7950: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-ads8344: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-ads8688: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (bsc#1012628). - iio: addac: ad74413r: Fix alignment for DMA safety (bsc#1012628). - iio: amplifiers: ad8366: Fix alignment for DMA safety (bsc#1012628). - iio: common: ssp: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5064: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5360: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5421: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5449: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5504: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5592r: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5686: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5755: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5761: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5764: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5766: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5770r: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5791: Fix alignment for DMA saftey (bsc#1012628). - iio: dac: ad7293: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad7303: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad8801: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ltc2688: Fix alignment for DMA safety (bsc#1012628). - iio: dac: mcp4922: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ti-dac5571: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ti-dac7311: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ti-dac7612: Fix alignment for DMA safety (bsc#1012628). - iio: frequency: ad9523: Fix alignment for DMA safety (bsc#1012628). - iio: frequency: adf4350: Fix alignment for DMA safety (bsc#1012628). - iio: frequency: adf4371: Fix alignment for DMA safety (bsc#1012628). - iio: frequency: admv1013: Fix alignment for DMA safety (bsc#1012628). - iio: frequency: admv1014: Fix alignment for DMA safety (bsc#1012628). - iio: frequency: admv4420: Fix alignment for DMA safety (bsc#1012628). - iio: frequency: adrf6780: Fix alignment for DMA safety (bsc#1012628). - iio: gyro: adis16080: Fix alignment for DMA safety (bsc#1012628). - iio: gyro: adis16130: Fix alignment for DMA safety (bsc#1012628). - iio: gyro: adxrs450: Fix alignment for DMA safety (bsc#1012628). - iio: gyro: fxas210002c: Fix alignment for DMA safety (bsc#1012628). - iio: imu: fxos8700: Fix alignment for DMA safety (bsc#1012628). - iio: imu: inv_icm42600: Fix alignment for DMA safety (bsc#1012628). - iio: imu: inv_icm42600: Fix alignment for DMA safety in buffer code (bsc#1012628). - iio: imu: mpu6050: Fix alignment for DMA safety (bsc#1012628). - iio: potentiometer: ad5110: Fix alignment for DMA safety (bsc#1012628). - iio: potentiometer: ad5272: Fix alignment for DMA safety (bsc#1012628). - iio: potentiometer: max5481: Fix alignment for DMA safety (bsc#1012628). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (bsc#1012628). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (bsc#1012628). - iio: proximity: as3935: Fix alignment for DMA safety (bsc#1012628). - iio: resolver: ad2s1200: Fix alignment for DMA safety (bsc#1012628). - iio: resolver: ad2s90: Fix alignment for DMA safety (bsc#1012628). - iio: temp: ltc2983: Fix alignment for DMA safety (bsc#1012628). - iio: temp: max31865: Fix alignment for DMA safety (bsc#1012628). - iio: temp: maxim_thermocouple: Fix alignment for DMA safety (bsc#1012628). - clk: mediatek: reset: Fix written reset bit offset (bsc#1012628). - clk: imx93: use adc_root as the parent clock of adc1 (bsc#1012628). - clk: imx93: correct nic_media parent (bsc#1012628). - clk: imx: clk-fracn-gppll: fix mfd value (bsc#1012628). - clk: imx: clk-fracn-gppll: Return rate in rate table properly in ->recalc_rate() (bsc#1012628). - clk: imx: clk-fracn-gppll: correct rdiv (bsc#1012628). - RDMA/rxe: fix xa_alloc_cycle() error return value check again (bsc#1012628). - lib/test_hmm: avoid accessing uninitialized pages (bsc#1012628). - mm/memremap: fix memunmap_pages() race with get_dev_pagemap() (bsc#1012628). - KVM: Don't set Accessed/Dirty bits for ZERO_PAGE (bsc#1012628). - KVM: selftests: Convert s390x/diag318_test_handler away from VCPU_ID (bsc#1012628). - KVM: selftests: Use vm_create_with_vcpus() in max_guest_memory_test (bsc#1012628). - devcoredump: remove the useless gfp_t parameter in dev_coredumpv and dev_coredumpm (bsc#1012628). - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (bsc#1012628). - scsi: iscsi: Allow iscsi_if_stop_conn() to be called from kernel (bsc#1012628). - scsi: iscsi: Add helper to remove a session from the kernel (bsc#1012628). - scsi: iscsi: Fix session removal on shutdown (bsc#1012628). - dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction semantics (bsc#1012628). - KVM: x86: Fix errant brace in KVM capability handling (bsc#1012628). - mtd: hyperbus: rpc-if: Fix RPM imbalance in probe error path (bsc#1012628). - mtd: dataflash: Add SPI ID table (bsc#1012628). - clk: qcom: camcc-sm8250: Fix halt on boot by reducing driver's init level (bsc#1012628). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (bsc#1012628). - driver core: fix potential deadlock in __driver_attach (bsc#1012628). - clk: qcom: clk-krait: unlock spin after mux completion (bsc#1012628). - coresight: configfs: Fix unload of configurations on module exit (bsc#1012628). - coresight: syscfg: Update load and unload operations (bsc#1012628). - usb: gadget: f_mass_storage: Make CD-ROM emulation works with Windows OS (bsc#1012628). - clk: qcom: gcc-msm8939: Add missing SYSTEM_MM_NOC_BFDCD_CLK_SRC (bsc#1012628). - clk: qcom: gcc-msm8939: Fix bimc_ddr_clk_src rcgr base address (bsc#1012628). - clk: qcom: gcc-msm8939: Add missing system_mm_noc_bfdcd_clk_src (bsc#1012628). - clk: qcom: gcc-msm8939: Point MM peripherals to system_mm_noc clock (bsc#1012628). - usb: host: xhci: use snprintf() in xhci_decode_trb() (bsc#1012628). - RDMA/rxe: Add a responder state for atomic reply (bsc#1012628). - RDMA/rxe: Fix deadlock in rxe_do_local_ops() (bsc#1012628). - clk: qcom: ipq8074: fix NSS core PLL-s (bsc#1012628). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (bsc#1012628). - clk: qcom: ipq8074: fix NSS port frequency tables (bsc#1012628). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (bsc#1012628). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (bsc#1012628). - clk: qcom: camcc-sm8250: Fix topology around titan_top power domain (bsc#1012628). - clk: qcom: clk-rcg2: Fail Duty-Cycle configuration if MND divider is not enabled (bsc#1012628). - clk: qcom: clk-rcg2: Make sure to not write d=0 to the NMD register (bsc#1012628). - kernfs: fix potential NULL dereference in __kernfs_remove (bsc#1012628). - mm: rmap: use the correct parameter name for DEFINE_PAGE_VMA_WALK (bsc#1012628). - mm/migration: return errno when isolate_huge_page failed (bsc#1012628). - mm/migration: fix potential pte_unmap on an not mapped pte (bsc#1012628). - mm: introduce clear_highpage_kasan_tagged (bsc#1012628). - kasan: fix zeroing vmalloc memory with HW_TAGS (bsc#1012628). - mm/mempolicy: fix get_nodes out of bound access (bsc#1012628). - phy: ti: tusb1210: Don't check for write errors when powering on (bsc#1012628). - phy: rockchip-inno-usb2: Sync initial otg state (bsc#1012628). - PCI: dwc: Stop link on host_init errors and de-initialization (bsc#1012628). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (bsc#1012628). - PCI: dwc: Disable outbound windows only for controllers using iATU (bsc#1012628). - PCI: dwc: Set INCREASE_REGION_SIZE flag based on limit address (bsc#1012628). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (bsc#1012628). - PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" exists (bsc#1012628). - soundwire: bus_type: fix remove and shutdown support (bsc#1012628). - soundwire: revisit driver bind/unbind and callbacks (bsc#1012628). - KVM: arm64: Don't return from void function (bsc#1012628). - dmaengine: sf-pdma: Add multithread support for a DMA channel (bsc#1012628). - PCI: endpoint: Don't stop controller when unbinding endpoint function (bsc#1012628). - phy: qcom-qmp: fix the QSERDES_V5_COM_CMN_MODE register (bsc#1012628). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1012628). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1012628). - intel_th: Fix a resource leak in an error handling path (bsc#1012628). - intel_th: msu-sink: Potential dereference of null pointer (bsc#1012628). - intel_th: msu: Fix vmalloced buffers (bsc#1012628). - binder: fix redefinition of seq_file attributes (bsc#1012628). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (bsc#1012628). - rtla/utils: Use calloc and check the potential memory allocation failure (bsc#1012628). - habanalabs: fix double unlock on error in map_device_va() (bsc#1012628). - dt-bindings: mmc: sdhci-msm: Fix issues in yaml bindings (bsc#1012628). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (bsc#1012628). - mmc: mxcmmc: Silence a clang warning (bsc#1012628). - mmc: renesas_sdhi: Get the reset handle early in the probe (bsc#1012628). - memstick/ms_block: Fix some incorrect memory allocation (bsc#1012628). - memstick/ms_block: Fix a memory leak (bsc#1012628). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (bsc#1012628). - of: device: Fix missing of_node_put() in of_dma_set_restricted_buffer (bsc#1012628). - mmc: block: Add single read for 4k sector cards (bsc#1012628). - KVM: s390: pv: leak the topmost page table when destroy fails (bsc#1012628). - PCI/portdrv: Don't disable AER reporting in get_port_device_capability() (bsc#1012628). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (bsc#1012628). - scsi: smartpqi: Fix DMA direction for RAID requests (bsc#1012628). - xtensa: iss/network: provide release() callback (bsc#1012628). - xtensa: iss: fix handling error cases in iss_net_configure() (bsc#1012628). - usb: gadget: udc: amd5536 depends on HAS_DMA (bsc#1012628). - usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() (bsc#1012628). - usb: dwc3: core: Deprecate GCTL.CORESOFTRESET (bsc#1012628). - usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup (bsc#1012628). - usb: dwc3: qcom: fix missing optional irq warnings (bsc#1012628). - eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write() (bsc#1012628). - phy: stm32: fix error return in stm32_usbphyc_phy_init (bsc#1012628). - phy: rockchip-inno-usb2: Ignore OTG IRQs in host mode (bsc#1012628). - interconnect: imx: fix max_node_id (bsc#1012628). - KVM: arm64: Fix hypervisor address symbolization (bsc#1012628). - um: random: Don't initialise hwrng struct with zero (bsc#1012628). - mm: percpu: use kmemleak_ignore_phys() instead of kmemleak_free() (bsc#1012628). - RDMA/irdma: Fix a window for use-after-free (bsc#1012628). - RDMA/irdma: Fix VLAN connection with wildcard address (bsc#1012628). - RDMA/irdma: Fix setting of QP context err_rq_idx_valid field (bsc#1012628). - RDMA/rtrs-srv: Fix modinfo output for stringify (bsc#1012628). - RDMA/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (bsc#1012628). - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (bsc#1012628). - RDMA/hns: Fix incorrect clearing of interrupt status register (bsc#1012628). - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (bsc#1012628). - RDMA/rxe: Fix BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup (bsc#1012628). - iio: cros: Register FIFO callback after sensor is registered (bsc#1012628). - clk: qcom: Drop mmcx gdsc supply for dispcc and videocc (bsc#1012628). - clk: qcom: gdsc: Bump parent usage count when GDSC is found enabled (bsc#1012628). - clk: qcom: gcc-msm8939: Fix weird field spacing in ftbl_gcc_camss_cci_clk (bsc#1012628). - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (bsc#1012628). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (bsc#1012628). - iio: adc: max1027: unlock on error path in max1027_read_single_value() (bsc#1012628). - HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() (bsc#1012628). - HID: amd_sfh: Add NULL check for hid device (bsc#1012628). - dmaengine: imx-dma: Cast of_device_get_match_data() with (uintptr_t) (bsc#1012628). - scripts/gdb: fix 'lx-dmesg' on 32 bits arch (bsc#1012628). - RDMA/rxe: Fix mw bind to allow any consumer key portion (bsc#1012628). - mmc: core: quirks: Add of_node_put() when breaking out of loop (bsc#1012628). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (bsc#1012628). - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (bsc#1012628). - HID: alps: Declare U1_UNICORN_LEGACY support (bsc#1012628). - RDMA/rxe: For invalidate compare according to set keys in mr (bsc#1012628). - RDMA/rxe: Fix rnr retry behavior (bsc#1012628). - PCI: tegra194: Fix Root Port interrupt handling (bsc#1012628). - PCI: tegra194: Fix link up retry sequence (bsc#1012628). - HID: amd_sfh: Handle condition of "no sensors" (bsc#1012628). - USB: serial: fix tty-port initialized comments (bsc#1012628). - usb: xhci_plat_remove: avoid NULL dereference (bsc#1012628). - usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() (bsc#1012628). - mtd: spi-nor: fix spi_nor_spimem_setup_op() call in spi_nor_erase_{sector,chip}() (bsc#1012628). - staging: fbtft: core: set smem_len before fb_deferred_io_init call (bsc#1012628). - KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (bsc#1012628). - tools/power/x86/intel-speed-select: Fix off by one check (bsc#1012628). - platform/x86: pmc_atom: Match all Lex BayTrail boards with critclk_systems DMI table (bsc#1012628). - platform/mellanox: mlxreg-lc: Fix error flow and extend verbosity (bsc#1012628). - platform/olpc: Fix uninitialized data in debugfs write (bsc#1012628). - RDMA/srpt: Duplicate port name members (bsc#1012628). - RDMA/srpt: Introduce a reference count in struct srpt_device (bsc#1012628). - RDMA/srpt: Fix a use-after-free (bsc#1012628). - android: binder: stop saving a pointer to the VMA (bsc#1012628). - mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region (bsc#1012628). - selftests/vm: fix errno handling in mrelease_test (bsc#1012628). - tools/testing/selftests/vm/hugetlb-madvise.c: silence uninitialized variable warning (bsc#1012628). - selftest/vm: uninitialized variable in main() (bsc#1012628). - rtla: Fix Makefile when called from -C tools/ (bsc#1012628). - rtla: Fix double free (bsc#1012628). - virtio: replace restricted mem access flag with callback (bsc#1012628). - xen: don't require virtio with grants for non-PV guests (bsc#1012628). - selftests: kvm: set rax before vmcall (bsc#1012628). - of/fdt: declared return type does not match actual return type (bsc#1012628). - RDMA/mlx5: Add missing check for return value in get namespace flow (bsc#1012628). - RDMA/rxe: Fix error unwind in rxe_create_qp() (bsc#1012628). - block/rnbd-srv: Set keep_id to true after mutex_trylock (bsc#1012628). - null_blk: fix ida error handling in null_add_dev() (bsc#1012628). - nbd: add missing definition of pr_fmt (bsc#1012628). - mtip32xx: fix device removal (bsc#1012628). - nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (bsc#1012628). - nvme: define compat_ioctl again to unbreak 32-bit userspace (bsc#1012628). - nvme: catch -ENODEV from nvme_revalidate_zones again (bsc#1012628). - block/bio: remove duplicate append pages code (bsc#1012628). - block: ensure iov_iter advances for added pages (bsc#1012628). - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1012628). - ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1012628). - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1012628). - usb: cdns3: Don't use priv_dev uninitialized in cdns3_gadget_ep_enable() (bsc#1012628). - opp: Fix error check in dev_pm_opp_attach_genpd() (bsc#1012628). - ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe (bsc#1012628). - ASoC: samsung: Fix error handling in aries_audio_probe (bsc#1012628). - ASoC: imx-audmux: Silence a clang warning (bsc#1012628). - ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe (bsc#1012628). - ASoC: max98390: use linux/gpio/consumer.h to fix build (bsc#1012628). - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (bsc#1012628). - ASoC: codecs: da7210: add check for i2c_add_driver (bsc#1012628). - ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe (bsc#1012628). - serial: pic32: fix missing clk_disable_unprepare() on error in pic32_uart_startup() (bsc#1012628). - serial: 8250: Create serial_lsr_in() (bsc#1012628). - serial: 8250: Get preserved flags using serial_lsr_in() (bsc#1012628). - serial: 8250_dw: Use serial_lsr_in() in dw8250_handle_irq() (bsc#1012628). - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (bsc#1012628). - ASoC: SOF: make ctx_store and ctx_restore as optional (bsc#1012628). - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (bsc#1012628). - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (bsc#1012628). - ASoC: cs35l45: Add endianness flag in snd_soc_component_driver (bsc#1012628). - rpmsg: char: Add mutex protection for rpmsg_eptdev_open() (bsc#1012628). - rpmsg: mtk_rpmsg: Fix circular locking dependency (bsc#1012628). - remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init (bsc#1012628). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1012628). - profiling: fix shift too large makes kernel panic (bsc#1012628). - remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init (bsc#1012628). - KVM: PPC: Book3s: Fix warning about xics_rm_h_xirr_x (bsc#1012628). - rpmsg: Fix possible refcount leak in rpmsg_register_device_override() (bsc#1012628). - selftests/powerpc: Skip energy_scale_info test on older firmware (bsc#1012628). - ASoC: samsung: h1940_uda1380: include proepr GPIO consumer header (bsc#1012628). - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1012628). - ASoC: soc-core.c: fixup snd_soc_of_get_dai_link_cpus() (bsc#1012628). - ASoC: samsung: change gpiod_speaker_power and rx1950_audio from global to static variables (bsc#1012628). - serial: 8250_dw: Take port lock while accessing LSR (bsc#1012628). - ASoC: codecs: wsa881x: handle timeouts in resume path (bsc#1012628). - vfio/mlx5: Protect mlx5vf_disable_fds() upon close device (bsc#1012628). - vfio: Split migration ops from main device ops (bsc#1012628). - net/ice: fix initializing the bitmap in the switch code (bsc#1012628). - tty: n_gsm: fix user open not possible at responder until initiator open (bsc#1012628). - tty: n_gsm: fix tty registration before control channel open (bsc#1012628). - tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (bsc#1012628). - tty: n_gsm: fix missing timer to handle stalled links (bsc#1012628). - tty: n_gsm: fix non flow control frames during mux flow off (bsc#1012628). - tty: n_gsm: fix packet re-transmission without open control channel (bsc#1012628). - tty: n_gsm: fix race condition in gsmld_write() (bsc#1012628). - tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1012628). - tty: n_gsm: fix resource allocation order in gsm_activate_mux() (bsc#1012628). - ASoC: qcom: Fix missing of_node_put() in asoc_qcom_lpass_cpu_platform_probe() (bsc#1012628). - MIPS: Loongson64: Fix section mismatch warning (bsc#1012628). - ASoC: imx-card: Fix DSD/PDM mclk frequency (bsc#1012628). - remoteproc: qcom: wcnss: Fix handling of IRQs (bsc#1012628). - vfio/ccw: Remove UUID from s390 debug log (bsc#1012628). - vfio/ccw: Fix FSM state if mdev probe fails (bsc#1012628). - vfio/ccw: Do not change FSM state in subchannel event (bsc#1012628). - ASoC: audio-graph-card2.c: use of_property_read_u32() for rate (bsc#1012628). - serial: 8250_fsl: Don't report FE, PE and OE twice (bsc#1012628). - tty: n_gsm: fix wrong T1 retry count handling (bsc#1012628). - tty: n_gsm: fix DM command (bsc#1012628). - tty: n_gsm: fix flow control handling in tx path (bsc#1012628). - tty: n_gsm: fix missing corner cases in gsmld_poll() (bsc#1012628). - MIPS: vdso: Utilize __pa() for gic_pfn (bsc#1012628). - ASoC: SOF: mediatek: fix mt8195 StatvectorSel wrong setting (bsc#1012628). - swiotlb: fail map correctly with failed io_tlb_default_mem (bsc#1012628). - lib/bitmap: fix off-by-one in bitmap_to_arr64() (bsc#1012628). - ASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes (bsc#1012628). - cpufreq: mediatek: fix error return code in mtk_cpu_dvfs_info_init() (bsc#1012628). - ASoc: audio-graph-card2: Fix refcount leak bug in __graph_get_type() (bsc#1012628). - ASoC: mt6359: Fix refcount leak bug (bsc#1012628). - ASoC: SOF: ipc-msg-injector: fix copy in sof_msg_inject_ipc4_dfs_write() (bsc#1012628). - serial: 8250_bcm7271: Save/restore RTS in suspend/resume (bsc#1012628). - iommu/exynos: Handle failed IOMMU device registration properly (bsc#1012628). - 9p: Drop kref usage (bsc#1012628). - 9p: Add client parameter to p9_req_put() (bsc#1012628). - net: 9p: fix refcount leak in p9_read_work() error handling (bsc#1012628). - MIPS: Fixed __debug_virt_addr_valid() (bsc#1012628). - rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge (bsc#1012628). - leds: pwm-multicolor: Don't show -EPROBE_DEFER as errors (bsc#1012628). - kfifo: fix kfifo_to_user() return type (bsc#1012628). - lib/smp_processor_id: fix imbalanced instrumentation_end() call (bsc#1012628). - proc: fix a dentry lock race between release_task and lookup (bsc#1012628). - remoteproc: qcom: pas: Check if coredump is enabled (bsc#1012628). - remoteproc: sysmon: Wait for SSCTL service to come up (bsc#1012628). - mfd: t7l66xb: Drop platform disable callback (bsc#1012628). - mfd: max77620: Fix refcount leak in max77620_initialise_fps (bsc#1012628). - ASoC: amd: yc: Decrease level of error message (bsc#1012628). - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (bsc#1012628). - perf tools: Fix dso_id inode generation comparison (bsc#1012628). - riscv: spinwait: Fix hartid variable type (bsc#1012628). - s390/crash: fix incorrect number of bytes to copy to user space (bsc#1012628). - s390/zcore: fix race when reading from hardware system area (bsc#1012628). - perf test: Fix test case 83 ('perf stat CSV output linter') on s390 (bsc#1012628). - ASoC: fsl_asrc: force cast the asrc_format type (bsc#1012628). - ASoC: fsl-asoc-card: force cast the asrc_format type (bsc#1012628). - ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format (bsc#1012628). - ASoC: imx-card: use snd_pcm_format_t type for asrc_format (bsc#1012628). - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (bsc#1012628). - fuse: Remove the control interface for virtio-fs (bsc#1012628). - ASoC: audio-graph-card: Add of_node_put() in fail path (bsc#1012628). - ASoC: audio-graph-card2: Add of_node_put() in fail path (bsc#1012628). - watchdog: f71808e_wdt: Add check for platform_driver_register (bsc#1012628). - watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource (bsc#1012628). - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (bsc#1012628). - ASoC: Intel: sof_rt5682: Perform quirk check first in card late probe (bsc#1012628). - video: fbdev: amba-clcd: Fix refcount leak bugs (bsc#1012628). - video: fbdev: sis: fix typos in SiS_GetModeID() (bsc#1012628). - ASoC: mchp-spdifrx: disable end of block interrupt on failures (bsc#1012628). - powerpc/32: Call mmu_mark_initmem_nx() regardless of data block mapping (bsc#1012628). - powerpc/32s: Fix boot failure with KASAN + SMP + JUMP_LABEL_FEATURE_CHECK_DEBUG (bsc#1012628). - powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32 (bsc#1012628). - video: fbdev: offb: Include missing linux/platform_device.h (bsc#1012628). - pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1012628). - powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case (bsc#1012628). - powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias (bsc#1012628). - selftests/powerpc: Fix matrix multiply assist test (bsc#1012628). - serial: 8250_bcm2835aux: Add missing clk_disable_unprepare() (bsc#1012628). - tty: serial: qcom-geni-serial: Fix get_clk_div_rate() which otherwise could return a sub-optimal clock rate (bsc#1012628). - tty: serial: fsl_lpuart: correct the count of break characters (bsc#1012628). - s390/smp: enforce lowcore protection on CPU restart (bsc#1012628). - perf stat: Revert "perf stat: Add default hybrid events" (bsc#1012628). - f2fs: fix to invalidate META_MAPPING before DIO write (bsc#1012628). - f2fs: fix to check inline_data during compressed inode conversion (bsc#1012628). - f2fs: fix to remove F2FS_COMPR_FL and tag F2FS_NOCOMP_FL at the same time (bsc#1012628). - cifs: Fix memory leak when using fscache (bsc#1012628). - powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader (bsc#1012628). - powerpc/xive: Fix refcount leak in xive_get_max_prio (bsc#1012628). - powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address (bsc#1012628). - perf symbol: Fail to read phdr workaround (bsc#1012628). - kprobes: Forbid probing on trampoline and BPF code areas (bsc#1012628). - x86/bus_lock: Don't assume the init value of DEBUGCTLMSR.BUS_LOCK_DETECT to be zero (bsc#1012628). - powerpc/pci: Fix PHB numbering when using opal-phbid (bsc#1012628). - genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO (bsc#1012628). - scripts/faddr2line: Fix vmlinux detection on arm64 (bsc#1012628). - tty: serial: qcom-geni-serial: Fix %lu -> %u in print statements (bsc#1012628). - powerpc/64e: Fix kexec build error (bsc#1012628). - sched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed (bsc#1012628). - x86/numa: Use cpumask_available instead of hardcoded NULL check (bsc#1012628). - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (bsc#1012628). - tools/thermal: Fix possible path truncations (bsc#1012628). - sched: Fix the check of nr_running at queue wakelist (bsc#1012628). - sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle (bsc#1012628). - sched/core: Do not requeue task on CPU excluded from cpus_mask (bsc#1012628). - x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (bsc#1012628). - f2fs: do not allow to decompress files have FI_COMPRESS_RELEASED (bsc#1012628). - video: fbdev: vt8623fb: Check the size of screen before memset_io() (bsc#1012628). - video: fbdev: arkfb: Check the size of screen before memset_io() (bsc#1012628). - video: fbdev: s3fb: Check the size of screen before memset_io() (bsc#1012628). - scsi: ufs: core: Correct ufshcd_shutdown() flow (bsc#1012628). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (bsc#1012628). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1012628). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1012628). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1012628). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1012628). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1012628). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1012628). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1012628). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1012628). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1012628). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1012628). - cifs: fix lock length calculation (bsc#1012628). - x86/bugs: Enable STIBP for IBPB mitigated RETBleed (bsc#1012628). - ftrace/x86: Add back ftrace_expected assignment (bsc#1012628). - x86/kprobes: Update kcb status flag after singlestepping (bsc#1012628). - x86/olpc: fix 'logical not is only applied to the left hand side' (bsc#1012628). - SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1012628). - posix-cpu-timers: Cleanup CPU timers before freeing them during exec (bsc#1012628). - Input: gscps2 - check return value of ioremap() in gscps2_probe() (bsc#1012628). - __follow_mount_rcu(): verify that mount_lock remains unchanged (bsc#1012628). - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (bsc#1012628). - csky: abiv1: Fixup compile error (bsc#1012628). - drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1012628). - drm/mediatek: Keep dsi as LP00 before dcs cmds transfer (bsc#1012628). - crypto: blake2s - remove shash module (bsc#1012628). - firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (bsc#1012628). - intel_th: pci: Add Meteor Lake-P support (bsc#1012628). - intel_th: pci: Add Raptor Lake-S PCH support (bsc#1012628). - intel_th: pci: Add Raptor Lake-S CPU support (bsc#1012628). - KVM: set_msr_mce: Permit guests to ignore single-bit ECC errors (bsc#1012628). - KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (bsc#1012628). - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (bsc#1012628). - PCI/AER: Iterate over error counters instead of error strings (bsc#1012628). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (bsc#1012628). - dm writecache: set a default MAX_WRITEBACK_JOBS (bsc#1012628). - kexec_file: drop weak attribute from functions (bsc#1012628). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1012628). - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1012628). - tracing/events: Add __vstring() and __assign_vstr() helper macros (bsc#1012628). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (bsc#1012628). - net/9p: Initialize the iounit field during fid creation (bsc#1012628). - ARM: Marvell: Update PCIe fixup (bsc#1012628). - timekeeping: contribute wall clock to rng on time change (bsc#1012628). - locking/csd_lock: Change csdlock_debug from early_param to __setup (bsc#1012628). - block: don't allow the same type rq_qos add more than once (bsc#1012628). - btrfs: tree-log: make the return value for log syncing consistent (bsc#1012628). - btrfs: ensure pages are unlocked on cow_file_range() failure (bsc#1012628). - btrfs: fix error handling of fallback uncompress write (bsc#1012628). - btrfs: reset block group chunk force if we have to wait (bsc#1012628). - btrfs: properly flag filesystem with BTRFS_FEATURE_INCOMPAT_BIG_METADATA (bsc#1012628). - block: add bdev_max_segments() helper (bsc#1012628). - btrfs: zoned: revive max_zone_append_bytes (bsc#1012628). - btrfs: replace BTRFS_MAX_EXTENT_SIZE with fs_info->max_extent_size (bsc#1012628). - btrfs: convert count_max_extents() to use fs_info->max_extent_size (bsc#1012628). - btrfs: let can_allocate_chunk return error (bsc#1012628). - btrfs: zoned: finish least available block group on data bg allocation (bsc#1012628). - btrfs: zoned: disable metadata overcommit for zoned (bsc#1012628). - btrfs: store chunk size in space-info struct (bsc#1012628). - btrfs: zoned: introduce space_info->active_total_bytes (bsc#1012628). - btrfs: zoned: activate metadata block group on flush_space (bsc#1012628). - btrfs: zoned: activate necessary block group (bsc#1012628). - btrfs: zoned: write out partially allocated region (bsc#1012628). - btrfs: zoned: wait until zone is finished when allocation didn't progress (bsc#1012628). - btrfs: join running log transaction when logging new name (bsc#1012628). - intel_idle: make SPR C1 and C1E be independent (bsc#1012628). - ACPI: CPPC: Do not prevent CPPC from working in the future (bsc#1012628). - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1012628). - s390/unwind: fix fgraph return address recovery (bsc#1012628). - KVM: x86/pmu: Introduce the ctrl_mask value for fixed counter (bsc#1012628). - KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (bsc#1012628). - KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU doesn't support global_ctrl (bsc#1012628). - KVM: x86/pmu: Accept 0 for absent PMU MSRs when host-initiated if !enable_pmu (bsc#1012628). - Revert "KVM: x86/pmu: Accept 0 for absent PMU MSRs when host-initiated if !enable_pmu" (bsc#1012628). - KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (bsc#1012628). - KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (bsc#1012628). - dm raid: fix address sanitizer warning in raid_status (bsc#1012628). - dm raid: fix address sanitizer warning in raid_resume (bsc#1012628). - dm: fix dm-raid crash if md_handle_request() splits bio (bsc#1012628). - mm/damon/reclaim: fix potential memory leak in damon_reclaim_init() (bsc#1012628). - hugetlb_cgroup: fix wrong hugetlb cgroup numa stat (bsc#1012628). - batman-adv: tracing: Use the new __vstring() helper (bsc#1012628). - tracing: Use a struct alignof to determine trace event field alignment (bsc#1012628). - ext4: fix reading leftover inlined symlinks (bsc#1012628). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1012628). - ext4: fix extent status tree race in writeback error recovery path (bsc#1012628). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1012628). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1012628). - ext4: correct max_inline_xattr_value_size computing (bsc#1012628). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1012628). - ext4: fix warning in ext4_iomap_begin as race between bmap and write (bsc#1012628). - Documentation: ext4: fix cell spacing of table heading on blockmap table (bsc#1012628). - ext4: check if directory block is within i_size (bsc#1012628). - ext4: make sure ext4_append() always allocates new block (bsc#1012628). - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1012628). - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1012628). - ext4: fix race when reusing xattr blocks (bsc#1012628). - KEYS: asymmetric: enforce SM2 signature use pkey algo (bsc#1012628). - tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH (bsc#1012628). - tpm: Add check for Failure mode for TPM2 modules (bsc#1012628). - xen-blkback: fix persistent grants negotiation (bsc#1012628). - xen-blkback: Apply 'feature_persistent' parameter when connect (bsc#1012628). - xen-blkfront: Apply 'feature_persistent' parameter when connect (bsc#1012628). - powerpc: Fix eh field when calling lwarx on PPC32 (bsc#1012628). - powerpc64/ftrace: Fix ftrace for clang builds (bsc#1012628). - net_sched: cls_route: remove from list when handle is 0 (bsc#1012628). - Revert "drm/bridge: anx7625: Use DPI bus type" (bsc#1012628). - tcp: fix over estimation in sk_forced_mem_schedule() (bsc#1012628). - crypto: lib/blake2s - reduce stack frame usage in self test (bsc#1012628). - raw: remove unused variables from raw6_icmp_error() (bsc#1012628). - raw: fix a typo in raw_icmp_error() (bsc#1012628). - Revert "mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv" (bsc#1012628). - Revert "devcoredump: remove the useless gfp_t parameter in dev_coredumpv and dev_coredumpm" (bsc#1012628). - mptcp: refine memory scheduling (bsc#1012628). - wifi: cfg80211: handle IBSS in channel switch (bsc#1012628). - wifi: nl80211: hold wdev mutex for tid config (bsc#1012628). - wifi: nl80211: relax wdev mutex check in wdev_chandef() (bsc#1012628). - wifi: nl80211: acquire wdev mutex earlier in start_ap (bsc#1012628). - wifi: cfg80211: remove chandef check in cfg80211_cac_event() (bsc#1012628). - tracing: Use a copy of the va_list for __assign_vstr() (bsc#1012628). - net: dsa: felix: fix min gate len calculation for tc when its first gate is closed (bsc#1012628). - Revert "s390/smp: enforce lowcore protection on CPU restart" (bsc#1012628). - powerpc/kexec: Fix build failure from uninitialised variable (bsc#1012628). - io_uring: mem-account pbuf buckets (bsc#1012628). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (bsc#1012628). - ASoC: Intel: avs: Use lookup table to create modules (bsc#1012628). - geneve: Use ip_tunnel_key flow flags in route lookups (bsc#1012628). - vxlan: Use ip_tunnel_key flow flags in route lookups (bsc#1012628). - Update config files. - commit 6c252ef ++++ libxslt: - Update to 1.1.36: * Removals and deprecations + Remove SVN keyword anchors + Remove CVS and SVN-related code + Remove README.cvs-commits + Remove ChangeLog + Remove xsltwin32config.h * Improvements + Simplify xsltexports.h and exsltexports.h + Don't overlink executables with gcrypt + Fix quadratic behavior with variables and parameters + Remove case labels with XPointer location types + Add configure~ to .gitignore + Stop calling deprecated libxml2 functions * Portability + Use portable python shebangs (David Seifert) + Remove useless __CYGWIN__ checks + Remove cruft from win32config.h + crypto.c: Silence a compiler warning on Windows (Chun-wei Fan) * Build system + Add missing compile definition for static builds to CMake + Avoid obsolescent `test -a` constructs (David Seifert) + Only link libxml2 statically in purely static build + Set AC_CONFIG_MACRO_DIR + Allow AM_MAINTAINER_MODE to be disabled + Streamline and fix documentation installation + Don't try to recreate COPYING symlink + Remove special configuration for certain maintainers + configure.ac: produce tar.xz only (GNOME policy) (David Seifert) + Detect libm using libtool's macros (David Seifert) + configure.ac: disable static libraries by default (David Seifert) + python/Makefile.am: nest python docs in $(docdir) (David Seifert) + python/Makefile.am: rely on global AM_INIT_AUTOMAKE (David Seifert) + configure.ac: remove useless AC_SUBST (David Seifert) + Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings (David Seifert) + Change libxml2 Python config + Don't check for standard C89 library functions + Don't check for standard C89 headers + Remove --with-html-dir option + Also check for glibtoolize in autogen.sh + Rework documentation build system + Remove old website + CMake: Relax check for enabling crypto support on Windows (Chun-wei Fan) + Remove obsolete AC_HEADER_STDC autoconf macro (Vadim Zeitlin) + Remove special configuration for old maintainers * Test suite, CI + Remove test involving XPointer range-to function + Test recursion in EXSLT dynamic functions + Add CI job for static build * Documentation + Move tutorial images ++++ gpgme: - gpgme 1.18.0 * New keylist mode to force refresh via external methods * The keylist operations now create an import result to report the result of the locate keylist modes * core: Return BAD_PASSPHRASE error code on symmetric decryption failure * cpp, qt: Do not export internal symbols anymore * cpp, qt: Support revocation of own OpenPGP keys * qt: The file name of (signed and) encrypted data can now be set * cpp, qt: Support setting the primary user ID * python: Fix segv(NULL) when inspecting contect after exeception - includes changes from version 1.17.1: * qt: Fix a bug in the ABI compatibility of 1.17.0 - includes changes from 1.17.0: * New context flag "key-origin" * New context flag "import-filter" * New export mode to export secret subkeys * Detect errors during the export of secret keys * New function gpgme_op_receive_keys to import keys from a keyserver without first running a key listing * Detect bad passphrase error in certificate import * Allow setting --key-origin when importing keys * Support components "keyboxd", "gpg-agent", "scdaemon", "dirmngr", "pinentry", and "socketdir" in gpgme_get_dirinfo * Under Unix use poll(2) instead of select(2), when available. * Fix results returned by gpgme_data_* functions * Support closefrom also for glibc (drop upstream gpgme-use-glibc-closefrom.patch * cpp,qt: Add support for export of secret keys and secret subkeys. * cpp,qt: Support for adding existing subkeys to other keys * qt: Extend ChangeExpiryJob to change expiration of primary key and of subkeys at the same time * qt: Support WKD lookup without implicit import * qt: Allow specifying an import filter when importing keys * qt: Allow retrieving the default value of a config entry - drop patches included upstream * gpgme-1.16.0-Use-after-free-in-t-edit-sign-test.patch * gpgme-1.16.0-t-various-testSignKeyWithExpiration-32-bit.patch - add patches to fix tests: * gpgme-1.18.0-T6137-qt_test.patch ++++ libxml2: - Update to 2.10.0: * Security + [CVE-2022-2309] Reset nsNr in xmlCtxtReset + Reserve byte for NUL terminator and report errors consistently in xmlBuf and xmlBuffer + Fix missing NUL terminators in xmlBuf and xmlBuffer functions + Fix integer overflow in xmlBufferDump() + xmlBufAvail() should return length without including a byte for NUL terminator + Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() + Use xmlNewDocText in xmlXIncludeCopyRange + Fix use-after-free bugs when calling xmlTextReaderClose() before xmlFreeTextReader() on post-validating parser + Use UPDATE_COMPAT() consistently in buf.c + fix: xmlXPathParserContext could be double-delete in OOM case. * Removals and deprecations + Disable XPointer location support by default + Remove outdated xml2Conf.sh + Deprecate module init and cleanup functions + Remove obsolete XML Software Autoupdate (XSA) file + Remove DOCBparser + Remove obsolete Python test framework + Remove broken VxWorks support + Remove broken Mac OS 9 support + Remove broken bakefile support + Remove broken Visual Studio 2010 support + Remove broken Windows CE support + Deprecate IDREF-related functions in valid.h + Deprecate legacy functions + Disable legacy support by default + Deprecate all functions in nanoftp.h + Disable FTP support by default + Add XML_DEPRECATED macro + Remove elfgcchack.h * Regressions + Skip incorrectly opened HTML comments + Restore behavior of htmlDocContentDumpFormatOutput() * Bug fixes + Fix memory leak with invalid XSD + Make XPath depth check work with recursive invocations + Fix memory leak in xmlLoadEntityContent error path + Avoid double-free if malloc fails in inputPush + Properly fold whitespace around the QName value when validating an XSD schema. + Add whitespace folding for some atomic data types that it's missing on. + Don't add IDs containing unexpanded entity references * Improvements + Avoid calling xmlSetTreeDoc + Simplify xmlFreeNode + Don't reset nsDef when changing node content + Fix unintended fall-through in xmlNodeAddContentLen + Remove unused xmlBuf functions + Implement xpath1() XPointer scheme + Add configuration flag for XPointer locations support + Fix compiler warnings in Python code + Mark more static data as `const` + Make xmlStaticCopyNode non-recursive + Clean up encoding switching code + Simplify recursive pthread mutex + Use non-recursive mutex in dict.c + Fix parser progress checks + Avoid arithmetic on freed pointers + Improve buffer allocation scheme + Remove unneeded #includes + Add support for some non-standard escapes in regular expressions. + htmlParseComment: handle abruptly-closed comments + Add let variable tag support + Add value-of tag support + Remove useless call to xmlRelaxNGCleanupTypes + Don't include ICU headers in public headers + Update `xmlStrlen()` to use POSIX / ISO C `strlen()` + Fix unused variable warnings with disabled features + Only warn on invalid redeclarations of predefined entities + Remove unneeded code in xmlreader.c + Rework validation context flags * Portability + Use NAN/INFINITY if available to init XPath NaN/Inf + Fix Python tests on macOS + Fix xmlCleanupThreads on Windows + Fix reinitialization of library on Windows + Don't mix declarations and code in runtest.c + Use portable python shebangs + Use critical sections as mutex on Windows + Don't set HAVE_WIN32_THREADS in win32config.h + Use stdint.h with newer MSVC + Remove cruft from win32config.h + Remove isinf/isnan emulation in win32config.h + Always fopen files with "rb" + Remove __DJGPP__ checks + Remove useless __CYGWIN__ checks * Build system + Don't autogenerate doc/examples/Makefile.am + cmake: Install libxml.m4 on UNIX-like platforms + cmake: Use symbol versioning on UNIX-like platforms + Port genUnicode.py to Python 3 + Port gentest.py to Python 3 + cmake: Fix build without thread support + cmake: Install documentation in CMAKE_INSTALL_DOCDIR + cmake: Remove non needed files in docs dir + configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set + Move local Autoconf macros into m4 directory + Use XML_PRIVATE_LIBS in libxml2_la_LIBADD + Update libxml-2.0-uninstalled.pc.in + Remove LIBS from XML_PRIVATE_LIBS + Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS + Don't overlink executables + cmake: Adjust paths for UNIX or UNIX-like target systems + build: Make use of variables in libxml's pkg-config file + Avoid obsolescent `test -a` constructs + Move AM_MAINTAINER_MODE to AM section + configure.ac: make AM_SILENT_RULES([yes]) unconditional + Streamline documentation installation + Don't try to recreate COPYING symlink + Detect libm using libtool's macros + configure.ac: disable static libraries by default + python/Makefile.am: nest python docs in $(docdir) + python/Makefile.am: rely on global AM_INIT_AUTOMAKE + Makefile.am: install examples more idiomatically + configure.ac: remove useless AC_SUBST + Respect `--sysconfdir` in source files + Ignore configure backup file created by recent autoreconf too + Only install *.html and *.c example files + Remove --with-html-dir option + Rework documentation build system + Remove old website + Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings + Update genChRanges.py + Update build_glob.py + Remove ICONV_CONST test + Remove obsolete AC_HEADER checks + Don't check for standard C89 library functions + Don't check for standard C89 headers + Remove special configuration for certain maintainers * Test suite, CI + Disable network in API tests + testapi: remove leading slash from "/missing.xml" + Build Autotools CI tests out of source tree (VPATH) + Add --with-minimum build to CI tests + Fix warnings when testing --with-minimum build + cmake: Run all tests when threads are disabled + Also build CI tests with -Werror + Move doc/examples tests to new test suite + Simplify 'make check' targets + Fix schemas and relaxng tests + Remove unused result files + Allow missing result files in runtest + Move regexp tests to runtest + Move SVG tests to runtest.c + Move testModule to new test suite + Move testThreads to new test suite + Remove major parts of old test suite + Make testchar return an error on failure + Add CI job for static build + python/tests: open() relative to test scripts + Port some test scripts to Python 3 * Documentation + Improve documentation of tree manipulation API + Update xml2-config man page + Consolidate man pages + Rename xmlcatalog_man.xml + Make examples a standalone HTML page + Fix documentation in entities.c + Add note about optimization flags ++++ python-charset-normalizer: - Clean requirements: We don't need anything ++++ libxml2-python: - Update to 2.10.0: * Security + [CVE-2022-2309] Reset nsNr in xmlCtxtReset + Reserve byte for NUL terminator and report errors consistently in xmlBuf and xmlBuffer + Fix missing NUL terminators in xmlBuf and xmlBuffer functions + Fix integer overflow in xmlBufferDump() + xmlBufAvail() should return length without including a byte for NUL terminator + Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() + Use xmlNewDocText in xmlXIncludeCopyRange + Fix use-after-free bugs when calling xmlTextReaderClose() before xmlFreeTextReader() on post-validating parser + Use UPDATE_COMPAT() consistently in buf.c + fix: xmlXPathParserContext could be double-delete in OOM case. * Removals and deprecations + Disable XPointer location support by default + Remove outdated xml2Conf.sh + Deprecate module init and cleanup functions + Remove obsolete XML Software Autoupdate (XSA) file + Remove DOCBparser + Remove obsolete Python test framework + Remove broken VxWorks support + Remove broken Mac OS 9 support + Remove broken bakefile support + Remove broken Visual Studio 2010 support + Remove broken Windows CE support + Deprecate IDREF-related functions in valid.h + Deprecate legacy functions + Disable legacy support by default + Deprecate all functions in nanoftp.h + Disable FTP support by default + Add XML_DEPRECATED macro + Remove elfgcchack.h * Regressions + Skip incorrectly opened HTML comments + Restore behavior of htmlDocContentDumpFormatOutput() * Bug fixes + Fix memory leak with invalid XSD + Make XPath depth check work with recursive invocations + Fix memory leak in xmlLoadEntityContent error path + Avoid double-free if malloc fails in inputPush + Properly fold whitespace around the QName value when validating an XSD schema. + Add whitespace folding for some atomic data types that it's missing on. + Don't add IDs containing unexpanded entity references * Improvements + Avoid calling xmlSetTreeDoc + Simplify xmlFreeNode + Don't reset nsDef when changing node content + Fix unintended fall-through in xmlNodeAddContentLen + Remove unused xmlBuf functions + Implement xpath1() XPointer scheme + Add configuration flag for XPointer locations support + Fix compiler warnings in Python code + Mark more static data as `const` + Make xmlStaticCopyNode non-recursive + Clean up encoding switching code + Simplify recursive pthread mutex + Use non-recursive mutex in dict.c + Fix parser progress checks + Avoid arithmetic on freed pointers + Improve buffer allocation scheme + Remove unneeded #includes + Add support for some non-standard escapes in regular expressions. + htmlParseComment: handle abruptly-closed comments + Add let variable tag support + Add value-of tag support + Remove useless call to xmlRelaxNGCleanupTypes + Don't include ICU headers in public headers + Update `xmlStrlen()` to use POSIX / ISO C `strlen()` + Fix unused variable warnings with disabled features + Only warn on invalid redeclarations of predefined entities + Remove unneeded code in xmlreader.c + Rework validation context flags * Portability + Use NAN/INFINITY if available to init XPath NaN/Inf + Fix Python tests on macOS + Fix xmlCleanupThreads on Windows + Fix reinitialization of library on Windows + Don't mix declarations and code in runtest.c + Use portable python shebangs + Use critical sections as mutex on Windows + Don't set HAVE_WIN32_THREADS in win32config.h + Use stdint.h with newer MSVC + Remove cruft from win32config.h + Remove isinf/isnan emulation in win32config.h + Always fopen files with "rb" + Remove __DJGPP__ checks + Remove useless __CYGWIN__ checks * Build system + Don't autogenerate doc/examples/Makefile.am + cmake: Install libxml.m4 on UNIX-like platforms + cmake: Use symbol versioning on UNIX-like platforms + Port genUnicode.py to Python 3 + Port gentest.py to Python 3 + cmake: Fix build without thread support + cmake: Install documentation in CMAKE_INSTALL_DOCDIR + cmake: Remove non needed files in docs dir + configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set + Move local Autoconf macros into m4 directory + Use XML_PRIVATE_LIBS in libxml2_la_LIBADD + Update libxml-2.0-uninstalled.pc.in + Remove LIBS from XML_PRIVATE_LIBS + Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS + Don't overlink executables + cmake: Adjust paths for UNIX or UNIX-like target systems + build: Make use of variables in libxml's pkg-config file + Avoid obsolescent `test -a` constructs + Move AM_MAINTAINER_MODE to AM section + configure.ac: make AM_SILENT_RULES([yes]) unconditional + Streamline documentation installation + Don't try to recreate COPYING symlink + Detect libm using libtool's macros + configure.ac: disable static libraries by default + python/Makefile.am: nest python docs in $(docdir) + python/Makefile.am: rely on global AM_INIT_AUTOMAKE + Makefile.am: install examples more idiomatically + configure.ac: remove useless AC_SUBST + Respect `--sysconfdir` in source files + Ignore configure backup file created by recent autoreconf too + Only install *.html and *.c example files + Remove --with-html-dir option + Rework documentation build system + Remove old website + Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings + Update genChRanges.py + Update build_glob.py + Remove ICONV_CONST test + Remove obsolete AC_HEADER checks + Don't check for standard C89 library functions + Don't check for standard C89 headers + Remove special configuration for certain maintainers * Test suite, CI + Disable network in API tests + testapi: remove leading slash from "/missing.xml" + Build Autotools CI tests out of source tree (VPATH) + Add --with-minimum build to CI tests + Fix warnings when testing --with-minimum build + cmake: Run all tests when threads are disabled + Also build CI tests with -Werror + Move doc/examples tests to new test suite + Simplify 'make check' targets + Fix schemas and relaxng tests + Remove unused result files + Allow missing result files in runtest + Move regexp tests to runtest + Move SVG tests to runtest.c + Move testModule to new test suite + Move testThreads to new test suite + Remove major parts of old test suite + Make testchar return an error on failure + Add CI job for static build + python/tests: open() relative to test scripts + Port some test scripts to Python 3 * Documentation + Improve documentation of tree manipulation API + Update xml2-config man page + Consolidate man pages + Rename xmlcatalog_man.xml + Make examples a standalone HTML page + Fix documentation in entities.c + Add note about optimization flags ++++ vim: - Updated to version 9.0.0224, fixes the following problems - boo#1202552 - CVE-2022-2874 - boo#1202512 - CVE-2022-2849 - boo#1202511 - CVE-2022-2862 - boo#1202515 - CVE-2022-2845 - boo#1202421 - CVE-2022-2816 - boo#1202420 - CVE-2022-2817 - boo#1202414 - CVE-2022-2819 * indexof() may leak memory. * Cursor in wrong position when inserting after virtual text. (Ben Jackson) * Redraw flags are not named specifically. * Stacktrace not shown when debugging. * The override flag has no effect for virtual text. (Ben Jackson) * Build error with small features. * 'list' mode does not work properly with virtual text. * Invalid memory access when compiling :lockvar. * Invalid memory access when compiling :unlet. * Using freed memory with error in assert argument. * Splitting a line may duplicate virtual text. (Ben Jackson) * Not passing APC_INDENT flag. * Undo earlier test sometimes fails on MS-Windows. * 'shellslash' works differently when sourcing a script again. * Reading before the start of the line. * Cannot make a funcref with "s:func" in a def function in legacy script. * Invalid memory access with for loop over NULL string. * Accessing freed memory if compiling nested function fails. * No good reason why text objects are only in larger builds. * Typo in diffmode test. ++++ xen: - Update to Xen 4.16.2 bug fix release (bsc#1027519) xen-4.16.2-testing-src.tar.bz2 * No upstream changelog found in sources or webpage - Drop patches contained in new tarball 625fca42-VT-d-reserved-CAP-ND.patch 626f7ee8-x86-MSR-handle-P5-MC-reads.patch 627549d6-IO-shutdown-race.patch 62a1e594-x86-clean-up-_get_page_type.patch 62a1e5b0-x86-ABAC-race-in-_get_page_type.patch 62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch 62a1e5f0-x86-dont-change-cacheability-of-directmap.patch 62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch 62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch 62a1e649-x86-track-and-flush-non-coherent.patch 62a99614-IOMMU-x86-gcc12.patch 62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch 62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch 62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch 62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch 62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch 62c56cc0-libxc-fix-compilation-error-with-gcc13.patch 62cc31ed-x86-honour-spec-ctrl-0-for-unpriv-mmio.patch 62cc31ee-cmdline-extend-parse_boolean.patch 62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch 62cd91d0-x86-spec-ctrl-rework-context-switching.patch 62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch 62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch 62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch 62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch 62cd91d5-x86-cpuid-BTC_NO-enum.patch 62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch 62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch xsa408.patch ------------------------------------------------------------------ ------------------ 2022-8-17 - Aug 17 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - update to 22.1.6: * llvmpipe: make last_fence a screen/rast object not a context one. llvmpipe: keep context list and use to track resource usage. * Revert "pan/bi: Require ATEST coverage mask input in R60" * intel/dev: drop warning for unhandled hwconfig keys * anv: Use sampleLocationsEnable for sample locations ++++ Mesa-drivers: - update to 22.1.6: * llvmpipe: make last_fence a screen/rast object not a context one. llvmpipe: keep context list and use to track resource usage. * Revert "pan/bi: Require ATEST coverage mask input in R60" * intel/dev: drop warning for unhandled hwconfig keys * anv: Use sampleLocationsEnable for sample locations ++++ boost-base: - update to 1.80.0: * no new libraries * for details on all the long list of changes, see https://www.boost.org/users/history/version_1_80_0.html - drop 0001-json-array-erase-relocate.patch boost-mp-locale-fix.patch: upstream ++++ conmon: - update to 2.1.3: * Port conmon to FreeBSD * Stop using g_unix_signal_add() to avoid threads * Rename CLI optionlog-size-global-max to log-global-size-max ++++ kexec-tools: - update to 2.0.25: * kexec-tools: Remove duplicate ultoa() definitions and redefine it * i386: pass rng seed via setup_data * kexec-tools: mips: Pass initrd parameter via cmdline * arm64/crashdump-arm64: increase CRASH_MAX_MEMORY_RANGES to 32k ++++ mozilla-nss: - update to NSS 3.81 * bmo#1762831 - Enable aarch64 hardware crypto support on OpenBSD * bmo#1775359 - make NSS_SecureMemcmp 0/1 valued * bmo#1779285 - Add no_application_protocol alert handler and test client error code is set * bmo#1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (boo#1202118) ++++ protobuf: - update to 21.5: PHP * Added getContainingOneof and getRealContainingOneof to descriptor. * fix PHP readonly legacy files for nested messages Python * Fixed comparison of maps in Python. ++++ python310-core: - fix import_failed.map to refer to the python 3.10 package versions ++++ mozilla-nspr: - update to version 4.34.1 * add file descriptor sanity checks in the NSPR poll function ++++ python310: - fix import_failed.map to refer to the python 3.10 package versions ++++ python-pyzmq: - update to version 23.2.1: * Improvements: + First release with wheels for Python 3.11 (thanks cibuildwheel!). + linux aarch64 wheels now bundle the same libzmq (4.3.4) as all other builds, thanks to switching to native arm builds on CircleCI. * Fixes: + Some type annotation fixes in devices. ++++ python-systemd: - Add OBS_missing_etc_machine_id.patch to partially fix gh#systemd/python-systemd#118. - Update to version 235: * Adapt the rename of systemd-activate to systemd-socket-activate performed in systemd 230. * Support for sd_listen_fds_with_names added in systemd 227. * Support for sd_journal_get_cutoff_realtime_usec added in systemd 186. * Make the Reader PY_SSIZE_T_CLEAN for py3.10 compatibility. * id128: update for systemd-243 compatibility and other fixes. * C syntax modernization. A minimum of C99 is assumed. * Fix seek_realtime to work with timezone aware date on Python 3. * journal: add namespace support. * Fixes for memory leaks and documentation. * Support for Python 2 will be removed after this release. - Remove upstreamed 0002-reader-make-PY_SSIZE_T_CLEAN.patch. - Skip two failing tests (gh#systemd/python-systemd#118) ++++ tar: - bsc1200657.patch was previously incomplete leading to deadlocks * bsc#1202436 * bsc1200657.patch updated ------------------------------------------------------------------ ------------------ 2022-8-16 - Aug 16 2022 ------------------- ------------------------------------------------------------------ ++++ filesystem: - Add French(France) (fr_FR) man pages directory - seen in xz ++++ kernel-default: - rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385) We do the move only on 15.5+. - commit 9c7ade3 - rpm/kernel-binary.spec.in: simplify find for usrmerged The type test and print line are the same for both cases. The usrmerged case only ignores more, so refactor it to make it more obvious. - commit 583c9be - x86: link vdso and boot with -z noexecstack - -no-warn-rwx-segments (binutils 2.39). - commit 4fdb301 - Makefile: link with -z noexecstack --no-warn-rwx-segments (binutils-2.39). - commit 7c9d0cf ++++ less: - Which need one /usr/bin/which, not the package which ++++ lz4: - Update to release 1.9.4 * Decompression speed on high-end ARM64 platform is improved, by ~+20%. * For the specific scenario of data compressed with -BD4 setting (small blocks, <= 64 KB, linked) decompressed block-by-block into a flush buffer (like lz4 CLI does), decompression speed is improved ~+70%. * For compressed data employing the lz4frame format (native format of lz4 CLI), it's possible to ignore checksum validation during decompression, resulting in speed improvements of ~+40% . This capability is exposed at both CLI (see --no-crc) and library levels. ++++ systemd: - Import commit 532faa39ebaa6f56e493cc938a91a40df082b74f (merge of v251.4) It includes the following fixes: - 739d7130cb home: drop conflicted headers (bsc#1202221) - 8fe0c12178 glibc: Remove #include to resolve fsconfig_command/mount_attr conflict with glibc 2.36 (bsc#1202221) - 0c5b7ee318 udev: allow to execute longer command line (bsc#1201766) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/8cd784e9250b38d20d8e14fccbfb211010283c79...532faa39ebaa6f56e493cc938a91a40df082b74f - Drop 1001-statx.patch, it's no more needed. ++++ liburing: - add test-xattr-don-t-rely-on-NUL-termination.patch (bsc#1202413) ++++ ovmf: - Update to edk2-stable202205 - Features (https://github.com/tianocore/edk2/releases): Support PEI 64bit in IntelFsp2Pkg and IntelFsp2WrapperPkg IntelFsp2Pkg: BaseFspCommonLib Support for X64 Build Add PrmPkg BaseTools Enhance GenFw to support PRM GCC build Enable Intel TDX in OvmfPkg Generate CloudHv target as PVH ELF binary Add parallel hash feature into BaseCryptLib Configure/Enable elliptic curve ciphers in OpenSSL Add FMMT tool into edk2 BaseTools Dynamic variable flash information cannot be passed in Standalone MM - Patches (git log --oneline --reverse edk2-stable202202~..edk2-stable202205): b24306f15d NetworkPkg: Fix incorrect unicode string of the AKM/Cipher Suite 2dbed52506 ArmVirtPkg/ArmVirtMemoryInitPeiLib: avoid redundant cache invalidation 54cddc3ad4 ArmVirtPkg/ArmVirtKvmTool: wire up configurable timeout de463163d9 OvmfPkg/AmdSev: reserve snp pages 63c50d3ff2 OvmfPkg/ResetVector: cache the SEV status MSR value in workarea f1d1c337e7 OvmfPkg/BaseMemEncryptLib: use the SEV_STATUS MSR value from workarea b1b89f9009 MdeModulePkg: Correct high-memory use in NvmExpressDxe 84338c0d49 MdeModulePkg: Replace Opcode with the corresponding instructions. d3febfd9ad MdePkg: Replace Opcode with the corresponding instructions. 7bc8b1d9f4 SourceLevelDebugPkg: Replace Opcode with the corresponding instructions. 2aa107c0aa UefiCpuPkg: Replace Opcode with the corresponding instructions. bbaa00dd01 MdePkg: Remove the macro definitions regarding Opcode. 6a890db161 BaseTools: Upgrade the version of NASM tool 497ac7b6d7 UefiPayloadPkg/PayloadLoaderPeim: Use INT64 as input parameter dc39554d58 edk2/MdeModulePkg/Debuglib: Add Standalone MM support 906242343f MdeModulePkg/GraphicsConsoleDxe: Check status to make sure no error b422b0fcf9 EmulatorPkg/EmuGopDxe: Set ModeInfo after Open successfully 589d51df26 MdeModulePkg/Usb/Keyboard.c: Don't request protocol before setting b909b4ad09 OvmfPkg: Make the Xen ELF header generator more flexible 0a707eb258 OvmfPkg: Xen: Use a new fdf include for the PVH ELF header 0015a4e0a8 OvmfPkg: Xen: Generate fdf include file from ELF header generator 9ac8c85d50 OvmfPkg: CloudHv: Remove VARS and CODE sections e1c7f9b4e5 OvmfPkg: Generate CloudHv as a PVH ELF binary d50d9e5549 OvmfPkg: CloudHv: Retrieve RSDP address from PVH 82bfd2e86d OvmfPkg: CloudHv: Rely on PVH memmap instead of CMOS b83d0a6438 OvmfPkg: CloudHv: Add README 4a68176cb5 UefiCpuPkg: Extend SMM CPU Service with rendezvous support. 949b8a3d97 Maintainers.txt: Add new reviewer for UefiPayloadPkg 091b6a1197 UefiPayloadPkg: Add build option for Above 4G Memory 4adc364c75 UefiPayloadPkg: Fix case of protocol 79f2734e5a MdeModulePkg: Add a check for metadata size in NvmExpress Driver af74efe494 UefiPayloadPkg: Make Boot Manager Key configurable 62fa37fe7b BlSupportSmm: fix definition of SetSmrr() 56530dec11 .pytool/Plugin/UncrustifyCheck: Output file diffs by default 2aac8bb7ef .pytool: Update to newest pytools c63ef58698 .azurepipelines: Updated python version f06941cc46 MdeModulePkg: Add bRefClkFreq card attribute programming support 2b175eeb6a RedfishPkg: fix memory leak issue 10b4c8f3b7 Maintainers: Update Maintainers.txt for edk2 Redfish modules 0fdd466c75 UefiCpuPkg/MpInitLib:remove optional in declaration 52e09dcd7a UefiCpuPkg: Support FFS3 GUID in SearchForBfvBase.asm a13dfc769b MdeModulePkg/DxeIpl: Create 5-level page table for long mode c8ea48bdf9 DynamicTablesPkg: Fix serial port namespace path in DBG2 414cd2a4d5 BaseTools/GenFw: Enhance GenFw to support PRM GCC build 33438f7354 EmulatorPkg/RedfishPlatformCredentialLib: Check EFI_SECURE_BOOT_MODE_NAME 5b56c52b5c EmulatorPkg/RedfishPlatformCredentialLib: Don't stop Redfish service 0531f61376 IntelFsp2Pkg: BaseFspDebugLibSerialPort Support for X64 411b3ff6dd IntelFsp2Pkg: BaseFspSwitchStackLib Support for X64 b429959bb6 MdeModulePkg/SdMmcPciHcDxe: Make timeout for SD card configurable 79a705fbaf UefiPayloadPkg: Hookup SD/MMC timeout 28eeb08d86 MdePkg/Include: Smbios Specification 3.5.0 changes c1e662101a CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib. 267a92fef3 MdePkg/AcpiXX.h: Update Error Severity type for Generic Error Status Block ec0b54849b IntelFsp2Pkg: BaseFspCommonLib Support for X64 5d8d8b5148 MdeModulePkg/NvmExpressDxe: fix check for Cap.Css 69218d5d28 MdeModulePkg/NvmExpressPei: fix check for NVM command set bf9230a9f3 BaseTools: Add the FeatureFlagExpression usage to the Source Section 3115377bf0 BaseTools: Remove the redundant __FLEXIBLE_SIZE from PcdValueInit.c 4a2e1000a1 CryptoPkg: update openssl submodule to 1.1.1n 355515a06a CryptoPkg? Redefinition bug in CrtLibSupport.h. 7b005f344e BaseTools: fix gcc12 warning 85021f8cf2 BaseTools: fix gcc12 warning 22130dcd98 Basetools: turn off gcc12 warning ec30a4a0c3 BaseTools:Support decimal version number in ECC check 3ef2071927 UefiCpuPkg: Update BFV searching algorithm in VTF0 691b178667 ShellPkg/AcpiView: Adds ACPI_PARSER bitfield parser 40004ff9d5 ShellPkg/AcpiView: PrintFormatter for FADT Flags field 7456990e8e MdeModulePkg/Ufs: bRefClkFreq attribute be programmed after fDeviceInit 237c966396 UefiPayloadPkg/UefiPayloadPkg.ci.yaml: Remove duplicated entry 76191052fd UefiPayloadPkg: Fix build error 449eb01a8d UefiPayloadPkg: Fix architecture in the build instruction c248802e40 UefiPayloadPkg: Fix PciHostBridgeLib 2b4b8013fe UefiPayloadPkg/Library/PlatformBootManagerLib: Remove broken VGA detection 55637a2894 UefiPayloadPkg: Make Boot Timeout configurable 2268920afc .azurepipelines: Use Python 3.8 c3ca70669e .azurepipelines: Use windows-2019 VM image 3b0de44759 EmulatorPkg: Use windows-2019 VM image 75628d27c0 OvmfPkg: Use windows-2019 VM image b328bb54c6 BaseTools/Bin: Update GCC ARM compiler version 3f0c788a5f MdePkg: Add Tdx.h 77228269e7 MdePkg: Update Cpuid.h for Tdx 818bc9596d MdePkg: Introduce basic Tdx functions in BaseLib c3001cb744 MdePkg: Add TdxLib to wrap Tdx operations eddcba40b5 UefiCpuPkg: Extend VmgExitLibNull to handle #VE exception daf8f642f3 OvmfPkg: Extend VmgExitLib to handle #VE exception de327f7d8a UefiCpuPkg/CpuExceptionHandler: Add base support for the #VE exception ab9d790901 MdePkg: Add helper functions for Tdx guest in BaseIoLibIntrinsic b6b2de8848 MdePkg: Support mmio for Tdx guest in BaseIoLibIntrinsic d74e932681 MdePkg: Support IoFifo for Tdx guest in BaseIoLibIntrinsic 3571fc906f MdePkg: Support IoRead/IoWrite for Tdx guest in BaseIoLibIntrinsic 7bed7ae6c5 UefiCpuPkg: Support TDX in BaseXApicX2ApicLib d983b102b3 MdePkg: Add macro to check SEV / TDX guest 88da06ca76 UefiCpuPkg: Enable Tdx support in MpInitLib 352eabdcd5 OvmfPkg: Add IntelTdx.h in OvmfPkg/Include/IndustryStandard 6a608255bb OvmfPkg: Add TdxMailboxLib 57bcfc3b06 OvmfPkg: Create initial version of PlatformInitLib 102cafedad OvmfPkg/PlatformInitLib: Add hob functions 9a9b33b3d6 OvmfPkg/PlatformPei: Move global variables to PlatformInfoHob 5a2574a82e OvmfPkg/PlatformPei: Refactor MiscInitialization 6d2ce5fd5c OvmfPkg/PlatformPei: Refactor MiscInitialization for CloudHV 3dd47f9544 OvmfPkg/PlatformPei: Refactor AddressWidthInitialization 432e4acd87 OvmfPkg/PlatformPei: Refactor MaxCpuCountInitialization f3801cf26c OvmfPkg/PlatformPei: Refactor QemuUc32BaseInitialization e510326245 OvmfPkg/PlatformPei: Refactor InitializeRamRegions 12e860a1e8 OvmfPkg/PlatformPei: Refactor MemMapInitialization cec82a64cf OvmfPkg/PlatformPei: Refactor NoexecDxeInitialization f53f449f15 OvmfPkg/PlatformPei: Refactor MiscInitialization 10460942ff OvmfPkg/PlatformInitLib: Create MemDetect.c 96047b6663 OvmfPkg/PlatformInitLib: Move functions to Platform.c b22ac35b75 OvmfPkg: Update PlatformInitLib to process Tdx hoblist ccca1c2d5d OvmfPkg/Sec: Declare local variable as volatile in SecCoreStartupWithStack 2b80269d98 OvmfPkg: Update Sec to support Tdx 6b27c11690 OvmfPkg: Check Tdx in QemuFwCfgPei to avoid DMA operation bec9104201 MdeModulePkg: Skip setting IA32_ERER.NXE if it has already been set fd306d1dbc MdeModulePkg: Add PcdTdxSharedBitMask cc3620f304 UefiCpuPkg: Update AddressEncMask in CpuPageTable e23f8f52fd OvmfPkg: Update PlatformInitLib for Tdx guest cf17156d7d OvmfPkg: Update PlatformPei to support Tdx guest 9fdc70af6b OvmfPkg: Update AcpiPlatformDxe to alter MADT table 5aa8018639 OvmfPkg/BaseMemEncryptTdxLib: Add TDX helper library fae5c1464d OvmfPkg: Add TdxDxe driver 07c721fea7 OvmfPkg/QemuFwCfgLib: Support Tdx in QemuFwCfgDxe 2520182122 OvmfPkg: Update IoMmuDxe to support TDX c2e7be4055 OvmfPkg: Rename XenTimerDxe to LocalApicTimerDxe 299c44cd4f UefiCpuPkg: Setting initial-count register as the last step c37cbc030d OvmfPkg: Switch timer in build time for OvmfPkg 580a6b616b OvmfPkg: Add TdxWorkArea definition 75942a52ae OvmfPkg: Add PrePiHobListPointerLibTdx 4fe2678411 OvmfPkg: Add PeilessStartupLib 1f29de4d20 OvmfPkg/IntelTdx: Add Sec to bring up both Legacy and Tdx guest 55fda68a80 OvmfPkg: Update TdxDxe to set TDX PCDs f674fa9cde OvmfPkg: Update DxeAcpiTimerLib to read HostBridgeDevId in PlatformInfoHob 149ed8e421 OvmfPkg/IncompatiblePciDeviceSupportDxe: Refine the configuration c477b2783f OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Td guest cb8349f01a MdeModulePkg: Update PciEnumeratorSupport to ignore OptionRom if needed 44a53a3bdd OvmfPkg: Introduce IntelTdxX64 for TDVF Config-B 7fda517c3d OvmfPkg: Add dependency of VariableSmm driver to make it work normally. b953265a27 UefiPayloadPkg: Add a new DebugPrintErrorLevelLib instance 0023e35cf4 UefiPayloadPkg: Change some configuration of the payload 3e130e40fc UefiPayloadPkg: Consume the new added DebugPrintErrorLevelLib instance f16b05a13b .pytool/Plugin/UncrustifyCheck: Update func to return absolute paths dbfbaedb21 .pytool/Plugin/UncrustifyCheck: Add ignore file support d932199d39 OvmfPkg: Revert Uncrustify formatting in VbeShim.h files ad6816c319 OvmfPkg: Do not check VbeShim.h formatting with Uncrustify d2998af211 PrmPkg: Add package and include headers 5f76c3e471 PrmPkg: Add PrmConfig protocol interface e189e01af2 PrmPkg/PrmContextBufferLib: Add initial library instance 3f7af17c6b PrmPkg/PrmConfigDxe: Add initial driver 9276e0d2b9 PrmPkg: Add initial PrmSamplePrintModule c63905aba7 PrmPkg: Add initial PrmSampleMemoryAllocationModule 27b1a840e4 PrmPkg: Add initial PrmSampleHardwareAccessModule 7c41ec47ca PrmPkg: Add initial PrmSampleContextBufferModule 97ab54c1b1 PrmPkg: Add initial package DSC file d2cb6e67a4 Readme.md: Add initial content e846797662 PrmPkg: Add ALLOCATE_CONTEXT_BUFFER_IN_FW build option a6f8946bc9 PrmPkg: Enable variable growth for the PRM_MODULE_EXPORT macro ef05955996 PrmPkg: Publish PRM operation region to support PRM ACPI _DSM invocation f96517f4d0 PrmPkg: Export major/minor version in PRM module PE COFF header 50e1432a40 PrmPkg: Add initial PrmSsdtInstallDxe module a409f4b67d PrmPkg: Remove PRM Module Update Lock 0797989c5d PrmPkg: Remove ALLOCATE_CONTEXT_BUFFER_IN_FW build flag 0b469caff6 PrmPkg/PrmContextBuffer.h: Add ACPI parameter support structures be2c927d7c PrmPkg/PrmLoaderDxe: Add ACPI parameter buffer support c1a7a50f67 PrmPkg/PrmSampleContextBufferModule: Remove OS debug print requirement 4c8486fd72 PrmPkg/PrmSampleHardwareAccessModule: Add non-print PRM handlers 7217263514 PrmPkg/SampleAcpiParameterBufferModule: Add initial module fec018624c PrmPkg/HardwareAccessModuleConfigLib: Add initial library d10b8dc5d8 PrmPkg/Samples/Readme.md: Add initial file 6b7dde7cdd PrmPkg: Refactor some PrmLoaderDxe functionality into libraries 4348c72ad0 PrmPkg/Application/PrmInfo: Add initial application e10c776487 PrmPkg: Enforce stricter types 2e55b0cd9e PrmPkg/Test/PrmPkgHostTest.dsc: Add initial file 3599f5479d PrmPkg/Test/UnitTest/Library: Add initial UEFI Boot Services test lib 82d15dc6c1 PrmPkg/Library/DxePrmContextBufferLib: Add host-based unit tests 68ee42c991 PrmPkg/DxePrmModuleDiscoveryLib: Add initial host-based unit tests c040831cf9 PrmPkg: Add PlatformGuid a9302b89a9 PrmPkg: Update PRM OpRegion f8e68587e2 Readme.md: Add iASL note and QEMU sample link 4a4aeaa446 PrmPkg: Replace PcdPrmPlatformGuid with EDKII_DSC_PLATFORM_GUID 17b2d64ced PrmPkg/Samples: Remove PrmSampleMemoryAllocationModule 050b2ba27d PrmPkg/Samples: Remove PrmSamplePrintModule 88f3d734f5 PrmPkg: Remove the concept of OS services deea4e58b0 Readme.md: Add a link to PRM Specification f3c11224b5 PrmPkg: Changes for edk2 repo transition a298a84478 PrmPkg: Apply uncrustify changes 94f905b3bf MdeModulePkg/HiiDatabase: Fix Setup numeric default value incorrect issue b8c5ba2337 BaseTools: efi_debugging.py: Add debugger agnostic dbg Python Classes 0d7fec9f79 BaseTools: Scripts/efi_gdb.py: Add gdb EFI commands and pretty Print 4f4afcd288 BaseTools: Scripts/efi_lldb.py: Add lldb EFI commands and pretty Print bfefdc2c49 UefiPayloadPkg: Fix PciHostBridgeLib 676084303d UefiPayloadPkg: Support IA32 Build 63e155f24d UefiPayloadPkg: Add dependency of VariableSmm driver. dab96cf02e UefiPayloadPkg: Add --quiet argument to Universal Payload build script 35a4b63247 NetworkPkg: Add PCDs for HTTP DNS RetryCount and RetryInterval 38a9afd0fb NetworkPkg/HttpDxe: Decofigure Tcp4 before reconfiguring 3974aa539e NetworkPkg/HttpDxe: Decofigure Tcp6 before reconfiguring c43ff5188d NetworkPkg/HttpDxe: Add ConnectionClose flag fo HTTP_PROTOCOL 753fd319e2 NetworkPkg/HttpDxe: Detect 'Connection: close' header 12a50c9ce1 NetworkPkg/HttpDxe: Detect HTTP/1.0 servers 5576b17363 BaseTools: Fix DevicePath tool build failure issue 4352d115c4 CryptoPkg/CrtLibSupport: add fcntl.h 3b4b49cf00 CryptoPkg/CrtLibSupport: add strstr() 58771f4b2d CryptoPkg/CrtLibSupport: add INT_MIN 2759e42fbc CryptoPkg/CrtLibSupport: add UINT_MAX fd5f347c84 CryptoPkg/CrtLibSupport: add MODULESDIR 03951e5645 CryptoPkg/CrtLibSupport: add off_t fab6285a73 CryptoPkg/CrtLibSupport: fix strcpy f5508a91e3 CryptoPkg/UnitTest: fix DH testcase c411566fad pip-requirements.txt: Update basetools version to 0.1.17 8a5727c7a8 Maintainers.txt: Add Michael Kubacki as UnitTestFrameworkPkg maintainer 1a49e2aa3c CryptoPkg: Add instrinsics to support building ECC on IA32 windows efc39e65e5 CryptoPkg: Reconfigure OpensslLib to add EC algorithms 0c901fcc20 CryptoPkg: Make EC source file config-able f3da13461c CryptoPkg/TlsLibNull: Remove MU_CHANGE comment markers 4cfb28f12a UefiPayloadPkg: Fix the build failure 9bf7291d63 ShellPkg: Update smbiosview type 41 with SMBIOS 3.5 fields 630df8c86e IntelFsp2Pkg: X64 compatible changes to support PEI in 64bit 6f219bef55 IntelFsp2Pkg: Add FSPx_ARCH2_UPD support for X64 d40965b987 IntelFsp2Pkg: Update FSP_GLOBAL_DATA and FSP_PLAT_DATA for X64 00aa71ce20 IntelFsp2Pkg: FspSecCore support for X64 6bec5a66ea IntelFsp2Pkg: SecFspSecPlatformLibNull support for X64 4a6ed7e46a IntelFsp2WrapperPkg: Adopt FSPM_UPD_COMMON_FSP24 for X64 86a2f3c439 IntelFsp2WrapperPkg: BaseFspWrapperApiLib support for X64 91a03f78ba IntelFsp2WrapperPkg: SecFspWrapperPlatformSecLibSample support for X64 3d97733f44 MdePkg: Add CC_GUEST_TYPE in ConfidentialComputingGuestAttr.h d020ac55b6 OvmfPkg: Replace GUEST_TYPE with CC_GUEST_TYPE 74a3eb975d MdePkg: Add CcProbeLibNull 2f44d77c68 OvmfPkg: Add CcProbeLib 2a7e1e890d OvmfPkg: Add CcProbeLib in *.dsc 7012cb73c4 MdePkg: Probe Cc guest in BaseIoLibIntrinsicSev 76fda1def3 OvmfPkg: Call CcProbe in SecMain.c instead of TsIsEnabled 532bd4ec38 CryptoPkg/Crt: fix strcpy build on older VS compilers 6d2baf9dfb PrmPkg/DxePrmContextBufferLib: Fix unit test GCC compilation errors 892787fed5 OvmfPkg/OvmfPkgX64: Adjust load sequence of TdxDxe and AmdSevDxe driver b06a007b64 CryptoPkg: Declare PcdEcEnabled in Library consuming OpensslLib fdfbf1fdab MdePkg: Update smbiosview type 9 with SMBIOS 3.5 fields a85ae8d964 ShellPkg: Update smbiosview type 9 with SMBIOS 3.5 fields 2306555bf9 UefiPayloadPkg: Fix IA32 entry build failure f4dfec6ca1 BaseTools: Move gPlatformFinalPcd to Datapipe and optimize size ee582858c4 .azurepipelines: Add NOOPT to all package builds 2d9d605714 .pytool/Plugin/UncrustifyCheck: Add Azure DevOps UI debug instructions b807174fec MdeModulePkg/GraphicsConsoleDxe: add modes 5a17629902 OvmfPkg: clear PcdConOut{Row,Column} 96e1d337e0 ArmVirtPkg: clear PcdConOut{Row,Column} 483d3bb716 ShellPkg: Update smbiosview type 0 with SMBIOS 3.5 fields ecc79b092e OvmfPkg/VirtioGpuDxe: add VirtioGpuSendCommandWithReply 182122914c OvmfPkg/VirtioGpuDxe: add GetDisplayInfo to virtio-gpu spec header. 82c07f2cc7 OvmfPkg/VirtioGpuDxe: add VirtioGpuGetDisplayInfo 5f6ecaa398 OvmfPkg/VirtioGpuDxe: use GopQueryMode in GopSetMode 86de090b99 OvmfPkg/VirtioGpuDxe: move code to GopInitialize 916f90baa5 OvmfPkg/VirtioGpuDxe: query native display resolution from host d372ab585a BaseTools/Conf: Fix Dynamic-Library-File template cabd96ad03 OvmfPkg: restore CompatImageLoaderDxe chunk 4092f1d397 OvmfPkg/Bhyve: add support for QemuFwCfg daa6cd8763 ArmPlatformPkg: Fix error message in Scripts/Ds5/edk2_debugger.py 5299568ce6 ArmPlatformPkg: Fix target initialisation in cmd_load_symbols.py 101f4c7892 ArmPlatformPkg: Fix EDK2_DSC check in Scripts/Makefile a64b944942 BaseTools: Add FMMT Python Tool 826527c9db UefiPayloadPkg: Add definition for PayloadCommandLine HOB d4eef3fe7c MdePkg: Add CpuLib to module INFs that depend on UefiCpuLib. a63b086e69 IntelFsp2Pkg: Add CpuLib to module INFs that depend on UefiCpuLib 3afa0a2096 IntelFsp2WrapperPkg: Add CpuLib to module INFs that depend on UefiCpuLib. 1783b099d3 OvmfPkg: Add CpuLib to module INFs that depend on UefiCpuLib. 86d41c077e UefiCpuPkg: Add CpuLib to module INFs that depend on UefiCpuLib. 2434f6f206 UefiPayloadPkg: Add CpuLib to module INFs that depend on UefiCpuLib. 247a0fc65e OvmfPkg: Add README for TDVF 8079d4dc4f MdePkg: add SmmCpuRendezvousLib.h and SmmCpuRendezvousLibNull implement. 1a6c837638 UefiPayloadPkg: Fix the UPL build failure 29ae55a0b8 PcAtChipsetPkg: Change the flow of PcRtcInit() a658ed30e5 MdeModulePkg/PCD: Pcd initialize DXE have assert 0e31124877 .pytool: Fix python command error in self introduction doc 43613b2fe8 CryptoPkg: Rename PCD about openssl EC configuration f753c36209 CryptoPkg: Separate auto-generated openssl config and edk2 openssl config 499b0d5fa5 CryptoPkg: Update process_files.pl to automatically add PCD config option a332ffb6ef CryptoPkg/openssl: update generated files 9dd964f5e5 CryptoPkg/openssl: disable codestyle checks for generated files b5cd30a79b UefiCpuPkg: Revert "UefiCpuPkg: Enable Tdx support in MpInitLib" ad629b5c5a OvmfPkg: Add MpInitLibDepLib related PPI/Protocol definitions 2f06e5af47 OvmfPkg: Add MpInitLibDepLib b63a49e056 OvmfPkg/Sec: Install MpInitLibDepLib PPIs in SecMain.c 73d6d41de0 OvmfPkg/TdxDxe: Install MpInitLibDepLib protocols deee7a100b OvmfPkg: Enable 2 different CpuMpPei and CpuDxe drivers 17702186b5 MdeModulePkg: PiSmmCore: Inspect memory guarded with pool headers d0efa681b6 UefiPayloadPkg: Simplify code logic 57ebb2994d UefiPayloadPkg: Add Serial IO device path according to related protocol ef01d63ef3 UefiPayloadPkg: Connect all root bridge in PlatformBootManagerBeforeConsole 35d9b7ea2d ArmPkg: Remove RVCT support b55b6d33e4 ArmPlatformPkg: Remove RVCT support e9eeb0ad2b CryptoPkg: Remove RVCT support 48b919cb14 MdePkg: Remove RVCT support 5621d81edf FatPkg: Remove RVCT support cc070e9e0c NetworkPkg: Remove RVCT support a744199470 ArmVirtPkg: Remove RVCT support b7a446f224 EmbeddedPkg: Remove RVCT support 57c84113a1 OvmfPkg: Remove RVCT support 708620d29d BaseTools: Remove RVCT support 2d1138a1a8 .azurepipelines: Fix cspell version to v5.20.0 7b126978e1 .pytool/plugin/SpellCheck: Allow compound words 2189c71026 .pytool/plugin/SpellCheck: Add more common words 0903042b66 MdeModulePkg: Add Variable Flash Info HOB 60b519456c MdeModulePkg/VariableFlashInfoLib: Add initial library 4dbebc2d10 MdeModulePkg/Variable: Consume Variable Flash Info 8db39c60cd MdeModulePkg/FaultTolerantWrite: Consume Variable Flash Info 524a15c1fa ArmVirtPkg/ArmVirt.dsc.inc: Add VariableFlashInfoLib a69eac7578 EmulatorPkg: Add VariableFlashInfoLib a7d3d4e7c4 OvmfPkg: Add VariableFlashInfoLib 1f026ababf UefiPayloadPkg: Add VariableFlashInfoLib a72d552f19 OvmfPkg/OvmfPkgX64: Use different CcProbeLib when SMM is on or off a21a3438f7 OvmfPkg: Make an Ia32/X64 hybrid build work with SEV 9c733f0b90 OvmfPkg: TdxDxe: Fix AsmRelocateApMailBoxLoop 07c0c2eb0a OvmfPkg: fix PcdFSBClock 16779ede2d Removed prefix to match AsmRelocateApMailBoxLoopStart - Removed patches in ovmf-bsc1196879-sev-fix.patch which are merged to mainline: - OvmfPkg/AmdSev: reserve snp pages - de463163d9 edk2-stable202205-rc1~292 - OvmfPkg/ResetVector: cache the SEV status MSR value - 63c50d3ff2 edk2-stable202205-rc1~291 - OvmfPkg/BaseMemEncryptLib: use the SEV_STATUS MSR - f1d1c337e7 edk2-stable202205-rc1~290 - Add the following patches for building edk2-stable202205 with nasm-2.14 on SLE15-SP3/SP4 and Leap 15.3/15.4. Those patches add marco back because nasm-2.14 doesn't support corresponding instructions. (jsc#PED-1410) - ovmf-Revert-MdePkg-Remove-the-macro-definitions-regarding.patch ovmf-Revert-UefiCpuPkg-Replace-Opcode-with-the-correspond.patch ovmf-Revert-SourceLevelDebugPkg-Replace-Opcode-with-the-c.patch ovmf-Revert-MdePkg-Replace-Opcode-with-the-corresponding-.patch ovmf-Revert-MdeModulePkg-Replace-Opcode-with-the-correspo.patch - Then reverted 5 patches in 84338c0d49~..bbaa00dd01 MdeModulePkg: Replace Opcode with the corresponding MdePkg: Replace Opcode with the corresponding SourceLevelDebugPkg: Replace Opcode with the UefiCpuPkg: Replace Opcode with the corresponding MdePkg: Remove the macro definitions regarding Opcode. - Change the size of ovmf-x86_64 to 4MB, otherwise OBS exposes the following error: [ 266s] GenFv: ERROR 3000: Invalid [ 266s] the required fv image size 0x1afed8 exceeds the set fv image size 0x1ac000 - [ovmf-x86_64]="-p OvmfPkg/OvmfPkgX64.dsc -D FD_SIZE_4MB" ++++ rsync: - Add upstream patch rsync-3.2.5-slp.patch, as the one included in the released tarball doesn't fully apply. - Drop patch rsync-CVE-2022-29154.patch, already included upstream. - Update to 3.2.5 * SECURITY FIXES: - Added some file-list safety checking that helps to ensure that a rogue sending rsync can't add unrequested top-level names and/or include recursive names that should have been excluded by the sender. These extra safety checks only require the receiver rsync to be updated. When dealing with an untrusted sending host, it is safest to copy into a dedicated destination directory for the remote content (i.e. don't copy into a destination directory that contains files that aren't from the remote host unless you trust the remote host). Fixes CVE-2022-29154. - A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue). * BUG FIXES: - Fixed the handling of filenames specified with backslash-quoted wildcards when the default remote-arg-escaping is enabled. - Fixed the configure check for signed char that was causing a host that defaults to unsigned characters to generate bogus rolling checksums. This made rsync send mostly literal data for a copy instead of finding matching data in the receiver's basis file (for a file that contains high-bit characters). - Lots of manpage improvements, including an attempt to better describe how include/exclude filters work. - If rsync is compiled with an xxhash 0.8 library and then moved to a system with a dynamically linked xxhash 0.7 library, we now detect this and disable the XX3 hashes (since these routines didn't stabilize until 0.8). * ENHANCEMENTS: - The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the extra file-list safety checking (should that be required). * PACKAGING RELATED: - A note to those wanting to patch older rsync versions: the changes in this release requires the quoted argument change from 3.2.4. Then, you'll want every single code change from 3.2.5 since there is no fluff in this release. - The build date that goes into the manpages is now based on the developer's release date, not on the build's local-timezone interpretation of the date. * DEVELOPER RELATED: - Configure now defaults GETGROUPS_T to gid_t when cross compiling. - Configure now looks for the bsd/string.h include file in order to fix the build on a host that has strlcpy() in the main libc but not defined in the main string.h file. ++++ timezone: - timezone update 2022c: * Work around awk bug * Improve tzselect on intercontinental Zones ------------------------------------------------------------------ ------------------ 2022-8-15 - Aug 15 2022 ------------------- ------------------------------------------------------------------ ++++ fde-tools: - Fixed typo of tpm2_key_protector_clear - Renamed to fde-tools-0.1 - included firstboot stuff ++++ gdk-pixbuf: - avoid bashism in baselibs postscript (bsc#1195391) ++++ glibc: - glibcextract-compile-c-snippet.patch: glibcextract.py: Add compile_c_snippet - sys-mount-kernel-definition.patch: linux: Mimic kernel definition for BLOCK_SIZE - sys-mount-usage.patch: linux: Fix sys/mount.h usage with kernel headers ++++ gtk3: - avoid bashism in baselibs postscript (bsc#1195391). ++++ kernel-default: - config.conf: reenable armv7hl configs - Update config files for armv7hl (following x86_64 settings, compiling as module unless DEBUG or DEPRECATED) - commit 0329b6a - Refresh patches.rpmify/kbuild-dummy-tools-pretend-we-understand-__LONG_DOUB.patch. Update upstream status. - commit 8711731 - armv7hl: rebuilt as an overlay over default config generated automatically with scripts/config-diff - commit 1d75725 - armv6/v7: enable BT_VIRTIO - commit ba8dcca - Refresh and re-apply i8042 quirk patch for ASUS ZenBook (bsc#1190256) - commit aeed1e4 - Update to 6.0-rc1 - eliminate 4 patches (all mainline) - patches.suse/0001-drm-Always-warn-if-user-defined-modes-are-not-suppor.patch - patches.suse/0001-drm-client-Don-t-add-new-command-line-mode.patch - patches.suse/0001-drm-client-Look-for-command-line-modes-first.patch - patches.suse/ath9k-fix-use-after-free-in-ath9k_hif_usb_rx_cb.patch - disable - patches.suse/Input-i8042-Apply-probe-defer-to-more-ASUS-ZenBook-m.patch - refresh - patches.suse/add-suse-supported-flag.patch - patches.suse/add-product-identifying-information-to-vmcoreinfo.patch - patches.suse/vfs-add-super_operations-get_inode_dev - patches.suse/Revert-zram-remove-double-compression-logic.patch - disable ARM architectures (need config update) - new config options - General setup - CONTEXT_TRACKING_USER_FORCE=n - RCU_NOCB_CPU_DEFAULT_ALL=n - CGROUP_FAVOR_DYNMODS=n - Power management and ACPI options - PM_USERSPACE_AUTOSLEEP=n - Networking support - NF_FLOW_TABLE_PROCFS=y - NET_DSA_TAG_RZN1_A5PSW=m - File systems - DLM_DEPRECATED_API=n - Security options - SECURITY_APPARMOR_INTROSPECT_POLICY=y - SECURITY_APPARMOR_EXPORT_BINARY=y - SECURITY_APPARMOR_PARANOID_LOAD=y - IMA_KEXEC=n - Cryptographic API - CRYPTO_FIPS_NAME="Linux Kernel Cryptographic API" - CRYPTO_FIPS_CUSTOM_VERSION=n - CRYPTO_HCTR2=m - CRYPTO_POLYVAL_CLMUL_NI=m - CRYPTO_ARIA=m - Kernel hacking - SHRINKER_DEBUG=n - RV=n - PCI support - PCI_EPF_VNTB=m - Block devices - BLK_DEV_UBLK=m - NVME Support - NVME_AUTH=n - NVME_TARGET_AUTH=n - Network device support - NET_DSA_MICROCHIP_KSZ_SPI=m - NET_VENDOR_WANGXUN=y - TXGBE=m - CAN_NETLINK=y - CAN_CAN327=m - CAN_ESD_USB=m - Sound card support - SND_CTL_FAST_LOOKUP=y - SND_CTL_INPUT_VALIDATION=n - SND_CTL_DEBUG=n - SND_SOC_AMD_ST_ES8336_MACH=m - SND_AMD_ASOC_REMBRANDT=m - SND_SOC_AMD_RPL_ACP6x=m - SND_SOC_INTEL_AVS_MACH_DA7219=m - SND_SOC_INTEL_AVS_MACH_DMIC=m - SND_SOC_INTEL_AVS_MACH_HDAUDIO=m - SND_SOC_INTEL_AVS_MACH_I2S_TEST=m - SND_SOC_INTEL_AVS_MACH_MAX98357A=m - SND_SOC_INTEL_AVS_MACH_MAX98373=m - SND_SOC_INTEL_AVS_MACH_NAU8825=m - SND_SOC_INTEL_AVS_MACH_RT274=m - SND_SOC_INTEL_AVS_MACH_RT286=m - SND_SOC_INTEL_AVS_MACH_RT298=m - SND_SOC_INTEL_AVS_MACH_RT5682=m - SND_SOC_INTEL_AVS_MACH_SSM4567=m - SND_SOC_SOF_METEORLAKE=m - SND_SOC_TAS2780=n - SND_SOC_WSA883X=n - USB support - UCSI_STM32G0=m - TYPEC_ANX7411=m - Microsoft Surface Platform-Specific Device Drivers - SURFACE_AGGREGATOR_HUB=m - SURFACE_AGGREGATOR_TABLET_SWITCH=m - Industrial I/O support - ENVELOPE_DETECTOR=n - SD_ADC_MODULATOR=n - VF610_ADC=n - Misc devices - TCG_TIS_I2C=m - SPI_MICROCHIP_CORE=m - PINCTRL_METEORLAKE=m - SENSORS_LT7182S=m - VIDEO_AR0521=m - LEDS_IS31FL319X=m - INFINIBAND_ERDMA=m - XEN_VIRTIO_FORCE_GRANT=n - VIDEO_STKWEBCAM=n - PWM_CLK=m - RESET_TI_TPS380X=n - ANDROID_BINDER_IPC=n - FPGA_MGR_MICROCHIP_SPI=m - OF dependent (i386, ppc64/ppc64le, riscv64) - VCPU_STALL_DETECTOR=m - DRM_PANEL_EBBG_FT8719=n - DRM_TI_DLPC3433=n - DRM_LOGICVC=n - DRM_IMX_LCDIF=n - I2C_HID_OF_ELAN=m - USB_ONBOARD_HUB=m - RTC_DRV_NCT3018Y=m - ppc64(le), s390x and riscv64 - SCSI_BUSLOGIC=m - SCSI_FLASHPOINT=n - ppc64le and riscv64 - CRYPTO_DEV_QAT_DH895xCC=m - CRYPTO_DEV_QAT_C3XXX=m - CRYPTO_DEV_QAT_C62X=m - CRYPTO_DEV_QAT_4XXX=m - CRYPTO_DEV_QAT_DH895xCCVF=m - CRYPTO_DEV_QAT_C3XXXVF=m - CRYPTO_DEV_QAT_C62XVF=m - ppc64 / ppc64le - PSERIES_PLPKS=y - KVM_BOOK3S_HV_P9_TIMING=n - KVM_BOOK3S_HV_P8_TIMING=n - RANDOMIZE_KSTACK_OFFSET=y - RANDOMIZE_KSTACK_OFFSET_DEFAULT=y - PSERIES_WDT=m - s390x - VFIO_PCI_ZDEV_KVM=y - riscv64 - ERRATA_THEAD_CMO=y - NONPORTABLE=n - RISCV_ISA_ZICBOM=y - RANDOM_TRUST_CPU=y - I2C_MICROCHIP_CORE=m - SND_SOC_HDA=m - USB_MUSB_POLARFIRE_SOC=m - RTC_DRV_POLARFIRE_SOC=m - commit c35dc38 ++++ libjpeg-turbo: - update to 2.1.4: * Fixed a regression introduced in 2.1.3 that caused build failures with Visual Studio 2010. * The tjDecompressHeader3() function in the TurboJPEG C API and the TJDecompressor.setSourceImage() method in the TurboJPEG Java API now accept "abbreviated table specification" (AKA "tables-only") datastreams, which can be used to prime the decompressor with quantization and Huffman tables that can be used when decompressing subsequent "abbreviated image" datastreams. * libjpeg-turbo now performs run-time detection of AltiVec instructions on OS X/PowerPC systems if AltiVec instructions are not enabled at compile time. This allows both AltiVec-equipped (PowerPC G4 and G5) and non-AltiVec-equipped (PowerPC G3) CPUs to be supported using the same build of libjpeg-turbo. * Fixed an error ("Bogus virtual array access") that occurred when attempting to decompress a progressive JPEG image with a height less than or equal to one iMCU (8 * the vertical sampling factor) using buffered-image mode with interblock smoothing enabled. This was a regression introduced by 2.1 beta1[6(b)]. * Fixed two issues that prevented partial image decompression from working properly with buffered-image mode: * Attempting to call jpeg_crop_scanline() after jpeg_start_decompress() but before jpeg_start_output() resulted in an error ("Improper call to JPEG library in state 207".) * Attempting to use jpeg_skip_scanlines() resulted in an error ("Bogus virtual array access") under certain circumstances. ++++ ncurses: - Add ncurses patch 20220813 + modify delscreen to more effectively delete all windows on the given screen. + amend portability note for delwin in manual page. + adapt test/test_delwin.c from example by Bill Gray. + account for prescreen data if freeing leaks in pthread-configuration + split-out _nc_set_read_thread(), to reduce compiler warnings about pthread_self(), which may/may not be a weak symbol. + improve pthread-configuration for test/worm.c ++++ shadow: - Update to 4.12.1: * Fix uk manpages - Remove shadow-4.12-remove-uk.patch: fixed upstream ++++ systemd: - Add patch 1001-statx.patch based on commit 3657d3a0 * to resolve conflicts with glibc 2.36 with * add dirty hack to get in src/basic/chattr-util.h, src/home/homework.h, src/home/homework-fscrypt.c, src/home/homed-manager.c, and src/home/homework-mount.c as well to avoid that does include ++++ libvirt: - Fix build with glibc 2.36 9493c9b7-lxc-containter-fix-build-with-glibc-2.36.patch, c0d9adf2-virfile-Fix-build-with-glibc-2.36.patch boo#1202321 ++++ zeromq: - drop xmlto and asciidoc buildrequires, these are only needed for non-release builds which do not ship with prebuilt docs ------------------------------------------------------------------ ------------------ 2022-8-14 - Aug 14 2022 ------------------- ------------------------------------------------------------------ ++++ vim: - Updated to version 9.0.0203, fixes the following problems * Textprop test with line2byte() fails on MS-Windows. * Quarto files are not recognized. * Extra space after virtual text when 'linebreak' is set. * Virtual text prop highlight continues after truncation. * Virtual text does not show if tehre is a text prop at same position. (Ben Jackson) * Virtual text without highlighting does not show. (Ben Jackson) * Command line height changes when maximizing window height. * Strange effects when using virtual text with "text_align" and non-zero column. (Martin Tournoij) * Invalid memory access for text prop without highlight. * The way 'cmdheight' can be made zero is inconsistent. * Messages test fails; window size incorrect when 'cmdheight' is made smaller. * Possible invalid memory access when 'cmdheight' is zero. (Martin Tournoij) * Search and match highlgith interfere with virtual text highlight. (Ben Jackson) * Cursor displayed in wrong position after removing text prop. (Ben Jackson) * Metafun files are not recogized. * Finding value in list may require a for loop. * Astro files are not detected. * ml_get error when switching buffer in Visual mode. * Cursor position wrong with two right-aligned virtual texts. * cursor in a wrong positoin if 'wrap' is off and using two right aligned text props in one line. * CursorLine highlight overrules virtual text highlight. * Code and help for indexof() is not ideal. * Confusing variable name. ------------------------------------------------------------------ ------------------ 2022-8-13 - Aug 13 2022 ------------------- ------------------------------------------------------------------ ++++ llvm15: - Use black RPM macro magic to deduplicate binary lists. This should have no effect on the generated RPM but shaves ~400 lines off the specfile and hopefully makes future maintenance easier. ------------------------------------------------------------------ ------------------ 2022-8-12 - Aug 12 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - Enable zink driver build on x86_64 ++++ Mesa-drivers: - Enable zink driver build on x86_64 ++++ NetworkManager-branding-openSUSE: - Expliciltly BuildRequire NetworkManager-branding-upstream: branding-upstream is produced by NetworkManager and is guaranteed to be the same version. Breaks a self-cycle. ++++ kernel-default: - drm/amd/display: Removing assert statements for Linux (bsc#1202366). - drm/amd/display: Add SMU logging code (bsc#1202366). - commit 9b717b4 - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch. Now iwlwifi queries *-72.ucode, but again, this is non-existing version. Correct to the existing *-71.ucode - commit 58a95c5 ++++ freetype2: - spec-cleaner - Move ftpdump from ft2demos to freetype - it's required by other packages and doesn't require any of the toolkits, so move its build early ++++ gcc12: - Update to gcc-12 branch head, 6b7d570a5001bb79e34c0d1626a, git372 * includes release candidate for GCC 12.2 ++++ xz: - update to 5.2.6 (CVE-2022-1271, bsc#1198062): * xz: - The --keep option now accepts symlinks, hardlinks, and setuid, setgid, and sticky files. - When copying metadata from the source file to the destination file, don't try to set the group (GID) if it is already set correctly. This avoids a failure on OpenBSD (and possibly on a few other OSes) where files may get created so that their group doesn't belong to the user, and fchown(2) can fail even if it needs to do nothing. - Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on MIPS32 because on MIPS32 userspace processes are limited to 2 GiB of address space. * liblzma: - Fixed a missing error-check in the threaded encoder. If a small memory allocation fails, a .xz file with an invalid Index field would be created. Decompressing such a file would produce the correct output but result in an error at the end. Thus this is a "mild" data corruption bug. Note that while a failed memory allocation can trigger the bug, it cannot cause invalid memory access. - The decoder for .lzma files now supports files that have uncompressed size stored in the header and still use the end of payload marker (end of stream marker) at the end of the LZMA stream. Such files are rare but, according to the documentation in LZMA SDK, they are valid. doc/lzma-file-format.txt was updated too. - Improved 32-bit x86 assembly files: * Support Intel Control-flow Enforcement Technology (CET) * Use non-executable stack on FreeBSD. * xzgrep: - Fixed arbitrary command injection via a malicious filename (CVE-2022-1271, ZDI-CAN-16587). A standalone patch for this was released to the public on 2022-04-07. A slight robustness improvement has been made since then and, if using GNU or *BSD grep, a new faster method is now used that doesn't use the old sed-based construct at all. This also fixes bad output with GNU grep >= 3.5 (2020-09-27) when xzgrepping binary files. - Fixed detection of corrupt .bz2 files. - Improved error handling to fix exit status in some situations and to fix handling of signals: in some situations a signal didn't make xzgrep exit when it clearly should have. It's possible that the signal handling still isn't quite perfect but hopefully it's good enough. - Documented exit statuses on the man page. - xzegrep and xzfgrep now use "grep -E" and "grep -F" instead of the deprecated egrep and fgrep commands. - Fixed parsing of the options -E, -F, -G, -P, and -X. The problem occurred when multiple options were specied in a single argument, for example, echo foo | xzgrep -Fe foo treated foo as a filename because -Fe wasn't correctly split into -F -e. - Added zstd support. * xzdiff/xzcmp: - Fixed wrong exit status. Exit status could be 2 when the correct value is 1. - Documented on the man page that exit status of 2 is used for decompression errors. - Added zstd support. * xzless: - Fix less(1) version detection. It failed if the version number from "less -V" contained a dot. ++++ nfs-utils: - Update to version 2.6.2 - https://kernel.org/pub/linux/utils/nfs-utils/2.6.2/2.6.2-Changelog - Remove patches from this release: - gcc12-fix.patch - 0001-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch - 0002-Update-autoconfig-files-to-work-with-v2.71.patch - 0003-autoconf-change-tirpc-to-check-for-a-file-not-for-an.patch - 0004-modprobe-protect-against-sysctl-errors.patch - Refresh nfs-utils-1.0.7-bind-syntax.patch - Added files: - /usr/lib/udev/rules.d/99-nfs.rules - /usr/libexec/nfsrahead - /usr/sbin/rpcctl - /usr/share/man/man5/nfsrahead.5.gz - /usr/share/man/man8/rpcctl.8.gz - Sort man page entries in %files section ++++ shadow: - Update to 4.12: * Add absolute path hint to --root * Various cleanups * Fix Ubuntu release used in CI tests * add -F options to userad * useradd manpage updates * Check for ownerid (not just username) in subid ranges * Declare file local functions static * Use strict prototypes * Do not drop const qualifier for Basename * Constify various pointers * Don't return uninitialized memory * Don't let compiler optimize away memory cleaning * Remove many obsolete compatibility checks and defines * Modify ID range check in useradd * Use "extern "C"" to make libsubid easier to use from C++ * French translation updates * Fix s/with-pam/with-libpam/ * Spanish translation updates * French translation fixes * Default max group name length to 32 * Fix PAM service files without-selinux * Improve manpages - groupadd, useradd, usermod - groups and id - pwck * Add fedora to CI builds * Fix condition under which pw_dir check happens * logoutd: switch to strncat * AUTHORS: improve markdown output * Handle ERANGE errors correctly * Check for fopen NULL return * Split get_salt() into its own fn juyin) * Get salt before chroot to ensure /dev/urandom. * Chpasswd code cleanup * Work around git safe.directory enforcement * Alphabetize order in usermod help * Erase password copy on error branches * Suggest using --badname if needed * Update translation files * Correct badnames option to badname * configure: replace obsolete autoconf macros * tests: replace egrep with grep -E * Update Ukrainian translations * Cleanups - Remove redeclared variable - Remove commented out code and FIXMEs - Add header guards - Initialize local variables * CI updates - Create github workflow to install dependencies - Enable CodeQL - Update actions version * libmisc: use /dev/urandom as fallback if other methods fail - Add shadow-4.12-remove-uk.patch: Disable non working Ukranian translation for now https://github.com/shadow-maint/shadow/issues/547 ------------------------------------------------------------------ ------------------ 2022-8-11 - Aug 11 2022 ------------------- ------------------------------------------------------------------ ++++ ALP-build-key: - Update key for new SUSE:ALP location ++++ NetworkManager: - Update to version 1.38.4: + Fix DAD for DHCPv6 addresses. + Wi-Fi: improvements for OWE networks. + Support EC private keys. + Various bugfixes. ++++ kernel-default: - Linux 5.19.1 (bsc#1012628). - x86/speculation: Add LFENCE to RSB fill sequence (bsc#1012628). - x86/speculation: Add RSB VM Exit protections (bsc#1012628). - macintosh/adb: fix oob read in do_adb_query() function (bsc#1012628). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586 (bsc#1012628). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587 (bsc#1012628). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558 (bsc#1012628). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675 (bsc#1012628). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007 (bsc#1012628). - Bluetooth: btusb: Add support of IMC Networks PID 0x3568 (bsc#1012628). - dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding (bsc#1012628). - Bluetooth: hci_bcm: Add DT compatible for CYW55572 (bsc#1012628). - Bluetooth: hci_bcm: Add BCM4349B1 variant (bsc#1012628). - Bluetooth: hci_qca: Return wakeup for qca_wakeup (bsc#1012628). - arm64: set UXN on swapper page tables (bsc#1012628). - ata: sata_mv: Fixes expected number of resources now IRQs are gone (bsc#1012628). - crypto: arm64/poly1305 - fix a read out-of-bound (bsc#1012628). - ACPI: APEI: Better fix to avoid spamming the console with old error logs (bsc#1012628). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (bsc#1012628). - ACPI: video: Force backlight native for some TongFang devices (bsc#1012628). - tools/vm/slabinfo: Handle files in debugfs (bsc#1012628). - block: fix default IO priority handling again (bsc#1012628). - commit a5bf6c0 - mm/mprotect: fix soft-dirty check in can_change_pte_writable() (bsc#1202013 CVE-2022-2590). - commit 46cb433 - Refresh patches.suse/Revert-zram-remove-double-compression-logic.patch. Update upstream status. - commit e707d80 - mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW (bsc#1202013 CVE-2022-2590). - commit cbcf3e8 ++++ podman: - Update to version 4.2.0: * Features - Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines. - A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod (#12843). - A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins (#14207). - A new command has been added, podman machine info, which displays information about the host and the versions of various machine components. - Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd. - The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context. - The podman play kube command now supports volumes with the BlockDevice and CharDevice types (#13951). - The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto (#7504). - The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation. - Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube (#13464). - The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work. - The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) (#13422). - The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609). - The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod. - The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release! - The podman create and podman run commands now include the -c short option for the --cpu-shares option. - The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773). - The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing. - The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context. - The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231). - The podman machine init command on Windows now fetches an image with packages pre-installed (#14698). - Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697). - The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230). - Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427). - The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up). - Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458). - The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583). - When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v. - The remote Podman client's podman push command now supports the --remove-signatures option (#14558). - The remote Podman client now supports the podman image scp command. - The podman image scp command now supports tagging the transferred image with a new name. - The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595). - The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions. - The podman events command now includes the -f short option for the --filter option. - The podman pull command now includes the -a short option for the --all-tags option. - The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP). - The Podman global option --url now has two aliases: -H and --host. - The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API. - Added the ability to create sigstore signatures in podman push and podman manifest push. - Added an option to read image signing passphrase from a file. * Changes - Paused containers can now be killed with the podman kill command. - The podman system prune command now removes unused networks. - The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman. - If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577). - The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148). - All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless. - The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers. - Init containers created with podman play kube now default to the once type (#14877). - Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048). - The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion. - The libpod/common package has been removed as it's not used anywhere. - The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233). * Bugfixes - Fixed a bug where bind-mounting /dev into a container which used the --init flag would cause the container to fail to start (#14251). - Fixed a bug where the podman image mount command would not pretty-print its output when multiple images were mounted. - Fixed a bug where the podman volume import command would print an unrelated error when attempting to import into a nonexistent volume (#14411). - Fixed a bug where the podman system reset command could race against other Podman commands (#9075). - Fixed a bug where privileged containers were not able to restart if the layout of host devices changed (#13899). - Fixed a bug where the podman cp command would overwrite directories with non-directories and vice versa. A new --overwrite flag to podman cp allows for retaining the old behavior if needed (#14420). - Fixed a bug where the podman machine ssh command would not preserve the exit code from the command run via ssh (#14401). - Fixed a bug where VMs created by podman machine would fail to start when created with more than 3072MB of RAM on Macs with M1 CPUs (#14303). - Fixed a bug where the podman machine init command would fail when run from C:\Windows\System32 on Windows systems (#14416). - Fixed a bug where the podman machine init --now did not respect proxy environment variables (#14640). - Fixed a bug where the podman machine init command would fail if there is no $HOME/.ssh dir (#14572). - Fixed a bug where the podman machine init command would add a connection even if creating the VM failed (#15154). - Fixed a bug where interrupting the podman machine start command could render the VM unable to start. - Fixed a bug where the podman machine list --format command would still print a heading. - Fixed a bug where the podman machine list command did not properly set the Starting field (#14738). - Fixed a bug where the podman machine start command could fail to start QEMU VMs when the machine name started with a number. - Fixed a bug where Podman Machine VMs with proxy variables could not be started more than once (#14636 and #14837). - Fixed a bug where containers created using the Podman API would, when the Podman API service was managed by systemd, be killed when the API service was stopped (BZ 2052697). - Fixed a bug where the podman -h command did not show help output. - Fixed a bug where the podman wait command (and the associated REST API endpoint) could return before a container had fully exited, breaking some tools like the Gitlab Runner. - Fixed a bug where healthchecks generated exec events, instead of health_status events (#13493). - Fixed a bug where the podman pod ps command could return an error when run at the same time as podman pod rm (#14736). - Fixed a bug where the podman systemd df command incorrectly calculated reclaimable storage for volumes (#13516). - Fixed a bug where an exported container checkpoint using a non-default OCI runtime could not be restored. - Fixed a bug where Podman, when used with a recent runc version, could not remove paused containers. - Fixed a bug where the remote Podman client's podman manifest rm command would remove images, not manifests (#14763). - Fixed a bug where Podman did not correctly parse wildcards for device major number in the podman run and podman create commands' --device-cgroup-rule option. - Fixed a bug where the podman play kube command on 32 bit systems where the total memory was calculated incorrectly (#14819). - Fixed a bug where the podman generate kube command could set ports and hostname incorrectly in generated YAML (#13030). - Fixed a bug where the podman system df --format "{{ json . }}" command would not output the Size and Reclaimable fields (#14769). - Fixed a bug where the remote Podman client's podman pull command would display duplicate progress output. - Fixed a bug where the podman system service command could leak memory when a client unexpectedly closed a connection when reading events or logs (#14879). - Fixed a bug where Podman containers could fail to run if the image did not contain an /etc/passwd file (#14966). - Fixed a bug where the remote Podman client's podman push command did not display progress information (#14971). - Fixed a bug where a lock ordering issue could cause podman pod rm to deadlock if it was run at the same time as a command that attempted to lock multiple containers at once (#14929). - Fixed a bug where the podman rm --force command would exit with a non-0 code if the container in question did not exist (#14612). - Fixed a bug where the podman container restore command would fail when attempting to restore a checkpoint for a container with the same name as an image (#15055). - Fixed a bug where the podman manifest push --rm command could remove image, instead of manifest lists (#15033). - Fixed a bug where the podman run --rm command could fail to remove the container if it failed to start (#15049). - Fixed a bug where the podman generate systemd --new command would create incorrect unit files when the container was created with the --sdnotify parameter (#15052). - Fixed a bug where the podman generate systemd --new command would fail when -h was used to create the container (#15124). * API - The Docker-compatible API now supports API version v1.41 (#14204). - Fixed a bug where containers created via the Libpod API had an incorrect umask set (#15036). - Fixed a bug where the remote parameter to the Libpod API's Build endpoint for Images was nonfunctional (#13831). - Fixed a bug where the Libpod List endpoint for Containers did not return the application/json content type header when there were no containers present (#14647). - Fixed a bug where the Compat Stats endpoint for Containers could return incorrect memory limits (#14676). - Fixed a bug where the Compat List and Inspect endpoints for Containers could return incorrect strings for container status. - Fixed a bug where the Compat Create endpoint for Containers did not properly handle disabling healthchecks (#14493). - Fixed a bug where the Compat Create endpoint for Networks did not support the mtu, name, mode, and parent options (#14482). - Fixed a bug where the Compat Create endpoint for Networks did not allow the creation of networks name bridge (#14983). - Fixed a bug where the Compat Inspect endpoint for Networks did not properly set netmasks in the SecondaryIPAddresses and SecondaryIPv6Addresses fields (#14674). - The Libpod Stats endpoint for Pods now supports streaming output via two new parameters, stream and delay (#14674). * Misc - Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server. - The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time. - Podman Machine support for QEMU installations at non-default paths has been improved. - The podman machine ssh command no longer prints spurious warnings every time it is run. - When accessing the WSL prompt on Windows, the rootless user will be preferred. - The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty. - The podman system prune command now no longer prints the Deleted Images header if no images were pruned. - The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573). - Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338) - Updated the containers/image library to v5.22.0 - Updated the containers/storage library to v1.42.0 (fixes bsc#1196751) - Updated the containers/common library to v0.49.1 - Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884). - Fixed an incorrect release note about regexp. - A new MacOS installer (via pkginstaller) is now supported. ++++ timezone: - timezone update 2022b: * Chile's DST is delayed by a week in September 2022 boo#1202324 * Iran no longer observes DST after 2022 * Rename Europe/Kiev to Europe/Kyiv * New zic -R option * Vanguard form now uses %z * Finish moving duplicate-since-1970 zones to 'backzone' ------------------------------------------------------------------ ------------------ 2022-8-10 - Aug 10 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit-machines: - Require qemu USB drivers needed by virt-install (bsc#1202166) ++++ iproute2: - update to 5.19: * ip/iplink_virt_wifi: add support for virt_wifi * Update kernel headers * libnetlink: Add filtering to rtnl_statsdump_req_filter() * ipstats: Add a "set" command * ipstats: Add a group "link" * libbpf: Use bpf_object__load instead of bpf_object__load_xattr * uapi: change name for zerocopy sendfile in tls * bridge: vxlan device vnifilter support * f_flower: Add num of vlans parameter ++++ kernel-default: - config: Disable reiserfs kernel module (bsc#1202309). Future access of reiserfs file systems can be done by using the FUSE implementation of reiserfs that ships with GRUB. $ grub2-mount /path/to/mountpoint - commit db8891f - kbuild: dummy-tools: pretend we understand __LONG_DOUBLE_128__ (ppc config fix). - Update config files. This sets PPC_LONG_DOUBLE_128 automatically and allows us to set DRM_AMD_SECURE_DISPLAY too. I set it to y to copy other architectures. - commit 48dfdff ++++ llvm15: - Add WebAssembly support for all architectures. ++++ at-spi2-core: - Update to version 2.45.90: + xml: - Add some documentation. - Fix event arguments. - Add some missing DeviceEventController methods. + Bind the AT-SPI bus to the graphical session. + Mark bus service as belonging to the session slice. + Add ATSPI_ROLE_PUSH_BUTTON_MENU. + Add an "announcement" event/signal to allow objects to send notifications. + Various code clean-ups and test improvements. - Add pkgconfig(libxml-2.0) BuildRequires: New dependency. - Add new sub-packages from the now included atk and at-spi2-atk packages: libatk-1_0-0, libatk-bridge-2_0-0 and typelib-1_0-Atk-1_0. - Provide/Obsolete at-spi2-atk-gtk2 by the main package. ++++ efivar: - Add efivar-bsc1202209-fix-glibc-2.36-build.patch to fix the build error against glibc 2.36 (bsc#1202209) ++++ pango: - Update to version 1.50.9: + Apply show flags to line separators. + Fix a thread-safety problem. ++++ openSUSE-build-key: - add gpg-pubkey-29b700a4-62b07e22.asc (bsc#1199184) ++++ python-pbr: - update to 5.9.0: * Future-proofing pyproject.toml * Use importlib-metadata for runtime package version lookups * Drop wheel from pyproject.toml examples * Changed minversion in tox to 3.18.0 ++++ rust-keylime: - Update to version 0.1.0+git.1659977521.0186093: * Fix display of mb measurement file path * Add more helpful error when config file is not found * Fix small comment about implementing TPM ownership * main: die when cannot drop privileges * keylime.conf: add run_as section * Use Rust agent-specific config in Makefile * Fix typo in listen_notifications option in keylime.conf * tpm: Support pre-existing EK * Set swtpm context which is later used for test filtering * Add GitLeaks configuration to ignore RSA key used for testing * Handle whitespace in keylime.conf - Rename keylime.conf.diff to keylime-agent.conf.diff - Drop 0001-main-die-when-cannot-drop-privileges.patch, as is already merged upstream - Add bindgen.patch to add more architectures ++++ vim: - Updated to version 9.0.0181, fixes the following problems * Comment about tabpage line above the wrong code. * After CTRL-Left-mouse click a mouse scroll also has CTRL. * Debugger test may fail when $CWD is very long. * Not enough characters accepted for 'spellfile'. * Truncating virtual text after a line not implemented. Cursor positioning wrong with Newline in the text. * execute() does not use the "legacy" command modifier. * "delmenu" does not remove autocmmands. Running menu test function alone fails. * Crash when adding and removing virtual text. (Ben Jackson) * Cursor positioned after virtual text in empty line. * Text property cannot override 'cursorline' highlight. * Substitute that joins lines drops text properties. * Missing part of change for "override" flag. * Cursor positioned wrong after two text properties with virtual text and "below" alignment. (Tim Pope) * A "below" aligned text property gets 'showbreak' displayed. * Test for fuzzy completion fails sometimes. * Error for using #{ in an expression is a bit confusing. * A "below" aligned text property does not work with 'nowrap'. * Warning for unused argument in small build. * No fold and sign column for virtual text with "below" align and 'nowrap'. * Text properties wrong after splitting a line. * Text properties with "right" and "after" alignment displayed wrong with 'nowrap'. * Giving E1170 only in an expression is confusing. * 'showbreak' displayed below truncated "after" text prop. * With 'nowrap' "below" property not displayed correctly. * Cannot build with small features. * Some diff mode tests fail. * Warning for uninitialized variable. (Tony Mechelynck) * Text property "below" gets indent if 'breakindent' is set. (Tim Pope) * Text property not adjusted for text inserted with "p". * Using freed memory with put command. * Looking up a text property type by ID is slow. * When using text properties the line text length is computed twice. * Checking for text properties could be a bit more efficient. * Cursor positioned wrong with two virtual text properties close together. (Ben Jackson) * Insufficient testing for line2byte() with text properties. * Various minor code formatting issues. * Quickfix line highlight is overruled by 'cursorline'. * Trying to allocate zero bytes. * Assert fails only on MS-Windows. * No error for using "#{ comment" in a compiled function. * Spell checking for capital not working with trailing space. * Checking character options is duplicated and incomplete. * Cursor position wrong with 'virtualedit' and mouse click after end of the line. (Hermann Mayer) * Cursor position wrong with virtual text before Tab. * Cursor position wrong with wrapping virtual text in empty line. * Stray logfile appears when running tests. ------------------------------------------------------------------ ------------------ 2022-8-9 - Aug 9 2022 ------------------- ------------------------------------------------------------------ ++++ coreutils: - refresh coreutils-i18n.patch from Fedora to make expand and unexpand more similar ++++ gdk-pixbuf: - Update to version 2.42.9: + Fix the check for maximum value of LZW initial code size (boo#1194633 CVE-2021-44648). + Use CMake for dependencies on Windows/MSVC. + Add option for building tests. + Move man pages to reStructuredText. + Disable relocation when built as a static libary on Windows. + Update wrap file for libjpeg-turbo. + Limit the memory size when loading image data. - Add docutils and pkgconfig(gi-docgen) BuildRequires: New dependencies. ++++ glib-networking: - Update to version 2.74.beta: + Drop environment proxy resolver to lowest priority. ++++ kernel-default: - Update config files -- set SECURITY_SELINUX_CHECKREQPROT_VALUE=0 (bsc#1202280) - commit 6a791bc - Revert "zram: remove double compression logic" (bsc#1202203). - commit 9739fe2 - mt76: mt7921e: fix crash in chip reset fail (bsc#1201845). - commit 6263241 - tools bpftool: Don't display disassembler-four-args feature test (bsc#1202195). - tools bpftool: Fix compilation error with new binutils (bsc#1202195). - tools bpf_jit_disasm: Don't display disassembler-four-args feature test (bsc#1202195). - tools bpf_jit_disasm: Fix compilation error with new binutils (bsc#1202195). - tools perf: Fix compilation error with new binutils (bsc#1202195). - tools include: add dis-asm-compat.h to handle version differences (bsc#1202195). - tools build: Don't display disassembler-four-args feature test (bsc#1202195). - tools build: Add feature test for init_disassemble_info API changes (bsc#1202195). - commit fa8853d - series.conf: remove blank line from sorted section It causes troubles when adding multiple patches -- the current ones are duplicated then. - commit 309e362 ++++ llvm15: - Add llvm-glibc-2-36.patch in order to address boo#1202215. ++++ util-linux: - Use %_pam_vendordir ++++ libcontainers-common: - Fix obvious typo in containers.conf ++++ ncurses: - Add ncurses patch 20220806 + amend end_of_stream() to allow for input files without a final newline. + check for non-textfiles to tic. ++++ libnftnl: - Update to release 1.2.3 * This release includes a compile time bugfix with clang and - D_FORTIFY_SOURCE=2. ++++ polkit: - Update to version 121: + Addition of duktape as a JS engine backend. + Other small fixes and improvements. For more details, visit: gitlab.freedesktop.org/polkit/polkit/-/blob/121/NEWS.md + Updated translations. - Drop merged-upstream patches: + CVE-2021-4034-pkexec-fix.patch; + 0001-CVE-2021-4115-GHSL-2021-077-fix.patch; + duktape-support.patch; + pkexec.patch. - Replace Intltool with Gettext as a build requirement following the migration from last release (0.120). - Add Meson as a build requirement while dropping Libtool and replace all Autotools macros with Meson ones. And pass the following options to Meson: session_tracking=libsystemd-login; systemdsystemunitdir=%{_unitdir}; os_type=suse; pam_module_dir=%{_pam_moduledir}; pam_prefix=%{_pam_vendordir}; examples=true; tests=true; gtk_doc=true; man=true and js_engine=duktape. - Drop no longer needed Libtool as a build requirement, following Autotools replacement. - Add explicit pkgconfig module build requirements for glib-2.0 and gobject-2.0 that are searched by the build scripts. They were already being pulled by their siblings [pkgconfig(gio-2.0) and pkgconfig(gio-unix-2.0)]. - Drop conditional macro, which was wrapping "BuildArch: noarch" for the doc subpackage, based on long gone EOLed (open)SUSE release (11.2). - Add missing 'Requires(post): permissions' for the pkexec subpackage. - Add python3-dbus-python and python3-python-dbusmock as build requirements in order to run test in the check section. - Add polkit-fix-pam-prefix.patch to use the value of pam_prefix Meson option, like it was designed to, rather than hard-coded path for pam configuration files. - Remove unneeded executable bit from 50-default.rules file. ++++ shadow: - Remove duplicate pam.d/useradd entry - Provide /etc/login.defs.d on SLE15 since we support and use it ++++ usbredir: - Update to version 0.13.0: + Fix regression on unserialize data + Removes usbredirserver + Improved header length checks when unserialising data + Fix usage of command line argument in usbredirect + Fix small memory leak on usbredirect - Drop 9426fdb1.patch and dffc41c3.patch: fixed upstream. - Drop 0001-Use-D_FORTIFY_SOURCE-instead-of-Wp-D_FORTIFY_SOURCE.patch: fixed upstream. - Add keyring to validate source signature. ++++ util-linux-systemd: - Use %_pam_vendordir ------------------------------------------------------------------ ------------------ 2022-8-8 - Aug 8 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add dnsmasq.diff: missing r permissions for dnsmasq//libvirt-leaseshelper (boo#1202161) ++++ permissions: - Fix dependency from permissions-zypp-plugin to permissions. ++++ coreutils: - Remove python2 from buildrequires - appears to be a left over ++++ docker-compose: - Require docker-compose-switch to not break user expectations, as otherwise 'zypper in docker-compose' will not provide a docker-compose binary (docker-compose only provides a docker plugin, i.e. 'docker compose ...') ++++ glib-networking: - Update to version 2.74.alpha: + Add build option for toggling debug logging. + Move gettext() usage out of hot paths. + Fix tests build when using openssl. + Properly free libproxy lookup results and require libproxy 0.4.16. + Add additional validation for proxy lookup results. + Allow using static libraries via meson subprojects. + Updated translations. - Update to version 2.72.2: + Drop environment proxy resolver to lowest priority. ++++ gnutls: - FIPS: Port GnuTLS to use jitterentropy [bsc#1202146, jsc#SLE-24941] * Add new dependency on jitterentropy * Add gnutls-FIPS-jitterentropy.patch ++++ gpg2: - Fix YubiKey 5 Nano support (boo#1202201), add gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch ++++ kbd: - Use %_pam_vendordir ++++ libapparmor: - add dnsmasq.diff: missing r permissions for dnsmasq//libvirt-leaseshelper (boo#1202161) ++++ rdma-core: - skip valgrind on riscv64 ++++ gcc12: - Remove workaround for obs-service-format_spec_file. ++++ libgcrypt: - FIPS: Port libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf - Add libgcrypt-jitterentropy-3.3.0.patch * Update the internal jitterentropy to version 3.4.0 - Add libgcrypt-jitterentropy-3.4.0.patch ++++ p11-kit: - skip testsuite on qemu arches, it fails ++++ polkit: - Use %_pam_vendordir ++++ shadow: - Use %_pam_vendordir macro ++++ openssh: - Use %_pam_vendordir ++++ read-only-root-fs: - Update to version 1.0+git20220808.cd59f4f: * Fix writableagain.conf ++++ sudo: - Use %_pam_vendordir macro - Fix errors around LICENSE.md (fixes building on SLE12 SP5 again) ------------------------------------------------------------------ ------------------ 2022-8-7 - Aug 7 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - update to 22.1.5: * radv: dynamic vertex input failure * anv: KHR-GL46.tessellation_shader.single.xfb_captures_data_from_correct_stage fails on TGL * anv: GTF-GL46.gtf32.GL3Tests.packed_pixels.packed_pixels_pbo failure * anv: ICL hiz issue * Error compiling gallium-nine on i686 using musl libc * dEQP-VK.memory.mapping.dedicated_alloc failing on bsw and gen9atom ++++ Mesa-drivers: - update to 22.1.5: * radv: dynamic vertex input failure * anv: KHR-GL46.tessellation_shader.single.xfb_captures_data_from_correct_stage fails on TGL * anv: GTF-GL46.gtf32.GL3Tests.packed_pixels.packed_pixels_pbo failure * anv: ICL hiz issue * Error compiling gallium-nine on i686 using musl libc * dEQP-VK.memory.mapping.dedicated_alloc failing on bsw and gen9atom ------------------------------------------------------------------ ------------------ 2022-8-6 - Aug 6 2022 ------------------- ------------------------------------------------------------------ ++++ glib2: - Update to version 2.73.3: + Revitalize G_REGEX_OPTIMIZE flag and use it to enable PCRE JIT compiler. + Fix some regressions due to the PCRE2 port. + Fix a pidfd leak that was introduced in the previous release. + Support compilation without a C++ toolchain. + GDBus: Use namespace-friendly protocol for Linux message buses, and optionally other connections. + Fix potential races in multi-threaded signal connections handling. + Add back gio-launch-desktop to redirect stdout/stderr of launched GDesktopAppInfo's to the journal with proper parent + Executables that are invoked when installing other software, typically from packaging system triggers, can now be installed into architecture-dependent locations. Unix OS distributors who install GLib for more than one architecture in parallel (multiarch or multilib installations) should consider building with -Dmultiarch=true, installing the bin/glib-compile-schemas and bin/gio-querymodules symbolic links in packages for the primary architecture, and omitting those symlinks from packages for secondary architectures. + Some enumerators introduced in previous releases have been changed, for better introspection results: - G_MARKUP_PARSE_FLAGS_NONE renamed to G_MARKUP_DEFAULT_FLAGS - G_TLS_CERTIFICATE_FLAGS_NONE renamed to G_TLS_CERTIFICATE_NO_FLAGS - G_APPLICATION_FLAGS_NONE was deprecated, use G_APPLICATION_DEFAULT_FLAGS now. + gfileinfo: Implement xattr attribute removal. + Add support to --delete option to gio set, to unset a file attribute. + Improve default value of glib_debug option: G_ENABLE_DEBUG will be defined only if using `--buildtype=debug` or enabled via `-Dglib_debug`, but it won't ever be set if an optimized build is requested (specifically if the optimization level is not `0` or `g`) as it may be the case when using `--buildtype=debugoptimized`. + Probably the first revision of any GNOME module ever released from Cuba :) + Bugs fixed: glgo#GNOME/Glib#566, glgo#GNOME/Glib#1187, glgo#GNOME/Glib#2509, glgo#GNOME/Glib#2542, glgo#GNOME/Glib#2588, glgo#GNOME/Glib#2682, glgo#GNOME/Glib#2692, glgo#GNOME/Glib#2694, glgo#GNOME/Glib#2699, glgo#GNOME/Glib#2700, glgo#GNOME/Glib#2703, glgo#GNOME/Glib#2705, glgo#GNOME/Glib#2708, glgo#GNOME/Glib!2299, glgo#GNOME/Glib!2759, glgo#GNOME/Glib!2812, glgo#GNOME/Glib!2813, glgo#GNOME/Glib!2814, glgo#GNOME/Glib!2815, glgo#GNOME/Glib!2818, glgo#GNOME/Glib!2822, glgo#GNOME/Glib!2823, glgo#GNOME/Glib!2825, glgo#GNOME/Glib!2826, glgo#GNOME/Glib!2827, glgo#GNOME/Glib!2829, glgo#GNOME/Glib!2830, glgo#GNOME/Glib!2832, glgo#GNOME/Glib!2833, glgo#GNOME/Glib!2835, glgo#GNOME/Glib!2836, glgo#GNOME/Glib!2851, glgo#GNOME/Glib!2853, glgo#GNOME/Glib!2854. + Updated translations. ++++ kernel-default: - Update patches.suse/Revert-Revert-tcp-change-pingpong-threshold-to-3.patch (bsc#1202188). Add a reference and refresh. - commit 5ea3c65 - Revert "Revert "tcp: change pingpong threshold to 3"" (eventlet tests fix). - commit 8268096 ------------------------------------------------------------------ ------------------ 2022-8-5 - Aug 5 2022 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - Update to version 84.87+git20220727.43b9e53: * Use HOSTTYPE in MACHTYPE * Move suse to VENDOR * Use /var/mail for MAIL ++++ btrfsprogs: - Remove reiserfs conversion from releases after SLE/Leap 15.X in preparation to remove the reiserfs package. ++++ cockpit-tukit: - Update to version 0.0.3~git28.b446f50: * Add missing plurals * Added translation using Weblate (Portuguese) * Translated using Weblate (Polish) * Add Swedish Translation * added/corrected de.po for german * initial version of czech translation * Add support for dict-format snapshots List * Fix URIError: malformed URI sequence * Reformat spec to match Factory ++++ kernel-default: - series.conf: cleanup - update upstream references and resort: - patches.suse/0001-drm-Always-warn-if-user-defined-modes-are-not-suppor.patch - patches.suse/0001-drm-client-Don-t-add-new-command-line-mode.patch - patches.suse/0001-drm-client-Look-for-command-line-modes-first.patch - update upstream references and move into sorted section: - patches.suse/ath9k-fix-use-after-free-in-ath9k_hif_usb_rx_cb.patch - commit 35466a9 ++++ kernel-firmware: - Update to version 20220804 (git commit e6185d5197fd): * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * Mellanox: Add new mlxsw_spectrum firmware xx.2010.3020 * linux-firmware: Add firmware for Cirrus CS35L41 * i915: Add GuC v70.4.1 for DG2 * i915: Add DMC v2.07 for DG2 * amdgpu partially revert "amdgpu: update beige goby to release 22.20" * mediatek: Update mt8183/mt8192/mt8195 SCP firmware * amdgpu: update renoir to release 22.20 * amdgpu: update beige goby to release 22.20 * amdgpu: update yellow carp to release 22.20 * amdgpu: update dimgrey cavefish to release 22.20 * amdgpu: update vega20 to release 22.20 * amdgpu: update vega12 to release 22.20 * amdgpu: update raven to release 22.20 * amdgpu: update navy flounder to release 22.20 * amdgpu: update vega10 to release 22.20 * amdgpu: update sienna cichlid to release 22.20 * amdgpu: update navi14 to release 22.20 * amdgpu: update green sardine to release 22.20 * amdgpu: update vangogh to release 22.20 * amdgpu: update navi12 to release 22.20 * amdgpu: update navi10 to release 22.20 * amdgpu: update picasso to release 22.20 * amdgpu: update aldebaran to release 22.20 * amdgpu: update psp 13.0.8 TA firmware * WHENCE: Fix the dangling symlinks fix - Revert the previous rtw88/rtw8822c_fw.bin change due to regression on HP Pavilion 15 (bsc#1202152) - Update alias from 5.19 ++++ read-only-root-fs: - Update to version 1.0+git20220805.4a3d850: * Work around read-only state of subvolumes in a different way ++++ virt-manager: - Update to 4.1.0 * Fix build with setuptools-61 (Peter Alfredsen, Miro Hrončok) * add UI and cli support for qemu-vdagent channel (Jonathon Jongsma) * cli: More --iothreads suboptions (Lin Ma) * launch_security: Use SEV-ES policy=0x07 if host supports it (Charles * Arnold) * cli: Add support for URL query with disks (Martin Kletzander) - Drop patches merged upstream: * c6107419-tests-Drop-usage-of-sgio-unfiltered.patch * 90e13549-Fix-build-with-setuptools-61+.patch * 46dc0616-setup-add-bits-for-setuptools-61.patch * 9ac94ef7-tests-Fix-another-sgio-filtered-case.patch * 34662fec-tests-Fix-with-latest-argcomplete.patch * d51541e1-Fix-UI-rename-with-firmware-efi.patch * b8a77805-domain-cpu-Clear-migratable-when-changing-to-custom-cpu.patch * 0d84bcfb-cli-Add-iothreadids-attributes-thread_pool_min-and-thread_pool_max.patch * 424283ad-launch_security-Use-SEV-ES-policy-0x07-if-host-supports-it.patch - Refresh patches * virtman-add-tooltip-to-firmware.patch - - changed surrounding imports * virtinst-set-cache-mode-unsafe-for-install.patch - - the patch changes the expected output in tests - Refresh test skips ------------------------------------------------------------------ ------------------ 2022-8-4 - Aug 4 2022 ------------------- ------------------------------------------------------------------ ++++ protobuf: - add 10355.patch to fix soversioning ------------------------------------------------------------------ ------------------ 2022-8-3 - Aug 3 2022 ------------------- ------------------------------------------------------------------ ++++ glib2: - Update to version 2.73.2: + Replace PCRE1 with PCRE2. + Preserve destruction order in gdataset, fixing various crashes during objects disposal. + Require C99 __VA_ARGS__. + Add NONE or DEFAULT members to most flags types. + GFile: Add some missing async APIs. + Improve internal and process documentation. + Add atomic compare-and-exchange APIs returning previous value. + Add G_DEFINE_ENUM_TYPE and G_DEFINE_ENUM_VALUE macros. + Add platform-independent G_ALWAYS_INLINE and G_NO_INLINE. + Use waitid() on pidfds rather than a global SIGCHLD handler. ++++ grep: - Skip more gnulib tests in qemu build ++++ texinfo: - In case of an update of package info: do never remove existing info page from dir file (boo#1201852) ++++ kernel-default: - Update config files (bsc#1184924). +RANDOM_TRUST_BOOTLOADER on arm This is set on all other platforms in Tumbleweed, and only on ARM in Leap. The ARM platform is unique in that it can have random source defined in EFI firmware as well as device tree, and we don't test this configuration in Factory because of the inverted config situation betwween Tumbleweed and Leap. - commit 1275841 ++++ libbpf: - Update to release 0.8.1: * make shared xsk creation network namespace aware ++++ libcontainers-common: - Resync containers.conf / storage.conf with Fedora - Create /etc/containers/registries.conf.d and add 000-shortnames.conf to it. ++++ harfbuzz: - harfbuzz 5.1.0: + More extensive buffer tracing messages + Fix hb-ft regression in bitmap fonts rendering + Support extension promotion of lookups in hb-subset-repacker + A new HB_GLYPH_FLAG_SAFE_TO_INSERT_TATWEEL for scripts that use elongation (e.g. Arabic) to signify where it is safe to insert tatweel glyph without interrupting shaping + Add --safe-to-insert-tatweel to hb-shape tool - add harfbuzz-5.1.0-repacker-fix-signedness-of-char-in-tests.patch from upstream to fix ARM and PPC builds ++++ jitterentropy: - updated to 3.4.0 * enhancement: add API call jent_set_fips_failure_callback as requested by Daniel Ojalvo * fix: Change the SHA-3 integration: The entropy pool is now a SHA-3 state. It is filled with the time delta containing entropy and auxiliary data that does not contain entropy using a SHA update operation. The auxiliary data is calculated by a SHA-3 hashing of some varying state data. The time delta that contains entropy is measured about the SHA-3 hasing of the auxiliary data. This satisfies FIPS 140-3 IG D.K resolutions 4, 6, and 8. * enhancement: add CMake support by Andrew Hopkins - updated to 3.3.1 * fix: bug fix in initialization logic by Vladis Dronov * fix: use __asm__ instead of asm to suit the C11 standard - added a -devel-static package to be able to link it static. ++++ polkit: - add split-provides for polkit:/usr/bin/pkexec. (bsc#1202070) ++++ python-M2Crypto: - update CVE-2020-25657-Bleichenbacher-attack.patch to actually contain the fix rather than just being empty (CVE-2020-25657, bsc#1178829) ++++ vim: - Updated to version 9.0.0135, fixes the following problems - boo#1202046 - CVE-2022-2571 - boo#1202049 - CVE-2022-2580 - boo#1202050 - CVE-2022-2581 - boo#1202051 - CVE-2022-2598 * Coverity warns for double free. * Some compilers warn for using an uninitialized variable. (Tony Mechelynck) * No test for what patch 8.1.1424 fixes. * When switching window in autocmd the restored cursor position may be wrong. * Star register is changed when deleting and both "unnamed" and "unnamedplus" are in 'clipboard'. * Error in autoload script not reported for 'foldexpr'. * Compiler warning for size_t to int conversion. * Command line completion of user command may have duplicates. (Dani Dickstein) * Cannot interrupt global command from command line. * ModeChanged event not triggered when leaving the cmdline window. * Using "terraform" filetype for .tfvars file is bad. * ":write" fails after ":file name" and then ":edit". * Tabline is not redrawn when entering command line. * MS-Windows: CTRL-[ on Belgian keyboard does not work like Esc. * Pattern for detecting bitbake files is not sufficient. * Fuzzy argument completion doesn't work for shell commands. * No error when assigning bool to a string option with setwinvar(). * Duplicate error number. * Plugins cannot change v:completed_item. * Sway config files are recognized as i3config. * Cursor restored unexpected with nested autocommand. * Conditions are always true. * Flag "new_value_alloced" is always true. * Long quickfix line is truncated for :clist. * missing include file in timer_create configure check. * Scrollback can be wrong after redrawing the command line. * Get hit-enter prompt for system() when '!' is in 'guioptions'. * Invalid memory access in diff mode with "dp" and undo. * Reading past end of line with insert mode completion. * If running configure with cached results -lrt may be missing. * Illegal memory access when pattern starts with illegal byte. * Illegal byte regexp test doesn't fail when fix is reversed. * Condition always has the same value. * Configure check for timer_create may give wrong error. * Writing over the end of a buffer on stack when making list of spell suggestions. * Help tag generation picks up words in code examples. * "nocombine" is missing from synIDattr(). * has() is not strict about parsing the patch version. * The command line takes up space even when not used. * When 'cmdheight' is zero pressing ':' may scroll a window. * Virtual text not displayed if 'signcolumn' is "yes". * Text of removed textprop with text is not freed. * No test for what patch 9.0.0155 fixes. * Tiny chance that creating a backup file fails. * Cannot put virtual text after or below a line. * Breakindent test fails. * Cannot build with small features. * Code has more indent than needed. * Cursor positioned wrong with virtual text after the line. * Expanding file names fails in directory with more than 255 entries. * Unused variable. * Coverity complains about possible double free. * Compiler warning for int/size_t usage. * Cursor position wrong when inserting around virtual text. * Virtual text with Tab is not displayed correctly. * Multi-byte characters in virtual text not handled correctly. * Virtual text after line moves to joined line. (Yegappan Lakshmanan) * No test for text property with column zero. ++++ virt-manager: - Upstream bug fixes (bsc#1027942) c6107419-tests-Drop-usage-of-sgio-unfiltered.patch 9ac94ef7-tests-Fix-another-sgio-filtered-case.patch b8a77805-domain-cpu-Clear-migratable-when-changing-to-custom-cpu.patch 0d84bcfb-cli-Add-iothreadids-attributes-thread_pool_min-and-thread_pool_max.patch 90e13549-Fix-build-with-setuptools-61+.patch 424283ad-launch_security-Use-SEV-ES-policy-0x07-if-host-supports-it.patch - Modified virtman-add-sev-memory-support.patch - Renamed upstream patches virtman-pr381-setuptools-61.patch to 46dc0616-setup-add-bits-for-setuptools-61.patch virtman-34662fe-argcomplete.patch to 34662fec-tests-Fix-with-latest-argcomplete.patch ------------------------------------------------------------------ ------------------ 2022-8-2 - Aug 2 2022 ------------------- ------------------------------------------------------------------ ++++ coreutils: - add missing hostname buildrequires ++++ docker-compose: - Update to version 2.9.0: * switch tests back to '_' separator for networks and volumes * update to compose-go v1.4.0 as previous version introduced breaking changes * Overwrite parent commands PreRun code for `compose version` * Improve descriptions about tests in CONTRIBUTING.md * Fix LinkLocalIPs in V2 * Link to BUILDING.md for testing instructions ++++ docker-compose-switch: - add explicit golang API dependency - cleanup ++++ transactional-update: - Version 4.0.0 - Last minute interface change: Changed "List" method of Snapshot D-Bus interface to return a map of properties instead of a comma separated list of strings; this will allow retrieving the snapshot properties even if they contain a comma in their value [boo#1202147] - Remove "Snapshot.hpp" as a public API for now - all public functionality is part of SnapshotManager.hpp - Add header file documentation for SnapshotManager.hpp - Add method to delete snapshot [gh#openSUSE/transactional-update#52] - Allow setting description of snapshot [gh#openSUSE/transactional-update#55] - create_dirs_from_rpmdb: set SELinux file context of missing directories [gh#openSUSE/transactional-update#84], [bsc#1197242] - Fix broken logrotate due to typo in config file [gh#openSUSE/transactional-update#87] - create_dirs_from_rpmdb: Fix handling return code of create_dirs() [gh#openSUSE/transactional-update#86] - Fix broken "shell" prompt after selfupdate - Add documented D-Bus interface definition files - Add tukit_sm_get_current and tukit_sm_get_default to C interface - Fixed typos ++++ glibc: - Update to glibc 2.36 Major new features: * Support for DT_RELR relative relocation format has been added to glibc * On Linux, the pidfd_open, pidfd_getfd, and pidfd_send_signal functions have been added * On Linux, the process_madvise function has been added * On Linux, the process_mrelease function has been added * The “no-aaaa” DNS stub resolver option has been added * On Linux, the fsopen, fsmount, move_mount, fsconfig, fspick, open_tree, and mount_setattr have been added * localedef now accepts locale definition files encoded in UTF-8 * Support for the mbrtoc8 and c8rtomb multibyte/UTF-8 character conversion functions has been added per the ISO C2X N2653 and C++20 P0482R6 proposals * The functions arc4random, arc4random_buf, and arc4random_uniform have been added Deprecated and removed features, and other changes affecting compatibility: * Support for prelink will be removed in the next release * The Linux kernel version check has been removed along with the LD_ASSUME_KERNEL environment variable * On Linux, The LD_LIBRARY_VERSION environment variable has been removed - get-nprocs-sched-uninit-read.patch, get-nprocs-inaccurate.patch, strcmp-rtm-fallback.path, pt-load-invalid-hole.patch, localedef-ld-monetary.patch, nptl-spurious-eintr.patch, strncpy-power9-vsx.patch, nptl-cleanup-async-restore.patch, read-chk-cancel.patch, wcrtomb-fortify.patch, nptl-cleanup-async-restore-2.patch: Removed ++++ kernel-default: - Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - commit 9816878 ++++ python310-core: - Update to 3.10.6: - gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. Vulnerability discovered, and initial fix proposed, by Hamza Avvan. (bsc#1202624, CVE-2021-28861) - gh-92888: Fix memoryview use after free when accessing the backing buffer in certain cases. - gh-95355: _PyPegen_Parser_New now properly detects token memory allocation errors. Patch by Honglin Zhu. - gh-94938: Fix error detection in some builtin functions when keyword argument name is an instance of a str subclass with overloaded __eq__ and __hash__. Previously it could cause SystemError or other undesired behavior. - gh-94949: ast.parse() will no longer parse parenthesized context managers when passed feature_version less than (3, 9). Patch by Shantanu Jain. - gh-94947: ast.parse() will no longer parse assignment expressions when passed feature_version less than (3, 8). Patch by Shantanu Jain. - gh-94869: Fix the column offsets for some expressions in multi-line f-strings ast nodes. Patch by Pablo Galindo. - gh-91153: Fix an issue where a bytearray item assignment could crash if it’s resized by the new value’s __index__() method. - gh-94329: Compile and run code with unpacking of extremely large sequences (1000s of elements). Such code failed to compile. It now compiles and runs correctly. - gh-94360: Fixed a tokenizer crash when reading encoded files with syntax errors from stdin with non utf-8 encoded text. Patch by Pablo Galindo - gh-94192: Fix error for dictionary literals with invalid expression as value. - gh-93964: Strengthened compiler overflow checks to prevent crashes when compiling very large source files. - gh-93671: Fix some exponential backtrace case happening with deeply nested sequence patterns in match statements. Patch by Pablo Galindo - gh-93021: Fix the __text_signature__ for __get__() methods implemented in C. Patch by Jelle Zijlstra. - gh-92930: Fixed a crash in _pickle.c from mutating collections during __reduce__ or persistent_id. - gh-92914: Always round the allocated size for lists up to the nearest even number. - gh-92858: Improve error message for some suites with syntax error before ‘:’ - gh-95339: Update bundled pip to 22.2.1. - gh-95045: Fix GC crash when deallocating _lsprof.Profiler by untracking it before calling any callbacks. Patch by Kumar Aditya. - gh-95087: Fix IndexError in parsing invalid date in the email module. - gh-95199: Upgrade bundled setuptools to 63.2.0. - gh-95194: Upgrade bundled pip to 22.2. - gh-93899: Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK and os.EFD_SEMAPHORE flags on older kernel versions where these flags are not present. Patch by Kumar Aditya. - gh-95166: Fix concurrent.futures.Executor.map() to cancel the currently waiting on future on an error - e.g. TimeoutError or KeyboardInterrupt. - gh-93157: Fix fileinput module didn’t support errors option when inplace is true. - gh-94821: Fix binding of unix socket to empty address on Linux to use an available address from the abstract namespace, instead of “0”. - gh-94736: Fix crash when deallocating an instance of a subclass of _multiprocessing.SemLock. Patch by Kumar Aditya. - gh-94637: SSLContext.set_default_verify_paths() now releases the GIL around SSL_CTX_set_default_verify_paths call. The function call performs I/O and CPU intensive work. - gh-94510: Re-entrant calls to sys.setprofile() and sys.settrace() now raise RuntimeError. Patch by Pablo Galindo. - gh-92336: Fix bug where linecache.getline() fails on bad files with UnicodeDecodeError or SyntaxError. It now returns an empty string as per the documentation. - gh-89988: Fix memory leak in pickle.Pickler when looking up dispatch_table. Patch by Kumar Aditya. - gh-94254: Fixed types of struct module to be immutable. Patch by Kumar Aditya. - gh-94245: Fix pickling and copying of typing.Tuple[()]. - gh-94207: Made _struct.Struct GC-tracked in order to fix a reference leak in the _struct module. - gh-94101: Manual instantiation of ssl.SSLSession objects is no longer allowed as it lead to misconfigured instances that crashed the interpreter when attributes where accessed on them. - gh-84753: inspect.iscoroutinefunction(), inspect.isgeneratorfunction(), and inspect.isasyncgenfunction() now properly return True for duck-typed function-like objects like instances of unittest.mock.AsyncMock. - This makes inspect.iscoroutinefunction() consistent with the behavior of asyncio.iscoroutinefunction(). Patch by Mehdi ABAAKOUK. - gh-83499: Fix double closing of file description in tempfile. - gh-79512: Fixed names and __module__ value of weakref classes ReferenceType, ProxyType, CallableProxyType. It makes them pickleable. - gh-90494: copy.copy() and copy.deepcopy() now always raise a TypeError if __reduce__() returns a tuple with length 6 instead of silently ignore the 6th item or produce incorrect result. - gh-90549: Fix a multiprocessing bug where a global named resource (such as a semaphore) could leak when a child process is spawned (as opposed to forked). - gh-79579: sqlite3 now correctly detects DML queries with leading comments. Patch by Erlend E. Aasland. - gh-93421: Update sqlite3.Cursor.rowcount when a DML statement has run to completion. This fixes the row count for SQL queries like UPDATE ... RETURNING. Patch by Erlend E. Aasland. - gh-91810: Suppress writing an XML declaration in open files in ElementTree.write() with encoding='unicode' and xml_declaration=None. - gh-93353: Fix the importlib.resources.as_file() context manager to remove the temporary file if destroyed late during Python finalization: keep a local reference to the os.remove() function. Patch by Victor Stinner. - gh-83658: Make multiprocessing.Pool raise an exception if maxtasksperchild is not None or a positive int. - gh-74696: shutil.make_archive() no longer temporarily changes the current working directory during creation of standard .zip or tar archives. - gh-91577: Move imports in SharedMemory methods to module level so that they can be executed late in python finalization. - bpo-47231: Fixed an issue with inconsistent trailing slashes in tarfile longname directories. - bpo-46755: In QueueHandler, clear stack_info from LogRecord to prevent stack trace from being written twice. - bpo-46053: Fix OSS audio support on NetBSD. - bpo-46197: Fix ensurepip environment isolation for subprocess running pip. - bpo-45924: Fix asyncio incorrect traceback when future’s exception is raised multiple times. Patch by Kumar Aditya. - bpo-34828: sqlite3.Connection.iterdump() now handles databases that use AUTOINCREMENT in one or more tables. - gh-94321: Document the PEP 246 style protocol type sqlite3.PrepareProtocol. - gh-86128: Document a limitation in ThreadPoolExecutor where its exit handler is executed before any handlers in atexit. - gh-61162: Clarify sqlite3 behavior when Using the connection as a context manager. - gh-87260: Align sqlite3 argument specs with the actual implementation. - gh-86986: The minimum Sphinx version required to build the documentation is now 3.2. - gh-88831: Augmented documentation of asyncio.create_task(). Clarified the need to keep strong references to tasks and added a code snippet detailing how to to this. - bpo-47161: Document that pathlib.PurePath does not collapse initial double slashes because they denote UNC paths. - gh-95280: Fix problem with test_ssl test_get_ciphers on systems that require perfect forward secrecy (PFS) ciphers. - gh-95212: Make multiprocessing test case test_shared_memory_recreate parallel-safe. - gh-91330: Added more tests for dataclasses to cover behavior with data descriptor-based fields. - gh-94208: test_ssl is now checking for supported TLS version and protocols in more tests. - gh-93951: In test_bdb.StateTestCase.test_skip, avoid including auxiliary importers. - gh-93957: Provide nicer error reporting from subprocesses in test_venv.EnsurePipTest.test_with_pip. - gh-57539: Increase calendar test coverage for calendar.LocaleTextCalendar.formatweekday(). - gh-92886: Fixing tests that fail when running with optimizations (-O) in test_zipimport.py - bpo-47016: Create a GitHub Actions workflow for verifying bundled pip and setuptools. Patch by Illia Volochii and Adam Turner. - gh-94841: Fix the possible performance regression of PyObject_Free() compiled with MSVC version 1932. - gh-95511: Fix the Shell context menu copy-with-prompts bug of copying an extra line when one selects whole lines. - gh-95471: In the Edit menu, move Select All and add a new separator. - gh-95411: Enable using IDLE’s module browser with .pyw files. - gh-89610: Add .pyi as a recognized extension for IDLE on macOS. This allows opening stub files by double clicking on them in the Finder. - gh-94538: Fix Argument Clinic output to custom file destinations. Patch by Erlend E. Aasland. - gh-94430: Allow parameters named module and self with custom C names in Argument Clinic. Patch by Erlend E. Aasland - gh-94930: Fix SystemError raised when PyArg_ParseTupleAndKeywords() is used with # in (...) but without PY_SSIZE_T_CLEAN defined. - gh-94864: Fix PyArg_Parse* with deprecated format units “u” and “Z”. It returned 1 (success) when warnings are turned into exceptions. - Reapply patches - bpo-31046_ensurepip_honours_prefix.patch - fix_configure_rst.patch - no-skipif-doctests.patch - skip-test_pyobject_freed_is_freed.patch ++++ libvirt: - Update to libvirt 8.6.0 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v8-6-0-2022-08-01 ++++ perl-Bootloader: - move binaries from /sbin to /usr/sbin (boo#1191088) - remove /boot/boot.readme while at it so we stay out of there ++++ python310: - Update to 3.10.6: - gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. Vulnerability discovered, and initial fix proposed, by Hamza Avvan. (bsc#1202624, CVE-2021-28861) - gh-92888: Fix memoryview use after free when accessing the backing buffer in certain cases. - gh-95355: _PyPegen_Parser_New now properly detects token memory allocation errors. Patch by Honglin Zhu. - gh-94938: Fix error detection in some builtin functions when keyword argument name is an instance of a str subclass with overloaded __eq__ and __hash__. Previously it could cause SystemError or other undesired behavior. - gh-94949: ast.parse() will no longer parse parenthesized context managers when passed feature_version less than (3, 9). Patch by Shantanu Jain. - gh-94947: ast.parse() will no longer parse assignment expressions when passed feature_version less than (3, 8). Patch by Shantanu Jain. - gh-94869: Fix the column offsets for some expressions in multi-line f-strings ast nodes. Patch by Pablo Galindo. - gh-91153: Fix an issue where a bytearray item assignment could crash if it’s resized by the new value’s __index__() method. - gh-94329: Compile and run code with unpacking of extremely large sequences (1000s of elements). Such code failed to compile. It now compiles and runs correctly. - gh-94360: Fixed a tokenizer crash when reading encoded files with syntax errors from stdin with non utf-8 encoded text. Patch by Pablo Galindo - gh-94192: Fix error for dictionary literals with invalid expression as value. - gh-93964: Strengthened compiler overflow checks to prevent crashes when compiling very large source files. - gh-93671: Fix some exponential backtrace case happening with deeply nested sequence patterns in match statements. Patch by Pablo Galindo - gh-93021: Fix the __text_signature__ for __get__() methods implemented in C. Patch by Jelle Zijlstra. - gh-92930: Fixed a crash in _pickle.c from mutating collections during __reduce__ or persistent_id. - gh-92914: Always round the allocated size for lists up to the nearest even number. - gh-92858: Improve error message for some suites with syntax error before ‘:’ - gh-95339: Update bundled pip to 22.2.1. - gh-95045: Fix GC crash when deallocating _lsprof.Profiler by untracking it before calling any callbacks. Patch by Kumar Aditya. - gh-95087: Fix IndexError in parsing invalid date in the email module. - gh-95199: Upgrade bundled setuptools to 63.2.0. - gh-95194: Upgrade bundled pip to 22.2. - gh-93899: Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK and os.EFD_SEMAPHORE flags on older kernel versions where these flags are not present. Patch by Kumar Aditya. - gh-95166: Fix concurrent.futures.Executor.map() to cancel the currently waiting on future on an error - e.g. TimeoutError or KeyboardInterrupt. - gh-93157: Fix fileinput module didn’t support errors option when inplace is true. - gh-94821: Fix binding of unix socket to empty address on Linux to use an available address from the abstract namespace, instead of “0”. - gh-94736: Fix crash when deallocating an instance of a subclass of _multiprocessing.SemLock. Patch by Kumar Aditya. - gh-94637: SSLContext.set_default_verify_paths() now releases the GIL around SSL_CTX_set_default_verify_paths call. The function call performs I/O and CPU intensive work. - gh-94510: Re-entrant calls to sys.setprofile() and sys.settrace() now raise RuntimeError. Patch by Pablo Galindo. - gh-92336: Fix bug where linecache.getline() fails on bad files with UnicodeDecodeError or SyntaxError. It now returns an empty string as per the documentation. - gh-89988: Fix memory leak in pickle.Pickler when looking up dispatch_table. Patch by Kumar Aditya. - gh-94254: Fixed types of struct module to be immutable. Patch by Kumar Aditya. - gh-94245: Fix pickling and copying of typing.Tuple[()]. - gh-94207: Made _struct.Struct GC-tracked in order to fix a reference leak in the _struct module. - gh-94101: Manual instantiation of ssl.SSLSession objects is no longer allowed as it lead to misconfigured instances that crashed the interpreter when attributes where accessed on them. - gh-84753: inspect.iscoroutinefunction(), inspect.isgeneratorfunction(), and inspect.isasyncgenfunction() now properly return True for duck-typed function-like objects like instances of unittest.mock.AsyncMock. - This makes inspect.iscoroutinefunction() consistent with the behavior of asyncio.iscoroutinefunction(). Patch by Mehdi ABAAKOUK. - gh-83499: Fix double closing of file description in tempfile. - gh-79512: Fixed names and __module__ value of weakref classes ReferenceType, ProxyType, CallableProxyType. It makes them pickleable. - gh-90494: copy.copy() and copy.deepcopy() now always raise a TypeError if __reduce__() returns a tuple with length 6 instead of silently ignore the 6th item or produce incorrect result. - gh-90549: Fix a multiprocessing bug where a global named resource (such as a semaphore) could leak when a child process is spawned (as opposed to forked). - gh-79579: sqlite3 now correctly detects DML queries with leading comments. Patch by Erlend E. Aasland. - gh-93421: Update sqlite3.Cursor.rowcount when a DML statement has run to completion. This fixes the row count for SQL queries like UPDATE ... RETURNING. Patch by Erlend E. Aasland. - gh-91810: Suppress writing an XML declaration in open files in ElementTree.write() with encoding='unicode' and xml_declaration=None. - gh-93353: Fix the importlib.resources.as_file() context manager to remove the temporary file if destroyed late during Python finalization: keep a local reference to the os.remove() function. Patch by Victor Stinner. - gh-83658: Make multiprocessing.Pool raise an exception if maxtasksperchild is not None or a positive int. - gh-74696: shutil.make_archive() no longer temporarily changes the current working directory during creation of standard .zip or tar archives. - gh-91577: Move imports in SharedMemory methods to module level so that they can be executed late in python finalization. - bpo-47231: Fixed an issue with inconsistent trailing slashes in tarfile longname directories. - bpo-46755: In QueueHandler, clear stack_info from LogRecord to prevent stack trace from being written twice. - bpo-46053: Fix OSS audio support on NetBSD. - bpo-46197: Fix ensurepip environment isolation for subprocess running pip. - bpo-45924: Fix asyncio incorrect traceback when future’s exception is raised multiple times. Patch by Kumar Aditya. - bpo-34828: sqlite3.Connection.iterdump() now handles databases that use AUTOINCREMENT in one or more tables. - gh-94321: Document the PEP 246 style protocol type sqlite3.PrepareProtocol. - gh-86128: Document a limitation in ThreadPoolExecutor where its exit handler is executed before any handlers in atexit. - gh-61162: Clarify sqlite3 behavior when Using the connection as a context manager. - gh-87260: Align sqlite3 argument specs with the actual implementation. - gh-86986: The minimum Sphinx version required to build the documentation is now 3.2. - gh-88831: Augmented documentation of asyncio.create_task(). Clarified the need to keep strong references to tasks and added a code snippet detailing how to to this. - bpo-47161: Document that pathlib.PurePath does not collapse initial double slashes because they denote UNC paths. - gh-95280: Fix problem with test_ssl test_get_ciphers on systems that require perfect forward secrecy (PFS) ciphers. - gh-95212: Make multiprocessing test case test_shared_memory_recreate parallel-safe. - gh-91330: Added more tests for dataclasses to cover behavior with data descriptor-based fields. - gh-94208: test_ssl is now checking for supported TLS version and protocols in more tests. - gh-93951: In test_bdb.StateTestCase.test_skip, avoid including auxiliary importers. - gh-93957: Provide nicer error reporting from subprocesses in test_venv.EnsurePipTest.test_with_pip. - gh-57539: Increase calendar test coverage for calendar.LocaleTextCalendar.formatweekday(). - gh-92886: Fixing tests that fail when running with optimizations (-O) in test_zipimport.py - bpo-47016: Create a GitHub Actions workflow for verifying bundled pip and setuptools. Patch by Illia Volochii and Adam Turner. - gh-94841: Fix the possible performance regression of PyObject_Free() compiled with MSVC version 1932. - gh-95511: Fix the Shell context menu copy-with-prompts bug of copying an extra line when one selects whole lines. - gh-95471: In the Edit menu, move Select All and add a new separator. - gh-95411: Enable using IDLE’s module browser with .pyw files. - gh-89610: Add .pyi as a recognized extension for IDLE on macOS. This allows opening stub files by double clicking on them in the Finder. - gh-94538: Fix Argument Clinic output to custom file destinations. Patch by Erlend E. Aasland. - gh-94430: Allow parameters named module and self with custom C names in Argument Clinic. Patch by Erlend E. Aasland - gh-94930: Fix SystemError raised when PyArg_ParseTupleAndKeywords() is used with # in (...) but without PY_SSIZE_T_CLEAN defined. - gh-94864: Fix PyArg_Parse* with deprecated format units “u” and “Z”. It returned 1 (success) when warnings are turned into exceptions. - Reapply patches - bpo-31046_ensurepip_honours_prefix.patch - fix_configure_rst.patch - no-skipif-doctests.patch - skip-test_pyobject_freed_is_freed.patch ++++ python-libvirt-python: - Update to 8.6.0 - Add all new APIs and constants in libvirt 8.6.0 ++++ python-urllib3: - update to 1.26.11 * Fix OverflowError when TLS is used on some Python versions ------------------------------------------------------------------ ------------------ 2022-8-1 - Aug 1 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - update to 22.1.4: * anv: disable non uniform indexing of UBOs * anv: use the right helper to invalidate memory * intel/fs: ray query fix for global address * isl: add new helper for format component compatibility * radeonsi: fix random PS wave size * r300: Keep rc_rename_regs() from overflowing * aco/ra: update register file when updating phi definition * radv: Fix vkCmdCopyQueryResults -> vkCmdResetPool hazard ++++ Mesa-drivers: - update to 22.1.4: * anv: disable non uniform indexing of UBOs * anv: use the right helper to invalidate memory * intel/fs: ray query fix for global address * isl: add new helper for format component compatibility * radeonsi: fix random PS wave size * r300: Keep rc_rename_regs() from overflowing * aco/ra: update register file when updating phi definition * radv: Fix vkCmdCopyQueryResults -> vkCmdResetPool hazard ++++ apparmor: - update to AppArmor 3.0.6 - fix LTO build in the parser - remove dbus deny rule in abstractions/exo-open - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.6 for the detailed upstream changelog - drop upstream patch dirtest-sort-mr900.diff ++++ coreutils: - refresh coreutils-i18n.patch to prevent unexpand from failing on control characters (brc#2112870) (bsc#1202029) - extend psuffix handling to be quilt(1) compatible ++++ docker-compose: - Update to version 2.8.0: * Fix go.mod on replace for compose-go * config: ignore image for config hash generation (#9350) * Bump compose-go -> 1.3.0 * use '-' as separator by default for image name * as --no-build is set, set service image to default image name * cmd: consistent handling no-args commands (#9660) * Fixes #9403: Remove Named Pipes from volumeMounts * Fix environment variables priority between environment and .env * Fix .env and --envfile priorities * add pull & build config to project before create add pull flag to create and up documentation * introduce --pull * use Google addlicense instead of kunalkushwaha/ltag * update cli-doc-tool and update the doc with this new version * remove usage of GO111MODULE option in gh actions * use env variable for golang version and updates gh actions from v2 to v3 * ci(docs): use push-to-fork when creating pr * remove unused sessionConfig param for addSecretsConfig function ++++ libapparmor: - update to AppArmor 3.0.6 - fix LTO build in the parser - remove dbus deny rule in abstractions/exo-open - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.6 for the detailed upstream changelog - drop upstream patch dirtest-sort-mr900.diff ++++ libgcrypt: - Fix reproducible build problems: - Do not use %release in binaries (but use SOURCE_DATE_EPOCH) - Fix date call messed up by spec-cleaner ++++ ncurses: - Add ncurses patch 20220729 + fixes to build with dietlibc: + add configure check for fpathconf (report by Georg Lehner). + add configure check for math sine/cosine, needed in test/tclock, and eliminate pow() from test/hanoi (report by Georg Lehner). + use wcsnlen as an alternative to wmemchr if it is not found (adapted from patch by Georg Lehner). + trim out some unwanted linker options from ncurses*config and .pc files seen in Fedora 36+. - Port patch ncurses-6.3.dif ++++ tiff: - security update: * CVE-2022-34526 [bsc#1202026] + tiff-CVE-2022-34526.patch ++++ unbound: - update to 1.16.2 (boo#1202031 boo#1202033) * Features - Merge #718: Introduce infra-cache-max-rtt option to config max retransmit timeout. * Bug Fixes - Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699. - Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for one loop pass'. - Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on outbound tcp sockets. - Fix verbose EDE error printout. - Fix dname count in sldns parse type descriptor for SVCB and HTTPS. - For windows crosscompile, fix setting the IPV6_MTU socket option equivalent (IPV6_USER_MTU); allows cross compiling with latest cross-compiler versions. - Merge PR 714: Avoid treat normal hosts as unresponsive servers. And fixup the lock code. - iana portlist update. - Update documentation for 'outbound-msg-retry:'. - Tests for ghost domain fixes. ++++ osinfo-db: - update to 20220727 - drop: add-opensuse-leap-15.4-support.patch add-sle15sp4-support.patch add-slem5.1-support.patch add-slem5.2-support.patch opensuse-autoyast-desktop.patch: all upstream ++++ python310-packaging: - BuildIgnore python3-packaging for primary bootstrap. ++++ read-only-root-fs: - Update to version 1.0+git20220801.cbb90bc: * Add another workaround for read-only subvolumes (boo#1202000) * Correctly declare mount-overlay.sh as Bash file - Update source service URL ++++ rsync: - Security fix: [bsc#1201840, CVE-2022-29154] * arbitrary file write vulnerability via do_server_recv function * Added patch rsync-CVE-2022-29154.patch ------------------------------------------------------------------ ------------------ 2022-7-31 - Jul 31 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update to 5.19 final - refresh configs - commit e9f89c9 ++++ pcre2: - Fix the profiling call to be non-parallel again (fighting spec cleaner) ++++ python310-core: - Extend distutils-reproducible-compile.patch with a workaround for non reproducible pyc files issue 93317 ++++ python310: - Extend distutils-reproducible-compile.patch with a workaround for non reproducible pyc files issue 93317 ------------------------------------------------------------------ ------------------ 2022-7-30 - Jul 30 2022 ------------------- ------------------------------------------------------------------ ++++ permissions: - Avoid different Versions for subpackages to fix build-compare seeing the src rpm as equal. It replaces VERSION-RELEASE but that will fail if subpackages use a different Version ++++ kernel-default: - Linux 5.18.15 (bsc#1012628). - watch-queue: remove spurious double semicolon (bsc#1012628). - ASoC: SOF: Intel: disable IMR boot when resuming from ACPI S4 and S5 states (bsc#1012628). - ASoC: SOF: pm: add definitions for S4 and S5 states (bsc#1012628). - ASoC: SOF: pm: add explicit behavior for ACPI S1 and S2 (bsc#1012628). - watchqueue: make sure to serialize 'wqueue->defunct' properly (bsc#1012628). - x86/alternative: Report missing return thunk details (bsc#1012628). - x86/amd: Use IBPB for firmware calls (bsc#1012628). - exfat: use updated exfat_chain directly during renaming (bsc#1012628). - exfat: fix referencing wrong parent directory information after renaming (bsc#1012628). - crypto: qat - re-enable registration of algorithms (bsc#1012628). - crypto: qat - add param check for DH (bsc#1012628). - crypto: qat - add param check for RSA (bsc#1012628). - crypto: qat - remove dma_free_coherent() for DH (bsc#1012628). - crypto: qat - remove dma_free_coherent() for RSA (bsc#1012628). - crypto: qat - fix memory leak in RSA (bsc#1012628). - crypto: qat - add backlog mechanism (bsc#1012628). - crypto: qat - refactor submission logic (bsc#1012628). - crypto: qat - use pre-allocated buffers in datapath (bsc#1012628). - crypto: qat - set to zero DH parameters before free (bsc#1012628). - dlm: fix pending remove if msg allocation fails (bsc#1012628). - clk: lan966x: Fix the lan966x clock gate register address (bsc#1012628). - x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts (bsc#1012628). - perf/x86/intel/lbr: Fix unchecked MSR access error on HSW (bsc#1012628). - sched/deadline: Fix BUG_ON condition for deboosted tasks (bsc#1012628). - bpf: Make sure mac_header was set before using it (bsc#1012628). - mm/mempolicy: fix uninit-value in mpol_rebind_policy() (bsc#1012628). - KVM: Don't null dereference ops->destroy (bsc#1012628). - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers (bsc#1012628). - KVM: selftests: Fix target thread to be migrated in rseq_test (bsc#1012628). - gpio: gpio-xilinx: Fix integer overflow (bsc#1012628). - selftests: gpio: fix include path to kernel headers for out of tree builds (bsc#1012628). - net/sched: cls_api: Fix flow action initialization (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_max_reordering (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_abort_on_overflow (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_rfc1337 (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_stdurg (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_retrans_collapse (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_slow_start_after_idle (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_recovery (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_early_retrans (bsc#1012628). - tcp: Fix data-races around sysctl knobs related to SYN option (bsc#1012628). - udp: Fix a data-race around sysctl_udp_l3mdev_accept (bsc#1012628). - ip: Fix data-races around sysctl_ip_prot_sock (bsc#1012628). - ipv4: Fix data-races around sysctl_fib_multipath_hash_fields (bsc#1012628). - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy (bsc#1012628). - ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh (bsc#1012628). - can: rcar_canfd: Add missing of_node_put() in rcar_canfd_probe() (bsc#1012628). - drm/imx/dcss: Add missing of_node_put() in fail path (bsc#1012628). - drm/panel-edp: Fix variable typo when saving hpd absent delay from DT (bsc#1012628). - amt: do not use amt->nr_tunnels outside of lock (bsc#1012628). - amt: drop unexpected multicast data (bsc#1012628). - amt: drop unexpected query message (bsc#1012628). - amt: drop unexpected advertisement message (bsc#1012628). - amt: add missing regeneration nonce logic in request logic (bsc#1012628). - amt: use READ_ONCE() in amt module (bsc#1012628). - amt: remove unnecessary locks (bsc#1012628). - amt: use workqueue for gateway side message handling (bsc#1012628). - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (bsc#1012628). - net: dsa: sja1105: silent spi_device_id warnings (bsc#1012628). - be2net: Fix buffer overflow in be_get_module_eeprom (bsc#1012628). - gpio: pca953x: use the correct register address when regcache sync during init (bsc#1012628). - gpio: pca953x: use the correct range when do regmap sync (bsc#1012628). - gpio: pca953x: only use single read/write for No AI mode (bsc#1012628). - net: stmmac: remove redunctant disable xPCS EEE call (bsc#1012628). - net: dsa: fix NULL pointer dereference in dsa_port_reset_vlan_filtering (bsc#1012628). - net: dsa: move reset of VLAN filtering to dsa_port_switchdev_unsync_attrs (bsc#1012628). - net: dsa: fix dsa_port_vlan_filtering when global (bsc#1012628). - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (bsc#1012628). - i40e: Fix erroneous adapter reinitialization during recovery process (bsc#1012628). - net: lan966x: Fix usage of lan966x->mac_lock when used by FDB (bsc#1012628). - net: lan966x: Fix usage of lan966x->mac_lock inside lan966x_mac_irq_handler (bsc#1012628). - net: lan966x: Fix usage of lan966x->mac_lock when entry is removed (bsc#1012628). - net: lan966x: Fix usage of lan966x->mac_lock when entry is added (bsc#1012628). - net: lan966x: Fix taking rtnl_lock while holding spin_lock (bsc#1012628). - pinctrl: armada-37xx: make irq_lock a raw spinlock to avoid invalid wait context (bsc#1012628). - pinctrl: armada-37xx: Reuse GPIO fwnode in armada_37xx_irqchip_register() (bsc#1012628). - ACPI: CPPC: Don't require flexible address space if X86_FEATURE_CPPC is supported (bsc#1012628). - iavf: Fix missing state logs (bsc#1012628). - iavf: Fix handling of dummy receive descriptors (bsc#1012628). - iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (bsc#1012628). - iavf: Fix VLAN_V2 addition/rejection (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_fastopen (bsc#1012628). - tcp: Fix data-races around sysctl_max_syn_backlog (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_tw_reuse (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_notsent_lowat (bsc#1012628). - tcp: Fix data-races around some timeout sysctl knobs (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_reordering (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_migrate_req (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_syncookies (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_syn(ack)?_retries (bsc#1012628). - tcp: Fix data-races around keepalive sysctl knobs (bsc#1012628). - igmp: Fix data-races around sysctl_igmp_qrv (bsc#1012628). - igmp: Fix data-races around sysctl_igmp_max_msf (bsc#1012628). - igmp: Fix a data-race around sysctl_igmp_max_memberships (bsc#1012628). - igmp: Fix data-races around sysctl_igmp_llm_reports (bsc#1012628). - net: prestera: acl: use proper mask for port selector (bsc#1012628). - net/tls: Fix race in TLS device down flow (bsc#1012628). - net: stmmac: fix dma queue left shift overflow issue (bsc#1012628). - pinctrl: ocelot: Fix pincfg (bsc#1012628). - pinctrl: ocelot: Fix pincfg for lan966x (bsc#1012628). - perf tests: Fix Convert perf time to TSC test for hybrid (bsc#1012628). - perf tests: Stop Convert perf time to TSC test opening events twice (bsc#1012628). - i2c: cadence: Change large transfer count reset logic to be unconditional (bsc#1012628). - i2c: mlxcpld: Fix register setting for 400KHz frequency (bsc#1012628). - tcp/udp: Make early_demux back namespacified (bsc#1012628). - net: dsa: microchip: ksz_common: Fix refcount leak bug (bsc#1012628). - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (bsc#1012628). - net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (bsc#1012628). - stmmac: dwmac-mediatek: fix clock issue (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_probe_interval (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_probe_threshold (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_min_snd_mss (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_base_mss (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_mtu_probing (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_l3mdev_accept (bsc#1012628). - tcp: sk->sk_bound_dev_if once in inet_request_bound_dev_if() (bsc#1012628). - tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept (bsc#1012628). - ip: Fix a data-race around sysctl_fwmark_reflect (bsc#1012628). - ip: Fix a data-race around sysctl_ip_autobind_reuse (bsc#1012628). - ip: Fix data-races around sysctl_ip_nonlocal_bind (bsc#1012628). - ip: Fix data-races around sysctl_ip_fwd_update_priority (bsc#1012628). - ip: Fix data-races around sysctl_ip_fwd_use_pmtu (bsc#1012628). - ip: Fix data-races around sysctl_ip_no_pmtu_disc (bsc#1012628). - igc: Reinstate IGC_REMOVED logic and implement it properly (bsc#1012628). - Revert "e1000e: Fix possible HW unit hang after an s0ix exit" (bsc#1012628). - e1000e: Enable GPT clock before sending message to CSME (bsc#1012628). - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (bsc#1012628). - pinctrl: sunplus: Add check for kcalloc (bsc#1012628). - pinctrl: ralink: Check for null return of devm_kcalloc (bsc#1012628). - pinctrl: ralink: rename pinctrl-rt2880 to pinctrl-ralink (bsc#1012628). - pinctrl: ralink: rename MT7628(an) functions to MT76X8 (bsc#1012628). - RDMA/irdma: Fix sleep from invalid context BUG (bsc#1012628). - RDMA/irdma: Do not advertise 1GB page size for x722 (bsc#1012628). - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (bsc#1012628). - power: supply: ab8500_fg: add missing destroy_workqueue in ab8500_fg_probe (bsc#1012628). - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() (bsc#1012628). - ip: Fix data-races around sysctl_ip_default_ttl (bsc#1012628). - r8152: fix a WOL issue (bsc#1012628). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1012628). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1012628). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1012628). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1012628). - bus: mhi: host: pci_generic: add Telit FN990 (bsc#1012628). - bus: mhi: host: pci_generic: add Telit FN980 v1 hardware revision (bsc#1012628). - net: usb: ax88179_178a needs FLAG_SEND_ZLP (bsc#1012628). - drm/scheduler: Don't kill jobs in interrupt context (bsc#1012628). - drm/amd/display: Fix new dmub notification enabling in DM (bsc#1012628). - drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (bsc#1012628). - mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times (bsc#1012628). - mmc: sdhci-omap: Fix a lockdep warning for PM runtime init (bsc#1012628). - lockdown: Fix kexec lockdown bypass with ima policy (bsc#1012628). - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (bsc#1012628). - riscv: add as-options for modules with assembly compontents (bsc#1012628). - pinctrl: stm32: fix optional IRQ support to gpios (bsc#1012628). - pinctrl: armada-37xx: use raw spinlocks for regmap to avoid invalid wait context (bsc#1012628). - commit 0b7935a ------------------------------------------------------------------ ------------------ 2022-7-29 - Jul 29 2022 ------------------- ------------------------------------------------------------------ ++++ gnutls: - Update to 3.7.7: [bsc#1202020, CVE-2022-2509] * libgnutls: Fixed double free during verification of pkcs7 signatures. CVE-2022-2509 * libgnutls: gnutls_hkdf_expand now only accepts LENGTH argument less than or equal to 255 times hash digest size, to comply with RFC 5869 2.3. * libgnutls: Length limit for TLS PSK usernames has been increased from 128 to 65535 characters * libgnutls: AES-GCM encryption function now limits plaintext length to 2^39-256 bits, according to SP800-38D 5.2.1.1. * libgnutls: New block cipher functions have been added to transparently handle padding. gnutls_cipher_encrypt3 and gnutls_cipher_decrypt3 can be used in combination of GNUTLS_CIPHER_PADDING_PKCS7 flag to automatically add/remove padding if the length of the original plaintext is not a multiple of the block size. * libgnutls: New function for manual FIPS self-testing. * API and ABI modifications: - gnutls_fips140_run_self_tests: New function - gnutls_cipher_encrypt3: New function - gnutls_cipher_decrypt3: New function - gnutls_cipher_padding_flags_t: New enum * guile: Guile 1.8 is no longer supported * guile: Session record port treats premature termination as EOF Previously, a 'gnutls-error' exception with the 'error/premature-termination' value would be thrown while reading from a session record port when the underlying session was terminated prematurely. This was inconvenient since users of the port may not be prepared to handle such an exception. Reading from the session record port now returns the end-of-file object instead of throwing an exception, just like it would for a proper session termination. * guile: Session record ports can have a 'close' procedure. The 'session-record-port' procedure now takes an optional second parameter, and a new 'set-session-record-port-close!' procedure is provided to specify a 'close' procedure for a session record port. This 'close' procedure lets users specify cleanup operations for when the port is closed, such as closing the file descriptor or port that backs the underlying session. * Rebase patches: - gnutls-3.6.6-set_guile_site_dir.patch - gnutls-FIPS-TLS_KDF_selftest.patch - gnutls-FIPS-disable-failing-tests.patch * Remove patch merged upstream: - gnutls-FIPS-PBKDF2-KAT-requirements.patch - https://gitlab.com/gnutls/gnutls/merge_requests/1561 ++++ texinfo: - Do lua scripting only once for execute() function ------------------------------------------------------------------ ------------------ 2022-7-28 - Jul 28 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Create /etc/NetworkManager/conf.d by default, allowing easy override for NetworkManager.conf file with drop-in. - Move default config file to /usr/lib/NetworkManager/NetworkManager.conf, as part of main package. - Branding upstream package is now just a config drop-in to disable conncheck. - Ensure /usr/lib/NetworkManager/conf.d is part of the package. ++++ NetworkManager-branding-openSUSE: - Move conncheck config file out of /etc. No longer import main config file. ++++ cockpit: - Update suse-microos-branding.patch for new /etc/os-release ID. - Add storage-btrfs.patch to enable BTRFS use in cockpit-storage. ++++ docker: - Allow to install container-selinux instead of apparmor-parser. ++++ k3s-install: - Update to version 1.24.3+k3s1: * Update to v1.24.3 (#5870) * Address issues with etcd snapshots * Fix deletion of svclb DaemonSet when Service is deleted * Remove legacy bidirectional datastore sync code * Fix fatal error when reconciling bootstrap data * Promote v1.23.8+k3s2 to stable * Replace dapper testing with regular docker (#5805) * Fix issue with containerd stats missing from cadvisor metrics * Bump runc version to v1.1.3 * Bump remotedialer * Bump kine to v0.9.3 * Don't crash when service IPFamiliyPolicy is not set * Fix egress selector proxy/bind-address support * Add tests for down-level etcd join * Handle egress-selector-mode change during upgrade * Remove go-powershell dead dependency (#5777) * add 1.24 release channel (#5742) * Mark v1.23.8+k3s1 to stable * Update to v1.24.2 * Bump helm-controller * containerd: Enable enable_unprivileged_ports and enable_unprivileged_icmp by default * Enable compact tests for k3s s390x * Only listen on loopback when resetting * Ensure that CONTAINERD_ variables are not shadowed by later entries * Sanitize filenames for use in configmap keys * Disable urfave markdown/man docs generation * Delay service readiness until after startuphooks have finished (#5649) * add arm tests and upgrade tests (#5526) * Add alternate scripts location (#5692) * Introduce servicelb-namespace parameter * Move all klipper-lb daemonset to common namespace for PodSecurity * E2E: Dualstack test (#5617) * add support for pprof server (#5527) * Update security email contact (#5607) * E2E Improvements and groundwork for test-pad tool (#5593) * Integration Test: Startup (#5630) * Add FlannelConfCNI flag * Add ability to pass configuration options to flannel backend * Bump flannel to v0.18.1 * Remove kube-ipvs0 interface when cleaning up ++++ libnettle: - update to 3.8.1: * Avoid non-posix m4 argument references in the chacha implementation for arm64, powerpc64 and s390x. Reported by Christian Weisgerber, fix contributed by Mamone Tarsha. * Use explicit .machine pseudo-ops where needed in s390x assembly files. Bug report by Andreas K. Huettel, fix contributed by Mamone Tarsha. ++++ protobuf: - update to 21.4: * Reduce the required alignment of ArenaString from 8 to 4 ++++ xen: - bsc#1167608, bsc#1201631 - fix built-in default of max_event_channels A previous change to the built-in default had a logic error, effectively restoring the upstream limit of 1023 channels per domU. Fix the logic to calculate the default based on the number of vcpus. adjust libxl.max_event_channels.patch ------------------------------------------------------------------ ------------------ 2022-7-27 - Jul 27 2022 ------------------- ------------------------------------------------------------------ ++++ bash: - Update to bash 5.2 rc2 gg. Since there is no `declare -' equivalent of `local -', make sure to use `local -' in the output of `local -p'. ++++ texinfo: - Check for filetrigger lua scriplets if rpm.execute() as function call is given and used this ++++ util-linux: - exclude bash-completion stuff for programs that are in util-linux-systemd from util-linux for real. ++++ readline: - Update to readline-8.2-rc2 ++++ selinux-policy: - fix_networkmanager.patch: Allow NetworkManager_dispatcher_tlp_t and NetworkManager_dispatcher_custom_t to access nscd socket (bsc#1201741) ++++ util-linux-systemd: - exclude bash-completion stuff for programs that are in util-linux-systemd from util-linux for real. ------------------------------------------------------------------ ------------------ 2022-7-26 - Jul 26 2022 ------------------- ------------------------------------------------------------------ ++++ bash-completion: - Add patch fix-curl-help-completion-bsc1200791.patch (bsc#1200791) * List all options for `curl --` ++++ fde-tools: - Initial build as package pcr-oracle ++++ kernel-default: - armv7hl: Update config files. (bsc#1201857) Unify IWLWIFI debug options with other archs. - armv7hl: Update config files. (bsc#1201857) Enable PCI wifi chips - commit 0cc672e ++++ augeas: - Unset MALLOC_PERTURB_ to speed up %check significantly (boo#1201884, gh#hercules-team#768) ++++ mozilla-nss: - update to NSS 3.80 * bmo#1774720 - Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * bmo#1617956 - Add support for asynchronous client auth hooks. * bmo#1497537 - nss-policy-check: make unknown keyword check optional. * bmo#1765383 - GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * bmo#1773022 - Mark 3.79 as an ESR release. * bmo#1764206 - Bump nssckbi version number for June. * bmo#1759815 - Remove Hellenic Academic 2011 Root. * bmo#1770267 - Add E-Tugra Roots. * bmo#1768970 - Add Certainly Roots. * bmo#1764392 - Add DigitCert Roots. * bmo#1759794 - Protect SFTKSlot needLogin with slotLock. * bmo#1366464 - Compare signature and signatureAlgorithm fields in legacy certificate verifier. * bmo#1771497 - Uninitialized value in cert_VerifyCertChainOld. * bmo#1771495 - Unchecked return code in sec_DecodeSigAlg. * bmo#1771498 - Uninitialized value in cert_ComputeCertType. * bmo#1760998 - Avoid data race on primary password change. * bmo#1769063 - Replace ppc64 dcbzl intrinisic. * bmo#1771036 - Allow LDFLAGS override in makefile builds. ++++ gcc12: - Add Provides of libstdc++6-pp-gccN to libstdc++6-pp. [bsc#1201848] ++++ ceph: - Update to 16.2.9-538-g9de83fa4064: + (bsc#1201604) cephfs-shell: move source to separate subdirectory ++++ selinux-policy: - Add fix_cloudform.patch to fix cloud-init runcmd issue with snapper (bnc#1201015) ++++ vim: - Updated to version 9.0.0073, fixes the following problems - CVE-2022-2522 - boo#1201863 - CVE-2022-2345 - boo#1201363 - CVE-2022-2343 - boo#1201356 - CVE-2022-2344 - boo#1201359 * In the quickfix window 'cursorline' overrules QuickFixLine highlighting. * On a Belgian keyboard CTRL-[ does not work. * Spell tests do not always clear the word list. * Spell dump may go beyond end of an array. * 'fillchars' cannot have window-local values. * 'listchars' test fails. * Not all systems have GDK_KEY_dead_circumflex. (Hisashi T Fujinaka) * Use of set_chars_option() is confusing. * A couple of filetype patterns do not have "*" before "/etc". * Missing change for filetype detection. * Insufficient testing for bracket commands. * Typos in comments, wrapping lines. * Reading past end of completion with a long line and 'infercase' set. * Reading past end of completion with duplicate match. * Using freed memory with recursive substitute. * Cursor in wrong column with mouse click after concealed text. * Csv and tsv files are not recognized. * Split else-if is confusing. * Using CTRL-C wih :append may hang Vim. * "zG" may throw an error if invalid character follows. * E1281 not tested with the old regexp engine. * Compiler warning for size_t to int conversion. * Bitbake files are not detected. * Wrong line number reported when :cexpr fails in :def function. * has('patch-xxx') returns true. * Test file has wrong name. * Accessing uninitialized memory when completing long line. * ml_get error with nested autocommand. * Compiler warnings for signed/unsigned char. * Too many type casts for dict_get functions. * Confusing error when using "q:" in command line window. * Cross-compiling doesn't work because of timer_create check. * Switching window uneccarily when getting buffer options. * Cannot show virtual text. * Build fails with tiny features. * Leaking memory when using text prop with inserted text. * Using utfc_ptr2char_len() when length is negative. * Command overlaps with printed text in scrollback. * Compiler warning for uninitialized variable. * Too many files recognized as bsdl. ------------------------------------------------------------------ ------------------ 2022-7-25 - Jul 25 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - update to AppArmor 3.0.5 - several additions to profiles and abstractions - bugfixes in parser and utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.5 for the detailed upstream changelog - remove upstream(ed) patchs: - apparmor-setuptools61-mr897.patch - dovecot-profiles-boo1199535-mr881.diff - php8-fpm-mr876.patch - python310-help-mr848.patch - samba-new-dcerpcd.patch - samba_deny_net_admin.patch - update-samba-bgqd.diff - update-usr-sbin-smbd.diff - apparmor-samba-include-permissions-for-shares.diff: remove upstreamed part - add dirtest-sort-mr900.diff to fix random test failures - change apache-extra-profile-include-if-exists.diff to the post-mv path (new quilt executes mv) - stop disabling lto (fixed upstream) (boo#1133091) - package profile-load script in -parser ++++ kernel-default: - config: riscv64: Enable DRM stack for early-boot graphics (boo#1201833) Replace fbdev's generic drivers with DRM-based simpledrm. Enables the DRM graphics stack for early-boot graphics, recovery and unsupported chipsets. - commit b8947d7 - config: armv7hl: Enable DRM stack for early-boot graphics (boo#1193475) Replace fbdev's generic drivers with DRM-based simpledrm. Enables the DRM graphics stack for early-boot graphics, recovery and unsupported chipsets. - commit 374bc62 - config: armv6hl: Enable DRM stack for early-boot graphics (boo#1193475) Replace fbdev's generic drivers with DRM-based simpledrm. Enables the DRM graphics stack for early-boot graphics, recovery and unsupported chipsets. - commit 07f549a - config: arm64: Enable DRM stack for early-boot graphics (boo#1193475) Replace fbdev's generic drivers with DRM-based simpledrm. Enables the DRM graphics stack for early-boot graphics, recovery and unsupported chipsets. - commit 146fbca - Update to 5.19-rc8 - update configs - PINCTRL_AMD=y (arm64 only, no longer allowed to be a module) - commit 96ba878 ++++ libapparmor: - update to AppArmor 3.0.5 - several additions to profiles and abstractions - bugfixes in parser and utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.5 for the detailed upstream changelog - remove upstream(ed) patchs: - apparmor-setuptools61-mr897.patch - dovecot-profiles-boo1199535-mr881.diff - php8-fpm-mr876.patch - python310-help-mr848.patch - samba-new-dcerpcd.patch - samba_deny_net_admin.patch - update-samba-bgqd.diff - update-usr-sbin-smbd.diff - apparmor-samba-include-permissions-for-shares.diff: remove upstreamed part - add dirtest-sort-mr900.diff to fix random test failures - change apache-extra-profile-include-if-exists.diff to the post-mv path (new quilt executes mv) - stop disabling lto (fixed upstream) (boo#1133091) - package profile-load script in -parser ++++ protobuf: - update to 21.3: * C++ * Add header search paths to Protobuf-C++.podspec (#10024) * Fixed Visual Studio constinit errors (#10232) * Fix #9947: make the ABI compatible between debug and non-debug builds (#10271) * UPB * Allow empty package names (fixes behavior regression in 4.21.0) * Fix a SEGV bug when comparing a non-materialized sub-message (#10208) * Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name) * for x in mapping now yields keys rather than values, to match Python conventions and the behavior of the old library. * Lookup operations now correctly reject unhashable types as map keys. * We implement repr() to use the same format as dict. * Fix maps to use the ScalarMapContainer class when appropriate * Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717) * PHP * Add "readonly" as a keyword for PHP and add previous classnames to descriptor pool (#10041) * Python * Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118) * Bazel * Add back a filegroup for :well_known_protos (#10061) ++++ perl: - fix build on ppc * updated patch: perl_skip_flaky_tests_powerpc.patch ++++ policycoreutils: - Add recommends for ausearch binary (bsc#1201043) ------------------------------------------------------------------ ------------------ 2022-7-24 - Jul 24 2022 ------------------- ------------------------------------------------------------------ ++++ curl: - add tests-for-32bit.patch to fix testsuite on 32bit platforms ++++ kernel-default: - config: update and enable armv6hl Config option values were taken from global 5.19 updates while armv6hl configs were disabled, arm64 updates in commit 14beb34d0af9 ("config: update and enable arm64") and armv7hl config updates in commit 36833cf30926 ("config: update and enable armv7hl"). - commit de516ba - config: update and enable armv7hl The list below omits config options update globally while armv7hl configs were disabled and config options updated on arm64 for 5.19 in commit 14beb34d0af9 ("config: update and enable arm64"). - new config options - ARCH_BCMBCA=y - ARCH_HPE=y - ARCH_HPE_GXP=y - CPU_LITTLE_ENDIAN=y - ARM_ERRATA_764319=y - GVE=m - PINCTRL_IMXRT1170=y - GXP_WATCHDOG=m - MEDIA_CEC_RC=y - COMMON_CLK_EN7523=y - new config options in armv7hl/lpae - EDAC_SYNOPSYS=m - XILINX_INTC=y - commit 36833cf - config: update and enable arm64 The list below omits config options updated globally while arm64 configs were disabled. - new config options - ARM64_SME=y - CRYPTO_SM4_ARM64_CE_BLK=m - CRYPTO_SM4_ARM64_NEON_BLK=m - CAN_CTUCANFD_PLATFORM=m - QCOM_SSC_BLOCK_BUS=y - MTK_ADSP_IPC=m - MTD_NAND_ECC_MEDIATEK=m - NVME_APPLE=m - VMWARE_VMCI=m - SPI_MTK_SNFI=m - PINCTRL_IMXRT1170=m - PINCTRL_MT6795=y - PINCTRL_SC7280_LPASS_LPI=m - PINCTRL_SM8250_LPASS_LPI=m - ROCKCHIP_VOP=y - ROCKCHIP_VOP2=y - DRM_MSM_MDP4=y - DRM_MSM_MDP5=y - DRM_MSM_DPU=y - DRM_MSM_HDMI=y - DRM_PANEL_NEWVISION_NV3052C=m - DRM_FSL_LDB=m - DRM_LONTIUM_LT9211=m - DRM_DW_HDMI_GP_AUDIO=m - DRM_SSD130X_SPI=m - SND_SERIAL_GENERIC=m - SND_SOC_MT8195_MT6359=m - SND_SOC_SOF_MT8186=m - SND_SOC_TEGRA186_ASRC=m - LEDS_QCOM_LPG=m - TEGRA186_GPC_DMA=m - COMMON_CLK_MT8186=y - SC_GCC_8280XP=m - SC_LPASS_CORECC_7280=m - APPLE_RTKIT=m - APPLE_SART=m - PWM_XILINX=m - NVMEM_APPLE_EFUSES=m - INTERCONNECT_QCOM_SC8280XP=m - INTERCONNECT_QCOM_SDX65=m - HTE_TEGRA194=m - HTE_TEGRA194_TEST=n - TRUSTED_KEYS_CAAM=y - CRYPTO_DEV_FSL_CAAM_PRNG_API=y - FIPS_SIGNATURE_SELFTEST=n - PAGE_TABLE_CHECK=y - PAGE_TABLE_CHECK_ENFORCED=n - VMWARE_VMCI_VSOCKETS=m - commit 14beb34 ++++ harfbuzz: - harfbuzz 5.0.1, including changes from 5.0.0: + Improve for fonts with more than 65535 glyphs + Support version 2 of “avar” table + Improve support for some Arabic, Hebrew fonts + Support for specific script tags to be retained in the subsetter, and add “--layout-scripts” option to “hb-subset” tool + Improved handling of command line options + Improve support for multiple tables and font features, and font feature specific bug fixes ++++ python-urllib3: - update to 1.26.10: * Removed support for Python 3.5 * Fixed an issue where a ``ProxyError`` recommending configuring the proxy as HTTP instead of HTTPS could appear even when an HTTPS proxy wasn't configured. - refresh remove_mock.patch with extra mock usages ------------------------------------------------------------------ ------------------ 2022-7-23 - Jul 23 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - riscv: enable CONFIG_STRICT_DEVMEM - new config options - CONFIG_EXCLUSIVE_SYSTEM_RAM=y - CONFIG_IO_STRICT_DEVMEM=y - commit 2477a0c - riscv: enable CONFIG_FTRACE - new config options - CONFIG_BPF_LSM=y - CONFIG_TASKS_RUDE_RCU=y - CONFIG_TRACEPOINTS=y - CONFIG_KPROBES_ON_FTRACE=y - CONFIG_UPROBES=y - CONFIG_BATMAN_ADV_TRACING=n - CONFIG_NET_DROP_MONITOR=m - CONFIG_ATH5K_TRACER=n - CONFIG_ATH6KL_TRACING=n - CONFIG_WIL6210_TRACING=y - CONFIG_ATH10K_TRACING=n - CONFIG_ATH11K_TRACING=n - CONFIG_IWLWIFI_DEVICE_TRACING=n - CONFIG_STM_SOURCE_FTRACE=m - CONFIG_PSTORE_FTRACE=n - CONFIG_DEBUG_PAGE_REF=n - CONFIG_NOP_TRACER=y - CONFIG_TRACER_MAX_TRACE=y - CONFIG_TRACE_CLOCK=y - CONFIG_RING_BUFFER=y - CONFIG_EVENT_TRACING=y - CONFIG_CONTEXT_SWITCH_TRACER=y - CONFIG_RING_BUFFER_ALLOW_SWAP=y - CONFIG_TRACING=y - CONFIG_GENERIC_TRACER=y - CONFIG_BOOTTIME_TRACING=y - CONFIG_FUNCTION_TRACER=y - CONFIG_FUNCTION_GRAPH_TRACER=y - CONFIG_DYNAMIC_FTRACE=y - CONFIG_DYNAMIC_FTRACE_WITH_REGS=y - CONFIG_FUNCTION_PROFILER=y - CONFIG_STACK_TRACER=y - CONFIG_IRQSOFF_TRACER=n - CONFIG_SCHED_TRACER=y - CONFIG_HWLAT_TRACER=n - CONFIG_OSNOISE_TRACER=y - CONFIG_TIMERLAT_TRACER=y - CONFIG_FTRACE_SYSCALLS=y - CONFIG_TRACER_SNAPSHOT=y - CONFIG_TRACER_SNAPSHOT_PER_CPU_SWAP=y - CONFIG_BRANCH_PROFILE_NONE=y - CONFIG_PROFILE_ANNOTATED_BRANCHES=n - CONFIG_BLK_DEV_IO_TRACE=y - CONFIG_KPROBE_EVENTS=y - CONFIG_KPROBE_EVENTS_ON_NOTRACE=n - CONFIG_UPROBE_EVENTS=y - CONFIG_BPF_EVENTS=y - CONFIG_DYNAMIC_EVENTS=y - CONFIG_PROBE_EVENTS=y - CONFIG_BPF_KPROBE_OVERRIDE=n - CONFIG_FTRACE_MCOUNT_RECORD=y - CONFIG_FTRACE_MCOUNT_USE_CC=y - CONFIG_SYNTH_EVENTS=y - CONFIG_TRACE_EVENT_INJECT=n - CONFIG_TRACEPOINT_BENCHMARK=n - CONFIG_RING_BUFFER_BENCHMARK=m - CONFIG_TRACE_EVAL_MAP_FILE=n - CONFIG_FTRACE_RECORD_RECURSION=n - CONFIG_FTRACE_STARTUP_TEST=n - CONFIG_RING_BUFFER_STARTUP_TEST=n - CONFIG_RING_BUFFER_VALIDATE_TIME_DELTAS=n - CONFIG_PREEMPTIRQ_DELAY_TEST=m - CONFIG_SYNTH_EVENT_GEN_TEST=n - CONFIG_KPROBE_EVENT_GEN_TEST=n - commit 9875d6f - Linux 5.18.14 (bsc#1012628). - objtool: skip non-text sections when adding return-thunk sites (bsc#1012628). - x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current (bsc#1012628). - efi/x86: use naked RET on mixed mode call wrapper (bsc#1012628). - KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1012628). - tools arch x86: Sync the msr-index.h copy with the kernel sources (bsc#1012628). - tools headers cpufeatures: Sync with the kernel sources (bsc#1012628). - um: Add missing apply_returns() (bsc#1012628). - commit 847b26a - Linux 5.18.13 (bsc#1012628). - USB: serial: ftdi_sio: add Belimo device ids (bsc#1012628). - usb: typec: add missing uevent when partner support PD (bsc#1012628). - usb: dwc3: gadget: Fix event pending check (bsc#1012628). - gpio: sim: fix the chip_name configfs item (bsc#1012628). - tty: serial: samsung_tty: set dma burst_size to 1 (bsc#1012628). - x86/xen: Use clear_bss() for Xen PV guests (bsc#1012628). - ALSA: hda - Add fixup for Dell Latitidue E5430 (bsc#1012628). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (bsc#1012628). - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (bsc#1012628). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (bsc#1012628). - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (bsc#1012628). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (bsc#1012628). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (bsc#1012628). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1012628). - fix race between exit_itimers() and /proc/pid/timers (bsc#1012628). - mm: userfaultfd: fix UFFDIO_CONTINUE on fallocated shmem pages (bsc#1012628). - mm: sparsemem: fix missing higher order allocation splitting (bsc#1012628). - mm: split huge PUD on wp_huge_pud fallback (bsc#1012628). - mm/damon: use set_huge_pte_at() to make huge pte old (bsc#1012628). - tracing/histograms: Fix memory leak problem (bsc#1012628). - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (bsc#1012628). - ip: fix dflt addr selection for connected nexthop (bsc#1012628). - ARM: 9213/1: Print message about disabled Spectre workarounds only once (bsc#1012628). - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (bsc#1012628). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (bsc#1012628). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1012628). - btrfs: return -EAGAIN for NOWAIT dio reads/writes on compressed and inline extents (bsc#1012628). - btrfs: zoned: fix a leaked bioc in read_zone_info (bsc#1012628). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (bsc#1012628). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (bsc#1012628). - fs/remap: constrain dedupe of EOF blocks (bsc#1012628). - nilfs2: fix incorrect masking of permission flags for symlinks (bsc#1012628). - sh: convert nommu io{re,un}map() to static inline functions (bsc#1012628). - Revert "evm: Fix memleak in init_desc" (bsc#1012628). - reset: Fix devm bulk optional exclusive control getter (bsc#1012628). - arm64: dts: ls1028a: Update SFP node to include clock (bsc#1012628). - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (bsc#1012628). - riscv: dts: microchip: hook up the mpfs' l2cache (bsc#1012628). - spi: amd: Limit max transfer and message size (bsc#1012628). - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (bsc#1012628). - ARM: 9210/1: Mark the FDT_FIXED sections as shareable (bsc#1012628). - net/mlx5e: kTLS, Fix build time constant test in TX (bsc#1012628). - net/mlx5e: kTLS, Fix build time constant test in RX (bsc#1012628). - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (bsc#1012628). - net/mlx5e: CT: Use own workqueue instead of mlx5e priv (bsc#1012628). - net/mlx5e: Fix capability check for updating vnic env counters (bsc#1012628). - net/mlx5e: Ring the TX doorbell on DMA errors (bsc#1012628). - drm/amdgpu: keep fbdev buffers pinned during suspend (bsc#1012628). - drm/amdgpu/display: disable prefer_shadow for generic fb helpers (bsc#1012628). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (bsc#1012628). - drm/i915/guc: ADL-N should use the same GuC FW as ADL-S (bsc#1012628). - ima: Fix a potential integer overflow in ima_appraise_measurement (bsc#1012628). - ASoC: sgtl5000: Fix noise on shutdown/remove (bsc#1012628). - ASoC: tas2764: Add post reset delays (bsc#1012628). - ASoC: tas2764: Fix and extend FSYNC polarity handling (bsc#1012628). - ASoC: tas2764: Correct playback volume range (bsc#1012628). - ASoC: tas2764: Fix amp gain register offset & default (bsc#1012628). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (bsc#1012628). - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (bsc#1012628). - netfilter: ecache: move to separate structure (bsc#1012628). - netfilter: conntrack: split inner loop of list dumping to own function (bsc#1012628). - netfilter: ecache: use dedicated list for event redelivery (bsc#1012628). - netfilter: conntrack: include ecache dying list in dumps (bsc#1012628). - netfilter: conntrack: remove the percpu dying list (bsc#1012628). - netfilter: conntrack: fix crash due to confirmed bit load reordering (bsc#1012628). - net: stmmac: dwc-qos: Disable split header for Tegra194 (bsc#1012628). - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (bsc#1012628). - net: ocelot: fix wrong time_after usage (bsc#1012628). - sysctl: Fix data races in proc_dointvec() (bsc#1012628). - sysctl: Fix data races in proc_douintvec() (bsc#1012628). - sysctl: Fix data races in proc_dointvec_minmax() (bsc#1012628). - sysctl: Fix data races in proc_douintvec_minmax() (bsc#1012628). - sysctl: Fix data races in proc_doulongvec_minmax() (bsc#1012628). - sysctl: Fix data races in proc_dointvec_jiffies() (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_max_orphans (bsc#1012628). - inetpeer: Fix data-races around sysctl (bsc#1012628). - net: Fix data-races around sysctl_mem (bsc#1012628). - cipso: Fix data-races around sysctl (bsc#1012628). - icmp: Fix data-races around sysctl (bsc#1012628). - ipv4: Fix a data-race around sysctl_fib_sync_mem (bsc#1012628). - ARM: dts: at91: sama5d2: Fix typo in i2s1 node (bsc#1012628). - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (bsc#1012628). - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (bsc#1012628). - arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (bsc#1012628). - netfilter: nf_log: incorrect offset to network header (bsc#1012628). - nfp: fix issue of skb segments exceeds descriptor limitation (bsc#1012628). - vlan: fix memory leak in vlan_newlink() (bsc#1012628). - netfilter: nf_tables: replace BUG_ON by element length check (bsc#1012628). - RISC-V: KVM: Fix SRCU deadlock caused by kvm_riscv_check_vcpu_requests() (bsc#1012628). - drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist() (bsc#1012628). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (bsc#1012628). - mptcp: fix subflow traversal at disconnect time (bsc#1012628). - NFSD: Decode NFSv4 birth time attribute (bsc#1012628). - lockd: set fl_owner when unlocking files (bsc#1012628). - lockd: fix nlm_close_files (bsc#1012628). - net: marvell: prestera: fix missed deinit sequence (bsc#1012628). - ice: handle E822 generic device ID in PLDM header (bsc#1012628). - ice: change devlink code to read NVM in blocks (bsc#1012628). - tracing: Fix sleeping while atomic in kdb ftdump (bsc#1012628). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (bsc#1012628). - drm/i915/ttm: fix sg_table construction (bsc#1012628). - drm/i915/gt: Serialize GRDOM access between multiple engine resets (bsc#1012628). - drm/i915/gt: Serialize TLB invalidates with GT resets (bsc#1012628). - drm/i915/selftests: fix subtraction overflow bug (bsc#1012628). - bnxt_en: reclaim max resources if sriov enable fails (bsc#1012628). - bnxt_en: Fix bnxt_reinit_after_abort() code path (bsc#1012628). - bnxt_en: fix livepatch query (bsc#1012628). - bnxt_en: Fix bnxt_refclk_read() (bsc#1012628). - sysctl: Fix data-races in proc_dou8vec_minmax() (bsc#1012628). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (bsc#1012628). - tcp: Fix a data-race around sysctl_max_tw_buckets (bsc#1012628). - icmp: Fix a data-race around sysctl_icmp_echo_ignore_all (bsc#1012628). - icmp: Fix data-races around sysctl_icmp_echo_enable_probe (bsc#1012628). - icmp: Fix a data-race around sysctl_icmp_echo_ignore_broadcasts (bsc#1012628). - icmp: Fix a data-race around sysctl_icmp_ignore_bogus_error_responses (bsc#1012628). - icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr (bsc#1012628). - icmp: Fix a data-race around sysctl_icmp_ratelimit (bsc#1012628). - icmp: Fix a data-race around sysctl_icmp_ratemask (bsc#1012628). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_ecn (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_ecn_fallback (bsc#1012628). - ipv4: Fix data-races around sysctl_ip_dynaddr (bsc#1012628). - nexthop: Fix data-races around nexthop_compat_mode (bsc#1012628). - net: ftgmac100: Hold reference returned by of_get_child_by_name() (bsc#1012628). - net: stmmac: fix leaks in probe (bsc#1012628). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (bsc#1012628). - ima: Fix potential memory leak in ima_init_crypto() (bsc#1012628). - drm/amd/display: Ignore First MST Sideband Message Return Error (bsc#1012628). - drm/amdkfd: correct the MEC atomic support firmware checking for GC 10.3.7 (bsc#1012628). - drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines (bsc#1012628). - drm/amd/pm: Prevent divide by zero (bsc#1012628). - drm/amd/display: Ensure valid event timestamp for cursor-only commits (bsc#1012628). - smb3: workaround negprot bug in some Samba servers (bsc#1012628). - sfc: fix use after free when disabling sriov (bsc#1012628). - netfs: do not unlock and put the folio twice (bsc#1012628). - seg6: fix skb checksum evaluation in SRH encapsulation/insertion (bsc#1012628). - seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors (bsc#1012628). - seg6: bpf: fix skb checksum in bpf_push_seg6_encap() (bsc#1012628). - sfc: fix kernel panic when creating VF (bsc#1012628). - net: atlantic: remove deep parameter on suspend/resume functions (bsc#1012628). - net: atlantic: remove aq_nic_deinit() when resume (bsc#1012628). - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (bsc#1012628). - net/tls: Check for errors in tls_device_init (bsc#1012628). - mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE (bsc#1012628). - ARM: 9211/1: domain: drop modify_domain() (bsc#1012628). - ARM: 9212/1: domain: Modify Kconfig help text (bsc#1012628). - ASoC: dt-bindings: Fix description for msm8916 (bsc#1012628). - tee: tee_get_drvdata(): fix description of return value (bsc#1012628). - s390/nospec: build expoline.o for modules_prepare target (bsc#1012628). - scsi: megaraid: Clear READ queue map's nr_queues (bsc#1012628). - scsi: ufs: core: Drop loglevel of WriteBoost message (bsc#1012628). - nvme: fix block device naming collision (bsc#1012628). - ksmbd: use SOCK_NONBLOCK type for kernel_accept() (bsc#1012628). - powerpc/xive/spapr: correct bitmap allocation size (bsc#1012628). - vdpa/mlx5: Initialize CVQ vringh only once (bsc#1012628). - vduse: Tie vduse mgmtdev and its device (bsc#1012628). - platform/x86: intel/pmc: Add Alder Lake N support to PMC core driver (bsc#1012628). - virtio_mmio: Add missing PM calls to freeze/restore (bsc#1012628). - virtio_mmio: Restore guest page size on resume (bsc#1012628). - netfilter: nf_tables: avoid skb access on nf_stolen (bsc#1012628). - netfilter: br_netfilter: do not skip all hooks with 0 priority (bsc#1012628). - scsi: hisi_sas: Limit max hw sectors for v3 HW (bsc#1012628). - cpufreq: pmac32-cpufreq: Fix refcount leak bug (bsc#1012628). - platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1012628). - platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1012628). - platform/x86: hp-wmi: Ignore Sanitization Mode event (bsc#1012628). - net: tipc: fix possible refcount leak in tipc_sk_create() (bsc#1012628). - NFC: nxp-nci: don't print header length mismatch on i2c error (bsc#1012628). - nvme-tcp: always fail a request when sending it failed (bsc#1012628). - nvme: fix regression when disconnect a recovering ctrl (bsc#1012628). - net: sfp: fix memory leak in sfp_probe() (bsc#1012628). - ASoC: ops: Fix off by one in range control validation (bsc#1012628). - pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux() (bsc#1012628). - ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove (bsc#1012628). - ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (bsc#1012628). - ASoC: Intel: sof_sdw: handle errors on card registration (bsc#1012628). - ASoC: rt711: fix calibrate mutex initialization (bsc#1012628). - ASoC: rt7*-sdw: harden jack_detect_handler (bsc#1012628). - ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe (bsc#1012628). - ASoC: SOF: Intel: hda-dsp: Expose hda_dsp_core_power_up() (bsc#1012628). - ASoC: SOF: Intel: hda-loader: Make sure that the fw load sequence is followed (bsc#1012628). - ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (bsc#1012628). - ASoC: wcd9335: Remove RX channel from old list before adding it to a new one (bsc#1012628). - ASoC: wcd9335: Fix spurious event generation (bsc#1012628). - ASoC: wcd938x: Fix event generation for some controls (bsc#1012628). - ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem (bsc#1012628). - ASoC: wm_adsp: Fix event for preloader (bsc#1012628). - ASoC: wm5110: Fix DRE control (bsc#1012628). - ASoC: cs35l41: Correct some control names (bsc#1012628). - ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error (bsc#1012628). - ASoC: dapm: Initialise kcontrol data for mux/demux controls (bsc#1012628). - ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1012628). - ASoC: cs47l15: Fix event generation for low power mux control (bsc#1012628). - ASoC: madera: Fix event generation for OUT1 demux (bsc#1012628). - ASoC: madera: Fix event generation for rate controls (bsc#1012628). - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (bsc#1012628). - pinctrl: imx: Add the zero base flag for imx93 (bsc#1012628). - x86: Clear .brk area at early boot (bsc#1012628). - soc: ixp4xx/npe: Fix unused match warning (bsc#1012628). - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 (bsc#1012628). - Revert "can: xilinx_can: Limit CANFD brp to 2" (bsc#1012628). - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (bsc#1012628). - ALSA: usb-audio: Add quirk for Fiero SC-01 (bsc#1012628). - ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (bsc#1012628). - nvme-pci: phison e16 has bogus namespace ids (bsc#1012628). - nvme: use struct group for generic command dwords (bsc#1012628). - wireguard: selftests: set fake real time in init (bsc#1012628). - wireguard: selftests: always call kernel makefile (bsc#1012628). - signal handling: don't use BUG_ON() for debugging (bsc#1012628). - ACPI: video: Fix acpi_video_handles_brightness_key_presses() (bsc#1012628). - vt: fix memory overlapping when deleting chars in the buffer (bsc#1012628). - s390/ap: fix error handling in __verify_queue_reservations() (bsc#1012628). - ACPI: CPPC: Fix enabling CPPC on AMD systems with shared memory (bsc#1012628). - serial: 8250: fix return error code in serial8250_request_std_resource() (bsc#1012628). - power: supply: core: Fix boundary conditions in interpolation (bsc#1012628). - serial: stm32: Clear prev values before setting RTS delays (bsc#1012628). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (bsc#1012628). - serial: 8250: Fix PM usage_count for console handover (bsc#1012628). - serial: mvebu-uart: correctly report configured baudrate value (bsc#1012628). - x86/pat: Fix x86_has_pat_wp() (bsc#1012628). - drm/i915/ttm: fix 32b build (bsc#1012628). - Refresh patches.suse/x86-mm-Simplify-RESERVE_BRK.patch. - commit b66ab1b ------------------------------------------------------------------ ------------------ 2022-7-22 - Jul 22 2022 ------------------- ------------------------------------------------------------------ ++++ libcap: - update to 2.65: * Fix syntax error in DEBUG build of protected code in setcap.c. * Prevent bash from reading the wrong startup files when the capsh --user=xxx argument is used to invoke a shell as the user xxx. This is done by capsh now changing the USER and HOME environment variables when --user is specified. The argument --noenv can be used to suppress this behavior to what used to be the problematic default. (Bug: 215926) * Improved documentation ++++ libdrm: - update to 2.4.112: * xf86drmMode: introduce drmModeConnectorGetPossibleCrtcs * xf86drmMode: introduce drmModeGetConnectorTypeName * xf86drmMode: constify drmModeAtomicReq functions * gen_table_fourcc: strip _MODIFIER suffix for INVALID * testsuite fixes ++++ python-gobject: - Update to version 3.42.2: + Error out instead of crashing when marshaling unsupported fundamental types in some cases. + Add a workaround for a PyPy 3.9+ bug when threads are used. + Fix crashes when marshaling zero terminated arrays for certain item types. + Fix a crash/refcounting error in case marshaling a hash table fails. + Make the test suite pass again with PyPy. + tests: support running tests with (MSVC) CPython 3.8+ on Windows. + interface: Fix leak when overriding GInterfaceInfo. + setup.py: look up pycairo headers without importing the module (helps with building on Windows and MSVC CPython 3.8+). ------------------------------------------------------------------ ------------------ 2022-7-21 - Jul 21 2022 ------------------- ------------------------------------------------------------------ ++++ gobject-introspection: - Update to version 1.73.0: + Update the GIR data for GLib, GObject, GModule, and GIO. + scanner: - Support pre-processor macros with zero arguments. - Support ISO C varargs in macros. + Fix subproject build. ++++ iptables: - add baselibs.conf for libip4tc2, will be needed by libsystemd-shared-251.so ++++ kernel-default: - arm64: Update config files. (bsc#1198737) Enable RTC_DRV_RX8025 to support RX-8035 on Traveres Ten64 board. - commit 74f2920 ++++ util-linux: - linux-fs.patch: Fix conflict between and ++++ gcc12: - Update to gcc-12 branch head, 4f15d2234608e82159d030dadb1, git287 * includes build fixes when building against glibc 2.33. ++++ openssl-3: - Update to 3.0.5: * The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. [bsc#1201148, CVE-2022-2274] * AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation would not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. [bsc#1201099, CVE-2022-2097] - Rebase patches: * openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch ++++ python310-core: - Switch from %primary_interpreter to prjconf-defined %primary_python (gh#openSUSE/python-rpm-macros#127). ++++ rpm: - update to rpm-4.17.1 * new bcond macro for a nicer way to define build conditionals * openPGP parser and IMA security fixes (CVE-2021-3521) * buildroot policy fixes - refreshed patches: * brp.diff - removed patches: * verbosearg.diff * ocaml-cmxs.diff * 0001-fix-minimize_writes.patch ++++ sqlite3: - update to 3.39.2: * Fix a performance regression in the query planner associated with rearranging the order of FROM clause terms in the presences of a LEFT JOIN. * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and 1345947, forum post 3607259d3c, and other minor problems discovered by internal testing. [boo#1201783] ++++ python310: - Switch from %primary_interpreter to prjconf-defined %primary_python (gh#openSUSE/python-rpm-macros#127). ++++ python310-packaging: - Refine build and runtime requirements for primary and non-primary builds ++++ python-rpm: - update to rpm-4.17.1 ++++ qemu: - Substantial rework of the spec file: * the 'make check' testsuite now runs in the %check section of the main package, not in a subpackage * switched from %setup to %autosetup * rearranged the content in order to minimize the use of %if, %ifarch, etc - Properly fix bsc#1198038, CVE-2022-0216 * Patches added: scsi-lsi53c895a-really-fix-use-after-fre.patch tests-qtest-Move-the-fuzz-tests-to-x86-o.patch - Make temp dir (for update_git.sh) configurable - Added new subpackages (audio-dbus, ui-dbus) - bsc#1199018 was never fixed in Factory's QEMU 6.2. It is now (since the patches are already in SeaBIOS 1.16.0) - Some tests are having issues when run in OBS. They seem to be due to race conditions, triggered by resource constraints of OBS workers. Let's disable them for now, while looking for a fix - Update to v7.0.0 (bsc#1201307). For full release notes, see: * https://wiki.qemu.org/ChangeLog/7.0 Be sure to also check the following pages: * https://qemu-project.gitlab.io/qemu/about/removed-features.html * https://qemu-project.gitlab.io/qemu/about/deprecated.html Some notable changes: * [ARM] The virt board has gained a new control knob to disable passing a RNG seed in the DTB (dtb-kaslr-seed) * [ARM] The AST2600 SoC now supports a dummy version of the i3c device * [ARM] The virt board can now run guests with KVM on hosts with restricted IPA ranges * [ARM] The virt board now supports virtio-mem-pci * [ARM] The virt board now supports specifying the guest CPU topology * [ARM] On the virt board, we now enable PAuth when using KVM or hvf and the host CPU supports it * [RISC-V] Add support for ratified 1.0 Vector extension * [RISC-V] Support for the Zve64f and Zve32f extensions * [RISC-V] Drop support for draft 0.7.1 Vector extension * [RISC-V] Support Zfhmin and Zfh extensions * [RISC-V] RISC-V KVM support * [RISC-V] Mark Hypervisor extension as non experimental * [RISC-V] Enable Hypervisor extension by default * [x86] Support for Intel AMX. * [PCI/PCIe] Q35: fix PCIe device becoming disabled after migration when ACPI based PCI hotplug is used (6b0969f1ec) * [PCI/PCIe] initial bits of SR/IOV support (250346169) * [PCI/PCIe] arm/virt: fixed PXB interrupt routing (e609301b45) * [PCI/PCIe] arm/virt: support for virtio-mem-pci (b1b87327a9) * [virtiofs] Fix for CVE-2022-0358 - behaviour with supplementary groups and SGID directories * [virtiofs] Improved security label support * [virtiofs] The virtiofsd in qemu is now starting to be deprecated; please start using and contributing to Rust virtiofsd * Patches dropped: acpi-validate-hotplug-selector-on-access.patch block-backend-Retain-permissions-after-m.patch block-qdict-Fix-Werror-maybe-uninitializ.patch brotli-fix-actual-variable-array-paramet.patch display-qxl-render-fix-race-condition-in.patch doc-Add-the-SGX-numa-description.patch hw-i386-amd_iommu-Fix-maybe-uninitialize.patch hw-intc-exynos4210_gic-provide-more-room.patch hw-nvme-fix-CVE-2021-3929.patch hw-nvram-at24-return-0xff-if-1-byte-addr.patch iotest-065-explicit-compression-type.patch iotest-214-explicit-compression-type.patch iotest-302-use-img_info_log-helper.patch iotest-303-explicit-compression-type.patch iotest-39-use-_qcow2_dump_header.patch iotests-60-more-accurate-set-dirty-bit-i.patch iotests-bash-tests-filter-compression-ty.patch iotests-common.rc-introduce-_qcow2_dump_.patch iotests-declare-lack-of-support-for-comp.patch iotests-drop-qemu_img_verbose-helper.patch iotests-massive-use-_qcow2_dump_header.patch iotests-MRCE-Write-data-to-source.patch iotests.py-filter-out-successful-output-.patch iotests.py-img_info_log-rename-imgopts-a.patch iotests.py-implement-unsupported_imgopts.patch iotests.py-qemu_img-create-support-IMGOP.patch iotests.py-rewrite-default-luks-support-.patch iotests-specify-some-unsupported_imgopts.patch meson-build-all-modules-by-default.patch numa-Enable-numa-for-SGX-EPC-sections.patch numa-Support-SGX-numa-in-the-monitor-and.patch python-aqmp-add-__del__-method-to-legacy.patch python-aqmp-add-_session_guard.patch python-aqmp-add-SocketAddrT-to-package-r.patch python-aqmp-add-socket-bind-step-to-lega.patch python-aqmp-add-start_server-and-accept-.patch python-aqmp-copy-type-definitions-from-q.patch python-aqmp-drop-_bind_hack.patch python-aqmp-fix-docstring-typo.patch python-aqmp-Fix-negotiation-with-pre-oob.patch python-aqmp-fix-race-condition-in-legacy.patch Python-aqmp-fix-type-definitions-for-myp.patch python-aqmp-handle-asyncio.TimeoutError-.patch python-aqmp-refactor-_do_accept-into-two.patch python-aqmp-remove-_new_session-and-_est.patch python-aqmp-rename-accept-to-start_serve.patch python-aqmp-rename-AQMPError-to-QMPError.patch python-aqmp-split-_client_connected_cb-o.patch python-aqmp-squelch-pylint-warning-for-t.patch python-aqmp-stop-the-server-during-disco.patch python-introduce-qmp-shell-wrap-convenie.patch python-machine-raise-VMLaunchFailure-exc.patch python-move-qmp-shell-under-the-AQMP-pac.patch python-move-qmp-utilities-to-python-qemu.patch python-qmp-switch-qmp-shell-to-AQMP.patch python-support-recording-QMP-session-to-.patch python-upgrade-mypy-to-0.780.patch qcow2-simple-case-support-for-downgradin.patch qemu-binfmt-conf.sh-should-use-F-as-shor.patch tests-qemu-iotests-040-Skip-TestCommitWi.patch tests-qemu-iotests-Fix-051-for-binaries-.patch tests-qemu-iotests-testrunner-Quote-case.patch tools-virtiofsd-Add-rseq-syscall-to-the-.patch ui-cursor-fix-integer-overflow-in-cursor.patch vhost-vsock-detach-the-virqueue-element-.patch virtiofsd-Drop-membership-of-all-supplem.patch virtio-net-fix-map-leaking-on-error-duri.patch Disable-some-tests-that-have-problems-in.patch * Patches added: intc-exynos4210_gic-replace-snprintf-wit.patch Revert-8dcb404bff6d9147765d7dd3e9c849337.patch ++++ util-linux-systemd: - linux-fs.patch: Fix conflict between and ------------------------------------------------------------------ ------------------ 2022-7-20 - Jul 20 2022 ------------------- ------------------------------------------------------------------ ++++ ansible: - BREAKING CHANGE: use this package for the ansible release made by the ansible community. This requires ansible-core, which will contain the actual ansible binar - rework ansible-rpmlintrc file to only use the filters we need - most of the errors are handled inside the %build section ++++ ansible-core: - package conflicts with ansible < 3, i.e. the old packaging scheme - update to 2.13.2: * Minor Changes - ansible-test - An improved error message is shown when the download of a pip bootstrap script fails. The download now uses urllib2 instead of urllib on Python 2. * Bugfixes - Move undefined check from concat to finalize (#78156) - ansible-doc - no longer list module and plugin aliases that are created with symlinks (#78137). - ansible-doc - when listing modules in collections, proceed recursively. This fixes module listing for community.general 5.x.y and community.network 4.x.y (#78137). - ansible-doc will not add 'website for' in ":ref:" substitutions as it made them confusing. - file backed cache plugins now handle concurrent access by making atomic updates to the files. - password lookup does not ignore k=v arguments anymore. - user - Fix error "Permission denied" in user module while generating SSH keys (#78017). - update to 2.13.1: * Minor Changes - Add an 'action_plugin' field for modules in runtime.yml plugin_routing. This fixes module_defaults by supporting modules-as-redirected-actions without redirecting module_defaults entries to the common action. With the runtime.yml above for ns.coll, a task such as will end up with defaults for eos_facts and eos_command since both modules redirect to the same action. To select an action plugin for a module without merging module_defaults, define an action_plugin field for the resolved module in the runtime.yml. The action_plugin field can be a redirected action plugin, as it is resolved normally. Using the modified runtime.yml, the example task will only use the ns.coll.eos_facts defaults. - ansible-galaxy - Support resolvelib versions 0.6.x, 0.7.x, and 0.8.x. The full range of supported versions is now >= 0.5.3, < 0.9.0. - ansible-test - Add RHEL 9.0 remote support. - ansible-test - Add support for Ubuntu VMs using the --remote option. - ansible-test - Add support for exporting inventory with ansible-test shell --export {path}. - ansible-test - Add support for multi-arch remotes. - ansible-test - Add support for running non-interactive commands with ansible-test shell. - ansible-test - Avoid using the mock_use_standalone_module setting for unit tests running on Python 3.8 or later. - ansible-test - Blocking mode is now enforced for stdin, stdout and stderr. If any of these are non-blocking then ansible-test will exit during startup with an error. - ansible-test - Improve consistency of output messages by using stdout or stderr for most output, but not both. - ansible-test - The shell command can be used outside a collection if no controller delegation is required. * Bugfixes - Add PyYAML >= 5.1 as a dependency of ansible-core to be compatible with Python 3.8+. - ansible-config dump - Only display plugin type headers when plugin options are changed if --only-changed is specified. - ansible-galaxy - handle unsupported versions of resolvelib gracefully. - ansible-test - Fix internal validation of remote completion configuration. - ansible-test - Prevent --target- prefixed options for the shell command from being combined with legacy environment options. - ansible-test - Sanity test output with the --lint option is no longer mixed in with bootstrapping output. - ansible-test - Subprocesses are now isolated from the stdin, stdout and stderr of ansible-test. This avoids issues with subprocesses tampering with the file descriptors, such as SSH making them non-blocking. As a result of this change, subprocess output from unit and integration tests on stderr now go to stdout. - ansible-test - Subprocesses no longer have access to the TTY ansible-test is connected to, if any. This maintains consistent behavior between local testing and CI systems, which typically do not provide a TTY. Tests which require a TTY should use pexpect or another mechanism to create a PTY. - apt module now correctly handles virtual packages. - lookup plugin - catch KeyError when lookup returns dictionary (#77789). - pip - fix cases where resolution of pip Python module fails when importlib.util has not already been imported - plugin loader - Sort results when fuzzy matching plugin names (#77966). - plugin loader will now load config data for plugin by name instead of by file to avoid issues with the same file being loaded under different names (fqcn + short name). - psrp connection now handles default to inventory_hostname correctly. - winrm connection now handles default to inventory_hostname correctly. - update to 2.13.0: Full changelog see https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst#v2130 - update to 2.12.7: * Minor Changes - Add an 'action_plugin' field for modules in runtime.yml plugin_routing. This fixes module_defaults by supporting modules-as-redirected-actions without redirecting module_defaults entries to the common action. With the runtime.yml above for ns.coll, a task such as will end up with defaults for eos_facts and eos_command since both modules redirect to the same action. To select an action plugin for a module without merging module_defaults, define an action_plugin field for the resolved module in the runtime.yml. The action_plugin field can be a redirected action plugin, as it is resolved normally. Using the modified runtime.yml, the example task will only use the ns.coll.eos_facts defaults. - ansible-test - Avoid using the mock_use_standalone_module setting for unit tests running on Python 3.8 or later. * Bugfixes - pip - fix cases where resolution of pip Python module fails when importlib.util has not already been imported - plugin loader - Sort results when fuzzy matching plugin names (#77966). - update to 2.12.6: * Bugfixes - Prevent losing unsafe on results returned from lookups (#77535) - arg_spec - Fix incorrect no_log warning when a parameter alias is used (#77576) - plugin loader will now load config data for plugin by name instead of by file to avoid issues with the same file being loaded under different names (fqcn + short name). - variablemanager, more efficient read of vars files - update to 2.12.5: * Bugfixes - Ansible.ModuleUtils.SID - Use user principal name as is for lookup in the Convert-ToSID function - #77316 - Fix traceback when installing a collection from a git repository and git is not installed (#77479). - ansible-test - Correctly detect when running as the root user (UID 0) on the origin host. The result of the detection was incorrectly being inverted. - ansible-test - Fix skipping of tests marked needs/python on the origin host. - ansible-test - Fix skipping of tests marked needs/root on the origin host. - ansible-test compile sanity test - do not crash if a column could not be determined for an error (#77465). - hostname - use file_get_content() to read the file containing the host name in the FileStrategy.get_permanent_hostname() method. This prevents a TypeError from being raised when the strategy is used (#77025). - script - skip in check mode since the plugin cannot determine if a change will occur. - shell/command - only skip in check mode if the options creates and removes are both None. - winrm - Ensure kinit is run with the same PATH env var as the Ansible process ++++ docker-compose: - Update to version 2.7.0: * Bump compose-go -> v1.2.9 * build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 * Fix nolint issues * Add "style" tag to gocritic * Add "opinionated" tag to gocritic * Add "diagnostic" tag to gocritic * Add gocritic to linters * add 2 named networks with close name in the networks test suite to guarantee the good distinction on network names * update go to 1.18.4 * keep the container reference when volumes_from target a container and not a service * build.go: Access customLabels directly instead of by reference * check the exact network's name before creating or stopping it NetworkList API doesn't return the extact name match, so we can retrieve more than one network with a request * build(deps): bump github.com/cnabio/cnab-to-oci from 0.3.4 to 0.3.5 * Fix typo in docker_compose_pull * Fix typo in compose pull documentation * add new targets to build Compose binary before running e2e tests * Fix golangci syntax error in run configuration * add support of environment secret during build step * Use switch/case instead of static map for simplicity * TC: Add missing tests for argumetns * TC: fix naming * TC: Use map to simplify flag conversion and avoid multilple if statements * e2e: add more start/stop test cases * build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0 * Update logic to keep `compose stop` and `restart` from affecting one-offs * e2e: split out `pause` tests and add more cases * fix: panic caused by empty string argument * build(deps): bump github.com/hashicorp/go-version from 1.5.0 to 1.6.0 * Blacklist ioutil pkg in golangci-lint * Use alpine instead of ubuntu for E2E compose file, no need to include version * Replace deprecated ioutil pkg with os & io * test: add copyright notice * ci: release workflow to open a PR on docs repo with latest changes * build(deps): bump github.com/stretchr/testify from 1.7.4 to 1.7.5 * build(deps): bump github.com/cnabio/cnab-to-oci from 0.3.3 to 0.3.4 * network: make test mock consistent throughout * build: respect dependency order for classic builder * networks: prevent issues due to duplicate names * build(deps): bump github.com/spf13/cobra from 1.4.0 to 1.5.0 * build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4 * Use appropriate dependency condition for one-shot containers when running `compose up --wait` ++++ dracut: - Update to version 057+suse.303.gc4ea1bea: * fix(network-legacy): add auto timeout to wicked DHCP test (bsc#1198709) * fix(network-legacy): check if dhclient has --timeout option * fix(man): correct typo * fix(network-legacy): properly install dhclient * fix(fips): add missing bash dependency ++++ kernel-default: - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - commit e2263d4 - Refresh patches.suse/0001-fbdev-Disable-sysfb-device-registration-when-removin.patch. - Refresh patches.suse/0001-firmware-sysfb-Add-sysfb_disable-helper-function.patch. - Refresh patches.suse/0001-firmware-sysfb-Make-sysfb_create_simplefb-return-a-p.patch. Update upstream status. - commit 6a770c6 - Delete patches.kernel.org/5.18.12-013-objtool-skip-non-text-sections-when-adding-re.patch. No traces of the objtool patch in upstream whatsoever, so drop that. The rest: move out of patches.kernel.org as it hasn't landed there yet. Place the patches into sorted section instead where they belong. - commit 3415e51 ++++ python-iniconfig: - BuildRequire itself when building test flavour. ++++ qemu: - Fix bsc#1197084 * Patches added: hostmem-default-the-amount-of-prealloc-t.patch ++++ zypper: - lr: Allow shortening the Name column if table is wider than the terminal (bsc#1201638) - Don't accepts install/remove modifier without argument (bsc#1201576) - zypper-download: Set correct ExitInfoCode when failing to resolve argument. - zypper-download: Handle unresolvable arguments as error. This commit changes zypper-download such that it behaves more consistent to zypper-install when an argument can't be resolved. - version 1.14.55 ------------------------------------------------------------------ ------------------ 2022-7-19 - Jul 19 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Input: i8042 - Apply probe defer to more ASUS ZenBook models (bsc#1190256). - commit 6307fb1 ++++ systemd: - Enable oomd (bsc#1200456) It's part of the experimental sub-package for now. - Import commit 8cd784e9250b38d20d8e14fccbfb211010283c79 (merge of v251.3) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/32912879062bb1595d8498b6f9c77d5acd1dc66a...8cd784e9250b38d20d8e14fccbfb211010283c79 - Import commit 32912879062bb1595d8498b6f9c77d5acd1dc66a 111b96ca86 logind: don't delay login for root even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Enable bpf framework ++++ libvirt: - spec: Don't redefine libexecdir boo#1201565 ++++ libzypp: - Add PoolItem::statusReinit to reset the status it's initial state in the ResPool (might help bsc#1199895) This may either be 'KEEP_STATE bySOLVER' or 'LOCKED byUSER' if the PoolItem matched a hard lock defined in /etc/zypp/locks. - Fix building with GCC 13 on i586 (fixes #407, fixes #396) - Be prepared to receive exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and dependend code. This commit removes the MediaNetwork tech preview and all related code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloader and second: since the Provide API is going to completely replace the current media backend it would be extra work to ensure that changes on the Downloader do not break MediaNetwork. - version 17.31.0 (22) ++++ python-cffi: - update to 1.15.1: * If you call ffi.embedding_api() but don’t write any extern “Python” function there, then the resulting C code would fail an assert. Fixed. * Updated Windows/arm64 embedded libffi static lib to v3.4.2, and scripted to ease future updates (thanks Niyas Sait!) ++++ python-charset-normalizer: - update to 2.1.0: * Output the Unicode table version when running the CLI with `--version` * Re-use decoded buffer for single byte character sets * Fixing some performance bottlenecks * Workaround potential bug in cpython with Zero Width No-Break Space located * in Arabic Presentation Forms-B, Unicode 1.1 not acknowledged as space * CLI default threshold aligned with the API threshold from * Support for Python 3.5 (PR #192) * Use of backport unicodedata from `unicodedata2` as Python is quickly catching up, scheduled for removal in 3.0 ++++ python-cryptography: - update to 37.0.4: * updated wheels to b ecompiled against openssl 3.0.5 ++++ python-immutables: - update to 0.18: * Fix iteration when tree is 7 levels deep and has collissions * Test on python 3.10 * consolidate mypy and pytest config into pyproject.toml ++++ virt-manager: - Add Source URL - Add upstream patch virtman-pr381-setuptools-61.patch gh#virt-manager/virt-manager#381 - Enable tests * No python package should go untested * Use multibuild so that all runtime requirements are checked * Add virtman-34662fe-argcomplete.patch ------------------------------------------------------------------ ------------------ 2022-7-18 - Jul 18 2022 ------------------- ------------------------------------------------------------------ ++++ gsettings-desktop-schemas: - Update to version 43.alpha: + Fix description of use-same-proxy setting. + Updated translations. ++++ kernel-default: - config: i386: Enable DRM stack for early-boot graphics (boo#1193474) Replace fbdev's generic drivers with DRM-based simpledrm. Enables the DRM graphics stack for early-boot graphics, recovery and unsupported chipsets. - commit 3305623 - x86/bugs: Remove apostrophe typo (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 34930df - Refresh patches.rpmify/x86-asm-32-fix-ANNOTATE_UNRET_SAFE-use-on-32bit.patch. - Refresh patches.suse/tty-extract-tty_flip_buffer_commit-from-tty_flip_buf.patch. - Refresh patches.suse/tty-use-new-tty_insert_flip_string_and_push_buffer-i.patch. - Refresh patches.suse/x86-entry-Remove-UNTRAIN_RET-from-native_irq_return_.patch. - Refresh patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch. Update upstream status. - commit fcd7336 ++++ kernel-firmware: - Update to version 20220714 (git commit 84661a3ba62f): * amdgpu: update DMCUB firmware for DCN 3.1.6 * WHENCE: Correct dangling symlinks * Correct WHENCE entry for wfx firmware * bnx2: Drop unsupported Broadcom NetXtremeII firmware * bnx2: drop unsupported firmwares * bnx2: sort firmware names in filesystem order * Remove old Broadcom Everest (bnx2x) v4/5 firmware * drop Token Ring network firmwares * Drop TDA7706 radio firmware * Drop Intel WiMax firmware * Drop Computone IntelliPort Plus serial firmware * Drop ATM Ambassador devices firmware * brocade: drop old unsupported firmware revs * amdgpu: update yellow carp DMCUB firmware * linux-firmware: update firmware for MT7622 WiFi device * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * mediatek: Add SCP firmware for MT8186 * rtw88: 8822c: Update normal firmware to v9.9.13 * rtw88: 8822c: Update normal firmware to v9.9.12 - Drop obsoleted temporary patches: wfx-WHENCE-fix.diff brcm-symlink-fixes.diff - Minor update of README.build - Fix missing aliases for qlogic (bsc#1200889) ++++ alsa: - Update to version 1.2.7.2: minor updates, including fixes for PCM share plugin, rawmidi and UCM ++++ ncurses: - Add ncurses patch 20220716 + build-fix for test_mouse.c, for non-standard cfmakeraw. + improve shell-scripts with shellcheck + fix typo in run_tic.in (report/patch by Jan Starke). ++++ openssl-3: - Update to 3.0.4: [bsc#1199166, CVE-2022-1292] * In addition to the c_rehash shell command injection identified in CVE-2022-1292, further bugs where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection have been fixed. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. * Case insensitive string comparison no longer uses locales. It has instead been directly implemented. - Update to 3.0.3: * Case insensitive string comparison is reimplemented via new locale-agnostic comparison functions OPENSSL_str[n]casecmp always using the POSIX locale for comparison. The previous implementation had problems when the Turkish locale was used. * Fixed a bug in the c_rehash script which was not properly sanitising shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. [bsc#1199166, CVE-2022-1292] * Fixed a bug in the function 'OCSP_basic_verify' that verifies the signer certificate on an OCSP response. The bug caused the function in the case where the (non-default) flag OCSP_NOCHECKS is used to return a postivie response (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of 'OCSP_basic_verify' will not use the OCSP_NOCHECKS flag. In this case the 'OCSP_basic_verify' function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL "ocsp" application. When verifying an ocsp response with the "-no_cert_checks" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. [bsc#1199167, CVE-2022-1343] * Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the AAD data as the MAC key. This made the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. [bsc#1199168, CVE-2022-1434] * Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. [bsc#1199169, CVE-2022-1473] * The functions 'OPENSSL_LH_stats' and 'OPENSSL_LH_stats_bio' now only report the 'num_items', 'num_nodes' and 'num_alloc_nodes' statistics. All other statistics are no longer supported. For compatibility, these statistics are still listed in the output but are now always reported as zero. ++++ polkit: - split out pkexec into seperate package to make system hardening easier (to avoid installing it jsc#PED-132 jsc#PED-148). ++++ libslirp: - Update to version 4.7.0+44 (current git master): * Fix vmstate regression * msvc: use char* for pointer arithmetic * Align outgoing packets * Bump incoming packet alignment to 8 bytes * msvc: fix some gcc-specific pragma warnings * msvc: enable vmstate code on !gnuc * vmstate: only enable when building under GNU C * ncsitest: Fix build with msvc * Avoid running git-version-gen when building with MS VC * windows: export symbols * win32: replace strcasecmp with g_ascii_strcasecmp * Drop spurious inline * Avoid returning void * Fix arithmetic on void * * Avoid using ##__VA_ARGS__ gcc extension * Fix bitfields order for MSVC * Separate out SLIRP_PACKED to SLIRP_PACKED_BEGIN/END * Do not use ssize_t on Windows * Do not include unistd.h on windows, it does not have it * Accept build-aux/git-version-gen failing to run * container_of: avoid using __extension__ * ncsi: Add Mellanox Get Mac Address handler * slirp: Add out-of-band ethernet address * ncsi: Add OEM command handler * ncsi: Add basic test for Get Version ID response * ncsi: Use response header for payload length * ncsi: Pass command header to response handlers * src/slirp.h: Bump the minimum Windows version to Windows 7 * ncsi: Add Get Version ID command * ncsi: Pass Slirp structure to response handlers * slirp: Add manufacturer's ID * Add support for Haiku to meson.build * meson: add extra warnings * win32: declare some local functions as static * Include and for AF_INET6 and inet_pton * Release v4.7.0 * bump ABI version and age * slirp: invoke client callback before creating timers * pingtest: port to timer_new_opaque * introduce timer_new_opaque callback * introduce slirp_timer_new wrapper * icmp6: make ndp_send_ra static * Add sanitizers CI runs * socket: Handle ECONNABORTED from recv * bootp: fix g_str_has_prefix warning/critical * slirp: Don't duplicate packet in tcp_reass * Rename insque/remque -> slirp_[ins|rem]que * mbuf: Use SLIRP_DEBUG to enable mbuf debugging instead of DEBUG * Replace inet_ntoa() with safer inet_ntop() * Add VMS_END marker * bootp: add support for UEFI HTTP boot * IPv6 DNS proxying support * Add missing scope_id in caching * Drop fixed TODO * socket: Move closesocket(so->s_aux) to sofree * socket: Check so_type instead of so_tcpcb for Unix-to-inet translation * socket: Add s_aux field to struct socket for storing auxilliary socket * socket: Initialize so_type in socreate * socket: Allocate Unix-to-TCP hostfwd port from OS by binding to port 0 * Allow to disable internal DHCP server * slirp_pollfds_fill: Explain why dividing so_snd.sb_datalen by two * CI: run integration tests with slirp4netns * socket: Check address family for Unix-to-inet accept translation * socket: Add debug args for tcpx_listen (inet and Unix sockets) * socket: Restore original definition of fhost * socket: Move include to socket.h * Support Unix sockets in hostfwd * resolv: fix IPv6 resolution on Darwin * Use the exact sockaddr size in getnameinfo call * Initialize sin6_scope_id to zero * slirp_socketpair_with_oob: Connect pair through 127.0.0.1 * resolv: fix memory leak when using libresolv * pingtest: Add a trivial ping test * icmp: Support falling back on trying a SOCK_RAW socket ++++ systemd: - When systemd-container is installed install tar/gpg too So `machinectl import-tar` always works flawlessly. systemd-container already is an optional package and both tar and gpg are rather basic anyway so no harm should be done by requiring them. - Move the systemd sysupdate stuff from the main package to the experimental sub-package while it's still time. The method used (currently) for updating openSUSE distro is rpm, not systemd-sysupdate. ------------------------------------------------------------------ ------------------ 2022-7-17 - Jul 17 2022 ------------------- ------------------------------------------------------------------ ++++ docker: - Change to using systemd-sysusers ++++ kernel-default: - Update to 5.19-rc7 - drop obsolete patches - patches.suse/tty-extract-tty_flip_buffer_commit-from-tty_flip_buf.patch - patches.suse/tty-use-new-tty_insert_flip_string_and_push_buffer-i.patch - update configs (x86 only) - SPECULATION_MITIGATIONS=y - RETHUNK=y - CPU_UNRET_ENTRY=y - CPU_IBPB_ENTRY=y - CPU_IBRS_ENTRY=y - commit 900302b ++++ python-resolvelib: - update to 0.8.1: * A new reporter hook ``resolving_conflicts`` is added. The resolver triggers * this hook when it detects conflicts in the dependency tree, and before it * attempts to fix them. The hook accepts one single argument ``causes``, which * is a list of ``(requirement, parent)`` 2-tuples that represents all the * edges that lead to the detected conflicts. ++++ qemu: - Get rid of downstream patches breaking s390 modules. Replace them with the upstream proposed and Acked (but never committed) solution (bsc#1199015) * Patches added: modules-generates-per-target-modinfo.patch modules-introduces-module_kconfig-direct.patch * Patches dropped: Fix-the-module-building-problem-for-s390.patch modules-quick-fix-a-fundamental-error-in.patch ------------------------------------------------------------------ ------------------ 2022-7-16 - Jul 16 2022 ------------------- ------------------------------------------------------------------ ++++ python-gobject: - Work around vendored distutils in setuptools >= 60 incorrectly installing pkgconfig files into the wrong libdir ++++ python-pycairo: - Work around vendored distutils in setuptools >= 60 incorrectly installing pkgconfig files into the wrong libdir - Deduplicate files in python_sitearch ++++ python-setuptools: - update to version 63.2.0: * Changes + #3395: Included a performance optimization: setuptools.build_meta no longer tries to :func:`compile` the setup script code before :func:`exec`-ing it. * Misc + #3435: Corrected issue in macOS framework builds on Python 3.9 not installed by homebrew (pypa/distutils#158). ++++ qemu: - backport patches for having coroutine work well when LTO is used * Patches added: coroutine-ucontext-use-QEMU_DEFINE_STATI.patch coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch coroutine-win32-use-QEMU_DEFINE_STATIC_C.patch - seabios: drop patch that changes python in python2. Just go to python3 directly. * Patches dropped: seabios-use-python2-explicitly-as-needed.patch ------------------------------------------------------------------ ------------------ 2022-7-15 - Jul 15 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - let Mesa ignore Mesa-dri as dep to resolve a build cycle (related to boo#1201474 ++++ Mesa-drivers: - let Mesa ignore Mesa-dri as dep to resolve a build cycle (related to boo#1201474 ++++ apparmor: - Add apparmor-setuptools61-mr897.patch https://gitlab.com/apparmor/apparmor/-/merge_requests/897 - Add buildtime dependencies on python-rpm-macros and setuptools ++++ kernel-default: - Linux 5.18.12 (bsc#1012628). - Revert "mtd: rawnand: gpmi: Fix setting busy timeout setting" (bsc#1012628). - commit 3198c22 - Refresh patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch. Update upstream status. - commit 4fcb983 - x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit da1381f - x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit ce3ce6a - Refresh patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch. Update to upstream version. - commit 3f7e318 ++++ libapparmor: - Add apparmor-setuptools61-mr897.patch https://gitlab.com/apparmor/apparmor/-/merge_requests/897 - Add buildtime dependencies on python-rpm-macros and setuptools ++++ sqlite3: - update to 3.39.1: * Fix an incorrect result from a query that uses a view that contains a compound SELECT in which only one arm contains a RIGHT JOIN and where the view is not the first FROM clause term of the query that contains the view * Fix a long-standing problem with ALTER TABLE RENAME that can only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set to a very small value. * Fix a long-standing problem in FTS3 that can only arise when compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time option. * Fix the initial-prefix optimization for the REGEXP extension so that it works correctly even if the prefix contains characters that require a 3-byte UTF8 encoding. * Enhance the sqlite_stmt virtual table so that it buffers all of its output. ++++ perl: - move builtin.pm to perl-base as File::Copy relies on it since last update. This fixes execution of builtime source services in OBS. ++++ python310-packaging: - Split primary flavor in multibuild for possible inclusion into Ring0 ++++ python-psutil: - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - Refresh skip-obs.patch ++++ python310-pyparsing: - Split primary flavor in multibuild for possible inclusion into Ring0 - Remove hardcoded primary_python variable. ++++ qemu: - Fix the following bugs: - bsc#1198037, CVE-2021-4207 - bsc#1198038, CVE-2022-0216 - bsc#1201367, CVE-2022-35414 - bsc#1198035, CVE-2021-4206 - bsc#1198712, CVE-2022-26354 - bsc#1198711, CVE-2022-26353 * Patches added: display-qxl-render-fix-race-condition-in.patch scsi-lsi53c895a-fix-use-after-free-in-ls.patch softmmu-Always-initialize-xlat-in-addres.patch ui-cursor-fix-integer-overflow-in-cursor.patch vhost-vsock-detach-the-virqueue-element-.patch virtio-net-fix-map-leaking-on-error-duri.patch ------------------------------------------------------------------ ------------------ 2022-7-14 - Jul 14 2022 ------------------- ------------------------------------------------------------------ ++++ container-selinux: - Update to version 2.188.0: * Allow confined containers to mount overlay filesystems Fixed bsc#1201348 ++++ glibc: - nptl-cleanup-async-restore-2.patch: nptl: Fix ___pthread_unregister_cancel_restore asynchronous restore (bsc#1200093, BZ #29214) ++++ kernel-default: - rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer Dwarves 1.22 or newer is required to build kernels with BTF information embedded in modules. - commit ee19e9d - x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). Update upstream status. - commit eae54b1 - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() (bsc#1198829 CVE-2022-1462). - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462). - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() (bsc#1198829 CVE-2022-1462). - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462). - commit cec52d3 - x86/kvm: fix FASTOP_SIZE when return thunks are enabled (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 86ef7b4 ++++ libglvnd: - let libglvnd require Mesa-dri so GL drivers are available on Wayland-only desktop installations (boo#1201474) ++++ openldap2: - removed obsolete 0017-Resolve-error-handling-in-new-ctx-when-global.patch - update to 2.6.3 * Fixed librewrite declaration of calloc (ITS#9841) * Fixed libldap to check for NULL ld (ITS#9157) * Fixed libldap memory leaks (ITS#9876) * Fixed lloadd to correctly tag Notice of Disconnection (ITS#9856) * Fixed slapd delta-sync DN leak on ADD ops (ITS#9866) * Fixed slapd replication with back-glue (ITS#9868) * Fixed slapd lastbind replication with chaining (ITS#9863) * Fixed slapd-ldap to correctly set authzid (ITS#9863) * Fixed slapd-mdb to check for stale readers on MDB_READERS_FULL (ITS#7165) * Fixed slapd-mdb indexer task with replicated config (ITS#9858) * Fixed slapo-accesslog onetime memory leak (ITS#9864) * Fixed slapo-ppolicy interaction with slapo-rwm (ITS#9871) * Fixed slapo-rwm to handle escaping special characters (ITS#9817) * Fixed slapo-syncprov memory leaks (ITS#9867) * Fixed slapo-syncprov fallback in delta-sync mode (ITS#9823) * Fixed slapo-unique to not release NULL entry (ITS#8245) * doc: Fixed ldap_get_option(3) to clarify ldap_get/set_option restrictions (ITS#9824) ++++ patterns-base: - Have the base pattern recommend service(network) ++++ python310-packaging: - Setuptools itself does not depend on packaging anymore, only for pythondistdeps.py, That dependency will move to python-rpm-packaging soon. -- boo#1178257 - Use "setuptools" for building again. * Python 3.12 will drop the distutils fallback * Use the python-base vendored pip in a venv * Drop no-legacyversion-warning.patch - Remove nonsensical python362 flavor check. ++++ python310-pyparsing: - Update to version 3.0.9 * Added Unicode set BasicMultilingualPlane (may also be referenced as BMP) representing the Basic Multilingual Plane (Unicode characters up to code point 65535). Can be used to parse most language characters, but omits emojis, wingdings, etc. Raised in discussion with Dave Tapley (issue #392). * To address mypy confusion of pyparsing.Optional and typing.Optional resulting in error: "_SpecialForm" not callable message reported in issue #365, fixed the import in exceptions.py. Nice sleuthing by Iwan Aucamp and Dominic Davis-Foster, thank you! (Removed definitions of OptionalType, DictType, and IterableType and replaced them with typing.Optional, typing.Dict, and typing.Iterable throughout.) * Fixed typo in jinja2 template for railroad diagrams, thanks for the catch Nioub (issue #388). * Removed use of deprecated pkg_resources package in railroad diagramming code (issue #391). * Updated bigquery_view_parser.py example to parse examples at https://cloud.google.com/bigquery/docs/reference/legacy-sql - Release 3.0.8 * API CHANGE: modified pyproject.toml to require Python version 3.6.8 or later for pyparsing 3.x. Earlier minor versions of 3.6 fail in evaluating the version_info class (implemented using typing.NamedTuple). If you are using an earlier version of Python 3.6, you will need to use pyparsing 2.4.7. * Improved pyparsing import time by deferring regex pattern compiles. PR submitted by Anthony Sottile to fix issue #362, thanks! * Updated build to use flit, PR by Michał Górny, added BUILDING.md doc and removed old Windows build scripts - nice cleanup work! * More type-hinting added for all arithmetic and logical operator methods in ParserElement. PR from Kazantcev Andrey, thank you. * Fixed infix_notation's definitions of lpar and rpar, to accept parse expressions such that they do not get suppressed in the parsed results. PR submitted by Philippe Prados, nice work. * Fixed bug in railroad diagramming with expressions containing Combine elements. Reported by Jeremy White, thanks! * Added show_groups argument to create_diagram to highlight grouped elements with an unlabeled bounding box. * Added unicode_denormalizer.py to the examples as a demonstration of how Python's interpreter will accept Unicode characters in identifiers, but normalizes them back to ASCII so that identifiers print and 𝕡𝓻ᵢ𝓃𝘁 and 𝖕𝒓𝗂𝑛ᵗ are all equivalent. * Removed imports of deprecated sre_constants module for catching exceptions when compiling regular expressions. PR submitted by Serhiy Storchaka, thank you. - Use python-base bundled pip as frontend for flit-core ++++ python-setuptools: - Remove dependency on packaging -- boo#1178257 - Enable ini2toml[lite] tests ++++ selinux-policy: - Update to version 20220714. Refreshed: * fix_init.patch * fix_systemd_watch.patch ++++ suse-module-tools: - Update to version 16.0.22: * weak-modules2: only use kernel version under /run/regenerate-initrd (boo#1201387) ++++ tpm2.0-tools: - Disable tests in some architectures (ppc, ppc64, s390x) ------------------------------------------------------------------ ------------------ 2022-7-13 - Jul 13 2022 ------------------- ------------------------------------------------------------------ ++++ permissions: - Update to version 20220713: * postfix: add postlog setgid for maildrop binary (bsc#1201385) * libexec migration: KDE utilities now properly place their helpers * pccardctl: installation path has finally changed to /usr/sbin ++++ file: - Add upstream patch to fix boo#1201350 * file-boo1201350.patch which combines the commits c80065fe6900be5e794941e29b32440e9969b1c3 7e59d34206d7c962e093d4239e5367a2cd8b7623 f042050f59bfc037677871c4d1037c33273f5213 d471022b2772071877895759f209f2c346757a4c 441ac2b15508909e82ad467960df4ac0adf9644c ++++ kernel-default: - x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/static_call: Serialize __static_call_fixup() properly (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Disable RRSBA behavior (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Add Cannon lake to RETBleed affected CPU list (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 834606b - x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - Update config files. - commit 9dbc2f6 - x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/common: Stamp out the stepping madness (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Convert launched argument to flags (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Fix SPEC_CTRL write on SMT state change (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Fix firmware entry SPEC_CTRL handling (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Do IBPB fallback check only once (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - intel_idle: Disable IBRS during long idle (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Report Intel retbleed vulnerability (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Add kernel IBRS implementation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 023a0b9 - x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - Update config files. - commit a4a04c4 - x86/bugs: Report AMD retbleed vulnerability (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: Treat .text.__x86.* as noinstr (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/sev: Avoid using __x86_return_thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bpf: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/ftrace: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86,static_call: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: skip non-text sections when adding return-thunk sites (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/retpoline: Swizzle retpoline thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/retpoline: Cleanup some #ifdefery (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Don't call error_entry() for XENPV (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Switch the stack after error_entry() returns (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit bc4fd7c - config: riscv: disable RISCV_BOOT_SPINWAIT We now rely on the SBI HSM extension which is provided by openSBI 0.7 or later. - commit 8752291 - config: riscv: disable RISCV_SBI_V01 The SBI v0.1 API is obsolete. - commit 44178e7 ++++ multipath-tools: - Update to version 0.9.0+39+suse.51a2ab1: Upstream bug fixes: * libmultipath: fix find_multipaths_timeout for unknown hardware (boo#1201483) * multipath-tools: fix "multipath -ll" for Native NVME Multipath devices (boo#1201483) - Update to version 0.9.0+33+suse.fdc6686 * multipath.conf: add support for "protocol" subsection in "overrides" section to set certain config options by protocol. * Removed the previously deprecated options getuid_callout, config_dir, multipath_dir, pg_timeout * hwable fixes and additions * multipath.conf(5): add disclaimer about vendor support * libmultipath, kpartx: fix callers of dm_get_next_target() * Change built-in defaults for NVMe: group by prio, and immediate failback * Allow compilation with -D_FORTIFY_SOURCE=3 ++++ ceph: - Update to 16.2.9-536-g41a9f9a5573: + (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR + (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979) ++++ python-setuptools: - Update to version 63.1.0 * #3430: Merge with pypa/distutils@152c13d including pypa/distutils#155 (improved compatibility for editable installs on homebrew Python 3.9), pypa/distutils#150 (better handling of runtime_library_dirs on cygwin), and pypa/distutils#151 (remove warnings for namespace packages). - v63.0.0 * #3421: Drop setuptools' support for installing an entrypoint extra requirements at load time: - the functionality has been broken since v60.8.0. - the mechanism to do so is deprecated (fetch_build_eggs). - that use case (e.g. a custom command class entrypoint) is covered by making sure the necessary build requirements are declared. Documentation changes * #3397: Fix reference for keywords to point to the Core Metadata Specification instead of PEP 314 (the live standard is kept always up-to-date and consolidates several PEPs together in a single document). - v62.6.0 * #3253: Enabled using file: for requirements in setup.cfg -- by :user:`akx` (this feature is currently considered to be in beta stage). * #3255: Enabled using file: for dependencies and optional-dependencies in pyproject.toml -- by :user:`akx` (this feature is currently considered to be in beta stage). * #3391: Updated attr: to also extract simple constants with type annotations -- by :user:`karlotness` - v62.5.0 * #3347: Changed warnings and documentation notes about experimental aspect of pyproject.toml configuration: now [project] is a fully supported configuration interface, but the [tool.setuptools] table and sub-tables are still considered to be in beta stage. * #3383: In _distutils_hack, suppress/undo the use of local distutils when select tests are imported in CPython. * #3385: Modules used to parse and evaluate configuration from pyproject.toml files are intended for internal use only and that not part of the public API. - v62.4.0 * #3256: Added setuptools.command.build command to match distutils.command.build -- by :user:`isuruf` * #3366: Merge with pypa/distutils@75ed79d including reformat using black, fix for Cygwin support (pypa/distutils#139), and improved support for cross compiling (pypa/distutils#144 and pypa/distutils#145). - v62.3.4 * #3354: Improve clarity in warning about unlisted namespace packages. - v62.3.3 * #3336: Modified test_setup_install_includes_dependencies to work with custom PYTHONPATH –- by :user:`hroncok` - v62.3.2 * #3328: Include a first line summary to some of the existing multi-line warnings. - v62.3.1 * #3320: Fixed typo which causes namespace_packages to raise an error instead of warning. - v62.3.0 * #3262: Formally added deprecation messages for namespace_packages. The methodology that uses pkg_resources and namespace_packages for creating namespaces was already discouraged by the :doc:`setuptools docs ` and the :doc:`Python Packaging User Guide `, therefore this change just make the deprecation more official. Users can consider migrating to native/implicit namespaces (as introduced in PEP 420). * #3308: Relying on include_package_data to ensure sub-packages are automatically added to the build wheel distribution (as "data") is now considered a deprecated practice. This behaviour was controversial and caused inconsistencies (#3260). Instead, projects are encouraged to properly configure packages or use discovery tools. General information can be found in :doc:`userguide/package_discovery`. * #1806: Allowed recursive globs (**) in package_data. -- by :user:`nullableVoidPtr` * #3206: Fixed behaviour when both install_requires (in setup.py) and dependencies (in pyproject.toml) are specified. The configuration in pyproject.toml will take precedence over setup.py (in accordance with PEP 621). A warning was added to inform users. * #3274: Updated version of vendored pyparsing to 3.0.8 to avoid problems with upcoming deprecation in Python 3.11. * #3292: Added warning about incompatibility with old versions of importlib-metadata. - v62.2.0 * #3299: Optional metadata fields are now truly optional. Includes merge with pypa/distutils@a7cfb56 per pypa/distutils#138. * #3282: Added CI cache for setup.cfg examples used when testing setuptools.config. - v62.1.0 * #3249: Simplified package_dir obtained via auto-discovery. - v62.0.0 * #3151: Made setup.py develop --user install to the user site packages directory even if it is disabled in the current interpreter. * #3153: When resolving requirements use both canonical and normalized names -- by :user:`ldaniluk` * #3167: Honor unix file mode in ZipFile when installing wheel via install_as_egg -- by :user:`delijati` * #3088: Fixed duplicated tag with the dist-info command. * #3247: Fixed problem preventing readme specified as dynamic in pyproject.toml from being dynamically specified in setup.py. - v61.3.1 * #3233: Included missing test file setupcfg_examples.txt in sdist. * #3233: Added script that allows developers to download setupcfg_examples.txt prior to running tests. By caching these files it should be possible to run the test suite offline. - v61.3.0 * #3229: Disabled automatic download of trove-classifiers to facilitate reproducibility. * #3229: Updated pyproject.toml validation via validate-pyproject v0.7.1. * #3229: New internal tool made available for updating the code responsible for the validation of pyproject.toml. This tool can be executed via tox -e generate-validation-code. - v61.2.0 * #3215: Ignored a subgroup of invalid pyproject.toml files that use the [project] table to specify only requires-python (transitional). * Warning: Please note that future releases of setuptools will halt the build process if a pyproject.toml file that does not match the PyPA Specification is given. * #3215: Updated pyproject.toml validation, as generated by validate-pyproject==0.6.1. * #3218: Prevented builds from erroring if the project specifies metadata via pyproject.toml, but uses other files (e.g. setup.py) to complement it, without setting dynamic properly. * Important: This is a transitional behaviour. Future releases of setuptools may simply ignore externally set metadata not backed by dynamic or even halt the build with an error. * #3224: Merge changes from pypa/distutils@e1d5c9b1f6 + #3223: Fixed missing requirements with environment markers when optional-dependencies is set in pyproject.toml. - v61.1.1 * #3212: Fixed missing dependencies when running setup.py install. Note that calling setup.py install directly is still deprecated and will be removed in future versions of setuptools. Please check the release notes for :ref:`setup_install_deprecation_note`. - v61.1.0 * #3206: Changed setuptools.convert_path to an internal function that is not exposed as part of setuptools API. Future releases of setuptools are likely to remove this function. * #3202: Changed behaviour of auto-discovery to not explicitly expand package_dir for flat-layouts and to not use relative paths starting with ./. * #3203: Prevented pyproject.toml parsing from overwriting dist.include_package_data explicitly set in setup.py with default value. * #3208: Added a warning for non existing files listed with the file directive in setup.cfg and pyproject.toml. * #3208: Added a default value for dynamic classifiers in pyproject.toml when files are missing and errors being ignored. * #3211: Disabled auto-discovery when distribution class has a configuration attribute (e.g. when the setup.py script contains setup(..., configuration=...)). This is done to ensure extension-only packages created with numpy.distutils.misc_util.Configuration are not broken by the safe guard behaviour to avoid accidental multiple top-level packages in a flat-layout. * Note Users that don't set packages, py_modules, or configuration are still likely to observe the auto-discovery behavior, which may halt the build if the project contains multiple directories and/or multiple Python files directly under the project root. To disable auto-discovery please explicitly set either packages or py_modules. Alternatively you can also configure :ref:`custom-discovery`. - v61.0.0 * #3068: Deprecated setuptools.config.read_configuration, setuptools.config.parse_configuration and other functions or classes from setuptools.config. * Users that still need to parse and process configuration from setup.cfg can import a direct replacement from setuptools.config.setupcfg, however this module is transitional and might be removed in the future (the setup.cfg configuration format itself is likely to be deprecated in the future). * #2894: If you purposefully want to create an "empty distribution", please be aware that some Python files (or general folders) might be automatically detected and included. * Projects that currently don't specify both packages and py_modules in their configuration and contain extra folders or Python files (not meant for distribution), might see these files being included in the wheel archive or even experience the build to fail. * You can check details about the automatic discovery (and how to configure a different behaviour) in :doc:`/userguide/package_discovery`. * #3067: If the file pyproject.toml exists and it includes project metadata/config (via [project] table or [tool.setuptools]), a series of new behaviors that are not backward compatible may take place: - The default value of include_package_data will be considered to be True. - Setuptools will attempt to validate the pyproject.toml file according to PEP 621 specification. - The values specified in pyproject.toml will take precedence over those specified in setup.cfg or setup.py. * #2887: [EXPERIMENTAL] Added automatic discovery for py_modules and packages -- by :user:`abravalheri`. - Setuptools will try to find these values assuming that the package uses either the src-layout (a src directory containing all the packages or modules), the flat-layout (package directories directly under the project root), or the single-module approach (an isolated Python file, directly under the project root). - The automatic discovery will also respect layouts that are explicitly configured using the package_dir option. - For backward-compatibility, this behavior will be observed only if both py_modules and packages are not set. (Note: specifying ext_modules might also prevent auto-discover from taking place) - If setuptools detects modules or packages that are not supposed to be in the distribution, please manually set py_modules and packages in your setup.cfg or setup.py file. If you are using a flat-layout, you can also consider switching to src-layout. * #2887: [EXPERIMENTAL] Added automatic configuration for the name metadata -- by :user:`abravalheri`. - Setuptools will adopt the name of the top-level package (or module in the case of single-module distributions), only when name is not explicitly provided. - Please note that it is not possible to automatically derive a single name when the distribution consists of multiple top-level packages or modules. * #3066: Added vendored dependencies for :pypi:`tomli`, :pypi:`validate-pyproject`. - These dependencies are used to read pyproject.toml files and validate them. * #3067: [EXPERIMENTAL] When using pyproject.toml metadata, the default value of include_package_data is changed to True. * #3068: [EXPERIMENTAL] Add support for pyproject.toml configuration (as introduced by PEP 621). Configuration parameters not covered by standards are handled in the [tool.setuptools] sub-table. - In the future, existing setup.cfg configuration may be automatically converted into the pyproject.toml equivalent before taking effect (as proposed in #1688). Meanwhile users can use automated tools like :pypi:`ini2toml` to help in the transition. - Please note that the legacy backend is not guaranteed to work with pyproject.toml configuration. * #3125: Implicit namespaces (as introduced in PEP 420) are now considered by default during :doc:`package discovery `, when setuptools configuration and project metadata are added to the pyproject.toml file. - To disable this behaviour, use namespaces = False when explicitly setting the [tool.setuptools.packages.find] section in pyproject.toml. - This change is backwards compatible and does not affect the behaviour of configuration done in setup.cfg or setup.py. * #3152: [EXPERIMENTAL] Added support for attr: and cmdclass configurations in setup.cfg and pyproject.toml when package_dir is implicitly found via auto-discovery. * #3178: Postponed importing ctypes when hiding files on Windows. This helps to prevent errors in systems that might not have libffi installed. * #3179: Merge with pypa/distutils@267dbd25ac - v60.10.0 * #2971: Deprecated upload_docs command, to be removed in the future. * #3137: Use samefile from stdlib, supported on Windows since Python 3.2. * #3170: Adopt nspektr (vendored) to implement Distribution._install_dependencies. * #3120: Added workaround for intermittent failures of backend tests on PyPy. These tests now are marked with XFAIL, instead of erroring out directly. * #3124: Improved configuration for :pypi:`rst-linker` (extension used to build the changelog). * #3133: Enhanced isolation of tests using virtual environments - PYTHONPATH is not leaking to spawned subprocesses -- by :user:`befeleme` * #3147: Added options to provide a pre-built setuptools wheel or sdist for being used during tests with virtual environments. Paths for these pre-built distribution files can now be set via the environment variables: PRE_BUILT_SETUPTOOLS_SDIST and PRE_BUILT_SETUPTOOLS_WHEEL. - v60.9.2 * #3035: When loading distutils from the vendored copy, rewrite __name__ to ensure consistent importing from inside and out. - v60.9.1 * #3102: Prevent vendored importlib_metadata from loading distributions from older importlib_metadata. * #3103: Fixed issue where string-based entry points would be omitted. * #3107: Bump importlib_metadata to 4.11.1 addressing issue with parsing requirements in egg-info as found in PyPy. - v60.9.0 * #2876: In the build backend, allow single config settings to be supplied. * #2993: Removed workaround in distutils hack for get-pip now that pypa/get-pip#137 is closed. * #3085: Setuptools no longer relies on pkg_resources for entry point handling. * #3098: Bump vendored packaging to 21.3. * Removed bootstrap script. * Warning: Users trying to install the unmaintained :pypi:`pathlib` backport from PyPI/sdist/source code may find problems when using setuptools >= 60.9.0. This happens because during the installation, the unmaintained implementation of pathlib is loaded and may cause compatibility problems (it does not expose the same public API defined in the Python standard library). Whenever possible users should avoid declaring pathlib as a dependency. An alternative is to pre-build a wheel for pathlib using a separated virtual environment with an older version of setuptools and install the library directly from the pre-built wheel. - v60.8.2 * #3091: Make concurrent.futures import lazy in vendored more_itertools package to a avoid importing threading as a side effect (which caused gevent/gevent#1865). -- by :user:`maciejp-ro` - v60.8.1 * #3084: When vendoring jaraco packages, ensure the namespace package is converted to a simple package to support zip importer. - v60.8.0 * #3085: Setuptools now vendors importlib_resources and importlib_metadata and jaraco.text. Setuptools no longer relies on pkg_resources for ensure_directory nor parse_requirements. - v60.7.1 * #3072: Remove lorem_ipsum from jaraco.text when vendored. - v60.7.0 * #3061: Vendored jaraco.text and use line processing from that library in pkg_resources. * #3070: Avoid AttributeError in easy_install.create_home_path when sysconfig.get_config_vars values are not strings. - v60.6.0 * #3043: Merge with pypa/distutils@bb018f1ac3 including consolidated behavior in sysconfig.get_platform (pypa/distutils#104). * #3057: Don't include optional Home-page in metadata if no url is specified. -- by :user:`cdce8p` * #3062: Merge with pypa/distutils@b53a824ec3 including improved support for lib directories on non-x64 Windows builds. * #3054: Used Py3 syntax super().__init__() -- by :user:`imba-tjd` - v60.5.4 * #3009: Remove filtering of distutils warnings. * #3031: Suppress distutils replacement when building or testing CPython. - v60.5.3 * #3026: Honor sysconfig variables in easy_install. - v60.5.2 * #2993: In _distutils_hack, for get-pip, simulate existence of setuptools. - v60.5.1 * #2918: Correct support for Python 3 native loaders. - v60.5.0 * #2990: Set the .origin attribute of the distutils module to the module's __file__. - v60.4.0 * #2839: Removed requires sorting when installing wheels as an egg dir. * #2953: Fixed a bug that easy install incorrectly parsed Python 3.10 version string. * #3006: Fixed startup performance issue of Python interpreter due to imports of costly modules in _distutils_hack -- by :user:`tiran` * #2862: Added integration tests that focus on building and installing some packages in the Python ecosystem via pip -- by :user:`abravalheri` * #2952: Modified "vendoring" logic to keep license files. * #2968: Improved isolation for some tests that where inadvertently using the project root for builds, and therefore creating directories (e.g. build, dist, *.egg-info) that could interfere with the outcome of other tests -- by :user:`abravalheri`. * #2968: Introduced new test fixtures venv, venv_without_setuptools, bare_venv that rely on the jaraco.envs package. These new test fixtures were also used to remove the (currently problematic) dependency on the pytest_virtualenv plugin. * #2968: Removed tmp_src test fixture. Previously this fixture was copying all the files and folders under the project root, including the .git directory, which is error prone and increases testing time. Since tmp_src was used to populate virtual environments (installing the version of setuptools under test via the source tree), it was replaced by the new setuptools_sdist and setuptools_wheel fixtures (that are build only once per session testing and can be shared between all the workers for read-only usage). - v60.3.1 * #3002: Suppress AttributeError when detecting get-pip. - v60.3.0 * #2993: In _distutils_hack, bypass the distutils exception for pip when get-pip is being invoked, because it imports setuptools. * #2989: Merge with pypa/distutils@788cc159. Includes fix for config vars missing from sysconfig. - v60.2.0 * #2974: Setuptools now relies on the Python logging infrastructure to log messages. Instead of using distutils.log.*, use logging.getLogger(name).*. * #2987: Sync with pypa/distutils@2def21c5d74fdd2fe7996ee4030ac145a9d751bd, including fix for missing get_versions attribute (#2969), more reliance on sysconfig from stdlib. * #2962: Avoid attempting to use local distutils when the presiding version of Setuptools on the path doesn't have one. * #2983: Restore 'add_shim' as the way to invoke the hook. Avoids compatibility issues between different versions of Setuptools with the distutils local implementation. - v60.1.1 * #2980: Bypass distutils loader when setuptools module is no longer available on sys.path. - v60.1.0 * #2958: In distutils_hack, only add the metadata finder once. In ensure_local_distutils, rely on a context manager for reliable manipulation. * #2963: Merge with pypa/distutils@a5af364910. Includes revisited fix for pypa/distutils#15 and improved MinGW/Cygwin support from pypa/distutils#77. - v60.0.5 * #2960: Install schemes fall back to default scheme for headers. - v60.0.4 * #2954: Merge with pypa/distutils@eba2bcd310. Adds platsubdir to config vars available for substitution. - v60.0.3 * #2940: Avoid KeyError in distutils hack when pip is imported during ensurepip. - v60.0.2 * #2938: Select 'posix_user' for the scheme unless falling back to stdlib, then use 'unix_user'. - v60.0.1 * #2944: Add support for extended install schemes in easy_install. - v60.0.0 * #2896: Setuptools once again makes its local copy of distutils the default. To override, set SETUPTOOLS_USE_DISTUTILS=stdlib. - v59.8.0 * #2935: Merge pypa/distutils@460b59f0e68dba17e2465e8dd421bbc14b994d1f. - v59.7.0 * #2930: Require Python 3.7 - v59.6.0 * #2925: Merge with pypa/distutils@92082ee42c including introduction of deprecation warning on Version classes. - v59.4.0 * #2893: Restore deprecated support for newlines in the Summary field. - v59.3.0 * #2906: In ensure_local_distutils, re-use DistutilsMetaFinder to load the module. Avoids race conditions when _distutils_system_mod is employed. - v59.2.0 * #2875: Introduce changes from pypa/distutils@514e9d0, including support for overrides from Debian and pkgsrc, unlocking the possibility of making SETUPTOOLS_USE_DISTUTILS=local the default again. - v59.1.1 + #2885: Fixed errors when encountering LegacyVersions. - v59.1.0 * #2497: Update packaging to 21.2. * #2877: Back out deprecation of setup_requires and replace instead by a deprecation of setuptools.installer and fetch_build_egg. Now setup_requires is still supported when installed as part of a PEP 517 build, but is deprecated when an unsatisfied requirement is encountered. - v59.0.1 * #2880: Removed URL requirement for pytest-virtualenv in setup.cfg. PyPI rejects packages with dependencies external to itself. Instead the test dependency was overwritten via tox.ini - v59.0.0 * #2856: Support for custom commands that inherit directly from distutils is deprecated. Users should extend classes provided by setuptools instead. * #2870: Started failing on invalid inline description with line breaks :class:`ValueError` -- by :user:`webknjaz` * #2698: Exposed exception classes from distutils.errors via setuptools.errors. * #2866: Incorporate changes from pypa/distutils@f1b0a2b. - v58.5.3 * #2849: Add fallback for custom build_py commands inheriting directly from :mod:`distutils`, while still handling include_package_data=True for sdist. - v58.5.2 * #2847: Suppress 'setup.py install' warning under bdist_wheel. - v58.5.1 * #2846: Move PkgResourcesDeprecationWarning above implicitly-called function so that it's in the namespace when version warnings are generated in an environment that contains them. - v58.5.0 * #1461: Fix inconsistency with include_package_data and packages_data in sdist by replacing the loop breaking mechanism between the sdist and egg_info commands -- by :user:`abravalheri` - v58.4.0 * #2497: Officially deprecated PEP 440 non-compliant versions. - Refresh patches * sort-for-reproducibility.patch * remove_mock.patch - Do not replace the vendored imports from .extern anymore * Upstream vendors more packages than before and we need to avoid buildcycles, too. * The vendored stuff was packaged all the time. * Update License tag for vendored stuff. * Drop remove-more-itertools-dependency-cycle.patch ++++ selinux-policy: - Update fix_systemd.patch to add cap sys_admin and kernel_dgram_send for systemd_gpt_generator_t (bsc#1200911) ++++ tpm2.0-tools: - Add patch to fix leakage of TPM simulator process add_missing_shut_down_call_on_cleanup.patch - Add patch to fix fapi-quote-verify[_ecc].sh test fix_check_of_qualifying_data.patch - Enable test execution by default ++++ xen: - Added --disable-pvshim when running configure in xen.spec. We have never shipped the shim and don't need to build it. - bsc#1199965 - VUL-0: CVE-2022-26362: xen: Race condition in typeref acquisition 62a1e594-x86-clean-up-_get_page_type.patch 62a1e5b0-x86-ABAC-race-in-_get_page_type.patch - bsc#1199966 - VUL-0: CVE-2022-26363,CVE-2022-26364: xen: Insufficient care with non-coherent mappings 62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch 62a1e5f0-x86-dont-change-cacheability-of-directmap.patch 62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch 62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch 62a1e649-x86-track-and-flush-non-coherent.patch - bsc#1200549 VUL-0: CVE-2022-21123,CVE-2022-21125,CVE-2022-21166: xen: x86: MMIO Stale Data vulnerabilities (XSA-404) 62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch 62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch 62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch - bsc#1201469 - VUL-0: CVE-2022-23816,CVE-2022-23825,CVE-2022-29900: xen: retbleed - arbitrary speculative code execution with return instructions (XSA-407) 62cc31ed-x86-honour-spec-ctrl-0-for-unpriv-mmio.patch 62cc31ee-cmdline-extend-parse_boolean.patch 62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch 62cd91d0-x86-spec-ctrl-rework-context-switching.patch 62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch 62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch 62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch 62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch 62cd91d5-x86-cpuid-BTC_NO-enum.patch 62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch 62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch - Upstream bug fixes (bsc#1027519) 62a99614-IOMMU-x86-gcc12.patch 62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch 62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch - Drop patches replaced by upstream versions xsa401-1.patch xsa401-2.patch xsa402-1.patch xsa402-2.patch xsa402-3.patch xsa402-4.patch xsa402-5.patch ------------------------------------------------------------------ ------------------ 2022-7-12 - Jul 12 2022 ------------------- ------------------------------------------------------------------ ++++ gpg2: - GnuPG 2.3.7: * CVE-2022-34903: garbled status messages could trick gpgme and other parsers to accept faked status lines [boo#1201225] * A number of bug fixes to the gpg command line interface * gpgsm gained a number of new options and got some rework on the PKCS#12 parser to support DFN issues keys * The gpg agent got some added options and UI tweaks * smart card support got a number of bug fixes, and improved support for Technology Nexus cards and Yubikey * The Telesec ESIGN application is now supported ++++ kernel-default: - Linux 5.18.11 (bsc#1012628). - io_uring: fix provided buffer import (bsc#1012628). - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (bsc#1012628). - ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628). - ALSA: cs46xx: Fix missing snd_card_free() call at probe error (bsc#1012628). - can: bcm: use call_rcu() instead of costly synchronize_rcu() (bsc#1012628). - can: grcan: grcan_probe(): remove extra of_node_get() (bsc#1012628). - can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628). - can: m_can: m_can_chip_config(): actually enable internal timestamping (bsc#1012628). - can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits (bsc#1012628). - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (bsc#1012628). - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (bsc#1012628). - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (bsc#1012628). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (bsc#1012628). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (bsc#1012628). - can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel() (bsc#1012628). - bpf: Fix incorrect verifier simulation around jmp32's jeq/jne (bsc#1012628). - bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals (bsc#1012628). - usbnet: fix memory leak in error case (bsc#1012628). - net: rose: fix UAF bug caused by rose_t0timer_expiry (bsc#1012628). - net: lan966x: hardcode the number of external ports (bsc#1012628). - netfilter: nft_set_pipapo: release elements in clone from abort path (bsc#1012628). - selftests/net: fix section name when using xdp_dummy.o (bsc#1012628). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (bsc#1012628). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (bsc#1012628). - can: rcar_canfd: Fix data transmission failed on R-Car V3U (bsc#1012628). - ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared (bsc#1012628). - MAINTAINERS: Remove iommu@lists.linux-foundation.org (bsc#1012628). - iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628). - iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628). - cxl/mbox: Use __le32 in get,set_lsa mailbox structures (bsc#1012628). - cxl: Fix cleanup of port devices on failure to probe driver (bsc#1012628). - fbdev: fbmem: Fix logo center image dx issue (bsc#1012628). - fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628). - fbcon: Disallow setting font bigger than screen size (bsc#1012628). - fbcon: Prevent that screen size is smaller than font size (bsc#1012628). - PM: runtime: Redefine pm_runtime_release_supplier() (bsc#1012628). - PM: runtime: Fix supplier device management during consumer probe (bsc#1012628). - memregion: Fix memregion_free() fallback definition (bsc#1012628). - video: of_display_timing.h: include errno.h (bsc#1012628). - fscache: Fix invalidation/lookup race (bsc#1012628). - fscache: Fix if condition in fscache_wait_on_volume_collision() (bsc#1012628). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1012628). - net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628). - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (bsc#1012628). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (bsc#1012628). - srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628). - ASoC: rt711: Add endianness flag in snd_soc_component_driver (bsc#1012628). - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (bsc#1012628). - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (bsc#1012628). - ASoC: SOF: ipc3-topology: Move and correct size checks in sof_ipc3_control_load_bytes() (bsc#1012628). - ASoC: SOF: Intel: hda: Fix compressed stream position tracking (bsc#1012628). - arm64: dts: qcom: sm8450: fix interconnects property of UFS node (bsc#1012628). - arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628). - arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node (bsc#1012628). - ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628). - arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct the uart2 pinctl value (bsc#1012628). - arm64: dts: imx8mp-evk: correct gpio-led pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings (bsc#1012628). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings (bsc#1012628). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings (bsc#1012628). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (bsc#1012628). - arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo (bsc#1012628). - ARM: at91: pm: use proper compatible for sama5d2's rtc (bsc#1012628). - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (bsc#1012628). - ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt (bsc#1012628). - ARM: dts: at91: sam9x60ek: fix eeprom compatible and size (bsc#1012628). - ARM: dts: at91: sama5d2_icp: fix eeprom compatibles (bsc#1012628). - ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628). - xsk: Clear page contiguity bit when unmapping pool (bsc#1012628). - i2c: piix4: Fix a memory leak in the EFCH MMIO support (bsc#1012628). - i40e: Fix dropped jumbo frames statistics (bsc#1012628). - i40e: Fix VF's MAC Address change on VM (bsc#1012628). - ARM: dts: stm32: add missing usbh clock and fix clk order on stm32mp15 (bsc#1012628). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1012628). - selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (bsc#1012628). - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (bsc#1012628). - selftests: forwarding: fix error message in learning_test (bsc#1012628). - ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628). - ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is supported (bsc#1012628). - ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (bsc#1012628). - ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported (bsc#1012628). - net/mlx5e: Fix matchall police parameters validation (bsc#1012628). - mptcp: Avoid acquiring PM lock for subflow priority changes (bsc#1012628). - mptcp: Acquire the subflow socket lock before modifying MP_PRIO flags (bsc#1012628). - mptcp: fix local endpoint accounting (bsc#1012628). - r8169: fix accessing unset transport header (bsc#1012628). - i2c: cadence: Unregister the clk notifier in error path (bsc#1012628). - net/sched: act_api: Add extack to offload_act_setup() callback (bsc#1012628). - net/sched: act_police: Add extack messages for offload failure (bsc#1012628). - net/sched: act_police: allow 'continue' action offload (bsc#1012628). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628). - dmaengine: imx-sdma: only restart cyclic channel when enabled (bsc#1012628). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (bsc#1012628). - misc: rtsx_usb: use separate command and response buffers (bsc#1012628). - misc: rtsx_usb: set return value in rsp_buf alloc err path (bsc#1012628). - dmaengine: dw-axi-dmac: Fix RMW on channel suspend register (bsc#1012628). - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (bsc#1012628). - ida: don't use BUG_ON() for debugging (bsc#1012628). - dmaengine: pl330: Fix lockdep warning about non-static key (bsc#1012628). - dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (bsc#1012628). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (bsc#1012628). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (bsc#1012628). - dmaengine: qcom: bam_dma: fix runtime PM underflow (bsc#1012628). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (bsc#1012628). - dmaengine: idxd: force wq context cleanup on device disable path (bsc#1012628). - commit 0e7e901 ++++ libaio: - add fix-splice-signature.patch to fix build on 32bit ++++ libidn2: - update to 2.3.3: * Upgrade IDNA Tables from Unicode 11 to 12 * Upgrade TR46 Tables from Unicode 13 to 14 * Updated gnulib files and various build fixes * Add self-check for the idn2 command line tool ++++ systemd: - systemd.spec: add files.experimental ++++ salt: - Fix test_ipc unit test - Added: * fix-test_ipc-unit-tests.patch ++++ python-M2Crypto: - Add CVE-2020-25657-Bleichenbacher-attack.patch (CVE-2020-25657, bsc#1178829), which mitigates the Bleichenbacher timing attacks in the RSA decryption API. - Add python-M2Crypto.keyring to verify GPG signature of tarball. ++++ rust-keylime: - Update to version 0.1.0+git.1657303637.5b9072a: * keys_handler: Use scopes to drop mutexes before await * Enable usage of Rust IMA emulator in E2E tests. * ima_emulator: Support PCR hash algorithms other than SHA-1 * ima_entry: add IMA entry parser ported from Python Keylime * algorithms: Add conversion between our hash algorithms and OpenSSL's * Remove unused functions revocation_ip_get and revocation_port_get. Change String to &str. * Adjust function usage comments to account for new parameters. * Load config file less at startup in src/common.rs * GNUmakefile: Make target dependencies explicit * permissions: Set supplementary groups when dropping privileges * main: Use more descriptive message for missing files error * Show path when fail to load the certificate * tpm: Add serialization functions for structures in quotes - Requires tpm2.0-abrmd dependency, as the kernel resource manager could be not enough - Downgrade /var/run/keylime permissions - Set "run_as" parameter to "keylime:tss" - Create the keylime user via systemd - Fix keylime service home directory - Add 0001-main-die-when-cannot-drop-privileges.patch to avoid the execution as root when the run_as user is missing in the system ++++ virt-manager: - Upstream bug fix (bsc#1027942) d51541e1-Fix-UI-rename-with-firmware-efi.patch - Use autosetup in spec file ++++ xen: - bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) xsa408.patch - Fix gcc13 compilation error 62c56cc0-libxc-fix-compilation-error-with-gcc13.patch ------------------------------------------------------------------ ------------------ 2022-7-11 - Jul 11 2022 ------------------- ------------------------------------------------------------------ ++++ hwdata: - update to 0.361: + Updated pci, usb and vendor ids. ++++ hidapi: - update to 0.12.0: * libusb: improved CMake dependency on Iconv (#405) - as a result, better support for NetBSD; * general: documentation improvements; * general: small code cleanups/improvements; * many windows specific fixes - spec-cleaner cleanups ++++ libnettle: - update to 3.8: This release includes a couple of new features, and many performance improvements. It adds assembly code for two more architectures: ARM64 and S390x. The new version is intended to be fully source and binary compatible with Nettle-3.6. The shared library names are libnettle.so.8.5 and libhogweed.so.6.5, with sonames libnettle.so.8 and libhogweed.so.6. New features: * AES keywrap (RFC 3394), contributed by Nicolas Mora. * SM3 hash function, contributed by Tianjia Zhang. * New functions cbc_aes128_encrypt, cbc_aes192_encrypt, cbc_aes256_encrypt. On processors where AES is fast enough, e.g., x86_64 with aesni instructions, the overhead of using Nettle's general cbc_encrypt can be significant. The new functions can be implemented in assembly, to do multiple blocks with reduced per-block overhead. Note that there's no corresponding new decrypt functions, since the general cbc_decrypt doesn't suffer from the same performance problem. Bug fixes: * Fix fat builds for x86_64 windows, these appear to never have worked. Optimizations: * New ARM64 implementation of AES, GCM, Chacha, SHA1 and SHA256, for processors supporting crypto extensions. Great speedups, and fat builds are supported. Contributed by Mamone Tarsha. * New s390x implementation of AES, GCM, Chacha, memxor, SHA1, SHA256, SHA512 and SHA3. Great speedups, and fat builds are supported. Contributed by Mamone Tarsha. * New PPC64 assembly for ecc modulo/redc operations, contributed by Amitay Isaacs, Martin Schwenke and Alastair D´Silva. * The x86_64 AES implementation using aesni instructions has been reorganized with one separate function per key size, each interleaving the processing of two blocks at a time (when the caller processes multiple blocks with each call). This gives a modest performance improvement on some processors. * Rewritten and faster x86_64 poly1305 assembly. - drop libnettle-s390x-CPACF-SHA-AES-support.patch (included in 3.8) ++++ ncurses: - Add ncurses patch 20220709 + lock the prescreen data consistently in newterm, etc., for the pthreads configuration (report by Tom de Vries). ++++ nfs-utils: - 0004-modprobe-protect-against-sysctl-errors.patch 0005-modprobe-avoid-error-messages-if-sbin-sysctl-fail.patch Suppress any errors from /sbin/sysctl, if for example, it isn't installed (bsc#1200710) ++++ nghttp2: - update to 1.48.0: * lib: Allow server to override RFC 9218 stream priority * lib: Add a server option to fallback to RFC 7540 priorities * lib: Add PRIORITY_UPDATE frame support * lib: Implement RFC 9218 extensible prioritization scheme * lib: Do not verify host field specific characters for response field * lib: No rfc7540 priorities * lib: Fix stream stall when initial window size is decreased * doc: Document how to change stream prioritization scheme * build: Compile with libressl 3.5 * build: EXTRA_DIST: List mruby files explicitly * build: Bump ngtcp2 and nghttp3 * build: Do not check application libraries if --enable-lib-only is given * src: Update default TLS cipher suites * nghttpx, h2load: Better pack UDP packets in one GSO write * nghttpx, h2load: Quic error handling * nghttpx, h2load: Fix QUIC performance regression * nghttp, nghttpd, nghttpx: Add ktls support * h2load: Send more packets without GSO per event loop * h2load: Add ktls support * nghttpd: Fix TLS read stall * nghttpx: Disable RFC 7540 priorities * nghttpx: Client always uses simpler TLS handshake * nghttpx: Add affinity-cookie-stickiness backend parameter * nghttpx: Fix broken session affinity * nghttpx: Limit CONNECTION_CLOSE and Retry under server amplification limit * integration: Go update * integration: Add go.mod * third-party: Bump llhttp to 75b45129db961e1fb3c56044e1b8f7721bfaee5d * third-party: Bump libbpf to v0.8.0 * third-party: Bump mruby to 3.1.0 * third-party: Bump neverbleed based on the latest head (GH-1708) ++++ protobuf-c: - Update to release 1.4.1 * Fixed unsigned integer overflow (GH#499) * Avoid shifting signed values (GH#508) - Remove 508.patch (merged) ++++ tpm2-0-tss: - Revert "Add version the configuration file tpm2-tss-fapi.conf" This generate whitelist problems in rpmlint. ++++ unbound: - update to 1.16.1 * Features - Fix #704: [FR] Statistics counter for number of outgoing UDP queries sent; introduces 'num.query.udpout' to the 'unbound-control stats' command. * Bug Fixes - makedist.sh picks up 32bit libssp-0.dll when 32bit compile. - Fix for edns client subnet to respect not looking in its cache when instructed to do so (e.g., prefetch). - Merge PR #688: Rpz url notify issue. - Note in the unbound.conf text that NOTIFY is allowed from the url: addresses for auth and rpz zones. - Remove unused LDNS function check for GOST Engine unloading. - Fix for loading locally stored zones that have lines with blanks or blanks and comments. - Fix #663: use after free issue with edns options. - Clarify -v flag manpage entry (#705) - Fix test program dohclient close to use portability routine. - Show the output of the exact .rpl run that failed with 'make test'. - Fix for cached 0 TTL records to not trigger prefetching when serve-expired-client-timeout is set. - Add debug option to the mini_tdir.sh test code. - Fix to not count cached NXDOMAIN for MAX_TARGET_NX. - Allow fallback to the parent side when MAX_TARGET_NX is reached. This will also allow MAX_TARGET_NX more NXDOMAINs. - iana portlist update. - Fix detection of libz on windows compile with static option. - Fix compile warning for windows compile. - Merge PR #706: NXNS fallback. - From #706: Cached NXDOMAIN does not increase the target nx responses. - From #706: Don't generate parent side queries if we already have the lame records in cache. - From #706: When a lame address is the best choice, don't try to generate target queries when the missing targets are all lame. - Merge PR #671 from Petr Menšík: Disable ED25519 and ED448 in FIPS mode on openssl3. - Merge PR #660 from Petr Menšík: Sha1 runtime insecure. - For #660: formatting, less verbose logging, add EDE information. - Fix for correct openssl error when adding windows CA certificates to the openssl trust store. - Improve val_sigcrypt.c::algo_needs_missing for one loop pass. - Reintroduce documentation and more EDE support for val_sigcrypt.c::dnskeyset_verify_rrset_sig. - Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for one loop pass'. - Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on outbound tcp sockets. ++++ selinux-policy: - postfix: Label PID files and some helpers correctly (bsc#1197242) ------------------------------------------------------------------ ------------------ 2022-7-10 - Jul 10 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update to 5.19-rc6 - update configs - s390x/zfcpdump - CRC32_S390=n - SHA512_S390=n - SHA1_S390=n - SHA256_S390=n - SHA3_256_S390=n - SHA3_512_S390=n - GHASH_S390=n - AES_S390=n - DES_S390=n - CHACHA_S390=n - KEXEC_FILE=n - commit 5477bdd ------------------------------------------------------------------ ------------------ 2022-7-9 - Jul 9 2022 ------------------- ------------------------------------------------------------------ ++++ cups: - Move the dbus-1 system.d file to /usr (bsc#1201346) ++++ avahi: - Move the dbus-1 system.d file to /usr (bsc#1201345) ++++ python-lxml: - update to version 4.9.1 (bsc#1201253, CVE-2022-2309): * Bugs fixed + A crash was resolved when using iterwalk() (or canonicalize()) after parsing certain incorrect input. Note that iterwalk() can crash on valid input parsed with the same parser after failing to parse the incorrect input. ------------------------------------------------------------------ ------------------ 2022-7-8 - Jul 8 2022 ------------------- ------------------------------------------------------------------ ++++ librsvg: - Replace dependency on unmaintained rust-packaging with cargo-packaging. ++++ kdump: - fix network-related dracut options handling for fadump case - drop the elevator=deadline kernel option (bsc#1193211) - fix broken URL in manpage (bsc#1187312) ++++ kernel-default: - Linux 5.18.10 (bsc#1012628). - xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628). - xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses() (bsc#1012628). - xen/blkfront: force data bouncing when backend is untrusted (bsc#1012628). - xen/netfront: force data bouncing when backend is untrusted (bsc#1012628). - xen/netfront: fix leaking data in shared pages (bsc#1012628). - xen/blkfront: fix leaking data in shared pages (bsc#1012628). - hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (bsc#1012628). - net: sparx5: mdb add/del handle non-sparx5 devices (bsc#1012628). - net: sparx5: Add handling of host MDB entries (bsc#1012628). - drm/fourcc: fix integer type usage in uapi header (bsc#1012628). - platform/x86: panasonic-laptop: filter out duplicate volume up/down/mute keypresses (bsc#1012628). - platform/x86: panasonic-laptop: don't report duplicate brightness key-presses (bsc#1012628). - platform/x86: panasonic-laptop: revert "Resolve hotkey double trigger bug" (bsc#1012628). - platform/x86: panasonic-laptop: sort includes alphabetically (bsc#1012628). - platform/x86: panasonic-laptop: de-obfuscate button codes (bsc#1012628). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (bsc#1012628). - drm/msm/gem: Fix error return on fence id alloc fail (bsc#1012628). - drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628). - drm/i915/gem: add missing else (bsc#1012628). - platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter (bsc#1012628). - drm/msm/dpu: Increment vsync_cnt before waking up userspace (bsc#1012628). - cifs: fix minor compile warning (bsc#1012628). - net: tun: avoid disabling NAPI twice (bsc#1012628). - mlxsw: spectrum_router: Fix rollback in tunnel next hop init (bsc#1012628). - ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628). - ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628). - nvmet: add a clear_ids attribute for passthru targets (bsc#1012628). - fanotify: refine the validation checks on non-dir inode mask (bsc#1012628). - tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (bsc#1012628). - ACPI: video: Change how we determine if brightness key-presses are handled (bsc#1012628). - nvmet-tcp: fix regression in data_digest calculation (bsc#1012628). - tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628). - cpufreq: qcom-hw: Don't do lmh things without a throttle interrupt (bsc#1012628). - epic100: fix use after free on rmmod (bsc#1012628). - tipc: move bc link creation back to tipc_node_create (bsc#1012628). - NFC: nxp-nci: Don't issue a zero length i2c_master_read() (bsc#1012628). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (bsc#1012628). - platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to ideapad_dytc_v4_allow_table[] (bsc#1012628). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1012628). - powerpc/memhotplug: Add add_pages override for PPC (bsc#1012628). - Update config files. - net: dsa: felix: fix race between reading PSFP stats and port stats (bsc#1012628). - net: bonding: fix use-after-free after 802.3ad slave unbind (bsc#1012628). - selftests net: fix kselftest net fatal error (bsc#1012628). - net: phy: ax88772a: fix lost pause advertisement configuration (bsc#1012628). - net: bonding: fix possible NULL deref in rlb code (bsc#1012628). - net: asix: fix "can't send until first packet is send" issue (bsc#1012628). - net/sched: act_api: Notify user space if any actions were flushed before error (bsc#1012628). - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (bsc#1012628). - netfilter: nft_dynset: restore set element counter when failing to update (bsc#1012628). - s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628). - vdpa/mlx5: Update Control VQ callback information (bsc#1012628). - lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch() (bsc#1012628). - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (bsc#1012628). - io_uring: ensure that send/sendmsg and recv/recvmsg check sqe->ioprio (bsc#1012628). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (bsc#1012628). - vfs: fix copy_file_range() regression in cross-fs copies (bsc#1012628). - NFSv4: Add an fattr allocation to _nfs4_discover_trunking() (bsc#1012628). - NFSD: restore EINVAL error translation in nfsd_commit() (bsc#1012628). - NFS: restore module put when manager exits (bsc#1012628). - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (bsc#1012628). - hwmon: (occ) Prevent power cap command overwriting poll response (bsc#1012628). - selftests: mptcp: Initialize variables to quiet gcc 12 warnings (bsc#1012628). - mptcp: fix conflict with (bsc#1012628). - selftests: mptcp: more stable diag tests (bsc#1012628). - mptcp: fix race on unaccepted mptcp sockets (bsc#1012628). - usbnet: fix memory allocation in helpers (bsc#1012628). - net: usb: asix: do not force pause frames support (bsc#1012628). - linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628). - RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628). - RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628). - net: dp83822: disable rx error interrupt (bsc#1012628). - net: dp83822: disable false carrier interrupt (bsc#1012628). - net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628). - net: tun: stop NAPI when detaching queues (bsc#1012628). - net: tun: unlink NAPI from device on destruction (bsc#1012628). - net: dsa: bcm_sf2: force pause link settings (bsc#1012628). - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (bsc#1012628). - virtio-net: fix race between ndo_open() and virtio_device_ready() (bsc#1012628). - net: usb: ax88179_178a: Fix packet receiving (bsc#1012628). - net: rose: fix UAF bugs caused by timer handler (bsc#1012628). - SUNRPC: Fix READ_PLUS crasher (bsc#1012628). - dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628). - dm raid: fix accesses beyond end of raid member array (bsc#1012628). - cpufreq: amd-pstate: Add resume and suspend callbacks (bsc#1012628). - powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628). - powerpc/book3e: Fix PUD allocation size in map_kernel_page() (bsc#1012628). - powerpc/prom_init: Fix kernel config grep (bsc#1012628). - parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628). - parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628). - ceph: wait on async create before checking caps for syncfs (bsc#1012628). - nvdimm: Fix badblocks clear off-by-one error (bsc#1012628). - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1 (bsc#1012628). - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP (AKA SPECTRIX S40G) (bsc#1012628). - s390/archrandom: simplify back to earlier design and initialize earlier (bsc#1012628). - net: phy: Don't trigger state machine while in suspend (bsc#1012628). - ipv6: take care of disable_policy when restoring routes (bsc#1012628). - ksmbd: use vfs_llseek instead of dereferencing NULL (bsc#1012628). - ksmbd: check invalid FileOffset and BeyondFinalZero in FSCTL_ZERO_DATA (bsc#1012628). - ksmbd: set the range of bytes to zero without extending file size in FSCTL_ZERO_DATA (bsc#1012628). - drm/amdgpu: To flush tlb for MMHUB of RAVEN series (bsc#1012628). - Revert "drm/amdgpu/display: set vblank_disable_immediate for DC" (bsc#1012628). - drm/amdgpu: fix adev variable used in amdgpu_device_gpu_recover() (bsc#1012628). - commit 97c4fd2 ++++ systemd: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network (bsc#1201276) This configuration files put in these directories are read by both udevd and systemd-networkd. ++++ tpm2-0-tss: - Update to 3.2.0 + Fixed * FAPI: fix curl_url_set call * FAPI: Fix usage of curl url (Should fix Ubuntu 22.04) * Fix buffer upcast leading to misalignment * Fix check whether SM3 is available * Update git.mk to support R/O src-dir * Fixed file descriptor leak when tcti initialization failed. * 32 Bit builds of the integration tests. * Primary key creation, in some cases the unique field was not cleared before calling create primary. * Primary keys was used for signing the object were cleared after loading. So access e.g. to the certificate did not work. * Primary keys created with Fapi_Create with an auth value, the auth_value was not used in inSensitive to recreate the primary key. Now the auth value callback is used to initialize inSensitive. * The not possible usage of policies for primary keys generated with Fapi_CreatePrimary has been fixed. * An infinite loop when parsing erroneous JSON was fixed in FAPI. * A buffer overflow in ESAPI xor parameter obfuscation was fixed. * Certificates could be read only once in one application The setting the init state of the state automaton for getting certificates was fixed. * A double free when executing policy action was fixed. * A leak in Fapi_Quote was fixed. * The wrong file locking in FAPI IO was fixed. * Enable creation of tss group and user on systems with busybox for fapi. * One fapi integration test did change the auth value of the storage hierarchy. * A leak in fapi crypto with ossl3 was fixed. * Add initial camelia support to FAPI * Fix tests of fapi PCR * Fix tests of ACT functionality if not supported by pTPM * Fix compiler (unused) warning when building without debug logging * Fix leaks in error cases of integration tests * Fix memory leak after ifapi_init_primary_finish failed * Fix double-close of stream in FAPI * Fix segfault when ESYS_TR_NONE is passed to Esys_TR_GetName * Fix the authorization of hierarchy objects used in policy secret. * Fix check of qualifying data in Fapi_VerifyQuote. * Fix some leaks in FAPI error cases. * Make scripts compatible with non-posix shells where test does not know -a and -o. * Fix usage of variable not initialized when fapi keystore is empty. + Added * Add additional IFX root CAs * Added support for SM2, SM3 and SM4. * Added support for OpenSSL 3.0.0. * Added authPolicy field to the TPMU_CAPABILITIES union. * Added actData field to the TPMU_CAPABILITIES union. * Added TPM2_CAP_AUTH_POLICIES * Added TPM2_CAP_ACT constants. * Added updates to the marshalling and unmarshalling of the TPMU_CAPABILITIES union. * Added updated to the FAPI serializations and deserializations of the TPMU_CAPABILITIES union and associated types. * Add CODE_OF_CONDUCT * tcti-mssim and tcti-swtpm gained support for UDX communication * Missing constant for TPM2_RH_PW + Removed * Removed support for OpenSSL < 1.1.0. * Marked TPMS_ALGORITHM_DESCRIPTION and corresponding MU routines as deprecated. * Those were errorous typedefs that are not use and not useful. So we will remove this with 3.3 * Marked TPM2_RS_PW as deprecated. Use TPM2_RH_PW instead. - Update to 3.1.1 + Fixed * Fixed file descriptor leak when tcti initialization failed. * Primary key creation, in some cases the unique field was not cleared before calling create primary. * Primary keys was used for signing the object were cleared after loading. So access e.g. to the certificate did not work. * Primary keys created with Fapi_Create with an auth value, the auth_value was not used in inSensitive to recreate the primary key. Now the auth value callback is used to initialize inSensitive. * The not possible usage of policies for primary keys generated with Fapi_CreatePrimary has been fixed. * An infinite loop when parsing erroneous JSON was fixed in FAPI. * A buffer overflow in ESAPI xor parameter obfuscation was fixed. * Certificates could be read only once in one application The setting the init state of the state automaton for getting certificates was fixed. * A double free when executing policy action was fixed. * A leak in Fapi_Quote was fixed. * The wrong file locking in FAPI IO was fixed. * One fapi integration test did change the auth value of the storage hierarchy. * Fix test of FAPI PCR * Fix leaks in error cases of integration tests * Fix segfault when ESYS_TR_NONE is passed to Esys_TR_GetName * Fix the authorization of hierarchy objects used in policy secret. * Fix check of qualifying data in Fapi_VerifyQuote. * Fix some leaks in FAPI error cases. * Fix usage of variable not initialized when fapi keystore is empty. + Added * Add additional IFX root CAs ++++ tpm2.0-abrmd: - Version 2.4.1 + Added Contributor Covenant Code of Conduct. + Fixed * superflous warning messages about tcti status. WARNING **: 11:00:56.205: tcti_conf before: "(null)" WARNING **: 11:00:56.205: tcti_conf after: "mssim" * GCC 11 build error: error: argument 2 of __atomic_load’ discards 'volatile' qualifier * Initialize gerror pointer variable to NULL to fix use of unitialized memory and segfault. * Updated missing defaults in manpage. * Port CI to composite actions in tpm2-software/ci. + Removed Dependency on 'which' utility in configure.ac. ubuntu-16.04 from CI. ++++ liburing: - add handle-eintr.patch, enable tests everywhere ++++ salt: - Add support for gpgautoimport in zypperpkg module - Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744) - Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372) - Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082) - Added: * fix-jinja2-contextfuntion-base-on-version-bsc-119874.patch * add-support-for-gpgautoimport-539.patch * fix-62092-catch-zmq.error.zmqerror-to-set-hwm-for-zm.patch * fix-salt.states.file.managed-for-follow_symlinks-tru.patch ++++ tpm2.0-tools: - Add missing dependencies for testing. - Add patch to properly skip getekcertificate if curl is missing 0001-tests-getekcertificate.sh-Skip-the-test-if-curl-is-n.patch ------------------------------------------------------------------ ------------------ 2022-7-7 - Jul 7 2022 ------------------- ------------------------------------------------------------------ ++++ glib2: - Update to version 2.73.1: + Remove the `-Diconv` configure option, as GLib now uses Meson’s built-in logic for finding which iconv implementation to use. + Move gvdb to a Meson subproject and git submodule to avoid duplicating its source. + Add `add_test_setup()` in Meson to allow GLib tests to be run under valgrind with correct settings easily, using `meson test --setup=valgrind`. + Fix deadlocks when disposing non-cancelled inotify `GFileMonitor`s. + Fix `file://` requests in webkit2gtk due to incorrect xdgmime update. + Fix build errors on macOS ≤10.7 for `LOCAL_PEERPID`. + Add new `g_atomic_int_exchange()` and `g_atomic_pointer_exchange()` APIs. + Add new `GListStore:n-items` property to allow easy binding in UIs. + Performance improvements for GObject construction and destruction. + Use a numeric space (U+2007) for padding with some `g_date_time_format()` placeholders. + Fix a slow memory leak in `GSocketClient` when using long-lived `GCancellable`s. ++++ openssl-1_1: - update to 1.1.1q: * [CVE-2022-2097, bsc#1201099] * Addresses situations where AES OCB fails to encrypt some bytes ++++ libselinux: - Fixed initrd check in selinux-ready (bnc#1186127) ++++ libzio: - switch to https download url ++++ openssl: - updated to 1.1.q release ++++ patterns-base: - Downgrade mailx to Suggests, most users don't even know what it is and this avoids pulling in smtp_daemon. ++++ salt: - Add support for name, pkgs and diff_attr parameters to upgrade function for zypper and yum (bsc#1198489) - Added: * add-support-for-name-pkgs-and-diff_attr-parameters-t.patch ++++ sevctl: - Disable obs_scm service by default - Use a commit hash as the checked out revision corresponding to crate version 0.3.0 - Change version format to be clear we are using a git commit hash - Build for x86_64 only - Initial package for sevctl v0.3.0 (https://github.com/virtee/sevctl) - FIXME: Upstream has no tags so using HEAD revision ++++ suse-module-tools: - Update to version 16.0.21: * kernel-scriptlets: don't pass flags to weak-modules2 (bsc#1195391) ++++ tpm2.0-tools: - Disable LTO for 5.2, to fix tpm2_makecredential with "-T none" (bsc#1201291) ------------------------------------------------------------------ ------------------ 2022-7-6 - Jul 6 2022 ------------------- ------------------------------------------------------------------ ++++ docker-compose-switch: - add docker-compose-switch-rpmlintrc to ignore obsolete-not-provided error ++++ libnl3: - Update to release 3.7 * route/mdb: fix buffer overflow in mdb_msg_parser() * route/act: add NAT action ++++ open-iscsi: - Modify SPEC file so systemd unit files are mode 644 (not 755) (bsc#1200570) ++++ libsoup: - Update to version 3.0.7: + Fix leak in SoupAuthNTLM. + Fix constructing SoupAuthNTLM objects. + Disable mutual negotiation in SoupAuthNegotiate. + http2: - Do not advertise the `h2` protocool for proxy connections. - Remove left-over headers when HTTP/1 redirects to HTTP/2. - Handle HTTP_1_1_REQUIRED error. - Read request bodies synchronously for sync requests. - Properly handle server sending shut down GOAWAY. + tests: - Remove dependency on Apache's PHP module. - Depend upon Apache's http2 module. ++++ tiff: - security update * CVE-2022-2056 [bsc#1201176] * CVE-2022-2057 [bsc#1201175] * CVE-2022-2058 [bsc#1201174] + tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch ++++ openssh: - openssh-8.4p1-ssh_config_d.patch: admin overrides should take priority (listed first) over package defaults ------------------------------------------------------------------ ------------------ 2022-7-5 - Jul 5 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - drm/aperture: Run fbdev removal before internal helpers (boo#1193472) - commit aff8e8a - netfilter: nf_tables: stricter validation of element data (CVE-2022-34918 bsc#1201171). - commit a1fda0d ++++ fmt: - Update to release 9 * Switched to the internal floating point formatter for all decimal presentation formats. In particular this results in consistent rounding on all platforms and removing the s[n]printf fallback for decimal FP formatting. * Compile-time floating point formatting no longer requires the header-only mode. * Disabled automatic std::ostream insertion operator (operator<<) discovery when fmt/ostream.h is included to prevent ODR violations. You can get the old behavior by defining FMT_DEPRECATED_OSTREAM. * Added fmt::ostream_formatter that can be used to write formatter specializations that perform formatting via std::ostream. * Added the fmt::streamed function that takes an object and formats it via std::ostream. * Added experimental std::variant formatting support. * Added experimental std::filesystem::path formatting support. * Added a std::thread::id formatter to fmt/std.h. * Added support for nested specifiers to range formatting. - Add 0001-Fix-large-shift-in-uint128_fallback.patch 0002-Use-FMT_USE_FLOAT128-instead-of-__SIZEOF_FLOAT128__.patch 0001-Make-sure-the-correct-fmod-overload-is-called.patch ++++ libjpeg-turbo: - Add requires between baselibs ++++ protobuf-c: - Do not build static libraries - Run unit tests - Explicit files and directories for includedir, so we can detect what we actually install there - 508.patch: fixes invalid arithmetic shift (bsc#1200908, CVE-2022-33070) ++++ libvirt: - Update to libvirt 8.5.0 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v8-5-0-2022-07-01 - Drop downstream-only lxc patches. They received little interest upstream, are difficult to maintain, and are no longer required by the requester (SLE): 0001-Extract-stats-functions-from-the-qemu-driver.patch, 0002-lxc-implement-connectGetAllDomainStats.patch ++++ libzypp: - Fix building with GCC 12.x release (#396) - version 17.30.3 (22) ++++ patterns-base: - Use pipewire as default audio server in TW. ++++ python-libvirt-python: - Update to 8.5.0 - Add all new APIs and constants in libvirt 8.5.0 ++++ wpa_supplicant: - Add dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch (bsc#1201219) ++++ zypper: - Fix building with GCC 13 (fixes #448) - Put signing key supplying repository name in quotes. - version 1.14.54 ------------------------------------------------------------------ ------------------ 2022-7-4 - Jul 4 2022 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 057+suse.294.gaa9ea2d2: * fix(i18n): add required includes for keymaps (bsc#1200950) ++++ glib-networking: - Update to version 2.72.1 + Discard empty proxy environment variables. ++++ gtk3: - Add compatible dependency "python3-gobject-Gdk if python3-gobject" to the typelib package for SLE and Leap (boo#1200614). ++++ kernel-default: - fbdev: Disable sysfb device registration when removing conflicting (boo#1193472) - commit c76a69f - firmware: sysfb: Add sysfb_disable() helper function (boo#1193472) - commit 6072450 - firmware: sysfb: Make sysfb_create_simplefb() return a pdev pointer (boo#1193472) - commit 326d1c1 - Update to 5.19-rc5 - update contigs - VIRTIO_HARDEN_NOTIFICATION=n - commit 59940d4 ++++ kernel-firmware: - Update to version 20220622 (git commit 9ed4d42c51ac): * amdgpu: update Yellow Carp VCN firmware * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * qed: update 8.59.1.0 firmware * Link some devices that ship with the AW-CM256SM * Add initial AzureWave AW-CM256SM NVRAM file * Remove the Pine64 Quartz copy of the RPi NVRAM * qca: Update firmware files for BT chip WCN6750. * QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00409 * WHENCE: add symlinks for StarFive based boards * linux-firmware: wilc1000: update WILC1000 firmware to v15.6 * brcm: Add NVRAM file 43455 based Wifi/BT module as used on the Quartz64 Model B from Pine64. This file is based on the existing "brcm/brcmfmac43455-sdio.raspberrypi,4-model-b.txt" NVRAM file. * iwlwifi: add new FWs from core70-87 release * iwlwifi: update 9000-family firmwares to core70-87 - Temporary fix for incorrect symlinks for brcm in WHENCE: brcm-symlink-fixes.diff - Minor updates of scripts, sorting alphabetically and add version to Provides/Obsoletes - Update alias ++++ llvm15: - Update to version 14.0.6. * This release contains bug-fixes for the LLVM 14.0.0 release. This release is API and ABI compatible with 14.0.0. - Rebase llvm-do-not-install-static-libraries.patch. ++++ ncurses: - Add ncurses patch 20220703 + add consistency check in tic for u6/u7/u8/u9 and NQ capabilities. + use NQ to flag entries where the terminal does not support query and response -TD + use ansi+enq and decid+cpr in cases where the terminal probably supported the u6-u9 extension -TD + add/use apollo+vt132, xterm+alt47 -TD - Correct offsets of patches * ncurses-5.9-ibm327x.dif * ncurses-6.3.dif ++++ lsof: - Update remove-hostname.patch with the upstream version ++++ vim: - Updated to version 9.0.0032, fixes the following problems - fix CVE-2022-2285 - boo#1201134 - fix CVE-2022-2257 - boo#1201154 * Map functionality outside of map.c. * Functions are global while they could be local. * Plural messages not translated properly. * Hare files are not recognized. * Not all Visual Basic files are recognized. * No support for double, dotted and dashed underlines. * Cannot specify the variable name for "xxd -i". * Going past the end of a menu item with only modifier. * Returning 0 for has('patch-9.0.0') is inconsistent. * Reading beyond the end of the line with put command. * Signature files not detected properly. * Reproducing memory access errors can be difficult. * Missing part of the test override change. * With EXITFREE defined terminal menus are not cleared. * Comparing line pointer for 'breakindent' is not reliable. * Accessing memory beyond the end of the line. * Going over the end of the typahead. * Timers test not run where possible. * With some completion reading past end of string. * Invalid memory access when adding word with a control character to the internal spell word list. * Spell test fails. * On Solaris timer_create() exists but does not work. * May access part of typeahead buf that isn't filled. * Accessing beyond allocated memory when using the cmdline window in Ex mode. * Accessing freed memory with diff put. * The command line test is getting quite big. * The bitmaps/vim.ico file is not in the distribution. * Matchfuzzy test depends on path of current directory. * of user command does not have correct verbose value. * In the quickfix window 'cursorline' overrules QuickFixLine highlighting. ------------------------------------------------------------------ ------------------ 2022-7-3 - Jul 3 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - Update to 22.1.3 * a lot of zink fixes * There's a bit of everything else here, including some performance fixes for wsi/x11. ++++ Mesa-drivers: - Update to 22.1.3 * a lot of zink fixes * There's a bit of everything else here, including some performance fixes for wsi/x11. ++++ glib2: - Update to version 2.72.3 + Bugs fixed: glgo#GNOME/Glib!1941, glgo#GNOME/Glib!2597, glgo#GNOME/Glib!2639, glgo#GNOME/Glib!2670, glgo#GNOME/Glib!2703, glgo#GNOME/Glib!2709, glgo#GNOME/Glib!2720, glgo#GNOME/Glib!2750, glgo#GNOME/Glib!2687. ++++ kernel-default: - Linux 5.18.9 (bsc#1012628). - clocksource/drivers/ixp4xx: Drop boardfile probe path (bsc#1012628). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (bsc#1012628). - hinic: Replace memcpy() with direct assignment (bsc#1012628). - powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1012628). - io_uring: fix not locked access to fixed buf table (bsc#1012628). - commit 0e67dc1 ++++ harfbuzz: - harfbuzz 4.4.1: + Fix test failure with some compilers + Fix Telugu and Kannada kerning regression - includes changes from 4.4.0: + Caching of variable fonts shaping + Caching of format 2 “Contextual Substitution” and “Chained Contexts Substitution” lookups + Improved ANSI output from hb-view + Support for shaping legacy, pre-OpenType, Windows 3.1-era, Arabic fonts that relied on a fixed PUA encoding + Sinhala script is now shaped by the USE shaper instead of “indic” one + Thai shaper improvements + hb-ot-name API supports approximate BCP-47 language matching, for example asking for “en_US” in a font that has only “en” names will return them + Optimized TrueType glyph shape loading + Fix subsetting of HarfBuzz faces created via hb_face_create_for_tables() + Add 32 bit var store support to the subsetter + CVE-2022-33068: overflow in hb-ot-shape-fallback boo#1200900 ++++ pango: - Update to version 1.50.8: + Add some properties to fontmap and family. + Fix handling of ligature carets in mixed directions. ++++ protobuf: - Update to 21.2: - C++ - cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614) - Escape GetObject macro inside protoc-generated code (#9739) - Update CMake configuration to add a dependency on Abseil (#9793) - Fix cmake install targets (#9822) - Use __constinit only in GCC 12.2 and up (#9936) - Java - Update protobuf_version.bzl to separate protoc and per-language java … (#9900) - Python - Increment python major version to 4 in version.json for python upb (#9926) - The C extension module for Python has been rewritten to use the upb library. - This is expected to deliver significant performance benefits, especially when parsing large payloads. There are some minor breaking changes, but these should not impact most users. For more information see: https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates - PHP - [PHP] fix PHP build system (#9571) - Fix building packaged PHP extension (#9727) - fix: reserve "ReadOnly" keyword for PHP 8.1 and add compatibility (#9633) - fix: phpdoc syntax for repeatedfield parameters (#9784) - fix: phpdoc for repeatedfield (#9783) - Change enum string name for reserved words (#9780) - chore: [PHP] fix phpdoc for MapField keys (#9536) - Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996) - Ruby - Allow pre-compiled binaries for ruby 3.1.0 (#9566) - Implement respond_to? in RubyMessage (#9677) - [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722) - Do not use range based UTF-8 validation in truffleruby (#9769) - Improve range handling logic of RepeatedField (#9799) - Other - Fix invalid dependency manifest when using descriptor_set_out (#9647) - Remove duplicate java generated code (#9909) ++++ python-systemd: - Remove exclude-tests-on-obs.patch, this is not the way how to do it, besides %python_exec setup.py check doesn't the test suite. - Make tests running properly again - 0002-reader-make-PY_SSIZE_T_CLEAN.patch added to fix boo#1200686 reader: make PY_SSIZE_T_CLEAN ------------------------------------------------------------------ ------------------ 2022-7-2 - Jul 2 2022 ------------------- ------------------------------------------------------------------ ++++ zlib: - switch to https urls ------------------------------------------------------------------ ------------------ 2022-7-1 - Jul 1 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - tick/nohz: unexport __init-annotated tick_nohz_full_setup() (tick_nohz_full_setup fix). - commit 296483f ++++ libseccomp: - fix build of python3 bindings so that the debug* package names do not overlay with the main package ++++ sqlite3: - update to 3.39.0: * Add (long overdue) support for RIGHT and FULL OUTER JOIN * Add new binary comparison operators IS NOT DISTINCT FROM and IS DISTINCT FROM that are equivalent to IS and IS NOT, respective, for compatibility with PostgreSQL and SQL standards * Add a new return code (value "3") from the sqlite3_vtab_distinct() interface that indicates a query that has both DISTINCT and ORDER BY clauses * Added the sqlite3_db_name() interface * The unix os interface resolves all symbolic links in database filenames to create a canonical name for the database before the file is opened * Defer materializing views until the materialization is actually needed, thus avoiding unnecessary work if the materialization turns out to never be used * The HAVING clause of a SELECT statement is now allowed on any aggregate query, even queries that do not have a GROUP BY clause * Many microoptimizations collectively reduce CPU cycles by about 2.3%. - drop sqlite-src-3380100-atof1.patch, included upstream - add sqlite-src-3390000-func7-pg-181.patch to skip float precision related test failures on 32 bit ++++ podman: - Fix build on Leap Use libexec macro to set correct, per-distribution specific, directory. ++++ qemu: - Fix usb ehci boot failure (bsc#1192115) * Patches added: hw-usb-hcd-ehci-fix-writeback-order.patch ------------------------------------------------------------------ ------------------ 2022-6-30 - Jun 30 2022 ------------------- ------------------------------------------------------------------ ++++ docker-compose-switch: - new package docker-compose-switch to ease the transition from docker-compose v1 (Python) to docker-compose v2 (golang), where the latter does no longer have /usr/bin/docker-compose ++++ kmod: - Update to release 30 * libkmod: support for the SM3 hash algorithm * modprobe: added the --wait option - Drop libkmod-Provide-info-even-for-modules-built-into-the.patch (merged) - Add 0001-testsuite-repair-read-of-uninitialized-memory.patch ++++ wayland: - Update to release 1.21 * This new release adds a new wl_pointer high-resolution scroll event, adds a few new convenience functions, and contains a collection of bug fixes. - Drop wayland-shm-Close-file-descriptors-not-needed.patch ++++ python-idna: - add version constraint for python-rpm-macros >= 20220106.80d3756, otherwise this fails to build on 15.3 at '%pyunittest discover -v' ------------------------------------------------------------------ ------------------ 2022-6-29 - Jun 29 2022 ------------------- ------------------------------------------------------------------ ++++ conmon: - Update to version 2.1.2: * add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 boo#1200285) * journald: print tag and name if both are specified * drop some logs to debug level ++++ docker: - Backport to fix a crash-on-start issue with dockerd. bsc#1200022 + 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch ++++ docker-compose: - first version of package docker-compose (v2) - v2 was rewritten in golang, while v1 was in Python - as they behaviour changes between v1 (python-docker-compose) and v2, this package does not obsolete the v1 package ++++ gnutls: - FIPS: * Add gnutls_ECDSA_signing.patch [bsc#1190698] - Check minimum keylength for symmetric key generation - Only allows ECDSA signature with valid set of hashes (SHA2 and SHA3) ++++ kernel-default: - Linux 5.18.8 (bsc#1012628). - random: schedule mix_interrupt_randomness() less often (bsc#1012628). - random: quiet urandom warning ratelimit suppression message (bsc#1012628). - ALSA: memalloc: Drop x86-specific hack for WC allocations (bsc#1012628). - ALSA: hda/via: Fix missing beep setup (bsc#1012628). - ALSA: hda/conexant: Fix missing beep setup (bsc#1012628). - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (bsc#1012628). - ALSA: hda/realtek - ALC897 headset MIC no sound (bsc#1012628). - ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (bsc#1012628). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (bsc#1012628). - ALSA: hda/realtek: Add quirk for Clevo NS50PU (bsc#1012628). - net: openvswitch: fix parsing of nw_proto for IPv6 fragments (bsc#1012628). - ipv4: ping: fix bind address validity check (bsc#1012628). - 9p: Fix refcounting during full path walks for fid lookups (bsc#1012628). - 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (bsc#1012628). - 9p: fix fid refcount leak in v9fs_vfs_get_link (bsc#1012628). - 9p: fix EBADF errors in cached mode (bsc#1012628). - btrfs: fix hang during unmount when block group reclaim task is running (bsc#1012628). - btrfs: prevent remounting to v1 space cache for subpage mount (bsc#1012628). - btrfs: add error messages to all unrecognized mount options (bsc#1012628). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (bsc#1012628). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (bsc#1012628). - mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (bsc#1012628). - mmc: mediatek: wait dma stop bit reset to 0 (bsc#1012628). - xen/gntdev: Avoid blocking in unmap_grant_pages() (bsc#1012628). - MAINTAINERS: Add new IOMMU development mailing list (bsc#1012628). - mtd: rawnand: gpmi: Fix setting busy timeout setting (bsc#1012628). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (bsc#1012628). - dm era: commit metadata in postsuspend after worker stops (bsc#1012628). - dm: do not return early from dm_io_complete if BLK_STS_AGAIN without polling (bsc#1012628). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (bsc#1012628). - tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (bsc#1012628). - filemap: Handle sibling entries in filemap_get_read_batch() (bsc#1012628). - mm/slub: add missing TID updates on slab deactivation (bsc#1012628). - drm/i915: Implement w/a 22010492432 for adl-s (bsc#1012628). - amd/display/dc: Fix COLOR_ENCODING and COLOR_RANGE doing nothing for DCN20+ (bsc#1012628). - drm/amd/display: Fix typo in override_lane_settings (bsc#1012628). - USB: serial: pl2303: add support for more HXN (G) types (bsc#1012628). - USB: serial: option: add Telit LE910Cx 0x1250 composition (bsc#1012628). - USB: serial: option: add Quectel EM05-G modem (bsc#1012628). - USB: serial: option: add Quectel RM500K module support (bsc#1012628). - drm/msm: Ensure mmap offset is initialized (bsc#1012628). - drm/msm: Fix double pm_runtime_disable() call (bsc#1012628). - netfilter: use get_random_u32 instead of prandom (bsc#1012628). - scsi: scsi_debug: Fix zone transition to full condition (bsc#1012628). - drm/msm: Switch ordering of runpm put vs devfreq_idle (bsc#1012628). - scsi: iscsi: Exclude zero from the endpoint ID range (bsc#1012628). - xsk: Fix generic transmit when completion queue reservation fails (bsc#1012628). - drm/msm: use for_each_sgtable_sg to iterate over scatterlist (bsc#1012628). - bpf: Fix request_sock leak in sk lookup helpers (bsc#1012628). - drm/sun4i: Fix crash during suspend after component bind failure (bsc#1012628). - bpf, x86: Fix tail call count offset calculation on bpf2bpf call (bsc#1012628). - selftests dma: fix compile error for dma_map_benchmark (bsc#1012628). - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (bsc#1012628). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (bsc#1012628). - KVM: arm64: Prevent kmemleak from accessing pKVM memory (bsc#1012628). - net: fix data-race in dev_isalive() (bsc#1012628). - veth: Add updating of trans_start (bsc#1012628). - tipc: fix use-after-free Read in tipc_named_reinit (bsc#1012628). - block: disable the elevator int del_gendisk (bsc#1012628). - rethook: Reject getting a rethook if RCU is not watching (bsc#1012628). - igb: fix a use-after-free issue in igb_clean_tx_ring (bsc#1012628). - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (bsc#1012628). - ethtool: Fix get module eeprom fallback (bsc#1012628). - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (bsc#1012628). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (bsc#1012628). - drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (bsc#1012628). - drm/msm/dp: force link training for display resolution change (bsc#1012628). - net: phy: at803x: fix NULL pointer dereference on AR9331 PHY (bsc#1012628). - perf test: Record only user callchains on the "Check Arm64 callgraphs are complete in fp mode" test (bsc#1012628). - perf test topology: Use !strncmp(right platform) to fix guest PPC comparision check (bsc#1012628). - perf arm-spe: Don't set data source if it's not a memory operation (bsc#1012628). - ipv4: fix bind address validity regression tests (bsc#1012628). - erspan: do not assume transport header is always set (bsc#1012628). - net/tls: fix tls_sk_proto_close executed repeatedly (bsc#1012628). - udmabuf: add back sanity check (bsc#1012628). - selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (bsc#1012628). - netfilter: nf_dup_netdev: do not push mac header a second time (bsc#1012628). - netfilter: nf_dup_netdev: add and use recursion counter (bsc#1012628). - xen-blkfront: Handle NULL gendisk (bsc#1012628). - x86/xen: Remove undefined behavior in setup_features() (bsc#1012628). - MIPS: Remove repetitive increase irq_err_count (bsc#1012628). - afs: Fix dynamic root getattr (bsc#1012628). - block: pop cached rq before potentially blocking rq_qos_throttle() (bsc#1012628). - ice: ignore protocol field in GTP offload (bsc#1012628). - ice: Fix switchdev rules book keeping (bsc#1012628). - ice: ethtool: advertise 1000M speeds properly (bsc#1012628). - ice: ethtool: Prohibit improper channel config for DCB (bsc#1012628). - io_uring: fail links when poll fails (bsc#1012628). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (bsc#1012628). - regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (bsc#1012628). - iommu/ipmmu-vmsa: Fix compatible for rcar-gen4 (bsc#1012628). - drm/amd: Revert "drm/amd/display: keep eDP Vdd on when eDP stream is already enabled" (bsc#1012628). - net: dsa: qca8k: reduce mgmt ethernet timeout (bsc#1012628). - igb: Make DMA faster when CPU is active on the PCIe link (bsc#1012628). - virtio_net: fix xdp_rxq_info bug after suspend/resume (bsc#1012628). - Revert "net/tls: fix tls_sk_proto_close executed repeatedly" (bsc#1012628). - sock: redo the psock vs ULP protection check (bsc#1012628). - nvme: move the Samsung X5 quirk entry to the core quirks (bsc#1012628). - gpio: winbond: Fix error code in winbond_gpio_get() (bsc#1012628). - s390/cpumf: Handle events cycles and instructions identical (bsc#1012628). - filemap: Fix serialization adding transparent huge pages to page cache (bsc#1012628). - KVM: SEV: Init target VMCBs in sev_migrate_from (bsc#1012628). - iio: mma8452: fix probe fail when device tree compatible is used (bsc#1012628). - iio: magnetometer: yas530: Fix memchr_inv() misuse (bsc#1012628). - iio: adc: xilinx-ams: fix return error variable (bsc#1012628). - iio: adc: vf610: fix conversion mode sysfs node name (bsc#1012628). - io_uring: make apoll_events a __poll_t (bsc#1012628). - io_uring: fix req->apoll_events (bsc#1012628). - usb: typec: wcove: Drop wrong dependency to INTEL_SOC_PMIC (bsc#1012628). - io_uring: fix wrong arm_poll error handling (bsc#1012628). - vmcore: convert copy_oldmem_page() to take an iov_iter (bsc#1012628). - s390/crash: add missing iterator advance in copy_oldmem_page() (bsc#1012628). - s390/crash: make copy_oldmem_page() return number of bytes copied (bsc#1012628). - xhci: turn off port power in shutdown (bsc#1012628). - xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (bsc#1012628). - xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (bsc#1012628). - usb: gadget: uvc: fix list double add in uvcg_video_pump (bsc#1012628). - usb: gadget: Fix non-unique driver names in raw-gadget driver (bsc#1012628). - USB: gadget: Fix double-free bug in raw_gadget driver (bsc#1012628). - usb: chipidea: udc: check request status before setting device address (bsc#1012628). - dt-bindings: usb: ohci: Increase the number of PHYs (bsc#1012628). - dt-bindings: usb: ehci: Increase the number of PHYs (bsc#1012628). - btrfs: fix race between reflinking and ordered extent completion (bsc#1012628). - btrfs: don't set lock_owner when locking extent buffer for reading (bsc#1012628). - btrfs: fix deadlock with fsync+fiemap+transaction commit (bsc#1012628). - f2fs: attach inline_data after setting compression (bsc#1012628). - f2fs: fix iostat related lock protection (bsc#1012628). - f2fs: do not count ENOENT for error case (bsc#1012628). - iio:humidity:hts221: rearrange iio trigger get and register (bsc#1012628). - iio:proximity:sx9324: Check ret value of device_property_read_u32_array() (bsc#1012628). - iio:chemical:ccs811: rearrange iio trigger get and register (bsc#1012628). - iio:accel:kxcjk-1013: rearrange iio trigger get and register (bsc#1012628). - iio:accel:bma180: rearrange iio trigger get and register (bsc#1012628). - iio:accel:mxc4005: rearrange iio trigger get and register (bsc#1012628). - iio: accel: mma8452: ignore the return value of reset operation (bsc#1012628). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (bsc#1012628). - iio: trigger: sysfs: fix use-after-free on remove (bsc#1012628). - iio: adc: stm32: fix maximum clock rate for stm32mp15x (bsc#1012628). - iio: imu: inv_icm42600: Fix broken icm42600 (chip id 0 value) (bsc#1012628). - iio: afe: rescale: Fix boolean logic bug (bsc#1012628). - iio: test: fix missing MODULE_LICENSE for IIO_RESCALE=m (bsc#1012628). - iio: adc: aspeed: Fix refcount leak in aspeed_adc_set_trim_data (bsc#1012628). - iio: adc: stm32: Fix ADCs iteration in irq handler (bsc#1012628). - iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (bsc#1012628). - iio: adc: stm32: fix vrefint wrong calibration value handling (bsc#1012628). - iio: adc: axp288: Override TS pin bias current for some models (bsc#1012628). - iio: adc: rzg2l_adc: add missing fwnode_handle_put() in rzg2l_adc_parse_properties() (bsc#1012628). - iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (bsc#1012628). - iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (bsc#1012628). - xtensa: xtfpga: Fix refcount leak bug in setup (bsc#1012628). - xtensa: Fix refcount leak bug in time.c (bsc#1012628). - parisc/stifb: Fix fb_is_primary_device() only available with CONFIG_FB_STI (bsc#1012628). - parisc: Fix flush_anon_page on PA8800/PA8900 (bsc#1012628). - parisc: Enable ARCH_HAS_STRICT_MODULE_RWX (bsc#1012628). - arm64: dts: ti: k3-j721s2: Fix overlapping GICD memory region (bsc#1012628). - powerpc/microwatt: wire up rng during setup_arch() (bsc#1012628). - powerpc: Enable execve syscall exit tracepoint (bsc#1012628). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1012628). - powerpc/powernv: wire up rng during setup_arch (bsc#1012628). - mm/memory-failure: disable unpoison once hw error happens (bsc#1012628). - mm: lru_cache_disable: use synchronize_rcu_expedited (bsc#1012628). - ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (bsc#1012628). - ARM: dts: imx6qdl: correct PU regulator ramp delay (bsc#1012628). - arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (bsc#1012628). - ARM: exynos: Fix refcount leak in exynos_map_pmu (bsc#1012628). - arm64: dts: exynos: Correct UART clocks on Exynos7885 (bsc#1012628). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (bsc#1012628). - ARM: Fix refcount leak in axxia_boot_secondary (bsc#1012628). - memory: mtk-smi: add missing put_device() call in mtk_smi_device_link_common (bsc#1012628). - memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (bsc#1012628). - ARM: cns3xxx: Fix refcount leak in cns3xxx_init (bsc#1012628). - modpost: fix section mismatch check for exported init/exit sections (bsc#1012628). - ARM: dts: bcm2711-rpi-400: Fix GPIO line names (bsc#1012628). - smb3: fix empty netname context on secondary channels (bsc#1012628). - random: update comment from copy_to_user() -> copy_to_iter() (bsc#1012628). - perf build-id: Fix caching files with a wrong build ID (bsc#1012628). - smb3: use netname when available on secondary channels (bsc#1012628). - dma-direct: use the correct size for dma_set_encrypted() (bsc#1012628). - kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (bsc#1012628). - powerpc/pseries: wire up rng during setup_arch() (bsc#1012628). - commit 4e30480 ++++ gcc12: - Update to gcc-12 branch head, 7811663964aa7e31c3939b859bb, git215 * includes libgomp mold linker detection fix * includes nvptx offload compiler build fix * includes s390x tsan executable stack fix ++++ libseccomp: - Use multibuild to get python3 support back ++++ liburing: - enable tests for != ppc64le ++++ python-requests: - rebased requests-no-hardcoded-version.patch - update to 2.28.1 * 2.28.1 (2022-06-29) - Improvements + Speed optimization in iter_content with transition to yield from. (#6170) - Dependencies + Added support for chardet 5.0.0 (#6179) + Added support for charset-normalizer 2.1.0 (#6169) * 2.28.0 (2022-06-09) - Deprecations + warning Requests has officially dropped support for Python 2.7. warning (#6091) + Requests has officially dropped support for Python 3.6 (including pypy3.6). (#6091) - Improvements + Wrap JSON parsing issues in Request's JSONDecodeError for payloads without an encoding to make json() API consistent. (#6097) + Parse header components consistently, raising an InvalidHeader error in all invalid cases. (#6154) + Added provisional 3.11 support with current beta build. (#6155) + Requests got a makeover and we decided to paint it black. (#6095) - Bugfixes + Fixed bug where setting CURL_CA_BUNDLE to an empty string would disable cert verification. All Requests 2.x versions before 2.28.0 are affected. (#6074) + Fixed urllib3 exception leak, wrapping urllib3.exceptions.SSLError with requests.exceptions.SSLError for content and iter_content. (#6057) + Fixed issue where invalid Windows registry entires caused proxy resolution to raise an exception rather than ignoring the entry. (#6149) + Fixed issue where entire payload could be included in the error message for JSONDecodeError. (#6036) ------------------------------------------------------------------ ------------------ 2022-6-28 - Jun 28 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - update zgrep-profile-mr870.diff: allow zgrep to execute egrep and fgrep (poo#113108) ++++ libapparmor: - update zgrep-profile-mr870.diff: allow zgrep to execute egrep and fgrep (poo#113108) ++++ openssl-1_1: - openssl-riscv64-config.patch: backport of riscv64 config support ++++ liburing: - update to 2.2: * Support non-libc builds. * Optimized syscall handling for x86-64/x86/aarch64. * Enable non-lib function calls for fast path functions. * Add support for multishot accept. * io_uring_register_files() will set RLIMIT_NOFILE if necessary. * Add support for registered ring fds, io_uring_register_ring_fd(), reducingthe overhead of an io_uring_enter() system call. * Add support for the message ring opcode. * Add support for newer request cancelation features. * Add support for IORING_SETUP_COOP_TASKRUN, which can help reduce the overhead of io_uring in general. Most applications should set this flag, see the io_uring_setup.2 man page for details. * Add support for registering a sparse buffer and file set. * Add support for a new buffer provide scheme, see io_uring_register_buf_ring.3 for details. * Add io_uring_submit_and_wait_timeout() for submitting IO and waiting for completions with a timeout. * Add io_uring_prep_{read,write}v2 prep helpers. * Add io_uring_prep_close_direct() helper. * Add support for SQE128 and CQE32, which are doubly sized SQE and CQE rings. This is needed for some cases of the new IORING_OP_URING_CMD, notably for NVMe passthrough. * ~5500 lines of man page additions, including adding ~90 new man pages. * Synced with the 5.19 kernel release, supporting all the features of 5.19 and earlier. * 24 new regression test cases, and ~7000 lines of new tests in general. * General optimizations and fixes. ++++ salt: - Fix ownership of salt thin directory when using the Salt Bundle - Set default target for pip from VENV_PIP_TARGET environment variable - Normalize package names once with pkg.installed/removed using yum (bsc#1195895) - Save log to logfile with docker.build - Use Salt Bundle in dockermod - Ignore erros on reading license files with dpkg_lowpkg (bsc#1197288) - Added: * normalize-package-names-once-with-pkg.installed-remo.patch * use-salt-bundle-in-dockermod.patch * fix-ownership-of-salt-thin-directory-when-using-the-.patch * ignore-erros-on-reading-license-files-with-dpkg_lowp.patch * set-default-target-for-pip-from-venv_pip_target-envi.patch * save-log-to-logfile-with-docker.build.patch ++++ python-pyzmq: - Update to 23.2.0 * Use zmq.Event enums in parse_monitor_message for nicer reprs * Fix building bundled libzmq with ZMQ_DRAFT_API=1 * Fix subclassing zmq.Context with additional arguments in the constructor. Subclasses may now have full control over the signature, rather than purely adding keyword-only arguments * Typos and other small fixes - Release 23.1.0 * Fix global name of zmq.EVENT_HANDSHAKE_* constants * Fix constants missing when using import zmq.green as zmq * {func}zmq.utils.monitor.recv_monitor_msg now supports async Sockets. - Release 23.0.0 * all zmq constants are now available as Python enums (e.g. zmq.SocketType.PULL, zmq.SocketOption.IDENTITY), generated statically from zmq.h instead of at compile-time. This means that checks for the presence of a constant (hasattr(zmq, 'RADIO')) is not a valid check for the presence of a feature. This practice has never been robust, but it may have worked sometimes. Use direct checks via e.g. {func}zmq.has or {func}zmq.zmq_version_info. * A bit more type coverage of Context.term and Context.socket * Remove all use of deprecated stdlib distutils * Update to Cython 0.29.30 (required for Python 3.11 compatibility) * Compatibility with Python 3.11.0b1 * Switch to myst for docs * Deprecate zmq.utils.strtypes, now unused * Updates to autoformatting, linting - Drop less-flaky.patch: pytest-rerunfailures without the flaky package can handle it. - Fix rpmlint errors * no-dependency-on python-base 3.X: depend on python(abi) = 3.X * unused-rpmlintrc-filter: Was unflavored, not required with the above -- drop rpmlintc * spurious-executable-perm: fix by chmod -x * obsolete-suse-version-check 1000. This package is not branched into any project for the maintenance of other distributions ++++ toolbox: - Prefer podman as container runtime (unrelated part of [bnc#1200976]) ++++ vim: - Updated to version 9.0.0000, fixes the following problems - CVE-2022-2304 - boo#1201249 - CVE-2022-2289 - boo#1201139 - CVE-2022-2288 - boo#1201137 - CVE-2022-2287 - boo#1201136 - CVE-2022-2286 - boo#1201135 - CVE-2022-2284 - boo#1201133 - CVE-2022-2264 - boo#1201132 - CVE-2022-2231 - boo#1201150 - CVE-2022-2210 - boo#1201151 - CVE-2022-2207 - boo#1201153 - CVE-2022-2208 - boo#1201152 - CVE-2022-2206 - boo#1201155 * Reading beyond the end of the line with lisp indenting. * search() gets stuck with "c" and skip evaluates to true. * "make uninstall" does not remove colors/lists. * Still mentioning version8, some cosmetic issues. * In diff mode windows may get out of sync. (Gary Johnson) * TSTP and INT signal tests are not run with valgrind. * Fix for CTRL-key combinations causes more problems than it solves. * Accessing invalid memory after changing terminal size. * Might still access invalid memory. * Reading before the start of the line with BS in Replace mode. * Crash when deleting buffers in diff mode. * Invalid memory access after diff buffer manipulations. * Import test fails because 'diffexpr' isn't reset. * Test for DiffUpdated fails. * get(Fn, 'name') on funcref returns special byte code. * Cannot build with Python 3.11. * Nested :source may use NULL pointer. * Dependencies and proto files are outdated. * "make menu" still uses legacy script. ++++ xen: - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ------------------------------------------------------------------ ------------------ 2022-6-27 - Jun 27 2022 ------------------- ------------------------------------------------------------------ ++++ curl: - Update to 7.84.0: * Security fixes: - (bsc#1200737, CVE-2022-32208): FTP-KRB bad message verification - (bsc#1200736, CVE-2022-32207): Unpreserved file permissions - (bsc#1200735, CVE-2022-32206): HTTP compression denial of service - (bsc#1200734, CVE-2022-32205): Set-Cookie denial of service * Changes: - curl: add --rate to set max request rate per time unit - curl: deprecate --random-file and --egd-file - curl_version_info: add CURL_VERSION_THREADSAFE - CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl - lib: make curl_global_init() threadsafe when possible - libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION - opts: deprecate RANDOM_FILE and EGDSOCKET - socks: support unix sockets for socks proxy * Bugfixes: - aws-sigv4: fix potentional NULL pointer arithmetic - bindlocal: don't use a random port if port number would wrap - c-hyper: mark status line as status for Curl_client_write() - ci: avoid `cmake -Hpath` - CI: bump FreeBSD 13.0 to 13.1 - ci: update github actions - cmake: add libpsl support - cmake: do not add libcurl.rc to the static libcurl library - cmake: enable curl.rc for all Windows targets - cmake: fix detecting libidn2 - cmake: support adding a suffix to the OS value - configure: skip libidn2 detection when winidn is used - configure: use the SED value to invoke sed - configure: warn about rustls being experimental - content_encoding: return error on too many compression steps - cookie: address secure domain overlay - cookie: apply limits - copyright.pl: parse and use .reuse/dep5 for skips - copyright: make repository REUSE compliant - curl.1: add a few see also --tls-max - curl.1: mention exit code zero too - curl: re-enable --no-remote-name - curl_easy_pause.3: remove explanation of progress function - curl_getdate.3: document that some illegal dates pass through - Curl_parsenetrc: don't access local pwbuf outside of scope - curl_url_set.3: clarify by default using known schemes only - CURLOPT_ALTSVC.3: document the file format - CURLOPT_FILETIME.3: fix the protocols this works with - CURLOPT_HTTPHEADER.3: improve comment in example - CURLOPT_NETRC.3: document the .netrc file format - CURLOPT_PORT.3: We discourage using this option - CURLOPT_RANGE.3: remove ranged upload advice - digest: added detection of more syntax error in server headers - digest: tolerate missing "realm" - digest: unquote realm and nonce before processing - DISABLED: disable 1021 for hyper again - docs/cmdline-opts: add copyright and license identifier to each file - docs/CONTRIBUTE.md: document the 'needs-votes' concept - docs: clarify data replacement policy for MIME API - doh: remove UNITTEST macro definition - examples/crawler.c: use the curl license - examples: remove fopen.c and rtsp.c - FAQ: Clarify Windows double quote usage - fopen: add Curl_fopen() for better overwriting of files - ftp: restore protocol state after http proxy CONNECT - ftp: when failing to do a secure GSSAPI login, fail hard - GHA/hyper: enable debug in the build - gssapi: improve handling of errors from gss_display_status - gssapi: initialize gss_buffer_desc strings - headers api: remove EXPERIMENTAL tag - http2: always debug print stream id in decimal with %u - http2: reject overly many push-promise headers - http: restore header folding behavior - hyper: use 'alt-used' - krb5: return error properly on decode errors - lib: make more protocol specific struct fields #ifdefed - libcurl-security.3: add "Secrets in memory" - libcurl-security.3: document CRLF header injection - libssh: skip the fake-close when libssh does the right thing - links: update dead links to the curl-wiki - log2changes: do not indent empty lines [ci skip] - macos9: remove partial support - Makefile.am: fix portability issues - Makefile.m32: delete obsolete options, improve -On [ci skip] - Makefile.m32: delete two obsolete OpenSSL options [ci skip] - Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip] - max-time.d: clarify max-time sets max transfer time - mprintf: ignore clang non-literal format string - netrc: check %USERPROFILE% as well on Windows - netrc: support quoted strings - ngtcp2: allow curl to send larger UDP datagrams - ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types - ngtcp2: enable Linux GSO - ngtcp2: extend QUIC transport parameters buffer - ngtcp2: fix alert_read_func return value - ngtcp2: fix typo in preprocessor condition - ngtcp2: handle error from ngtcp2_conn_submit_crypto_data - ngtcp2: send appropriate connection close error code - ngtcp2: support boringssl crypto backend - ngtcp2: use helper funcs to simplify TLS handshake integration - ntlm: provide a fixed fake host name - projects: fix third-party SSL library build paths for Visual Studio - quic: add Curl_quic_idle - quiche: support ca-fallback - rand: stop detecting /dev/urandom in cross-builds - remote-name.d: mention --output-dir - runtests.pl: add the --repeat parameter to the --help output - runtests: fix skipping tests not done event-based - runtests: skip starting the ssh server if user name is lacking - scripts/copyright.pl: fix the exclusion to not ignore man pages - sectransp: check for a function defined when __BLOCKS__ is undefined - select: return error from "lethal" poll/select errors - server/sws: support spaces in the HTTP request path - speed-limit/time.d: mention these affect transfers in either direction - strcase: some optimisations - test 2081: add a valid reply for the second request - test 675: add missing CR so the test passes when run through Privoxy - test414: add the '--resolve' keyword - test681: verify --no-remote-name - tests 266, 116 and 1540: add a small write delay - tests/data/test1501: kill ftp server after slow LIST response - tests/getpart: fix getpartattr to work with "data" and "data2" - tests/server/sws.c: change the HTTP writedelay unit to milliseconds - test{440,441,493,977}: add "HTTP proxy" keywords - tool_getparam: fix --parallel-max maximum value constraint - tool_operate: make sure --fail-with-body works with --retry - transfer: fix potential NULL pointer dereference - transfer: maintain --path-as-is after redirects - transfer: upload performance; avoid tiny send - url: free old conn better on reuse - url: remove redundant #ifdefs in allocate_conn() - url: URL encode the path when extracted, if spaces were set - urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts - urlapi: support CURLU_URLENCODE for curl_url_get() - urldata: reduce size of a few struct fields - urldata: remove three unused booleans from struct UserDefined - urldata: store tcp_keepidle and tcp_keepintvl as ints - version: allow stricmp() for sorting the feature list - vtls: make curl_global_sslset thread-safe - wolfssh.h: removed - wolfssl: correct the failf() message when a handle can't be made - wolfSSL: explicitly use compatibility layer - x509asn1: mark msnprintf return as unchecked ++++ dmidecode: - Update to upstream version 3.4: * Support for SMBIOS 3.4.0. This includes new memory device types, new processor upgrades, new slot types and characteristics, decoding of memory module extended speed, new system slot types, new processor characteristics and new format of Processor ID. * Support for SMBIOS 3.5.0. This includes new processor upgrades, BIOS characteristics, new slot characteristics, new on-board device types, new pointing device interface types, and a new record type (type 45 - Firmware Inventory Information). * Decode HPE OEM records 194, 199, 203, 236, 237, 238 ans 240. * Bug fixes: Fix OEM vendor name matching * Minor improvements: Skip details of uninstalled memory modules Don't display the raw CPU ID in quiet mode Improve the formatting of the manual pages * Obsoletes dmidecode-fix-crash-with-u-option.patch and dmidecode-fix-the-condition-error-in-ascii_filter.patch. ++++ kernel-default: - Update to 5.19-rc4 - update configs - FIPS_SIGNATURE_SELFTEST=n - commit c256fc8 ++++ ncurses: - Add ncurses patch 20220625 + improve man/curs_bkgd.3x, explaining that bkgdset can affect results for bkgd (report by Anton Vidovic). + correct dsl in dec+sl (report by Rajeev Pillai) -TD + add/use ansi+cpr, decid+cpr -TD - Correct offsets of patches * ncurses-5.9-ibm327x.dif * ncurses-6.3.dif ++++ rpm: - remove obsolete RPM-HOWTO from 1999 (removed RPM-HOWTO.tar.bz2) - move debugedit to separate package (Removed debuginfo-mono.patch, debuglink.diff, debugsubpkg.diff, finddebuginfo-absolute-links.diff, finddebuginfo.diff, singlefilemode.diff, debugedit-5.0.tar.xz) - move python-rpm-packaging to separate package (Removed python-rpm-packaging.diff, python-rpm-packaging.tar.bz2) ++++ mokutil: - Update to 0.6.0 + 6c98907 SBAT revocation update support + 0276891 mokutil: Add trust_mok_keys and untrust_mok_keys + 57bc385 mokutil: enable setting fallback verbosity and noreboot mode + b15e7c4 util: add the missing stdio.h - Drop mokutil-fix-missing-header.patch (upstream) ++++ openssl: - Update to 1.1.1p release ++++ python-PyYAML: - Actually we DO want to build the bindings. ------------------------------------------------------------------ ------------------ 2022-6-26 - Jun 26 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Linux 5.18.7 (bsc#1012628). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (bsc#1012628). - zonefs: fix zonefs_iomap_begin() for reads (bsc#1012628). - fsnotify: introduce mark type iterator (bsc#1012628). - fsnotify: consistent behavior for parent not watching children (bsc#1012628). - bpf: Fix calling global functions from BPF_PROG_TYPE_EXT programs (bsc#1012628). - selftests/bpf: Add selftest for calling global functions from freplace (bsc#1012628). - dt-bindings: nvmem: sfp: Add clock properties (bsc#1012628). - io_uring: use original request task for inflight tracking (bsc#1012628). - commit 531894c ------------------------------------------------------------------ ------------------ 2022-6-25 - Jun 25 2022 ------------------- ------------------------------------------------------------------ ++++ mozilla-nss: - sync with current SLE * latest FIPS changes incl. testsuite fixes (enabled now) nss-fips-180-3-csp-clearing.patch nss-fips-tests-enable-fips.patch nss-fips-tests-skip.patch nss-fips-pbkdf-kat-compliance.patch ------------------------------------------------------------------ ------------------ 2022-6-24 - Jun 24 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Bring back /sbin/netconfig as build option since the netconfig in SLE is not ready for usrmerge. ++++ kernel-default: - config: enable MLX90614 MLX90614 is I2C (SMBus) remote temperature sensor. The boards are available for SBCs: https://www.waveshare.com/product/modules/sensors/temperature-humidity-barometer/infrared-temperature-sensor.htm Enable the driver for potential users. Link: https://lists.opensuse.org/archives/list/kernel@lists.opensuse.org/thread/VHBAZ4YTJZ6H2DTMELYWILNGMRBXBMPI/ - commit 1a61419 ++++ libvirt: - spec: Include aarch64 in the list of architectures that 'Require' dmidecode boo#1196087 ++++ python-MarkupSafe: - Patch PKG-INFO to avoid pip failing on Python 3.6 with `ERROR: Package 'MarkupSafe' requires a different Python: 3.6.15 not in '>=3.7'`. ++++ selinux-policy: - Add fix_userdomain.patch to dontaudit UDP rpc ports (bsc#1193984) - Update to version 20220624. Refreshed: * fix_init.patch * fix_kernel_sysctl.patch * fix_logging.patch * fix_networkmanager.patch * fix_unprivuser.patch Dropped fix_hadoop.patch, not necessary anymore * Updated fix_locallogin.patch to allow accesses for nss-systemd (bsc#1199630) ++++ vim: - Updated to version 8.2.5154, fixes the following problems - fixed boo#1200184 - CVE-2022-2175 - boo#1200904 - CVE-2022-2182 - boo#1200903 - CVE-2022-2183 - boo#1200902 * Debugger test fails when run with valgrind. * Cannot build without the +channel feature. (Dominique Pellé) * Various small issues. * TIME_WITH_SYS_TIME is no longer supported by autoconf. * Seachpair timeout test is flaky. * Using "volatile int" in a signal handler might be wrong. * Startup test fails if there is a status bar at the top of the screen. (Ernie Rael) * Some tests fail when using valgrind. Spurious leak reports. * With 'lazyredraw' set completion menu may be displayed wrong. * Exit test causes spurious valgrind reports. * Memory leak when substitute expression nests. * Flaky test always fails on retry. * Invalid memory access when using an expression on the command line. * Cannot build without the +eval feature. (Tony Mechelynck) * Read past the end of the first line with ":0;'{". * Reading beyond the end of the line with lisp indenting. * search() gets stuck with "c" and skip evaluates to true. * "make uninstall" does not remove colors/lists. * Still mentioning version8, some cosmetic issues. ------------------------------------------------------------------ ------------------ 2022-6-23 - Jun 23 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - Add conflict between cockpit-networkmanager and cockpit-wicked as they use the same URL paths. ++++ glibc: - read-chk-cancel.patch: debug: make __read_chk a cancellation point (bsc#1200682, BZ #29274) - wcrtomb-fortify.patch: wcrtomb: Make behavior POSIX compliant (bsc#1200688) ++++ kernel-default: - Linux 5.18.6 (bsc#1012628). - Revert "drm/amd/display: Fix DCN3 B0 DP Alt Mapping" (bsc#1012628). - arm64: dts: imx8mm-beacon: Enable RTS-CTS on UART3 (bsc#1012628). - arm64: dts: imx8mn-beacon: Enable RTS-CTS on UART3 (bsc#1012628). - io_uring: reinstate the inflight tracking (bsc#1012628). - powerpc/kasan: Silence KASAN warnings in __get_wchan() (bsc#1012628). - ASoC: nau8822: Add operation for internal PLL off and on (bsc#1012628). - ASoC: qcom: lpass-platform: Update VMA access permissions in mmap callback (bsc#1012628). - drm/amd/display: Read Golden Settings Table from VBIOS (bsc#1012628). - drm/amdgpu: Resolve RAS GFX error count issue after cold boot on Arcturus (bsc#1012628). - drm/amdkfd: Use mmget_not_zero in MMU notifier (bsc#1012628). - dma-debug: make things less spammy under memory pressure (bsc#1012628). - ASoC: Intel: cirrus-common: fix incorrect channel mapping (bsc#1012628). - ASoC: cs42l52: Fix TLV scales for mixer controls (bsc#1012628). - ASoC: cs35l36: Update digital volume TLV (bsc#1012628). - ASoC: cs53l30: Correct number of volume levels on SX controls (bsc#1012628). - ASoC: cs42l52: Correct TLV for Bypass Volume (bsc#1012628). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (bsc#1012628). - ASoC: cs42l51: Correct minimum value for SX volume control (bsc#1012628). - drm/amdkfd: add pinned BOs to kfd_bo_list (bsc#1012628). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (bsc#1012628). - quota: Prevent memory allocation recursion while holding dq_lock (bsc#1012628). - ASoC: wm8962: Fix suspend while playing music (bsc#1012628). - ASoC: es8328: Fix event generation for deemphasis control (bsc#1012628). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (bsc#1012628). - ALSA: hda: MTL: add HD Audio PCI ID and HDMI codec vendor ID (bsc#1012628). - Input: soc_button_array - also add Lenovo Yoga Tablet2 1051F to dmi_use_low_level_irq (bsc#1012628). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (bsc#1012628). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1012628). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1012628). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1012628). - scsi: mpt3sas: Fix out-of-bounds compiler warning (bsc#1012628). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (bsc#1012628). - scsi: pmcraid: Fix missing resource cleanup in error case (bsc#1012628). - ALSA: hda/realtek - Add HW8326 support (bsc#1012628). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (bsc#1012628). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (bsc#1012628). - ipv6: Fix signed integer overflow in __ip6_append_data (bsc#1012628). - ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg (bsc#1012628). - net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (bsc#1012628). - mellanox: mlx5: avoid uninitialized variable warning with gcc-12 (bsc#1012628). - MIPS: Loongson-3: fix compile mips cpu_hwmon as module build error (bsc#1012628). - random: credit cpu and bootloader seeds by default (bsc#1012628). - gpio: dwapb: Don't print error on -EPROBE_DEFER (bsc#1012628). - platform/x86/intel: Fix pmt_crashlog array reference (bsc#1012628). - platform/x86/intel: pmc: Support Intel Raptorlake P (bsc#1012628). - platform/x86: gigabyte-wmi: Add Z690M AORUS ELITE AX DDR4 support (bsc#1012628). - platform/x86: gigabyte-wmi: Add support for B450M DS3H-CF (bsc#1012628). - platform/x86/intel: hid: Add Surface Go to VGBS allow list (bsc#1012628). - staging: r8188eu: fix rtw_alloc_hwxmits error detection for now (bsc#1012628). - staging: r8188eu: Fix warning of array overflow in ioctl_linux.c (bsc#1012628). - pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (bsc#1012628). - pNFS: Avoid a live lock condition in pnfs_update_layout() (bsc#1012628). - sunrpc: set cl_max_connect when cloning an rpc_clnt (bsc#1012628). - clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() (bsc#1012628). - i40e: Fix adding ADQ filter to TC0 (bsc#1012628). - i40e: Fix calculating the number of queue pairs (bsc#1012628). - i40e: Fix call trace in setup_tx_descriptors (bsc#1012628). - iavf: Fix issue with MAC address of VF shown as zero (bsc#1012628). - Drivers: hv: vmbus: Release cpu lock in error case (bsc#1012628). - tty: goldfish: Fix free_irq() on remove (bsc#1012628). - misc: atmel-ssc: Fix IRQ check in ssc_probe (bsc#1012628). - riscv: dts: microchip: re-add pdma to mpfs device tree (bsc#1012628). - io_uring: fix races with file table unregister (bsc#1012628). - io_uring: fix races with buffer table unregister (bsc#1012628). - drm/i915/reset: Fix error_state_read ptr + offset use (bsc#1012628). - net: hns3: set port base vlan tbl_sta to false before removing old vlan (bsc#1012628). - net: hns3: don't push link state to VF if unalive (bsc#1012628). - net: hns3: restore tm priority/qset to default settings when tc disabled (bsc#1012628). - net: hns3: fix PF rss size initialization bug (bsc#1012628). - net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (bsc#1012628). - nvme: add device name to warning in uuid_show() (bsc#1012628). - mlxsw: spectrum_cnt: Reorder counter pools (bsc#1012628). - ice: Fix PTP TX timestamp offset calculation (bsc#1012628). - ice: Sync VLAN filtering features for DVM (bsc#1012628). - ice: Fix queue config fail handling (bsc#1012628). - ice: Fix memory corruption in VF driver (bsc#1012628). - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (bsc#1012628). - net: remove noblock parameter from skb_recv_datagram() (bsc#1012628). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (bsc#1012628). - arm64: ftrace: fix branch range checks (bsc#1012628). - arm64: ftrace: consistently handle PLTs (bsc#1012628). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (bsc#1012628). - init: Initialize noop_backing_dev_info early (bsc#1012628). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1012628). - faddr2line: Fix overlapping text section failures, the sequel (bsc#1012628). - x86/ftrace: Remove OBJECT_FILES_NON_STANDARD usage (bsc#1012628). - i2c: npcm7xx: Add check for platform_driver_register (bsc#1012628). - irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (bsc#1012628). - irqchip/apple-aic: Fix refcount leak in build_fiq_affinity (bsc#1012628). - irqchip/apple-aic: Fix refcount leak in aic_of_ic_init (bsc#1012628). - irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (bsc#1012628). - irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (bsc#1012628). - irqchip/realtek-rtl: Fix refcount leak in map_interrupts (bsc#1012628). - sched: Fix balance_push() vs __sched_setscheduler() (bsc#1012628). - i2c: designware: Use standard optional ref clock implementation (bsc#1012628). - i2c: mediatek: Fix an error handling path in mtk_i2c_probe() (bsc#1012628). - mei: hbm: drop capability response on early shutdown (bsc#1012628). - mei: me: add raptor lake point S DID (bsc#1012628). - comedi: vmk80xx: fix expression for tx buffer size (bsc#1012628). - crypto: memneq - move into lib/ (bsc#1012628). - USB: serial: option: add support for Cinterion MV31 with new baseline (bsc#1012628). - USB: serial: io_ti: add Agilent E5805A support (bsc#1012628). - arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA transfer (bsc#1012628). - usb: dwc2: Fix memory leak in dwc2_hcd_init (bsc#1012628). - usb: cdnsp: Fixed setting last_trb incorrectly (bsc#1012628). - usb: dwc3: gadget: Fix IN endpoint max packet size allocation (bsc#1012628). - usb: dwc3: pci: Restore line lost in merge conflict resolution (bsc#1012628). - usb: gadget: u_ether: fix regression in setting fixed MAC address (bsc#1012628). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (bsc#1012628). - usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (bsc#1012628). - usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (bsc#1012628). - tty: n_gsm: Debug output allocation must use GFP_ATOMIC (bsc#1012628). - serial: 8250: Store to lsr_save_flags after lsr read (bsc#1012628). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (bsc#1012628). - md/raid5-ppl: Fix argument order in bio_alloc_bioset() (bsc#1012628). - dm: fix race in dm_start_io_acct (bsc#1012628). - dm mirror log: round up region bitmap size to BITS_PER_LONG (bsc#1012628). - drm/amdgpu: Fix GTT size reporting in amdgpu_ioctl (bsc#1012628). - drm/amd/display: Cap OLED brightness per max frame-average luminance (bsc#1012628). - audit: free module name (bsc#1012628). - cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle (bsc#1012628). - fs: account for group membership (bsc#1012628). - selinux: free contexts previously transferred in selinux_add_opt() (bsc#1012628). - ext4: fix super block checksum incorrect after mount (bsc#1012628). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1012628). - ext4: make variable "count" signed (bsc#1012628). - ext4: add reserved GDT blocks check (bsc#1012628). - KVM: arm64: Always start with clearing SVE flag on load (bsc#1012628). - KVM: arm64: Don't read a HW interrupt pending state in user context (bsc#1012628). - virtio-pci: Remove wrong address verification in vp_del_vqs() (bsc#1012628). - drm/i915/uc: remove accidental static from a local variable (bsc#1012628). - bpf: Use safer kvmalloc_array() where possible (bsc#1012628). - powerpc/book3e: get rid of #include (bsc#1012628). - dt-bindings: mfd: bd9571mwv: update rohm,bd9571mwv.yaml reference (bsc#1012628). - dt-bindings: interrupt-controller: update brcm,l2-intc.yaml reference (bsc#1012628). - dm: fix bio_set allocation (bsc#1012628). - clk: imx8mp: fix usb_root_clk parent (bsc#1012628). - Delete patches.suse/netfs-Eliminate-Clang-randstruct-warning.patch. - Update config files. - commit 5aa0763 ++++ openssl-1_1: - Update to 1.1.1p: * bsc#1185637 - updated certificates required for testing that failed when date is later than 1 June 2022 - removed openssl-update_expired_certificates.patch * [bsc#1200550, CVE-2022-2068] - more shell code injection issues in c_rehash ++++ parted: - drop type flag (SUSE specific) to fix bsc#1190847 refreshed patches: - parted-mac.patch - tests-adapt-to-SUSE.patch drop patches: - parted-type.patch - parted-type-accept-hex.patch - parted-json-no-type-flag.patch ++++ procps: - Some older products do not know about /usr/share/man/uk ++++ patterns-alp: - Ensure cockpit-networkmanager is installed if NM is installed. - Drop tallow (sync with MicroOS). ++++ perl: - Update to 5.36.0 * the signatures and isa features are no longer experimental and part of the v5.36 feature bundle * the v5.36 bundle also enables warnings * new '-g' command line flag (alias for -0777) * support for unicode 14.0 * regex sets are no longer considered experimental * experimental iterating over multiple values at a time * experimental new builtin module * experimental defer blocks * try/catch can now have a finally block * experimental non-ASCII delimiters for quote-like operators * a physically empty sort is now a compile-time error - Rebase perl-5.34.0.dif to perl-5.36.0.diff - Refresh perl-5.18.2-overflow.diff ++++ python-psutil: - Add patch mem-used-bsc1181475.patch (bsc#1181475) * Adopt change of used memory calculation from upstream of procps ------------------------------------------------------------------ ------------------ 2022-6-22 - Jun 22 2022 ------------------- ------------------------------------------------------------------ ++++ bash: - Update to bash 5.2 rc1 dd. In posix mode, the `printf' builtin checks for the `L' length modifier and uses long double for floating point conversion specifiers if it's present, double otherwise. ee. The `globbing' completion code now takes the `globstar' option into account. ff. `suspend -f' now forces the shell to suspend even if job control is not currently enabled. - Port patches * bash-2.03-manual.patch * bash-3.2-printf.patch * bash-4.1-bash.bashrc.dif * bash-5.2.dif ++++ container-selinux: - Update to version 2.187.0: * Allow container domains to use /dev/zero - Changes from 2.186.0: * Create policy for a container_device_t * Allow containers to shutdown & setopt userdomain:sockets - Changes from 2.183.0: * Allow containers to inherit all socket classes from container runtimes. - Changes from 2.182.0: * Allow containers to inherit all socket classes - Changes from 2.181.0: * Allow socket activated domains for tcp sockets from init_t and userdomains. ++++ gstreamer: - Update to version 1.20.3 + Highlighted bugfixes: - Security fixes in Matroska, MP4 and AVI demuxers - Fix scrambled video playback with hardware-accelerated VA-API decoders on certain Intel hardware - playbin3/decodebin3 regression fix for unhandled streams - Fragmented MP4 playback fixes - Android H.265 encoder mapping - Playback of MXF files produced by FFmpeg before March 2022 - Fix rtmp2sink crashes on 32-bit platforms - WebRTC improvements - D3D11 video decoder and screen recorder fixes - Performance improvements - Support for building against OpenCV 4.6 and other build fixes - Miscellaneous bug fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - clock: Avoid creating a weakref with every entry (performance improvement) - plugin: add Apache 2 license to list of known licenses to avoid warning - gst_plugin_load_file: force plugin reload if filename differs Add support for LoongArch ++++ gstreamer-plugins-base: - Update to version 1.20.3: + typefindfunctions: Fix WebVTT format detection for very short files + gldisplay: Reorder GST_GL_WINDOW check for egl-device + rtpbasepayload: Copy all buffer metadata instead of just GstMetas for the input meta buffer + codec-utils: Avoid out-of-bounds error + navigation: Fix Since markers for mouse scroll events + videoaggregator: Fix for unhandled negative rate + videoaggregator: Use floor() to calculate current position + video-color: Fix for missing clipping in PQ EOTF function + gst-play-1.0: Fix trick-mode handling in keyboard shortcut + audiovisualizer: shader: Fix out of bound write ++++ kernel-default: - Update config files. Run oldconfig which unsets CC_NO_ARRAY_BOUNDS as dummy tools emulate gcc 20. We are ignoring it thanks to update in packaging, so that real compilation sets this right later. - commit e4ff964 - rpm/check-for-config-changes: ignore GCC12/CC_NO_ARRAY_BOUNDS Upstream commit f0be87c42cbd (gcc-12: disable '-Warray-bounds' universally for now) added two new compiler-dependent configs: * CC_NO_ARRAY_BOUNDS * GCC12_NO_ARRAY_BOUNDS Ignore them -- they are unset by dummy tools (they depend on gcc version == 12), but set as needed during real compilation. - commit a14607c ++++ procps: - Add the patches * procps-3.3.17-library-bsc1181475.patch * procps-3.3.17-top-bsc1181475.patch which are backports of current newlib tree to solve bug bsc#1181475 * 'free' command reports misleading "used" value ++++ readline: - use https:// for source urls - Update to readline-8.2-rc1 ++++ podman: - Update to version 4.1.1: * The output of the podman load command now mirrors that of docker load. * Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0. * A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so. * Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable. * Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers. * The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries. * The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources. * The podman play kube command will now set default resource limits when the provided YAML does not include them. * The podman play kube command now supports a new option, --annotation, to add annotations to created containers. * The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile. * The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer. * The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them. * The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images. * The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network. * The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information. * The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers. * The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter. * The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format. * The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security. * The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for. * The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create. * The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961). * The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file. * The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}. * The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined. * The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization. * Fix CVE-2022-27191 / bsc#1197284 - Drop obsolete patches: * 0001-Adjust-buildah-to-opencontainers-selinux-v1.10.1.patch * 0001-Relabel-relabel-links-instead-of-their-targets.patch * 0002-specgen-do-not-set-OOMScoreAdj-by-default.patch * 0004-fix-Container.cGroupPath-skip-empty-line-to-avoid-fa.patch ++++ policycoreutils: - Handle missing translations properly in chcat. Added chcat_handle_missing_translations.patch (bsc#1200752) ++++ rust-keylime: - Update to version 0.1.0+git.1655384301.b834667: * Update fmf plans to run test with IMA policy * .github/dependabot.yml: prevent updates that require manifest change - Add logrotate configuration for the agent service - Requires libtss2-tcti-device0 to interact with the real device - Drop legacy Python subpackage and feature - Move conflicts into the Python version ++++ toolbox: - Update to version 2.3+git20220622.32785f7: * Only set --userns=keep-id when running rootless ++++ virt-manager: - bsc#1200691 - SLES 15 SP4 GMC --os-variant tag shouldn't be mandatory on s390x (see also bsc#1200422) revert-363fca41-virt-install-Require-osinfo-for-non-x86-HVM-case-too.patch ------------------------------------------------------------------ ------------------ 2022-6-21 - Jun 21 2022 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 057+suse.292.g508db4cd: See https://github.com/dracutdevs/dracut/releases/tag/057 for details. Additional changes: * fix(integrity): do not enable EVM if there is no key (bsc#1200718) * fix(dracut.sh): temporary workaround for kiwi (bsc#1199051) * chore(suse): update spec ++++ transactional-update: - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ++++ kernel-default: - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (CVE-2022-1679 bsc#1199487). - commit f4c43ea - ALSA: hda: Fix discovery of i915 graphics PCI device (bsc#1200611). - commit ef301cb - netfs: Fix gcc-12 warning by embedding vfs inode in netfs_i_context (gcc 12 warnings). - netfs: gcc-12: temporarily disable '-Wattribute-warning' for now (gcc 12 warnings). - gcc-12: disable '-Warray-bounds' universally for now (gcc 12 warnings). - Update config files. CC_NO_ARRAY_BOUNDS=y is manually selected, see commit b2fb712ddc6e. - gcc-12: disable '-Wdangling-pointer' warning for now (gcc 12 warnings). - wifi: rtlwifi: remove always-true condition pointed out by GCC 12 (gcc 12 warnings). - net: wwan: iosm: remove pointless null check (gcc 12 warnings). - eth: sun: cassini: remove dead code (gcc 12 warnings). - netfs: Eliminate Clang randstruct warning (gcc 12 warnings). - x86/boot: Wrap literal addresses in absolute_pointer() (gcc 12 warnings). - commit 983c97f - series.conf: remove empty line in sorted section It causes troubles to scripts. - commit b01fcd9 ++++ keyutils: - Add /etc/keys/evn and /usr/etc/keys/evm together with the IMA ones ++++ libproxy: - Add libproxy-perl-cflags.patch: perl: Use ccflags from %Config for libproxy module compilation; fixes perl test suite on i586. ++++ openslp: - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ++++ systemd: - Import commit 69abca7794ed06d823bc0a9bb55daf822adcc632 f29b146685 pstore: Run after modules are loaded - pstore is no more considered as an experimental feature: move it to udev package (bsc#1197802) - Adjust rpmlintrc for shlib-policy-name-error/multibuild case so that it's not only for x86_64. - spec: %suse_version rpm macro is already reserved and has a special meaning in openSUSE distros so rename it to %archive_version instead. ++++ libvirt: - spec: Move logrotate config files from /etc/logrotate.d to /usr/etc/logrotate.d ++++ policycoreutils: - Build and package translations for python-utils (boo#1200752). ++++ qemu: - Fix bugs boo#1200557 and boo#1199924 - Now that boo#1199924 is fixed, re-enable FORTIFY_SOURCE=3 * Patches added: pci-fix-overflow-in-snprintf-string-form.patch sphinx-change-default-language-to-en.patch ++++ ovmf: - add ovmf-tools_def-add-fno-omit-frame-pointer-to-GCC48_-IA32-.patch. It fixes crashes when linked using gcc 12 (bsc#1199597). ++++ rsync: - Removed %config flag for files in /usr directory. ++++ wpa_supplicant: - Removed %config flag for files in /usr directory. - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ------------------------------------------------------------------ ------------------ 2022-6-20 - Jun 20 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - Update to 22.1.2 " There's a lot of zink here, thanks to Mike for help with manually backporting parts of it! We've als got a bunch of fixes for panfrost, and some for intel, radeon, llvmpip, dzn, broadcom, nir, core gallium, the va state tracker, and freedren." ++++ Mesa-drivers: - Update to 22.1.2 " There's a lot of zink here, thanks to Mike for help with manually backporting parts of it! We've als got a bunch of fixes for panfrost, and some for intel, radeon, llvmpip, dzn, broadcom, nir, core gallium, the va state tracker, and freedren." ++++ cockpit: - Re-arrange patches and apply them manually again. Some were accidentally added and should be sle only ++++ cockpit-tukit: - Update to version 0.0.3~git10.d8579a3: * Update to cockpit 271 * Add translation template * Update translations * Add load-css-overrides.patch to start loading a custom CSS file ++++ librsvg: - Automatic update of vendored dependencies ++++ alsa: - Update to version 1.2.7.1: minor bug fixes, including the previous patches. For details, see https://www.alsa-project.org/wiki/Changes_v1.2.7_v1.2.7.1#alsa-lib - Drop obsoleted patches: 0001-conf-Use-ino64_t-to-save-and-compare-inode-numbers.patch 0002-control-eld-fix-the-decoding-for-older-hw.patch ++++ ncurses: - Add ncurses patch 20220618 + add a null-pointer check for term_names field in copy_termtype(), needed for MinGW port (report by Peiyuan Song, cf: 20220521). + revise kon/kon2/jfbterm to undo "linux2.6" change to smacs/rmacs/enacs (Debian #1012800) -TD + amended note for att610+cvis0, as per documentation for att610, att620, att730 -TD ++++ libproxy: - Update to version 0.4.18: + build: Allow configuration of sysconfig module. + config_envvar: Add environment variable for pacrunner debugging. + build: disable mozjs by default. + python: Support Python 3.10 and above. + Add Duktape pacrunner module. + config_kde: Compute list of config file locations ourselves. + cpmfog_gnome3: Add gnome-wayland to permitted DESKTOP_SESSION. - Drop libproxy-python-310.patch: fixed upstream. - Build duktape pacrunner module: + Add pkgconfig(duktape): new dependency. + Split new subpackage libproxy1-pacrunner-duktape. + Suggest duktape pacrunner for config modules recommending a pacrunner. ++++ logrotate: - Removed %{_distconfdir}/logrotate.d directory from spec file. It will be handled by package filesystem. ++++ perl-Bootloader: - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ++++ rsync: - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ++++ tar: - Fix race condition while creating intermediate subdirectories, bsc#1200657 * bsc1200657.patch ++++ vim: - Updated to version 8.2.5136, fixes the following problems - CVE-2022-2129 - boo#1200701 - CVE-2022-2124 - boo#1200697 - CVE-2022-2125 - boo#1200698 - CVE-2022-2126 - boo#1200700 * Autocmd test still fails on MS-Windows. * When the GUI shows a dialog tests get stuck. * Gcc gives warning for signed/unsigned difference. * CI runs on Windows 2019. * Cannot build with clang on MS-Windows. * Value of cmod_verbose is a bit complicated to use. * Some functions return a different value on failure. * Terminal test fails with some shell commands. * Using "'<,'>" in Ex mode may compare unrelated pointers. * Error message for unknown command may mention the command twice. (Malcolm Rowe) * Terminal test still fails with some shell commands. * Using uninitialized memory when using 'listchars'. * Spelldump test sometimes hangs. * Some terminal tests are not retried. * Memory usage tests are not retried. * MS-Windows with MinGW: $CC may be "cc" instead of "gcc". * Interrupt not caught in test. * Build fails with small features. * Default cmdwin mappings are re-mappable. * Some callers of rettv_list_alloc() check for not OK. (Christ van Willegen) * Retab test disabled because it hangs on MS-Windows. * Mode not updated after CTRL-O CTRL-C in Insert mode. * Icon filetype not recognized from the first line. * No test for --gui-dialog-file. * Timer becomes invalid after fork/exec, :gui gives errors. (Gabriel Dupras) * Time limit on searchpair() does not work properly. * Search timeout is overrun with some patterns. * "limit" option of matchfuzzy() not always respected. * Crash when calling a Lua callback from a :def function. (Bohdan Makohin) * Searching for quotes may go over the end of the line. * Interrupt test sometimes fails. * Lisp indenting my run over the end of the line. * Using invalid index when looking for spell suggestions. * When syntax timeout test fails it does not show the time. * Substitute may overrun destination buffer. * Using assert_true() does not show value on failure. * Syntax highlighting disabled when using synID() in searchpair() skip expression and it times out. (Jaehwang Jung) * Timeout handling is not optimal. * Edit test for mode message fails when using valgrind. * Timeout implementation is not optimal. * :mkview test doesn't test much. * Function has confusing name. * Running configure gives warnings for main() return type. ++++ wpa_supplicant: - Remove Revert-DBus-Add-sae-to-interface-key_mgmt-capabilities.patch Fixed in NetworkManager (glfo#NetworkManager/NetworkManager#a0988868). Wifi cards, wich do not support PMF/BIP ciphers, should not use SAE as key management. (bsc#1195312) ------------------------------------------------------------------ ------------------ 2022-6-19 - Jun 19 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update to 5.19-rc3 - update configs - XILINX_INTC=y (OF architectures - i386, ppc64/ppc64le, riscv64) - commit e8495ca ++++ python-msgpack: - update to 1.0.4: * Support Python 3.11 (beta) * refresh ci settings. * Don't define _*ENDIAN macro on Unix. * Update setuptools and black * Use PyFloat_Pack8() on Python 3.11a7 * Upgrade black to fix CI * Fix Unpacker max_buffer_length handling * ci: Update action versions. ------------------------------------------------------------------ ------------------ 2022-6-17 - Jun 17 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.38.2: + Fix race condition with pppd that caused failures when activating PPPoE connections. + Unbreak DHCPv6 over PPP. + Don't ignore IPv6 DNS servers received from PPP. + Fix crash while checking WEP capability of Wi-Fi interfaces. + Ensure DHCP is restarted every time the link goes up. + Fix struct alignment issues seen on some architectures. + Various other bugfixes and improvements. ++++ cockpit: - css-overrides.patch: css overrides for better theming support ++++ cockpit-machines: - load-css-overrides.patch: css overrides for better theming support ++++ cockpit-podman: - load-css-overrides.patch: css overrides for better theming support ++++ librsvg: - Update to version 2.54.4: + Support CSS Color 4 syntax for . Opacities can be specified as numbers or percentages now, e.g. 0.5 or 50%. + Roll back minimum required version of Pango to 1.46.0. + Fix Windows NMake install when documentation is not built. ++++ gtk3: - Add dependency "python3x-gobject-Gdk if python3x-gobject" to the typelib package (boo#1200614). ++++ open-iscsi: - For Tumbleweed, moved logrotate files from user-specific directory /etc/logrotate.d to vendor-specific /usr/etc/logrotate.d (for Stefan Schubert ) ++++ pam: - Keep old directory in filelist for migration ------------------------------------------------------------------ ------------------ 2022-6-16 - Jun 16 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Linux 5.18.5 (bsc#1012628). - x86/speculation/mmio: Print SMT warning (bsc#1012628). - KVM: x86/speculation: Disable Fill buffer clear within guests (bsc#1012628). - x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (bsc#1012628). - x86/speculation/srbds: Update SRBDS mitigation selection (bsc#1012628). - x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (bsc#1012628). - x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (bsc#1012628). - x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (bsc#1012628). - x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (bsc#1012628). - x86/speculation: Add a common function for MD_CLEAR mitigation update (bsc#1012628). - x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (bsc#1012628). - Documentation: Add documentation for Processor MMIO Stale Data (bsc#1012628). - commit 0ac72f9 ++++ llvm15: - Update to version 14.0.5. * This release contains bug-fixes for the LLVM 14.0.0 release. This release is API and ABI compatible with 14.0.0. - Rebase llvm-do-not-install-static-libraries.patch. ++++ salt: - Fix PAM auth issue due missing check for PAM_ACCT_MGM return value (CVE-2022-22967) (bsc#1200566) - Added: * fix-for-cve-2022-22967-bsc-1200566.patch ------------------------------------------------------------------ ------------------ 2022-6-15 - Jun 15 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - let Mesa-libGL-devel require libX11-devel via pkgconfig(x11) (boo#1200559) ++++ Mesa-drivers: - let Mesa-libGL-devel require libX11-devel via pkgconfig(x11) (boo#1200559) ++++ chrony: - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ++++ kernel-default: - Linux 5.18.4 (bsc#1012628). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (bsc#1012628). - staging: greybus: codecs: fix type confusion of list iterator variable (bsc#1012628). - iio: adc: ad7124: Remove shift from scan_type (bsc#1012628). - soundwire: qcom: fix an error message in swrm_wait_for_frame_gen_enabled() (bsc#1012628). - remoteproc: mediatek: Fix side effect of mt8195 sram power on (bsc#1012628). - remoteproc: mtk_scp: Fix a potential double free (bsc#1012628). - lkdtm/bugs: Check for the NULL pointer after calling kmalloc (bsc#1012628). - lkdtm/bugs: Don't expect thread termination without CONFIG_UBSAN_TRAP (bsc#1012628). - tty: goldfish: Use tty_port_destroy() to destroy port (bsc#1012628). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (bsc#1012628). - tty: n_tty: Restore EOF push handling behavior (bsc#1012628). - serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (bsc#1012628). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (bsc#1012628). - remoteproc: imx_rproc: Ignore create mem entry for resource table (bsc#1012628). - phy: rockchip-inno-usb2: Fix muxed interrupt support (bsc#1012628). - staging: r8188eu: fix struct rt_firmware_hdr (bsc#1012628). - usb: usbip: fix a refcount leak in stub_probe() (bsc#1012628). - usb: usbip: add missing device lock on tweak configuration cmd (bsc#1012628). - USB: storage: karma: fix rio_karma_init return (bsc#1012628). - usb: musb: Fix missing of_node_put() in omap2430_probe (bsc#1012628). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (bsc#1012628). - pwm: lp3943: Fix duty calculation in case period was clamped (bsc#1012628). - pwm: raspberrypi-poe: Fix endianness in firmware struct (bsc#1012628). - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (bsc#1012628). - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (bsc#1012628). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (bsc#1012628). - scripts/get_abi: Fix wrong script file name in the help message (bsc#1012628). - misc: fastrpc: fix an incorrect NULL check on list iterator (bsc#1012628). - firmware: stratix10-svc: fix a missing check on list iterator (bsc#1012628). - usb: typec: mux: Check dev_set_name() return value (bsc#1012628). - rpmsg: virtio: Fix possible double free in rpmsg_probe() (bsc#1012628). - rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (bsc#1012628). - rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (bsc#1012628). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (bsc#1012628). - iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (bsc#1012628). - iio: adc: sc27xx: fix read big scale voltage not right (bsc#1012628). - iio: adc: sc27xx: Fine tune the scale calibration values (bsc#1012628). - rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (bsc#1012628). - misc/pvpanic: Convert regular spinlock into trylock on panic path (bsc#1012628). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (bsc#1012628). - power: supply: core: Initialize struct to zero (bsc#1012628). - power: supply: axp288_fuel_gauge: Fix battery reporting on the One Mix 1 (bsc#1012628). - power: supply: axp288_fuel_gauge: Drop BIOS version check from "T3 MRD" DMI quirk (bsc#1012628). - power: supply: ab8500_fg: Allocate wq in probe (bsc#1012628). - serial: sifive: Report actual baud base rather than fixed 115200 (bsc#1012628). - export: fix string handling of namespace in EXPORT_SYMBOL_NS (bsc#1012628). - watchdog: rzg2l_wdt: Fix 32bit overflow issue (bsc#1012628). - watchdog: rzg2l_wdt: Fix Runtime PM usage (bsc#1012628). - watchdog: rzg2l_wdt: Fix 'BUG: Invalid wait context' (bsc#1012628). - watchdog: rzg2l_wdt: Fix reset control imbalance (bsc#1012628). - soundwire: intel: prevent pm_runtime resume prior to system suspend (bsc#1012628). - soundwire: qcom: return error when pm_runtime_get_sync fails (bsc#1012628). - coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (bsc#1012628). - ksmbd: fix reference count leak in smb_check_perm_dacl() (bsc#1012628). - extcon: ptn5150: Add queue work sync before driver release (bsc#1012628). - dt-bindings: remoteproc: mediatek: Make l1tcm reg exclusive to mt819x (bsc#1012628). - soc: rockchip: Fix refcount leak in rockchip_grf_init (bsc#1012628). - clocksource/drivers/riscv: Events are stopped during CPU suspend (bsc#1012628). - ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (bsc#1012628). - rtc: mt6397: check return value after calling platform_get_resource() (bsc#1012628). - rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe (bsc#1012628). - staging: r8188eu: add check for kzalloc (bsc#1012628). - serial: meson: acquire port->lock in startup() (bsc#1012628). - Revert "serial: 8250_mtk: Make sure to select the right FEATURE_SEL" (bsc#1012628). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (bsc#1012628). - serial: cpm_uart: Fix build error without CONFIG_SERIAL_CPM_CONSOLE (bsc#1012628). - serial: uartlite: Fix BRKINT clearing (bsc#1012628). - serial: digicolor-usart: Don't allow CS5-6 (bsc#1012628). - serial: rda-uart: Don't allow CS5-6 (bsc#1012628). - serial: txx9: Don't allow CS5-6 (bsc#1012628). - serial: sh-sci: Don't allow CS5-6 (bsc#1012628). - serial: sifive: Sanitize CSIZE and c_iflag (bsc#1012628). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (bsc#1012628). - serial: stm32-usart: Correct CSIZE, bits, and parity (bsc#1012628). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (bsc#1012628). - bus: ti-sysc: Fix warnings for unbind for serial (bsc#1012628). - driver: base: fix UAF when driver_attach failed (bsc#1012628). - driver core: fix deadlock in __device_attach (bsc#1012628). - watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking (bsc#1012628). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (bsc#1012628). - blk-mq: don't touch ->tagset in blk_mq_get_sq_hctx (bsc#1012628). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (bsc#1012628). - scsi: sd: Don't call blk_cleanup_disk() in sd_probe() (bsc#1012628). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (bsc#1012628). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (bsc#1012628). - amt: fix return value of amt_update_handler() (bsc#1012628). - amt: fix possible memory leak in amt_rcv() (bsc#1012628). - net: ethernet: ti: am65-cpsw: Fix fwnode passed to phylink_create() (bsc#1012628). - net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is unavailable (bsc#1012628). - spi: fsi: Fix spurious timeout (bsc#1012628). - drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq() (bsc#1012628). - net: lan966x: check devm_of_phy_get() for -EDEFER_PROBE (bsc#1012628). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1012628). - net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (bsc#1012628). - net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks (bsc#1012628). - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (bsc#1012628). - modpost: fix removing numeric suffixes (bsc#1012628). - block, loop: support partitions without scanning (bsc#1012628). - ep93xx: clock: Do not return the address of the freed memory (bsc#1012628). - jffs2: fix memory leak in jffs2_do_fill_super (bsc#1012628). - ubi: fastmap: Fix high cpu usage of ubi_bgt by making sure wl_pool not empty (bsc#1012628). - ubi: ubi_create_volume: Fix use-after-free when volume creation failed (bsc#1012628). - selftests/bpf: fix stacktrace_build_id with missing kprobe/urandom_read (bsc#1012628). - bpf: Fix probe read error in ___bpf_prog_run() (bsc#1012628). - block: take destination bvec offsets into account in bio_copy_data_iter (bsc#1012628). - nbd: don't clear 'NBD_CMD_INFLIGHT' flag if request is not completed (bsc#1012628). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (bsc#1012628). - riscv: read-only pages should not be writable (bsc#1012628). - net/smc: fixes for converting from "struct smc_cdc_tx_pend **" to "struct smc_wr_tx_pend_priv *" (bsc#1012628). - tcp: add accessors to read/set tp->snd_cwnd (bsc#1012628). - nfp: only report pause frame configuration for physical device (bsc#1012628). - block: use bio_queue_enter instead of blk_queue_enter in bio_poll (bsc#1012628). - bonding: NS target should accept link local address (bsc#1012628). - sfc: fix considering that all channels have TX queues (bsc#1012628). - sfc: fix wrong tx channel offset with efx_separate_tx_channels (bsc#1012628). - block: make bioset_exit() fully resilient against being called twice (bsc#1012628). - sched/autogroup: Fix sysctl move (bsc#1012628). - blk-mq: do not update io_ticks with passthrough requests (bsc#1012628). - net: phy: at803x: disable WOL at probe (bsc#1012628). - bonding: show NS IPv6 targets in proc master info (bsc#1012628). - erofs: fix 'backmost' member of z_erofs_decompress_frontend (bsc#1012628). - vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (bsc#1012628). - virtio: pci: Fix an error handling path in vp_modern_probe() (bsc#1012628). - net/mlx5: Don't use already freed action pointer (bsc#1012628). - net/mlx5e: TC NIC mode, fix tc chains miss table (bsc#1012628). - net/mlx5: CT: Fix header-rewrite re-use for tupels (bsc#1012628). - net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (bsc#1012628). - net/mlx5: correct ECE offset in query qp output (bsc#1012628). - net/mlx5e: Update netdev features after changing XDP state (bsc#1012628). - net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1012628). - tcp: tcp_rtx_synack() can be called from process context (bsc#1012628). - vdpa: ifcvf: set pci driver data in probe (bsc#1012628). - bonding: guard ns_targets by CONFIG_IPV6 (bsc#1012628). - octeontx2-af: fix error code in is_valid_offset() (bsc#1012628). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (bsc#1012628). - regulator: mt6315-regulator: fix invalid allowed mode (bsc#1012628). - net: ping6: Fix ping -6 with interface name (bsc#1012628). - net/sched: act_api: fix error code in tcf_ct_flow_table_fill_tuple_ipv6() (bsc#1012628). - gpio: pca953x: use the correct register address to do regcache sync (bsc#1012628). - afs: Fix infinite loop found by xfstest generic/676 (bsc#1012628). - drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (bsc#1012628). - scsi: sd: Fix potential NULL pointer dereference (bsc#1012628). - ax25: Fix ax25 session cleanup problems (bsc#1012628). - nfp: remove padding in nfp_nfdk_tx_desc (bsc#1012628). - tipc: check attribute length for bearer name (bsc#1012628). - driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction (bsc#1012628). - perf evsel: Fixes topdown events in a weak group for the hybrid platform (bsc#1012628). - perf parse-events: Move slots event for the hybrid platform too (bsc#1012628). - perf record: Support sample-read topdown metric group for hybrid platforms (bsc#1012628). - perf c2c: Fix sorting in percent_rmt_hitm_cmp() (bsc#1012628). - Bluetooth: MGMT: Add conditions for setting HCI_CONN_FLAG_REMOTE_WAKEUP (bsc#1012628). - Bluetooth: hci_sync: Fix attempting to suspend with unfiltered passive scan (bsc#1012628). - bluetooth: don't use bitmaps for random flag accesses (bsc#1012628). - dmaengine: idxd: set DMA_INTERRUPT cap bit (bsc#1012628). - mips: cpc: Fix refcount leak in mips_cpc_default_phys_base (bsc#1012628). - bootconfig: Make the bootconfig.o as a normal object file (bsc#1012628). - tracing: Make tp_printk work on syscall tracepoints (bsc#1012628). - tracing: Fix sleeping function called from invalid context on RT kernel (bsc#1012628). - tracing: Avoid adding tracer option before update_tracer_options (bsc#1012628). - i2c: mediatek: Optimize master_xfer() and avoid circular locking (bsc#1012628). - iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (bsc#1012628). - iommu/arm-smmu-v3: check return value after calling platform_get_resource() (bsc#1012628). - f2fs: remove WARN_ON in f2fs_is_valid_blkaddr (bsc#1012628). - f2fs: avoid infinite loop to flush node pages (bsc#1012628). - i2c: cadence: Increase timeout per message if necessary (bsc#1012628). - m68knommu: set ZERO_PAGE() to the allocated zeroed page (bsc#1012628). - m68knommu: fix undefined reference to `_init_sp' (bsc#1012628). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (bsc#1012628). - NFSv4: Don't hold the layoutget locks across multiple RPC calls (bsc#1012628). - video: fbdev: hyperv_fb: Allow resolutions with size > 64 MB for Gen1 (bsc#1012628). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (bsc#1012628). - RISC-V: use memcpy for kexec_file mode (bsc#1012628). - m68knommu: fix undefined reference to `mach_get_rtc_pll' (bsc#1012628). - rtla/Makefile: Properly handle dependencies (bsc#1012628). - f2fs: fix to tag gcing flag on page during file defragment (bsc#1012628). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (bsc#1012628). - drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid (bsc#1012628). - drm/panfrost: Job should reference MMU not file_priv (bsc#1012628). - powerpc/papr_scm: don't requests stats with '0' sized stats buffer (bsc#1012628). - netfilter: nat: really support inet nat without l3 address (bsc#1012628). - netfilter: nf_tables: use kfree_rcu(ptr, rcu) to release hooks in clean_net path (bsc#1012628). - netfilter: nf_tables: delete flowtable hooks via transaction list (bsc#1012628). - powerpc/kasan: Force thread size increase with KASAN (bsc#1012628). - NFSD: Fix potential use-after-free in nfsd_file_put() (bsc#1012628). - SUNRPC: Trap RDMA segment overflows (bsc#1012628). - netfilter: nf_tables: always initialize flowtable hook list in transaction (bsc#1012628). - ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (bsc#1012628). - netfilter: nf_tables: release new hooks on unsupported flowtable flags (bsc#1012628). - netfilter: nf_tables: memleak flow rule from commit path (bsc#1012628). - netfilter: nf_tables: bail out early if hardware offload is not supported (bsc#1012628). - amt: fix wrong usage of pskb_may_pull() (bsc#1012628). - amt: fix possible null-ptr-deref in amt_rcv() (bsc#1012628). - amt: fix wrong type string definition (bsc#1012628). - net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register (bsc#1012628). - xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (bsc#1012628). - stmmac: intel: Fix an error handling path in intel_eth_pci_probe() (bsc#1012628). - af_unix: Fix a data-race in unix_dgram_peer_wake_me() (bsc#1012628). - selftests net: fix bpf build error (bsc#1012628). - x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() (bsc#1012628). - bpf, arm64: Clear prog->jited_len along prog->jited (bsc#1012628). - net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (bsc#1012628). - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (bsc#1012628). - xsk: Fix handling of invalid descriptors in XSK TX batching API (bsc#1012628). - drm/amdgpu: fix limiting AV1 to the first instance on VCN3 (bsc#1012628). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (bsc#1012628). - net: mdio: unexport __init-annotated mdio_bus_init() (bsc#1012628). - net: xfrm: unexport __init-annotated xfrm4_protocol_init() (bsc#1012628). - net: ipv6: unexport __init-annotated seg6_hmac_init() (bsc#1012628). - net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules (bsc#1012628). - net/mlx5: Lag, filter non compatible devices (bsc#1012628). - net/mlx5: Fix mlx5_get_next_dev() peer device matching (bsc#1012628). - net/mlx5: Rearm the FW tracer after each tracer event (bsc#1012628). - net/mlx5: fs, fail conflicting actions (bsc#1012628). - ip_gre: test csum_start instead of transport header (bsc#1012628). - net: altera: Fix refcount leak in altera_tse_mdio_create (bsc#1012628). - net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete (bsc#1012628). - net: dsa: realtek: rtl8365mb: fix GMII caps for ports with internal PHY (bsc#1012628). - tcp: use alloc_large_system_hash() to allocate table_perturb (bsc#1012628). - drm: imx: fix compiler warning with gcc-12 (bsc#1012628). - nfp: flower: restructure flow-key for gre+vlan combination (bsc#1012628). - net: seg6: fix seg6_lookup_any_nexthop() to handle VRFs using flowi_l3mdev (bsc#1012628). - iov_iter: Fix iter_xarray_get_pages{,_alloc}() (bsc#1012628). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (bsc#1012628). - staging: rtl8712: fix a potential memory leak in r871xu_drv_init() (bsc#1012628). - iio: st_sensors: Add a local lock for protecting odr (bsc#1012628). - lkdtm/usercopy: Expand size of "out of frame" object (bsc#1012628). - drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() (bsc#1012628). - drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() (bsc#1012628). - drivers: staging: rtl8192eu: Fix deadlock in rtw_joinbss_event_prehandle (bsc#1012628). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (bsc#1012628). - tty: Fix a possible resource leak in icom_probe (bsc#1012628). - thunderbolt: Use different lane for second DisplayPort tunnel (bsc#1012628). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (bsc#1012628). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (bsc#1012628). - USB: host: isp116x: check return value after calling platform_get_resource() (bsc#1012628). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (bsc#1012628). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (bsc#1012628). - USB: hcd-pci: Fully suspend across freeze/thaw cycle (bsc#1012628). - char: xillybus: fix a refcount leak in cleanup_dev() (bsc#1012628). - sysrq: do not omit current cpu when showing backtrace of all active CPUs (bsc#1012628). - usb: dwc2: gadget: don't reset gadget's driver->bus (bsc#1012628). - usb: dwc3: host: Stop setting the ACPI companion (bsc#1012628). - usb: dwc3: gadget: Only End Transfer for ep0 data phase (bsc#1012628). - soundwire: qcom: adjust autoenumeration timeout (bsc#1012628). - misc: rtsx: set NULL intfdata when probe fails (bsc#1012628). - extcon: Fix extcon_get_extcon_dev() error handling (bsc#1012628). - extcon: Modify extcon device to be created after driver data is set (bsc#1012628). - clocksource/drivers/sp804: Avoid error on multiple instances (bsc#1012628). - staging: rtl8712: fix uninit-value in usb_read8() and friends (bsc#1012628). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (bsc#1012628). - serial: msm_serial: disable interrupts in __msm_console_write() (bsc#1012628). - kernfs: Separate kernfs_pr_cont_buf and rename_lock (bsc#1012628). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (bsc#1012628). - ksmbd: smbd: fix connection dropped issue (bsc#1012628). - md: protect md_unregister_thread from reentrancy (bsc#1012628). - ASoC: SOF: amd: Fixed Build error (bsc#1012628). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (bsc#1012628). - ASoC: rt5640: Do not manipulate pin "Platform Clock" if the "Platform Clock" is not in the DAPM (bsc#1012628). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1012628). - ceph: flush the mdlog for filesystem sync (bsc#1012628). - ceph: fix possible deadlock when holding Fwb to get inline_data (bsc#1012628). - net, neigh: Set lower cap for neigh_managed_work rearming (bsc#1012628). - drm/amd/display: Check if modulo is 0 before dividing (bsc#1012628). - drm/amd/display: Check zero planes for OTG disable W/A on clock change (bsc#1012628). - drm/radeon: fix a possible null pointer dereference (bsc#1012628). - drm/amd/pm: fix a potential gpu_metrics_table memory leak (bsc#1012628). - drm/amd/pm: Fix missing thermal throttler status (bsc#1012628). - drm/amd/pm: correct the metrics version for SMU 11.0.11/12/13 (bsc#1012628). - um: line: Use separate IRQs per line (bsc#1012628). - modpost: fix undefined behavior of is_arm_mapping_symbol() (bsc#1012628). - objtool: Mark __ubsan_handle_builtin_unreachable() as noreturn (bsc#1012628). - x86/cpu: Elide KCSAN for cpu_has() and friends (bsc#1012628). - jump_label,noinstr: Avoid instrumentation for JUMP_LABEL=n builds (bsc#1012628). - nbd: call genl_unregister_family() first in nbd_cleanup() (bsc#1012628). - nbd: fix race between nbd_alloc_config() and module removal (bsc#1012628). - nbd: fix io hung while disconnecting device (bsc#1012628). - Revert "PCI: brcmstb: Do not turn off WOL regulators on suspend" (bsc#1012628). - Revert "PCI: brcmstb: Add control of subdevice voltage regulators" (bsc#1012628). - Revert "PCI: brcmstb: Add mechanism to turn on subdev regulators" (bsc#1012628). - Revert "PCI: brcmstb: Split brcm_pcie_setup() into two funcs" (bsc#1012628). - cifs: fix potential deadlock in direct reclaim (bsc#1012628). - s390/gmap: voluntarily schedule during key setting (bsc#1012628). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1012628). - drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate (bsc#1012628). - nodemask: Fix return values to be unsigned (bsc#1012628). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1012628). - vringh: Fix loop descriptors check in the indirect cases (bsc#1012628). - platform/x86: barco-p50-gpio: Add check for platform_driver_register (bsc#1012628). - scripts/gdb: change kernel config dumping method (bsc#1012628). - platform/x86: hp-wmi: Resolve WMI query failures on some devices (bsc#1012628). - platform/x86: hp-wmi: Use zero insize parameter only when supported (bsc#1012628). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (bsc#1012628). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (bsc#1012628). - ALSA: hda/conexant - Fix loopback issue with CX20632 (bsc#1012628). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021 (bsc#1012628). - ALSA: hda/realtek: Add quirk for HP Dev One (bsc#1012628). - cifs: return errors during session setup during reconnects (bsc#1012628). - cifs: fix reconnect on smb3 mount types (bsc#1012628). - cifs: populate empty hostnames for extra channels (bsc#1012628). - scsi: sd: Fix interpretation of VPD B9h length (bsc#1012628). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1012628). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1012628). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1012628). - KVM: x86/mmu: Check every prev_roots in __kvm_mmu_free_obsolete_roots() (bsc#1012628). - KVM: SVM: fix tsc scaling cache logic (bsc#1012628). - filemap: Cache the value of vm_flags (bsc#1012628). - KEYS: trusted: tpm2: Fix migratable logic (bsc#1012628). - libata: fix reading concurrent positioning ranges log (bsc#1012628). - libata: fix translation of concurrent positioning ranges (bsc#1012628). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (bsc#1012628). - mmc: sdhci-pci-gli: Fix GL9763E runtime PM when the system resumes from suspend (bsc#1012628). - mmc: block: Fix CQE recovery reset success (bsc#1012628). - net: phy: dp83867: retrigger SGMII AN when link change (bsc#1012628). - net: openvswitch: fix misuse of the cached connection on tuple changes (bsc#1012628). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1012628). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (bsc#1012628). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (bsc#1012628). - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (bsc#1012628). - ixgbe: fix bcast packets Rx on VF after promisc removal (bsc#1012628). - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (bsc#1012628). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (bsc#1012628). - vduse: Fix NULL pointer dereference on sysfs access (bsc#1012628). - cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (bsc#1012628). - mm/huge_memory: Fix xarray node memory leak (bsc#1012628). - powerpc: Don't select HAVE_IRQ_EXIT_ON_IRQ_STACK (bsc#1012628). - drm/amdkfd:Fix fw version for 10.3.6 (bsc#1012628). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (bsc#1012628). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (bsc#1012628). - drm/amdgpu/jpeg2: Add jpeg vmid update under IB submit (bsc#1012628). - drm/amd/display: remove stale config guards (bsc#1012628). - drm/amdgpu: update VCN codec support for Yellow Carp (bsc#1012628). - virtio-rng: make device ready before making request (bsc#1012628). - powerpc/32: Fix overread/overwrite of thread_struct via ptrace (bsc#1012628). - random: avoid checking crng_ready() twice in random_init() (bsc#1012628). - random: mark bootloader randomness code as __init (bsc#1012628). - random: account for arch randomness in bits (bsc#1012628). - md/raid0: Ignore RAID0 layout if the second zone has only one device (bsc#1012628). - zonefs: fix handling of explicit_open option on mount (bsc#1012628). - iov_iter: fix build issue due to possible type mis-match (bsc#1012628). - dmaengine: idxd: add missing callback function to support DMA_INTERRUPT (bsc#1012628). - tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1012628). - net/mlx5: E-Switch, pair only capable devices (bsc#1012628). - Update config files. - commit c6d8e6e ++++ libcontainers-common: - Use $() again in %post, but with a space for POSIX compliance ++++ libnettle: - Make shared libraries executable ++++ libvorbis: - Remove bad %defattr - not needed and causes SHLIB non-executable rpmlint error ++++ libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag. - version 17.30.2 (22) ++++ python-PyYAML: - Clean up the SPEC file. ++++ rust-keylime: - Drop CFSSL port from the keylime.xml firewalld rules ++++ zypper: - Basic JobReport for "cmdout/monitor". - versioncmp: if verbose, also print the edition 'parts' which are compared. - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally (fixes #433) - Honor the NO_COLOR environment variable when auto-detecting whether to use color (fixes #432) - Define table columns which should be sorted natural [case insensitive] (fixes #391, closes #396, fixes #424) - lr/ls: Use highlight color on name and alias as well. - version 1.14.53 ------------------------------------------------------------------ ------------------ 2022-6-14 - Jun 14 2022 ------------------- ------------------------------------------------------------------ ++++ filesystem: - Add Serbian (sr) man pages directory - Add /usr/etc/logrotate.d ++++ kernel-default: - kernel-binary.spec: check s390x vmlinux location As a side effect of mainline commit edd4a8667355 ("s390/boot: get rid of startup archive"), vmlinux on s390x moved from "compressed" subdirectory directly into arch/s390/boot. As the specfile is shared among branches, check both locations and let objcopy use one that exists. - commit cd15543 - Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442) - commit 93b1375 ++++ libcontainers-common: - Add missing Requires(post): sed, fixes boo#1200524 - Make %post compatible with dash ++++ libvirt: - spec: Closer alignment with upstream spec file, including enabling more unit tests ++++ rust-keylime: - Update to version 0.1.0+git.1655143451.7c4121e: * Add dependabot for automatic dependency updates * config: remove unused options * persist AK, NK and mTLS certificate to disk * Update tokio minimum version * Adjust CI test name according to keylime-tests PR#125 * Make wiremock an optional dependency * Drop unused dependency flate2 * Drop unused dependency rustc-serialize * Update clap dependency to 3.1.18 * add support for "hash_ek" UUID creation * tpm: add and use EKResult struct as return value for create_ek(..) * replace custom marshall functions with the offical one * update to tss-esapi 7.1.0 * quotes_handler: Rewind measured boot log file * Add test /functional/measured-boot-swtpm-sanity to Packit CI plan * OpenSSL on deb family is now libssl-dev ++++ systemd-presets-common-SUSE: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter "user", the save/apply-changes commands now work with user services instead of system ones (boo#1200485) ------------------------------------------------------------------ ------------------ 2022-6-13 - Jun 13 2022 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - update to 5.18.1: * fixes: * convert: fix self reference of toplevel directory * build: make kernel lib headers compatible with C++ * zoned mode: verify minimum zone size 4MiB * libbtrfs: cleanups, merge headers and remove declarations of unexported symbols * other: documentation updates ++++ cockpit-machines: - Update to 271.2: * Fix test/reference setup in release tarball for tests ++++ file: - Update to 5.42: * PR/348: add missing cases to prevent file from aborting on random magic files. * PR/351: octalify filenames when not raw before printing. * fix regex cacheing bug (Dirk Mueller) * merge file_regcomp and file_regerror() to simplify the code and reduce memory requirements for storing regexes (Dirk Mueller) * cache regex (Dirk Mueller) * detect filesystem full by flushing output (Dirk Mueller) * implement running decompressor programs using posix_spawnp(2) instead of vfork(2) * Add support for msdos dates and times * use the system byte swapping functions if available (Werner Fink) - Port patches * file-5.17-option.dif * file-5.19-biorad.dif * file-5.19-printf.dif * file-5.19-zip2.0.dif * file-5.28-btrfs-image.dif * file-secure_getenv.patch - Remove patches now upstream * file-5.23-endian.patch * file-5.41-cache-regexps-locale-restore.patch * file-5.41-cache-regexps.patch - Port and rename patch file-5.41.dif which is now file-5.42.dif ++++ k3s-install: - Update to version 1.24.1+k3s1: * Set default egress-selector-mode to agent * Remove control-plane egress context and fix agent mode. * Refactor egress-selector pods mode to watch pods * Bump containerd and runc * Update flaky tests for v1.24 (#5625) * Revert "Give kubelet the node-ip value (#5579)" * Re-add --cloud-provider=external kubelet arg * Update to v1.24.1 (#5616) * Bump dynamiclistener to v0.3.3 * remove dweomer from maintainers (#5582) * Add support for configuring the EgressSelector mode * Give kubelet the node-ip value (#5579) * Remove errant unversioned etcd go.mod entry * Remove objects when removed from manifests (#5560) * Add apparmor-parser to OpenSUSE/SLE Micro test VMs * Bump sonobuoy version and fix deprecated arg * Build standalone containerd 1.6 * Remove --docker/dockershim support * Always set pod-infra-container-image to protect it from image GC * Remove deprecated flags from cloud-controller-manager * Remove deprecated flags from kube-apiserver * Remove deprecated flags from kubelet * Update Kubernetes to v1.24 * Bump golang to 1.18.1 * Update CNI version in config file * Fix typo in image scan script * Mark v1.23.6+k3s1 stable * Add "ipFamilyPolicy: PreferDualStack" to have dual-stack ingress support * Move auto-generated resolv.conf out of /tmp to prevent accidental cleanup * Check if user has a correct cluster-cidr and service-cidr config * Replace DefaultProxyDialerFn dialer injection with EgressSelector support * Ensure that WaitForAPIServerReady always re-dials through the loadbalancer * Don't start embedded kubelet until after apiserver is up * Add new `k3s completion` command for shell completion (#5461) * Use ListWatch helpers instead of bare List/Watch * server: Allow to enable network policies with IPv6-only * agent(netpol): Explicitly enable IPv4 when necessary * Bump kine to v0.9.1 for nats.io support * Make supervisor errors parsable by Kubernetes client libs * Drop unnecessary intermediate variable * Add systemd cgroup controller support * Add CNI Plugins and Flannel version to build scripts ++++ kernel-default: - drm/format-helper: Add RGB565-to-XRGB8888 conversion (boo#1193472) - commit b55db46 - drm/format-helper: Add RGB888-to-XRGB8888 conversion (boo#1193472) - commit 24daa98 - drm/format-helper: Print warning on missing format conversion (boo#1193472) - commit 4895b27 - config: add CC_NO_ARRAY_BOUNDS=y Mainline commit f0be87c42cbd ("gcc-12: disable '-Warray-bounds' universally for now") adds new config option CONFIG_CC_NO_ARRAY_BOUNDS which is only present for gcc12 (and not future gcc >= 13). Therefore it is not added with dummy gcc which pretends to be gcc20 but it is with Factory gcc12, resulting in failed "missing config option" check. As a quick hack, add CONFIG_CC_NO_ARRAY_BOUNDS=y to all full configs until we have a more robust solution (manually added config option won't survive a config update with run_oldconfig.sh). - commit b2fb712 - config: refresh - commit dbcb5bd - Update to 5.19-rc2 - drop obsolete patch - patches.suse/drm-amdgpu-always-flush-the-TLB-on-gfx8.patch - update configs - XEN_VIRTIO=y (x86 only) - commit 02193c9 ++++ ncurses: - Add ncurses patch 20220612 + modify waddch_literal() to allow for double-width base character when merging a combining character (report by Gavin Troy). + improve _tracecchar_t2() formatting of base+combining character. ++++ vim: - Updated to version 8.2.5083, fixes the following problems - CVE-2022-2042 - boo#1200471 - CVE-2022-2000 - boo#1200405 - CVE-2022-1968 - boo#1200270 - CVE-2022-1942 - boo#1200125 * A finished terminal in a popup window does not show a scrollbar. * Confusing error if first argument of popup_create() is wrong. * Scrollbar thumb in scrolled popup not visible. * Cannot close a terminal popup with "NONE" job. * Scrollbar thumb in tall scrolled popup not visible. * Can open a cmdline window from a substitute expression. * Command line test fails. * Can escape a terminal popup window when the job is finished. * vim_regsub() can overwrite the destination. * CurSearch highlight is often wrong. * When using XIM the gui test may fail. * Insufficient tests for autocommands. * Using freed memory when searching for pattern in path. * Check for autocmd_add() event argument is confusing. * CI checkout step title is a bit cryptic. * Cannot have a comment halfway an expression in an autocmd command block. * No good filetype for conf files similar to dosini. * Statusline is not updated when terminal title changes. * The channel log only contains some of the raw terminal output. * Using gettimeofday() for timeout is very inefficient. * input() does not handle composing characters properly. * Autoconf 2.71 produces many obsolete warnings. * Running configure fails. * C89 requires signal handlers to return void. * Coverity warns for dead code. * Error for a command may go over the end of IObuff. * No test for what 8.1.0052 fixes. * Wrong return type for main() in tee.c. * Can specify multispace listchars only for whole line. * Timer_create is not available on every Mac system. (Hisashi T Fujinaka) * Gcc 12.1 warning when building tee. * Unnecessary code. * With some Mac OS version clockid_t is redefined. * Using uninitialized value and freed memory in spell command. * Clang on MS-Windows produces warnings. * Spell test fails on MS-Windows. * Clang gives an out of bounds warning. * Unnecessary code. * Various warnings from clang on MS-Windows. * Substitute test has a one second delay. * DirChanged autocommand may use freed memory. (Shane-XB Qian) * When indenting gets out of hand it is hard to stop. * Retab test fails. ------------------------------------------------------------------ ------------------ 2022-6-12 - Jun 12 2022 ------------------- ------------------------------------------------------------------ ++++ mozilla-nss: - update to NSS 3.79 * bmo#205717 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. * bmo#1766907 - Update mercurial in clang-format docker image. * bmo#1454072 - Use of uninitialized pointer in lg_init after alloc fail. * bmo#1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. * bmo#1753315 - Add SECMOD_LockedModuleHasRemovableSlots. * bmo#1387919 - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. * bmo#1765753 - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. * bmo#1765753 - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. * bmo#1764788 - Correct invalid record inner and outer content type alerts. * bmo#1757075 - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. * bmo#1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle. * bmo#1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. * bmo#1769302 - NSS 3.79 should depend on NSPR 4.34 ------------------------------------------------------------------ ------------------ 2022-6-10 - Jun 10 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - new version 271 https://cockpit-project.org/blog/cockpit-271.html - cockpit-redhatfont.diff: not needed, dropped - 0001-selinux-allow-login-to-read-motd-file.patch, hide-docs.patch, hide-pcp.patch remove-pwscore.patch: refreshed ++++ cockpit-machines: - Update to 271.1: https://github.com/cockpit-project/cockpit-machines/releases/tag/270.1 ++++ cockpit-podman: - new version 49.1 https://github.com/cockpit-project/cockpit-podman/releases/tag/49.1 ++++ kernel-default: - Add parameter to disable simple-framebuffer devices (boo#1193472) Temporary workaround for simpledrm bugs. - commit 1d1dbce - drivers/firmware: skip simpledrm if nvidia-drm.modeset=1 is set (boo#1193472) Temporary workaround for nvidia.ko with simpledrm. - commit c35bbe0 - drm/client: Don't add new command-line mode (boo#1193472) Backported for simpledrm support. - commit 141a4fc - drm/client: Look for command-line modes first (boo#1193472) Backported for simpledrm support. - commit 1bf947f - drm: Always warn if user-defined modes are not supported (boo#1193472) Backported for simpledrm support. - commit 95c4112 ------------------------------------------------------------------ ------------------ 2022-6-9 - Jun 9 2022 ------------------- ------------------------------------------------------------------ ++++ glibc: - Set SUSE_ZNOW=0 ++++ kernel-default: - Linux 5.18.3 (bsc#1012628). - binfmt_flat: do not stop relocating GOT entries prematurely on riscv (bsc#1012628). - parisc: fix a crash with multicore scheduler (bsc#1012628). - parisc/stifb: Implement fb_is_primary_device() (bsc#1012628). - parisc/stifb: Keep track of hardware path of graphics card (bsc#1012628). - RISC-V: Mark IORESOURCE_EXCLUSIVE for reserved mem instead of IORESOURCE_BUSY (bsc#1012628). - riscv: Initialize thread pointer before calling C functions (bsc#1012628). - riscv: Fix irq_work when SMP is disabled (bsc#1012628). - riscv: Wire up memfd_secret in UAPI header (bsc#1012628). - riscv: Move alternative length validation into subsection (bsc#1012628). - ALSA: hda/realtek - Add new type for ALC245 (bsc#1012628). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (bsc#1012628). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (bsc#1012628). - ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1012628). - USB: serial: pl2303: fix type detection for odd device (bsc#1012628). - USB: serial: option: add Quectel BG95 modem (bsc#1012628). - USB: new quirk for Dell Gen 2 devices (bsc#1012628). - usb: isp1760: Fix out-of-bounds array access (bsc#1012628). - usb: dwc3: gadget: Move null pinter check to proper place (bsc#1012628). - usb: core: hcd: Add support for deferring roothub registration (bsc#1012628). - fs/ntfs3: provide block_invalidate_folio to fix memory leak (bsc#1012628). - fs/ntfs3: Update valid size if -EIOCBQUEUED (bsc#1012628). - fs/ntfs3: Fix fiemap + fix shrink file size (to remove preallocated space) (bsc#1012628). - fs/ntfs3: Keep preallocated only if option prealloc enabled (bsc#1012628). - fs/ntfs3: Check new size for limits (bsc#1012628). - fs/ntfs3: In function ntfs_set_acl_ex do not change inode->i_mode if called from function ntfs_init_acl (bsc#1012628). - fs/ntfs3: Fix some memory leaks in an error handling path of 'log_replay()' (bsc#1012628). - fs/ntfs3: Update i_ctime when xattr is added (bsc#1012628). - fs/ntfs3: Restore ntfs_xattr_get_acl and ntfs_xattr_set_acl functions (bsc#1012628). - cifs: don't call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1012628). - cifs: fix ntlmssp on old servers (bsc#1012628). - cifs: fix potential double free during failed mount (bsc#1012628). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1012628). - xhci: Set HCD flag to defer primary roothub registration (bsc#1012628). - xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI (bsc#1012628). - platform/x86: intel-hid: fix _DSM function index handling (bsc#1012628). - x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (bsc#1012628). - perf/x86/intel: Fix event constraints for ICL (bsc#1012628). - x86/kexec: fix memory leak of elf header buffer (bsc#1012628). - x86/sgx: Set active memcg prior to shmem allocation (bsc#1012628). - kthread: Don't allocate kthread_struct for init and umh (bsc#1012628). - ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP (bsc#1012628). - ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP (bsc#1012628). - ptrace: Reimplement PTRACE_KILL by always sending SIGKILL (bsc#1012628). - btrfs: add "0x" prefix for unsupported optional features (bsc#1012628). - btrfs: return correct error number for __extent_writepage_io() (bsc#1012628). - btrfs: repair super block num_devices automatically (bsc#1012628). - btrfs: fix the error handling for submit_extent_page() for btrfs_do_readpage() (bsc#1012628). - btrfs: fix deadlock between concurrent dio writes when low on free data space (bsc#1012628). - btrfs: zoned: properly finish block group on metadata write (bsc#1012628). - btrfs: zoned: zone finish unused block group (bsc#1012628). - btrfs: zoned: finish block group when there are no more allocatable bytes left (bsc#1012628). - btrfs: zoned: fix comparison of alloc_offset vs meta_write_pointer (bsc#1012628). - iommu/vt-d: Add RPLS to quirk list to skip TE disabling (bsc#1012628). - drm/selftests: fix a shift-out-of-bounds bug (bsc#1012628). - drm/vmwgfx: validate the screen formats (bsc#1012628). - ath11k: fix the warning of dev_wake in mhi_pm_disable_transition() (bsc#1012628). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (bsc#1012628). - selftests/bpf: Fix vfs_link kprobe definition (bsc#1012628). - selftests/bpf: Fix parsing of prog types in UAPI hdr for bpftool sync (bsc#1012628). - ath11k: Change max no of active probe SSID and BSSID to fw capability (bsc#1012628). - selftests/bpf: Fix file descriptor leak in load_kallsyms() (bsc#1012628). - rtw89: ser: fix CAM leaks occurring in L2 reset (bsc#1012628). - rtw89: fix misconfiguration on hw_scan channel time (bsc#1012628). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (bsc#1012628). - b43legacy: Fix assigning negative value to unsigned variable (bsc#1012628). - b43: Fix assigning negative value to unsigned variable (bsc#1012628). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (bsc#1012628). - ipv6: fix locking issues with loops over idev->addr_list (bsc#1012628). - fbcon: Consistently protect deferred_takeover with console_lock() (bsc#1012628). - x86/platform/uv: Update TSC sync state for UV5 (bsc#1012628). - ACPICA: Avoid cache flush inside virtual machines (bsc#1012628). - libbpf: Fix a bug with checking bpf_probe_read_kernel() support in old kernels (bsc#1012628). - mac80211: minstrel_ht: fix where rate stats are stored (fixes debugfs output) (bsc#1012628). - drm/komeda: return early if drm_universal_plane_init() fails (bsc#1012628). - drm/amd/display: Disabling Z10 on DCN31 (bsc#1012628). - rcu-tasks: Fix race in schedule and flush work (bsc#1012628). - rcu-tasks: Handle sparse cpu_possible_mask in rcu_tasks_invoke_cbs() (bsc#1012628). - rcu: Make TASKS_RUDE_RCU select IRQ_WORK (bsc#1012628). - sfc: ef10: Fix assigning negative value to unsigned variable (bsc#1012628). - ALSA: jack: Access input_dev under mutex (bsc#1012628). - rtw88: fix incorrect frequency reported (bsc#1012628). - rtw88: 8821c: fix debugfs rssi value (bsc#1012628). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (bsc#1012628). - tools/power turbostat: fix ICX DRAM power numbers (bsc#1012628). - tcp: consume incoming skb leading to a reset (bsc#1012628). - loop: implement ->free_disk (bsc#1012628). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1012628). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1012628). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1012628). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1012628). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1012628). - cpuidle: PSCI: Improve support for suspend-to-RAM for PSCI OSI mode (bsc#1012628). - drm/amdgpu/pm: fix the null pointer while the smu is disabled (bsc#1012628). - drm/amd/pm: fix double free in si_parse_power_table() (bsc#1012628). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_status_clear() (bsc#1012628). - ASoC: rsnd: care return value from rsnd_node_fixed_index() (bsc#1012628). - net: macb: In ZynqMP initialization make SGMII phy configuration optional (bsc#1012628). - ath9k: fix QCA9561 PA bias level (bsc#1012628). - media: Revert "media: dw9768: activate runtime PM and turn off device" (bsc#1012628). - media: i2c: dw9714: Disable the regulator when the driver fails to probe (bsc#1012628). - media: venus: hfi: avoid null dereference in deinit (bsc#1012628). - media: venus: do not queue internal buffers from previous sequence (bsc#1012628). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (bsc#1012628). - media: cx25821: Fix the warning when removing the module (bsc#1012628). - md/bitmap: don't set sb values if can't pass sanity check (bsc#1012628). - mmc: jz4740: Apply DMA engine limits to maximum segment size (bsc#1012628). - drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit (bsc#1012628). - scsi: megaraid: Fix error check return value of register_chrdev() (bsc#1012628). - drm/amdgpu/sdma: Fix incorrect calculations of the wptr of the doorbells (bsc#1012628). - scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() (bsc#1012628). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1012628). - ath11k: disable spectral scan during spectral deinit (bsc#1012628). - ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408 (bsc#1012628). - drm/plane: Move range check for format_count earlier (bsc#1012628). - drm/amdkfd: Fix circular lock dependency warning (bsc#1012628). - drm/amd/pm: fix the compile warning (bsc#1012628). - ath10k: skip ath10k_halt during suspend for driver state RESTARTING (bsc#1012628). - arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (bsc#1012628). - drm: msm: fix error check return value of irq_of_parse_and_map() (bsc#1012628). - drm/msm/dpu: Clean up CRC debug logs (bsc#1012628). - xtensa: move trace_hardirqs_off call back to entry.S (bsc#1012628). - ath11k: fix warning of not found station for bssid in message (bsc#1012628). - scsi: target: tcmu: Fix possible data corruption (bsc#1012628). - ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL (bsc#1012628). - net/mlx5: use kvfree() for kvzalloc() in mlx5_ct_fs_smfs_matcher_create (bsc#1012628). - net/mlx5: fs, delete the FTE when there are no rules attached to it (bsc#1012628). - ASoC: dapm: Don't fold register value changes into notifications (bsc#1012628). - ASoC: SOF: ipc3-topology: Correct get_control_data for non bytes payload (bsc#1012628). - mlxsw: spectrum_dcb: Do not warn about priority changes (bsc#1012628). - mlxsw: Treat LLDP packets as control (bsc#1012628). - drm/amdgpu/psp: move PSP memory alloc from hw_init to sw_init (bsc#1012628). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (bsc#1012628). - regulator: mt6315: Enforce regulator-compatible, not name (bsc#1012628). - ice: always check VF VSI pointer values (bsc#1012628). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (bsc#1012628). - drm/tegra: gem: Do not try to dereference ERR_PTR() (bsc#1012628). - of: Support more than one crash kernel regions for kexec -s (bsc#1012628). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (bsc#1012628). - net/mlx5: Increase FW pre-init timeout for health recovery (bsc#1012628). - ASoC: Intel: sof_ssp_amp: fix no DMIC BE Link on Chromebooks (bsc#1012628). - scsi: hisi_sas: Undo RPM resume for failed notify phy event for v3 HW (bsc#1012628). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1012628). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1012628). - net: remove two BUG() from skb_checksum_help() (bsc#1012628). - s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES (bsc#1012628). - perf/amd/ibs: Cascade pmu init functions' return value (bsc#1012628). - sched/core: Avoid obvious double update_rq_clock warning (bsc#1012628). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (bsc#1012628). - dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (bsc#1012628). - fs: hold writers when changing mount's idmapping (bsc#1012628). - ASoC: SOF: amd: add missing platform_device_unregister in acp_pci_rn_probe (bsc#1012628). - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (bsc#1012628). - ipmi:ssif: Check for NULL msg when handling events and messages (bsc#1012628). - ipmi: Add an intializer for ipmi_smi_msg struct (bsc#1012628). - ipmi: Fix pr_fmt to avoid compilation issues (bsc#1012628). - kunit: bail out of test filtering logic quicker if OOM (bsc#1012628). - rtlwifi: Use pr_warn instead of WARN_ONCE (bsc#1012628). - mt76: mt7915: accept rx frames with non-standard VHT MCS10-11 (bsc#1012628). - mt76: mt7921: accept rx frames with non-standard VHT MCS10-11 (bsc#1012628). - mt76: fix encap offload ethernet type check (bsc#1012628). - media: rga: fix possible memory leak in rga_probe (bsc#1012628). - media: coda: limit frame interval enumeration to supported encoder frame sizes (bsc#1012628). - media: hantro: HEVC: unconditionnaly set pps_{cb/cr}_qp_offset values (bsc#1012628). - media: ccs-core.c: fix failure to call clk_disable_unprepare (bsc#1012628). - media: imon: reorganize serialization (bsc#1012628). - media: cec-adap.c: fix is_configuring state (bsc#1012628). - usbnet: Run unregister_netdev() before unbind() again (bsc#1012628). - Bluetooth: HCI: Add HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN quirk (bsc#1012628). - Bluetooth: btusb: Set HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN for QCA (bsc#1012628). - Bluetooth: btusb: Set HCI_QUIRK_BROKEN_ERR_DATA_REPORTING for QCA (bsc#1012628). - bnxt_en: Configure ptp filters during bnxt open (bsc#1012628). - media: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko (bsc#1012628). - openrisc: start CPU timer early in boot (bsc#1012628). - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (bsc#1012628). - ASoC: rt5645: Fix errorenous cleanup order (bsc#1012628). - nbd: Fix hung on disconnect request if socket is closed before (bsc#1012628). - drm/amd/pm: update smartshift powerboost calc for smu12 (bsc#1012628). - drm/amd/pm: update smartshift powerboost calc for smu13 (bsc#1012628). - drm/amdgpu: Move mutex_init(&smu->message_lock) to smu_early_init() (bsc#1012628). - btrfs: fix anon_dev leak in create_subvol() (bsc#1012628). - kunit: tool: make parser stop overwriting status of suites w/ no_tests (bsc#1012628). - net: phy: micrel: Allow probing without .driver_data (bsc#1012628). - media: exynos4-is: Fix compile warning (bsc#1012628). - media: hantro: Stop using H.264 parameter pic_num (bsc#1012628). - rtw89: cfo: check mac_id to avoid out-of-bounds (bsc#1012628). - of/fdt: Ignore disabled memory nodes (bsc#1012628). - blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1012628). - ASoC: max98357a: remove dependency on GPIOLIB (bsc#1012628). - ASoC: rt1015p: remove dependency on GPIOLIB (bsc#1012628). - ACPI: CPPC: Assume no transition latency if no PCCT (bsc#1012628). - nvme: set non-mdts limits in nvme_scan_work (bsc#1012628). - can: mcp251xfd: silence clang's -Wunaligned-access warning (bsc#1012628). - x86/microcode: Add explicit CPU vendor dependency (bsc#1012628). - net: ipa: ignore endianness if there is no header (bsc#1012628). - selftests/bpf: Add missing trampoline program type to trampoline_count test (bsc#1012628). - m68k: atari: Make Atari ROM port I/O write macros return void (bsc#1012628). - hwmon: (pmbus) Add get_voltage/set_voltage ops (bsc#1012628). - rxrpc: Return an error to sendmsg if call failed (bsc#1012628). - rxrpc, afs: Fix selection of abort codes (bsc#1012628). - afs: Adjust ACK interpretation to try and cope with NAT (bsc#1012628). - eth: tg3: silence the GCC 12 array-bounds warning (bsc#1012628). - char: tpm: cr50_i2c: Suppress duplicated error message in .remove() (bsc#1012628). - selftests/bpf: fix btf_dump/btf_dump due to recent clang change (bsc#1012628). - gfs2: use i_lock spin_lock for inode qadata (bsc#1012628). - linux/types.h: reinstate "__bitwise__" macro for user space use (bsc#1012628). - scsi: target: tcmu: Avoid holding XArray lock when calling lock_page (bsc#1012628). - kunit: fix executor OOM error handling logic on non-UML (bsc#1012628). - IB/rdmavt: add missing locks in rvt_ruc_loopback (bsc#1012628). - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (bsc#1012628). - ARM: dts: ox820: align interrupt controller node name with dtschema (bsc#1012628). - ARM: dts: socfpga: align interrupt controller node name with dtschema (bsc#1012628). - ARM: dts: s5pv210: align DMA channels with dtschema (bsc#1012628). - ASoC: amd: Add driver data to acp6x machine driver (bsc#1012628). - arm64: dts: qcom: msm8994: Fix the cont_splash_mem address (bsc#1012628). - arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count (bsc#1012628). - PM / devfreq: rk3399_dmc: Disable edev on remove() (bsc#1012628). - crypto: ccree - use fine grained DMA mapping dir (bsc#1012628). - crypto: qat - fix off-by-one error in PFVF debug print (bsc#1012628). - soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc (bsc#1012628). - fs: jfs: fix possible NULL pointer dereference in dbFree() (bsc#1012628). - arm64: dts: qcom: sdm845-xiaomi-beryllium: fix typo in panel's vddio-supply property (bsc#1012628). - ALSA: usb-audio: Add quirk bits for enabling/disabling generic implicit fb (bsc#1012628). - ALSA: usb-audio: Move generic implicit fb quirk entries into quirks.c (bsc#1012628). - ARM: OMAP1: clock: Fix UART rate reporting algorithm (bsc#1012628). - powerpc/fadump: Fix fadump to work with a different endian capture kernel (bsc#1012628). - fat: add ratelimit to fat*_ent_bread() (bsc#1012628). - pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources() (bsc#1012628). - ARM: versatile: Add missing of_node_put in dcscb_init (bsc#1012628). - ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (bsc#1012628). - arm64: dts: qcom: sc7280-idp: Configure CTS pin to bias-bus-hold for bluetooth (bsc#1012628). - arm64: dts: qcom: sc7280-qcard: Configure CTS pin to bias-bus-hold for bluetooth (bsc#1012628). - ARM: hisi: Add missing of_node_put after of_find_compatible_node (bsc#1012628). - cpufreq: Avoid unnecessary frequency updates due to mismatch (bsc#1012628). - PCI: microchip: Add missing chained_irq_enter()/exit() calls (bsc#1012628). - powerpc/rtas: Keep MSR[RI] set when calling RTAS (bsc#1012628). - PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (bsc#1012628). - PCI: cadence: Clear FLR in device capabilities register (bsc#1012628). - KVM: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES setting (bsc#1012628). - alpha: fix alloc_zeroed_user_highpage_movable() (bsc#1012628). - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (bsc#1012628). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1012628). - powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1012628). - powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1012628). - powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1012628). - macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled (bsc#1012628). - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1012628). - fanotify: fix incorrect fmode_t casts (bsc#1012628). - smb3: check for null tcon (bsc#1012628). - RDMA/hfi1: Prevent panic when SDMA is disabled (bsc#1012628). - cifs: do not use tcpStatus after negotiate completes (bsc#1012628). - Input: gpio-keys - cancel delayed work only in case of GPIO (bsc#1012628). - drm: fix EDID struct for old ARM OABI format (bsc#1012628). - drm/bridge_connector: enable HPD by default if supported (bsc#1012628). - drm/selftests: missing error code in igt_buddy_alloc_smoke() (bsc#1012628). - drm/omap: fix NULL but dereferenced coccicheck error (bsc#1012628). - dt-bindings: display: sitronix, st7735r: Fix backlight in example (bsc#1012628). - drm/bridge: anx7625: check the return on anx7625_aux_trans (bsc#1012628). - drm: ssd130x: Fix COM scan direction register mask (bsc#1012628). - drm: ssd130x: Always apply segment remap setting (bsc#1012628). - drm/solomon: Make DRM_SSD130X depends on MMU (bsc#1012628). - drm/format-helper: Rename drm_fb_xrgb8888_to_mono_reversed() (bsc#1012628). - drm/format-helper: Fix XRGB888 to monochrome conversion (bsc#1012628). - drm/ssd130x: Fix rectangle updates (bsc#1012628). - drm/ssd130x: Reduce temporary buffer sizes (bsc#1012628). - fbdev: defio: fix the pagelist corruption (bsc#1012628). - drm/vmwgfx: Fix an invalid read (bsc#1012628). - ath11k: acquire ab->base_lock in unassign when finding the peer by addr (bsc#1012628). - drm: bridge: it66121: Fix the register page length (bsc#1012628). - drm/bridge: it6505: Fix build error (bsc#1012628). - ath9k: fix ar9003_get_eepmisc (bsc#1012628). - drm/edid: fix invalid EDID extension block filtering (bsc#1012628). - drm/bridge: anx7625: add missing destroy_workqueue() in anx7625_i2c_probe() (bsc#1012628). - drm/bridge: adv7511: clean up CEC adapter when probe fails (bsc#1012628). - drm: bridge: icn6211: Fix register layout (bsc#1012628). - drm: bridge: icn6211: Fix HFP_HSW_HBP_HI and HFP_MIN handling (bsc#1012628). - mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG (bsc#1012628). - spi: qcom-qspi: Add minItems to interconnect-names (bsc#1012628). - ASoC: codecs: Fix error handling in power domain init and exit handlers (bsc#1012628). - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t (bsc#1012628). - ASoC: SOF: ipc3-topology: Set scontrol->priv to NULL after freeing it (bsc#1012628). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (bsc#1012628). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (bsc#1012628). - docs: driver-api/thermal/intel_dptf: Use copyright symbol (bsc#1012628). - x86/delay: Fix the wrong asm constraint in delay_loop() (bsc#1012628). - drm/mediatek: Add vblank register/unregister callback functions (bsc#1012628). - drm/mediatek: Fix DPI component detection for MT8192 (bsc#1012628). - drm/vc4: kms: Take old state core clock rate into account (bsc#1012628). - drm/vc4: hvs: Fix frame count register readout (bsc#1012628). - drm/mediatek: Fix mtk_cec_mask() (bsc#1012628). - drm/amd/amdgpu: Only reserve vram for firmware with vega9 MS_HYPERV host (bsc#1012628). - drm/vc4: hvs: Reset muxes at probe time (bsc#1012628). - drm/vc4: txp: Don't set TXP_VSTART_AT_EOF (bsc#1012628). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (bsc#1012628). - libbpf: Don't error out on CO-RE relos for overriden weak subprogs (bsc#1012628). - x86/PCI: Fix ALi M1487 (IBC) PIRQ router link value interpretation (bsc#1012628). - mptcp: optimize release_cb for the common case (bsc#1012628). - mptcp: reset the packet scheduler on incoming MP_PRIO (bsc#1012628). - mptcp: reset the packet scheduler on PRIO change (bsc#1012628). - nl80211: show SSID for P2P_GO interfaces (bsc#1012628). - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (bsc#1012628). - drm: mali-dp: potential dereference of null pointer (bsc#1012628). - drm/amd/amdgpu: Fix asm/hypervisor.h build error (bsc#1012628). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (bsc#1012628). - scftorture: Fix distribution of short handler delays (bsc#1012628). - net: ethernet: ti: am65-cpsw: Fix build error without PHYLINK (bsc#1012628). - net: dsa: mt7530: 1G can also support 1000BASE-X link mode (bsc#1012628). - ixp4xx_eth: fix error check return value of platform_get_irq() (bsc#1012628). - NFC: NULL out the dev->rfkill to prevent UAF (bsc#1012628). - cpufreq: governor: Use kobject release() method to free dbs_data (bsc#1012628). - efi: Allow to enable EFI runtime services by default on RT (bsc#1012628). - efi: Add missing prototype for efi_capsule_setup_info (bsc#1012628). - device property: Allow error pointer to be passed to fwnode APIs (bsc#1012628). - drm/amd/amdgpu: Remove static from variable in RLCG Reg RW (bsc#1012628). - net: dsa: qca8k: correctly handle mdio read error (bsc#1012628). - target: remove an incorrect unmap zeroes data deduction (bsc#1012628). - drbd: remove assign_p_sizes_qlim (bsc#1012628). - drbd: use bdev based limit helpers in drbd_send_sizes (bsc#1012628). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (bsc#1012628). - drbd: fix duplicate array initializer (bsc#1012628). - EDAC/dmc520: Don't print an error for each unconfigured interrupt line (bsc#1012628). - bpf: Move rcu lock management out of BPF_PROG_RUN routines (bsc#1012628). - drm/bridge: anx7625: Use uint8 for lane-swing arrays (bsc#1012628). - mtd: rawnand: denali: Use managed device resources (bsc#1012628). - HID: hid-led: fix maximum brightness for Dream Cheeky (bsc#1012628). - HID: elan: Fix potential double free in elan_input_configured (bsc#1012628). - drm/bridge: Fix error handling in analogix_dp_probe (bsc#1012628). - regulator: da9121: Fix uninit-value in da9121_assign_chip_model() (bsc#1012628). - drm/mediatek: dpi: Use mt8183 output formats for mt8192 (bsc#1012628). - signal: Deliver SIGTRAP on perf event asynchronously if blocked (bsc#1012628). - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (bsc#1012628). - sched/psi: report zeroes for CPU full at the system level (bsc#1012628). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (bsc#1012628). - drm/bridge: Fix it6505 Kconfig DRM_DP_AUX_BUS dependency (bsc#1012628). - cpufreq: Fix possible race in cpufreq online error path (bsc#1012628). - printk: add missing memory barrier to wake_up_klogd() (bsc#1012628). - printk: wake waiters for safe and NMI contexts (bsc#1012628). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (bsc#1012628). - media: i2c: max9286: fix kernel oops when removing module (bsc#1012628). - media: amphion: fix decoder's interlaced field (bsc#1012628). - media: hantro: Implement support for encoder commands (bsc#1012628). - media: hantro: Empty encoder capture buffers by default (bsc#1012628). - media: imx: imx-mipi-csis: Rename csi_state to mipi_csis_device (bsc#1012628). - media: imx: imx-mipi-csis: Fix active format initialization on source pad (bsc#1012628). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (bsc#1012628). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (bsc#1012628). - mtdblock: warn if opened on NAND (bsc#1012628). - inotify: show inotify mask flags in proc fdinfo (bsc#1012628). - fsnotify: fix wrong lockdep annotations (bsc#1012628). - spi: rockchip: fix missing error on unsupported SPI_CS_HIGH (bsc#1012628). - of: overlay: do not break notify on NOTIFY_{OK|STOP} (bsc#1012628). - selftests/damon: add damon to selftests root Makefile (bsc#1012628). - drm/msm: properly add and remove internal bridges (bsc#1012628). - drm/msm/dpu: adjust display_v_end for eDP and DP (bsc#1012628). - scsi: iscsi: Fix harmless double shift bug (bsc#1012628). - scsi: ufs: qcom: Fix ufs_qcom_resume() (bsc#1012628). - scsi: ufs: core: Exclude UECxx from SFR dump list (bsc#1012628). - drm/v3d: Fix null pointer dereference of pointer perfmon (bsc#1012628). - selftests/resctrl: Fix null pointer dereference on open failed (bsc#1012628). - libbpf: Fix logic for finding matching program for CO-RE relocation (bsc#1012628). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (bsc#1012628). - x86/pm: Fix false positive kmemleak report in msr_build_context() (bsc#1012628). - mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe() (bsc#1012628). - mtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe() (bsc#1012628). - x86/speculation: Add missing prototype for unpriv_ebpf_notify() (bsc#1012628). - ASoC: rk3328: fix disabling mclk on pclk probe failure (bsc#1012628). - perf tools: Add missing headers needed by util/data.h (bsc#1012628). - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (bsc#1012628). - drm/msm/dp: stop event kernel thread when DP unbind (bsc#1012628). - drm/msm/dp: fix error check return value of irq_of_parse_and_map() (bsc#1012628). - drm/msm/dp: reset DP controller before transmit phy test pattern (bsc#1012628). - drm/msm/dp: do not stop transmitting phy test pattern during DP phy compliance test (bsc#1012628). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (bsc#1012628). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (bsc#1012628). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (bsc#1012628). - drm/msm: add missing include to msm_drv.c (bsc#1012628). - drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H (bsc#1012628). - drm/bridge: it6505: Send DPCD SET_POWER to downstream (bsc#1012628). - drm/msm: Fix null pointer dereferences without iommu (bsc#1012628). - kunit: fix debugfs code to use enum kunit_status, not bool (bsc#1012628). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (bsc#1012628). - spi: cadence-quadspi: fix Direct Access Mode disable for SoCFPGA (bsc#1012628). - perf tools: Use Python devtools for version autodetection rather than runtime (bsc#1012628). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (bsc#1012628). - nl80211: don't hold RTNL in color change request (bsc#1012628). - x86: Fix return value of __setup handlers (bsc#1012628). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (bsc#1012628). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (bsc#1012628). - irqchip/aspeed-scu-ic: Fix irq_of_parse_and_map() return value (bsc#1012628). - x86/mm: Cleanup the control_va_addr_alignment() __setup handler (bsc#1012628). - arm64: fix types in copy_highpage() (bsc#1012628). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (bsc#1012628). - wl1251: dynamically allocate memory used for DMA (bsc#1012628). - linkage: Fix issue with missing symbol size (bsc#1012628). - ACPI: AGDI: Fix missing prototype warning for acpi_agdi_init() (bsc#1012628). - drm/msm/disp/dpu1: avoid clearing hw interrupts if hw_intr is null during drm uninit (bsc#1012628). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (bsc#1012628). - drm/msm/dp: fix event thread stuck in wait_event after kthread_stop() (bsc#1012628). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (bsc#1012628). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (bsc#1012628). - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (bsc#1012628). - media: uvcvideo: Fix missing check to determine if element is found in list (bsc#1012628). - arm64: stackleak: fix current_top_of_stack() (bsc#1012628). - iomap: iomap_write_failed fix (bsc#1012628). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (bsc#1012628). - selftests/bpf: Prevent skeleton generation race (bsc#1012628). - Revert "cpufreq: Fix possible race in cpufreq online error path" (bsc#1012628). - regulator: qcom_smd: Fix up PM8950 regulator configuration (bsc#1012628). - samples: bpf: Don't fail for a missing VMLINUX_BTF when VMLINUX_H is provided (bsc#1012628). - perf/amd/ibs: Use interrupt regs ip for stack unwinding (bsc#1012628). - ath11k: Don't check arvif->is_started before sending management frames (bsc#1012628). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1012628). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1012628). - wilc1000: fix crash observed in AP mode with cfg80211_register_netdevice() (bsc#1012628). - HID: amd_sfh: Modify the bus name (bsc#1012628). - HID: amd_sfh: Modify the hid name (bsc#1012628). - ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (bsc#1012628). - ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe (bsc#1012628). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (bsc#1012628). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (bsc#1012628). - PM: EM: Decrement policy counter (bsc#1012628). - dma-direct: don't fail on highmem CMA pages in dma_direct_alloc_pages (bsc#1012628). - ASoC: samsung: Fix refcount leak in aries_audio_probe (bsc#1012628). - block: Fix the bio.bi_opf comment (bsc#1012628). - kselftest/cgroup: fix test_stress.sh to use OUTPUT dir (bsc#1012628). - scripts/faddr2line: Fix overlapping text section failures (bsc#1012628). - media: aspeed: Fix an error handling path in aspeed_video_probe() (bsc#1012628). - media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe (bsc#1012628). - mt76: mt7915: fix DBDC default band selection on MT7915D (bsc#1012628). - mt76: mt7921: honor pm user configuration in mt7921_sniffer_interface_iter (bsc#1012628). - mt76: mt7915: fix unbounded shift in mt7915_mcu_beacon_mbss (bsc#1012628). - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (bsc#1012628). - mt76: mt7915: fix possible uninitialized pointer dereference in mt7986_wmac_gpio_setup (bsc#1012628). - mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector (bsc#1012628). - mt76: mt7915: do not pass data pointer to mt7915_mcu_muru_debug_set (bsc#1012628). - mt76: mt7915: report rx mode value in mt7915_mac_fill_rx_rate (bsc#1012628). - mt76: fix antenna config missing in 6G cap (bsc#1012628). - mt76: mt7921: fix kernel crash at mt7921_pci_remove (bsc#1012628). - mt76: do not attempt to reorder received 802.3 packets without agg session (bsc#1012628). - mt76: fix tx status related use-after-free race on station removal (bsc#1012628). - mt76: mt7915: fix twt table_mask to u16 in mt7915_dev (bsc#1012628). - media: st-delta: Fix PM disable depth imbalance in delta_probe (bsc#1012628). - media: atmel: atmel-isc: Fix PM disable depth imbalance in atmel_isc_probe (bsc#1012628). - media: i2c: rdacm2x: properly set subdev entity function (bsc#1012628). - media: exynos4-is: Change clk_disable to clk_disable_unprepare (bsc#1012628). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (bsc#1012628). - media: make RADIO_ADAPTERS tristate (bsc#1012628). - media: vsp1: Fix offset calculation for plane cropping (bsc#1012628). - media: atmel: atmel-sama5d2-isc: fix wrong mask in YUYV format check (bsc#1012628). - media: hantro: HEVC: Fix tile info buffer value computation (bsc#1012628). - Bluetooth: mt7921s: Fix the incorrect pointer check (bsc#1012628). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (bsc#1012628). - Bluetooth: use hdev lock in activate_scan for hci_is_adv_monitoring (bsc#1012628). - Bluetooth: use hdev lock for accept_list and reject_list in conn req (bsc#1012628). - Bluetooth: protect le accept and resolv lists with hdev->lock (bsc#1012628). - Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event (bsc#1012628). - Bluetooth: btmtksdio: fix possible FW initialization failure (bsc#1012628). - Bluetooth: btmtksdio: fix the reset takes too long (bsc#1012628). - media: mediatek: vcodec: Fix v4l2 compliance decoder cmd test fail (bsc#1012628). - io_uring: avoid io-wq -EAGAIN looping for !IOPOLL (bsc#1012628). - io_uring: only wake when the correct events are set (bsc#1012628). - irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack and handling (bsc#1012628). - irqchip/gic-v3: Refactor ISB + EOIR at ack time (bsc#1012628). - irqchip/gic-v3: Fix priority mask handling (bsc#1012628). - nvme: set dma alignment to dword (bsc#1012628). - m68k: math-emu: Fix dependencies of math emulation support (bsc#1012628). - net: annotate races around sk->sk_bound_dev_if (bsc#1012628). - sctp: read sk->sk_bound_dev_if once in sctp_rcv() (bsc#1012628). - net: hinic: add missing destroy_workqueue in hinic_pf_to_mgmt_init (bsc#1012628). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (bsc#1012628). - kselftest/arm64: bti: force static linking (bsc#1012628). - media: ov7670: remove ov7670_power_off from ov7670_remove (bsc#1012628). - media: i2c: ov2640: Depend on V4L2_ASYNC (bsc#1012628). - media: i2c: ov5648: fix wrong pointer passed to IS_ERR() and PTR_ERR() (bsc#1012628). - media: rkvdec: h264: Fix dpb_valid implementation (bsc#1012628). - media: rkvdec: h264: Fix bit depth wrap in pps packet (bsc#1012628). - regulator: scmi: Fix refcount leak in scmi_regulator_probe (bsc#1012628). - blk-cgroup: always terminate io.stat lines (bsc#1012628). - erofs: fix buffer copy overflow of ztailpacking feature (bsc#1012628). - net/mlx5e: Correct the calculation of max channels for rep (bsc#1012628). - ext4: reject the 'commit' option on ext2 filesystems (bsc#1012628). - drm/msm/dsi: don't powerup at modeset time for parade-ps8640 (bsc#1012628). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (bsc#1012628). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (bsc#1012628). - x86/sev: Annotate stack change in the #VC handler (bsc#1012628). - drm/msm: don't free the IRQ if it was not requested (bsc#1012628). - selftests/bpf: Add missed ima_setup.sh in Makefile (bsc#1012628). - drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path (bsc#1012628). - drm/i915: Fix CFI violation with show_dynamic_id() (bsc#1012628). - thermal/drivers/bcm2711: Don't clamp temperature at zero (bsc#1012628). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (bsc#1012628). - thermal/core: Fix memory leak in __thermal_cooling_device_register() (bsc#1012628). - thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe (bsc#1012628). - bfq: Relax waker detection for shared queues (bsc#1012628). - bfq: Allow current waker to defend against a tentative one (bsc#1012628). - ASoC: codecs: lpass: Fix passing zero to 'PTR_ERR' (bsc#1012628). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (bsc#1012628). - cpuidle: psci: Fix regression leading to no genpd governor (bsc#1012628). - cpuidle: riscv-sbi: Fix code to allow a genpd governor to be used (bsc#1012628). - platform/x86: intel_cht_int33fe: Set driver data (bsc#1012628). - PM: domains: Fix initialization of genpd's next_wakeup (bsc#1012628). - net: macb: Fix PTP one step sync support (bsc#1012628). - scsi: hisi_sas: Fix rescan after deleting a disk (bsc#1012628). - scsi: hisi_sas: Fix memory ordering in hisi_sas_task_deliver() (bsc#1012628). - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (bsc#1012628). - bonding: fix missed rcu protection (bsc#1012628). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (bsc#1012628). - perf parse-events: Support different format of the topdown event name (bsc#1012628). - net: stmmac: fix out-of-bounds access in a selftest (bsc#1012628). - amt: fix gateway mode stuck (bsc#1012628). - amt: fix memory leak for advertisement message (bsc#1012628). - hv_netvsc: Fix potential dereference of NULL pointer (bsc#1012628). - hwmon: (dimmtemp) Fix bitmap handling (bsc#1012628). - hwmon: (pmbus) Check PEC support before reading other registers (bsc#1012628). - rxrpc: Fix locking issue (bsc#1012628). - rxrpc: Fix listen() setting the bar too high for the prealloc rings (bsc#1012628). - rxrpc: Don't try to resend the request if we're receiving the reply (bsc#1012628). - rxrpc: Fix overlapping ACK accounting (bsc#1012628). - rxrpc: Don't let ack.previousPacket regress (bsc#1012628). - rxrpc: Fix decision on when to generate an IDLE ACK (bsc#1012628). - hinic: Avoid some over memory allocation (bsc#1012628). - dpaa2-eth: retrieve the virtual address before dma_unmap (bsc#1012628). - dpaa2-eth: use the correct software annotation field (bsc#1012628). - dpaa2-eth: unmap the SGT buffer before accessing its contents (bsc#1012628). - net: dsa: restrict SMSC_LAN9303_I2C kconfig (bsc#1012628). - net/smc: postpone sk_refcnt increment in connect() (bsc#1012628). - net/smc: fix listen processing for SMC-Rv2 (bsc#1012628). - dma-direct: don't over-decrypt memory (bsc#1012628). - Bluetooth: hci_conn: Fix hci_connect_le_sync (bsc#1012628). - Revert "net/smc: fix listen processing for SMC-Rv2" (bsc#1012628). - media: lirc: revert removal of unused feature flags (bsc#1012628). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (bsc#1012628). - arm64: dts: mt8192: Fix nor_flash status disable typo (bsc#1012628). - PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3 (bsc#1012628). - memory: samsung: exynos5422-dmc: Avoid some over memory allocation (bsc#1012628). - ARM: dts: BCM5301X: Update pin controller node name (bsc#1012628). - ARM: dts: suniv: F1C100: fix watchdog compatible (bsc#1012628). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (bsc#1012628). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (bsc#1012628). - arm64: defconfig: reenable SM_DISPCC_8250 (bsc#1012628). - PCI: cadence: Fix find_first_zero_bit() limit (bsc#1012628). - PCI: rockchip: Fix find_first_zero_bit() limit (bsc#1012628). - PCI: mediatek: Fix refcount leak in mtk_pcie_subsys_powerup() (bsc#1012628). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (bsc#1012628). - ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks (bsc#1012628). - arm64: dts: qcom: sc7280: Fix sar1_irq_odl node name (bsc#1012628). - arm64: dts: qcom: sc7280-herobrine: Drop outputs on fpmcu pins (bsc#1012628). - soc: qcom: llcc: Add MODULE_DEVICE_TABLE() (bsc#1012628). - cxl/pci: Add debug for DVSEC range init failures (bsc#1012628). - cxl/pci: Make cxl_dvsec_ranges() failure not fatal to cxl_pci (bsc#1012628). - KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (bsc#1012628). - KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault (bsc#1012628). - arm64: dts: juno: Fix SCMI power domain IDs for ETF and CS funnel (bsc#1012628). - crypto: qat - set CIPHER capability for DH895XCC (bsc#1012628). - crypto: qat - set COMPRESSION capability for DH895XCC (bsc#1012628). - platform/chrome: cros_ec: fix error handling in cros_ec_register() (bsc#1012628). - ARM: dts: imx6dl-colibri: Fix I2C pinmuxing (bsc#1012628). - platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls (bsc#1012628). - can: xilinx_can: mark bit timing constants as const (bsc#1012628). - ARM: dts: stm32: Fix PHY post-reset delay on Avenger96 (bsc#1012628). - dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible (bsc#1012628). - ARM: dts: qcom: sdx55: remove wrong unit address from RPMH RSC clocks (bsc#1012628). - arm64: dts: qcom: sm8450: Fix missing iommus for qup (bsc#1012628). - arm64: dts: qcom: sm8450: Fix missing iommus for qup1 (bsc#1012628). - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (bsc#1012628). - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (bsc#1012628). - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (bsc#1012628). - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (bsc#1012628). - misc: ocxl: fix possible double free in ocxl_file_register_afu (bsc#1012628). - hwrng: cn10k - Optimize cn10k_rng_read() (bsc#1012628). - hwrng: cn10k - Make check_rng_health() return an error code (bsc#1012628). - crypto: marvell/cesa - ECB does not IV (bsc#1012628). - gpiolib: of: Introduce hook for missing gpio-ranges (bsc#1012628). - pinctrl: bcm2835: implement hook for missing gpio-ranges (bsc#1012628). - drm/msm: simplify gpu_busy callback (bsc#1012628). - drm/msm: return the average load over the polling period (bsc#1012628). - arm: mediatek: select arch timer for mt7629 (bsc#1012628). - pinctrl/rockchip: support deferring other gpio params (bsc#1012628). - pinctrl: mediatek: mt8195: enable driver on mtk platforms (bsc#1012628). - arm64: dts: qcom: qrb5165-rb5: Fix can-clock node name (bsc#1012628). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1012628). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1012628). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (bsc#1012628). - scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() (bsc#1012628). - soc: bcm: Check for NULL return of devm_kzalloc() (bsc#1012628). - arm64: dts: ti: k3-am64-mcu: remove incorrect UART base clock rates (bsc#1012628). - ASoC: sh: rz-ssi: Propagate error codes returned from platform_get_irq_byname() (bsc#1012628). - ASoC: sh: rz-ssi: Release the DMA channels in rz_ssi_probe() error path (bsc#1012628). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (bsc#1012628). - nvdimm: Fix firmware activation deadlock scenarios (bsc#1012628). - nvdimm: Allow overwrite in the presence of disabled dimms (bsc#1012628). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (bsc#1012628). - crypto: ccp - Fix the INIT_EX data file open failure (bsc#1012628). - drivers/base/node.c: fix compaction sysfs file leak (bsc#1012628). - dax: fix cache flush on PMD-mapped pages (bsc#1012628). - drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (bsc#1012628). - firmware: arm_ffa: Fix uuid parameter to ffa_partition_probe (bsc#1012628). - firmware: arm_ffa: Remove incorrect assignment of driver_data (bsc#1012628). - ocfs2: fix mounting crash if journal is not alloced (bsc#1012628). - list: fix a data-race around ep->rdllist (bsc#1012628). - drm/msm/dpu: fix error check return value of irq_of_parse_and_map() (bsc#1012628). - powerpc/8xx: export 'cpm_setbrg' for modules (bsc#1012628). - pinctrl: renesas: r8a779a0: Fix GPIO function on I2C-capable pins (bsc#1012628). - pinctrl: renesas: r8a779f0: Fix GPIO function on I2C-capable pins (bsc#1012628). - pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources() (bsc#1012628). - powerpc/idle: Fix return value of __setup() handler (bsc#1012628). - powerpc/4xx/cpm: Fix return value of __setup() handler (bsc#1012628). - RDMA/hns: Add the detection for CMDQ status in the device initialization process (bsc#1012628). - arm64: dts: marvell: espressobin-ultra: fix SPI-NOR config (bsc#1012628). - arm64: dts: marvell: espressobin-ultra: enable front USB3 port (bsc#1012628). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (bsc#1012628). - ASoC: atmel-classd: Remove endianness flag on class d component (bsc#1012628). - proc: fix dentry/inode overinstantiating under /proc/${pid}/net (bsc#1012628). - ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() (bsc#1012628). - PCI: imx6: Fix PERST# start-up sequence (bsc#1012628). - PCI: mediatek-gen3: Assert resets to ensure expected init state (bsc#1012628). - module.h: simplify MODULE_IMPORT_NS (bsc#1012628). - module: fix [e_shstrndx].sh_size=0 OOB access (bsc#1012628). - tty: fix deadlock caused by calling printk() under tty_port->lock (bsc#1012628). - crypto: sun8i-ss - rework handling of IV (bsc#1012628). - crypto: sun8i-ss - handle zero sized sg (bsc#1012628). - crypto: cryptd - Protect per-CPU resource by disabling BH (bsc#1012628). - ARM: dts: at91: sama7g5: remove interrupt-parent from gic node (bsc#1012628). - ARM: dts: lan966x: swap dma channels for crypto node (bsc#1012628). - hugetlbfs: fix hugetlbfs_statfs() locking (bsc#1012628). - x86/mce: relocate set{clear}_mce_nospec() functions (bsc#1012628). - mce: fix set_mce_nospec to always unmap the whole page (bsc#1012628). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (bsc#1012628). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (bsc#1012628). - KVM: PPC: Book3S HV: Fix vcore_blocked tracepoint (bsc#1012628). - PCI: microchip: Fix potential race in interrupt handling (bsc#1012628). - cxl/mem: Drop mem_enabled check from wait_for_media() (bsc#1012628). - hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (bsc#1012628). - perf evlist: Keep topdown counters in weak group (bsc#1012628). - perf stat: Always keep perf metrics topdown events in a group (bsc#1012628). - mailbox: pcc: Fix an invalid-load caught by the address sanitizer (bsc#1012628). - powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1012628). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1012628). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1012628). - powerpc/perf: Fix the threshold compare group constraint for power10 (bsc#1012628). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1012628). - macintosh: via-pmu and via-cuda need RTC_LIB (bsc#1012628). - powerpc/xive: Fix refcount leak in xive_spapr_init (bsc#1012628). - powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (bsc#1012628). - powerpc/papr_scm: Fix leaking nvdimm_events_map elements (bsc#1012628). - powerpc/fsl_book3e: Don't set rodata RO too early (bsc#1012628). - gpio: sim: Use correct order for the parameters of devm_kcalloc() (bsc#1012628). - mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (bsc#1012628). - nfsd: destroy percpu stats counters after reply cache shutdown (bsc#1012628). - mailbox: forward the hrtimer if not queued and under a lock (bsc#1012628). - RDMA/rxe: Fix an error handling path in rxe_get_mcg() (bsc#1012628). - RDMA/hfi1: Prevent use of lock before it is initialized (bsc#1012628). - pinctrl: apple: Use a raw spinlock for the regmap (bsc#1012628). - KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (bsc#1012628). - Input: stmfts - do not leave device disabled in stmfts_input_open (bsc#1012628). - OPP: call of_node_put() on error path in _bandwidth_supported() (bsc#1012628). - dmaengine: ti: k3-psil-am62: Update PSIL thread for saul (bsc#1012628). - f2fs: fix to do sanity check on inline_dots inode (bsc#1012628). - f2fs: fix dereference of stale list iterator after loop body (bsc#1012628). - riscv: Fixup difference with defconfig (bsc#1012628). - iommu/amd: Enable swiotlb in all cases (bsc#1012628). - iommu/amd: Do not call sleep while holding spinlock (bsc#1012628). - iommu/mediatek: Fix 2 HW sharing pgtable issue (bsc#1012628). - iommu/mediatek: Add list_del in mtk_iommu_remove (bsc#1012628). - iommu/mediatek: Remove clk_disable in mtk_iommu_remove (bsc#1012628). - iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (bsc#1012628). - i2c: at91: use dma safe buffers (bsc#1012628). - cpufreq: mediatek: Use module_init and add module_exit (bsc#1012628). - cpufreq: mediatek: Unregister platform device on exit (bsc#1012628). - iommu/arm-smmu-v3-sva: Fix mm use-after-free (bsc#1012628). - MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (bsc#1012628). - iommu/mediatek: Fix NULL pointer dereference when printing dev_name (bsc#1012628). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (bsc#1012628). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (bsc#1012628). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (bsc#1012628). - NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (bsc#1012628). - NFS: Don't report ENOSPC write errors twice (bsc#1012628). - NFS: Do not report flush errors in nfs_write_end() (bsc#1012628). - NFS: Don't report errors from nfs_pageio_complete() more than once (bsc#1012628). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (bsc#1012628). - NFS: Further fixes to the writeback error handling (bsc#1012628). - NFS: Pass i_size to fscache_unuse_cookie() when a file is released (bsc#1012628). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (bsc#1012628). - dmaengine: stm32-mdma: remove GISR1 register (bsc#1012628). - dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (bsc#1012628). - i2c: npcm: Fix timeout calculation (bsc#1012628). - i2c: npcm: Correct register access width (bsc#1012628). - i2c: npcm: Handle spurious interrupts (bsc#1012628). - i2c: rcar: fix PM ref counts in probe error paths (bsc#1012628). - tracing: Reset the function filter after completing trampoline/graph selftest (bsc#1012628). - RISC-V: Split out the XIP fixups into their own file (bsc#1012628). - RISC-V: Fix the XIP build (bsc#1012628). - MIPS: RALINK: Define pci_remap_iospace under CONFIG_PCI_DRIVERS_GENERIC (bsc#1012628). - perf build: Fix btf__load_from_kernel_by_id() feature check (bsc#1012628). - perf c2c: Use stdio interface if slang is not supported (bsc#1012628). - rtla: Avoid record NULL pointer dereference (bsc#1012628). - rtla: Don't overwrite existing directory mode (bsc#1012628). - rtla: Minor grammar fix for rtla README (bsc#1012628). - rtla: Fix __set_sched_attr error message (bsc#1012628). - rtla: Remove procps-ng dependency (bsc#1012628). - tracing/timerlat: Notify IRQ new max latency only if stop tracing is set (bsc#1012628). - perf jevents: Fix event syntax error caused by ExtSel (bsc#1012628). - video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup (bsc#1012628). - NFSv4: Fix free of uninitialized nfs4_label on referral lookup (bsc#1012628). - NFSv4.1 mark qualified async operations as MOVEABLE tasks (bsc#1012628). - f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (bsc#1012628). - f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (bsc#1012628). - f2fs: fix to clear dirty inode in f2fs_evict_inode() (bsc#1012628). - f2fs: fix deadloop in foreground GC (bsc#1012628). - f2fs: don't need inode lock for system hidden quota (bsc#1012628). - f2fs: fix to do sanity check on total_data_blocks (bsc#1012628). - f2fs: don't use casefolded comparison for "." and ".." (bsc#1012628). - f2fs: fix fallocate to use file_modified to update permissions consistently (bsc#1012628). - f2fs: fix to do sanity check for inline inode (bsc#1012628). - objtool: Fix objtool regression on x32 systems (bsc#1012628). - objtool: Fix symbol creation (bsc#1012628). - wifi: mac80211: fix use-after-free in chanctx code (bsc#1012628). - iwlwifi: fw: init SAR GEO table only if data is present (bsc#1012628). - iwlwifi: mvm: fix assert 1F04 upon reconfig (bsc#1012628). - iwlwifi: mei: clear the sap data header before sending (bsc#1012628). - iwlwifi: mei: fix potential NULL-ptr deref (bsc#1012628). - ipmi:ipmb: Fix refcount leak in ipmi_ipmb_probe (bsc#1012628). - =?UTF-8?q?fs-writeback:=20writeback=5Fsb=5Finodes?= =?UTF-8?q?=EF=BC=9ARecalculate=20'wrote'=20according=20skipped=20pages?= (bsc#1012628). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (bsc#1012628). - bfq: Avoid false marking of bic as stably merged (bsc#1012628). - bfq: Avoid merging queues with different parents (bsc#1012628). - bfq: Split shared queues on move between cgroups (bsc#1012628). - bfq: Update cgroup information before merging bio (bsc#1012628). - bfq: Drop pointless unlock-lock pair (bsc#1012628). - bfq: Remove pointless bfq_init_rq() calls (bsc#1012628). - bfq: Track whether bfq_group is still online (bsc#1012628). - bfq: Get rid of __bio_blkcg() usage (bsc#1012628). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1012628). - ext4: mark group as trimmed only if it was fully scanned (bsc#1012628). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1012628). - ext4: fix journal_ioprio mount option handling (bsc#1012628). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1012628). - ext4: fix warning in ext4_handle_inode_extension (bsc#1012628). - ext4: fix memory leak in parse_apply_sb_mount_options() (bsc#1012628). - ext4: fix bug_on in ext4_writepages (bsc#1012628). - ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (bsc#1012628). - ext4: fix bug_on in __es_tree_search (bsc#1012628). - ext4: verify dir block before splitting it (bsc#1012628). - ext4: avoid cycles in directory h-tree (bsc#1012628). - ACPI: property: Release subnode properties with data nodes (bsc#1012628). - tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (bsc#1012628). - tracing: Have event format check not flag %p* on __get_dynamic_array() (bsc#1012628). - tracing: Fix potential double free in create_var_ref() (bsc#1012628). - tracing: Fix return value of trace_pid_write() (bsc#1012628). - tracing: Initialize integer variable to prevent garbage return value (bsc#1012628). - drm/amdgpu: add beige goby PCI ID (bsc#1012628). - PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (bsc#1012628). - PCI: qcom: Fix pipe clock imbalance (bsc#1012628). - PCI: qcom: Fix runtime PM imbalance on probe errors (bsc#1012628). - PCI: qcom: Fix unbalanced PHY init on probe errors (bsc#1012628). - staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() (bsc#1012628). - block: Fix potential deadlock in blk_ia_range_sysfs_show() (bsc#1012628). - mm, compaction: fast_find_migrateblock() should return pfn in the target zone (bsc#1012628). - s390/perf: obtain sie_block from the right address (bsc#1012628). - s390/stp: clock_delta should be signed (bsc#1012628). - dlm: fix plock invalid read (bsc#1012628). - dlm: uninitialized variable on error in dlm_listen_for_all() (bsc#1012628). - dlm: fix wake_up() calls for pending remove (bsc#1012628). - dlm: fix missing lkb refcount handling (bsc#1012628). - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (bsc#1012628). - scsi: dc395x: Fix a missing check on list iterator (bsc#1012628). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (bsc#1012628). - landlock: Add clang-format exceptions (bsc#1012628). - landlock: Format with clang-format (bsc#1012628). - selftests/landlock: Add clang-format exceptions (bsc#1012628). - selftests/landlock: Normalize array assignment (bsc#1012628). - selftests/landlock: Format with clang-format (bsc#1012628). - samples/landlock: Add clang-format exceptions (bsc#1012628). - samples/landlock: Format with clang-format (bsc#1012628). - landlock: Fix landlock_add_rule(2) documentation (bsc#1012628). - selftests/landlock: Make tests build with old libc (bsc#1012628). - selftests/landlock: Extend tests for minimal valid attribute size (bsc#1012628). - selftests/landlock: Add tests for unknown access rights (bsc#1012628). - selftests/landlock: Extend access right tests to directories (bsc#1012628). - selftests/landlock: Fully test file rename with "remove" access (bsc#1012628). - selftests/landlock: Add tests for O_PATH (bsc#1012628). - landlock: Change landlock_add_rule(2) argument check ordering (bsc#1012628). - landlock: Change landlock_restrict_self(2) check ordering (bsc#1012628). - selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (bsc#1012628). - landlock: Define access_mask_t to enforce a consistent access mask size (bsc#1012628). - landlock: Reduce the maximum number of layers to 16 (bsc#1012628). - landlock: Create find_rule() from unmask_layers() (bsc#1012628). - landlock: Fix same-layer rule unions (bsc#1012628). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (bsc#1012628). - drm/nouveau/subdev/bus: Ratelimit logging for fault errors (bsc#1012628). - drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (bsc#1012628). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (bsc#1012628). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (bsc#1012628). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (bsc#1012628). - drm/i915/dsi: fix VBT send packet port selection for ICL+ (bsc#1012628). - md: fix an incorrect NULL check in does_sb_need_changing (bsc#1012628). - md: fix an incorrect NULL check in md_reload_sb (bsc#1012628). - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (bsc#1012628). - mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (bsc#1012628). - media: coda: Fix reported H264 profile (bsc#1012628). - media: coda: Add more H264 levels for CODA960 (bsc#1012628). - ima: remove the IMA_TEMPLATE Kconfig option (bsc#1012628). - Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (bsc#1012628). - lib/string_helpers: fix not adding strarray to device's resource list (bsc#1012628). - RDMA/hfi1: Fix potential integer multiplication overflow errors (bsc#1012628). - mmc: core: Allows to override the timeout value for ioctl() path (bsc#1012628). - csky: patch_text: Fixup last cpu should be master (bsc#1012628). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (bsc#1012628). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (bsc#1012628). - thermal: devfreq_cooling: use local ops instead of global ops (bsc#1012628). - mt76: fix use-after-free by removing a non-RCU wcid pointer (bsc#1012628). - cfg80211: declare MODULE_FIRMWARE for regulatory.db (bsc#1012628). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (bsc#1012628). - um: virtio_uml: Fix broken device handling in time-travel (bsc#1012628). - um: Use asm-generic/dma-mapping.h (bsc#1012628). - um: chan_user: Fix winch_tramp() return value (bsc#1012628). - um: Fix out-of-bounds read in LDT setup (bsc#1012628). - MIPS: IP27: Remove incorrect `cpu_has_fpu' override (bsc#1012628). - MIPS: IP30: Remove incorrect `cpu_has_fpu' override (bsc#1012628). - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (bsc#1012628). - ftrace: Clean up hash direct_functions on register failures (bsc#1012628). - ksmbd: fix outstanding credits related bugs (bsc#1012628). - iommu/msm: Fix an incorrect NULL check on list iterator (bsc#1012628). - iommu/dma: Fix iova map result check bug (bsc#1012628). - kprobes: Fix build errors with CONFIG_KRETPROBES=n (bsc#1012628). - Revert "mm/cma.c: remove redundant cma_mutex lock" (bsc#1012628). - mm/page_owner: use strscpy() instead of strlcpy() (bsc#1012628). - mm/page_alloc: always attempt to allocate at least one page during bulk allocation (bsc#1012628). - nodemask.h: fix compilation error with GCC12 (bsc#1012628). - hugetlb: fix huge_pmd_unshare address update (bsc#1012628). - mm/memremap: fix missing call to untrack_pfn() in pagemap_range() (bsc#1012628). - xtensa/simdisk: fix proc_read_simdisk() (bsc#1012628). - rtl818x: Prevent using not initialized queues (bsc#1012628). - ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control (bsc#1012628). - carl9170: tx: fix an incorrect use of list iterator (bsc#1012628). - stm: ltdc: fix two incorrect NULL checks on list iterator (bsc#1012628). - bcache: improve multithreaded bch_btree_check() (bsc#1012628). - bcache: improve multithreaded bch_sectors_dirty_init() (bsc#1012628). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (bsc#1012628). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (bsc#1012628). - serial: pch: don't overwrite xmit->buf[0] by x_char (bsc#1012628). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (bsc#1012628). - gma500: fix an incorrect NULL check on list iterator (bsc#1012628). - arm64: dts: qcom: ipq8074: fix the sleep clock frequency (bsc#1012628). - arm64: tegra: Add missing DFLL reset on Tegra210 (bsc#1012628). - clk: tegra: Add missing reset deassertion (bsc#1012628). - phy: qcom-qmp: fix struct clk leak on probe errors (bsc#1012628). - ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (bsc#1012628). - ARM: pxa: maybe fix gpio lookup tables (bsc#1012628). - ceph: fix decoding of client session messages flags (bsc#1012628). - misc: fastrpc: fix list iterator in fastrpc_req_mem_unmap_impl (bsc#1012628). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1012628). - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (bsc#1012628). - dt-bindings: gpio: altera: correct interrupt-cells (bsc#1012628). - vdpasim: allow to enable a vq repeatedly (bsc#1012628). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1012628). - coresight: core: Fix coresight device probe failure issue (bsc#1012628). - phy: qcom-qmp: fix reset-controller leak on probe errors (bsc#1012628). - net: ipa: fix page free in ipa_endpoint_trans_release() (bsc#1012628). - net: ipa: fix page free in ipa_endpoint_replenish_one() (bsc#1012628). - media: lirc: add missing exceptions for lirc uapi header file (bsc#1012628). - kseltest/cgroup: Make test_stress.sh work if run interactively (bsc#1012628). - perf evlist: Extend arch_evsel__must_be_in_group to support hybrid systems (bsc#1012628). - Revert "random: use static branch for crng_ready()" (bsc#1012628). - staging: r8188eu: delete rtw_wx_read/write32() (bsc#1012628). - binder: fix sender_euid type in uapi header (bsc#1012628). - RDMA/hns: Remove the num_cqc_timer variable (bsc#1012628). - RDMA/rxe: Generate a completion for unsupported/invalid opcode (bsc#1012628). - ext4: only allow test_dummy_encryption when supported (bsc#1012628). - fs: add two trivial lookup helpers (bsc#1012628). - exportfs: support idmapped mounts (bsc#1012628). - md: Don't set mddev private to NULL in raid0 pers->free (bsc#1012628). - md: fix double free of io_acct_set bioset (bsc#1012628). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (bsc#1012628). - macsec: fix UAF bug for real_dev (bsc#1012628). - tty: n_gsm: Fix packet data hex dump output (bsc#1012628). - pinctrl/rockchip: support setting input-enable param (bsc#1012628). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1012628). - Update config files. * EFI_DISABLE_RUNTIME=n -- the default. * the rest is non-configurable. - Refresh patches.suse/vfs-add-super_operations-get_inode_dev. - commit b06f595 ++++ libX11: - Update to version 1.8.1 This release fixes the --enable-thread-safety-constructor option to the configure script to work as intended. In the previous release, the changes for this option may not have been enabled when the option was not specified or when the --enable option was specified. While we have enabled it by default, believing that doing so will reduce the number of bugs users encounter running libX11 clients, in some cases it may expose bugs in which clients had previously gotten away with calling libX11 functions while a libX11 lock is already held, and thus now deadlock, as discussed in https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/157 . ++++ nfs-utils: - 0001-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch Ensure sysctl setting work (bsc#1199856) - 0002-Update-autoconfig-files-to-work-with-v2.71.patch - 0003-autoconf-change-tirpc-to-check-for-a-file-not-for-an.patch Update for latest autoconf ++++ python310-core: - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the command injection in the mailcap module. - Fix building of documentation and the universal configuration of the %primary_interpreter. ++++ ceph: - Update to 16.2.9-158-gd93952c7eea: + cmake: check for python(\d)\.(\d+) when building boost + make-dist: patch boost source to support python 3.10 ++++ patterns-alp: - Ensure toolbox is installed by default. ++++ python310: - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the command injection in the mailcap module. - Fix building of documentation and the universal configuration of the %primary_interpreter. ++++ python-MarkupSafe: - Require python 3.6. There is no need to require a newer version and this way it builds on openSUSE Leap >= 15.3 ++++ python-cryptography: - Remove Python 3.6 deprecation warning on openSUSE Leap. * Added remove_python_3_6_deprecation_warning.patch ++++ python-gobject: - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs the actual pycairo underneath (boo#1179584). ++++ runc: - Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. (Includes a fix for bsc#1200088.) * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. * runc static binaries are now linked against libseccomp v2.5.4. - Remove upstreamed patches: - bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch ------------------------------------------------------------------ ------------------ 2022-6-8 - Jun 8 2022 ------------------- ------------------------------------------------------------------ ++++ dbus-1: - version provides - add split provides - remove unused/obsolete pre_checkin.sh ++++ dnsmasq: - Move the dbus-1 system.d file to /usr (bsc#1200344) ++++ glibc: - strncpy-power9-vsx.patch: powerpc: Fix VSX register number on __strncpy_power9 (BZ #29197) - nptl-cleanup-async-restore.patch: nptl: Fix __libc_cleanup_pop_restore asynchronous restore (bsc#1200093, BZ #29214) ++++ grub2: - Add tpm, tpm2, luks2 and gcry_sha512 to default grub.efi (bsc#1197625) - Make grub-tpm.efi a symlink to grub.efi * grub2.spec - Log error when tpm event log is full and continue * 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch - Patch superseded * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch - Add patches for automatic TPM disk unlock (jsc#SLE-24018) (bsc#1196668) * 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch * 0002-cryptodisk-Refactor-to-discard-have_it-global.patch * 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch * 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch * 0005-cryptodisk-Improve-cryptomount-u-error-message.patch * 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch * 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch * 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch * 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch * 0010-protectors-Add-key-protectors-framework.patch * 0011-tpm2-Add-TPM-Software-Stack-TSS.patch * 0012-protectors-Add-TPM2-Key-Protector.patch * 0013-cryptodisk-Support-key-protectors.patch * 0014-util-grub-protect-Add-new-tool.patch - Fix no disk unlocking happen (bsc#1196668) * 0001-crytodisk-fix-cryptodisk-module-looking-up.patch - Fix build error * fix-tpm2-build.patch ++++ kernel-default: - Update config files: disable CONFIG_NET_DSA_REALTEK_* on x86_64 (bsc#1200254) - commit 262234b - fs/ntfs3: Fix invalid free in log_replay (CVE-2022-1973 bsc#1200023). - commit 3433bd9 ++++ kernel-firmware: - Update to version 20220607 (git commit 02c69863c885): * rtl_bt: Update RTL8852A BT USB firmware to 0xDFB8_0634 * Makefile: replace mkdir by install * iwlwifi: remove old unsupported 3160/7260/7265/8000/8265 firmware * ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.9 * WHENCE: ath11k: move regdb.bin before board-2.bin * ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00157 * ath10k: QCA9888 hw2.0: update board-2.bin * ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00157 * ath10k: QCA4019 hw1.0: update board-2.bin * ath10k: WCN3990 hw1.0: add board-2.bin - Update aliases from 5.19-rc1 - Minor adjustment of spec template and makespec.sh to align with the latest TW format ++++ libcontainers-common: - Add missing comma to previous change ++++ systemd: - Import commit e9fc337d97539fcab23078ab3e06f6b2ce3a3c8d ca0b29521f sha256: fix compilation on efi-ia32 1bbbac6a7e test: enable virtio-rng device for QEMU guests ++++ usbredir: - Add upstream backported patches (boo#1199354): + 9426fdb1.patch: Check header length unserialising data. + dffc41c3.patch: usbredirect: fix leak on bad input. ++++ patterns-alp: - Remove k3s-linux requirement, it is now pulled by k3s-install. ++++ timezone: - switch to _multibuild - refresh keyring, enable keyring validation ++++ wpa_supplicant: - Move the dbus-1 system.d file to /usr (bsc#1200342) ++++ xen: - bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen: Insufficient care with non-coherent mappings fix xsa402-5.patch ------------------------------------------------------------------ ------------------ 2022-6-7 - Jun 7 2022 ------------------- ------------------------------------------------------------------ ++++ containerd: - Update to containerd v1.6.6 to fix CVE-2022-31030 and meet the requirements of Docker v20.10.17-ce. bsc#1200145 - Remove upstreamed patches: - bsc1200145-Limit-the-response-size-of-ExecSync.patch ++++ docker: - Update to Docker 20.10.17-ce. See upstream changelog online at . bsc#1200145 - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch ++++ kernel-default: - Update config files: restore CONFIG_I8K=y (bsc#1199958) - commit 04cadbf - update CVE and bugzilla references - patches.kernel.org/5.18.2-001-netfilter-nf_tables-disallow-non-stateful-expr.patch - add CVE-2022-1966 bsc#1200015 - patches.kernel.org/5.18.2-010-netfilter-nf_tables-sanitize-nft_set_desc_conc.patch - add CVE-2022-1972 bsc#1200019 - commit 6d13af9 - Update config files (only run_oldconfig.sh). - commit 695cfee ++++ ncurses: - Add ncurses patch 20220604 + add note on portable memory-leak checking in man/curs_memleaks.3x + remove u6-u9 from teken-2018 -TD + set "xterm-new" to "xterm-p370", add "xterm-p371" -TD ++++ libnftnl: - Update to release 1.2.2 * exthdr: tcp option reset support ++++ popt: - Create lang subpackage ++++ openssl: - Update to 1.1.1o release ++++ python-lxml: - update to 4.9.0: * The mixin inheritance order in ``lxml.html`` was corrected. * Built with Cython 0.29.30 to adapt to changes in Python 3.11 and 3.12. ------------------------------------------------------------------ ------------------ 2022-6-6 - Jun 6 2022 ------------------- ------------------------------------------------------------------ ++++ containerd: [ This patch was only released in SLES and Leap. ] - Backport patch to fix GHSA-5ffw-gxpp-mxpf CVE-2022-31030. bsc#1200145 + bsc1200145-Limit-the-response-size-of-ExecSync.patch - Update to containerd v1.5.12. Upstream release notes: ++++ kernel-default: - Update to 5.19-rc1 - eliminate 54 patches (48 stable, 5 mainline, 1 other) - patches.kernel.org/* - patches.rpmify/scripts-dummy-tools-add-pahole.patch - patches.suse/KVM-x86-avoid-calling-x86-emulator-without-a-decoded-instruction - patches.suse/Revert-net-af_key-add-check-for-pfkey_broadcast-in-f.patch - patches.suse/iommu-amd-Increase-timeout-waiting-for-GA-log-enablement - patches.suse/simplefb-Enable-boot-time-VESA-graphic-mode-selectio.patch - patches.rpmify/powerpc-64-BE-option-to-use-ELFv2-ABI-for-big-endian.patch - refresh - patches.suse/add-suse-supported-flag.patch - patches.suse/genksyms-add-override-flag.diff - patches.suse/kernel-add-product-identifying-information-to-kernel-build.patch - patches.suse/vfs-add-super_operations-get_inode_dev - 5.19-rc1 regression fix - patches.suse/drm-amdgpu-always-flush-the-TLB-on-gfx8.patch - disable ARM architectures (need config update) - new config options - General setup - CONFIG_BOOT_CONFIG_EMBED=n - CONFIG_INITRAMFS_PRESERVE_MTIME=y - Processor type and features - CONFIG_INTEL_TDX_GUEST=y - CONFIG_PERF_EVENTS_AMD_BRS=y - CONFIG_MICROCODE_LATE_LOADING=n - Enable loadable module support - CONFIG_MODULE_UNLOAD_TAINT_TRACKING=y - Memory Management options - CONFIG_PTE_MARKER_UFFD_WP=y - Networking support - CONFIG_CAN_CTUCANFD_PCI=m - File systems - CONFIG_CACHEFILES_ONDEMAND=n - CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP_DEFAULT_ON=n - Security options - CONFIG_TRUSTED_KEYS_TPM=y - CONFIG_TRUSTED_KEYS_TEE=y - CONFIG_RANDSTRUCT_NONE=y - Cryptographic API - CONFIG_CRYPTO_SM3_GENERIC=m - CONFIG_CRYPTO_SM4_GENERIC=m - CONFIG_SYSTEM_BLACKLIST_AUTH_UPDATE=y - Kernel hacking - CONFIG_DEBUG_NET=n - CONFIG_RCU_EXP_CPU_STALL_TIMEOUT=0 - Generic Driver Options - CONFIG_FW_LOADER_COMPRESS_XZ=y - CONFIG_FW_LOADER_COMPRESS_ZSTD=y - CONFIG_FW_UPLOAD=y - Firmware Drivers - CONFIG_EFI_DXE_MEM_ATTRIBUTES=y - CONFIG_EFI_DISABLE_RUNTIME=n - CONFIG_EFI_COCO_SECRET=y - Network device support - CONFIG_OCTEON_EP=m - CONFIG_SFC_SIENA=m - CONFIG_SFC_SIENA_MTD=y - CONFIG_SFC_SIENA_MCDI_MON=y - CONFIG_SFC_SIENA_SRIOV=y - CONFIG_SFC_SIENA_MCDI_LOGGING=y - CONFIG_ADIN1100_PHY=m - CONFIG_DP83TD510_PHY=m - CONFIG_WLAN_VENDOR_PURELIFI=y - CONFIG_PLFXLC=m - CONFIG_RTW89_8852CE=m - CONFIG_WLAN_VENDOR_SILABS=y - CONFIG_MTK_T7XX=m - Input device support - CONFIG_JOYSTICK_SENSEHAT=m - CONFIG_INPUT_IQS7222=m - Hardware Monitoring support - CONFIG_SENSORS_NCT6775_I2C=m - CONFIG_SENSORS_XDPE152=m - Sound card support - CONFIG_SND_SOC_CS35L45_SPI=m - CONFIG_SND_SOC_CS35L45_I2C=m - CONFIG_SND_SOC_MAX98396=m - CONFIG_SND_SOC_WM8731_I2C=n - CONFIG_SND_SOC_WM8731_SPI=n - CONFIG_SND_SOC_WM8940=n - Virtualization drivers - CONFIG_EFI_SECRET=m - CONFIG_SEV_GUEST=m - X86 Platform Specific Device Drivers - CONFIG_INTEL_IFS=m - CONFIG_WINMATE_FM07_KEYS=m - Industrial I/O support - CONFIG_DMARD06=n - CONFIG_IIO_RESCALE=m - CONFIG_DPOT_DAC=n - CONFIG_VF610_DAC=n - CONFIG_CM3605=n - CONFIG_AK8974=n - CONFIG_IIO_MUX=m - CONFIG_HTE=y - CONFIG_HTE=y - Misc devices - CONFIG_INTEL_MEI_GSC=m - CONFIG_MHI_BUS_EP=m - CONFIG_REGULATOR_RT5759=m - CONFIG_HID_MEGAWORLD_FF=m - CONFIG_TYPEC_MUX_FSA4480=m - CONFIG_LEDS_PWM_MULTICOLOR=m - CONFIG_CHROMEOS_ACPI=m - CONFIG_NVSW_SN2201=m - OF dependent (i386, ppc64/ppc64le, riscv64) - DRM_PANEL_NEWVISION_NV3052C=n - DRM_FSL_LDB=n - DRM_LONTIUM_LT9211=n - SND_SERIAL_GENERIC=m - LEDS_QCOM_LPG=m - OMAP_GPMC=m - OMAP_GPMC_DEBUG=n - PWM_XILINX=m - i386 - CAN_CTUCANFD_PLATFORM=m - ppc64/ppc64le - KASAN=n - s390x - S390_UV_UAPI=m - MUX_ADG792A=n - riscv64 - ERRATA_THEAD=y - ERRATA_THEAD_PBMT=y - RISCV_ISA_SVPBMT=y - KEXEC_FILE=y - COMPAT=y - ARCH_MMAP_RND_COMPAT_BITS=8 (default) - NETFILTER_XTABLES_COMPAT=y - CAN_CTUCANFD_PLATFORM=m - HW_RANDOM_POLARFIRE_SOC=m - DRM_DW_HDMI_GP_AUDIO=n - IMA_KEXEC=y - STACK_HASH_ORDER=20 (default) - PAGE_TABLE_CHECK=y - PAGE_TABLE_CHECK_ENFORCED=n - */debug - DEBUG_NET=y - commit 515f42c - Linux 5.18.2 (bsc#1012628). - netfilter: nf_tables: disallow non-stateful expression in sets earlier (bsc#1012628). - i2c: ismt: prevent memory corruption in ismt_access() (bsc#1012628). - assoc_array: Fix BUG_ON during garbage collect (bsc#1012628). - pipe: make poll_usage boolean and annotate its access (bsc#1012628). - pipe: Fix missing lock in pipe_resize_ring() (bsc#1012628). - net: ipa: compute proper aggregation limit (bsc#1012628). - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (bsc#1012628). - exfat: check if cluster num is valid (bsc#1012628). - netfilter: nft_limit: Clone packet limits' cost value (bsc#1012628). - netfilter: nf_tables: sanitize nft_set_desc_concat_parse() (bsc#1012628). - netfilter: nf_tables: hold mutex on netns pre_exit path (bsc#1012628). - netfilter: nf_tables: double hook unregistration in netns path (bsc#1012628). - netfilter: conntrack: re-fetch conntrack after insertion (bsc#1012628). - KVM: PPC: Book3S HV: fix incorrect NULL check on list iterator (bsc#1012628). - x86/fpu: KVM: Set the base guest FPU uABI size to sizeof(struct kvm_xsave) (bsc#1012628). - x86/kvm: Alloc dummy async #PF token outside of raw spinlock (bsc#1012628). - x86, kvm: use correct GFP flags for preemption disabled (bsc#1012628). - x86/uaccess: Implement macros for CMPXCHG on user addresses (bsc#1012628). - KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (bsc#1012628). - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (bsc#1012628). - KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (bsc#1012628). - KVM: x86: avoid loading a vCPU after .vm_destroy was called (bsc#1012628). - KVM: x86: Fix the intel_pt PMI handling wrongly considered from guest (bsc#1012628). - KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 (bsc#1012628). - KVM: x86/mmu: Don't rebuild page when the page is synced and no tlb flushing is required (bsc#1012628). - KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak (bsc#1012628). - crypto: caam - fix i.MX6SX entropy delay value (bsc#1012628). - crypto: ecrdsa - Fix incorrect use of vli_cmp (bsc#1012628). - crypto: qat - rework the VF2PF interrupt handling logic (bsc#1012628). - zsmalloc: fix races between asynchronous zspage free and page migration (bsc#1012628). - tools/memory-model/README: Update klitmus7 compat table (bsc#1012628). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (bsc#1012628). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (bsc#1012628). - ALSA: usb-audio: Configure sync endpoints before data (bsc#1012628). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (bsc#1012628). - ARM: dts: s5pv210: Correct interrupt name for bluetooth in Aries (bsc#1012628). - dm integrity: fix error code in dm_integrity_ctr() (bsc#1012628). - dm crypt: make printing of the key constant-time (bsc#1012628). - dm stats: add cond_resched when looping over entries (bsc#1012628). - dm verity: set DM_TARGET_IMMUTABLE feature flag (bsc#1012628). - raid5: introduce MD_BROKEN (bsc#1012628). - fs/ntfs3: validate BOOT sectors_per_clusters (bsc#1012628). - HID: multitouch: Add support for Google Whiskers Touchpad (bsc#1012628). - HID: multitouch: add quirks to enable Lenovo X12 trackpoint (bsc#1012628). - x86/sgx: Disconnect backing page references from dirty status (bsc#1012628). - x86/sgx: Mark PCMD page as dirty when modifying contents (bsc#1012628). - x86/sgx: Obtain backing storage page with enclave mutex held (bsc#1012628). - x86/sgx: Fix race between reclaimer and page fault handler (bsc#1012628). - x86/sgx: Ensure no data in PCMD page after truncate (bsc#1012628). - media: i2c: imx412: Fix reset GPIO polarity (bsc#1012628). - media: i2c: imx412: Fix power_off ordering (bsc#1012628). - tpm: Fix buffer access in tpm2_get_tpm_pt() (bsc#1012628). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1012628). - docs: submitting-patches: Fix crossref to 'The canonical patch format' (bsc#1012628). - NFS: Memory allocation failures are not server fatal errors (bsc#1012628). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (bsc#1012628). - bpf: Fill new bpf_prog_pack with illegal instructions (bsc#1012628). - bpf: Fix potential array overflow in bpf_trampoline_get_progs() (bsc#1012628). - bpf: Fix combination of jit blinding and pointers to bpf subprogs (bsc#1012628). - bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes (bsc#1012628). - bpf: Fix usage of trace RCU in local storage (bsc#1012628). - bpf: Fix excessive memory allocation in stack_map_alloc() (bsc#1012628). - bpf: Reject writes for PTR_TO_MAP_KEY in check_helper_mem_access (bsc#1012628). - bpf: Check PTR_TO_MEM | MEM_RDONLY in check_helper_mem_access (bsc#1012628). - bpf: Do write access check for kfunc and global func (bsc#1012628). - ALSA: usb-audio: Optimize TEAC clock quirk (bsc#1012628). - commit b7b9d3b ++++ alsa: - Backport upstream fixes for 32bit inode and ELD parsing: 0001-conf-Use-ino64_t-to-save-and-compare-inode-numbers.patch 0002-control-eld-fix-the-decoding-for-older-hw.patch ++++ libcontainers-common: - Add registry.suse.com as agreed on oSC22 Let's advertise usage of BCI images in general ++++ python310-core: - Update to 3.10.5: - Core and Builtins - gh-93418: Fixed an assert where an f-string has an equal sign ‘=’ following an expression, but there’s no trailing brace. For example, f”{i=”. - gh-91924: Fix __ltrace__ debug feature if the stdout encoding is not UTF-8. Patch by Victor Stinner. - gh-93061: Backward jumps after async for loops are no longer given dubious line numbers. - gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees. - The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for more details. - gh-92311: Fixed a bug where setting frame.f_lineno to jump over a list comprehension could misbehave or crash. - gh-92112: Fix crash triggered by an evil custom mro() on a metaclass. - gh-92036: Fix a crash in subinterpreters related to the garbage collector. When a subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a crash in deallocator functions expecting objects to be tracked by the GC, leak a strong reference to these objects on purpose, so they are never deleted and their deallocator functions are not called. Patch by Victor Stinner. - gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex. - bpo-47212: Raise IndentationError instead of SyntaxError for a bare except with no following indent. Improve SyntaxError locations for an un-parenthesized generator used as arguments. Patch by Matthieu Dartiailh. - bpo-47182: Fix a crash when using a named unicode character like "\N{digit nine}" after the main interpreter has been initialized a second time. - bpo-47117: Fix a crash if we fail to decode characters in interactive mode if the tokenizer buffers are uninitialized. Patch by Pablo Galindo. - bpo-39829: Removed the __len__() call when initializing a list and moved initializing to list_extend. Patch by Jeremiah Pascual. - bpo-46962: Classes and functions that unconditionally declared their docstrings ignoring the - -without-doc-strings compilation flag no longer do so. - The classes affected are ctypes.UnionType, pickle.PickleBuffer, testcapi.RecursingInfinitelyError, and types.GenericAlias. - The functions affected are 24 methods in ctypes. - Patch by Oleg Iarygin. - bpo-36819: Fix crashes in built-in encoders with error handlers that return position less or equal than the starting position of non-encodable characters. - Library - gh-93156: Accessing the pathlib.PurePath.parents sequence of an absolute path using negative index values produced incorrect results. - gh-89973: Fix re.error raised in fnmatch if the pattern contains a character range with upper bound lower than lower bound (e.g. [c-a]). Now such ranges are interpreted as empty ranges. - gh-93010: In a very special case, the email package tried to append the nonexistent InvalidHeaderError to the defect list. It should have been InvalidHeaderDefect. - gh-92839: Fixed crash resulting from calling bisect.insort() or bisect.insort_left() with the key argument not equal to None. - gh-91581: utcfromtimestamp() no longer attempts to resolve fold in the pure Python implementation, since the fold is never 1 in UTC. In addition to being slightly faster in the common case, this also prevents some errors when the timestamp is close to datetime.min. Patch by Paul Ganssle. - gh-92530: Fix an issue that occurred after interrupting threading.Condition.notify(). - gh-92049: Forbid pickling constants re._constants.SUCCESS etc. Previously, pickling did not fail, but the result could not be unpickled. - bpo-47029: Always close the read end of the pipe used by multiprocessing.Queue after the last write of buffered data to the write end of the pipe to avoid BrokenPipeError at garbage collection and at multiprocessing.Queue.close() calls. Patch by Géry Ogam. - gh-91401: Provide a fail-safe way to disable subprocess use of vfork() via a private subprocess._USE_VFORK attribute. While there is currently no known need for this, if you find a need please only set it to False. File a CPython issue as to why you needed it and link to that from a comment in your code. This attribute is documented as a footnote in 3.11. - gh-91910: Add missing f prefix to f-strings in error messages from the multiprocessing and asyncio modules. - gh-91810: ElementTree method write() and function tostring() now use the text file’s encoding (“UTF-8” if not available) instead of locale encoding in XML declaration when encoding="unicode" is specified. - gh-91832: Add required attribute to argparse.Action repr output. - gh-91700: Compilation of regular expression containing a conditional expression (?(group)...) now raises an appropriate re.error if the group number refers to not defined group. Previously an internal RuntimeError was raised. - gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown the per test event loop executor before returning from its run method so that a not yet stopped or garbage collected executor state does not persist beyond the test. - gh-90568: Parsing \N escapes of Unicode Named Character Sequences in a regular expression raises now re.error instead of TypeError. - gh-91595: Fix the comparison of character and integer inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu. - gh-90622: Worker processes for concurrent.futures.ProcessPoolExecutor are no longer spawned on demand (a feature added in 3.9) when the multiprocessing context start method is "fork" as that can lead to deadlocks in the child processes due to a fork happening while threads are running. - gh-91575: Update case-insensitive matching in the re module to the latest Unicode version. - gh-91581: Remove an unhandled error case in the C implementation of calls to datetime.fromtimestamp with no time zone (i.e. getting a local time from an epoch timestamp). This should have no user-facing effect other than giving a possibly more accurate error message when called with timestamps that fall on 10000-01-01 in the local time. Patch by Paul Ganssle. - bpo-47260: Fix os.closerange() potentially being a no-op in a Linux seccomp sandbox. - bpo-39064: zipfile.ZipFile now raises zipfile.BadZipFile instead of ValueError when reading a corrupt zip file in which the central directory offset is negative. - bpo-47151: When subprocess tries to use vfork, it now falls back to fork if vfork returns an error. This allows use in situations where vfork isn’t allowed by the OS kernel. - bpo-27929: Fix asyncio.loop.sock_connect() to only resolve names for socket.AF_INET or socket.AF_INET6 families. Resolution may not make sense for other families, like socket.AF_BLUETOOTH and socket.AF_UNIX. - bpo-43323: Fix errors in the email module if the charset itself contains undecodable/unencodable characters. - bpo-47101: hashlib.algorithms_available now lists only algorithms that are provided by activated crypto providers on OpenSSL 3.0. Legacy algorithms are not listed unless the legacy provider has been loaded into the default OSSL context. - bpo-46787: Fix concurrent.futures.ProcessPoolExecutor exception memory leak - bpo-45393: Fix the formatting for await x and not x in the operator precedence table when using the help() system. - bpo-46415: Fix ipaddress.ip_{address,interface,network} raising TypeError instead of ValueError if given invalid tuple as address parameter. - bpo-28249: Set doctest.DocTest.lineno to None when object does not have __doc__. - bpo-45138: Fix a regression in the sqlite3 trace callback where bound parameters were not expanded in the passed statement string. The regression was introduced in Python 3.10 by bpo-40318. Patch by Erlend E. Aasland. - bpo-44493: Add missing terminated NUL in sockaddr_un’s length - This was potentially observable when using non-abstract AF_UNIX datagram sockets to processes written in another programming language. - bpo-42627: Fix incorrect parsing of Windows registry proxy settings - bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of cursors in sqlite3 converters. Patch by Sergey Fedoseev. - Documentation - gh-86438: Clarify that -W and PYTHONWARNINGS are matched literally and case-insensitively, rather than as regular expressions, in warnings. - gh-92240: Added release dates for “What’s New in Python 3.X” for 3.0, 3.1, 3.2, 3.8 and 3.10 - gh-91888: Add a new gh role to the documentation to link to GitHub issues. - gh-91783: Document security issues concerning the use of the function shutil.unpack_archive() - gh-91547: Remove “Undocumented modules” page. - bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of shutil.copytree(). - bpo-38668: Update the introduction to documentation for os.path to remove warnings that became irrelevant after the implementations of PEP 383 and PEP 529. - bpo-47138: Pin Jinja to a version compatible with Sphinx version 3.2.1. - bpo-46962: All docstrings in code snippets are now wrapped into PyDoc_STR() to follow the guideline of PEP 7’s Documentation Strings paragraph. Patch by Oleg Iarygin. - bpo-26792: Improve the docstrings of runpy.run_module() and runpy.run_path(). Original patch by Andrew Brezovsky. - bpo-40838: Document that inspect.getdoc(), inspect.getmodule(), and inspect.getsourcefile() might return None. - bpo-45790: Adjust inaccurate phrasing in Defining Extension Types: Tutorial about the ob_base field and the macros used to access its contents. - bpo-42340: Document that in some circumstances KeyboardInterrupt may cause the code to enter an inconsistent state. Provided a sample workaround to avoid it if needed. - bpo-41233: Link the errnos referenced in Doc/library/exceptions.rst to their respective section in Doc/library/errno.rst, and vice versa. Previously this was only done for EINTR and InterruptedError. Patch by Yan “yyyyyyyan” Orestes. - bpo-38056: Overhaul the Error Handlers documentation in codecs. - bpo-13553: Document tkinter.Tk args. - Tests - gh-92886: Fixing tests that fail when running with optimizations (-O) in test_imaplib.py. - gh-92670: Skip test_shutil.TestCopy.test_copyfile_nonexistent_dir test on AIX as the test uses a trailing slash to force the OS consider the path as a directory, but on AIX the trailing slash has no effect and is considered as a file. - gh-91904: Fix initialization of PYTHONREGRTEST_UNICODE_GUARD which prevented running regression tests on non-UTF-8 locale. - gh-91607: Fix test_concurrent_futures to test the correct multiprocessing start method context in several cases where the test logic mixed this up. - bpo-47205: Skip test for sched_getaffinity() and sched_setaffinity() error case on FreeBSD. - bpo-47104: Rewrite asyncio.to_thread() tests to use unittest.IsolatedAsyncioTestCase. - bpo-29890: Add tests for ipaddress.IPv4Interface and ipaddress.IPv6Interface construction with tuple arguments. Original patch and tests by louisom. - Tools/Demos - gh-91583: Fix regression in the code generated by Argument Clinic for functions with the defining_class parameter. ++++ python310: - Update to 3.10.5: - Core and Builtins - gh-93418: Fixed an assert where an f-string has an equal sign ‘=’ following an expression, but there’s no trailing brace. For example, f”{i=”. - gh-91924: Fix __ltrace__ debug feature if the stdout encoding is not UTF-8. Patch by Victor Stinner. - gh-93061: Backward jumps after async for loops are no longer given dubious line numbers. - gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees. - The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for more details. - gh-92311: Fixed a bug where setting frame.f_lineno to jump over a list comprehension could misbehave or crash. - gh-92112: Fix crash triggered by an evil custom mro() on a metaclass. - gh-92036: Fix a crash in subinterpreters related to the garbage collector. When a subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a crash in deallocator functions expecting objects to be tracked by the GC, leak a strong reference to these objects on purpose, so they are never deleted and their deallocator functions are not called. Patch by Victor Stinner. - gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex. - bpo-47212: Raise IndentationError instead of SyntaxError for a bare except with no following indent. Improve SyntaxError locations for an un-parenthesized generator used as arguments. Patch by Matthieu Dartiailh. - bpo-47182: Fix a crash when using a named unicode character like "\N{digit nine}" after the main interpreter has been initialized a second time. - bpo-47117: Fix a crash if we fail to decode characters in interactive mode if the tokenizer buffers are uninitialized. Patch by Pablo Galindo. - bpo-39829: Removed the __len__() call when initializing a list and moved initializing to list_extend. Patch by Jeremiah Pascual. - bpo-46962: Classes and functions that unconditionally declared their docstrings ignoring the - -without-doc-strings compilation flag no longer do so. - The classes affected are ctypes.UnionType, pickle.PickleBuffer, testcapi.RecursingInfinitelyError, and types.GenericAlias. - The functions affected are 24 methods in ctypes. - Patch by Oleg Iarygin. - bpo-36819: Fix crashes in built-in encoders with error handlers that return position less or equal than the starting position of non-encodable characters. - Library - gh-93156: Accessing the pathlib.PurePath.parents sequence of an absolute path using negative index values produced incorrect results. - gh-89973: Fix re.error raised in fnmatch if the pattern contains a character range with upper bound lower than lower bound (e.g. [c-a]). Now such ranges are interpreted as empty ranges. - gh-93010: In a very special case, the email package tried to append the nonexistent InvalidHeaderError to the defect list. It should have been InvalidHeaderDefect. - gh-92839: Fixed crash resulting from calling bisect.insort() or bisect.insort_left() with the key argument not equal to None. - gh-91581: utcfromtimestamp() no longer attempts to resolve fold in the pure Python implementation, since the fold is never 1 in UTC. In addition to being slightly faster in the common case, this also prevents some errors when the timestamp is close to datetime.min. Patch by Paul Ganssle. - gh-92530: Fix an issue that occurred after interrupting threading.Condition.notify(). - gh-92049: Forbid pickling constants re._constants.SUCCESS etc. Previously, pickling did not fail, but the result could not be unpickled. - bpo-47029: Always close the read end of the pipe used by multiprocessing.Queue after the last write of buffered data to the write end of the pipe to avoid BrokenPipeError at garbage collection and at multiprocessing.Queue.close() calls. Patch by Géry Ogam. - gh-91401: Provide a fail-safe way to disable subprocess use of vfork() via a private subprocess._USE_VFORK attribute. While there is currently no known need for this, if you find a need please only set it to False. File a CPython issue as to why you needed it and link to that from a comment in your code. This attribute is documented as a footnote in 3.11. - gh-91910: Add missing f prefix to f-strings in error messages from the multiprocessing and asyncio modules. - gh-91810: ElementTree method write() and function tostring() now use the text file’s encoding (“UTF-8” if not available) instead of locale encoding in XML declaration when encoding="unicode" is specified. - gh-91832: Add required attribute to argparse.Action repr output. - gh-91700: Compilation of regular expression containing a conditional expression (?(group)...) now raises an appropriate re.error if the group number refers to not defined group. Previously an internal RuntimeError was raised. - gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown the per test event loop executor before returning from its run method so that a not yet stopped or garbage collected executor state does not persist beyond the test. - gh-90568: Parsing \N escapes of Unicode Named Character Sequences in a regular expression raises now re.error instead of TypeError. - gh-91595: Fix the comparison of character and integer inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu. - gh-90622: Worker processes for concurrent.futures.ProcessPoolExecutor are no longer spawned on demand (a feature added in 3.9) when the multiprocessing context start method is "fork" as that can lead to deadlocks in the child processes due to a fork happening while threads are running. - gh-91575: Update case-insensitive matching in the re module to the latest Unicode version. - gh-91581: Remove an unhandled error case in the C implementation of calls to datetime.fromtimestamp with no time zone (i.e. getting a local time from an epoch timestamp). This should have no user-facing effect other than giving a possibly more accurate error message when called with timestamps that fall on 10000-01-01 in the local time. Patch by Paul Ganssle. - bpo-47260: Fix os.closerange() potentially being a no-op in a Linux seccomp sandbox. - bpo-39064: zipfile.ZipFile now raises zipfile.BadZipFile instead of ValueError when reading a corrupt zip file in which the central directory offset is negative. - bpo-47151: When subprocess tries to use vfork, it now falls back to fork if vfork returns an error. This allows use in situations where vfork isn’t allowed by the OS kernel. - bpo-27929: Fix asyncio.loop.sock_connect() to only resolve names for socket.AF_INET or socket.AF_INET6 families. Resolution may not make sense for other families, like socket.AF_BLUETOOTH and socket.AF_UNIX. - bpo-43323: Fix errors in the email module if the charset itself contains undecodable/unencodable characters. - bpo-47101: hashlib.algorithms_available now lists only algorithms that are provided by activated crypto providers on OpenSSL 3.0. Legacy algorithms are not listed unless the legacy provider has been loaded into the default OSSL context. - bpo-46787: Fix concurrent.futures.ProcessPoolExecutor exception memory leak - bpo-45393: Fix the formatting for await x and not x in the operator precedence table when using the help() system. - bpo-46415: Fix ipaddress.ip_{address,interface,network} raising TypeError instead of ValueError if given invalid tuple as address parameter. - bpo-28249: Set doctest.DocTest.lineno to None when object does not have __doc__. - bpo-45138: Fix a regression in the sqlite3 trace callback where bound parameters were not expanded in the passed statement string. The regression was introduced in Python 3.10 by bpo-40318. Patch by Erlend E. Aasland. - bpo-44493: Add missing terminated NUL in sockaddr_un’s length - This was potentially observable when using non-abstract AF_UNIX datagram sockets to processes written in another programming language. - bpo-42627: Fix incorrect parsing of Windows registry proxy settings - bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of cursors in sqlite3 converters. Patch by Sergey Fedoseev. - Documentation - gh-86438: Clarify that -W and PYTHONWARNINGS are matched literally and case-insensitively, rather than as regular expressions, in warnings. - gh-92240: Added release dates for “What’s New in Python 3.X” for 3.0, 3.1, 3.2, 3.8 and 3.10 - gh-91888: Add a new gh role to the documentation to link to GitHub issues. - gh-91783: Document security issues concerning the use of the function shutil.unpack_archive() - gh-91547: Remove “Undocumented modules” page. - bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of shutil.copytree(). - bpo-38668: Update the introduction to documentation for os.path to remove warnings that became irrelevant after the implementations of PEP 383 and PEP 529. - bpo-47138: Pin Jinja to a version compatible with Sphinx version 3.2.1. - bpo-46962: All docstrings in code snippets are now wrapped into PyDoc_STR() to follow the guideline of PEP 7’s Documentation Strings paragraph. Patch by Oleg Iarygin. - bpo-26792: Improve the docstrings of runpy.run_module() and runpy.run_path(). Original patch by Andrew Brezovsky. - bpo-40838: Document that inspect.getdoc(), inspect.getmodule(), and inspect.getsourcefile() might return None. - bpo-45790: Adjust inaccurate phrasing in Defining Extension Types: Tutorial about the ob_base field and the macros used to access its contents. - bpo-42340: Document that in some circumstances KeyboardInterrupt may cause the code to enter an inconsistent state. Provided a sample workaround to avoid it if needed. - bpo-41233: Link the errnos referenced in Doc/library/exceptions.rst to their respective section in Doc/library/errno.rst, and vice versa. Previously this was only done for EINTR and InterruptedError. Patch by Yan “yyyyyyyan” Orestes. - bpo-38056: Overhaul the Error Handlers documentation in codecs. - bpo-13553: Document tkinter.Tk args. - Tests - gh-92886: Fixing tests that fail when running with optimizations (-O) in test_imaplib.py. - gh-92670: Skip test_shutil.TestCopy.test_copyfile_nonexistent_dir test on AIX as the test uses a trailing slash to force the OS consider the path as a directory, but on AIX the trailing slash has no effect and is considered as a file. - gh-91904: Fix initialization of PYTHONREGRTEST_UNICODE_GUARD which prevented running regression tests on non-UTF-8 locale. - gh-91607: Fix test_concurrent_futures to test the correct multiprocessing start method context in several cases where the test logic mixed this up. - bpo-47205: Skip test for sched_getaffinity() and sched_setaffinity() error case on FreeBSD. - bpo-47104: Rewrite asyncio.to_thread() tests to use unittest.IsolatedAsyncioTestCase. - bpo-29890: Add tests for ipaddress.IPv4Interface and ipaddress.IPv6Interface construction with tuple arguments. Original patch and tests by louisom. - Tools/Demos - gh-91583: Fix regression in the code generated by Argument Clinic for functions with the defining_class parameter. ------------------------------------------------------------------ ------------------ 2022-6-5 - Jun 5 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - removed libkms BuildRequires, since it has been dropped from libdrm ++++ Mesa-drivers: - removed libkms BuildRequires, since it has been dropped from libdrm ++++ iproute2: - update to 5.18: This is the release of iproute2 corresponding to the 5.18 kernel. There are not many new features in this release. * The build issues with libbpf should be fixed now. * Building with clang is now supported. * There are still some warnings with gcc-12 that will need to be fixed in the upstream kernel headers. ------------------------------------------------------------------ ------------------ 2022-6-4 - Jun 4 2022 ------------------- ------------------------------------------------------------------ ++++ lua54: - Added more numbered patches from upstream: * luabugs3.patch * luabugs4.patch (bsc#1201146, CVE-2022-33099) * luabugs5.patch ++++ python-Jinja2: - update to 3.1.2: * Add parameters to ``Environment.overlay`` to match ``__init__``. * Handle race condition in ``FileSystemBytecodeCache``. :issue:`1654` ------------------------------------------------------------------ ------------------ 2022-6-3 - Jun 3 2022 ------------------- ------------------------------------------------------------------ ++++ k3s-install: - Ensure k3s-selinux is required, instead of container-selinux. ++++ kernel-default: - Remove mistakenly enabled CONFIG_JBD2_DEBUG. - commit 7534680 ++++ libdrm: - update to 2.4.111 * bugfixes * drops libkms - added tegra-* tools on aarch64 to spefile ++++ patterns-alp: - Add k3s-selinux until fixed k3s-install pulls it. - Preinstall k3s-install. - No long requires haveged (boo#1190024): The mainline Linux Kernel has now HAVEGED algorithm build in internally (since version 5.6). ++++ toolbox: - Update to version 2.3+git20220603.bbeda2e: * Allow to choose runtime and try to retain the user's groups * (Try to) Avoid problems when packages touching bind mounts are upgraded * Try to make sure that (some) foreign distro images (kind of) work as toolboxes * Do not stop a toolbox with something running inside * Exit if neither podman or docker are usable * Support passing just the name of the container to create and enter command * Fix cleanup logic and make toolbox start a little less verbose * Always pull when creating a new toolbox * Add a "more sandboxing" mode ------------------------------------------------------------------ ------------------ 2022-6-2 - Jun 2 2022 ------------------- ------------------------------------------------------------------ ++++ ALP-build-key: - Initial key package for ALP ++++ Mesa: - Update to 22.1.1 * first bugfix release - supersedes U_llvmpipe-flush-resources-for-kms-swrast-path.patch ++++ Mesa-drivers: - Update to 22.1.1 * first bugfix release - supersedes U_llvmpipe-flush-resources-for-kms-swrast-path.patch ++++ openssl-1_1: - Update to 1.1.1o: [CVE-2022-1292, bsc#1199166] * Fixed a bug in the c_rehash script which was not properly sanitising shell metacharacters to prevent command injection. * Rebased openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch * Rebased openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch - Added openssl-update_expired_certificates.patch * Openssl failed tests because of expired certificates. * bsc#1185637 * Sourced from https://github.com/openssl/openssl/pull/18446/commits ++++ ceph: - Update to ceph-16.2.9-58-ge2e5cb80063: + (bsc#1200064, pr#480) Remove last vestiges of docker.io image paths ++++ snapper: - added generic plugin support (gh#openSUSE/snapper#727) ++++ unbound: - update to 1.16.0 * Features - Merge PR #604: Add basic support for EDE (RFC8914). * Bug Fixes - Fix #412: cache invalidation issue with CNAME+A. - Fix that TCP interface does not use TLS when TLS is also configured. - Fix #624: Unable to stop Unbound in Windows console (does not respond to CTRL+C command). - Fix #618: enabling interface-automatic disables DNS-over-TLS. Adds the option to list interface-automatic-ports. - Remove debug info from #618 fix. - Fix #628: A rpz-passthru action is not ending RPZ zone processing. - Fix for #628: fix rpz-passthru for qname trigger by localzone type. - Fix that address not available is squelched from the logs for udp connect failures. It is visible on verbosity 4 and more. - Merge #631 from mollyim: Replace OpenSSL's ERR_PACK with ERR_GET_REASON. - Fix to detect that no IPv6 support means that IPv6 addresses are useless for delegation point lookups. - update Makefile dependencies. - Fix check interface existence for support detection in remote lookup. - Fix #633: Document unix domain socket support for unbound-control. - Fix for #633: updated fix with new text. - Fix edns client subnet to add the option based on the option list, so that it is not state dependent, after the state fix of #605 for double EDNS options. - Fix for edns client subnet option add fix in removal code, from review. - Fix #630: Unify the RPZ log messages. - Merge #623 from rex4539: Fix typos. - Fix pythonmod for change in iter_dp_is_useless function prototype. - Fix compile warnings for printf ll format on mingw compile. - Merge PR #632 from scottrw93: Match cnames in ipset. - Various fixes for #632: variable initialisation, convert the qinfo to str once, accept trailing dot in the local-zone ipset option. - Fix #637: Integer Overflow in sldns_str2period function. - Fix for #637: fix integer overflow checks in sldns_str2period. - Fix configure for python to use sysutils, because distutils is deprecated. It uses sysutils when available, distutils otherwise. - Merge #644: Make `install-lib` make target install the pkg-config file. - Fix to ensure uniform handling of spaces and tabs when parsing RRs. - Fix to describe auth-zone and other configuration at the local-zone configuration option, to allow for more broadly view of the options. - Merge PR #648 from eaglegai: fix -q doesn't work when use with 'unbound-control stats_shm'. - Fix #651: [FR] Better logging for refused queries. - Fix spelling error in comment in sldns_str2wire_svcparam_key_lookup. - Fix zonemd check to allow unsupported algorithms to load. If there are only unsupported algorithms, or unsupported schemes, and no failed or successful other ZONEMD records, or malformed or bad ZONEMD records, the unsupported records allow the zone load. - Fix zonemd unsupported algo check. - Fix zonemd unsupported algo check reason to not copy to next record, and check for success for debug printout. - Fix zonemd unsupported algo check to print unsupported reason before zeroing it. - Fix zonemd unsupported algo check to set reason to NULL before the check routine, but after malformed checks, to get the correct NULL output when the digest matches. - Fix #670: SERVFAIL problems with unbound 1.15.0 running on OpenBSD 7.1. - Fix Python build in non-source directory; based on patch by Michael Tokarev. - Fix #673: DNS over TLS: error: SSL_handshake syscall: No route to host. - Merge #677: Allow using system certificates not only on Windows, from pemensik. - For #677: Added tls-system-cert to config parser and documentation. - Fix #417: prefetch and ECS causing cache corruption when used together. - Fix #678: [FR] modify behaviour of unbound-control rpz_enable zone, by updating unbound-control's documentation. - Fix typos in config_set_option for the 'num-threads' and 'ede-serve-expired' options. - Fix to silence test for ede error output to the console from the test setup script. - Fix ede test to not use default pidfile, and use local interface. - Fix some lint type warnings. - Fix #684: [FTBS] configure script error with libmnl on openSUSE 15.3 (and possibly other distributions) ++++ patterns-alp: - Requires ALP-build-key. ++++ suse-module-tools: - Update to version 16.0.20: * Bump version to 16.0.20 * driver-check.sh: avoid false positive error messages (boo#1200107) * don't hardcode /boot for kernel-related files (boo#1199873) * spec file: use "install -p" consistently ++++ xkeyboard-config: - U_Fixes-regression-from-c3c5d02-were-mistakenly-replac.patch * Regression fixed from c3c5d02rules: sort the names of multimedia keyboards alphabetically "\" at the end of line were mistakenly replacd by "/" - Update to version 2.36 * bugfixes * removed autotools support :-( - switched to meson ------------------------------------------------------------------ ------------------ 2022-6-1 - Jun 1 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - Add patch to fix glitches with KMS (boo#1199885): * U_llvmpipe-flush-resources-for-kms-swrast-path.patch ++++ Mesa-drivers: - Add patch to fix glitches with KMS (boo#1199885): * U_llvmpipe-flush-resources-for-kms-swrast-path.patch ++++ hwdata: - Update to version 0.360 (bsc#1200110): + Updated pci, usb and vendor ids. ++++ kernel-default: - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - commit dfccb72 - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - commit 0578d76 - KVM: x86: avoid calling x86 emulator without a decoded instruction (CVE-2022-1852 bsc#1199875). - commit b4b07c8 - KVM: x86: avoid calling x86 emulator without a decoded instruction (CVE-2022-1852 bsc#1199875). - commit 01a406d ++++ alsa: - Update to version 1.2.7: more extended UCM API, PCM rate,multi,direct plugin fixes and enhancements, compilation fixes, etc. For details see: https://www.alsa-project.org/wiki/Changes_v1.2.6.3_v1.2.7#alsa-lib ++++ parted: - use static keyring file (and switch to the release team keyring) ++++ systemd: - Upgrade to v251.2 (commit 949d6bb7201dd48167ee9716ed6278764d1f4c0f) See https://github.com/openSUSE/systemd/blob/SUSE/v251/NEWS for details. This includes the following bug fixes: - upstream commit e6b169418369abbc88c8f622e02e1d704a23d4ef (bsc#1137373 bsc#1181658 bsc#1194708 bsc#1195157 bsc#1197570) * Rebased 0001-conf-parser-introduce-early-drop-ins.patch * systemd-testsuite now requires python3-pexpect due to TEST-69-SHUTDOWN relying on this module. * sysusers.d/systemd-network.conf has been moved to systemd-network sub-package since the tmpfiles configuration snippets for networkd has also been moved to this sub-package. ++++ libvirt: - Update to libvirt 8.4.0 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v8-4-0-2022-06-01 ++++ pam: - Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d ++++ patterns-base: - No long recommend haveged (boo#1190024): The mainline Linux Kernel has now HAVEGED algorithm build in internally (since version 5.6). ++++ python-libvirt-python: - Update to 8.4.0 - Add all new APIs and constants in libvirt 8.4.0 ++++ python-pyOpenSSL: - Shift BuildRequires on openssl, it's only required for tests. ------------------------------------------------------------------ ------------------ 2022-5-31 - May 31 2022 ------------------- ------------------------------------------------------------------ ++++ glib2: - Update to version 2.72.2: + Bugs fixed: glgo#GNOME/GLib#2640, glgo#GNOME/GLib!2605, glgo#GNOME/GLib!2616, glgo#GNOME/GLib!2629, glgo#GNOME/GLib!2643, glgo#GNOME/GLib!2644, glgo#GNOME/GLib!2662, glgo#GNOME/GLib!2691. + Updated translations. ++++ grub2: - Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) * 0001-video-Remove-trailing-whitespaces.patch * 0002-loader-efi-chainloader-Simplify-the-loader-state.patch * 0003-commands-boot-Add-API-to-pass-context-to-loader.patch - Fix CVE-2022-28736 (bsc#1198496) * 0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch - Fix CVE-2022-28735 (bsc#1198495) * 0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch * 0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch * 0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch * 0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch - Fix CVE-2021-3695 (bsc#1191184) * 0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch - Fix CVE-2021-3696 (bsc#1191185) * 0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch * 0011-video-readers-png-Sanity-check-some-huffman-codes.patch * 0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch * 0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch * 0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch - Fix CVE-2021-3697 (bsc#1191186) * 0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch * 0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch - Fix CVE-2022-28733 (bsc#1198460) * 0017-net-ip-Do-IP-fragment-maths-safely.patch * 0018-net-netbuff-Block-overly-large-netbuff-allocs.patch * 0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch * 0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch * 0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch * 0022-net-tftp-Avoid-a-trivial-UAF.patch * 0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch - Fix CVE-2022-28734 (bsc#1198493) * 0024-net-http-Fix-OOB-write-for-split-http-headers.patch - Fix CVE-2022-28734 (bsc#1198493) * 0025-net-http-Error-out-on-headers-with-LF-without-CR.patch * 0026-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch * 0027-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch * 0028-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch * 0029-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch * 0030-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch * 0031-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch * 0032-Use-grub_loader_set_ex-for-secureboot-chainloader.patch - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused by 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch, when the root LV is completely in the boot LUN (bsc#1197948) * 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch ++++ k3s-install: - Drop inform-user-of-current-k3s-SELinux-support.patch, no longer needed. - Add dependency on container-selinux. - Drop dependencies on containerd, cni-plugins, conntrack-tools, runc packages since k3s ships its own stack. - Update to version 1.23.6+k3s1: * Fix issue with datastore corruption on cluster-reset (#5515) * Bump containerd for selinux fix (#5507) * Secrets Encryption: Add RetryOnConflict around updating nodes (#5495) * Fix issue with long-running apiserver endpoints watch (#5478) * Update Kubernetes to v1.23.6 (#5477) * Fix default ipv6 cidr (#5467) * E2E Validation Improvements (#5444) * Add s390x arch support for k3s (#5018) * Bump etcd to 3.5.3-k3s1 * Move IPv4/v6 selection into helpers * Fix issue with RKE2 servers hanging on listing apiserver addresses * Print a helpful error when trying to join additional servers but etcd is not in use * Use core constants for cert user/group values * Bump containerd to v1.5.11-k3s1 * Added option to deploy hardened k3s (#5415) * Added support for repeated extra arguments * update sonobuoy to 0.56.4 (#5419) * Bump Reencryption Test timeout, improve comments (#5431) * Added default endpoint for IPv6 * Update golangci-lint to 1.45.2 * fixes and updates to jenkinsfile (#5370) * Fixed flannel backend helper text * update trivy to 0.25.3 * fix: non-idiomatic returning of boolean expression (#5343) * Add certificate rotation integration tests (#5393) * Update helm-controller version * Move the apiserver addresses controller into the etcd package * Updated wireguard-native options and added log message * Added new flannel backend to use wireguard from flannel * Fix crash on early snapshot * Don't print password conversion rate * Allow agents to query non-apiserver supervisors for apiserver endpoints * Add client certificate authentication support to core Authenticator * Redact datastore and etcd snapshot config from serialization * netpol: Add dual-stack support * Allow using flannel wireguard backend in a custom config * Fixed http URL on etcd * Fixed loadbalancer in case of IPv6 addresses * Fixed etcd register * Fixed client URL * Skip setting up client tls when etcd server does not have tls enabled * add a wrapper around the containerd.New call to fix and pass the proper npipe connector * Updated localhost address on IPv6 only setup * Defragment etcd datastore before clearing alarms * Fix etcd-only secrets encryption rotation * Properly attach secrets-encrypt events to the node resource * Fix log spam due to servicelb event recorder namespace conflict * Ensure that apiserver ready channel checks re-dial every time * Fixed etcd URL in case of IPv6 address * vagrant: Set mount options for NFS * vagrant: Enable IPv6 and IP forwarding * go generate * Bump coredns to v1.9.1 * Update Kubernetes to v1.23.5-k3s1 * Refactor automation using terraform (#5268) * Defer ensuring node passwords on etcd-only nodes during initial cluster bootstrap * Replace CentOS 8 with Rocky Linux 8 for install testing (#5279) * E2E Split Server Test (#5286) * Handle empty entries in bootstrap path map * Update helm-controller * Track upstream changes to kubectl command execution * Add cross-compilation as sanity check (#5255) * Close additional leaked GPRC clients * Testing directory and documentation rework. (#5256) * Changed ipv6 config on flannel setup * Added ipv6 only support with flannel * fix function arg call (#5234) * Populate EtcdConfig in runtime from datastore when etcd is disabled (#5222) * Fixed log in case of ipv6 only config * Added switch case to check netMode * Fixed in case of empty address * Updated flannel to 0.17 * Support MixedProtocolLBService and clean up Daemonsets on type change. * Update Fossa API key variable to match what the plugin wants * Bump containerd to v1.5.10-k3s1 * Mark 1.22.7 as stable (#5192) * [master] changing package to k3s-io (#4846) * servicelb pool selector * Switch to drone-fossa plugin * E2E Add external DB options to ValidateCluster test (#5157) * Bootstrap the executor even when the agent is disabled * Fix etcd-snapshot commands by making setup more consistent. * Ignore cluster membership errors when reconciling from temp etcd * Move temporary etcd startup into etcd module * Wait for process to exit before returning from kill helper * Add function to clear local alarms on etcd startup * E2E secrets encryption test (#5144) * Add http/2 support to API server (#5149) * Disable ineffassign CI plugin for excessive false positives * Fix adding etcd-only node to existing cluster * Bump up github.com/containerd/stargz-snapshotter (v0.11.0) (#5032) * Remove unnecessary copies of etcdconfig struct * Remove unnecessary copies of runtime struct * Fix cluster bootstrap test * Add contributors documentation (#5154) * Add `--json` flag for `k3s secrets-encrypt status` (#5127) * add ability to specify etcd snapshot list output format (#5132) * Create encryption hash file if it doesn't exist (#5140) * Move testing lock from server creation to test start (#5155) * Update to V1.23.4 k3s1 (#5135) * Fix deploy controller resource deletion * Fix annoying netpol log * Add support for IPv6 only mode * E2E Test Improvements (#5102) * Migrate Ginkgo testing framework to V2, consolidate integration tests (#5097) * Add k3s etcd restoration integration test (#5014) * Remove the iptables rules from ipmasq flannel * Fix cluster validation and add upgrade cluster test (#5020) * Update CentOS 8 smoke vm's with vault repositories (#5092) * netpol: Use kube-router as a library * Check for `--kubeconfig` flag with embedded `kubectl` (#5064) * Update legacy-unknown-cert and legacy-unknown-key (#5057) * Bump K3s stable to v1.22.6 (#5050) * Update versions: * Fixes to Drone CI Stability (#4897) * Add server flag to access nonlocal/nondefault k3s server (#5016) * Update to v1.23.3 (#5027) * Add Rocket.Chat to list of adopters (#5017) * Move containerd wait into exported function * Update to v1.23.2 (#4997) * Add new upgradecluster E2E test (#4900) * Update packaged components * go generate * Upgrade: metrics server version bump from v0.5.0 to v0.5.2 * Remove ip6table rules when cleaning up k3s * Added debug log for IPv6 Masquerading rule * Bump etcd and containerd to track upstream * Skip CGroup v2 evac when agent is disabled * Added flannel-ipv6-masq flag to enable IPv6 nat * Added iptables masquerade rules for ipv6 on flannel * Adds the ability to compress etcd snapshots (#4866) * Enable logging on all subcommands (#4921) * Move ClusterResetRestore handling ControlConfig setup * Update building documentation for macOS (#4850) * Add basic etcd join test * Fix handling of agent-token fallback to token * Fix use of agent creds for secrets-encrypt and config validate * Don't skip the dev image when skipping airgap * Fix a typo: advertise-up -> advertise-ip (#4827) * Integration tests utilities improvements (#4832) * Enable make generate to use dapper and standardize go and gzip versions (#4861) * linter doesn't actually run on windows, found these while getting it running on a windows machine * Update channel.yaml for 1.23 * Export default parser * Require integration test to be run as sudo/root (#4824) * Fix cgroup smoke test (#4823) * Update golang * Update modules for Kubernetes v1.23 * Add tests to use vagrantfile (#4722) * Bump stable to v1.22.5+k3s1 (#4821) * package rename wasnt approved yet, backing out cruft that snuck into last pr * Fix panic checking name of uninitialized etcd member * Add etcd sonobuoy tests * Add variable to enforce max test concurrency * Fix previous channel detection * More codespell ignores * Update bootstrap logic to output all changed files on disk (#4800) * delete vendor dir * code changes to drop the vendor dir * Move flannel logs to logrus * Close agentReady channel only in k3s (#4792) * Close etcd clients to avoid leaking GRPC connections * Remove Disables, Skips and DisableKubeProxy from the comparing configs * Add initial skeleton ADOPTERS.md to better track large use cases (#4764) * Add ADR * Build standalone containerd * Build script cleanups * Bump k3s-root to v0.10.1 * Fix cold boot and reconcilation on secondary servers (#4747) * docs: adrs: Dual-stack in network policy agent * Fix snapshot restoration on fresh nodes (#4737) * Resolve Bootstrap Migration Edge Case (#4730) * Add in docs/adr to ensure we capture decisions properly during design calls (#4707) * Resolve restore bootstrap (#4704) * Update wharfie usage in windows code path * [master] Add validation to certificate rotation (#4692) * Bump runc to v1.0.3 * Add `SKIP_AIRGAP` enviroment variable for make (#4688) * Include node-external-ip in serving-kubelet.crt SANs (#4620) * Secrets-encryption rotation (#4372) * Check HA network parameters * Bump wharfie to v0.5.1 and use shared decompression code * bump kine to v0.8.1 * Update dynamiclistener * Nighlty automation vagrant rework (#4574) * Bump stable to v1.21.7+k3s1 (#4636) * Add cert rotation command (#4495) * Update maintainers list (#4622) * Improved cleanup for etcd unit test (#4537) * etcd snapshot functionality enhancements (#4453) * go generate * Add package version to traefik helm chart * Improve flannel logging * [master] Bump golang and containerd (#4538) * [master] Bump Kubernetes to v1.22.4-k3s1 (#4536) * Fix regression with cluster reset (#4521) * Improved regex for double equals arguments (#4505) * Removed value from warning about skipping flags (#4491) * tests/vagrant: refactor vagrant smoke tests (#4484) * [master] Add etcd extra args support for K3s (#4463) * Feature: Add CoreDNS Customization Options * Fix to allow etcd-snapshot to use config file with flags that are only used with k3s server. (#4464) * Increase agent's apiserver ready timeout (#4454) * go generate * Add dashboard annotations to Traefik helm chart * Allow svclb pod to enable ipv6 forwarding * update bootstrap logic (#4438) * Corrected skip check for dualstack on CI (#4427) * install: /usr/sbin/transactional-update (#4403) * Match to last After keyword for parser (#4383) * Replace gzip with pigz for faster builds (#4411) * Remove unit tests from drone CI (#4424) * [master] updating to new signals package in wrangler (#4399) * install.sh: fix path detection for sle-micro (#4398) * containerd: v1.5.7-k3s2 (#4387) * Bump klipper-lb image for arm fix * Update k3s CI to run all integration tests (#4358) * Enable Epics Action to automatically check off child issues in an epic (#4353) * refactor: Use plain channel send or receive * Fix log/reap reexec * containerd/cri: enable the btrfs snapshotter (#4316) * Fix other uses of NewForConfigOrDie in contexts where we could return err * Watch the local Node object instead of get/sleep looping * Block scheduler startup on untainted node when using embedded CCM * install.sh: initial support for sle-micro (#4331) * Update to v1.22.3 (#4354) * K3s Integration test fixes (#4341) * Update peer address when running cluster-reset * reset buffer after use (#4279) * Bump klipper-helm version * Added configuration input to etcd-snapshot (#4280) * install.sh: capture quoted environment variables (#4275) * Update to the newest flannel * Bump klog fork version * set duration to second (#4231) * Add etcd s3 timeout (#4207) * Copy old bootstrap buffer data for use during migration (#4215) * Fix race condition in cloud provider * Add containerd ready channel to delay etcd node join * maintainers: add Manuel and Michal (#4193) * Display cluster tls error only in debug mode (#4124) * Refactor log and reaper exec to omit MAINPID * vagrant: Add Ubuntu 21.04 support * vagrant: Update package list for Ubuntu * vagrant: Add support for vagrant-libvirt * vagrant: Change OS environment variable to DISTRO * Improve error message when using a "K10" prefixed token (#4180) * Add ability to reconcile bootstrap data between datastore and disk (#3398) * moving fossa to being inline step with a sles image * Add "etcd-" prefix to etcd-snapshot commands as aliases (#4161) * Dual-stack support LB controller * Update stable to v1.21.5+k3s2 * Add topologySpreadConstraints to support scaling of coredns * Bump containerd to v1.5.7+k3s1 * Don't evacuate the root cgroup when rootless * Skip tests that violate version skew policy * Send MAINPID to systemd when reexecing for logfile output * Properly handle operation as init process * set transport to skip verify if se skip flag passed (#4102) * Bump stable to v1.21.5+k3s1 (#4068) * Enable the inheritance of settings for ipv6 * Adding fossa anaylze/test drone step * Drop broken SupportNoneCgroupDriver support * Add 1.22 channel * Update build images to python3 for compat with recent gsutil change * Use the new klipper-lb image that has newer go and Alpine versions * Revert "Use the newer klipper-lb image" * Disable automounting service account token in servicelb pods * Make sure there are no duplicates in etcd member list (#4025) * Use the newer klipper-lb image * Enable JobTrackingWithFinalizers FeatureGate * Fix regression from commit 137e80cd865efe51aa3ef0323fd6b0a014b7b9de * Bump golang version * Update Kubernetes to v1.22.2-k3s1 * Remove expiremental from cluster commands (#4024) * Nvidia container runtime discovery in containerd config template (#3890) * Fix premature etcd shutdown when joining an existing cluster * Add StargzSupported stub for Windows * Retrieve "CONTAINERD_" environment variables * No-op when etcd member was already removed and use existing name for etcd controller (#4014) * Add tests to the dual-stack PR and enable dual-stack with flannel backend * Add dual-stack support * Bump helm-controller and klipper-helm image version * Return the error since it just gets logged and retried anyways * Use SubjectAccessReview to validate CCM RBAC * Set controller authn/authz kubeconfigs * Pass context into all Executor functions * Handle cgroup v1/2/hybrid in check-config.sh more explicitly/accurately * [master] Add `etcd-member-management` controller to K3s (#4001) * go mod tidy * Minor cleanup on cribbed function * Wait for apiserver readyz instead of healthz * Anything not EL7 is EL8 * Add exposed metrics listener instead of replacing loopback listener * Replace klog with non-exiting fork * SupportPodPidsLimit is locked to true of 1.20, making pids cgroup support mandatory * Migrate sqlite data to etcd when initializing the cluster * feat: add option to disable s3 over https * Ship Stargz Snapshotter (#2936) * Add missing node name entry to apiserver SAN list * added raspberry installation hint (#2379) * Update maintainers to reflect team changes * Bump kine for metrics/tls changes * Small updates to CONTRIBUTING (#3734) * Fix condition for adding kubernetes endpoints (#3941) * Bump stable to v1.21.4+k3s1 * Creation of K3s integration test Sonobuoy plugin (#3931) * Make consistent use of os-release vars * Fix issue where addon checksum was never stored * Move cniplugins version to 0.9.1 * Add functions to separate ipv4 from ipv6 functions * github actions: enable workflow_dispatch (#3923) * Redux: Enable K3s integration test to run on existing cluster (#3905) * Check /etc/os-release exists before sourcing it * install.sh: Inform user of current k3s+SELinux support status for SUSE/openSUSE systems * Remove runtime V1 (`containerd-shim`) * Update RootlessKit to v0.14.5 (#3902) * Fix rootless regression in 1.22 (Set KubeletInUserNamespace gate) (#3901) * Revert "Enable K3s integration test to run on existing cluster (#3892)" (#3899) * Enable K3s integration test to run on existing cluster (#3892) * Set osImage for docker image * Fix PREVIOUS_CHANNEL lookup when current minor release is not stable * Fix lint failures * Replace dropped v1beta1 APIs with v1 * Update wrangler to v0.8.5 * Wrap errors in runControllers for additional context * Disable deprecated insecure port * Update containerd to 1.5 * Update grpc * Update kine for etcd v3.5 compat * update golangci config to sync with RKE2 * Bump gopls and golangci-lint * Update etcd to v3.5.0 * Update Kubernetes to v1.22.1 * K3s Flock Integration Test (#3887) * Reset load balancer state during restoraion (#3877) * Add missing labels to stalebot config * Update Kubernetes to v1.21.4-k3s1 * Bump containerd to v1.4.9-k3s1 * Bump helm-controller to work around tiller crashes * Fix URL pruning when joining an etcd member (#3832) * Added new testing documentation (#3823) * Added locking system for integration tests (#3820) * Updated the code to use GetNetworkByName and tweaked logic. * Moved testing utils into tests directory. Improved gotests template. (#3805) * account for an s3 folder when listing objects (#3807) * Prevent snapshot commands from creating empty snapshot directory (#3783) * Use New Image Names (#3749) * Fix Node stuck at deletion (#3771) * Bump helm-controller to v0.10.2 * install.sh: Use built-in shell functionality instead of awk * Wrap context with lease before importing images * Fix initial start of etcd only nodes (#3748) * update rancher/local-path-provisioner to v0.0.20 * Update MAINTAINERS (#3744) * Improve config retrieval messages * Sync DisableKubeProxy into control struct * Add nightly automation tests * Add in stalebot config, starting with 6mo old stale issues. (#3739) * Notify systemd for etcd only node (#3732) * Exporting the AddFeatureGate function and adding a unit test for it. (#3661) * Added logic to strip any existing hyphens before processing the args. (#3662) * Fix to allow non-root users access to storage volumes. (#3714) * Wait until server is ready before configuring kube-proxy (#3716) * Introduction of Integration Tests (#3695) * add gotests templates (#3709) * Ignore markdown files for github actions (#3676) * Update 1.21 stable version * more fixes * more fixes * replace error with warn in delete * fix warning msg * migrate old token key format * simplifying the code * migrate empty string key properly * Fix multiple bootstrap keys found * move go routines for api server ready beneath wait group * Bump Kubernetes to v1.21.3 * Bump containerd to v1.4.8-k3s1 * adding startup hooks args to access to Disables and Skips (#3674) * Update .github/ISSUE_TEMPLATE/feature_request.md * Update .github/ISSUE_TEMPLATE/bug_report.md * Fix to allow prune to correctly cleanup custom named snapshots (#3649) * Add checkbox to denote backporting required on issue templates * Adding support for waitgroup to the Startuphooks (#3654) * Bump helm-controller to v0.10.1 (#3644) * Add issue template for creating release checklist issues (#3604) * fix a runtime core panic (#3627) * Convert existing unit tests to standard layout (#3621) * Upgrade k3s-root version * prevent snapshot save when snapshots are disabled (#3475) * 🐳 burp to inetaf/tcpproxy * Bump the packaged runc binary version * Update etcd snapshot error message to be more informative when etcd database is not found (#3568) * Fixing various bugs related to windows. * Update ROADMAP.md * Dispatch to rancher/system-agent-installer-k3s when tagged (#3589) * Update embedded kube-router (#3557) * missing build tag for windows * Set ulimits in docker-compose.yml * Update to v1.21.2 * Fix coverage reporting to include all packages, not just those with tests * Add unit tests for pkg/etcd (#3549) * Fix spelling to satisfy codespell check * Allow passing targeted environment variables to containerd * Add user-facing change section to PR template * (docs) Update README.md * Export cli server flags and etcd restoration functions (#3527) * Bump kine to resolve race condition and unrevisioned delete * Changes local storage pods to have 700 permissions (#3537) * Redux: Add Unit Test Coverage to CI (#3524) * Move cloud-controller-manager into an embedded executor (#3525) * Bump stable version to v1.21.2+k3s1 (#3526) * Adds a command-line flag '--disable-helm-controller' that will disable the server's built-in helm controller. * Revert "Add Unit Test Coverage to CI (#3494)" (#3499) * Add Unit Test Coverage to CI (#3494) * Basic windows agent that will join a cluster without CNI. * Fix storing bootstrap data with empty token string (#3422) * Fail to start k3s if nm-cloud-setup is enabled * Renamed client-cloud-controller crt and key (#3470) * Redux: Change containerd image leases from context lifespan to permanent (#3464) * Revert "Change containerd image leases from 24h to permanent (#3452)" (#3461) * Change containerd image leases from 24h to permanent (#3452) * Send systemd notifications for both server and agent (#3430) * Emit events for AddOn lifecycle * Add comments, clean up imports and function names * Tidy up function calls with many args * Add nodename to UA string for deploy controller * Changed iptables version check for fail if version is between 1.8.0 and 1.8.3 and using nf_tables mode (#3425) * Add kubernetes.default.svc to serving certs * Change Replace with ReplaceAll function * fix possible race where bootstrap data might not save * add log message indicating etcd snapshots are disabled * Fix RBAC cloud-controller-manager name 3308 (#3388) * cgroup2 CI: add rootless * k3s-rootless.service: use fuse-overlayfs snapshotter * Add a path for wireguard's privatekey * Initial windows support for agent (#3375) * Bump stable version to v1.21.1+k3s1 and add v1.21 channel * Update flannel version * containerd: v1.4.4-k3s2 * Bump channel stable version to v1.20.7+k3s1 * Fix shell expansion and file permission issues install.sh * runc: v1.0.0-rc95 (#3348) * move object channel defer close to goroutine * add retention default and wire in s3 prune * Handle conntrack-related sysctls in supervisor agent setup * Add support for multiple env files for systemd unit * add etcd snapshot save subcommand ++++ mozilla-nss: - update to NSS 3.78.1 * bmo#1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple ++++ rpm: - drop requires-ge-macro.diff: this is already in rpm-config-SUSE - enable-postin-scripts-error.diff: refresh ++++ libselinux: - Added restorecon_pin_file.patch. Fixes issus when running fixfiles/restorecon ++++ systemd: - Import commit 4dbc543953eabd4c578da67ce6e2970d6f96c406 (merge of v250.6) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/0d950479e58dd3af007eb3780d600a5446aac519...4dbc543953eabd4c578da67ce6e2970d6f96c406 ++++ xen: - Upstream bug fixes (bsc#1027519) 625fca42-VT-d-reserved-CAP-ND.patch 626f7ee8-x86-MSR-handle-P5-MC-reads.patch 627549d6-IO-shutdown-race.patch - bsc#1199965 - VUL-0: EMBARGOED: CVE-2022-26362: xen: Race condition in typeref acquisition xsa401-1.patch xsa401-2.patch - bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen: Insufficient care with non-coherent mappings xsa402-1.patch xsa402-2.patch xsa402-3.patch xsa402-4.patch xsa402-5.patch ------------------------------------------------------------------ ------------------ 2022-5-30 - May 30 2022 ------------------- ------------------------------------------------------------------ ++++ cups: - Version upgrade to 2.4.2: See https://github.com/openprinting/cups/releases CUPS 2.4.2 brings the fix for CVE-2022-26691 (#bsc1199474) together with LibreSSL/OpenSSL and minimal AIX support. * Fixed certificate strings comparison for Local authorization (CVE-2022-26691) * The `cupsFileOpen` function no longer opens files for append in read-write mode (Issue #291) * The cupsd daemon removed processing temporary queue (Issue #364) * Fixed delay in IPP backend if GNUTLS is used and endpoint doesn't confirm closing the connection (Issue #365) * Fixed conditional jump based on uninitialized value in cups/ppd.c (Issue #329) * Fixed CSS related issues in CUPS Web UI (Issue #344) * Fixed copyright in CUPS Web UI trailer template (Issue #346) * mDNS hostname in device uri is not resolved when installaling a permanent IPP Everywhere queue (Issues #340, #343) * The `lpstat` command now reports when the scheduler is not running (Issue #352) * Updated the man pages concerning the `-h` option (Issue #357) * Re-added LibreSSL/OpenSSL support (Issue #362) * Updated the Solaris smf service file (Issue #368) * Fixed a regression in lpoptions option support (Issue #370) * The scheduler now regenerates the PPD cache information after changing the "cupsd.conf" file (Issue #371) * Updated the scheduler to set "auth-info-required" to "username,password" if a backend reports it needs authentication info but doesn't set a method for authentication (Issue #373) * Updated the configure script to look for the OpenSSL library the old way if pkg-config is not available (Issue #375) * Fixed the prototype for the `httpWriteResponse` function (Issue #380) * Brought back minimal AIX support (Issue #389) * `cupsGetResponse` did not always set the last error. * Fixed a number of old references to the Apple CUPS web page. * Restored the default/generic printer icon file for the web interface. * Removed old stylesheet classes that are no longer used by the web interface. - Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.2 ++++ kernel-default: - Linux 5.18.1 (bsc#1012628). - ALSA: ctxfi: Add SB046x PCI ID (bsc#1012628). - ACPI: sysfs: Fix BERT error region memory mapping (bsc#1012628). - random: check for signals after page of pool writes (bsc#1012628). - random: wire up fops->splice_{read,write}_iter() (bsc#1012628). - random: convert to using fops->write_iter() (bsc#1012628). - random: convert to using fops->read_iter() (bsc#1012628). - random: unify batched entropy implementations (bsc#1012628). - random: move randomize_page() into mm where it belongs (bsc#1012628). - random: move initialization functions out of hot pages (bsc#1012628). - random: make consistent use of buf and len (bsc#1012628). - random: use proper return types on get_random_{int,long}_wait() (bsc#1012628). - random: remove extern from functions in header (bsc#1012628). - random: use static branch for crng_ready() (bsc#1012628). - random: credit architectural init the exact amount (bsc#1012628). - random: handle latent entropy and command line from random_init() (bsc#1012628). - random: use proper jiffies comparison macro (bsc#1012628). - random: remove ratelimiting for in-kernel unseeded randomness (bsc#1012628). - random: move initialization out of reseeding hot path (bsc#1012628). - random: avoid initializing twice in credit race (bsc#1012628). - random: use symbolic constants for crng_init states (bsc#1012628). - siphash: use one source of truth for siphash permutations (bsc#1012628). - random: help compiler out with fast_mix() by using simpler arguments (bsc#1012628). - random: do not use input pool from hard IRQs (bsc#1012628). - random: order timer entropy functions below interrupt functions (bsc#1012628). - random: do not pretend to handle premature next security model (bsc#1012628). - random: use first 128 bits of input as fast init (bsc#1012628). - random: do not use batches when !crng_ready() (bsc#1012628). - random: insist on random_get_entropy() existing in order to simplify (bsc#1012628). - xtensa: use fallback for random_get_entropy() instead of zero (bsc#1012628). - sparc: use fallback for random_get_entropy() instead of zero (bsc#1012628). - um: use fallback for random_get_entropy() instead of zero (bsc#1012628). - x86/tsc: Use fallback for random_get_entropy() instead of zero (bsc#1012628). - nios2: use fallback for random_get_entropy() instead of zero (bsc#1012628). - arm: use fallback for random_get_entropy() instead of zero (bsc#1012628). - mips: use fallback for random_get_entropy() instead of just c0 random (bsc#1012628). - riscv: use fallback for random_get_entropy() instead of zero (bsc#1012628). - m68k: use fallback for random_get_entropy() instead of zero (bsc#1012628). - timekeeping: Add raw clock fallback for random_get_entropy() (bsc#1012628). - powerpc: define get_cycles macro for arch-override (bsc#1012628). - alpha: define get_cycles macro for arch-override (bsc#1012628). - parisc: define get_cycles macro for arch-override (bsc#1012628). - s390: define get_cycles macro for arch-override (bsc#1012628). - ia64: define get_cycles macro for arch-override (bsc#1012628). - init: call time_init() before rand_initialize() (bsc#1012628). - random: fix sysctl documentation nits (bsc#1012628). - HID: amd_sfh: Add support for sensor discovery (bsc#1012628). - lockdown: also lock down previous kgdb use (bsc#1012628). - commit df81444 ++++ mozilla-nss: - update to NSS 3.78 * bmo#1755264 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. * bmo#1294978 - Reworked overlong record size checks and added TLS1.3 specific boundaries. * bmo#1763120 - Add ECH Grease Support to tstclnt * bmo#1765003 - Add a strict variant of moz::pkix::CheckCertHostname. * bmo#1166338 - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. * bmo#1760813 - Make SEC_PKCS12EnableCipher succeed * bmo#1762489 - Update zlib in NSS to 1.2.12. ++++ ncurses: - Add ncurses patch 20220529 + expanded notes for teken/syscons -TD + fix overlooked copying of extended string-heap in copy_termtype (cf: 20220430). + update config.guess - Add ncurses patch 20220521 + improve memory-leak checking in several test-programs. + set trailing null on string passed from winsnstr() to wins_nwstr(). + modify del_curterm() to fix memory-leak introduced by change to copy_termtype(). - Update tack to 1.09-20220528 + Autoconf fixes ++++ libzypp: - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh. - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived. (bsc#1199042) - singletrans: no dry-run commit if doing just download-only. - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER (fixes #388) - version 17.30.1 (22) ------------------------------------------------------------------ ------------------ 2022-5-29 - May 29 2022 ------------------- ------------------------------------------------------------------ ++++ boost-base: - Fix failing conversion of cpp_dec_float to double, depending on locale (gh#boostorg/multiprecision#464, boo#1199968). Add boost-mp-locale-fix.patch ++++ btrfsprogs: - update to 5.18: * fixes: * dump-tree: don't print traling zeros in checksums * recognize paused balance as exclusive operation state, allow to start device add * convert: properly initialize target filesystem label * mkfs: don't create free space bitmaps for empty filesystem * restore: make lzo support build-time configurable, print supported compression in help text * update kernel-lib sources * other: * documentation updates, finish conversion to RST, CHANGES and INSTALL could be included into RST * fix build detection of experimental mode * new tests ++++ krb5: - update to 1.20.0: * Added a "disable_pac" realm relation to suppress adding PAC authdata to tickets, for realms which do not need to support S4U requests. * Most credential cache types will use atomic replacement when a cache is reinitialized using kinit or refreshed from the client keytab. * kprop can now propagate databases with a dump size larger than 4GB, if both the client and server are upgraded. * kprop can now work over NATs that change the destination IP address, if the client is upgraded. * Updated the KDB interface. The sign_authdata() method is replaced with the issue_pac() method, allowing KDB modules to add logon info and other buffers to the PAC issued by the KDC. * Host-based initiator names are better supported in the GSS krb5 mechanism. * Replaced AD-SIGNEDPATH authdata with minimal PACs. * To avoid spurious replay errors, password change requests will not be attempted over UDP until the attempt over TCP fails. * PKINIT will sign its CMS messages with SHA-256 instead of SHA-1. * Updated all code using OpenSSL to be compatible with OpenSSL 3. * Reorganized the libk5crypto build system to allow the OpenSSL back-end to pull in material from the builtin back-end depending on the OpenSSL version. * Simplified the PRNG logic to always use the platform PRNG. * Converted the remaining Tcl tests to Python. ++++ tiff: - update to 4.4.0: * TIFFIsBigTiff() function added. * Functions TIFFFieldSetGetSize() and TIFFieldSetGetCountSize() added. * LZWDecode(): major speed improvements (~30% faster) * Predictor 2 (horizontal differenciation): support 64-bit * Support libjpeg 9d * avoid hang in TIFFRewriteDirectory() if a classic file > 4 GB is attempted to be created * tif_jbig.c: fix crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed * TIFFFetchNormalTag(): avoid calling memcpy() with a null source pointer and size of zero * TIFFWriteDirectoryTagData(): turn assertion on data length into a runtime check * TIFFFetchStripThing(): avoid calling memcpy() with a null source pointer and size of zero * TIFFReadDirectory(): avoid calling memcpy() with a null source pointer and size of zero * TIFFYCbCrToRGBInit(): avoid Integer-overflow * TIFFGetField(TIFFTAG_STRIPBYTECOUNTS/TIFFTAG_STRIPOFFSETS): return error if returned pointer is NULL (fixes #342) * OJPEG: avoid assertion when using TIFFReadScanline() * TIFFReadDirectory: fix OJPEG hack * LZW codec: fix support for strips/tiles > 2 GB on Windows * TIFFAppendToStrip(): fix rewrite-in-place logic * Fix TIFFRewriteDirectory discarding directories. * TIFFReadCustomDirectory(): avoid crash when reading SubjectDistance tag on a non EXIF directory * Fix Segmentation fault printing GPS directory if Altitude tag is present * tif_jpeg.c: do not emit progressive scans with mozjpeg. (#266) * _TIFFRewriteField(): fix when writing a IFD with a single tile that is a sparse one, on big endian hosts * Fix all remaining uses of legacy Deflate compression id and warn on use. - drop tiff-CVE-2022-0907.patch, tiff-CVE-2022-0561.patch, tiff-CVE-2022-0562.patch, tiff-CVE-2022-0865.patch, tiff-CVE-2022-0909.patch, tiff-CVE-2022-0924.patch, tiff-CVE-2022-0908.patch, tiff-CVE-2022-1056,CVE-2022-0891.patch: all upstream - add signature validation, adds tiff.keyring ++++ mozilla-nspr: - update to version 4.34 * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. ++++ python310-packaging: - Add patch to fix testsuite on big-endian targets + fix-big-endian-build.patch ++++ vim: - Updated to version 8.2.5038, fixes the following problems - CVE-2022-1927 - boo#1200012 - CVE-2022-1897 - boo#1200010 - CVE-2022-1898 - boo#1200011 - CVE-2022-1886 - boo#1199969 - CVE-2022-1851 - boo#1199936 - CVE-2022-1796 - boo#1199747 - CVE-2022-1785 - boo#1199745 - CVE-2022-1771 - boo#1199693 - CVE-2022-1733 - boo#1199655 - CVE-2022-1769 - boo#1199658 - CVE-2022-1735 - boo#1199651 - CVE-2022-1720 - boo#1200732 - CVE-2022-1674 - boo#1199502 - CVE-2022-1621 - boo#1199435 - CVE-2022-1629 - boo#1199436 - CVE-2022-1619 - boo#1199333 - CVE-2022-1620 - boo#1199334 - CVE-2022-1616 - boo#1199331 * Valgrind warning for using uninitialized variable. * Screendump test may fail when using valgrind. * Vim9: misplaced elseif causes invalid memory access. * "P" in Visual mode still changes some registers. * Cannot make 'breakindent' use a specific column. * String interpolation only works in heredoc. * Test fails without the job/channel feature. (Dominique Pellé) * Test fails with the job/channel feature. * Vim9: redir in skipped block seen as assignment. * Channel log does not show invoking a timer callback. * Line number of lambda ignores line continuation. * Inconsistent capitalization in error messages. * Vim help presentation could be better. * Test failures because of changed error messages. * Distributed import files are not installed. * Buffer overflow with invalid command with composing chars. * Expression in command block does not look after NL when command is typed. * Comment inside an expression in lambda ignores the rest of the expression. * Coverity complains about pointer usage. * With latin1 encoding CTRL-W might go before the start of the command line. * Vim9 expression test fails without the job feature. * NULL pointer access when using invalid pattern. * Mouse wheel scrolling is inconsistent. * Cannot get the current cmdline completion type and position. * codecov includes MS-Windows install files. * codecov includes MS-Windows install header file. * Some users do not want a line comment always inserted. * No text formatting for // comment after a statement. * MODE_ enum entries names are too generic. * Imperfect coding. * The mode #defines are not clearly named. * Using execute() to define a lambda doesn't work. (Ernie Rael) * Popup_hide() does not always have effect. * String interpolation in :def function may fail. * Sometimes the cursor is in the wrong position. * Mouse in Insert mode test fails. * Fuzzy expansion of option names is not right. * Conceal character from matchadd() displayed too many times. * Can add invalid bytes with :spellgood. * Spell test fails because of new illegal byte check. * Mouse test fails on MS-Windows. * Test checks for terminal feature unnecessarily. * maparg() may return a string that cannot be reused. * Trailing backslash may cause reading past end of line. * #ifdef for crypt feature around too many lines. * Return type of remove() incorrect when using three arguments. * Various white space and cosmetic mistakes. * Off-by-one error in in statusline item. * Interpolated string expression requires escaping. * Crash with sequence of Perl commands. * Not easy to filter the output of maplist(). * A few more capitalization mistakes in error messages. * String interpolation fails when not evaluating. * With 'foldmethod' "indent" some lines are not included in the fold. (Oleg Koshovetc) * No test for what 8.2.4931 fixes. * Crash when matching buffer with invalid pattern. * matchfuzzypos() with "matchseq" does not have all positions. * Some code is never used. * '[ and '] marks may be wrong after undo. * Error when setting 'filetype' in help file again. * Changing 'switchbuf' may have no effect. * Text properties are wrong after "cc". (Axel Forsman) * Inconsistent use of white space. * Vim9: some code not covered by tests. * Text properties not adjusted when accepting spell suggestion. * Cannot use Perl heredoc in nested :def function. (Virginia Senioria) * Vim9: some code not covered by tests. * Text properties position wrong after shifting text. * Smart indenting done when not enabled. * GUI test will fail if color scheme changes. * With 'smartindent' inserting '}' after completion goes wrong. * Inserting line breaks text property spanning more then one line. * Text property in wrong position after auto-indent. * Reading past end of line with "gf" in Visual block mode. * Text properties in a wrong position after a block change. * A couple conditions are always true. * Using NULL regexp program. * Text properties that cross line boundary are not correctly updated for a deleted line. * Build error with a certain combination of features. * Files show up in git status. * Expanding path with "/**" may overrun end of buffer. * GUI: testing mouse move event depends on screen cell size. * Changing text in Visual mode may cause invalid memory access. * "eval 123" gives an error, "eval 'abc'" does not. * Vim9: interpolated string seen as range. * Vim9: compilation fails when using dict member when skipping. * Vim9: type error for list unpack mentions argument. * ":so" command may read after end of buffer. * Recursive command line loop may cause a crash. * Coverity complains about not restoring a saved value. * Memory access error when substitute expression changes window. * No error if engine selection atom is not at the start. * Accessing freed memory when line is flushed. * When 'shortmess' contains 'A' loading a session may still warn for an existing swap file. (Melker Österberg) * It is not possible to manipulate autocommands. * Colors in terminal window are not 100% correct. * Colors test fails in the GUI. * Dragging statusline fails for window with winbar. * PVS warns for possible array underrun. * Some github actions are outdated. * After deletion a small fold may be closable. * Textprop in wrong position when replacing multi-byte chars. * Cannot specify a function name for :defcompile. * Memory leak when :defcompile fails. * No test for hwat patch 8.1.0535 fixes. * Compiler warning for possibly uninitialized variable. (Tony Mechelynck) * smart/C/lisp indenting is optional, which makes the code more complex, while it only reduces the executable size a bit. * Tests are using legacy functions. * Still a compiler warning for possibly uninitialized variable. (Tony Mechelynck) * setbufline() may change Visual selection. (Qiming Zhao) * Python: changing hidden buffer can cause the display to be messed up. * Vim9: crash when using multiple funcref(). * Filetype test table is not properly sorted. * Checking translations affects the search pattern history. * deletebufline() may change Visual selection. * Cannot do bitwise shifts. * Right shift on negative number does not work as documented. * Compiler warning for uninitialized variable. (John Marriott) * Asan warns for undefined behavior. * Spell suggestion may use uninitialized memory. (Zdenek Dohnal) * When 'formatoptions' contains "/" wrongly wrapping a long trailing comment. * Fold may not be closeable after appending. * The terminal debugger uses various global variables. * Replacing an autocommand requires several lines. * Cannot select one character inside (). * After text formatting the cursor may be in an invalid position. * Byte offsets are wrong when using text properties. * Hoon and Moonscript files are not recognized. * Access before start of text with a put command. * Gcc 12.1 warns for uninitialized variable. * Vim9: some code is not covered by tests. * Cannot get the first screen column of a character. * Using 'imstatusfunc' and 'imactivatefunc' breaks 'foldopen'. * Build fails with normal features and +terminal. (Dominique Pellé) * 'completefunc'/'omnifunc' error does not end completion. * Substitute overwrites allocated buffer. * Using freed memory with "]d". * Vim9: a few lines not covered by tests. * Error for missing :endif when an exception was thrown. (Dani Dickstein) * Syntax regexp matching can be slow. * "textlock" is always zero. * autocmd_add() can only handle one event and pattern. * Cannot easily run the benchmarks. * Python 3 test fails without the GUI. * Build error with +eval but without +quickfix. Warning for uninitialized variable. * There is no way to get the byte index from a virtual column. * When splitting a window the changelist position moves. * Using two counters for timeout check in NFA engine. * Cursor position may be invalid after "0;" range. * A finished terminal in a popup window does not show a scrollbar. ------------------------------------------------------------------ ------------------ 2022-5-28 - May 28 2022 ------------------- ------------------------------------------------------------------ ++++ llvm15: - Update to version 14.0.4. * This release contains bug-fixes for the LLVM 14.0.0 release. This release is API and ABI compatible with 14.0.0. - Don't use gold for linking anymore: on s390x we use ld.bfd with LLVMgold.so, on ppc64 we disable ThinLTO for now. - Using ld.bfd on s390x exposed an issue with the existing llvm_build_tablegen_component_as_shared_library.patch: linking llvm-tblgen with libLLVM.so means we also have to link libraries used for that (like LLVMTableGenGlobalISel) with libLLVM.so. - Rewrite summary and description for llvm-gold to point out that it can also be used with ld.bfd, recommend with binutils. - Prefer RPM macros over shell scripting, so that we can better inspect the build script with substitutions in place. - More memory for stage 1 build jobs due to recent OOMs. - Add %_libclang_sonum RPM macro to llvm-devel, since that might now diverge from %_llvm_sonum. - Rebase llvm-do-not-install-static-libraries.patch. ------------------------------------------------------------------ ------------------ 2022-5-27 - May 27 2022 ------------------- ------------------------------------------------------------------ ++++ gnutls: - Update to version 3.7.6: * libgnutls: Fixed invalid write when gnutls_realloc_zero() is called with new_size < old_size. This bug caused heap corruption when gnutls_realloc_zero() has been set as gmp reallocfunc. * Remove gnutls-3.7.5-fix-gnutls_realloc_zero.patch: Fixed upstream. ++++ kernel-default: - Update config files -- DEBUG_INFO_DWARF5 (bsc#1199932) Set DEBUG_INFO_DWARF5 which makes use of dwarf5 on gcc-7 and newer. - commit d1b0a08 ++++ qemu: - It has been observed that building QEMU with _FORTIFY_SOURCE=3 causes problem (see bsc#1199924). Force it to =2 for now, while we investigate the issue. ++++ update-alternatives: - version update to 1.21.8 * fix CVE-2022-1664 [bsc#1199944], dpkg -- security update * lot of changes, see changelog - modified patches % update-alternatives-suse.patch (refreshed) ------------------------------------------------------------------ ------------------ 2022-5-26 - May 26 2022 ------------------- ------------------------------------------------------------------ ++++ dbus-1: - The great dbus package split of 22, in preperation for replacing dbus-daemon with dbus-broker currently there is no functional difference that will change later, this follows a similar setup to RedHat and Debian. * dbus-daemon is now in its own separate package * Create a dbus-1-common package with all the files and config that are shared between the dbus-daemon and dbus-broker implementations. * Create a dbus-1-tools package with the tools eventually we will likely want to move to only recommending this package Redhat and Debian have both already gone down this path. ++++ grub2: - Fix error message in displaying help on bootable snapshot (bsc#1199609) ++++ kernel-default: - Update patches.suse/Revert-net-af_key-add-check-for-pfkey_broadcast-in-f.patch Update to upstream version, update upstream reference and move into sorted section. - commit 3ae1db7 - series.conf: cleanup - update upstream reference and move into sorted section: - patches.suse/simplefb-Enable-boot-time-VESA-graphic-mode-selectio.patch - commit dc762c4 - kernel-binary.spec: Support radio selection for debuginfo. To disable debuginfo on 5.18 kernel a radio selection needs to be switched to a different selection. This requires disabling the currently active option and selecting NONE as debuginfo type. - commit 43b5dd3 - Update config files -- DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT (bsc#1199932) Set DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT which makes use of dwarf5 on gcc-11 and newer. - commit f439809 ------------------------------------------------------------------ ------------------ 2022-5-25 - May 25 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - buildrequire DirectX-Headers only on %{ix86} x86_64, since it's only relevant on these platforms ++++ Mesa-drivers: - buildrequire DirectX-Headers only on %{ix86} x86_64, since it's only relevant on these platforms ++++ gnutls: - Add gnutls-3.7.5-fix-gnutls_realloc_zero.patch: Fix memory corruption in gnutls_realloc_zero (gl#gnutls/gnutls#1367, boo#1199929). ++++ kernel-default: - random: do not use input pool from hard IRQs (bsc#1199803). - commit 3352b92 ++++ logrotate: - update to 3.20.1: * drop world-readable permission on state file even when ACLs are enabled (#446) - removed obsolete logrotate-CVE-2022-1348-follow-up.patch - Security fix: (bsc#1199652, CVE-2022-1348) * Add follow-up upstream patch for the introduced fix. * Added patch logrotate-CVE-2022-1348-follow-up.patch - Update patch: * logrotate-3.19.0-man_logrotate.patch -> logrotate-3.20.0-man_logrotate.patch - update to 3.20.0: * fix potential DoS from unprivileged users via the state file (CVE-2022-1348) * fix a misleading debug message with copytruncate and rotate 0 (#443) * add support for unsigned time_t (#438) * do not lock state file /dev/null (#433) ------------------------------------------------------------------ ------------------ 2022-5-24 - May 24 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - Calling patch with '-p1' (as the others are) so 'git show' .patch output works. - Generating 'n_stop-iris-flicker.patch' from 'git format-patch' vs. a standard diff. - Fixing up 'stop-iris-flicker.patch' patch name to follow standards. ++++ Mesa-drivers: - Calling patch with '-p1' (as the others are) so 'git show' .patch output works. - Generating 'n_stop-iris-flicker.patch' from 'git format-patch' vs. a standard diff. - Fixing up 'stop-iris-flicker.patch' patch name to follow standards. ++++ NetworkManager: - Fold NetworkManager-wifi back into the main package: The dep chain is not really different and it causes too many problems for users having that split. Not worth the pain (boo#1199710, boo#1199706). - As a consequence, also drop the recommends fro the main package to -wifi. ++++ grep: - use release keyring rather than full one for validation - Do not link an unversioned file by URL (and refresh keyring) ++++ libidn2: - Refresh libidn2.keyring ++++ wayland: - modernize spec file * use licensedir * use bcond * use https:// urls * spec-cleaner ++++ python-cryptography: - update to 37.0.2: * Fixed an issue where parsing an encrypted private key with the public loader functions would hang waiting for console input on OpenSSL 3.0.x rather than raising an error. * Restored some legacy symbols for older ``pyOpenSSL`` users. These will be removed again in the future, so ``pyOpenSSL`` users should still upgrade to the latest version of that package when they upgrade ``cryptography``. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.2. * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL 2.9.x and 3.0.x. The new minimum LibreSSL version is 3.1+. * **BACKWARDS INCOMPATIBLE:** Removed ``signer`` and ``verifier`` methods from the public key and private key classes. These methods were originally deprecated in version 2.0, but had an extended deprecation timeline due to usage. Any remaining users should transition to ``sign`` and ``verify``. * Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer supported by the OpenSSL project. The next release of ``cryptography`` will be the last to support compiling with OpenSSL 1.1.0. * Deprecated Python 3.6 support. Python 3.6 is no longer supported by the Python core team. Support for Python 3.6 will be removed in a future ``cryptography`` release. * Deprecated the current minimum supported Rust version (MSRV) of 1.41.0. In the next release we will raise MSRV to 1.48.0. Users with the latest ``pip`` will typically get a wheel and not need Rust installed, but check :doc:`/installation` for documentation on installing a newer ``rustc`` if required. * Deprecated :class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`, :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish` because they are legacy algorithms with extremely low usage. These will be removed in a future version of ``cryptography``. * Added limited support for distinguished names containing a bit string. * We now ship ``universal2`` wheels on macOS, which contain both ``arm64`` and ``x86_64`` architectures. Users on macOS should upgrade to the latest ``pip`` to ensure they can use this wheel, although we will continue to ship ``x86_64`` specific wheels for now to ease the transition. * This will be the final release for which we ship ``manylinux2010`` wheels. Going forward the minimum supported ``manylinux`` ABI for our wheels will be ``manylinux2014``. The vast majority of users will continue to receive ``manylinux`` wheels provided they have an up to date ``pip``. For PyPy wheels this release already requires ``manylinux2014`` for compatibility with binaries distributed by upstream. * Added support for multiple :class:`~cryptography.x509.ocsp.OCSPSingleResponse` in a :class:`~cryptography.x509.ocsp.OCSPResponse`. * Restored support for signing certificates and other structures in :doc:`/x509/index` with SHA3 hash algorithms. * :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` is disabled in FIPS mode. * Added support for serialization of PKCS#12 CA friendly names/aliases in :func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_key_and_certificates` * Added support for 12-15 byte (96 to 120 bit) nonces to :class:`~cryptography.hazmat.primitives.ciphers.aead.AESOCB3`. This class previously supported only 12 byte (96 bit). * Added support for :class:`~cryptography.hazmat.primitives.ciphers.aead.AESSIV` when using OpenSSL 3.0.0+. * Added support for serializing PKCS7 structures from a list of certificates with :class:`~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates`. * Added support for parsing :rfc:`4514` strings with :meth:`~cryptography.x509.Name.from_rfc4514_string`. * Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.AUTO` to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This can be used to verify a signature where the salt length is not already known. * Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.DIGEST_LENGTH` to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This constant will set the salt length to the same length as the ``PSS`` hash algorithm. * Added support for loading RSA-PSS key types with :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key` and :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`. This functionality is limited to OpenSSL 1.1.1e+ and loads the key as a normal RSA private key, discarding the PSS constraint information. ++++ python-psutil: - removed obsolete skip-partitions-erros.patch - update to 5.9.1 * Enhancements - 1053: drop Python 2.6 support. (patches by Matthieu Darbois and Hugo van Kemenade) - 2050, [Linux]: increase read(2) buffer size from 1k to 32k when reading /proc pseudo files line by line. This should help having more consistent results. - 2057, [OpenBSD]: add support for cpu_freq(). - 2107, [Linux]: Process.memory_full_info() (reporting process USS/PSS/Swap memory) now reads /proc/pid/smaps_rollup instead of /proc/pids/smaps, which makes it 5 times faster. * Bug fixes - 2048: AttributeError is raised if psutil.Error class is raised manually and passed through str. - 2049, [Linux]: cpu_freq() erroneously returns curr value in GHz while min and max are in MHz. - 2050, [Linux]: virtual_memory() may raise ValueError if running in a LCX container. ++++ rust-keylime: - Update to version 0.1.0+git.1653314004.ceda2ec: * Skip serialization of optional fields * Make support for legacy python revocation actions optional * main: Do not try to load CA cert if mTLS is disabled * CI: Add packit to run end-to-end tests * GNUmakefile: Install shim.py * Add service for secure mount * secure_mount: Do not try to give ownership to root * secure_mount: Rewrite check_mount() * main: Ignore original ownership when unzipping files * Drop privileges to run as normal user and group * main: Mount secure mount before dropping the privileges * main: Open files that require privilege at the beginning * quotes_handler: Fix measured boot list encoding * Fix typo in config_get() * Add option to disable mTLS * Update actix-web to 4, remove tokio 0.2 dependencies * crypto: Add helper function to convert public key to PEM string * Add ansasaki as maintainer ------------------------------------------------------------------ ------------------ 2022-5-23 - May 23 2022 ------------------- ------------------------------------------------------------------ ++++ bash-completion: - Add patch bsc1199724-modules.patch (bsc#1199724) * Enable upstream commit to list ko.zst modules as well ++++ kernel-default: - Add dtb-starfive - commit 85335b1 - Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process" (20220523022438.ofhehjievu2alj3h@lion.mk-sys.cz). - commit 2023975 ++++ openldap2: - Update to release 2.6.2 * Added support for OpenSSL 3.0 (ITS#9436) * Fixed ldapdelete to prune LDAP subentries (ITS#9737) * Fixed libldap to drop connection when non-LDAP data is received (ITS#9803) * Fixed libldap to allow newlines at end of included file (ITS#9811) * Fixed slapd slaptest conversion of olcLastBind (ITS#9808) * Fixed slapd to correctly init global_host earlier (ITS#9787) * Fixed slapd bconfig locking for cn=config replication (ITS#9584) * Fixed slapd usage of thread local counters (ITS#9789) * Fixed slapd to clear runqueue task correctly (ITS#9785) * Fixed slapd idletimeout handling (ITS#9820) * Fixed slapd syncrepl handling of new sessions (ITS#9584) * Fixed slapd to clear connections on bind (ITS#9799) * Fixed slapd to correctly advance connections index (ITS#9831) * Fixed slapd syncrepl ODSEE replication of unknown attr (ITS#9801) * Fixed slapd-asyncmeta memory leak in keepalive setting, slapd-ldap memory leak in keepalive setting, SEGV on config rewrite, ordering on config rewrite, memory leak in keepalive setting (ITS#9802) * Fixed slapo-pcache SEGV & slapd-monitor SEGV on shutdown (ITS#9809) * Fixed slapd-monitor crash when hitting sizelimit (ITS#9832) * Fixed slapd-sql to properly escape filter value (ITS#9815) * Fixed slapo-dynlist dynamic group regression (ITS#9825) * Fixed slapo-ppolicy operation handling to be consistent (ITS#9794) * Fixed slapo-translucent to correctly duplicate substring filters (ITS#9818) * Contrib: * Update ppm module to the 2.1 release (ITS#9814) * Documentation: * admin26: Document new lloadd features (ITS#9780) * Fixed slapd.conf(5)/slapd-config(5) syncrepl sizelimit/timelimit documentation (ITS#9804) * Fixed slapd-sock(5) to clarify "sockresps result" behavior (ITS#8255) ++++ ceph: - Update to 16.2.9.50-g7d9f12156fb: + (jsc#SES-2515) High-availability NFS export + (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname + (bsc#1196785) cephadm: avoid crashing on expected non-zero exit ++++ libunwind: - Fix dependencies - Fix file list ++++ osinfo-db: - Update to database version 20220516 osinfo-db-20220516.tar.xz ++++ podman: - Backport upstream commit be5abf03ababc ("fix: Container.cGroupPath() skip empty line to avoid false error logging") for fixing "Error parsing cgroup: expected 3 fields but got 1" (see bsc#1199790, as it applies to Factory/Tumbleweed too) * 0004-fix-Container.cGroupPath-skip-empty-line-to-avoid-fa.patch ++++ qemu: - Backport a GCC 12 aarch64 build fix (bsc#1199625) * Patches added: block-qdict-Fix-Werror-maybe-uninitializ.patch ++++ runc: - Backport to fix issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. bsc#1192051 bsc#1199565 + bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch ++++ systemd-presets-common-SUSE: - enable ignition-delete-config by default (bsc#1199524) ++++ virt-manager: - Change dependency on package xorriso to Requires from Recommends virt-manager.spec ------------------------------------------------------------------ ------------------ 2022-5-22 - May 22 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update to 5.18 final - refresh configs (headers only) - commit d0f5e4b ++++ libxkbcommon: - Update to release 1.4.1 * Fix compose sequence overriding (common prefix) not working correctly. Regressed in 1.2.0. * Remove various bogus currency sign (particulary Euro and Korean Won) entries from the keysym <-> Unicode mappings. They prevented the real keysyms/codepoints for these from mapping correctly. ------------------------------------------------------------------ ------------------ 2022-5-21 - May 21 2022 ------------------- ------------------------------------------------------------------ ++++ gnutls: - update to 3.7.5: * add options disable session ticket usage in TLS 1.2 because it does not provide forward secrecy * For TLS 1.3 where session tickets do provide forward secrecy, the PFS priority string now only disables session tickets in TLS 1.2. * Future backward incompatibility: in the next major release of GnuTLS those flag and modifier are planned to be removed * gnutls-cli, gnutls-serv: Channel binding for printing information has been changed from tls-unique to tls-exporter as tls-unique is not supported in TLS 1.3. * Certificate sanity checks has been enhanced to make gnutls more RFC 5280 compliant: * Removed 3DES from FIPS approved algorithms * Optimized support for AES-SIV-CMAC algorithms * libgnutls: HKDF and AES-GCM algorithms are now approved in FIPS-140 mode when used in TLS ++++ harfbuzz: - Update to version 4.3.0: + Major speed up in loading and subsetting fonts, especially in handling CFF table. Subsetting some fonts is now 3 times faster + Speed up blending CFF2 table + Speed up hb_ot_tags_from_language() + Fix USE classification of U+10A38 to fix multiple marks on single Kharoshthi base + Fix parsing of empty CFF Index + Fix subsetting CPAL table with partial palette overlaps ------------------------------------------------------------------ ------------------ 2022-5-20 - May 20 2022 ------------------- ------------------------------------------------------------------ ++++ lsof: - Fix hostname in reproducible builds, bsc#1199709 * remove-hostname.patch ++++ selinux-policy: - Update to version 20220520 to pass stricter 3.4 toolchain checks - Update to version 20220428. Refreshed: * fix_apache.patch * fix_hadoop.patch * fix_init.patch * fix_iptables.patch * fix_kernel_sysctl.patch * fix_networkmanager.patch * fix_systemd.patch * fix_systemd_watch.patch * fix_unprivuser.patch * fix_usermanage.patch * fix_wine.patch ------------------------------------------------------------------ ------------------ 2022-5-19 - May 19 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - Update to 22.1.0 * lot of great featurres, including (since rc5) additional kopper backports for zink, and support for Intel's Alchemist DG2 platform. ++++ Mesa-drivers: - Update to 22.1.0 * lot of great featurres, including (since rc5) additional kopper backports for zink, and support for Intel's Alchemist DG2 platform. ++++ cockpit-machines: - Add suse-vv-install.patch to display SUSE hint for virt-viewer installation (bsc#1199673) ++++ cockpit-tukit: - Update to version 0.0.3~git6.03c747e: * Hide snapshot item extension part * Change help URL to official docs * Mention node_modules.sums in spec sources * Use compression for source archive ++++ gtk3: - Update to version 3.24.34: + Include legacy hicolor icons. + Fix the build with gcc 12. + X11: Trap errors when getting output properties. + Wayland: Ignore empty preedit updates. This fixes a problem with textview scrolling. + Updated translations. ++++ libbpf: - Update to release 0.8.0 * New features and APIs: - support auto-resolution of binaries and shared libraries from PATH, if necessary; - support attaching by function names (only by IP was supported before); - support attaching to USDTs (SEC("usdt/...") and bpf_program__attach_usdt()) with initially supported architectures: x86-64 (amd64); x86 (i386); s390x; ARM64 (aarch64); RISC V (riscv); - improved BPF verifier log reporting for CO-RE relocation failures (no more obscure "invalid func unknown#195896080" errors); - auto-adjust BPF ringbuf size according to host kernel's page size requirements; - high-level BPF map APIs: bpf_map__lookup_elem(), bpf_map__update_elem(), etc that validate key/value buffer sizes; - bpf_link_create() can create all bpf_link-based (including raw_tp, fentry/fexit, etc), falling back to bpf_raw_tracepoint_open() on old kernels transparently; - support opting out from auto-loading BPF programs declaratively with SEC("?..."); - support opting out from auto-creation of declarative BPF maps with bpf_map__set_autocreate(); - support multi-kprobes (SEC("kprobe.multi/...") and bpf_program__attach_kprobe_multi_opts()); - support target-less SEC() programs (e.g., SEC("kprobe"), SEC("tp"), etc); - support BPF sub-skeletons for "incomplete" BPF object files (requires matching bpftool to generate .subskel.h); - BPF cookie support for fentry/fexit/fmod_ret BPF programs (bpf_program__attach_trace_opts()); - support for custom SEC() handlers (libbpf_register_prog_handler()). * BPF-side API - BPF-side USDT APIs. See new usdt.bpf.h header: * BPF_USDT() program wrapper macro; bpf_usdt_arg(), bpf_usdt_arg_cnt(), * bpf_usdt_cookie() helpers; - new bpf_core_field_offset() CO-RE helper and support bpf_core_field_size(type, field) forms; - barrier() and barrier_var() macros for improving BPF code generation; - __kptr and __kptr_ref tags added; - ARC architecture support in bpf_tracing.h header; - new BPF helpers: * bpf_skb_set_tstamp(); * bpf_ima_file_hash(); * bpf_kptr_xchg(); * bpf_map_lookup_percpu_elem(). * Bug fixes - netlink bug fixes; - libbpf.pc fixes to support patch releases properly; - BPF_MAP_TYPE_PERF_EVENT_ARRAY map auto-pinning fix; - minor CO-RE fixes and improvements for some corner cases; - various other small fixes and improvements. ++++ salt: - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Added: * make-sure-saltcacheloader-use-correct-fileclient-519.patch ++++ selinux-policy: - Add fix_dnsmasq.patch to fix problems with virtualization on Microos (bsc#1199518) ------------------------------------------------------------------ ------------------ 2022-5-18 - May 18 2022 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - Update to version 84.87+git20220518.dc83f4e: * Also in /etc/profile, rootsh is not restricted - Update to version 84.87+git20220518.78b2a0b: * The wrapper rootsh is not a restricted shell ++++ kernel-default: - perf: Fix sys_perf_event_open() race against self (CVE-2022-1729, bsc#1199507). - commit c1eda89 - Linux 5.17.9 (bsc#1012628). - batman-adv: Don't skb_split skbuffs with frag_list (bsc#1012628). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (bsc#1012628). - hwmon: (tmp401) Add OF device ID table (bsc#1012628). - mac80211: Reset MBSSID parameters upon connection (bsc#1012628). - net: rds: use maybe_get_net() when acquiring refcount on TCP sockets (bsc#1012628). - net: Fix features skip in for_each_netdev_feature() (bsc#1012628). - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (bsc#1012628). - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (bsc#1012628). - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (bsc#1012628). - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (bsc#1012628). - fbdev: simplefb: Cleanup fb_info in .fb_destroy rather than .remove (bsc#1012628). - fbdev: efifb: Cleanup fb_info in .fb_destroy rather than .remove (bsc#1012628). - fbdev: vesafb: Cleanup fb_info in .fb_destroy rather than .remove (bsc#1012628). - platform/surface: aggregator: Fix initialization order when compiling as builtin module (bsc#1012628). - ice: Fix race during aux device (un)plugging (bsc#1012628). - ice: clear stale Tx queue settings before configuring (bsc#1012628). - ice: fix PTP stale Tx timestamps cleanup (bsc#1012628). - ipv4: drop dst in multicast routing path (bsc#1012628). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (bsc#1012628). - netlink: do not reset transport header in netlink_recvmsg() (bsc#1012628). - net: chelsio: cxgb4: Avoid potential negative array offset (bsc#1012628). - fbdev: efifb: Fix a use-after-free due early fb_info cleanup (bsc#1012628). - net: sfc: fix memory leak due to ptp channel (bsc#1012628). - fanotify: do not allow setting dirent events in mask of non-dir (bsc#1012628). - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (bsc#1012628). - nfs: fix broken handling of the softreval mount option (bsc#1012628). - ionic: fix missing pci_release_regions() on error in ionic_probe() (bsc#1012628). - dim: initialize all struct fields (bsc#1012628). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (bsc#1012628). - procfs: prevent unprivileged processes accessing fdinfo dir (bsc#1012628). - selftests: vm: Makefile: rename TARGETS to VMTARGETS (bsc#1012628). - net: dsa: flush switchdev workqueue on bridge join error path (bsc#1012628). - arm64: vdso: fix makefile dependency on vdso.so (bsc#1012628). - virtio: fix virtio transitional ids (bsc#1012628). - s390/ctcm: fix variable dereferenced before check (bsc#1012628). - s390/ctcm: fix potential memory leak (bsc#1012628). - s390/lcs: fix variable dereferenced before check (bsc#1012628). - net/sched: act_pedit: really ensure the skb is writable (bsc#1012628). - net: ethernet: mediatek: ppe: fix wrong size passed to memset() (bsc#1012628). - net: bcmgenet: Check for Wake-on-LAN interrupt probe deferral (bsc#1012628). - drm/vc4: hdmi: Fix build error for implicit function declaration (bsc#1012628). - mlxsw: Avoid warning during ip6gre device removal (bsc#1012628). - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (bsc#1012628). - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (bsc#1012628). - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (bsc#1012628). - tls: Fix context leak on tls_device_down (bsc#1012628). - drm/vmwgfx: Fix fencing on SVGAv3 (bsc#1012628). - gfs2: Fix filesystem block deallocation for short writes (bsc#1012628). - hwmon: (asus_wmi_sensors) Fix CROSSHAIR VI HERO name (bsc#1012628). - hwmon: (f71882fg) Fix negative temperature (bsc#1012628). - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (bsc#1012628). - iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (bsc#1012628). - ASoC: max98090: Reject invalid values in custom control put() (bsc#1012628). - ASoC: max98090: Generate notifications on changes for custom control (bsc#1012628). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (bsc#1012628). - s390: disable -Warray-bounds (bsc#1012628). - ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (bsc#1012628). - io_uring: assign non-fixed early for async work (bsc#1012628). - net: emaclite: Don't advertise 1000BASE-T and do auto negotiation (bsc#1012628). - net: sfp: Add tx-fault workaround for Huawei MA5671A SFP ONT (bsc#1012628). - secure_seq: use the 64 bits of the siphash for port offset calculation (bsc#1012628). - tcp: use different parts of the port_offset for index and offset (bsc#1012628). - tcp: resalt the secret every 10 seconds (bsc#1012628). - tcp: add small random increments to the source port (bsc#1012628). - tcp: dynamically allocate the perturb table used by source ports (bsc#1012628). - tcp: increase source port perturb table to 2^16 (bsc#1012628). - tcp: drop the hash_32() part from the index calculation (bsc#1012628). - block: Do not call folio_next() on an unreferenced folio (bsc#1012628). - interconnect: Restore sync state by ignoring ipa-virt in provider count (bsc#1012628). - perf tests: Fix coresight `perf test` failure (bsc#1012628). - firmware_loader: use kernel credentials when reading firmware (bsc#1012628). - KVM: PPC: Book3S PR: Enable MSR_DR for switch_mmu_context() (bsc#1012628). - usb: xhci-mtk: fix fs isoc's transfer error (bsc#1012628). - x86/mm: Fix marking of unused sub-pmd ranges (bsc#1012628). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (bsc#1012628). - tty: n_gsm: fix buffer over-read in gsm_dlci_data() (bsc#1012628). - tty: n_gsm: fix mux activation issues in gsm_config() (bsc#1012628). - tty: n_gsm: fix invalid gsmtty_write_room() result (bsc#1012628). - usb: gadget: uvc: allow for application to cleanly shutdown (bsc#1012628). - usb: cdc-wdm: fix reading stuck on device close (bsc#1012628). - usb: typec: tcpci: Don't skip cleanup in .remove() on error (bsc#1012628). - usb: typec: tcpci_mt6360: Update for BMC PHY setting (bsc#1012628). - USB: serial: pl2303: add device id for HP LM930 Display (bsc#1012628). - USB: serial: qcserial: add support for Sierra Wireless EM7590 (bsc#1012628). - USB: serial: option: add Fibocom L610 modem (bsc#1012628). - USB: serial: option: add Fibocom MA510 modem (bsc#1012628). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (bsc#1012628). - fsl_lpuart: Don't enable interrupts too early (bsc#1012628). - genirq: Remove WARN_ON_ONCE() in generic_handle_domain_irq() (bsc#1012628). - serial: 8250_mtk: Fix UART_EFR register address (bsc#1012628). - serial: 8250_mtk: Fix register address for XON/XOFF character (bsc#1012628). - ceph: fix setting of xattrs on async created inodes (bsc#1012628). - Revert "mm/memory-failure.c: skip huge_zero_page in memory_failure()" (bsc#1012628). - mm/huge_memory: do not overkill when splitting huge_zero_page (bsc#1012628). - mm: mremap: fix sign for EFAULT error return value (bsc#1012628). - drm/vmwgfx: Disable command buffers on svga3 without gbobjects (bsc#1012628). - drm/nouveau/tegra: Stop using iommu_present() (bsc#1012628). - i40e: i40e_main: fix a missing check on list iterator (bsc#1012628). - net: phy: Fix race condition on link status change (bsc#1012628). - writeback: Avoid skipping inode writeback (bsc#1012628). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1012628). - ping: fix address binding wrt vrf (bsc#1012628). - ath11k: reduce the wait time of 11d scan and hw scan while add interface (bsc#1012628). - arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map (bsc#1012628). - net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (bsc#1012628). - net: phy: micrel: Pass .probe for KS8737 (bsc#1012628). - SUNRPC: Ensure that the gssproxy client can start in a connected state (bsc#1012628). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (bsc#1012628). - Revert "drm/amd/pm: keep the BACO feature enabled for suspend" (bsc#1012628). - dma-buf: call dma_buf_stats_setup after dmabuf is in valid list (bsc#1012628). - mm/hwpoison: use pr_err() instead of dump_page() in get_any_page() (bsc#1012628). - net: phy: micrel: Fix incorrect variable type in micrel (bsc#1012628). - mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (bsc#1012628). - commit eab1a2c ++++ lttng-ust: - Update to version 2.13.2 (changes since 2.13.0): * Fix: ust-compiler: constructor/destructor build on g++ 4.8. * ust-compiler: constructor/destructor whitespaces layout and macro dependency. * Fix: ust-cancelstate: include string.h for strerror. * Fix: libnuma is prepended to LIBS. * Fix: Allow disabling some abi compat tests. * Fix: generate probe registration constructor as a C++ constuctor. * Fix: nestable pthread cancelstate. * Fix: abort on decrement_sem_count during concurrent tracing start and teardown. * Fix: allocating C++ compound literal on heap with Clang. * Check for C++11 when building C++ probe providers. * fix: liblttng-ust-fd async-signal-safe close(). * tracepoints: print debug message when lttng-ust-tracepoint.so is not found. * Fix: static_assert unavailable with glibc < 2.16. * Fix: combined tracing of lttng-ust 2.12/2.13 generates corrupted traces. * doc/man: Document LTTNG_UST_ABORT_ON_CRITICAL variable. * Fix: remove autoconf features default value in help message. * Fix: add extern "C" to two header files. * Fix: __STDC_VERSION__ can be undefined in C++. * Fix: sample discarded events count before reserve. * Fix: ring buffer event counter. * Fix: concurrent exec(2) file descriptor leak. * Add "domain" parameter to the Log4j 2.x agent. * Fix: Convert custom loglevels in Log4j 2.x agent. * Fix: coverity reported null returns in Log4j2 agent. * Add a Log4j 2.x Java agent. * Fix: may be used uninitialised on powerpc. * Fix: doc/examples/java-log4j: fix paths to directories. * Fix: doc/examples/java-jul: fix paths to directories. ++++ parted: - add new type command from upstream added patches: - type-command.patch ++++ libunwind: - Adjust baselibs.conf for shlib guideline. ------------------------------------------------------------------ ------------------ 2022-5-17 - May 17 2022 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 4.0.0~rc4 - Fix building with GCC 12 - Fix stack overflow with very long commands / ids [bsc#1196149] - Use separate mount namespace for chroot, allowing overwriting the bind mounts from the update environment - this could have lead to data loss of the bind mount previously - Fix C error and exception handling for snapshots ++++ glibc: - nptl-spurious-eintr.patch: nptl: Handle spurious EINTR when thread cancellation is disabled (BZ #29029) ++++ grub2: - Fix installation over serial console ends up in infinite boot loop (bsc#1187810) * 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch - Fix ppc64le build error for new IEEE long double ABI * 0001-libc-config-merge-from-glibc.patch ++++ kernel-firmware: - Update to version 20220516 (git commit 251d29004ffc): * amdgpu: update beige goby firmware for 22.10 * amdgpu: update renoir firmware for 22.10 * amdgpu: update dimgrey cavefish firmware for 22.10 * amdgpu: update vega20 firmware for 22.10 * amdgpu: update yellow carp firmware for 22.10 * amdgpu: update vega12 firmware for 22.10 * amdgpu: update navy flounder firmware for 22.10 * amdgpu: update vega10 firmware for 22.10 * amdgpu: update raven2 firmware for 22.10 * amdgpu: update raven firmware for 22.10 * amdgpu: update sienna cichlid firmware for 22.10 * amdgpu: update green sardine firmware for 22.10 * amdgpu: update PCO firmware for 22.10 * amdgpu: update vangogh firmware for 22.10 * amdgpu: update navi14 firmware for 22.10 * amdgpu: update navi12 firmware for 22.10 * amdgpu: update navi10 firmware for 22.10 * amdgpu: update aldebaran firmware for 22.10 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * mediatek: Update mt8192 SCP firmware ++++ gcc12: - Update to gcc-12 branch head, 325d82b08696da17fb26bd2e1b6b, git78 ------------------------------------------------------------------ ------------------ 2022-5-16 - May 16 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.38.0: + Add support for route type "throw". + Fix bug setting priority for IP addresses. + Static IPv6 addresses from "ipv6.addresses" are now preferred over addresses from DHCPv6, which are preferred over addresses from autoconf. This affects IPv6 source address selection, if the rules from RFC 6724, section 5 don't give a exhaustive match. + Static IPv6 addresses from "ipv6.addresses" are now interpreted with first address being preferred. Their order got inverted. This is now consistent with IPv4. + Wi-Fi hotspots will use a (stable) random channel number unless one is chosen manually. + Don't use unsupported SAE/WPA3 mode for AP mode. + NetworkManager will no longer advertise frequencies as supported when they're disallowed in configured regulatory domain. + Attempt to connect to WEP-encrypted Wi-Fi network will now fail gracefully with a recent version of wpa_supplicant when built without WEP support. As long as wpa_supplicant supports WEP, NetworkManager will continue to work. + Disable WPA3 transition mode for wifi.key-mgmt=wpa-psk if the NIC does not support PMF. This is known to cause problems in some setups. It is still possible to explicitly configure wifi.key-mgmt=sae for WPA3. + Add new dummy crypto backend "null" that does nothing. NetworkManager uses the crypto library when handling certificates for 802.1x profiles. + Veth devices with name "eth*" are now managed by default via the udev rule. This is to support managing the network in LXD containers. + The hostname received from DHCP is now shortened to the first dot (or to 64 characters, whatever comes first) if it's too long. + As the insecure WEP encryption for Wi-Fi network is phased out, nmcli now discourages its use when activating or modifying a profile. + Fix connectivity checks in case the check endpoint address resolves to multiple addresses. + Workaround libcurl blocking NetworkManager while resolving DNS names. + nmcli: indicate missing Wi-Fi hardware when showing rfkill setting. + nmcli: add connection migrate command to move a profile to a specified settings plugin. This allows to convert profiles in the deprecated ifcfg-rh format to keyfile. + Set "src" attribute for routes from DHCPv4 to the leased address. This helps with source address selection. + Various bugfixes and internal improvements. + Updated translations. - Recommend NetworkNanager-wifi from the main package: after the split, there is currently nothing pulling in NM-wifi. Preferably this would happen based on wifi chips prsence, but that is not yet done (boo#1199550). ++++ gpg2: - added tpm support, added a new subpackage gpg2-tpm ++++ kernel-default: - Linux 5.17.8 (bsc#1012628). - mm: fix invalid page pointer returned with FOLL_PIN gups (bsc#1012628). - mm,migrate: fix establishing demotion target (bsc#1012628). - mm/mlock: fix potential imbalanced rlimit ucounts adjustment (bsc#1012628). - mm/hwpoison: fix error page recovered but reported "not recovered" (bsc#1012628). - mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (bsc#1012628). - mm: shmem: fix missing cache flush in shmem_mfill_atomic_pte() (bsc#1012628). - mm: hugetlb: fix missing cache flush in hugetlb_mcopy_atomic_pte() (bsc#1012628). - mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (bsc#1012628). - mm: fix missing cache flush for all tail pages of compound page (bsc#1012628). - udf: Avoid using stale lengthOfImpUse (bsc#1012628). - rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (bsc#1012628). - Bluetooth: Fix the creation of hdev->name (bsc#1012628). - commit 718e8e9 - Update to 5.18-rc7 - commit 1778f40 ++++ ncurses: - Add ncurses patch 20220514 + further improvements to test/test_mouse.c; compare with ncurses test program menu A/a. ++++ libproxy: - Add libproxy-python-310.patch: Detect python 3.10. ++++ libunwind: - Add Conflict markers for earlier combined libunwind. ------------------------------------------------------------------ ------------------ 2022-5-15 - May 15 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add dovecot-profiles-boo1199535-mr881.diff: update dovecot profiles for latest dovecot (boo#1199535) ++++ librsvg: - Update to version 2.54.3: + Fix detection of gi-docgen. + Install the generated documentation in the correct place so that Devhelp can find it. - Changes from version 2.54.2: + Fix regressions when computing element geometries. + Add a --disable-gtk-doc option for the configure script, so people can disable generating documentation for cross-compiling. + MSVC: Support generating documentation, and passing introspection paths. ++++ libapparmor: - add dovecot-profiles-boo1199535-mr881.diff: update dovecot profiles for latest dovecot (boo#1199535) ------------------------------------------------------------------ ------------------ 2022-5-14 - May 14 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - autoselect libvdpau_r300/libvdpau_r600/libvdpau_radeonsi packages via hardware supplements on AMD GPUs ++++ Mesa-drivers: - autoselect libvdpau_r300/libvdpau_r600/libvdpau_radeonsi packages via hardware supplements on AMD GPUs ------------------------------------------------------------------ ------------------ 2022-5-13 - May 13 2022 ------------------- ------------------------------------------------------------------ ++++ iptables: - Update to release 1.8.8 * Add iptables-translate support for: sctp match's - -chunk-types option, connlimit match, multiport match's - -ports option, and the tcpmss match. * Reject setuid executables in libxtables for safety reasons * Extended arptables-nft with -C, -I, -R, -S cmomands and the "-c N,M" counter syntax. * Debug output in iptables-restore (all variants), iptables-nft and ebtables-nft when specifying -v multiple times * Improved performance of iptables-save and -restore ++++ open-iscsi: - Set initiatorname in %post (at end of install), for cases where root is read-only at startup time (bsc#1198457) ++++ systemd: - Update rpmlintrc for shlib-policy-name-error/multibuild case. ++++ libunwind: - Resolve rpmlint error "libunwind.x86_64: E: shlib-policy-name-error SONAME: libunwind-coredump.so.0, expected package suffix: 0" ++++ libyajl: - add libyajl-CVE-2022-24795.patch (CVE-2022-24795, bsc#1198405) ------------------------------------------------------------------ ------------------ 2022-5-12 - May 12 2022 ------------------- ------------------------------------------------------------------ ++++ chrony: - Moved 20-chrony file from user specif directory /etc/NetworkManager/dispatcher.d to vendor specific directory /usr/lib/NetworkManager/dispatcher.d. So, users changes can still be done in /etc and will not be overwritten by an update. ++++ glibc: - Follow the distro default gcc version to build the cross bootstrap packages. ++++ kernel-default: - Linux 5.17.7 (bsc#1012628). - PCI: aardvark: Update comment about link going down after link-up (bsc#1012628). - PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (bsc#1012628). - PCI: aardvark: Don't mask irq when mapping (bsc#1012628). - PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (bsc#1012628). - PCI: aardvark: Use separate INTA interrupt for emulated root bridge (bsc#1012628). - PCI: aardvark: Fix support for PME requester on emulated bridge (bsc#1012628). - PCI: aardvark: Add support for PME interrupts (bsc#1012628). - PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (bsc#1012628). - PCI: aardvark: Add support for ERR interrupt on emulated bridge (bsc#1012628). - PCI: aardvark: Enable MSI-X support (bsc#1012628). - PCI: aardvark: Fix setting MSI address (bsc#1012628). - PCI: aardvark: Add support for masking MSI interrupts (bsc#1012628). - PCI: aardvark: Refactor unmasking summary MSI interrupt (bsc#1012628). - PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (bsc#1012628). - PCI: aardvark: Make msi_domain_info structure a static driver structure (bsc#1012628). - PCI: aardvark: Make MSI irq_chip structures static driver structures (bsc#1012628). - PCI: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (bsc#1012628). - PCI: aardvark: Rewrite IRQ code to chained IRQ handler (bsc#1012628). - PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (bsc#1012628). - mmc: rtsx: add 74 Clocks in power on flow (bsc#1012628). - selftest/vm: verify remap destination address in mremap_test (bsc#1012628). - selftest/vm: verify mmap addr in mremap_test (bsc#1012628). - KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (bsc#1012628). - KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (bsc#1012628). - KVM: x86: Do not change ICR on write to APIC_SELF_IPI (bsc#1012628). - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (bsc#1012628). - KVM: selftests: Silence compiler warning in the kvm_page_table_test (bsc#1012628). - kvm: selftests: do not use bitfields larger than 32-bits for PTEs (bsc#1012628). - KVM: VMX: Exit to userspace if vCPU has injected exception and invalid state (bsc#1012628). - KVM: SEV: Mark nested locking of vcpu->lock (bsc#1012628). - iommu/dart: Add missing module owner to ops structure (bsc#1012628). - fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (bsc#1012628). - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (bsc#1012628). - net: rds: acquire refcount on TCP sockets (bsc#1012628). - gpio: mvebu: drop pwm base assignment (bsc#1012628). - parisc: Mark cr16 clock unstable on all SMP machines (bsc#1012628). - btrfs: always log symlinks in full mode (bsc#1012628). - smsc911x: allow using IRQ0 (bsc#1012628). - selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (bsc#1012628). - bnxt_en: Fix unnecessary dropping of RX packets (bsc#1012628). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (bsc#1012628). - dt-bindings: pci: apple,pcie: Drop max-link-speed from example (bsc#1012628). - selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (bsc#1012628). - rxrpc: Enable IPv6 checksums on transport socket (bsc#1012628). - mld: respect RCU rules in ip6_mc_source() and ip6_mc_msfilter() (bsc#1012628). - SUNRPC: Don't leak sockets in xs_local_connect() (bsc#1012628). - hinic: fix bug of wq out of bound access (bsc#1012628). - drm/msm/dp: remove fail safe mode related code (bsc#1012628). - selftests/net: so_txtime: usage(): fix documentation of default clock (bsc#1012628). - selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (bsc#1012628). - net: emaclite: Add error handling for of_address_to_resource() (bsc#1012628). - net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (bsc#1012628). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (bsc#1012628). - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (bsc#1012628). - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (bsc#1012628). - net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (bsc#1012628). - net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (bsc#1012628). - NFSv4: Don't invalidate inode attributes on delegation return (bsc#1012628). - RDMA/irdma: Fix possible crash due to NULL netdev in notifier (bsc#1012628). - RDMA/irdma: Reduce iWARP QP destroy time (bsc#1012628). - RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (bsc#1012628). - RDMA/siw: Fix a condition race issue in MPA request processing (bsc#1012628). - SUNRPC release the transport of a relocated task with an assigned transport (bsc#1012628). - ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec (bsc#1012628). - selftests/seccomp: Don't call read() on TTY from background pgrp (bsc#1012628). - net/mlx5e: TC, fix decap fallback to uplink when int port not supported (bsc#1012628). - net/mlx5e: Lag, Don't skip fib events on current dst (bsc#1012628). - net/mlx5e: Lag, Fix fib_info pointer assignment (bsc#1012628). - net/mlx5e: Lag, Fix use-after-free in fib event handler (bsc#1012628). - net/mlx5: Fix deadlock in sync reset flow (bsc#1012628). - net/mlx5: Avoid double clear or set of sync reset requested (bsc#1012628). - net/mlx5: Fix matching on inner TTC (bsc#1012628). - net/mlx5e: Fix the calling of update_buffer_lossy() API (bsc#1012628). - net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (bsc#1012628). - net/mlx5e: Don't match double-vlan packets if cvlan is not set (bsc#1012628). - net/mlx5e: Fix wrong source vport matching on tunnel rule (bsc#1012628). - net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (bsc#1012628). - net/mlx5e: Fix trust state reset in reload (bsc#1012628). - iommu/dart: check return value after calling platform_get_resource() (bsc#1012628). - iommu/vt-d: Drop stop marker messages (bsc#1012628). - ASoC: soc-ops: fix error handling (bsc#1012628). - ASoC: meson: axg-card: Fix nonatomic links (bsc#1012628). - ASoC: meson: axg-tdm-interface: Fix formatters in trigger" (bsc#1012628). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (bsc#1012628). - hwmon: (pmbus) disable PEC if not enabled (bsc#1012628). - hwmon: (adt7470) Fix warning on module removal (bsc#1012628). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (bsc#1012628). - gpio: visconti: Fix fwnode of GPIO IRQ (bsc#1012628). - NFC: netlink: fix sleep in atomic bug when firmware download timeout (bsc#1012628). - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (bsc#1012628). - nfc: replace improper check device_is_registered() in netlink related functions (bsc#1012628). - can: grcan: only use the NAPI poll budget for RX (bsc#1012628). - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (bsc#1012628). - can: grcan: use ofdev->dev when allocating DMA memory (bsc#1012628). - can: isotp: remove re-binding of bound socket (bsc#1012628). - can: grcan: grcan_close(): fix deadlock (bsc#1012628). - s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1012628). - s390/dasd: Fix read for ESE with blksize < 4k (bsc#1012628). - s390/dasd: prevent double format of tracks for ESE devices (bsc#1012628). - s390/dasd: fix data corruption for ESE devices (bsc#1012628). - ASoC: meson: Fix event generation for AUI CODEC mux (bsc#1012628). - ASoC: meson: Fix event generation for G12A tohdmi mux (bsc#1012628). - ASoC: meson: Fix event generation for AUI ACODEC mux (bsc#1012628). - ASoC: wm8958: Fix change notifications for DSP controls (bsc#1012628). - ASoC: rt9120: Correct the reg 0x09 size to one byte (bsc#1012628). - ASoC: da7219: Fix change notifications for tone generator frequency (bsc#1012628). - genirq: Synchronize interrupt thread startup (bsc#1012628). - btrfs: skip compression property for anything other than files and dirs (bsc#1012628). - btrfs: do not allow compression on nodatacow files (bsc#1012628). - btrfs: export a helper for compression hard check (bsc#1012628). - btrfs: do not BUG_ON() on failure to update inode when setting xattr (bsc#1012628). - btrfs: force v2 space cache usage for subpage mount (bsc#1012628). - btrfs: sysfs: export the balance paused state of exclusive operation (bsc#1012628). - net: stmmac: disable Split Header (SPH) for Intel platforms (bsc#1012628). - firewire: core: extend card->lock in fw_core_handle_bus_reset (bsc#1012628). - firewire: remove check of list iterator against head past the loop body (bsc#1012628). - firewire: fix potential uaf in outbound_phy_packet_callback() (bsc#1012628). - timekeeping: Mark NMI safe time accessors as notrace (bsc#1012628). - Revert "SUNRPC: attempt AF_LOCAL connect on setup" (bsc#1012628). - hwmon: (pmbus) delta-ahe50dc-fan: work around hardware quirk (bsc#1012628). - RISC-V: relocate DTB if it's outside memory region (bsc#1012628). - drm/amdgpu: do not use passthrough mode in Xen dom0 (bsc#1012628). - drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (bsc#1012628). - iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (bsc#1012628). - iommu/vt-d: Calculate mask for non-aligned flushes (bsc#1012628). - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (bsc#1012628). - x86/fpu: Prevent FPU state corruption (bsc#1012628). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (bsc#1012628). - mmc: core: Set HS clock speed before sending HS CMD13 (bsc#1012628). - mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (bsc#1012628). - mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (bsc#1012628). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (bsc#1012628). - ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (bsc#1012628). - parisc: Merge model and model name into one line in /proc/cpuinfo (bsc#1012628). - Revert "parisc: Mark sched_clock unstable only if clocks are not syncronized" (bsc#1012628). - Revert "parisc: Mark cr16 CPU clocksource unstable on all SMP machines" (bsc#1012628). - MIPS: Fix CP0 counter erratum detection for R4k CPUs (bsc#1012628). - ipmi:ipmi_ipmb: Fix null-ptr-deref in ipmi_unregister_smi() (bsc#1012628). - ipmi: When handling send message responses, don't process the message (bsc#1012628). - pci_irq_vector() can't be used in atomic context any longer. This conflicts with the usage of this function in nic_mbx_intr_handler(). age of this function in nic_mbx_intr_handler() (bsc#1012628). - commit c9a5fa1 ++++ openldap2: - bsc#1199277 - Resolve segfault when calling new ctx with global ctx * 0017-Resolve-error-handling-in-new-ctx-when-global.patch ++++ pciutils: - Make shared library executable ++++ runc: - Add ExcludeArch for s390 (not s390x) since we've never supported it. ------------------------------------------------------------------ ------------------ 2022-5-11 - May 11 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - Update samba-new-dcerpcd.patch for aarch64 which needs some additional rules; (bnc#1198309). ++++ curl: - Update to 7.83.1: * Security fixes: - (bsc#1199225, CVE-2022-30115) HSTS bypass via trailing dot - (bsc#1199224, CVE-2022-27782) TLS and SSH connection too eager reuse - (bsc#1199223, CVE-2022-27781) CERTINFO never-ending busy-loop - (bsc#1199222, CVE-2022-27780) percent-encoded path separator in URL host - (bsc#1199221, CVE-2022-27779) cookie for trailing dot TLD - (bsc#1199220, CVE-2022-27778) removes wrong file on error * Bugfixes: - altsvc: fix host name matching for trailing dots - cirrus: Update to FreeBSD 12.3 - cirrus: Use pip for Python packages on FreeBSD - conn: fix typo 'connnection' -> 'connection' in two function names - cookies: make bad_domain() not consider a trailing dot fine - curl: free resource in error path - curl: guard against size_t wraparound in no-clobber code - CURLOPT_DOH_URL.3: mention the known bug - CURLOPT_HSTS*FUNCTION.3: document the involved structs as well - CURLOPT_SSH_AUTH_TYPES.3: fix the default - data/test376: set a proper name - GHA/mbedtls: enabled nghttp2 in the build - gha: build msh3 - gskit: fixed bogus setsockopt calls - gskit: remove unused function set_callback - hsts: ignore trailing dots when comparing hosts names - HTTP-COOKIES: add missing CURLOPT_COOKIESESSION - http: move Curl_allow_auth_to_host() - http_proxy/hyper: handle closed connections - hyper: fix test 357 - Makefile: fix "make ca-firefox" - mbedtls: bail out if rng init fails - mbedtls: fix compile when h2-enabled - mbedtls: fix some error messages - misc: use "autoreconf -fi" instead buildconf - msh3: get msh3 version from MsH3Version - msh3: print boolean value as text representation - msh3: psss remote_port to MsH3ConnectionOpen - ngtcp2: add ca-fallback support for OpenSSL backend - nss: return error if seemingly stuck in a cert loop - openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl - post_per_transfer: remove the updated file name - sectransp: bail out if SSLSetPeerDomainName fails - tests/server: declare variable 'reqlogfile' static - tests: fix markdown formatting in README - test{898,974,976}: add 'HTTP proxy' keywords - tls: check more TLS details for connection reuse - url: check SSH config match on connection reuse - urlapi: address (harmless) UndefinedBehavior sanitizer warning - urlapi: reject percent-decoding host name into separator bytes - x509asn1: make do_pubkey handle EC public keys ++++ gnutls: - disable kcapi usage for now, as kernel-obs-build not adjusted to contain the algorithms. bsc#1189283 ++++ hwdata: - Update to version 0.359: + Updated pci, usb and vendor ids. ++++ kernel-firmware: - Update to version 20220509 (git commit b19cbdca78ab): * mediatek: Update mt8183 SCP firmware * ice: Update package to 1.3.28.0 * i915: Add DMC v2.06 for DG2 * rtl_bt: Update RTL8852A BT USB firmware to 0xDBB7_C1D9 * amdgpu: update psp_13_0_8 firmware * amdgpu: update gc_10_3_7_rlc firmware * amdgpu: update dcn_3_1_6_dmcub firmware * ath11k: QCA6390 hw2.0: update to WLAN.HST.1.0.1-05266-QCAHSTSWPLZ_V2_TO_X86-1 * qcom: add firmware files for Adreno a420 & related generations * qcom: add firmware files for Adreno a330 * qcom: add firmware files for Adreno a220 * i915: Add GuC v70.1.2 for DG2 * rtw89: 8852c: add new firmware v0.27.20.0 for RTL8852C * Mellanox: Add lc_ini_bundle for xx.2010.1006 * Mellanox: xx.2010.1502: Distribute non-xz-compressed lc_ini_bundle * ath10k: QCA9984 hw1.0: update board-2.bin * ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00156 * ath10k: QCA9888 hw2.0: update board-2.bin * ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00156 * ath10k: QCA6174 hw3.0: update board-2.bin * ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00288-QCARMSWPZ-1 * ath10k: QCA4019 hw1.0: update board-2.bin * ath10k: QCA99X0 hw2.0: add board-2.bin * ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.7 * ath11k: WCN6750 hw1.0: add to WLAN.MSL.1.0.1-00887-QCAMSLSWPLZ-1 * ath11k: WCN6750 hw1.0: add board-2.bin * ath11k: QCN9074 hw1.0: add to WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1 * ath11k: QCN9074 hw1.0: add board-2.bin * ath11k: QCA6390 hw2.0: update board-2.bin * ath11k: IPQ8074 hw2.0: update to WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1 * ath11k: IPQ8074 hw2.0: update board-2.bin * ath11k: IPQ6018 hw1.0: update to WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1 * ath11k: IPQ6018 hw1.0: update board-2.bin * Mellanox: Add new mlxsw_spectrum firmware xx.2010.1502 * amdgpu: update yellow carp DMCUB firmware * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * linux-firmware: update firmware for MT7922 WiFi device * mediatek: Add mt8195 SCP firmware * qcom: apq8096: add modem firmware * qcom: apq8096: add aDSP firmware * rtl_bt: Add firmware and config files for RTL8852C * i915: Add GuC v70.1.1 for all platforms - Update aliases ++++ libapparmor: - Update samba-new-dcerpcd.patch for aarch64 which needs some additional rules; (bnc#1198309). ++++ multipath-tools: - Update to version 0.8.9+90+suse.71a70fb: * support overriding -D_FORTIFY_SOURCE in OPTFLAGS * add -U_FORTIFY_SOURCE to optflags to avoid compilation errors on old distros ++++ protobuf: - Do not use %%autosetup, but %%setup and %%patch on other line * Allows building on SLE-12-SP5 ++++ libvisual: - Remove old specfile constructs - Remove --with-pic, this is only useful with --enable-static - Make %install sh-compatible - Remove .la files, I do not think we will need it - Repair rpmlint error "libvisual.x86_64: E: shlib-policy-name-error SONAME: libvisual-0.4.so.0, expected package suffix: 0_4-0" ++++ qemu: - Filter out rpmlint error that is valid for qemu, but will have its badness increased in the future. ++++ runc: - Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. CVE-2022-29162 bsc#1199460 * A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and CVE-2022-29162. bsc#1199460 * `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. ------------------------------------------------------------------ ------------------ 2022-5-10 - May 10 2022 ------------------- ------------------------------------------------------------------ ++++ gcc12: - Enable PRU architecture for AM335x platforms ++++ multipath-tools: - Update to version 0.8.9+87+suse.a1eb122: * add ability to autodetect support for -D_FORTIFY_SOURCE=3 ++++ numactl: - Update to version 2.0.14.39.g8b18345: * numa(3): Fix typos and punctuation * Avoid libnuma.so dependency on util.o * test/prefered: add test cases for new 'preferred-many' policy * test/prefered: fix compiling problem * numa(3): Update the man page * Update to support multiple nodes * numademo: Add a new test for multiple-preferred-nodes policy * numactl: Simplify preferred selection * libnuma: Export interface to set/get preferred nodes * util: Add new preferred-many type ++++ python310-core: - Refresh bluez-devel-vendor.tar.xz ++++ python310: - Refresh bluez-devel-vendor.tar.xz ++++ xen: - fix python3 >= 3.10 version detection ------------------------------------------------------------------ ------------------ 2022-5-9 - May 9 2022 ------------------- ------------------------------------------------------------------ ++++ checkpolicy: - Update to version 3.4 * warn on bogus IP address or netmask in nodecon statement * allow wildcard permissions in constraints * mention class name on invalid permission ++++ gstreamer: - Enable use of libunwind on riscv64 - Update to version 1.20.2 + Highlighted bugfixes: - avviddec: Remove vc1/wmv3 override and fix crashes on WMV files with FFMPEG 5.0+ - macOS: fix plugin discovery for GStreamer installed via brew and fix loading of Rust plugins - rtpbasepayload: various header extension handling fixes - rtpopusdepay: fix regression in stereo input handling if sprop-stereo is not advertised - rtspclientsink: fix possible shutdown deadlock - mpegts: gracefully handle "empty" program maps and fix AC-4 detection - mxfdemux: Handle empty VANC packets and fix EOS handling - playbin3: various playbin3, uridecodebin3, and playsink fixes - ptpclock: fix initial sync-up with certain devices - gltransformation: let graphene alloc its structures memory aligned - webrtcbin fixes and webrtc sendrecv example improvements - video4linux2: various fixes including some fixes for Raspberry Pi users - videorate segment handling fixes and other fixes - nvh264dec, nvh265dec: Fix broken key-unit trick modes and reverse playback - wpe: Reintroduce persistent WebContext - cerbero: Make it easier to consume 1.20.1 macOS GStreamer .pkgs - build fixes and gobject annotation fixes - bug fixes, security fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - devicemonitor: clean up signal handlers and hidden providers list - Leaks tracer: fix pthread_atfork return value check leading to bogus warning in log - Rust plugins: Not picked up by the plugin loader on macOS - Failed to use plugins of latest GStreamer version 1.20.x installed by brew on macOS - ptpclock: Allow at least 100ms delay between Sync/Follow_Up and Delay_Req/Delay_Resp messages. Fixes problems acquiring initial sync with certain devices - meson: Add -Wl,-rpath,${libdir} on macOS - registry: skip Rust dep builddirs when searching for plugins recursively ++++ gstreamer-plugins-base: - Update to version 1.20.2: + appsrc: Clarify buffer ref semantics in signals documentation + appsrc: fix annotations for bindings + typefind: Skip extension parsing for data:// URIs, fixing regression with mp4 files serialised to data uris + playbin3: various fixes + playbin3: fix missing lock when unknown stream type in pad-removed cb + decodebin3: fix collection leaks + decodebin3: Don't duplicate stream selections + discoverer: chain up to parent finalize methods in all our types to fix memory leaks + glmixerbin: slightly better pad/element creation + gltransformation: let graphene alloc its structures memory aligned + ogg: fix possible buffer overrun + rtpbasepayload: Don't write header extensions if there's no corresponding... + rtpbasepayload: always store input buffer meta before negotiation + rtpbasepayload: fix transfer annotation for push and push_list + subparse: don't try to index string with -1 + riff-media: fix memory leak after usage for g_strjoin() + playbin/playbin3: Allow setting a NULL URI + playsink: Complete reconfiguration on pad release. + parsebin: Expose streams of unknown type + pbutils: Fix wmv screen description detection + subparse: don't deref a potentially NULL variable + rawvideoparse: set format from caps in gst_raw_video_parse_set_config_from_caps + videodecoder: release stream lock after handling gap events + videorate: fix assertion when pushing last and only buffer without duration + videorate: Revert "don't reset on segment update" to fix segment handling regressions + gst-play-1.0, gst-launch-1.0: Enable win32 high-resolution timer also for MinGW build - Drop patch already included in 1.20.2: + 5a074a11f90e3d70b24bf0c535ab0480fad9e701.patch ++++ kernel-default: - Linux 5.17.6 (bsc#1012628). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (bsc#1012628). - floppy: disable FDRAWCMD by default (bsc#1012628). - USB: quirks: add a Realtek card reader (bsc#1012628). - USB: quirks: add STRING quirk for VCOM device (bsc#1012628). - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (bsc#1012628). - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (bsc#1012628). - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (bsc#1012628). - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (bsc#1012628). - usb: xhci: tegra:Fix PM usage reference leak of tegra_xusb_unpowergate_partitions (bsc#1012628). - xhci: Enable runtime PM on second Alderlake controller (bsc#1012628). - xhci: stop polling roothubs after shutdown (bsc#1012628). - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (bsc#1012628). - iio: dac: ad5592r: Fix the missing return value (bsc#1012628). - iio: scd4x: check return of scd4x_write_and_fetch (bsc#1012628). - iio: dac: ad5446: Fix read_raw not returning set value (bsc#1012628). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (bsc#1012628). - iio: imu: inv_icm42600: Fix I2C init possible nack (bsc#1012628). - usb: misc: fix improper handling of refcount in uss720_probe() (bsc#1012628). - usb: core: Don't hold the device lock while sleeping in do_proc_control() (bsc#1012628). - usb: typec: ucsi: Fix reuse of completion structure (bsc#1012628). - usb: typec: ucsi: Fix role swapping (bsc#1012628). - usb: gadget: uvc: Fix crash when encoding data for usb request (bsc#1012628). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (bsc#1012628). - usb: dwc3: Try usb-role-switch first in dwc3_drd_init (bsc#1012628). - usb: dwc3: core: Fix tx/rx threshold settings (bsc#1012628). - usb: dwc3: core: Only handle soft-reset in DCTL (bsc#1012628). - usb: dwc3: gadget: Return proper request status (bsc#1012628). - usb: dwc3: pci: add support for the Intel Meteor Lake-P (bsc#1012628). - usb: cdns3: Fix issue for clear halt endpoint (bsc#1012628). - usb: phy: generic: Get the vbus supply (bsc#1012628). - kernfs: fix NULL dereferencing in kernfs_remove (bsc#1012628). - binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0 (bsc#1012628). - binder: Address corner cases in deferred copy and fixup (bsc#1012628). - serial: imx: fix overrun interrupts in DMA mode (bsc#1012628). - serial: amba-pl011: do not time out prematurely when draining tx fifo (bsc#1012628). - serial: 8250: Also set sticky MCR bits in console restoration (bsc#1012628). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (bsc#1012628). - eeprom: at25: Use DMA safe buffers (bsc#1012628). - arch_topology: Do not set llc_sibling if llc_id is invalid (bsc#1012628). - topology: make core_mask include at least cluster_siblings (bsc#1012628). - ceph: fix possible NULL pointer dereference for req->r_session (bsc#1012628). - bus: mhi: host: pci_generic: Add missing poweroff() PM callback (bsc#1012628). - bus: mhi: host: pci_generic: Flush recovery worker during freeze (bsc#1012628). - arm64: dts: imx8mm-venice: fix spi2 pin configuration (bsc#1012628). - pinctrl: samsung: fix missing GPIOLIB on ARM64 Exynos config (bsc#1012628). - f2fs: should not truncate blocks during roll-forward recovery (bsc#1012628). - hex2bin: make the function hex_to_bin constant-time (bsc#1012628). - hex2bin: fix access beyond string end (bsc#1012628). - bus: fsl-mc-msi: Fix MSI descriptor mutex lock for msi_first_desc() (bsc#1012628). - riscv: patch_text: Fixup last cpu should be master (bsc#1012628). - x86/cpu: Load microcode during restore_processor_state() (bsc#1012628). - x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (bsc#1012628). - iocost: don't reset the inuse weight of under-weighted debtors (bsc#1012628). - virtio_net: fix wrong buf address calculation when using xdp (bsc#1012628). - cpufreq: qcom-hw: drop affinity hint before freeing the IRQ (bsc#1012628). - cpufreq: qcom-hw: fix the race between LMH worker and cpuhp (bsc#1012628). - cpufreq: qcom-hw: fix the opp entries refcounting (bsc#1012628). - cpufreq: qcom-cpufreq-hw: Fix throttle frequency value on EPSS platforms (bsc#1012628). - video: fbdev: udlfb: properly check endpoint type (bsc#1012628). - arm64: dts: meson: remove CPU opps below 1GHz for G12B boards (bsc#1012628). - arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards (bsc#1012628). - iio: dac: ad3552r: fix signedness bug in ad3552r_reset() (bsc#1012628). - iio:imu:bmi160: disable regulator in error path (bsc#1012628). - iio:filter:admv8818: select REGMAP_SPI for ADMV8818 (bsc#1012628). - mtd: rawnand: fix ecc parameters for mt7622 (bsc#1012628). - tee: optee: add missing mutext_destroy in optee_ffa_probe (bsc#1012628). - xsk: Fix l2fwd for copy mode + busy poll combo (bsc#1012628). - arm64: dts: imx8qm: Correct SCU clock controller's compatible property (bsc#1012628). - USB: Fix xhci event ring dequeue pointer ERDP update issue (bsc#1012628). - soc: imx: imx8m-blk-ctrl: Fix IMX8MN_DISPBLK_PD_ISI hang (bsc#1012628). - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (bsc#1012628). - iio:dac:ad3552r: Fix an IS_ERR() vs NULL check (bsc#1012628). - arm64: dts: imx8mq-tqma8mq: change the spi-nor tx (bsc#1012628). - arm64: dts: imx8mn: Fix SAI nodes (bsc#1012628). - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO pin labeling for CON1 (bsc#1012628). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (bsc#1012628). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (bsc#1012628). - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (bsc#1012628). - bus: ti-sysc: Make omap3 gpt12 quirk handling SoC specific (bsc#1012628). - ARM: dts: dra7: Fix suspend warning for vpe powerdomain (bsc#1012628). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (bsc#1012628). - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (bsc#1012628). - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (bsc#1012628). - ARM: dts: at91: fix pinctrl phandles (bsc#1012628). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (bsc#1012628). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (bsc#1012628). - interconnect: qcom: sc7180: Drop IP0 interconnects (bsc#1012628). - interconnect: qcom: sdx55: Drop IP0 interconnects (bsc#1012628). - ARM: dts: Fix mmc order for omap3-gta04 (bsc#1012628). - ARM: dts: am33xx-l4: Add missing touchscreen clock properties (bsc#1012628). - ARM: dts: am3517-evm: Fix misc pinmuxing (bsc#1012628). - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (bsc#1012628). - pinctrl: qcom: sm6350: fix order of UFS & SDC pins (bsc#1012628). - ipvs: correctly print the memory size of ip_vs_conn_tab (bsc#1012628). - phy: amlogic: fix error path in phy_g12a_usb3_pcie_probe() (bsc#1012628). - pinctrl: mediatek: moore: Fix build error (bsc#1012628). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (bsc#1012628). - mtd: fix 'part' field data corruption in mtd_info (bsc#1012628). - pinctrl: stm32: Do not call stm32_gpio_get() for edge triggered IRQs in EOI (bsc#1012628). - memory: renesas-rpc-if: Fix HF/OSPI data transfer in Manual Mode (bsc#1012628). - net: dsa: Add missing of_node_put() in dsa_port_link_register_of (bsc#1012628). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (bsc#1012628). - bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook (bsc#1012628). - pinctrl: rockchip: fix RK3308 pinmux bits (bsc#1012628). - tcp: md5: incorrect tcp_header_len for incoming connections (bsc#1012628). - pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (bsc#1012628). - tcp: ensure to use the most recently sent skb when filling the rate sample (bsc#1012628). - wireguard: device: check for metadata_dst with skb_valid_dst() (bsc#1012628). - sctp: check asoc strreset_chunk in sctp_generate_reconf_event (bsc#1012628). - ARM: dts: imx6ull-colibri: fix vqmmc regulator (bsc#1012628). - arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (bsc#1012628). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (bsc#1012628). - cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe (bsc#1012628). - net: hns3: clear inited state and stop client after failed to register netdev (bsc#1012628). - net: hns3: fix error log of tx/rx tqps stats (bsc#1012628). - net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (bsc#1012628). - net: hns3: add validity check for message data length (bsc#1012628). - net: hns3: add return value for mailbox handling in PF (bsc#1012628). - net/smc: sync err code when tcp connection was refused (bsc#1012628). - net: lan966x: fix a couple off by one bugs (bsc#1012628). - ip_gre: Make o_seqno start from 0 in native mode (bsc#1012628). - ip6_gre: Make o_seqno start from 0 in native mode (bsc#1012628). - ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode (bsc#1012628). - tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (bsc#1012628). - tcp: make sure treq->af_specific is initialized (bsc#1012628). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (bsc#1012628). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (bsc#1012628). - cpufreq: qcom-cpufreq-hw: Clear dcvs interrupts (bsc#1012628). - mctp: defer the kfree of object mdev->addrs (bsc#1012628). - net: bcmgenet: hide status block before TX timestamping (bsc#1012628). - net: phy: marvell10g: fix return value on error (bsc#1012628). - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (bsc#1012628). - drm/sun4i: Remove obsolete references to PHYS_OFFSET (bsc#1012628). - ice: wait 5 s for EMP reset after firmware flash (bsc#1012628). - Bluetooth: hci_event: Fix checking for invalid handle on error status (bsc#1012628). - net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK (bsc#1012628). - io_uring: check reserved fields for send/sendmsg (bsc#1012628). - io_uring: check reserved fields for recv/recvmsg (bsc#1012628). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1012628). - netfilter: conntrack: fix udp offload timeout sysctl (bsc#1012628). - platform/x86: asus-wmi: Potential buffer overflow in asus_wmi_evaluate_method_buf() (bsc#1012628). - platform/x86: asus-wmi: Fix driver not binding when fan curve control probe fails (bsc#1012628). - drm/amdkfd: Fix GWS queue count (bsc#1012628). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1012628). - tls: Skip tls_append_frag on zero copy size (bsc#1012628). - bnx2x: fix napi API usage sequence (bsc#1012628). - net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (bsc#1012628). - gfs2: Minor retry logic cleanup (bsc#1012628). - gfs2: Make sure not to return short direct writes (bsc#1012628). - gfs2: No short reads or writes upon glock contention (bsc#1012628). - perf arm-spe: Fix addresses of synthesized SPE events (bsc#1012628). - ixgbe: ensure IPsec VF<->PF compatibility (bsc#1012628). - net: enetc: allow tc-etf offload even with NETIF_F_CSUM_MASK (bsc#1012628). - Revert "ibmvnic: Add ethtool private flag for driver-defined queue limits" (bsc#1012628). - tcp: fix F-RTO may not work correctly when receiving DSACK (bsc#1012628). - ASoC: soc-pcm: use GFP_KERNEL when the code is sleepable (bsc#1012628). - ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN (bsc#1012628). - ASoC: rt711/5682: check if bus is active before deferred jack detection (bsc#1012628). - ASoC: Intel: soc-acpi: correct device endpoints for max98373 (bsc#1012628). - ASoC: wm8731: Disable the regulator when probing fails (bsc#1012628). - Input: cypress-sf - register a callback to disable the regulators (bsc#1012628). - ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1012628). - arch: xtensa: platforms: Fix deadlock in rs_close() (bsc#1012628). - ksmbd: increment reference count of parent fp (bsc#1012628). - ksmbd: set fixed sector size to FS_SECTOR_SIZE_INFORMATION (bsc#1012628). - erofs: fix use-after-free of on-stack io[] (bsc#1012628). - bonding: do not discard lowest hash bit for non layer3+4 hashing (bsc#1012628). - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (bsc#1012628). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1012628). - drivers: net: hippi: Fix deadlock in rr_close() (bsc#1012628). - powerpc/perf: Fix 32bit compile (bsc#1012628). - ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (bsc#1012628). - selftest/vm: verify mmap addr in mremap_test (bsc#1012628). - selftest/vm: verify remap destination address in mremap_test (bsc#1012628). - bfq: Fix warning in bfqq_request_over_limit() (bsc#1012628). - Revert "ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40" (bsc#1012628). - Revert "block: inherit request start time from bio for BLK_CGROUP" (bsc#1012628). - zonefs: Fix management of open zones (bsc#1012628). - zonefs: Clear inode information flags on inode creation (bsc#1012628). - kasan: prevent cpu_quarantine corruption when CPU offline and cache shrink occur at same time (bsc#1012628). - mtd: rawnand: qcom: fix memory corruption that causes panic (bsc#1012628). - netfilter: Update ip6_route_me_harder to consider L3 domain (bsc#1012628). - drm/amdgpu: don't runtime suspend if there are displays attached (v3) (bsc#1012628). - drm/i915: Check EDID for HDR static metadata when choosing blc (bsc#1012628). - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (bsc#1012628). - net: ethernet: stmmac: fix write to sgmii_adapter_base (bsc#1012628). - ACPI: processor: idle: Avoid falling back to C3 type C-states (bsc#1012628). - thermal: int340x: Fix attr.show callback prototype (bsc#1012628). - btrfs: fix direct I/O read repair for split bios (bsc#1012628). - btrfs: fix direct I/O writes for split bios on zoned devices (bsc#1012628). - btrfs: fix leaked plug after failure syncing log on zoned filesystems (bsc#1012628). - btrfs: zoned: use dedicated lock for data relocation (bsc#1012628). - btrfs: fix assertion failure during scrub due to block group reallocation (bsc#1012628). - ARM: dts: at91: sama7g5ek: enable pull-up on flexcom3 console lines (bsc#1012628). - ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC mode (bsc#1012628). - perf symbol: Pass is_kallsyms to symbols__fixup_end() (bsc#1012628). - perf symbol: Update symbols__fixup_end() (bsc#1012628). - perf symbol: Remove arch__symbols__fixup_end() (bsc#1012628). - tty: n_gsm: fix missing mux reset on config change at responder (bsc#1012628). - tty: n_gsm: fix restart handling via CLD command (bsc#1012628). - tty: n_gsm: fix decoupled mux resource (bsc#1012628). - tty: n_gsm: fix mux cleanup after unregister tty device (bsc#1012628). - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (bsc#1012628). - tty: n_gsm: fix frame reception handling (bsc#1012628). - tty: n_gsm: fix malformed counter for out of frame data (bsc#1012628). - netfilter: nft_socket: only do sk lookups when indev is available (bsc#1012628). - tty: n_gsm: fix insufficient txframe size (bsc#1012628). - tty: n_gsm: fix wrong DLCI release order (bsc#1012628). - tty: n_gsm: fix missing explicit ldisc flush (bsc#1012628). - tty: n_gsm: fix wrong command retry handling (bsc#1012628). - tty: n_gsm: fix wrong command frame length field encoding (bsc#1012628). - tty: n_gsm: fix wrong signal octets encoding in MSC (bsc#1012628). - tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (bsc#1012628). - tty: n_gsm: fix reset fifo race condition (bsc#1012628). - tty: n_gsm: fix incorrect UA handling (bsc#1012628). - tty: n_gsm: fix missing update of modem controls after DLCI open (bsc#1012628). - tty: n_gsm: fix broken virtual tty handling (bsc#1012628). - tty: n_gsm: fix invalid use of MSC in advanced option (bsc#1012628). - tty: n_gsm: fix software flow control handling (bsc#1012628). - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (bsc#1012628). - objtool: Fix code relocs vs weak symbols (bsc#1012628). - objtool: Fix type of reloc::addend (bsc#1012628). - powerpc/64: Add UADDR64 relocation support (bsc#1012628). - Update config files. - commit 35de487 - net: atlantic: always deep reset on pm op, fixing up my null deref regression (resume crash). - commit e2300f2 ++++ libcap-ng: - Update to 0.8.3: * Add vararg support to python bindings for capng_updatev * Add support for ambient capabilities * Add support for V3 filesystem capabilities * If procfs is not available, leave last_cap as CAP_LAST_CAP * If bounding and ambient not found in status, try prctl method * In capng_apply, move ambient caps to the end of the transaction * In capng_apply, return errors more aggressively. * In capng_apply, if the action includes the bounding set,resync with the kernel * Fix signed/unsigned warning in cap-ng.c * In capng_apply, return a unique error code to diagnose any failure * In capng_have_capability, return 0 for failure * Add the libdrop_ambient admin tool * In capng_apply, if we blew up in bounding set, allow setting capabilities * If PR_CAP_AMBIENT is not available, do not build libdrop_ambient * Improve last_cap check * Fix parameters to capng_updatev python bindings to be signed * Detect capability options at runtime to make containerization easier (ntkme) * Initialize the library when linked statically * Add gcc function attributes for deallocation ++++ multipath-tools: - Update to version 0.8.9+85+suse.a9da21c: * This is a pre-release of multipath-tools 0.9.0 * multipath.conf: add "protocol" subsection in "overrides" section This allows to set "dev_loss_tmo", "fast_io_fail_tmo", and "eh_deadline" on a per-protocol basis rather than per storage * multipath.conf: drop support for deprecated options: getuid_callout, pg_timeout, config_dir, multipath_dir * multipathd: don't switch to DAEMON_IDLE during startup (bsc#1199346, bsc#1197570) * multipathd: avoid delays during uevent processing (bsc#1199347) * Fixes for minor issues reported by coverity * Fix for memory leak with uid_attrs * Fix possibility to redefine -D_FORTIFY_SOURCE macro. * Updates for built in hardware db ++++ ncurses: - Add ncurses patch 20220507 + add test/test_mouse.c (patch by Leonid S Usov). + add a few debug-traces for tic, fix a couple of memory-leaks. ++++ open-iscsi: - Update to latest upstream, including: * Added 'distclean' to Makefile targets * Ensure Makefile '.PHONY' targets set up correctly * fix an iscsid logout bug generating a false error and cleanup logout error messages ++++ libselinux: - Update to version 3.4: * Use PCRE2 by default * Make selinux_log() and is_context_customizable() thread-safe * Prevent leakeing file descriptors * Correctly hash specfiles larger than 4G - Refreshed skip_cycles.patch ++++ libsemanage: - Update to version 3.4 * Optionally rebuild policy when modules are changed externally * Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() * Allow spaces in user/group names ++++ libsepol: - Update to version 3.4 * Add 'ioctl_skip_cloexec' policy capability * Add sepol_av_perm_to_string * Add policy utilities * Support IPv4/IPv6 address embedding * Hardened/added many validations * Add support for file types in writing out policy.conf * Allow optional file type in genfscon rules ++++ tiff: - security update: * CVE-2022-0907 [bsc#1197070] + tiff-CVE-2022-0907.patch - security update * CVE-2022-0561 [bsc#1195964] + tiff-CVE-2022-0561.patch * CVE-2022-0562 [bsc#1195965] + tiff-CVE-2022-0562.patch * CVE-2022-0865 [bsc#1197066] + tiff-CVE-2022-0865.patch * CVE-2022-0909 [bsc#1197072] + tiff-CVE-2022-0909.patch * CVE-2022-0924 [bsc#1197073] + tiff-CVE-2022-0924.patch * CVE-2022-0908 [bsc#1197074] + tiff-CVE-2022-0908.patch ++++ libvirt: - Update to libvirt 8.3.0 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v8-3-0-2022-05-02 ++++ policycoreutils: - Update to version 3.4 * fixfiles: Use parallel relabeling - Refreshed patches * get_os_version.patch * run_init.pamd.patch ++++ libselinux-bindings: - Update to version 3.4: * Use PCRE2 by default * Make selinux_log() and is_context_customizable() thread-safe * Prevent leakeing file descriptors * Correctly hash specfiles larger than 4G - Refreshed skip_cycles.patch ++++ python-libvirt-python: - Update to 8.3.0 - Add all new APIs and constants in libvirt 8.3.0 ++++ python-semanage: - Update to version 3.4 * Optionally rebuild policy when modules are changed externally * Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() * Allow spaces in user/group names ------------------------------------------------------------------ ------------------ 2022-5-8 - May 8 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - Add python310-help-mr848.patch so that Tumbleweed can switch python3 to Python 3.10 (https://gitlab.com/apparmor/apparmor/-/merge_requests/848) ++++ kernel-default: - Update to 5.18-rc6 - commit ed50f8f ++++ libapparmor: - Add python310-help-mr848.patch so that Tumbleweed can switch python3 to Python 3.10 (https://gitlab.com/apparmor/apparmor/-/merge_requests/848) ++++ sqlite3: - update to 3.38.5: * Fix a blunder in the CLI of the 3.38.4 release - includes changes from 3.38.4: * fix a byte-code problem in the Bloom filter pull-down optimization added by release 3.38.0 in which an error in the byte code causes the byte code engine to enter an infinite loop when the pull-down optimization encounters a NULL key ++++ setroubleshoot: - Switch runtime requirement of server package from ancient PyGObject 2 to the current version. Build requirement was already current. ------------------------------------------------------------------ ------------------ 2022-5-7 - May 7 2022 ------------------- ------------------------------------------------------------------ ++++ nfs-utils: - switch to https urls ++++ lsof: - update to 4.95.0: * Update perl scripts for the past few decades of progress * Drop LSOF_CCDATE across all dialects to ensure reproducible builds * Fix FD field description. * Adjust alignment of buffer passed to stat(). * Clean up source code and documents. - remove trailing whitespace, - fix some issues in scripts found through shellcheck, and - fix spelling * man page: fix hyphen issues * Fix broken LSOF_CFLAGS_OVERRIDE. * [linux] Remove sysvlegacy function. * [linux] use close_range instead of calling close repeatedly * Add -Q option for adjusting exit status when failed to find a search item (#129) - drop lsof-no-build-date-etc.patch (obsolete) ++++ pigz: - update to 2.7: * Improved display of multiple-member gzip files * Better gzip compatibility and bug fixes - add pigz-2.7-NOTHREAD-tests.patch to fix tests ------------------------------------------------------------------ ------------------ 2022-5-6 - May 6 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - commit 5d4e32c ++++ gcc12: - Update to GCC 12.1 release, 1ea978e3066ac565a1ec28a96a4d61, git27 ++++ open-iscsi: - Updated to latest upstream version, tagged 2.1.7. Changes included: * updated/fixed test script * updated build system * several bug fixes, including one for bsc#1199264 ++++ systemd: - Import commit 0d950479e58dd3af007eb3780d600a5446aac519 (merge of v250.5) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/736db5a59f1ab1317ef64ec6e7dc394250178146...0d950479e58dd3af007eb3780d600a5446aac519 ++++ tiff: - security update * CVE-2022-1056 [bsc#1197631] * CVE-2022-0891 [bsc#1197068] + tiff-CVE-2022-1056,CVE-2022-0891.patch ++++ libunwind: - Enable build on riscv64 and run testsuite ++++ vim: - Updated to version 8.2.4877, fixes the following problems - CVE-2022-1420 - boo#1198748 - CVE-2022-1381 - boo#1198596 * Using wrong flag for using bell in the terminal. * Supercollider filetype not recognized. * No filetype override for .sys files. * Cannot use an imported function in a mapping. *