------------------------------------------------------------------ --- Changelog.all ----------- Fri Dec 16 08:42:29 UTC 2022 ------ ------------------------------------------------------------------ ------------------------------------------------------------------ ------------------ 2022-12-14 - Dec 14 2022 ------------------- ------------------------------------------------------------------ ++++ fde-tools: - Fix several bugs in firstboot * The approach for reading the initial FDE pass phrase from /etc/default/grub is not supported in kiwi yet, so work around that * The kiwi KVM images have a strange EFI boot path that does not contain a File component. Try to work around that. * shim-install behaves differently between kiwi image build time and the installed system. Work around. ------------------------------------------------------------------ ------------------ 2022-12-13 - Dec 13 2022 ------------------- ------------------------------------------------------------------ ++++ fde-tools: - Fix source URL - Fix the fde-tpm-enroll.service file ++++ selinux-policy: - Updated fix_networkmanager.patch to fixe labeling of nm-dispatcher and nm-priv-helper until the packaging is adjusted (bsc#1206355) - Update fix_chronyd.patch to allow sendto towards NetworkManager_dispatcher_custom_t. Added new interface networkmanager_dispatcher_custom_dgram_send for this (bsc#1206357) - Update fix_dbus.patch to allow dbus to watch lib directories (bsc#1205895) ------------------------------------------------------------------ ------------------ 2022-12-12 - Dec 12 2022 ------------------- ------------------------------------------------------------------ ++++ fde-tools: - Updated to version 0.6.1 - Fix tpm-enable subcommand - Add new add-secondary-key subcommand - Add a systemd unit file that triggers on the presence of the key file written by d-installer ------------------------------------------------------------------ ------------------ 2022-12-7 - Dec 7 2022 ------------------- ------------------------------------------------------------------ ++++ fde-tools: - Updated to version 0.6 - pcr-oracle is now a standalone project and package - Split off the jeos-firstboot stuff into a binary package of its own, because bare metal installations do not need it - Refactoring the scripts - Folded Gary's patches into git. ------------------------------------------------------------------ ------------------ 2022-12-6 - Dec 6 2022 ------------------- ------------------------------------------------------------------ ++++ selinux-policy: - Updated fix_networkmanager.patch to allow NetworkManager to watch net_conf_t (bsc#1206109) ------------------------------------------------------------------ ------------------ 2022-11-30 - Nov 30 2022 ------------------- ------------------------------------------------------------------ ++++ selinux-policy: - Add fix_irqbalance.patch: support netlink socket operations (bsc#1205434) - Drop fix_irqbalance.patch: superseded by upstream ------------------------------------------------------------------ ------------------ 2022-11-25 - Nov 25 2022 ------------------- ------------------------------------------------------------------ ++++ libtpms: - fix build for ppc64le: use -Wl,--no-as-needed in check-local [bsc#1204556] ------------------------------------------------------------------ ------------------ 2022-11-24 - Nov 24 2022 ------------------- ------------------------------------------------------------------ ++++ selinux-policy: - fix_sysnetwork.patch: firewalld uses /etc/sysconfig/network/ for network interface definition instead of /etc/sysconfig/network-scripts/, modified sysnetwork.fc to reflect that (bsc#1205580). ------------------------------------------------------------------ ------------------ 2022-11-22 - Nov 22 2022 ------------------- ------------------------------------------------------------------ ++++ systemd: - Import commit 3bd3e4e6c1efe0d6df776107efde47e15e58fe96 d28e81d65c test: fix the default timeout values described in README.testsuite d921c83f53 meson: install test-kernel-install only when -Dkernel-install=true c3b6c4b584 tests: update install_suse_systemd() 3c77335b19 tests: install dmi-sysfs module on openSUSE df632130cd tests: install systemd-resolved on openSUSE - Add 6000-Revert-tmpfiles-whenever-creating-an-inode-immediate.patch until upstream issue #25468 is fixed. - Drop 6000-meson-install-test-kernel-install-only-when-Dkernel-.patch, the patch has been merged in the SUSE git repo. ++++ shim: - Enhance cryptodisk code to recognize new variables in /etc/default/grub: * GRUB_CRYPTODISK_PASSWORD * GRUB_TPM2_SEALED_KEY * GRUB_TPM2_PCR_BANK and GRUB_TPM2_PCR_LIST - Introduce --no-grub-install option ------------------------------------------------------------------ ------------------ 2022-11-21 - Nov 21 2022 ------------------- ------------------------------------------------------------------ ++++ raspberrypi-firmware: - Update to b8a7365 (2022-11-18): * firmware: arm_loader: Improvements to Compute Module audio See: https://forums.raspberrypi.com/viewtopic.php?p=2052680 * firmware: arm_loader: Fix GPIO bank 1 support See: #1756 ++++ raspberrypi-firmware-config: - Update to b8a7365 (2022-11-18): * firmware: arm_loader: Improvements to Compute Module audio See: https://forums.raspberrypi.com/viewtopic.php?p=2052680 * firmware: arm_loader: Fix GPIO bank 1 support See: #1756 ++++ raspberrypi-firmware-config-camera: - Update to b8a7365 (2022-11-18): * firmware: arm_loader: Improvements to Compute Module audio See: https://forums.raspberrypi.com/viewtopic.php?p=2052680 * firmware: arm_loader: Fix GPIO bank 1 support See: #1756 ------------------------------------------------------------------ ------------------ 2022-11-18 - Nov 18 2022 ------------------- ------------------------------------------------------------------ ++++ systemd: - Reenable build of sd_boot, it was mistakenly disabled during the integration of v252. ------------------------------------------------------------------ ------------------ 2022-11-17 - Nov 17 2022 ------------------- ------------------------------------------------------------------ ++++ python-certifi: - Update to 2022.9.24: * (no changes) - from version 2022.09.24: * (no changes) - from version 2022.09.14: * (no changes) - from version 2022.06.15.2: * Only use importlib.resources's new files() / Traversable API on Python ≥3.11 (#204) - from version 2022.06.15.1: * Fix deprecation warning on Python 3.11 (#199) * fixes #198 -- update link in license - from version 2022.06.15: * Add py.typed to MANIFEST.in to package in sdist (#196) - from version 2022.05.18.1: * Add support for Python 3.10 and drop EOL 3.5 (#167) - from version 2022.05.18: * Automatically lock github issues after they've been closed for 90 days (#189) * Remove universal wheel, python 2 is unsupported (#187) * Add type annotations to package * Added Required Python Version (#152) * Fix homepage link (#145) - Refresh patches for new version * python-certifi-shipped-requests-cabundle.patch ------------------------------------------------------------------ ------------------ 2022-11-16 - Nov 16 2022 ------------------- ------------------------------------------------------------------ ++++ ansible: - remove lowlydba.sqlserver collection as rpmlint throws errors due to powershell: "E: wrong-script-interpreter (Badness: 490) [...]/ansible_collections/lowlydba/sqlserver/plugins/modules/restore.ps1 powershell" ++++ curl: - Add 1.50.0 as the minimum libnghttp2 build requirement version as a bandaid. Curl's 7.86.0 release introduces the use of nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation, introduced by nghttp2 1.50.0 release, without introducing a check for the function/right version in their build scripts. This will make Zypper/cURL unusable in some corner cases where users installing something that requires libcurl4 before doing full system upgrade, thus updating the cURL stack, but not libnghttp2's. Background: boo#1204983, Factory mailing list threadd: "? broken dependency in curl and/or *zyp* ?", and forums thread: Curl-is-broken-after-an-update-which-subsequently-breaks-zypper. ++++ grub2: - Security fixes and hardenings * 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch * 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch - Fix CVE-2022-2601 (bsc#1205178) * 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch * 0004-font-Remove-grub_font_dup_glyph.patch * 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch * 0006-font-Fix-integer-overflow-in-BMP-index.patch * 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch * 0008-fbutil-Fix-integer-overflow.patch - Fix CVE-2022-3775 (bsc#1205182) * 0009-font-Fix-an-integer-underflow-in-blit_comb.patch * 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch * 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch * 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch - Bump upstream SBAT generation to 3 ++++ krb5: - Update to 1.20.1; (bsc#1205126); (CVE-2022-42898); * Fix integer overflows in PAC parsing [CVE-2022-42898]. * Fix null deref in KDC when decoding invalid NDR. * Fix memory leak in OTP kdcpreauth module. * Fix PKCS11 module path search. ++++ llvm15: - Update to version 15.0.5. * This release contains bug-fixes for the LLVM 15.0.0 release. This release is API and ABI compatible with 15.0.0. - Remove obsolete lldb-swig-4.1.0-build-fix.patch. - Rebase llvm-do-not-install-static-libraries.patch. ++++ libXft: - Update to version 2.3.7 * libxft issue #15 https://gitlab.freedesktop.org/xorg/lib/libxft/-/issues/15 XftFontLoadGlyphs for mono font returns wrong info in extents from XftTextExtentsUtf8 for variable chars Patch by Scott Mcdermott, based on https://github.com/googlefonts/Inconsolata/issues/42 * fix compiler warning * libxft issue #16 https://gitlab.freedesktop.org/xorg/lib/libxft/-/issues/16 Stack gets smashed in fonts with colors when calling XftGlyphRender BGRA changes made incorrect comparison for local vs allocated buffer in XftGlyphSpecRender * stdint.h header is needed for SIZE_MAX ++++ lcms2: - Removed reverse-0001-fix-memory-leaks-on-testbed.patch and added 0001-fix-memory-corruption-when-unregistering-plugins.patch as final fix for https://github.com/hughsie/colord/issues/145 ++++ open-iscsi: - Updated to latest upstream. Changes: * scsid/iscsiuio: fix OOM adjustment (github issue #377) ++++ qemu: - Raise the maximum number of vCPUs a VM can have to 1024 (jsc#PED-2592) * Patches added: pc-q35-Bump-max_cpus-to-1024.patch ------------------------------------------------------------------ ------------------ 2022-11-15 - Nov 15 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - try to fix build on ppc64le due to running OOM (boo#1205441) * let's request 20G of physical memory via _constraints file ++++ Mesa-drivers: - try to fix build on ppc64le due to running OOM (boo#1205441) * let's request 20G of physical memory via _constraints file ++++ ansible: - update to 6.6.0: Ansible 6.6.0 will include ansible-core 2.13.6 as well as a curated set of Ansible collections to provide a vast number of modules and plugins. * The changelog for ansible-core 2.13 installed by this release of ansible is available here: https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst * Collections which have opted into being a part of the Ansible-6 unified changelog will have an entry on this page: https://github.com/ansible-community/ansible-build-data/blob/main/6/CHANGELOG-v6.rst ++++ ansible-core: - update to 2.13.6: Changelog https://github.com/ansible/ansible/blob/v2.13.6/changelogs/CHANGELOG-v2.13.rst * Minor Changes - ansible-test - Improve consistency of version specific documentation links. * Bugfixes - BSD network facts - Do not assume column indexes, look for netmask and broadcast for determining the correct columns when parsing inet line (#79117) - ansible-galaxy - make initial call to Galaxy server on-demand only when installing, getting info about, and listing roles. - ansible-test - Add wheel < 0.38.0 constraint for Python 3.6 and earlier. - ansible-test - Fix broken documentation link for aws test plugin error messages. - copy module will no longer move 'non files' set as src when remote_src=true. - file lookup now handles missing files more gracefully. - service_facts - Use python re to parse service output instead of grep (#78541) - updated error messages to include 'acl' and not just mode changes when failing to set required permissions on remote. ++++ dracut: - Update to version 057+suse.344.g021aead9: * fix(dracut-systemd): run systemctl daemon-reload after remove_hostonly_files * fix(dracut.sh): improve detection of installed kernel versions (bsc#1205175) * fix(network-manager): always install the library plugins directory (bsc#1202014) * feat(dracut-init.sh): add inst_libdir_dir() helper (bsc#1202014) ++++ hwdata: - update to 0.364: + Updated pci, usb and vendor ids. ++++ texinfo: - Update to version 7.0 (7 November 2022) * texi2any * LaTeX added as an output format, selected with --latex * EPUB 3 added as an output format, selected with --epub3 * reform throughout the code in general * thorough review of character encoding issues * new customization variables involved with character encoding: INPUT_FILE_NAME_ENCODING, OUTPUT_FILE_NAME_ENCODING, DOC_ENCODING_FOR_INPUT_FILE_NAME, DOC_ENCODING_FOR_OUTPUT_FILE_NAME, MESSAGE_ENCODING and COMMAND_LINE_ENCODING * warn if full-text commands (@ref, @footnote, @anchor) appear in @w * new variable NO_TOP_NODE_OUTPUT * IGNORE_BEFORE_SETFILENAME variable removed. former effect is now always on. * HTML output: * use manual_name_html as output directory for split HTML instead of manual_name or manual_name.html * default DOCTYPE declaration changed to plain HTML5 style rather than HTML4 DTD reference * output only the CSS rules that are needed in an output file . remove CSS_LINES variable and add SHOW_BUILTIN_CSS_RULES * (custom CSS can still be output using EXTRA_HEAD) * use tag for the output of @t and @verb instead of * use for @acronym instead of * link to table of contents from short table of contents only if a table of contents is actually output * prefix classes from @example arguments with `user-' * percent encode URL in @url/@uref, @email, @image and external manual file * new USE_XML_SYNTAX, HTML_ROOT_ELEMENT_ATTRIBUTES and NO_CUSTOM_HTML_ATTRIBUTE variables can be used to output valid XHTML * systematic addition of classes attribute in HTML elements based on the Texinfo @-command names. renaming of class attributes to avoid confusion with @-commands formatting and describe the role in the document rather than the formatting style. * COPIABLE_ANCHORS renamed to COPIABLE_LINKS * do not add a title by default; SHOW_TITLE or NO_TOP_NODE_OUTPUT has to be set * USE_TITLEPAGE_FOR_TITLE is now true by default * L2H variable removed, replaced by HTML_MATH set to `l2h' * rename OVERVIEW_LINK_TO_TOC to SHORT_TOC_LINK_TO_TOC * rename BEFORE_OVERVIEW to BEFORE_SHORT_TOC_LINE * rename AFTER_OVERVIEW to AFTER_SHORT_TOC_LINES * remove PRE_ABOUT, AFTER_ABOUT, and add PROGRAM_NAME_IN_ABOUT * remove KEEP_TOP_EXTERNAL_REF * new variables IGNORE_REF_TO_TOP_NODE_UP, CONVERT_TO_LATEX_IN_MATH, HTMLXREF_MODE and HTMLXREF_FILE * DocBook output: * do not output Top node or text before the first @node or sectioning @-command. NO_TOP_NODE_OUTPUT can be set to false to output Top node for now. * replace @definfocenlose defined @-commands by the argument as-is to be more consistent with printed output * HTML/DocBook output: * USE_NUMERIC_ENTITY changed to mean to use numeric entities instead of named entities. former effect is now always on. * ENABLE_ENCODING_USE_ENTITY variable removed. former effect is now always off. * Info output * quote problematic node names (with :, comma...) by default * new customization variable ASCII_PUNCTUATION to use plain ASCII characters for quotation marks and a few other symbols * texinfo.tex * `@microtype on' uses microtypography in formatting for pdfTeX and LuaTeX * do not ignore @part page immediately following Top node * do `@set txicodevaristt' to get slanted typewriter for @var in code, `@clear txicodevaristt' to use slanted, variable-width roman font for @var everywhere. flag is @set by default, but we may turn this off in the future. * new file doc/texinfo-zh.tex for Texinfo documents in Chinese. new support file doc/txi-zh.tex for Chinese. doc/short-sample-zh.texi is a sample document. * info * better support for index entries containing parentheses * better support for getting bold text etc. when displaying manpages * bug fixed where the first index entry in a file could be ignored * M-C-f closes as well as opens footnotes window * do not crash if run in Brazilian Portuguese locale * Language * @deftype* commands use typewriter font in argument list * new commands @latex, @iflatex, @ifnotlatex for new LaTeX output format * do `@set txidefnamenospace' to omit space after a definition name * Other * build fixed for glibc 2.34 - Delete patch 13a8894fe2.patch as now part of upstream tar ball ++++ shim: - Add shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch for backporting the following patches between 15.6 with aa1b289a1a (jsc#PED-127): aa1b289a1a16774afc3143b8948d97261f0872d0 mok: remove MokListTrusted from PCR 7 0cf43ac6d78c6f47f8b91210639ac1aa63665f0b Add -malign-double to IA32 compiler flags ea4911c2f3ce8f8f703a1476febac86bb16b00fd load_cert_file: Use EFI RT memory function 2d4ebb5a798aafd3b06d2c3cb9c9840c1caa41ef load_cert_file: Fix stack issue 5c537b3d0cf8c393dad2e61d49aade68f3af1401 shim: Flush the memory region from i-cache before execution 14d63398298c8de23036a4cf61594108b7345863 Discard load-options that start with a NUL 092c2b2bbed950727e41cf450b61c794881c33e7 Reference MokListRT instead of MokList 0eb07e11b20680200d3ce9c5bc59299121a75388 Make SBAT variable payload introspectable - Add shim-Enable-TDX-measurement-to-RTMR-register.patch to support enhance shim measurement to TD RTMR. (jsc#PED-1273) - For pushing openSUSE:Factory/shim to SLE15-SP5, sync the shim.spec and shim.changes: (jsc#PED-127) - Add some change log from SLE shim.changes to Factory shim.changes Those messages are added "(sync shim.changes from SLE)" tag. - Add the following changes to shim.spec - only apply Patch100, the shim-bsc1198101-opensuse-cert-prompt.patch on openSUSE. - Enable the AArch64 signature check for SLE: [#] AArch64 signature signature=%{SOURCE13} ++++ virt-manager: - bsc#1203252 - virt-manager regression - cannot add second virtio-scsi controller virtman-fix-uninitialized-controller-index.patch ------------------------------------------------------------------ ------------------ 2022-11-14 - Nov 14 2022 ------------------- ------------------------------------------------------------------ ++++ libalternatives: - switch to a manual service rather than a buildtime tar service which introduces a bootstrap cycle between python and tar_scm ++++ grub2: - Removed 0001-linux-fix-efi_relocate_kernel-failure.patch as reported regression in some hardware being stuck in initrd loading (bsc#1205380) - Fix password asked twice if third field in crypttab not present (bsc#1205312) * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch ++++ kernel-firmware: - Update to version 20221109 (git commit 60310c2deb8c): * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * amdgpu: update DMCUB firmware for DCN 3.1.6 * rtl_bt: Update RTL8822C BT UART firmware to 0xFFB8_ABD6 * rtl_bt: Update RTL8822C BT USB firmware to 0xFFB8_ABD3 * WHENCE: mrvl: prestera: Add WHENCE entries for newly updated 4.1 FW images * mrvl: prestera: Update Marvell Prestera Switchdev FW to v4.1 * iwlwifi: add new FWs from core74_pv-60 release * qcom: drop split a530_zap firmware file * qcom/vpu-1.0: drop split firmware in favour of the mbn file * qcom/venus-4.2: drop split firmware in favour of the mbn file * qcom/venus-4.2: replace split firmware with the mbn file * qcom/venus-1.8: replace split firmware with the mbn file ++++ libeconf: - Update to version 0.4.8+git20221114.7ff7704: * Parsing files which are containing keys only (#170) All delimiters are allowed now : "", " =", " ", "=". But the user should use "" in order to be distinct. * /usr/etc/shells.d/ will not be parsed if /etc/shells.d/ is defined too. * Lto build fixed (#168) * New calls: econf_comment_tag, econf_delimiter_tag, econf_set_comment_tag, econf_set_delimiter_tag * Checking UID,GroupID, permissions,... of the parsed files (#165) New calls: econf_requireOwner, econf_requireGroup, econf_requirePermissions, econf_followSymlinks * Ignoring Group without brackets; Do not hold brackets in the internal data structure. (#164) * Error handling improved for nums and booleans (#163) ++++ systemd: - Upgrade to v252.1 (commit 64dc546913525e33e734500055a62ed0e963c227) See https://github.com/openSUSE/systemd/blob/SUSE/v252/NEWS for details. This includes the following bug fixes: - upstream commit 67c3e1f63a5221b47a8fea85ae421671f29f3b7e (bsc#1200723) * Rebased 0001-conf-parser-introduce-early-drop-ins.patch 1000-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch * The new tools systemd-measure and systemd-pcrphase have been added to the experimental sub-package for now. * Add temporarly 6000-meson-install-test-kernel-install-only-when-Dkernel-.patch until this patch is mainstreamed. ++++ tiff: - security update: * CVE-2022-3970 [bsc#1205392] + tiff-CVE-2022-3970.patch ++++ python-setuptools: - Delete remove_mock.patch, that's not needed anymore, it's upstreamed - Update to 65.5.1: * #3638: Drop a test dependency on the mock package, always use :external+python:py:mod:`unittest.mock` -- by :user:`hroncok` * #3659: Fixed REDoS vector in package_index. ------------------------------------------------------------------ ------------------ 2022-11-13 - Nov 13 2022 ------------------- ------------------------------------------------------------------ ++++ tiff: - security update: * CVE-2022-3597 [bsc#1204641] * CVE-2022-3626 [bsc#1204644] * CVE-2022-3627 [bsc#1204645] + tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch * CVE-2022-3599 [bsc#1204643] + tiff-CVE-2022-3599.patch * CVE-2022-3598 [bsc#1204642] + tiff-CVE-2022-3598.patch ------------------------------------------------------------------ ------------------ 2022-11-12 - Nov 12 2022 ------------------- ------------------------------------------------------------------ ++++ libappindicator: - Let the rpm provide libappindicator-gtk3 for EL8 compat ++++ nerdctl: - Update to version 1.0.0: * nerdctl run * Add --log-driver=syslog * Add --log-opt=log-path= option for json-file logging drivers * Add --mac-address flag * Support --pid=container: * nerdctl build: * Support --build-arg args without explicit value * Support --output=DIR as an alias of --output type=local,dest= * nerdctl compose: * Add nerdctl compose version command * nerdctl-full: * Update imgcrypt (1.1.7), BuildKit (0.10.5), stargz-snapshotter (0.12.1), Kubo (0.16.0) ++++ ovmf: - Change the size of ovmf-x86_64 back to 2MB, and remove EFI shell to reduce the fv image size. - Originally the reason of changing the size of ovmf-x86_64 to 4MB is for preventing OBS exposes the following error: [ 266s] GenFv: ERROR 3000: Invalid [ 266s] the required fv image size 0x1afed8 exceeds the set fv image size 0x1ac000 The fv image size is too big. But we found that change ovmf-x86_64 to 4MB causes live migration problem on qemu. (bsc#1204220) - So let's change the size of ovmf_x86_64 back to 2MB and remove EFI shell to reduce the fv image size. If user wants to use EFI shell, they should move to ovmf-x86_64-4m image. So we add the "-D EXCLUDE_SHELL" build option to ovmf-x86_64 flavor in ovmf.spec. (bsc#1204220) ------------------------------------------------------------------ ------------------ 2022-11-11 - Nov 11 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Linux 6.0.8 (bsc#1012628). - usb: dwc3: gadget: Force sending delayed status during soft disconnect (bsc#1012628). - usb: dwc3: gadget: Don't delay End Transfer on delayed_status (bsc#1012628). - RDMA/cma: Use output interface for net_dev check (bsc#1012628). - IB/hfi1: Correctly move list in sc_disable() (bsc#1012628). - RDMA/hns: Disable local invalidate operation (bsc#1012628). - RDMA/hns: Fix NULL pointer problem in free_mr_init() (bsc#1012628). - docs/process/howto: Replace C89 with C11 (bsc#1012628). - RDMA/rxe: Fix mr leak in RESPST_ERR_RNR (bsc#1012628). - NFSv4: Fix a potential state reclaim deadlock (bsc#1012628). - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (bsc#1012628). - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (bsc#1012628). - SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed (bsc#1012628). - NFSv4.2: Fixup CLONE dest file size for zero-length count (bsc#1012628). - nfs4: Fix kmemleak when allocate slot failed (bsc#1012628). - net: dsa: Fix possible memory leaks in dsa_loop_init() (bsc#1012628). - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (bsc#1012628). - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (bsc#1012628). - tools/nolibc: Fix missing strlen() definition and infinite loop with gcc-12 (bsc#1012628). - net: dsa: fall back to default tagger if we can't load the one from DT (bsc#1012628). - nfc: fdp: Fix potential memory leak in fdp_nci_send() (bsc#1012628). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (bsc#1012628). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (bsc#1012628). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (bsc#1012628). - net: fec: fix improper use of NETDEV_TX_BUSY (bsc#1012628). - ata: pata_legacy: fix pdc20230_set_piomode() (bsc#1012628). - ata: palmld: fix return value check in palmld_pata_probe() (bsc#1012628). - net: sched: Fix use after free in red_enqueue() (bsc#1012628). - net: tun: fix bugs for oversize packet when napi frags enabled (bsc#1012628). - netfilter: nf_tables: netlink notifier might race to release objects (bsc#1012628). - netfilter: nf_tables: release flow rule object from commit path (bsc#1012628). - sfc: Fix an error handling path in efx_pci_probe() (bsc#1012628). - nfsd: fix nfsd_file_unhash_and_dispose (bsc#1012628). - nfsd: fix net-namespace logic in __nfsd_file_cache_purge (bsc#1012628). - net: lan966x: Fix the MTU calculation (bsc#1012628). - net: lan966x: Adjust maximum frame size when vlan is enabled/disabled (bsc#1012628). - net: lan966x: Fix FDMA when MTU is changed (bsc#1012628). - net: lan966x: Fix unmapping of received frames using FDMA (bsc#1012628). - ipvs: use explicitly signed chars (bsc#1012628). - ipvs: fix WARNING in __ip_vs_cleanup_batch() (bsc#1012628). - ipvs: fix WARNING in ip_vs_app_net_cleanup() (bsc#1012628). - rose: Fix NULL pointer dereference in rose_send_frame() (bsc#1012628). - mISDN: fix possible memory leak in mISDN_register_device() (bsc#1012628). - isdn: mISDN: netjet: fix wrong check of device registration (bsc#1012628). - btrfs: fix inode list leak during backref walking at resolve_indirect_refs() (bsc#1012628). - btrfs: fix inode list leak during backref walking at find_parent_nodes() (bsc#1012628). - btrfs: fix ulist leaks in error paths of qgroup self tests (bsc#1012628). - netfilter: ipset: enforce documented limit to prevent allocating huge memory (bsc#1012628). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (bsc#1012628). - Bluetooth: hci_conn: Fix CIS connection dst_type handling (bsc#1012628). - Bluetooth: virtio_bt: Use skb_put to set length (bsc#1012628). - Bluetooth: L2CAP: Fix memory leak in vhci_write (bsc#1012628). - Bluetooth: hci_conn: Fix not restoring ISO buffer count on disconnect (bsc#1012628). - net: mdio: fix undefined behavior in bit shift for __mdiobus_register (bsc#1012628). - ibmvnic: Free rwi on reset success (bsc#1012628). - stmmac: dwmac-loongson: fix invalid mdio_node (bsc#1012628). - net/smc: Fix possible leaked pernet namespace in smc_init() (bsc#1012628). - net, neigh: Fix null-ptr-deref in neigh_table_clear() (bsc#1012628). - bridge: Fix flushing of dynamic FDB entries (bsc#1012628). - ipv6: fix WARNING in ip6_route_net_exit_late() (bsc#1012628). - vsock: fix possible infinite sleep in vsock_connectible_wait_data() (bsc#1012628). - iio: adc: stm32-adc: fix channel sampling time init (bsc#1012628). - media: rkisp1: Fix source pad format configuration (bsc#1012628). - media: rkisp1: Don't pass the quantization to rkisp1_csm_config() (bsc#1012628). - media: rkisp1: Initialize color space on resizer sink and source pads (bsc#1012628). - media: rkisp1: Use correct macro for gradient registers (bsc#1012628). - media: rkisp1: Zero v4l2_subdev_format fields in when validating links (bsc#1012628). - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (bsc#1012628). - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (bsc#1012628). - media: dvb-frontends/drxk: initialize err to 0 (bsc#1012628). - media: platform: cros-ec: Add Kuldax to the match table (bsc#1012628). - media: meson: vdec: fix possible refcount leak in vdec_probe() (bsc#1012628). - media: hantro: Store HEVC bit depth in context (bsc#1012628). - media: hantro: HEVC: Fix auxilary buffer size calculation (bsc#1012628). - media: hantro: HEVC: Fix chroma offset computation (bsc#1012628). - media: v4l: subdev: Fail graciously when getting try data for NULL state (bsc#1012628). - drm/vc4: hdmi: Check the HSM rate at runtime_resume (bsc#1012628). - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (bsc#1012628). - hwrng: bcm2835 - use hwrng_msleep() instead of cpu_relax() (bsc#1012628). - io_uring: don't iopoll from io_ring_ctx_wait_and_kill() (bsc#1012628). - scsi: core: Restrict legal sdev_state transitions via sysfs (bsc#1012628). - HID: saitek: add madcatz variant of MMO7 mouse device ID (bsc#1012628). - drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV case (bsc#1012628). - drm/amd/pm: skip loading pptable from driver on secure board for smu_v13_0_10 (bsc#1012628). - drm/amdkfd: Fix type of reset_type parameter in hqd_destroy() callback (bsc#1012628). - drm/amdgpu: Program GC registers through RLCG interface in gfx_v11/gmc_v11 (bsc#1012628). - drm/amdgpu: dequeue mes scheduler during fini (bsc#1012628). - nvme-pci: disable write zeroes on various Kingston SSD (bsc#1012628). - i2c: xiic: Add platform module alias (bsc#1012628). - bio: safeguard REQ_ALLOC_CACHE bio put (bsc#1012628). - clk: rs9: Fix I2C accessors (bsc#1012628). - arm64: dts: imx8mm: Enable CPLD_Dn pull down resistor on MX8Menlo (bsc#1012628). - efi/tpm: Pass correct address to memblock_reserve (bsc#1012628). - clk: renesas: r8a779g0: Fix HSCIF parent clocks (bsc#1012628). - clk: qcom: Update the force mem core bit for GPU clocks (bsc#1012628). - arm64: dts: verdin-imx8mp: fix ctrl_sleep_moci (bsc#1012628). - arm64: dts: imx8mm: remove otg1/2 power domain dependency on hsio (bsc#1012628). - arm64: dts: imx8mm: correct usb power domains (bsc#1012628). - arm64: dts: imx8mn: remove otg1 power domain dependency on hsio (bsc#1012628). - arm64: dts: imx8mn: Correct the usb power domain (bsc#1012628). - ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (bsc#1012628). - arm64: dts: imx8: correct clock order (bsc#1012628). - arm64: dts: imx93: add gpio clk (bsc#1012628). - arm64: dts: imx93: correct gpio-ranges (bsc#1012628). - arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (bsc#1012628). - arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (bsc#1012628). - arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (bsc#1012628). - drm/rockchip: dw_hdmi: filter regulator -EPROBE_DEFER error messages (bsc#1012628). - drm/rockchip: fix fbdev on non-IOMMU devices (bsc#1012628). - drm/i915: stop abusing swiotlb_max_segment (bsc#1012628). - ublk_drv: return flag of UBLK_F_URING_CMD_COMP_IN_TASK in case of module (bsc#1012628). - block: Fix possible memory leak for rq_wb on add_disk failure (bsc#1012628). - blk-mq: Fix kmemleak in blk_mq_init_allocated_queue (bsc#1012628). - ARM: dts: ux500: Add trips to battery thermal zones (bsc#1012628). - firmware: arm_scmi: Suppress the driver's bind attributes (bsc#1012628). - firmware: arm_scmi: Make Rx chan_setup fail on memory errors (bsc#1012628). - firmware: arm_scmi: Fix devres allocation device in virtio transport (bsc#1012628). - firmware: arm_scmi: Fix deferred_tx_wq release on error paths (bsc#1012628). - arm64: dts: juno: Add thermal critical trip points (bsc#1012628). - i2c: piix4: Fix adapter not be removed in piix4_remove() (bsc#1012628). - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (bsc#1012628). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (bsc#1012628). - fscrypt: stop using keyrings subsystem for fscrypt_master_key (bsc#1012628). - fscrypt: fix keyring memory leak on mount failure (bsc#1012628). - clk: renesas: r8a779g0: Add SASYNCPER clocks (bsc#1012628). - btrfs: fix lost file sync on direct IO write with nowait and dsync iocb (bsc#1012628). - btrfs: fix tree mod log mishandling of reallocated nodes (bsc#1012628). - btrfs: fix type of parameter generation in btrfs_get_dentry (bsc#1012628). - btrfs: don't use btrfs_chunk::sub_stripes from disk (bsc#1012628). - btrfs: fix a memory allocation failure test in btrfs_submit_direct (bsc#1012628). - ACPI: NUMA: Add CXL CFMWS 'nodes' to the possible nodes set (bsc#1012628). - cxl/pmem: Fix cxl_pmem_region and cxl_memdev leak (bsc#1012628). - cxl/region: Fix decoder allocation crash (bsc#1012628). - cxl/region: Fix region HPA ordering validation (bsc#1012628). - cxl/region: Fix cxl_region leak, cleanup targets at region delete (bsc#1012628). - cxl/region: Fix 'distance' calculation with passthrough ports (bsc#1012628). - ftrace: Fix use-after-free for dynamic ftrace_ops (bsc#1012628). - tracing/fprobe: Fix to check whether fprobe is registered correctly (bsc#1012628). - fprobe: Check rethook_alloc() return in rethook initialization (bsc#1012628). - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (bsc#1012628). - kprobe: reverse kp->flags when arm_kprobe failed (bsc#1012628). - tools/nolibc/string: Fix memcmp() implementation (bsc#1012628). - tracing/histogram: Update document for KEYS_MAX size (bsc#1012628). - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (bsc#1012628). - fuse: add file_modified() to fallocate (bsc#1012628). - fuse: fix readdir cache race (bsc#1012628). - selftests/landlock: Build without static libraries (bsc#1012628). - efi: random: reduce seed size to 32 bytes (bsc#1012628). - efi: random: Use 'ACPI reclaim' memory for random seed (bsc#1012628). - efi: efivars: Fix variable writes with unsupported query_variable_store() (bsc#1012628). - net/ulp: remove SOCK_SUPPORT_ZC from tls sockets (bsc#1012628). - arm64: entry: avoid kprobe recursion (bsc#1012628). - ARM: dts: imx6dl-yapp4: Do not allow PM to switch PU regulator off on Q/QP (bsc#1012628). - perf/x86/intel: Fix pebs event constraints for ICL (bsc#1012628). - perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[] (bsc#1012628). - perf/x86/intel: Fix pebs event constraints for SPR (bsc#1012628). - net: remove SOCK_SUPPORT_ZC from sockmap (bsc#1012628). - net: also flag accepted sockets supporting msghdr originated zerocopy (bsc#1012628). - parisc: Make 8250_gsc driver dependend on CONFIG_PARISC (bsc#1012628). - parisc: Export iosapic_serial_irq() symbol for serial port driver (bsc#1012628). - parisc: Avoid printing the hardware path twice (bsc#1012628). - ext4: fix warning in 'ext4_da_release_space' (bsc#1012628). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1012628). - ext4: update the backup superblock's at the end of the online resize (bsc#1012628). - x86/tdx: Prepare for using "INFO" call for a second purpose (bsc#1012628). - x86/tdx: Panic on bad configs that #VE on "private" memory access (bsc#1012628). - x86/syscall: Include asm/ptrace.h in syscall_wrapper header (bsc#1012628). - KVM: x86: Mask off reserved bits in CPUID.80000006H (bsc#1012628). - KVM: x86: Mask off reserved bits in CPUID.8000001AH (bsc#1012628). - KVM: x86: Mask off reserved bits in CPUID.80000008H (bsc#1012628). - KVM: x86: Mask off reserved bits in CPUID.80000001H (bsc#1012628). - KVM: x86: Mask off reserved bits in CPUID.8000001FH (bsc#1012628). - KVM: VMX: Advertise PMU LBRs if and only if perf supports LBRs (bsc#1012628). - KVM: VMX: Fold vmx_supported_debugctl() into vcpu_supported_debugctl() (bsc#1012628). - KVM: VMX: Ignore guest CPUID for host userspace writes to DEBUGCTL (bsc#1012628). - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (bsc#1012628). - KVM: Initialize gfn_to_pfn_cache locks in dedicated helper (bsc#1012628). - KVM: Reject attempts to consume or refresh inactive gfn_to_pfn_cache (bsc#1012628). - KVM: arm64: Fix bad dereference on MTE-enabled systems (bsc#1012628). - KVM: arm64: Fix SMPRI_EL1/TPIDR2_EL0 trapping on VHE (bsc#1012628). - KVM: x86: smm: number of GPRs in the SMRAM image depends on the image format (bsc#1012628). - KVM: x86: emulator: em_sysexit should update ctxt->mode (bsc#1012628). - KVM: x86: emulator: update the emulation mode after CR0 write (bsc#1012628). - ext4,f2fs: fix readahead of verity data (bsc#1012628). - cifs: fix regression in very old smb1 mounts (bsc#1012628). - drm/rockchip: dsi: Clean up 'usage_mode' when failing to attach (bsc#1012628). - drm/rockchip: dsi: Force synchronous probe (bsc#1012628). - drm/amdgpu: disable GFXOFF during compute for GFX11 (bsc#1012628). - drm/amd/display: Update latencies on DCN321 (bsc#1012628). - drm/amd/display: Update DSC capabilitie for DCN314 (bsc#1012628). - drm/i915/sdvo: Filter out invalid outputs more sensibly (bsc#1012628). - drm/i915/sdvo: Setup DDC fully before output init (bsc#1012628). - commit 1579d93 ++++ libX11: - Update to version 1.8.2 * This is primarily a bug fix release, including further work on improving the thread-safety-constructor and making it work with software which had incorrectly called libX11 functions from inside X*IfEvent() calls. - supersedes U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch ++++ mozilla-nss: - update to NSS 3.84 * bmo#1791699 - Bump minimum NSPR version to 4.35 * bmo#1792103 - Add a flag to disable building libnssckbi. ++++ lcms2: - Added reverse-0001-fix-memory-leaks-on-testbed.patch to fix colord's i586 build failure ++++ libslirp: - added patches fix https://gitlab.freedesktop.org/slirp/libslirp/-/issues/64 + libslirp-semicolon.patch ++++ libvirt: - tests: Fix libxlxml2domconfigtest f81ee7b5-tests-Fix-libxlxml2domconfigtest.patch bsc#1205204 ++++ python-testtools: - silent rpmlint - python-six is not required ------------------------------------------------------------------ ------------------ 2022-11-10 - Nov 10 2022 ------------------- ------------------------------------------------------------------ ++++ cni: - Update to version 1.1.2: * spec: fix format * libcni: handle empty version when parsing version * [exec-plugins]: support plugin lists This is a minor update to the CNI libraries and tooling. This does not bump the protocol / spec version, which remains at v1.0.0 ++++ libnftnl: - Update to release 1.2.4 * rule, set_elem: remove trailing \n in userdata snprintf * libnftnl: Fix res_id byte order ++++ openssh: - Update openssh-8.1p1-audit.patch: Merge fix for race condition (bsc#1115550, bsc#1174162). - Add openssh-do-not-send-empty-message.patch, which prevents superfluous newlines with empty MOTD files (bsc#1192439). ------------------------------------------------------------------ ------------------ 2022-11-9 - Nov 9 2022 ------------------- ------------------------------------------------------------------ ++++ bash: - Add upstream patches * bash52-003 Command substitutions need to preserve newlines instead of replacing them with semicolons, especially in the presence of multiple here-documents. * bash52-004 Bash needs to keep better track of nested brace expansions to avoid problems with quoting and POSIX semantics. * bash52-005 Null pattern substitution replacement strings can cause a crash. * bash52-006 In interactive shells, interrupting the shell while entering a command substitution can inhibit alias expansion. * bash52-007 This patch fixes several problems with alias expansion inside command substitutions when in POSIX mode. * bash52-008 Array subscript expansion can inappropriately quote brackets if the expression contains < or >. * bash52-009 Bash arithmetic expansion should allow `@' and `*' to be used as associative array keys in expressions. ++++ elfutils: - align patches section - remove date/time handling weirdness, elfutils does no longer use __DATE__ or __TIME__ (as proven by the newly added -Werror=date-time) ++++ kernel-default: - Refresh patches.suse/Bluetooth-L2CAP-fix-use-after-free-in-l2cap_conn_del.patch. Update upstream status. - commit 9a7c768 - Delete synaptics touchpad workaround patch (bsc#1194086) This was confirmed to be superfluous now - commit 4ff425d - Update config files for enabling CONFIG_SECONDARY_TRUSTED_KEYRING In some architectures, e.g. ppc64, riscv64, x86_64, we have enabled the CONFIG_SECONDARY_TRUSTED_KEYRING and children kernel config. But we didn't enable it in other architectures. In the future, the CONFIG_SECONDARY_TRUSTED_KEYRING will be used with IMA in different architectures. So let's enable it in Tumbleweed in all architectures to align with SLE/Leap. Then user can use it for preparing IMA functions with secondary trusted keyring. (bsc#1203739) - commit c0a1875 ++++ polkit: - read actions also from /etc/polkit-1/actions (jsc#PED-1405) added polkit-actions-in-etc.patch ++++ python310-core: - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding extremely long domain names. ++++ python310: - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding extremely long domain names. ++++ python-pyzmq: - Fix build with OpenSSL 3.0 [bsc#1205042] * Temporarily disable test_on_recv_basic ------------------------------------------------------------------ ------------------ 2022-11-8 - Nov 8 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - third bugfix release * some regressions in CI worked out * a bit of everything, and nothing too crazy - supersedes u_0001-gallivm-Fix-LLVM-optimization-with-the-new-pass-mana.patch - supersedes u_nouveau-corrupted-colors-boo1203949.patch - get rid of Mesa-libVulkan-devel(-32bit) package, which is no longer needed at all by providing/obsoleting it by libvulkan_intel ++++ Mesa-drivers: - third bugfix release * some regressions in CI worked out * a bit of everything, and nothing too crazy - supersedes u_0001-gallivm-Fix-LLVM-optimization-with-the-new-pass-mana.patch - supersedes u_nouveau-corrupted-colors-boo1203949.patch - get rid of Mesa-libVulkan-devel(-32bit) package, which is no longer needed at all by providing/obsoleting it by libvulkan_intel ++++ fontconfig: - update to 2.14.1: * Bump the cache version to 8 in doc/fontconfig-user.sgm * Enable 10-sub-pixel-rgb.conf by default * build fixes and translation updates * Avoid misuse of ctype ++++ gnutls: - Verify only the libgnutls library HMAC [bsc#1199881] * Do not use the brp-50-generate-fips-hmac script as this is now calculated with the internal fipshmac tool. * Add gnutls-verify-library-HMAC.patch ++++ kernel-default: - Move upstreamed tracing patch into sorted section - commit de51707 - ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111). - ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111). - commit 0d318d5 ++++ libbpf: - Fix out-of-bound heap write (boo#1194248 boo#1194249 CVE-2021-45940 CVE-2021-45941) + libbpf-Use-elf_getshdrnum-instead-of-e_shnum.patch - Fix use-after-free in btf_dump_name_dups (boo#1204391 CVE-2022-3534) + libbpf-Fix-use-after-free-in-btf_dump_name_dups.patch - Fix memory leak in parse_usdt_arg() (boo#1204393 CVE-2022-3533) + libbpf-Fix-memory-leak-in-parse_usdt_arg.patch - Fix null pointer dereference in find_prog_by_sec_insn() (boo#1204502 CVE-2022-3606) + libbpf-Fix-null-pointer-dereference-in-find_prog_by_.patch ++++ gpgme: - Add gpgme-suse-nobetasuffix.patch * remove "-unknown" suffix from version string * boo#1205197 ++++ lcms2: - Update to 2.14: * lcms2 now implements ICC specification 4.4 * New multi-threaded plug-in * Several fixes to keep fuzzers happy * Removed check on DLL when CMS_NO_REGISTER_KEYWORD is used * Added more validation against broken profiles * Added more help to several tools * Revised documentation ++++ shadow: - Update to 4.13: * useradd.8: fix default group ID * Revert drop of subid_init() * Georgian translation * useradd: Avoid taking unneeded space: do not reset non-existent data in lastlog * relax username restrictions * selinux: check MLS enabled before setting serange * copy_tree: use fchmodat instead of chmod * copy_tree: don't block on FIFOs * add shell linter * copy_tree: carefully treat permissions * lib/commonio: make lock failures more detailed * lib: use strzero and memzero where applicable * Update Dutch translation * Don't test for NULL before calling free * Use libc MAX() and MIN() * chage: Fix regression in print_date * usermod: report error if homedir does not exist * libmisc: minimum id check for system accounts * fix usermod -rG x y wrongly adding a group * man: add missing space in useradd.8.xml * lastlog: check for localtime() return value * Raise limit for passwd and shadow entry length * Remove adduser-old.c * useradd: Fix buffer overflow when using a prefix * Don't warn when failed to open /etc/nsswitch.conf - Remove patches we took from upstream pre-release: * shadow-copytree-usermod-fifo.patch * shadow-chage-format.patch * shadow-prefix-overflow.patch - Remove chkname-regex.patch: Upstream now also relaxed the usernames requirements. They don't use regex for this but the result is similar. Plus they also check that the name is less than 32 characters long. - Rebase useradd-userkeleton.patch ++++ systemd: - Import commit 9cdd78585069b133bebcd479f3a204057ad25d76 (merge of v251.8) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/c212388f7de8d22a3f7c22b19553548ccc0cdd15...9cdd78585069b133bebcd479f3a204057ad25d76 ++++ pcr-oracle: - Establish pcr-oracle as standalone package, apart from fde-tools ------------------------------------------------------------------ ------------------ 2022-11-7 - Nov 7 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - Release 22.2.2 covers bugfixes for bsc#1197045,bsc#1197046,bsc#1200965,bsc#1202850 ++++ Mesa-drivers: - Release 22.2.2 covers bugfixes for bsc#1197045,bsc#1197046,bsc#1200965,bsc#1202850 ++++ NetworkManager: - Keep netconfig support. The rc-manager auto detection will select appropriate manager during runtime. ++++ elfutils: - Update to version 0.188: * readelf: Add -D, --use-dynamic option. * debuginfod-client: Add $DEBUGINFOD_HEADERS_FILE setting to supply outgoing debuginfod_find_section. * debuginfod: Add --disable-source-scan option. * libdwfl: Add new function dwfl_get_debuginfod_client. Add new function dwfl_frame_reg. Add new function dwfl_report_offline_memory. - Remove upstreamed patches: * 0001-libelf-Sync-elf.h-from-glibc.patch * 0002-backends-Handle-new-RISC-V-specific-definitions.patch * 0003-elflint-Allow-zero-p_memsz-for-PT_RISCV_ATTRIBUTES.patch * 0004-readelf-Handle-SHT_RISCV_ATTRIBUTES-like-SHT_GNU_ATT.patch * PR29474-debuginfod.patch * config-Move-the-2-dev-null-inside-the-sh-c-quotes-fo.patch * support-nullglob-in-profile.-.in-files.patch ++++ libepoxy: - needed by jira#PED-1174 (Mesa needs sync with Xserver, which then needs updated libepoxy) ++++ ncurses: - Add ncurses patch 20221105 + regenerate configure scripts with autoconf 2.52.20221009 + modify "--with-manpage-format" to support bzip2 and xz compression (prompted by discussion with Sam James). + modify make-tar.sh scripts to make timestamps more predictable. ++++ shadow: - Add shadow-copytree-usermod-fifo.patch: Fix regression that prevented `usermod -m` to work when their home directory contained at least one fifo See https://github.com/shadow-maint/shadow/pull/565 ++++ libzypp: - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - properly reset range requests (bsc#1204548) - version 17.31.5 (22) ++++ python-M2Crypto: - add openssl-stop-parsing-header.patch (bsc#1205042) - add m2crypto-0.38-ossl3-tests.patch ++++ python-psutil: - update to version 5.9.4: * Enhancements - 2102: use Limited API when building wheels with CPython 3.6+ on Linux, macOS and Windows. This allows to use pre-built wheels in all future versions of cPython 3. (patch by Matthieu Darbois) * Bug fixes - 2077, [Windows]: Use system-level values for virtual_memory(). (patch by Daniel Widdis) - 2156, [Linux]: compilation may fail on very old gcc compilers due to missing SPEED_UNKNOWN definition. (patch by Amir Rossert) - 2010, [macOS]: on MacOS, arm64 IFM_1000_TX and IFM_1000_T are the same value, causing a build failure. (patch by Lawrence D'Anna) ++++ sed: - GNU sed 4.9: * 'sed --follow-symlinks -i' no longer loops forever when its operand is a symbolic link cycle. * a program with an execution line longer than 2GB can no longer trigger an out-of-bounds memory write. * using the R command to read an input line of length longer than 2GB can no longer trigger an out-of-bounds memory read. * In locales using UTF-8 encoding, the regular expression '.' no longer sometimes fails to match Unicode characters U+D400 through U+D7FF (some Hangul Syllables, and Hangul Jamo Extended-B) and Unicode characters U+108000 through U+10FFFF (half of Supplemental Private Use Area plane B). * I/O errors involving temp files no longer confuse sed into using a FILE * pointer after fclosing it, which has undefined behavior in C. * New: The 'r' command now accepts address 0, allowing inserting a file before the first line. * Sed now prints the less-surprising variant in a corner case of POSIX-unspecified behavior. Before, this would print "n". Now, it prints "X": printf n | sed 'sn\nnXn'; echo - drop patches now upstream: * gnulib-test-avoid-FP-perror-strerror.patch * sed-dont_close_twice.patch - disable profile guided optimization in build due to what seems to be a bug in gnulib ++++ virt-manager: - Refresh test skips - Drop the very old "Obsoletes: python-virtinst <= 0.600.4" virt-manager.spec ++++ zypper: - Update man page and explain '.no_auto_prune' (bsc#1204956) - Allow to (re)add a service with the same URL (bsc#1203715) - Explain outdatedness of repos (fixes #463) - BuildRequires: libzypp-devel >= 17.31.5 - version 1.14.58 ------------------------------------------------------------------ ------------------ 2022-11-6 - Nov 6 2022 ------------------- ------------------------------------------------------------------ ++++ llvm15: - Update to version 15.0.4. * This release contains bug-fixes for the LLVM 15.0.0 release. This release is API and ABI compatible with 15.0.0. - Rebase llvm-do-not-install-static-libraries.patch. ------------------------------------------------------------------ ------------------ 2022-11-4 - Nov 4 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - build against llvm15/clang15 on sle15-sp5/Leap 15.5 ++++ Mesa-drivers: - build against llvm15/clang15 on sle15-sp5/Leap 15.5 ++++ conmon: - Add patch to fix build with make >= 4.4: * 0001-Fix-tools-Makefile-with-GNU-make-4.4.patch ++++ kernel-default: - Update config files. - commit bd8c959 - Linux 6.0.7 (bsc#1012628). - platform/x86/amd: pmc: remove CONFIG_DEBUG_FS checks (bsc#1012628). - can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (bsc#1012628). - can: kvaser_usb: Fix possible completions during init_completion (bsc#1012628). - can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive (bsc#1012628). - can: rcar_canfd: fix channel specific IRQ handling for RZ/G2L (bsc#1012628). - ALSA: Use del_timer_sync() before freeing timer (bsc#1012628). - ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600 (bsc#1012628). - ALSA: control: add snd_ctl_rename() (bsc#1012628). - ALSA: hda/realtek: Use snd_ctl_rename() to rename a control (bsc#1012628). - ALSA: emu10k1: Use snd_ctl_rename() to rename a control (bsc#1012628). - ALSA: ac97: Use snd_ctl_rename() to rename a control (bsc#1012628). - ALSA: usb-audio: Use snd_ctl_rename() to rename a control (bsc#1012628). - ALSA: ca0106: Use snd_ctl_rename() to rename a control (bsc#1012628). - ALSA: au88x0: use explicitly signed char (bsc#1012628). - ALSA: rme9652: use explicitly signed char (bsc#1012628). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (bsc#1012628). - usb: gadget: uvc: limit isoc_sg to super speed gadgets (bsc#1012628). - Revert "usb: gadget: uvc: limit isoc_sg to super speed gadgets" (bsc#1012628). - usb: gadget: uvc: fix dropped frame after missed isoc (bsc#1012628). - usb: gadget: uvc: fix sg handling in error case (bsc#1012628). - usb: gadget: uvc: fix sg handling during video encode (bsc#1012628). - usb: gadget: aspeed: Fix probe regression (bsc#1012628). - usb: dwc3: gadget: Stop processing more requests on IMI (bsc#1012628). - usb: dwc3: gadget: Don't set IMI for no_interrupt (bsc#1012628). - usb: dwc3: gadget: Force sending delayed status during soft disconnect (bsc#1012628). - usb: dwc3: gadget: Don't delay End Transfer on delayed_status (bsc#1012628). - usb: typec: ucsi: Check the connection on resume (bsc#1012628). - usb: typec: ucsi: acpi: Implement resume callback (bsc#1012628). - usb: dwc3: st: Rely on child's compatible instead of name (bsc#1012628). - usb: dwc3: Don't switch OTG -> peripheral if extcon is present (bsc#1012628). - usb: bdc: change state when port disconnected (bsc#1012628). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (bsc#1012628). - mtd: rawnand: tegra: Fix PM disable depth imbalance in probe (bsc#1012628). - mtd: spi-nor: core: Ignore -ENOTSUPP in spi_nor_init() (bsc#1012628). - mtd: parsers: bcm47xxpart: Fix halfblock reads (bsc#1012628). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (bsc#1012628). - squashfs: fix read regression introduced in readahead code (bsc#1012628). - squashfs: fix extending readahead beyond end of file (bsc#1012628). - squashfs: fix buffer release race condition in readahead code (bsc#1012628). - xhci: Add quirk to reset host back to default state at shutdown (bsc#1012628). - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (bsc#1012628). - xhci: Remove device endpoints from bandwidth list when freeing the device (bsc#1012628). - tools: iio: iio_utils: fix digit calculation (bsc#1012628). - iio: light: tsl2583: Fix module unloading (bsc#1012628). - iio: temperature: ltc2983: allocate iio channels once (bsc#1012628). - iio: adxl372: Fix unsafe buffer attributes (bsc#1012628). - iio: adxl367: Fix unsafe buffer attributes (bsc#1012628). - fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (bsc#1012628). - fbdev: smscufx: Fix several use-after-free bugs (bsc#1012628). - cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1012628). - cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1012628). - fs/binfmt_elf: Fix memory leak in load_elf_binary() (bsc#1012628). - exec: Copy oldsighand->action under spin-lock (bsc#1012628). - mac802154: Fix LQI recording (bsc#1012628). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1012628). - drm/i915: Extend Wa_1607297627 to Alderlake-P (bsc#1012628). - drm/amdgpu: Remove ATC L2 access for MMHUB 2.1.x (bsc#1012628). - drm/amdgpu: disallow gfxoff until GC IP blocks complete s2idle resume (bsc#1012628). - drm/amdgpu: fix pstate setting issue (bsc#1012628). - drm/amd/display: Revert logic for plane modifiers (bsc#1012628). - drm/amdkfd: update gfx1037 Lx cache setting (bsc#1012628). - drm/amdkfd: correct the cache info for gfx1036 (bsc#1012628). - drm/msm: fix use-after-free on probe deferral (bsc#1012628). - drm/msm/dsi: fix memory corruption with too many bridges (bsc#1012628). - drm/msm/hdmi: fix memory corruption with too many bridges (bsc#1012628). - drm/msm/hdmi: fix IRQ lifetime (bsc#1012628). - drm/msm/dp: fix memory corruption with too many bridges (bsc#1012628). - drm/msm/dp: fix aux-bus EP lifetime (bsc#1012628). - drm/msm/dp: fix IRQ lifetime (bsc#1012628). - drm/msm/dp: fix bridge lifetime (bsc#1012628). - crypto: x86/polyval - Fix crashes when keys are not 16-byte aligned (bsc#1012628). - random: use arch_get_random*_early() in random_init() (bsc#1012628). - coresight: cti: Fix hang in cti_disable_hw() (bsc#1012628). - mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (bsc#1012628). - mmc: block: Remove error check of hw_reset on reset (bsc#1012628). - mmc: queue: Cancel recovery work on cleanup (bsc#1012628). - mmc: core: Fix kernel panic when remove non-standard SDIO card (bsc#1012628). - mmc: core: Fix WRITE_ZEROES CQE handling (bsc#1012628). - mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (bsc#1012628). - mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (bsc#1012628). - counter: microchip-tcb-capture: Handle Signal1 read and Synapse (bsc#1012628). - counter: 104-quad-8: Fix race getting function mode and direction (bsc#1012628). - mm/uffd: fix vma check on userfault for wp (bsc#1012628). - mm: migrate: fix return value if all subpages of THPs are migrated successfully (bsc#1012628). - mm,madvise,hugetlb: fix unexpected data loss with MADV_DONTNEED on hugetlbfs (bsc#1012628). - mm/kmemleak: prevent soft lockup in kmemleak_scan()'s object iteration loops (bsc#1012628). - mm/huge_memory: do not clobber swp_entry_t during THP split (bsc#1012628). - mm: prep_compound_tail() clear page->private (bsc#1012628). - kernfs: fix use-after-free in __kernfs_remove (bsc#1012628). - Revert "dt-bindings: pinctrl-zynqmp: Add output-enable configuration" (bsc#1012628). - pinctrl: Ingenic: JZ4755 bug fixes (bsc#1012628). - Revert "pinctrl: pinctrl-zynqmp: Add support for output-enable and bias-high-impedance" (bsc#1012628). - ARC: mm: fix leakage of memory allocated for PTE (bsc#1012628). - perf auxtrace: Fix address filter symbol name match for modules (bsc#1012628). - s390/boot: add secure boot trailer (bsc#1012628). - s390/cio: fix out-of-bounds access on cio_ignore free (bsc#1012628). - s390/uaccess: add missing EX_TABLE entries to __clear_user() (bsc#1012628). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1012628). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1012628). - ethtool: eeprom: fix null-deref on genl_info in dump (bsc#1012628). - fbdev/core: Avoid uninitialized read in aperture_remove_conflicting_pci_device() (bsc#1012628). - ACPI: PCC: Fix unintentional integer overflow (bsc#1012628). - powerpc/64s/interrupt: Fix clear of PACA_IRQS_HARD_DIS when returning to soft-masked context (bsc#1012628). - net: ieee802154: fix error return code in dgram_bind() (bsc#1012628). - media: amphion: release m2m ctx when releasing vpu instance (bsc#1012628). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (bsc#1012628). - media: ar0521: fix error return code in ar0521_power_on() (bsc#1012628). - media: ar0521: Fix return value check in writing initial registers (bsc#1012628). - media: ov8865: Fix an error handling path in ov8865_probe() (bsc#1012628). - media: sun6i-mipi-csi2: Depend on PHY_SUN6I_MIPI_DPHY (bsc#1012628). - media: atomisp: prevent integer overflow in sh_css_set_black_frame() (bsc#1012628). - media: sunxi: Fix some error handling path of sun8i_a83t_mipi_csi2_probe() (bsc#1012628). - media: sunxi: Fix some error handling path of sun6i_mipi_csi2_probe() (bsc#1012628). - media: sun6i-mipi-csi2: Add a Kconfig dependency on RESET_CONTROLLER (bsc#1012628). - media: sun8i-a83t-mipi-csi2: Add a Kconfig dependency on RESET_CONTROLLER (bsc#1012628). - media: sun6i-csi: Add a Kconfig dependency on RESET_CONTROLLER (bsc#1012628). - media: sun4i-csi: Add a Kconfig dependency on RESET_CONTROLLER (bsc#1012628). - media: sun8i-di: Add a Kconfig dependency on RESET_CONTROLLER (bsc#1012628). - media: sun8i-rotate: Add a Kconfig dependency on RESET_CONTROLLER (bsc#1012628). - media: cedrus: Add a Kconfig dependency on RESET_CONTROLLER (bsc#1012628). - drm/msm/a6xx: Replace kcalloc() with kvzalloc() (bsc#1012628). - drm/msm/dp: add atomic_check to bridge ops (bsc#1012628). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (bsc#1012628). - drm/msm/dp: cleared DP_DOWNSPREAD_CTRL register before start link training (bsc#1012628). - ASoC: codec: tlv320adc3xxx: add GPIOLIB dependency (bsc#1012628). - KVM: selftests: Fix number of pages for memory slot in memslot_modification_stress_test (bsc#1012628). - ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile (bsc#1012628). - drm/msm/a6xx: Fix kvzalloc vs state_kcalloc usage (bsc#1012628). - erofs: fix illegal unmapped accesses in z_erofs_fill_inode_lazy() (bsc#1012628). - erofs: fix up inplace decompression success rate (bsc#1012628). - pinctrl: qcom: Avoid glitching lines when we first mux to output (bsc#1012628). - spi: qup: support using GPIO as chip select line (bsc#1012628). - x86/fpu: Configure init_fpstate attributes orderly (bsc#1012628). - x86/fpu: Fix the init_fpstate size check with the actual size (bsc#1012628). - x86/fpu: Exclude dynamic states from init_fpstate (bsc#1012628). - perf: Fix missing SIGTRAPs (bsc#1012628). - sched/core: Fix comparison in sched_group_cookie_match() (bsc#1012628). - bpf: prevent decl_tag from being referenced in func_proto (bsc#1012628). - arc: iounmap() arg is volatile (bsc#1012628). - mtd: core: add missing of_node_get() in dynamic partitions code (bsc#1012628). - mtd: rawnand: intel: Remove unused nand_pa member from ebu_nand_cs (bsc#1012628). - mtd: rawnand: intel: Use devm_platform_ioremap_resource_byname() (bsc#1012628). - mtd: rawnand: intel: Add missing of_node_put() in ebu_nand_probe() (bsc#1012628). - pinctrl: ocelot: Fix incorrect trigger of the interrupt (bsc#1012628). - ASoC: codecs: tlv320adc3xxx: Wrap adc3xxx_i2c_remove() in __exit_p() (bsc#1012628). - ASoC: SOF: Intel: pci-mtl: fix firmware name (bsc#1012628). - selftests/ftrace: fix dynamic_events dependency check (bsc#1012628). - spi: aspeed: Fix window offset of CE1 (bsc#1012628). - ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (bsc#1012628). - ASoC: Intel: common: add ACPI matching tables for Raptor Lake (bsc#1012628). - ASoC: SOF: Intel: pci-tgl: use RPL specific firmware definitions (bsc#1012628). - ASoC: SOF: Intel: pci-tgl: fix ADL-N descriptor (bsc#1012628). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (bsc#1012628). - perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (bsc#1012628). - rcu: Keep synchronize_rcu() from enabling irqs in early boot (bsc#1012628). - tipc: fix a null-ptr-deref in tipc_topsrv_accept (bsc#1012628). - net: netsec: fix error handling in netsec_register_mdio() (bsc#1012628). - net: lan966x: Fix the rx drop counter (bsc#1012628). - selftests: net: Fix cross-tree inclusion of scripts (bsc#1012628). - selftests: net: Fix netdev name mismatch in cleanup (bsc#1012628). - net: hinic: fix incorrect assignment issue in hinic_set_interrupt_cfg() (bsc#1012628). - net: hinic: fix memory leak when reading function table (bsc#1012628). - net: hinic: fix the issue of CMDQ memory leaks (bsc#1012628). - net: hinic: fix the issue of double release MBOX callback of VF (bsc#1012628). - net: macb: Specify PHY PM management done by MAC (bsc#1012628). - nfc: virtual_ncidev: Fix memory leak in virtual_nci_send() (bsc#1012628). - RISC-V: KVM: Provide UAPI for Zicbom block size (bsc#1012628). - RISC-V: Fix compilation without RISCV_ISA_ZICBOM (bsc#1012628). - RISC-V: KVM: Fix kvm_riscv_vcpu_timer_pending() for Sstc (bsc#1012628). - x86/unwind/orc: Fix unreliable stack dump with gcov (bsc#1012628). - drm/bridge: ps8640: Add back the 50 ms mystery delay after HPD (bsc#1012628). - x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (bsc#1012628). - amd-xgbe: Yellow carp devices do not need rrc (bsc#1012628). - amd-xgbe: fix the SFP compliance codes check for DAC cables (bsc#1012628). - amd-xgbe: add the bit rate quirk for Molex cables (bsc#1012628). - drm/i915/dgfx: Keep PCI autosuspend control 'on' by default on all dGPU (bsc#1012628). - drm/i915/dp: Reset frl trained flag before restarting FRL training (bsc#1012628). - atlantic: fix deadlock at aq_nic_stop (bsc#1012628). - kcm: annotate data-races around kcm->rx_psock (bsc#1012628). - kcm: annotate data-races around kcm->rx_wait (bsc#1012628). - net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed (bsc#1012628). - net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY (bsc#1012628). - tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (bsc#1012628). - tcp: fix indefinite deferral of RTO with SACK reneging (bsc#1012628). - net-memcg: avoid stalls when under memory pressure (bsc#1012628). - drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (bsc#1012628). - net: lan966x: Stop replacing tx dcbs and dcbs_buf when changing MTU (bsc#1012628). - mptcp: set msk local address earlier (bsc#1012628). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (bsc#1012628). - can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (bsc#1012628). - PM: hibernate: Allow hybrid sleep to work with s2idle (bsc#1012628). - media: vivid: s_fbuf: add more sanity checks (bsc#1012628). - media: vivid: dev->bitmap_cap wasn't freed in all cases (bsc#1012628). - media: v4l2-dv-timings: add sanity checks for blanking values (bsc#1012628). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (bsc#1012628). - media: vivid: set num_in/outputs to 0 if not supported (bsc#1012628). - perf vendor events power10: Fix hv-24x7 metric events (bsc#1012628). - perf list: Fix PMU name pai_crypto in perf list on s390 (bsc#1012628). - ipv6: ensure sane device mtu in tunnels (bsc#1012628). - i40e: Fix ethtool rx-flow-hash setting for X722 (bsc#1012628). - i40e: Fix VF hang when reset is triggered on another VF (bsc#1012628). - i40e: Fix flow-type by setting GL_HASH_INSET registers (bsc#1012628). - net: ksz884x: fix missing pci_disable_device() on error in pcidev_init() (bsc#1012628). - riscv: jump_label: mark arguments as const to satisfy asm constraints (bsc#1012628). - PM: domains: Fix handling of unavailable/disabled idle states (bsc#1012628). - perf vendor events arm64: Fix incorrect Hisi hip08 L3 metrics (bsc#1012628). - net: fec: limit register access on i.MX6UL (bsc#1012628). - net: ethernet: ave: Fix MAC to be in charge of PHY PM (bsc#1012628). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (bsc#1012628). - ALSA: aoa: Fix I2S device accounting (bsc#1012628). - openvswitch: switch from WARN to pr_warn (bsc#1012628). - net: ehea: fix possible memory leak in ehea_register_port() (bsc#1012628). - net: bcmsysport: Indicate MAC is in charge of PHY PM (bsc#1012628). - nh: fix scope used to find saddr when adding non gw nh (bsc#1012628). - net: broadcom: bcm4908_enet: update TX stats after actual transmission (bsc#1012628). - netdevsim: fix memory leak in nsim_bus_dev_new() (bsc#1012628). - netdevsim: fix memory leak in nsim_drv_probe() when nsim_dev_resources_register() failed (bsc#1012628). - netdevsim: remove dir in nsim_dev_debugfs_init() when creating ports dir failed (bsc#1012628). - net/mlx5e: Do not increment ESN when updating IPsec ESN state (bsc#1012628). - net/mlx5: Wait for firmware to enable CRS before pci_restore_state (bsc#1012628). - net/mlx5: DR, Fix matcher disconnect error flow (bsc#1012628). - net/mlx5e: Extend SKB room check to include PTP-SQ (bsc#1012628). - net/mlx5e: Update restore chain id for slow path packets (bsc#1012628). - net/mlx5: ASO, Create the ASO SQ with the correct timestamp format (bsc#1012628). - net/mlx5: Fix possible use-after-free in async command interface (bsc#1012628). - net/mlx5e: TC, Reject forwarding from internal port to internal port (bsc#1012628). - net/mlx5: Update fw fatal reporter state on PCI handlers successful recover (bsc#1012628). - net/mlx5: Fix crash during sync firmware reset (bsc#1012628). - net: do not sense pfmemalloc status in skb_append_pagefrags() (bsc#1012628). - kcm: do not sense pfmemalloc status in kcm_sendpage() (bsc#1012628). - net: enetc: survive memory pressure without crashing (bsc#1012628). - riscv: mm: add missing memcpy in kasan_init (bsc#1012628). - riscv: fix detection of toolchain Zicbom support (bsc#1012628). - riscv: fix detection of toolchain Zihintpause support (bsc#1012628). - arm64: Add AMPERE1 to the Spectre-BHB affected list (bsc#1012628). - tcp/udp: Fix memory leak in ipv6_renew_options() (bsc#1012628). - commit 94ab6c8 ++++ kernel-firmware: - Update to version 20221031 (git commit 8bb75626e9dd): * linux-firmware: Add firmware for Cirrus CS35L41 on new ASUS Laptop * iwlwifi: add new PNVM binaries from core74-44 release * iwlwifi: add new FWs from core69-81 release * qcom: update venus firmware files for VPU-2.0 * qcom: remove split SC7280 venus firmware images * qcom: update venus firmware file for v5.4 * qcom: replace split SC7180 venus firmware images with symlink * rtw89: 8852b: update fw to v0.27.32.1 * rtlwifi: update firmware for rtl8192eu to v35.7 * rtlwifi: Add firmware v4.0 for RTL8188FU * i915: Add HuC 7.10.3 for DG2 * linux-firmware: Add firmware for Cirrus CS35L41 on ASUS Laptops * linux-firmware: Add firmware for Cirrus CS35L41 on Lenovo Laptops * linux-firmware: Add firmware for Cirrus CS35L41 on HP Laptops - Drop the CS35L41 firmware tarball that has been merged - Drop obsoleted cirrus-WHENCE-update.patch ++++ augeas: - Update to 1.13.0 * Fixes bsc#1204554 * Added augeas-1.13.0-replace_security_context_t-patch to fix a syntax error. * Rebased gcc9-disable-broken-test.patch * Dropped the following patches since they are now upstreamed: - augeas-new_options_for_chrony.patch - augeas-allow_printable_ASCII.patch - remove-unportable-tests.patch * General changes/additions - Add Dockerfile (Nicolas Gif) (Issue #650) - augtool: Improved readline integration to handle quoting issues (Pino Toscano) - typechecker: Allow including '/' in keys and labels. Thanks to felixdoerre for pointing out that this restriction was unnecessary. See issue #668 for the discussion. - Add function modified() to select nodes which are marked as dirty (George Hansper) (Issue #691) - Add CLI command 'preview' and API 'aug_preview' to preview file contents (George Hansper) (#690) - Add "else" operator to augeas path-filter expressions (priority selector) (George Hansper) (#692) - Add new axis 'seq' to allow /path/seq::*[expr] to match and create numeric nodes, as idempotent alternative to /path/*[expr] (George Hansper) (#706) * Lens changes/additions - Authinfo2: new lens to parse Authinfo2 format (Nicolas Gif) (Issue #649) - Chrony: add new options (Miroslav Lichvar) (Issue #698) - Cmdline: New lens to parse /proc/cmdline (Thomas Weißschuh) - Crypttab: support UUID in device and / in opt (Raphaël Pinson) (#713) - Fail2ban: new lens to parse Fail2ban format (Nicolas Gif) (Issue #651) - Grub: support '+' in kernel command line option names (Pino Toscano) (Issue #647) - Krb5: handle [plugins] subsection (Pino Toscano) (Issue #663) - Limits: support colons in the domain pattern of the limits lens (Xavier Mol) (Issue #645) - Logrotate: add hourly schedule (Jason A. Smith) (Issue #655) - Mke2fs: parse more common entries between [defaults] and the tags in [fs_types], fix the type of few entries, handle the [options] stanza (Pino Toscano) (Issue #642) - support quoted values (Pino Toscano) (Issue #661) - NetworkManager: allow # in values (mfilka) (#723) - Opendkim: update to match current conffile format (Issue #644) - Postfix_Master: Allow unix-dgram as type (Issue #635) - Postfix_transport: Allow underscore (Anton Baranov) (Issue #678) - Postgresql: Allow hyphen '-' in values that don't require quotes (Marcin Barczyński) (Issues #700 #701) - Properties: Allow "/" in property names (felixdoerre) (Issue #680) - Redis: add incl path /etc/redis.conf (Raphaël Pinson) (#726) - support "replicaof" (Raphaël Pinson) (#727) - fix support for "sentinel" (Raphaël Pinson) (#728) - Resolv: Support new options (Trevor Vaughan) (Issues #707 #708) - Rsyslog: support multiple actions in filters and selectors (Issue [#653]) - Shellvars: exclude more tcsh profile scripts (Pino Toscano) (Issue [#627]) - Simplevars: add ocsinventory-agent.cfg (Pat Riehecky) (Issue #637) - Sudoers: support new @include/@includedir directives (Pino Toscano) (Issue #693) - Sudoers: Allow AD groups (luchihoratiu) (Issue #696) - Support negative integers (Ando David Roots) (#724) - Ssh: add Match keyword support (granquet) (Issue #695) - Sshd: support quotes in Match conditions (Issue #739) - Systemd: fix parsing of envvars with spaces (Pino Toscano) (#659) - Add incl paths according to 'systemd.network(5)' (chruetli) (#683) - Tinc: new lens for Tinc VPN configuration files (Thomas Weißschuh) (#718) - Toml: support arrays (norec) in inline tables (Raphaël Pinson) (#703) - Tmpfiles: improvements to the types specification (Pino Toscano) (Issue #694) ++++ pixman: - Update to version 0.42.2 (boo#1205033 CVE-2022-44638): + This version contains a fix for a heap overflow. - Update URL, and tweak source URI. ++++ suse-module-tools: * Revert "Split kernel scriptlets into separate sub-package" (that change broke some package builds on OBS) - Update to version 16.0.25: * 80-hotplug-cpu-mem.rules: restrict cpu rule to x86_64 (bsc#1204423) ++++ virt-manager: - Upstream bug fixes (bsc#1027942) 11a887ec-cli-disk-Add-driver.metadata_cache-options.patch 7295ebfb-tests-cli-Fix-test-output-after-previous-commit.patch 58f5e36d-fsdetails-Fix-an-error-with-source.socket-of-virtiofs.patch c22a876e-tests-Add-a-compat-check-for-linux2020-in-amd-sev-test-case.patch fbdf0516-cli-cpu-Add-maxphysaddr.mode-bits-options.patch b0d05167-cloner-Sync-uuid-and-sysinfo-system-uuid.patch 999ccb85-virt-install-unattended-and-cloud-init-conflict.patch ------------------------------------------------------------------ ------------------ 2022-11-3 - Nov 3 2022 ------------------- ------------------------------------------------------------------ ++++ lvm2-device-mapper: - killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216) - bug-1203216_lvmlockd-purge-the-lock-resources-left-in-previous-l.patch ++++ libdrm: - Update to 2.4.114 * amdgpu.ids: use consistent formatting for RID * amdgpu.ids: sort the file * amdgpu.ids: update to the latest marketing name * amdgpu_ids: add MI marketing names * amdgpu: Add a default marketing name if none is found * meson: fast-fail on unsupported OSes * include/drm/drm_fourcc.h: Update from Linux v6.0-rc7 * include/drm/i915_drm.h: Update from Linux v6.0-rc7 * tests/util: add imx-lcdif driver * intel: move declarations to top in drm_intel_gem_bo_unreference() * build: automatically disable Intel if pciaccess is not found * xf86drm: handle DRM_FORMAT_BIG_ENDIAN in drmGetFormatName() * amdgpu: silence uninitialized variable warning * xf86drmMode: add helpers for dumb buffers * modetest: drop unused offset field in struct bo * modetest: use sized integers in struct bo * modetest: use dumb buffer helpers ++++ lvm2: - killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216) - bug-1203216_lvmlockd-purge-the-lock-resources-left-in-previous-l.patch ++++ python310-core: - Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid CVE-2022-42919 (bsc#1204886) avoiding Linux specific local privilege escalation via the multiprocessing forkserver start method. ++++ libsoup: - Update to version 3.2.2: + Various HTTP/2 Fixes: - Fix `content-sniffed` not being emitted for resources without content. - Fix leak of SoupServerConnection when stolen. - Enable tests on 32-bit again, fixed upstream. ++++ python310: - Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid CVE-2022-42919 (bsc#1204886) avoiding Linux specific local privilege escalation via the multiprocessing forkserver start method. ++++ python-cryptography: - update to 38.0.3: - Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.7, which resolves CVE-2022-3602 and CVE-2022-3786. ++++ qemu: - Enable KVM support on riscv64 ++++ sudo: - Added sudo-CVE-2022-43995.patch * CVE-2022-43995 * bsc#1204986 * Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend. ------------------------------------------------------------------ ------------------ 2022-11-2 - Nov 2 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - u_nouveau-corrupted-colors-boo1203949.patch * fixes corrupted colors in videos on nouveau with Kepler in Firefox (boo#1203949, issue#7416) - moved drirc.d config snippets from Mesa to Mea-dri package; radv driver specific conf was missing completely (boo#1204866) ++++ Mesa-drivers: - u_nouveau-corrupted-colors-boo1203949.patch * fixes corrupted colors in videos on nouveau with Kepler in Firefox (boo#1203949, issue#7416) - moved drirc.d config snippets from Mesa to Mea-dri package; radv driver specific conf was missing completely (boo#1204866) ++++ NetworkManager: - Use a with_netconfig define instead of relying on bcond: bcond is meant to have extrenally controllable build conditions (build -D, or OBS prjconf). ++++ bash: - Set DEFAULT_LOADABLE_BUILTINS_PATH to get BASH_LOADABLES_PATH correct (boo#1204567) ++++ btrfsprogs: - update to 6.0 * fi usage: in tabular output, print total size and slack size * mkfs: * option -O now accepts values from -R to unify the interface (-R will continue to work) * zone reset and discard is done in parallel on all devices * removed option --leafsize, deprecated long time ago * corrupt-block: recalculate checksum when changing generation * fixes: * convert: fix reserved range detection and overlaps * mkfs: fix creating files with reserved inode numbers with --rootdir * receive: escape filenames in command attributes * fix extent buffer leaks after transaction abort * experimental: * mkfs: support for block-group-tree (kernel 6.1) * fsverity in send (protocol v3, WIP) * btrfstune -b converts to block-group-tree * other: * cleanups, refactoring * new and updated tests * update documentation ++++ gnutls: - Temporarily revert the jitterentropy patches in s390 and s390x architectures until a fix is provided [bsc#1204937] - Disable flaky test that fails in s390x architecture: * Add gnutls-disable-flaky-test-dtls-resume.patch ++++ kernel-default: - wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() (CVE-2022-3628 bsc#1204868). - commit a020866 - Drop the previous sound fix for Dell Dock (bsc#1204719) The patch turned out to be superfluous, the fix should be on pipewire instead. - commit a7f641a - ALSA: usb-audio: Fix regression with Dell Dock jack detection (bsc#1204719). - commit 286383c - KVM: x86: emulator: update the emulation mode after rsm (bsc#1200616). - KVM: x86: emulator: introduce emulator_recalc_and_set_mode (bsc#1200616). - commit 28a19ee - char: pcmcia: cm4040_cs: Fix use-after-free in reader_fops (bsc#1204922 CVE-2022-44033). - commit aaed0f2 - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (bsc#1204705). - commit 57f1f7d ++++ ncurses: - Add ncurses patch 20221029 + improve curs_slk.3x discussion of extensions and portability (report by Bill Gray). ++++ openssl-1_1: - Updated openssl.keyring with key A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C - Update to 1.1.1s: * Fixed a regression introduced in 1.1.1r version not refreshing the certificate data to be signed before signing the certificate. - Update to 1.1.1r: * Fixed the linux-mips64 Configure target which was missing the SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that platform. * Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was causing incorrect results in some cases as a result. * Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to report correct results in some cases * Fixed a regression introduced in 1.1.1o for re-signing certificates with different key sizes * Added the loongarch64 target * Fixed a DRBG seed propagation thread safety issue * Fixed a memory leak in tls13_generate_secret * Fixed reported performance degradation on aarch64. Restored the implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode") for 64bit targets only, since it is reportedly 2-17% slower and the silicon errata only affects 32bit targets. The new algorithm is still used for 32 bit targets. * Added a missing header for memcmp that caused compilation failure on some platforms ++++ sqlite3: - update to 3.39.4: * Fix a long-standing problem in the btree balancer that might, in rare cases, cause database corruption if the application uses an application-defined page cache * Enhance SQLITE_DBCONFIG_DEFENSIVE so that it disallows CREATE TRIGGER statements if one or more of the statements in the body of the trigger write into shadow tables * Fix a possible integer overflow in the size computation for a memory allocation in FTS3. * Fix a misuse of the sqlite3_set_auxdata() interface in the ICU Extension ++++ shadow: - bsc#1204811: Fix chage date format string regression * Add shadow-chage-format.patch ++++ openssl: - updated to 1.1.s release ++++ python-libvirt-python: - Update to 8.9.0 - Add all new APIs and constants in libvirt 8.9.0 - jsc#PED-620, jsc#PED-1540 ------------------------------------------------------------------ ------------------ 2022-11-1 - Nov 1 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Refresh patches.suse/drm-amdgpu-Fix-for-BO-move-issue.patch. Update upstream status. - commit 30b9c27 - char: pcmcia: scr24x_cs: Fix use-after-free in scr24x_fops (bsc#1204901 CVE-2022-44034). - char: pcmcia: cm4000_cs: Fix use-after-free in cm4000_fops (bsc#1204894 CVE-2022-44032). - commit 7d0ff8d - Refresh patches.suse/ACPI-resource-do-IRQ-override-on-LENOVO-IdeaPad.patch. - Refresh patches.suse/ALSA-hda-realtek-Add-another-HP-ZBook-G9-model-quirk.patch. - Refresh patches.suse/ALSA-hda-realtek-Add-quirk-for-ASUS-Zenbook-using-CS.patch. Update upstream status. - commit eaa1897 ++++ openssl-3: - Temporary disable tests test_ssl_new and test_sslapi because they are failing in openSUSE_Tumbleweed - Update to 3.0.7: [bsc#1204714, CVE-2022-3602,CVE-2022-3786] * Fixed two buffer overflows in punycode decoding functions. A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. An attacker can craft a malicious email address to overflow an arbitrary number of bytes containing the `.` character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). ([CVE-2022-3786]) An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution depending on stack layout for any given platform/compiler. ([CVE-2022-3602]) * Removed all references to invalid OSSL_PKEY_PARAM_RSA names for CRT parameters in OpenSSL code. Applications should not use the names OSSL_PKEY_PARAM_RSA_FACTOR, OSSL_PKEY_PARAM_RSA_EXPONENT and OSSL_PKEY_PARAM_RSA_COEFFICIENT. Use the numbered names such as OSSL_PKEY_PARAM_RSA_FACTOR1 instead. Using these invalid names may cause algorithms to use slower methods that ignore the CRT parameters. * Fixed a regression introduced in 3.0.6 version raising errors on some stack operations. * Fixed a regression introduced in 3.0.6 version not refreshing the certificate data to be signed before signing the certificate. * Added RIPEMD160 to the default provider. * Ensured that the key share group sent or accepted for the key exchange is allowed for the protocol version. - Update to 3.0.6: [bsc#1204226, CVE-2022-3358] * OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. * OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. * Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. ([CVE-2022-3358]) * Fix LLVM vs Apple LLVM version numbering confusion that caused build failures on MacOS 10.11 * Fixed the linux-mips64 Configure target which was missing the SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that platform. * Fix handling of a ticket key callback that returns 0 in TLSv1.3 to not send a ticket * Correctly handle a retransmitted ClientHello in DTLS * Fixed detection of ktls support in cross-compile environment on Linux * Fixed some regressions and test failures when running the 3.0.0 FIPS provider against 3.0.x * Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to report correct results in some cases * Fix UWP builds by defining VirtualLock * For known safe primes use the minimum key length according to RFC 7919. Longer private key sizes unnecessarily raise the cycles needed to compute the shared secret without any increase of the real security. This fixes a regression from 1.1.1 where these shorter keys were generated for the known safe primes. * Added the loongarch64 target * Fixed EC ASM flag passing. Flags for ASM implementations of EC curves were only passed to the FIPS provider and not to the default or legacy provider. * Fixed reported performance degradation on aarch64. Restored the implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode") for 64bit targets only, since it is reportedly 2-17% slower and the silicon errata only affects 32bit targets. The new algorithm is still used for 32 bit targets. * Added a missing header for memcmp that caused compilation failure on some platforms ++++ libvirt: - Update to libvirt 8.9.0 - jsc#PED-620, jsc#PED-1540 - Add support for modular daemons to the supportconfig plugin - New subpackage libvirt-client-qemu providing client utilities to interact with QEMU-specific features of libvirt - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v8-9-0-2022-11-01 ------------------------------------------------------------------ ------------------ 2022-10-31 - Oct 31 2022 ------------------- ------------------------------------------------------------------ ++++ lvm2-device-mapper: - dracut-initqueue timeouts with 5.3.18-150300.59.63 kernel on ppc64le (bsc#1199074) - in lvm2.spec, change device_mapper_version from 1.02.185 to %{lvm2_version}_1.02.185 ++++ glib2: - Add a1151bc1.patch: gio/gdesktopappinfo: Free the wrapped argv array on launch failure. - Add ca905744.patch: Revert "Handling collision between standard i/o file descriptors and newly created ones". The user-visible problem this solves is gnome-keyring-daemon eating 100% CPU. ++++ lvm2: - dracut-initqueue timeouts with 5.3.18-150300.59.63 kernel on ppc64le (bsc#1199074) - in lvm2.spec, change device_mapper_version from 1.02.185 to %{lvm2_version}_1.02.185 ++++ libxml2: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ++++ libxml2-python: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ++++ python-requests: - allow using newest version of charset-normalizer (3.0+) * requests-allow-charset-normalizer-3.patch ------------------------------------------------------------------ ------------------ 2022-10-30 - Oct 30 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Linux 6.0.6 (bsc#1012628). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1012628). - ACPI: video: Force backlight native for more TongFang devices (bsc#1012628). - ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1012628). - ext4: factor out ext4_fc_get_tl() (bsc#1012628). - ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1012628). - io_uring: don't gate task_work run on TIF_NOTIFY_SIGNAL (bsc#1012628). - wifi: mt76: mt7921e: fix random fw download fail (bsc#1012628). - iommu/vt-d: Clean up si_domain in the init_dmars() error path (bsc#1012628). - iommu/vt-d: Allow NVS regions in arch_rmrr_sanity_check() (bsc#1012628). - rv/dot2c: Make automaton definition static (bsc#1012628). - drbd: only clone bio if we have a backing device (bsc#1012628). - net: phy: dp83822: disable MDI crossover status change interrupt (bsc#1012628). - net: sched: fix race condition in qdisc_graft() (bsc#1012628). - net: hns: fix possible memory leak in hnae_ae_register() (bsc#1012628). - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (bsc#1012628). - sfc: include vport_id in filter spec hash and equal() (bsc#1012628). - io_uring/msg_ring: Fix NULL pointer dereference in io_msg_send_fd() (bsc#1012628). - net: Fix return value of qdisc ingress handling on success (bsc#1012628). - net: sched: sfb: fix null pointer access issue when sfb_init() fails (bsc#1012628). - net: sched: delete duplicate cleanup of backlog and qlen (bsc#1012628). - net: sched: cake: fix null pointer access issue when cake_init() fails (bsc#1012628). - nvmet: fix workqueue MEM_RECLAIM flushing dependency (bsc#1012628). - nvme-hwmon: kmalloc the NVME SMART log buffer (bsc#1012628). - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (bsc#1012628). - netfilter: nf_tables: relax NFTA_SET_ELEM_KEY_END set flags requirements (bsc#1012628). - netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces (bsc#1012628). - netfilter: rpfilter/fib: Populate flowic_l3mdev field (bsc#1012628). - ionic: catch NULL pointer issue on reconfig (bsc#1012628). - net: hsr: avoid possible NULL deref in skb_clone() (bsc#1012628). - bnxt_en: fix memory leak in bnxt_nvm_test() (bsc#1012628). - drm/amd/display: Increase frame size limit for display_mode_vba_util_32.o (bsc#1012628). - dm: remove unnecessary assignment statement in alloc_dev() (bsc#1012628). - cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1012628). - cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1012628). - cifs: Fix xid leak in cifs_flock() (bsc#1012628). - cifs: Fix xid leak in cifs_copy_file_range() (bsc#1012628). - cifs: Fix xid leak in cifs_create() (bsc#1012628). - ip6mr: fix UAF issue in ip6mr_sk_done() when addrconf_init_net() failed (bsc#1012628). - udp: Update reuse->has_conns under reuseport_lock (bsc#1012628). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1012628). - net: ethernet: mtk_eth_wed: add missing of_node_put() (bsc#1012628). - net: ethernet: mtk_eth_wed: add missing put_device() in mtk_wed_add_hw() (bsc#1012628). - net: ethernet: mtk_eth_soc: fix possible memory leak in mtk_probe() (bsc#1012628). - io_uring/rw: remove leftover debug statement (bsc#1012628). - blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1012628). - erofs: shouldn't churn the mapping page for duplicated copies (bsc#1012628). - skmsg: pass gfp argument to alloc_sk_msg() (bsc#1012628). - net: stmmac: Enable mac_managed_pm phylink config (bsc#1012628). - net: phylink: add mac_managed_pm in phylink_config structure (bsc#1012628). - net/smc: Fix an error code in smc_lgr_create() (bsc#1012628). - net: phy: dp83867: Extend RX strap quirk for SGMII mode (bsc#1012628). - net/atm: fix proc_mpc_write incorrect return value (bsc#1012628). - sfc: Change VF mac via PF as first preference if available (bsc#1012628). - HID: magicmouse: Do not set BTN_MOUSE on double report (bsc#1012628). - tls: strp: make sure the TCP skbs do not have overlapping data (bsc#1012628). - i40e: Fix DMA mappings leak (bsc#1012628). - net: dsa: qca8k: fix ethtool autocast mib for big-endian systems (bsc#1012628). - net: dsa: qca8k: fix inband mgmt for big-endian systems (bsc#1012628). - tipc: fix an information leak in tipc_topsrv_kern_subscr (bsc#1012628). - tipc: Fix recognition of trial period (bsc#1012628). - ACPI: extlog: Handle multiple records (bsc#1012628). - drm/vc4: hdmi: Enforce the minimum rate at runtime_resume (bsc#1012628). - drm/vc4: Add module dependency on hdmi-codec (bsc#1012628). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1012628). - btrfs: fix processing of delayed data refs during backref walking (bsc#1012628). - dm bufio: use the acquire memory barrier when testing for B_READING (bsc#1012628). - platform/x86/amd: pmc: Read SMU version during suspend on Cezanne systems (bsc#1012628). - x86/topology: Fix duplicated core ID within a package (bsc#1012628). - x86/topology: Fix multiple packages shown on a single-package system (bsc#1012628). - x86/Kconfig: Drop check for -mabi=ms for CONFIG_EFI_STUB (bsc#1012628). - media: venus: Fix NV12 decoder buffer discovery on HFI_VERSION_1XX (bsc#1012628). - media: venus: dec: Handle the case where find_format fails (bsc#1012628). - media: mceusb: set timeout to at least timeout provided (bsc#1012628). - media: ipu3-imgu: Fix NULL pointer dereference in active selection access (bsc#1012628). - KVM: arm64: vgic: Fix exit condition in scan_its_table() (bsc#1012628). - KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (bsc#1012628). - KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (bsc#1012628). - kvm: Add support for arch compat vm ioctls (bsc#1012628). - mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages (bsc#1012628). - drm/amdgpu: fix sdma doorbell init ordering on APUs (bsc#1012628). - cpufreq: qcom: fix memory leak in error path (bsc#1012628). - x86/resctrl: Fix min_cbm_bits for AMD (bsc#1012628). - ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS (bsc#1012628). - ata: ahci-imx: Fix MODULE_ALIAS (bsc#1012628). - hwmon/coretemp: Handle large core ID value (bsc#1012628). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1012628). - cpufreq: tegra194: Fix module loading (bsc#1012628). - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (bsc#1012628). - cpufreq: qcom: fix writes in read-only memory region (bsc#1012628). - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (bsc#1012628). - smb3: interface count displayed incorrectly (bsc#1012628). - ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1012628). - ocfs2: clear dinode links count in case of error (bsc#1012628). - video/aperture: Call sysfb_disable() before removing PCI devices (bsc#1012628). - commit ba5b066 ++++ lsof: - update to 4.96.4 * fix hash functions used for finding local tcp/udp IPCs * Show copyright notice in --version output. * Avoid some easy collissions for udp/udp6 sockets when hashing * Changing the number of ipcbuckets to 4096 * obtain correct information of memory-mapped file. - drop remove-hostname.patch now upstream ------------------------------------------------------------------ ------------------ 2022-10-29 - Oct 29 2022 ------------------- ------------------------------------------------------------------ ++++ libXext: - Update to version 1.3.5 * Fix spelling/wording issues * gitlab CI: add a basic build test * Xge.c, Xge.h: convert from ISO-8859-1 to UTF-8 * Add extutilP.h header for xgeExtRegister() prototype * Remove unnecessary casts of malloc/calloc results * Remove unnecessary (char *) casts from Xfree() arguments * Use calloc instead of malloc if we may not initialize all the bytes * Import reallocarray() from libX11 * Convert calls to Xmalloc arrays to use Xmallocarray instead * configure: Use AC_USE_SYSTEM_EXTENSIONS to set GNU_SOURCE & other defines * Remove "All rights reserved" from Oracle copyright notices. * COPYING: Add info for Xge.* and reallocarray.* files * add ACLOCAL_AMFLAGS = -I m4 to make aclocal pick ax_gcc_builtin.m4 ++++ libXinerama: - Update to version 1.1.6 * Update README for gitlab migration * Update configure.ac bug URL for gitlab migration * Fix spelling/wording issues * gitlab CI: add a basic build test * XineramaQueryScreens: fix -Wsign-compare warning * Remove "register" type qualifier from variable declarations ++++ protobuf: - update to 21.9: * Ruby * Replace libc strdup usage with internal impl to restore musl compat (#10818) * Auto capitalize enums name in Ruby (#10454) (#10763) * Other * Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721) * C++ * 21.x No longer define no_threadlocal on OpenBSD (#10743) * Java * Mark default instance as immutable first to avoid race during static initialization of default instances (#10771) * Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder. * Move proto wireformat parsing functionality from the private "parsing constructor" to the Builder class. * Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations. * Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance. * Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field. ++++ timezone: - timezone update 2022f: * Mexico will no longer observe DST except near the US border * Chihuahua moves to year-round -06 on 2022-10-30 * Fiji no longer observes DST * Move links to 'backward' * In vanguard form, GMT is now a Zone and Etc/GMT a link * zic now supports links to links, and vanguard form uses this * Simplify four Ontario zones * Fix a Y2438 bug when reading TZif data * Enable 64-bit time_t on 32-bit glibc platforms * Omit large-file support when no longer needed * In C code, use some C23 features if available * Remove no-longer-needed workaround for Qt bug 53071 ------------------------------------------------------------------ ------------------ 2022-10-28 - Oct 28 2022 ------------------- ------------------------------------------------------------------ ++++ grub2: - NVMeoFC support on grub (jsc#PED-996) * 0001-ieee1275-add-support-for-NVMeoFC.patch * 0002-ieee1275-ofpath-enable-NVMeoF-logical-device-transla.patch * 0003-ieee1275-change-the-logic-of-ieee1275_get_devargs.patch * 0004-ofpath-controller-name-update.patch - TDX: Enhance grub2 measurement to TD RTMR (jsc#PED-1265) * 0001-commands-efi-tpm-Refine-the-status-of-log-event.patch * 0002-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch * 0003-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch - Measure the kernel on POWER10 and extend TPM PCRs (PED-1990) * 0001-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch * 0002-ieee1275-implement-vec5-for-cas-negotiation.patch - Fix efi pcr snapshot related funtion is defined but not used on powerpc platform. * safe_tpm_pcr_snapshot.patch ++++ at-spi2-core: - Ensure xprop is required when xwayland is installed. ++++ python-pbr: - Update to 5.11.0 * Fix symbol identification in multiline message * Replace deprecated readfp method with read_file ------------------------------------------------------------------ ------------------ 2022-10-27 - Oct 27 2022 ------------------- ------------------------------------------------------------------ ++++ llvm15: - Update to version 15.0.3. * This release contains bug-fixes for the LLVM 15.0.0 release. This release is API and ABI compatible with 15.0.0. - Add llvm-armv7-fix-vector-compare-with-zero-lowering.patch: Fix lowering of non-canonical vector comparison with zero on armv7, preventing a crash (boo#1204267, gh#llvm/llvm-project#58514). - Add lldb-swig-4.1.0-build-fix.patch: Fix build with Swig 4.1.0. - Rebase llvm-do-not-install-static-libraries.patch. ++++ osinfo-db: - Update to database version 20221018 osinfo-db-20221018.tar.xz ++++ python-charset-normalizer: - Update to 3.0.0 Added * Extend the capability of explain=True when cp_isolation contains at most two entries (min one), will log in details of the Mess-detector results Support for alternative language frequency set in charset_normalizer.assets.FREQUENCIES Add parameter language_threshold in from_bytes, from_path and from_fp to adjust the minimum expected coherence ratio normalizer --version now specify if current version provide extra speedup (meaning mypyc compilation whl) * Changed Build with static metadata using 'build' frontend Make the language detection stricter Optional: Module md.py can be compiled using Mypyc to provide an extra speedup up to 4x faster than v2.1 * Fixed CLI with opt --normalize fail when using full path for files TooManyAccentuatedPlugin induce false positive on the mess detection when too few alpha character have been fed to it Sphinx warnings when generating the documentation * Removed Coherence detector no longer return 'Simple English' instead return 'English' Coherence detector no longer return 'Classical Chinese' instead return 'Chinese' Breaking: Method first() and best() from CharsetMatch UTF-7 will no longer appear as "detected" without a recognized SIG/mark (is unreliable/conflict with ASCII) Breaking: Class aliases CharsetDetector, CharsetDoctor, CharsetNormalizerMatch and CharsetNormalizerMatches Breaking: Top-level function normalize Breaking: Properties chaos_secondary_pass, coherence_non_latin and w_counter from CharsetMatch Support for the backport unicodedata2 ++++ raspberrypi-firmware: - Update to 13691cee9 (2022-10-26): * firmware: arm_loader: Add vcmailbox support for 256bit OTP customer device key See: raspberrypi/usbboot#163 * firmware: il: video_encode: MJPEG is not conditional on being RASPBERRYPI_FULL ++++ raspberrypi-firmware-config: - Update to 13691cee9 (2022-10-26): * firmware: arm_loader: Add vcmailbox support for 256bit OTP customer device key See: raspberrypi/usbboot#163 * firmware: il: video_encode: MJPEG is not conditional on being RASPBERRYPI_FULL ++++ raspberrypi-firmware-config-camera: - Update to 13691cee9 (2022-10-26): * firmware: arm_loader: Add vcmailbox support for 256bit OTP customer device key See: raspberrypi/usbboot#163 * firmware: il: video_encode: MJPEG is not conditional on being RASPBERRYPI_FULL ++++ raspberrypi-firmware-dt: - Update to 692039799e78 (2022-10-26) ++++ tar: - Fix unexpected inconsistency when making directory, bsc#1203600 * tar-avoid-overflow-in-symlinks-tests.patch * tar-fix-extract-unlink.patch - Update race condition fix, bsc#1200657 * tar-fix-race-condition.patch - Refresh bsc1200657.patch ------------------------------------------------------------------ ------------------ 2022-10-26 - Oct 26 2022 ------------------- ------------------------------------------------------------------ ++++ curl: - Update to 7.86.0: * Security fixes: - POST following PUT confusion [bsc#1204383, CVE-2022-32221] - .netrc parser out-of-bounds access [bsc#1204384, CVE-2022-35260] - HTTP proxy double-free [bsc#1204385, CVE-2022-42915] - HSTS bypass via IDN [bsc#1204386, CVE-2022-42916] * Changes: - NPN: remove support for and use of - Websockets: initial support * Bugfixes: - altsvc: reject bad port numbers - autotools: reduce brute-force when detecting recv/send arg list - aws_sigv4: fix header computation - cli tool: do not use disabled protocols - connect: change verbose IPv6 address:port to [address]:port - connect: fix builds without AF_INET6 - connect: fix Curl_updateconninfo for TRNSPRT_UNIX - connect: fix the wrong error message on connect failures - content_encoding: use writer struct subclasses for different encodings - cookie: reject cookie names or content with TAB characters - curl/add_file_name_to_url: use the libcurl URL parser - curl/get_url_file_name: use libcurl URL parser - curl: warn for --ssl use, considered insecure - docs/libcurl/symbols-in-versions: add several missing symbols - ftp: ignore a 550 response to MDTM - functypes: provide the recv and send arg and return types - getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled - header: define public API functions as extern c - headers: reset the requests counter at transfer start - hostip: guard PF_INET6 use - hostip: lazily wait to figure out if IPv6 works until needed - http, vauth: always provide Curl_allow_auth_to_host() functionality - http2: make nghttp2 less picky about field whitespace - http: try parsing Retry-After: as a number first - http_proxy: restore the protocol pointer on error - lib: add missing limits.h includes - lib: prepare the incoming of additional protocols - lib: sanitize conditional exclusion around MIME - libssh: if sftp_init fails, don't get the sftp error code - mprintf: reject two kinds of precision for the same argument - mqtt: return error for too long topic - netrc: compare user name case sensitively - netrc: replace fgets with Curl_get_line - netrc: use the URL-decoded user - ngtcp2: fix build errors due to changes in ngtcp2 library - noproxy: support proxies specified using cidr notation - openssl: make certinfo available for QUIC - resolve: make forced IPv4 resolve only use A queries - schannel: ban server ALPN change during recv renegotiation - schannel: don't reset recv/send function pointers on renegotiation - schannel: when importing PFX, disable key persistence - setopt: use the handler table for protocol name to number conversions - setopt: when POST is set, reset the 'upload' field - single_transfer: use the libcurl URL parser when appending query parts - smb: replace CURL_WIN32 with WIN32 - tool: avoid generating ambiguous escaped characters in --libcurl - tool_main: exit at once if out of file descriptors - tool_operate: more transfer cleanup after parallel transfer fail - tool_operate: prevent over-queuing in parallel mode - tool_paramhelp: asserts verify maximum sizes for string loading - tool_xattr: save the original URL, not the final redirected one - url: a zero-length userinfo part in the URL is still a (blank) user - url: allow non-HTTPS HSTS-matching for debug builds - url: rename function due to name-clash in Watt-32 - url: use IDN decoded names for HSTS checks - urlapi: detect scheme better when not guessing - urlapi: fix parsing URL without slash with CURLU_URLENCODE - urlapi: reject more bad characters from the host name field * Remove patch upstream: - connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch ++++ dbus-1: - update to 1.14.4 (bsc#1204111, CVE-2022-42010, bsc#1204112, CVE-2022-42011, bsc#1204113, CVE-2022-42012): This is a security update for the dbus 1.14.x stable branch, fixing denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying security hardening (dbus#416). Behaviour changes: * On Linux, dbus-daemon and other uses of DBusServer now create a path-based Unix socket, unix:path=..., when asked to listen on a unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to unix:dir=... on all platforms. Previous versions would have created an abstract socket, unix:abstract=..., in this situation. This change primarily affects the well-known session bus when run via dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring dbus with --enable-user-session and running it on a systemd system, already used path-based Unix sockets and is unaffected by this change. This behaviour change prevents a sandbox escape via the session bus socket in sandboxing frameworks that can share the network namespace with the host system, such as Flatpak. This change might cause a regression in situations where the abstract socket is intentionally shared between the host system and a chroot or container, such as some use-cases of schroot(1). That regression can be resolved by using a bind-mount to share either the D-Bus socket, or the whole /tmp directory, with the chroot or container. (dbus#416, Simon McVittie) * Denial of service fixes: - Evgeny Vereshchagin discovered several ways in which an authenticated local attacker could cause a crash (denial of service) in dbus-daemon --system or a custom DBusServer. In uncommon configurations these could potentially be carried out by an authenticated remote attacker. - An invalid array of fixed-length elements where the length of the array is not a multiple of the length of the element would cause an assertion failure in debug builds or an out-of-bounds read in production builds. This was a regression in version 1.3.0. (dbus#413, CVE-2022-42011; Simon McVittie) - A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical example. (dbus#418, CVE-2022-42010; Simon McVittie) - A message in non-native endianness with out-of-band Unix file descriptors would cause a use-after-free and possible memory corruption in production builds, or an assertion failure in debug builds. This was a regression in version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie) - Preserve errno on failure to open /proc/self/oom_score_adj (dbus!285, Gentoo#834725; Mike Gilbert) - On Linux, don't log warnings if oom_score_adj is read-only but does not need to be changed (dbus!291, Simon McVittie) - Slightly improve error-handling for inotify (dbus!235, Simon McVittie) - Don't crash if dbus-daemon is asked to watch more than 128 directories for changes (dbus!302, Jan Tojnar) ++++ dnsmasq: - update to 2.87 (bsc#1197872, CVE-2022-0934): * Allow arbitrary prefix lengths in --rev-server and - -domain=....,local * Replace --address=/#/..... functionality which got missed in the 2.86 domain search rewrite. * Add --nftset option, like --ipset but for the newer nftables. * Add --filter-A and --filter-AAAA options, to remove IPv4 or IPv6 addresses from DNS answers. * Fix crash doing netbooting when --port is set to zero to disable the DNS server. Thanks to Drexl Johannes for the bug report. * Generalise --dhcp-relay. Sending via broadcast/multicast is now supported for both IPv4 and IPv6 and the configuration syntax made easier (but backwards compatible). * Add snooping of IPv6 prefix-delegations to the DHCP-relay system. * Finesse parsing of --dhcp-remoteid and --dhcp-subscrid. To be treated as hex, the pattern must consist of only hex digits AND contain at least one ':'. Thanks to Bengt-Erik Sandstrom who tripped over a pattern consisting of a decimal number which was interpreted surprisingly. * Include client address in TFTP file-not-found error reports. Thanks to Stefan Rink for the initial patch, which has been re-worked by me (srk). All bugs mine. * Note in manpage the change in behaviour of -address. This behaviour actually changed in v2.86, but was undocumented there. From 2.86 on, (eg) --address=/example.com/1.2.3.4 ONLY applies to A queries. All other types of query will be sent upstream. Pre 2.86, that would catch the whole example.com domain and queries for other types would get a local NODATA answer. The pre-2.86 behaviour is still available, by configuring --address=/example.com/1.2.3.4 --local=/example.com/ * Fix problem with binding DHCP sockets to an individual interface. Despite the fact that the system call tales the interface _name_ as a parameter, it actually, binds the socket to interface _index_. Deleting the interface and creating a new one with the same name leaves the socket bound to the old index. (Creating new sockets always allocates a fresh index, they are not reused). We now take this behaviour into account and keep up with changing indexes. * Add --conf-script configuration option. * Enhance --domain to accept, for instance, - -domain=net2.thekelleys.org.uk,eth2 so that hosts get a domain which relects the interface they are attached to in a way which doesn't require hard-coding addresses. Thanks to Sten Spans for the idea. * Fix write-after-free error in DHCPv6 server code. CVE-2022-0934 refers. * Add the ability to specify destination port in DHCP-relay mode. This change also removes a previous bug where --dhcp-alternate-port would affect the port used to relay _to_ as well as the port being listened on. The new feature allows configuration to provide bug-for-bug compatibility, if required. Thanks to Damian Kaczkowski for the feature suggestion. * Bound the value of UDP packet size in the EDNS0 header of forwarded queries to the configured or default value of edns-packet-max. There's no point letting a client set a larger value if we're unable to return the answer. Thanks to Bertie Taylor for pointing out the problem and supplying the patch. - drop dnsmasq-CVE-2022-0934.patch, dnsmasq-resolv-conf.patch (upstream) ++++ gdk-pixbuf: - Update to version 2.42.10: + Search for rst2man.py. + Update the memory size limit for JPEG images. + Updated translations. - Drop patch fixed upstream (with different limit): + 0001-jpeg-Increase-memory-limit-for-loading-image-data.patch ++++ glib-networking: - Fix build with gnutls 3.7.8: * tests: skip tls-exporter test for TLS 1.2 * https://gitlab.gnome.org/GNOME/glib-networking/-/issues/201 * Add glib-networking-gnutls-tls-exporter-tls12.patch ++++ glib2: - Update to version 2.74.1: + Update Unicode data to version 15 + Fix various build failures in different situations + Fix over-eager deprecated property warnings for construct properties + Fix a crash calling `g_param_value_is_valid()` on a `GParamSpecParam` + Fix floating `GVariant` leaks with GObject properties + Add inline optimised version of `g_str_equal()` + Fix `GVariant` type depths checks on text format variants + Fix regression with int64 and double hashing functions on big-endian architectures + Build the API documentation only when building GLib as a shared library + Ignore weird `/etc/localtime` configurations generated by toolbx + Avoid `EINTR` races when closing FDs in `g_spawn_*()` + Bugs fixed: glgo#GNOME/GLib#16, glgo#GNOME/GLib#333, glgo#GNOME/GLib#2735, glgo#GNOME/GLib#2740, glgo#GNOME/GLib#2742, glgo#GNOME/GLib#2748, glgo#GNOME/GLib#2758, glgo#GNOME/GLib#2759, glgo#GNOME/GLib#2766, glgo#GNOME/GLib#2767, glgo#GNOME/GLib#2770, glgo#GNOME/GLib#2774, glgo#GNOME/GLib#2775, glgo#GNOME/GLib#2782, glgo#GNOME/GLib#2787, glgo#GNOME/GLib#2788, glgo#GNOME/GLib!2852, glgo#GNOME/GLib!2857, glgo#GNOME/GLib!2864, glgo#GNOME/GLib!2866, glgo#GNOME/GLib!2880, glgo#GNOME/GLib!2885, glgo#GNOME/GLib!2892, glgo#GNOME/GLib!2896, glgo#GNOME/GLib!2899, glgo#GNOME/GLib!2901, glgo#GNOME/GLib!2903, glgo#GNOME/GLib!2904, glgo#GNOME/GLib!2905, glgo#GNOME/GLib!2907, glgo#GNOME/GLib!2911, glgo#GNOME/GLib!2913, glgo#GNOME/GLib!2915, glgo#GNOME/GLib!2916, glgo#GNOME/GLib!2920, glgo#GNOME/GLib!2922, glgo#GNOME/GLib!2924, glgo#GNOME/GLib!2928, glgo#GNOME/GLib!2931, glgo#GNOME/GLib!2933, glgo#GNOME/GLib!2938, glgo#GNOME/GLib!2939, glgo#GNOME/GLib!2946, glgo#GNOME/GLib!2948, glgo#GNOME/GLib!2949, glgo#GNOME/GLib!2958, glgo#GNOME/GLib!2960, glgo#GNOME/GLib!2973, glgo#GNOME/GLib!2975, glgo#GNOME/GLib!2982, glgo#GNOME/GLib!2983, glgo#GNOME/GLib!2988, glgo#GNOME/GLib!2989, glgo#GNOME/GLib!2995, glgo#GNOME/GLib!2996, glgo#GNOME/GLib!2998, glgo#GNOME/GLib!3010. + Updated translations. - Rebase patches with quilt. - Drop f0dd96c28751f15d0703b384bfc7c314af01caa8.diff: Fixed upstream. ++++ glibc: - dl-debug-bindings.patch: elf: Reinstate on DL_DEBUG_BINDINGS _dl_lookup_symbol_x (bsc#1204710) ++++ kernel-default: - Linux 6.0.5 (bsc#1012628). - Revert "btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure" (bsc#1012628). - clk: tegra: Fix Tegra PWM parent clock (bsc#1012628). - commit 7359656 - Linux 6.0.4 (bsc#1012628). - Revert "ALSA: hda: Fix page fault in snd_hda_codec_shutdown()" (bsc#1012628). - fbdev/core: Remove remove_conflicting_pci_framebuffers() (bsc#1012628). - io-wq: Fix memory leak in worker creation (bsc#1012628). - gcov: support GCC 12.1 and newer compilers (bsc#1012628). - efi: ssdt: Don't free memory if ACPI table was loaded successfully (bsc#1012628). - efi: efivars: Fix variable writes without query_variable_store() (bsc#1012628). - dm clone: Fix typo in block_device format specifier (bsc#1012628). - drm/amd/pm: update SMU IP v13.0.4 driver interface version (bsc#1012628). - drm/amd/pm: fulfill SMU13.0.0 cstate control interface (bsc#1012628). - drm/amd/pm: disable cstate feature for gpu reset scenario (bsc#1012628). - drm/amd/pm: add SMU IP v13.0.4 IF version define to V7 (bsc#1012628). - drm/amd/pm: fulfill SMU13.0.7 cstate control interface (bsc#1012628). - net: flag sockets supporting msghdr originated zerocopy (bsc#1012628). - HID: playstation: add initial DualSense Edge controller support (bsc#1012628). - HID: playstation: stop DualSense output work on remove (bsc#1012628). - io_uring/net: fail zc send when unsupported by socket (bsc#1012628). - thermal: intel_powerclamp: Use first online CPU as control_cpu (bsc#1012628). - pinctrl: amd: change dev_warn to dev_dbg for additional feature support (bsc#1012628). - drm/i915/bios: Use hardcoded fp_timing size for generating LFP data pointers (bsc#1012628). - drm/i915/bios: Validate fp_timing terminator presence (bsc#1012628). - commit 12375d5 - arm64: Update config files. (bsc#1203558) Enable Renesas serial console and earlycon. - commit e782884 ++++ expat: - Update to 2.5.0: (bsc#1204708) * Security fixes: - CVE-2022-43680 -- Fix heap use-after-free after overeager destruction of a shared DTD in function XML_ExternalEntityParserCreate in out-of-memory situations. Expected impact is denial of service or potentially arbitrary code execution. * Bug fixes: - Fix curruption from undefined entities - Fix case when parsing was suspended while processing nested entities - Stop leaking opening tag bindings after a closing tag mismatch error where a parser is reset through XML_ParserReset and then reused to parse - CMake: Fix generation of pkg-config file - MinGW|CMake: Fix static library name * Other changes: - Protect header expat_config.h from multiple inclusion - examples: Make use of XML_GetBuffer and be more consistent across examples - Address compiler warnings - Version info bumped from 9:9:8 to 9:10:8; see https://verbump.de/ for what these numbers do ++++ multipath-tools: - Update to version 0.9.2+59+suse.ac8942d: * Fix segfault in "multipath -t" command (boo#1204731) ++++ qemu: - qtests test are not realiable when run inside OBS builders, so let's disable that part of the testsuite for now. There is work ongoing to run it somewhere else (on dedicated hosts) to avoid loosing coverage. (bsc#1204566) ++++ rebootmgr: - Update to version 2.0 - Remove outdated etcd code - Fix issue#10: Reboots happen at the first moment of the maintenance window ------------------------------------------------------------------ ------------------ 2022-10-25 - Oct 25 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Revert "ALSA: hda: Fix page fault in snd_hda_codec_shutdown()" (bsc#1204679). - commit df34d12 ++++ alsa: - Update to version 1.2.8: add FreeBSD/NetBD/OpenBSD build support, fixes in control namehint, various PCM plugins and UCM. For details, see: https://www.alsa-project.org/wiki/Changes_v1.2.7.2_v1.2.8 - Add keyring ++++ libcontainers-common: - set detached sigstore attachments for the SUSE controlled registries ++++ libidn2: - update to 2.3.4: * Support for Unicode 15.0.0 * Uses IDNA2008 from tables from unicode.org rather than IANA for consistency with other implementation and support for Unicode versions 12 through 15. This breaks backwards- compatibility regarding U+19DA and recent releases ++++ rpm: - Add selinux_transactional_update.patch to ignore errors when setting file labels during transactional updates. They will be set upon reboot once the new policy is loaded (bsc#1204605) ++++ systemd: - Import commit c212388f7de8d22a3f7c22b19553548ccc0cdd15 (merge of v251.7) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/f78bba8d037cc26c09bbdd167625b2d7fe1f5a30...c212388f7de8d22a3f7c22b19553548ccc0cdd15 - specfile: reindent comments ++++ libunistring: - Update to 1.1: * The data tables and algorithms have been updated to Unicode version 15.0.0. ++++ openSUSE-build-key: - add the SUSE Container key in PEM format too to new /usr/share/pki/containers/ directory. (bsc#1204706) ++++ sudo: - Update to 1.9.12: * Dropped sudo-1.9.10-update_sudouser_to_utf8.patch * Changes in Sudo 1.9.12: * Fixed a bug when logging the command’s exit status in intercept mode. The wrong command could be logged with the exit status. * For ptrace-based intercept mode, sudo will now attempt to verify that the command path name, arguments and environment have not changed from the time when they were authorized by the security policy. The new intercept_verify sudoers setting can be used to control this behavior. * Fixed running commands with a relative path (e.g. ./foo) in intercept mode. Previously, this would fail if sudo’s current working directory was different from that of the command. * Sudo now supports passing the execve(2) system call the NULL pointer for the argv and/or envp arguments when in intercept mode. Linux treats a NULL pointer like an empty array. * The sudoers LDAP schema now allows sudoUser, sudoRunasUser and sudoRunasGroup to include UTF-8 characters, not just 7-bit ASCII. * Fixed a problem with sudo -i on SELinux when the target user’s home directory is not searchable by sudo. GitHub issue #160. * Neovim has been added to the list of visudo editors that support passing the line number on the command line. * Fixed a bug in sudo’s SHA384 and SHA512 message digest padding. * Added a new -N (no-update) command line option to sudo which can be used to prevent sudo from updating the user’s cached credentials. It is now possible to determine whether or not a user’s cached credentials are currently valid by running: $ sudo -Nnv and checking the exit value. One use case for this is to indicate in a shell prompt that sudo is “active” for the user. * PAM approval modules are no longer invoked when running sub-commands in intercept mode unless the intercept_authenticate option is set. There is a substantial performance penalty for calling into PAM for each command run. PAM approval modules are still called for the initial command. * Intercept mode on Linux now uses process_vm_readv(2) and process_vm_writev(2) if available. * The XDG_CURRENT_DESKTOP environment variable is now preserved by default. This makes it possible for graphical applications to choose the correct theme when run via sudo. * On 64-bit systems, if sudo fails to load a sudoers group plugin, it will use system-specific heuristics to try to locate a 64-bit version of the plugin. * The cvtsudoers manual now documents the JSON and CSV output formats. GitHub issue #172. * Fixed a bug where sub-commands were not being logged to a remote log server when log_subcmds was enabled. GitHub issue #174. * The new log_stdin, log_stdout, log_stderr, log_ttyin, and log_ttyout sudoers settings can be used to support more fine-grained I/O logging. The sudo front-end no longer allocates a pseudo-terminal when running a command if the I/O logging plugin requests logging of stdin, stdout, or stderr but not terminal input/output. * Quieted a libgcrypt run-time initialization warning. This fixes Debian bug #1019428 and Ubuntu bug #1397663. * Fixed a bug in visudo that caused literal backslashes to be removed from the EDITOR environment variable. GitHub issue #179. * The sudo Python plugin now implements the find_spec method instead of the the deprecated find_module. This fixes a test failure when a newer version of setuptools that doesn’t include find_module is found on the system. * Fixed a bug introduced in sudo 1.9.9 where sudo_logsrvd created the process ID file, usually /var/run/sudo/sudo_logsrvd.pid, as a directory instead of a plain file. The same bug could result in I/O log directories that end in six or more X’s being created literally in addition to the name being used as a template for the mkdtemp(3) function. * Fixed a long-standing bug where a sudoers rule with a command line argument of “”, which indicates the command may be run with no arguments, would also match a literal "" on the command line. GitHub issue #182. * Added the -I option to visudo which only edits the main sudoers file. Include files are not edited unless a syntax error is found. * Fixed sudo -l -U otheruser output when the runas list is empty. Previously, sudo would list the invoking user instead of the list user. GitHub issue #183. * Fixed the display of command tags and options in sudo -l output when the RunAs user or group changes. A new line is started for RunAs changes which means we need to display the command tags and options again. GitHub issue #184. * The sesh helper program now uses getopt_long(3) to parse the command line options. * The embedded copy of zlib has been updated to version 1.2.13. * Fixed a bug that prevented event log data from being sent to the log server when I/O logging was not enabled. This only affected systems without PAM or configurations where the pam_session and pam_setcred options were disabled in the sudoers file. * Fixed a bug where sudo -l output included a carriage return after the newline. This is only needed when displaying to a terminal in raw mode. Bug #1042. ------------------------------------------------------------------ ------------------ 2022-10-24 - Oct 24 2022 ------------------- ------------------------------------------------------------------ ++++ docker: - Fix wrong After: in docker.service, fixes bsc#1188447 ++++ gettext-runtime: - update keyring for the last version update ++++ grub2: - Include loopback into signed grub2 image (jsc#PED-2150) ++++ kernel-default: - Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() (CVE-2022-3640 bsc#1204619). - commit c41533c ++++ libffi: - Update to libffi 3.4.4 * Important aarch64 fixes, including support for linux builds with Link Time Optimization (-flto). * Fix x86 stdcall stack alignment. * Fix x86 Windows msvc assembler compatibility. * Fix moxie and or1k small structure args. - drop riscv64-handle-big-structures.patch - reenable LTO ++++ multipath-tools: - Update to version 0.9.2+57+suse.cf3c1e9: * Fix multipathd authorization bypass and symlink attack (bsc#1202739 CVE-2022-41973 CVE-2022-41974) * add multipath-dracut.conf: dracut config file to install tmpfiles.d/multipath.conf in initramfs * Use "queue_mode bio" for NVMeoF/TCP devices * Upstream bug fixes and hwtable updates - Drop recompress.service, it just slows down build ++++ ncurses: - Add ncurses patch 20221023 + change man_db.renames to template, to handle ncurses*-config script with the extra-suffix configure option. ++++ shadow: - Add shadow-prefix-overflow.patch: Fix buffer overflow when calling useradd with --prefix See https://github.com/shadow-maint/shadow/pull/588 ++++ zchunk: - update to 1.2.3: * Remove meson deprecation warning * Add license scan report and status * test/zck_cmp_uncomp: fix printf format types * meson: add option to build without docs * zck: declare write_data as static ++++ pam-config: - Update to Version 1.8 - Move systemd_home after all optional modules (#13) - Add pam_u2f support [bsc#1115512] ++++ qemu: - Improve dependency handling (e.g., what's recommended vs. what's required. - Add a subpackage (qemu-headless) that brings in all the packages that are needed for creating VMs with tools like virt-install or VirtManager, run either locally or from a remote host. (bsc#1202166) ++++ vim: - Updated to version 9.0.0814, fixes the following problems * Kitty terminal is not recognized. * GUI mouse scrollwheel mappings don't work. * Error if :echowin is preceded by a command modifier * readblob() returns empty when trying to read too much * Test for job writing to buffer fails * sonnet filetype detection has a typo * With 'smoothscroll' typing "0" may not go to the first column * 'langmap' works differently when there are modifiers * Filetype autocmd may cause freed memory access * Crash when trying to divice the largest negative number by -1 * readblob() cannot read from character device. * The modifyOtherKeys flag is set when it should not. * In compiled function ->() on next line not recognized * Clang format configuration files are not recognized. * Order of assert function arguments is reverted. * readblob() always reads the whole file. * At the hit-Enter prompt the End and Home keys may not work. * Dummy buffer ends up in a window * User command does not get number from :tab modifier * Memory leak with empty shell command * ":!" doesn't do anything but does update the previous command. * OpenVPN files are not recognized. * 'scroll' value computed in unexpected location * The libvterm code is outdated. * Quickfix commands may keep memory allocated. * With a Visual block a put command column may go negative. * Indent and option tests fail. * Cannot use 'indentexpr' for Lisp indenting. * Display test for 'listchars' "precedes" fails * Line number not visisble with smoothscroll'', 'nu' and 'rnu' * No autocmd event for changing text in a terminal window * 'scrolloff' does not work well with 'smoothscroll'. * Crash when popup closed in callback * Alloc/free of buffer for each quickfix entry is inefficient * Wrong cursor position when using "gj" and "gk" in a long line. * In script in autoload dir exported variable is not found. ------------------------------------------------------------------ ------------------ 2022-10-23 - Oct 23 2022 ------------------- ------------------------------------------------------------------ ++++ python-urllib3: - Fix pycache when undbundling six ------------------------------------------------------------------ ------------------ 2022-10-22 - Oct 22 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: hda/realtek: Add another HP ZBook G9 model quirks (bsc#1203699). - commit a4522e2 - Linux 6.0.3 (bsc#1012628). - arm64: dts: qcom: sc8280xp-pmics: Remove reg entry & use correct node name for pmc8280c_lpg node (bsc#1012628). - Kconfig.debug: add toolchain checks for DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT (bsc#1012628). - Kconfig.debug: simplify the dependency of DEBUG_INFO_DWARF4/5 (bsc#1012628). - io_uring/rw: ensure kiocb_end_write() is always called (bsc#1012628). - io_uring: fix fdinfo sqe offsets calculation (bsc#1012628). - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (bsc#1012628). - powerpc/64s/interrupt: Fix lost interrupts when returning to soft-masked context (bsc#1012628). - net/ieee802154: don't warn zero-sized raw_sendmsg() (bsc#1012628). - Revert "net/ieee802154: reject zero-sized raw_sendmsg()" (bsc#1012628). - Revert "drm/amd/display: correct hostvm flag" (bsc#1012628). - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (bsc#1012628). - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (bsc#1012628). - ALSA: usb-audio: Fix last interface check for registration (bsc#1012628). - net: ieee802154: return -EINVAL for unknown addr type (bsc#1012628). - mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1012628). - io_uring/net: fix notif cqe reordering (bsc#1012628). - io_uring/net: don't skip notifs for failed requests (bsc#1012628). - io_uring/net: rename io_sendzc() (bsc#1012628). - io_uring/net: don't lose partial send_zc on fail (bsc#1012628). - io_uring/net: use io_sr_msg for sendzc (bsc#1012628). - io_uring/net: refactor io_sr_msg types (bsc#1012628). - perf intel-pt: Fix system_wide dummy event for hybrid (bsc#1012628). - perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc (bsc#1012628). - perf: Skip and warn on unknown format 'configN' attrs (bsc#1012628). - clk: bcm2835: Round UART input clock up (bsc#1012628). - usb: typec: ucsi: Don't warn on probe deferral (bsc#1012628). - dmaengine: dw-edma: Remove runtime PM support (bsc#1012628). - fsi: master-ast-cf: Fix missing of_node_put in fsi_master_acf_probe (bsc#1012628). - fsi: occ: Prevent use after free (bsc#1012628). - hwmon (occ): Retry for checksum failure (bsc#1012628). - blk-mq: use quiesced elevator switch when reinitializing queues (bsc#1012628). - usb: idmouse: fix an uninit-value in idmouse_open (bsc#1012628). - nvmet-tcp: add bounds check on Transfer Tag (bsc#1012628). - nvme: copy firmware_rev on each init (bsc#1012628). - nvme: handle effects after freeing the request (bsc#1012628). - ext2: Use kvmalloc() for group descriptor array (bsc#1012628). - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (bsc#1012628). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (bsc#1012628). - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (bsc#1012628). - io_uring: fix CQE reordering (bsc#1012628). - Revert "usb: storage: Add quirk for Samsung Fit flash" (bsc#1012628). - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (bsc#1012628). - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (bsc#1012628). - usb: dwc3: core: add gfladj_refclk_lpm_sel quirk (bsc#1012628). - usb: musb: Fix musb_gadget.c rxstate overflow bug (bsc#1012628). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (bsc#1012628). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (bsc#1012628). - HID: nintendo: check analog user calibration for plausibility (bsc#1012628). - HSI: ssi_protocol: fix potential resource leak in ssip_pn_open() (bsc#1012628). - HID: roccat: Fix use-after-free in roccat_read() (bsc#1012628). - soundwire: intel: fix error handling on dai registration issues (bsc#1012628). - soundwire: cadence: Don't overwrite msg->buf during write commands (bsc#1012628). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (bsc#1012628). - ata: libahci_platform: Sanity check the DT child nodes number (bsc#1012628). - blk-throttle: prevent overflow while calculating wait time (bsc#1012628). - staging: vt6655: fix potential memory leak (bsc#1012628). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (bsc#1012628). - usb: gadget: uvc: increase worker prio to WQ_HIGHPRI (bsc#1012628). - iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (bsc#1012628). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (bsc#1012628). - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (bsc#1012628). - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (bsc#1012628). - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1012628). - usb: host: xhci-plat: suspend/resume clks for brcm (bsc#1012628). - usb: host: xhci-plat: suspend and resume clocks (bsc#1012628). - RDMA/rxe: Delete error messages triggered by incoming Read requests (bsc#1012628). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (bsc#1012628). - media: platform: fix some double free in meson-ge2d and mtk-jpeg and s5p-mfc (bsc#1012628). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (bsc#1012628). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (bsc#1012628). - ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (bsc#1012628). - ARM: 9234/1: stacktrace: Avoid duplicate saving of exception PC value (bsc#1012628). - ARM: 9233/1: stacktrace: Skip frame pointer boundary check for call_with_stack() (bsc#1012628). - btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure (bsc#1012628). - btrfs: don't print information about space cache or tree every remount (bsc#1012628). - btrfs: scrub: try to fix super block errors (bsc#1012628). - btrfs: scrub: properly report super block errors in system log (bsc#1012628). - btrfs: dump extra info if one free space cache has more bitmaps than it should (bsc#1012628). - ARM: orion: fix include path (bsc#1012628). - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (bsc#1012628). - arm64: dts: imx8mm-kontron: Use the VSELECT signal to switch SD card IO voltage (bsc#1012628). - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (bsc#1012628). - ARM: dts: imx6sx-udoo-neo: don't use multiple blank lines (bsc#1012628). - ARM: dts: imx6sl: use tabs for code indent (bsc#1012628). - ARM: dts: imx6sx: add missing properties for sram (bsc#1012628). - ARM: dts: imx6sll: add missing properties for sram (bsc#1012628). - ARM: dts: imx6sl: add missing properties for sram (bsc#1012628). - ARM: dts: imx6qp: add missing properties for sram (bsc#1012628). - ARM: dts: imx6dl: add missing properties for sram (bsc#1012628). - ARM: dts: imx6q: add missing properties for sram (bsc#1012628). - arm64: dts: qcom: sc7280-idp: correct ADC channel node name and unit address (bsc#1012628). - ARM: dts: imx7d-sdb: config the max pressure for tsc2046 (bsc#1012628). - ARM: dts: imx6: delete interrupts property if interrupts-extended is set (bsc#1012628). - drm/amdkfd: Fix UBSAN shift-out-of-bounds warning (bsc#1012628). - drm/amd/display: polling vid stream status in hpo dp blank (bsc#1012628). - drm/amd/display: Remove interface for periodic interrupt 1 (bsc#1012628). - drm/dp: Don't rewrite link config when setting phy test pattern (bsc#1012628). - mmc: sdhci-msm: add compatible string check for sdm670 (bsc#1012628). - drm/meson: remove drm bridges at aggregate driver unbind time (bsc#1012628). - drm/meson: explicitly remove aggregate driver at module unload time (bsc#1012628). - drm/meson: reorder driver deinit sequence to fix use-after-free bug (bsc#1012628). - ASoC: amd: yc: Add Lenovo Yoga Slim 7 Pro X to quirks table (bsc#1012628). - ASoC: amd: yc: Add ASUS UM5302TA into DMI table (bsc#1012628). - drm/amdgpu: fix initial connector audio value (bsc#1012628). - drm/amd/display: correct hostvm flag (bsc#1012628). - drm/amd/display: Fix urgent latency override for DCN32/DCN321 (bsc#1012628). - drm/amdgpu: SDMA update use unlocked iterator (bsc#1012628). - ASoC: SOF: add quirk to override topology mclk_id (bsc#1012628). - ASoC: sunxi: sun4i-codec: set debugfs_prefix for CPU DAI component (bsc#1012628). - ASoC: SOF: pci: Change DMI match info to support all Chrome platforms (bsc#1012628). - ALSA: intel-dspconfig: add ES8336 support for AlderLake-PS (bsc#1012628). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (bsc#1012628). - platform/x86: hp-wmi: Setting thermal profile fails with 0x06 (bsc#1012628). - platform/chrome: cros_ec: Notify the PM of wake events during resume (bsc#1012628). - drm: panel-orientation-quirks: Add quirk for Aya Neo Air (bsc#1012628). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (bsc#1012628). - drm/vc4: vec: Fix timings for VEC modes (bsc#1012628). - ALSA: usb-audio: Register card at the last interface (bsc#1012628). - drm/admgpu: Skip CG/PG on SOC21 under SRIOV VF (bsc#1012628). - drm/amdgpu: Skip the program of MMMC_VM_AGP_* in SRIOV on MMHUB v3_0_0 (bsc#1012628). - drm/amd/display: Fix variable dereferenced before check (bsc#1012628). - drm: bridge: dw_hdmi: only trigger hotplug event on link change (bsc#1012628). - drm/amd: fix potential memory leak (bsc#1012628). - platform/x86: pmc_atom: Improve quirk message to be less cryptic (bsc#1012628). - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (bsc#1012628). - ALSA: usb-audio: Add quirk to enable Avid Mbox 3 support (bsc#1012628). - ALSA: hda: Fix page fault in snd_hda_codec_shutdown() (bsc#1012628). - drm/amd/display: fix overflow on MIN_I64 definition (bsc#1012628). - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (bsc#1012628). - drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook (bsc#1012628). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (bsc#1012628). - drm: Use size_t type for len variable in drm_copy_field() (bsc#1012628). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (bsc#1012628). - r8152: Rate limit overflow messages (bsc#1012628). - i2c: designware-pci: Group AMD NAVI quirk parts together (bsc#1012628). - libbpf: Fix overrun in netlink attribute iteration (bsc#1012628). - net: sched: cls_u32: Avoid memcpy() false-positive warning (bsc#1012628). - Bluetooth: L2CAP: Fix user-after-free (bsc#1012628). - bpf: use bpf_prog_pack for bpf_dispatcher (bsc#1012628). - bpf: Adjust kprobe_multi entry_ip for CONFIG_X86_KERNEL_IBT (bsc#1012628). - net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory (bsc#1012628). - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (bsc#1012628). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (bsc#1012628). - wifi: rt2x00: set SoC wmac clock register (bsc#1012628). - wifi: rt2x00: set VGC gain for both chains of MT7620 (bsc#1012628). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (bsc#1012628). - wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620 (bsc#1012628). - can: bcm: check the result of can_send() in bcm_can_tx() (bsc#1012628). - selftests/bpf: Free the allocated resources after test case succeeds (bsc#1012628). - bnxt_en: replace reset with config timestamps (bsc#1012628). - Bluetooth: hci_event: Make sure ISO events don't affect non-ISO connections (bsc#1012628). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (bsc#1012628). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (bsc#1012628). - wifi: rtw89: fix rx filter after scan (bsc#1012628). - wifi: rtw89: free unused skb to prevent memory leak (bsc#1012628). - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (bsc#1012628). - wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register() (bsc#1012628). - regulator: core: Prevent integer underflow (bsc#1012628). - Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (bsc#1012628). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (bsc#1012628). - iavf: Fix race between iavf_close and iavf_reset_task (bsc#1012628). - net: ftmac100: fix endianness-related issues from 'sparse' (bsc#1012628). - rtw89: ser: leave lps with mutex (bsc#1012628). - wifi: ath11k: Register shutdown handler for WCN6750 (bsc#1012628). - xfrm: Update ipcomp_scratches with NULL when freed (bsc#1012628). - net-next: Fix IP_UNICAST_IF option behavior for connected sockets (bsc#1012628). - net: axienet: Switch to 64-bit RX/TX statistics (bsc#1012628). - x86/apic: Don't disable x2APIC if locked (bsc#1012628). - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (bsc#1012628). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (bsc#1012628). - x86/mce: Retrieve poison range from hardware (bsc#1012628). - wifi: mac80211: accept STA changes without link changes (bsc#1012628). - micrel: ksz8851: fixes struct pointer issue (bsc#1012628). - tcp: annotate data-race around tcp_md5sig_pool_populated (bsc#1012628). - openvswitch: Fix overreporting of drops in dropwatch (bsc#1012628). - openvswitch: Fix double reporting of drops in dropwatch (bsc#1012628). - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (bsc#1012628). - bpftool: Clear errno after libcap's checks (bsc#1012628). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (bsc#1012628). - libbpf: Do not require executable permission for shared libraries (bsc#1012628). - libbpf: Ensure functions with always_inline attribute are inline (bsc#1012628). - NFSD: fix use-after-free on source server when doing inter-server copy (bsc#1012628). - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (bsc#1012628). - x86/entry: Work around Clang __bdos() bug (bsc#1012628). - ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (bsc#1012628). - ARM: decompressor: Include .data.rel.ro.local (bsc#1012628). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (bsc#1012628). - powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue (bsc#1012628). - MIPS: BCM47XX: Cast memcmp() of function to (void *) (bsc#1012628). - cpufreq: intel_pstate: Add Tigerlake support in no-HWP mode (bsc#1012628). - ACPI: tables: FPDT: Don't call acpi_os_map_memory() on invalid phys address (bsc#1012628). - fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL (bsc#1012628). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (bsc#1012628). - cpufreq: amd_pstate: fix wrong lowest perf fetch (bsc#1012628). - rcu-tasks: Ensure RCU Tasks Trace loops have quiescent states (bsc#1012628). - rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE() (bsc#1012628). - rcu: Back off upon fill_page_cache_func() allocation failure (bsc#1012628). - rcu: Avoid triggering strict-GP irq-work when RCU is idle (bsc#1012628). - fs: dlm: fix race in lowcomms (bsc#1012628). - module: tracking: Keep a record of tainted unloaded modules only (bsc#1012628). - ARM/dma-mapping: don't override ->dma_coherent when set from a bus notifier (bsc#1012628). - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (bsc#1012628). - tools/power turbostat: Use standard Energy Unit for SPR Dram RAPL domain (bsc#1012628). - f2fs: fix to account FS_CP_DATA_IO correctly (bsc#1012628). - f2fs: fix race condition on setting FI_NO_EXTENT flag (bsc#1012628). - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (bsc#1012628). - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (bsc#1012628). - random: schedule jitter credit for next jiffy, not in two jiffies (bsc#1012628). - crypto: cavium - prevent integer overflow loading firmware (bsc#1012628). - crypto: marvell/octeontx - prevent integer overflows (bsc#1012628). - kbuild: rpm-pkg: fix breakage when V=1 is used (bsc#1012628). - linux/export: use inline assembler to populate symbol CRCs (bsc#1012628). - kbuild: remove the target in signal traps when interrupted (bsc#1012628). - ftrace: Fix recursive locking direct_mutex in ftrace_modify_direct_caller (bsc#1012628). - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (bsc#1012628). - tracing: kprobe: Make gen test module work in arm and riscv (bsc#1012628). - tracing: kprobe: Fix kprobe event gen test module on exit (bsc#1012628). - iommu/iova: Fix module config properly (bsc#1012628). - cifs: return correct error in ->calc_signature() (bsc#1012628). - clocksource/drivers/timer-gxp: Add missing error handling in gxp_timer_probe (bsc#1012628). - clocksource/drivers/arm_arch_timer: Fix handling of ARM erratum 858921 (bsc#1012628). - crypto: qat - fix DMA transfer direction (bsc#1012628). - crypto: inside-secure - Change swab to swab32 (bsc#1012628). - crypto: ccp - Release dma channels before dmaengine unrgister (bsc#1012628). - crypto: akcipher - default implementation for setting a private key (bsc#1012628). - iommu/omap: Fix buffer overflow in debugfs (bsc#1012628). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1012628). - crypto: hisilicon/qm - fix missing put dfx access (bsc#1012628). - crypto: qat - fix default value of WDT timer (bsc#1012628). - hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear() (bsc#1012628). - hwrng: imx-rngc - use devm_clk_get_enabled (bsc#1012628). - cgroup: Honor caller's cgroup NS when resolving path (bsc#1012628). - crypto: ccp - Fail the PSP initialization when writing psp data file failed (bsc#1012628). - hwrng: arm-smccc-trng - fix NO_ENTROPY handling (bsc#1012628). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (bsc#1012628). - crypto: sahara - don't sleep when in softirq (bsc#1012628). - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (bsc#1012628). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (bsc#1012628). - powerpc: Fix SPE Power ISA properties for e500v1 platforms (bsc#1012628). - powerpc/64/interrupt: Fix return to masked context after hard-mask irq becomes pending (bsc#1012628). - powerpc/64: mark irqs hard disabled in boot paca (bsc#1012628). - powerpc/64/interrupt: Fix false warning in context tracking due to idle state (bsc#1012628). - powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5 (bsc#1012628). - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (bsc#1012628). - powerpc: Fix fallocate and fadvise64_64 compat parameter combination (bsc#1012628). - powerpc: dts: turris1x.dts: Fix labels in DSA cpu port nodes (bsc#1012628). - powerpc: dts: turris1x.dts: Fix NOR partitions labels (bsc#1012628). - cpuidle: riscv-sbi: Fix CPU_PM_CPU_IDLE_ENTER_xyz() macro usage (bsc#1012628). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1012628). - powerpc/pci_dn: Add missing of_node_put() (bsc#1012628). - powerpc/sysdev/fsl_msi: Add missing of_node_put() (bsc#1012628). - powerpc/math_emu/efp: Include module.h (bsc#1012628). - powerpc/configs: Properly enable PAPR_SCM in pseries_defconfig (bsc#1012628). - ipc: mqueue: fix possible memory leak in init_mqueue_fs() (bsc#1012628). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (bsc#1012628). - mailbox: mpfs: account for mbox offsets while sending (bsc#1012628). - mailbox: mpfs: fix handling of the reg property (bsc#1012628). - mailbox: imx: fix RST channel support (bsc#1012628). - clk: ast2600: BCLK comes from EPLL (bsc#1012628). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (bsc#1012628). - clk: ti: Balance of_node_get() calls for of_find_node_by_name() (bsc#1012628). - clk: imx: scu: fix memleak on platform_device_add() fails (bsc#1012628). - clk: imx8mp: tune the order of enet_qos_root_clk (bsc#1012628). - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (bsc#1012628). - clk: bcm2835: Make peripheral PLLC critical (bsc#1012628). - clk: baikal-t1: Add SATA internal ref clock buffer (bsc#1012628). - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (bsc#1012628). - clk: baikal-t1: Fix invalid xGMAC PTP clock divider (bsc#1012628). - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (bsc#1012628). - spmi: pmic-arb: correct duplicate APID to PPID mapping logic (bsc#1012628). - usb: mtu3: fix failed runtime suspend in host only mode (bsc#1012628). - HID: amd_sfh: Handle condition of "no sensors" for SFH1.1 (bsc#1012628). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (bsc#1012628). - io_uring/rw: defer fsnotify calls to task context (bsc#1012628). - clk: mediatek: Migrate remaining clk_unregister_*() to clk_hw_unregister_*() (bsc#1012628). - clk: mediatek: fix unregister function in mtk_clk_register_dividers cleanup (bsc#1012628). - clk: mediatek: clk-mt8195-mfg: Reparent mfg_bg3d and propagate rate changes (bsc#1012628). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (bsc#1012628). - mfd: da9061: Fix Failed to set Two-Wire Bus Mode (bsc#1012628). - mfd: sm501: Add check for platform_driver_register() (bsc#1012628). - mfd: fsl-imx25: Fix check for platform_get_irq() errors (bsc#1012628). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (bsc#1012628). - mfd: lp8788: Fix an error handling path in lp8788_probe() (bsc#1012628). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (bsc#1012628). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (bsc#1012628). - fsi: core: Check error number after calling ida_simple_get (bsc#1012628). - RDMA/rxe: Fix resize_finish() in rxe_queue.c (bsc#1012628). - RDMA/rxe: Set pd early in mr alloc routines (bsc#1012628). - nvmet-auth: don't try to cancel a non-initialized work_struct (bsc#1012628). - clk: qcom: gcc-sm6115: Override default Alpha PLL regs (bsc#1012628). - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (bsc#1012628). - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (bsc#1012628). - scsi: pm8001: Fix running_req for internal abort commands (bsc#1012628). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (bsc#1012628). - serial: 8250: Fix restoring termios speed after suspend (bsc#1012628). - firmware: google: Test spinlock on panic path to avoid lockups (bsc#1012628). - slimbus: qcom-ngd: Add error handling in of_qcom_slim_ngd_register (bsc#1012628). - staging: vt6655: fix some erroneous memory clean-up loops (bsc#1012628). - phy: qualcomm: call clk_disable_unprepare in the error handling (bsc#1012628). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (bsc#1012628). - serial: 8250: Toggle IER bits on only after irq has been set up (bsc#1012628). - drivers: serial: jsm: fix some leaks in probe (bsc#1012628). - usb: dwc3: core: fix some leaks in probe (bsc#1012628). - usb: typec: anx7411: Use of_get_child_by_name() instead of of_find_node_by_name() (bsc#1012628). - usb: gadget: function: fix dangling pnp_string in f_printer.c (bsc#1012628). - xhci: Don't show warning for reinit on known broken suspend (bsc#1012628). - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (bsc#1012628). - RDMA/cm: Use SLID in the work completion as the DLID in responder side (bsc#1012628). - md: Remove extra mddev_get() in md_seq_start() (bsc#1012628). - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (bsc#1012628). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (bsc#1012628). - md: Replace snprintf with scnprintf (bsc#1012628). - io_uring/fdinfo: fix sqe dumping for IORING_SETUP_SQE128 (bsc#1012628). - eventfd: guard wake_up in eventfd fs calls as well (bsc#1012628). - block: Fix the enum blk_eh_timer_return documentation (bsc#1012628). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (bsc#1012628). - ata: fix ata_id_has_dipm() (bsc#1012628). - ata: fix ata_id_has_ncq_autosense() (bsc#1012628). - ata: fix ata_id_has_devslp() (bsc#1012628). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (bsc#1012628). - RDMA/siw: Fix QP destroy to wait for all references dropped (bsc#1012628). - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall (bsc#1012628). - RDMA/srp: Fix srp_abort() (bsc#1012628). - RDMA/irdma: Validate udata inlen and outlen (bsc#1012628). - RDMA/irdma: Align AE id codes to correct flush code and event (bsc#1012628). - mtd: rawnand: fsl_elbc: Fix none ECC mode (bsc#1012628). - mtd: rawnand: intel: Remove undocumented compatible string (bsc#1012628). - mtd: rawnand: intel: Read the chip-select line from the correct OF node (bsc#1012628). - phy: phy-mtk-tphy: fix the phy type setting issue (bsc#1012628). - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (bsc#1012628). - phy: qcom-qmp-usb: disable runtime PM on unbind (bsc#1012628). - remoteproc: Harden rproc_handle_vdev() against integer overflow (bsc#1012628). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (bsc#1012628). - scsi: lpfc: Fix various issues reported by tools (bsc#1012628). - clk: qcom: sm6115: Select QCOM_GDSC (bsc#1012628). - dyndbg: drop EXPORTed dynamic_debug_exec_queries (bsc#1012628). - dyndbg: let query-modname override actual module name (bsc#1012628). - dyndbg: fix module.dyndbg handling (bsc#1012628). - dyndbg: fix static_branch manipulation (bsc#1012628). - usb: gadget: f_fs: stricter integer overflow checks (bsc#1012628). - iio: Use per-device lockdep class for mlock (bsc#1012628). - dmaengine: hisilicon: Add multi-thread support for a DMA channel (bsc#1012628). - dmaengine: hisilicon: Fix CQ head update (bsc#1012628). - dmaengine: hisilicon: Disable channels when unregister hisi_dma (bsc#1012628). - dmaengine: idxd: avoid deadlock in process_misc_interrupts() (bsc#1012628). - phy: rockchip-inno-usb2: Return zero after otg sync (bsc#1012628). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (bsc#1012628). - fpga: dfl-pci: Add IDs for Intel N6000, N6001 and C6100 cards (bsc#1012628). - misc: ocxl: fix possible refcount leak in afu_ioctl() (bsc#1012628). - clk: mediatek: mt8195-infra_ao: Set pwrmcu clocks as critical (bsc#1012628). - clk: mediatek: clk-mt8195-vdo1: Reparent and set rate on vdo1_dpintf's parent (bsc#1012628). - clk: mediatek: clk-mt8195-vdo0: Set rate on vdo0_dp_intf0_dp_intf's parent (bsc#1012628). - RDMA/rxe: Fix the error caused by qp->sk (bsc#1012628). - RDMA/rxe: Fix "kernel NULL pointer dereference" error (bsc#1012628). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (bsc#1012628). - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (bsc#1012628). - media: uvcvideo: Fix memory leak in uvc_gpio_parse (bsc#1012628). - media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (bsc#1012628). - media: amphion: fix a bug that vpu core may not resume after suspend (bsc#1012628). - media: amphion: don't change the colorspace reported by decoder (bsc#1012628). - media: amphion: adjust the encoder's value range of gop size (bsc#1012628). - media: amphion: insert picture startcode after seek for vc1g format (bsc#1012628). - media: mediatek: vcodec: Skip non CBR bitrate mode (bsc#1012628). - tty: xilinx_uartps: Fix the ignore_status (bsc#1012628). - tty: xilinx_uartps: Check clk_enable return value (bsc#1012628). - media: airspy: fix memory leak in airspy probe (bsc#1012628). - media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop (bsc#1012628). - clk: qcom: gcc-sdm660: Use floor ops for SDCC1 clock (bsc#1012628). - HSI: omap_ssi_port: Fix dma_map_sg error check (bsc#1012628). - HSI: omap_ssi: Fix refcount leak in ssi_probe (bsc#1012628). - HID: uclogic: Fix warning in uclogic_rdesc_template_apply (bsc#1012628). - HID: uclogic: Add missing suffix for digitalizers (bsc#1012628). - clk: samsung: exynosautov9: correct register offsets of peric0/c1 (bsc#1012628). - clk: tegra20: Fix refcount leak in tegra20_clock_init (bsc#1012628). - clk: tegra: Fix refcount leak in tegra114_clock_init (bsc#1012628). - clk: tegra: Fix refcount leak in tegra210_clock_init (bsc#1012628). - coresight: docs: Fix a broken reference (bsc#1012628). - clk: sprd: Hold reference returned by of_get_parent() (bsc#1012628). - clk: berlin: Add of_node_put() for of_get_parent() (bsc#1012628). - clk: qoriq: Hold reference returned by of_get_parent() (bsc#1012628). - clk: oxnas: Hold reference returned by of_get_parent() (bsc#1012628). - clk: st: Hold reference returned by of_get_parent() (bsc#1012628). - clk: meson: Hold reference returned by of_get_parent() (bsc#1012628). - usb: common: debug: Check non-standard control requests (bsc#1012628). - usb: common: usb-conn-gpio: Simplify some error message (bsc#1012628). - RDMA/mlx5: Don't compare mkey tags in DEVX indirect mkey (bsc#1012628). - iio: magnetometer: yas530: Change data type of hard_offsets to signed (bsc#1012628). - iio: ABI: Fix wrong format of differential capacitance channel ABI (bsc#1012628). - iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (bsc#1012628). - iio: inkern: only release the device node when done with it (bsc#1012628). - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (bsc#1012628). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (bsc#1012628). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (bsc#1012628). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (bsc#1012628). - selftests/cpu-hotplug: Reserve one cpu online at least (bsc#1012628). - selftests/cpu-hotplug: Delete fault injection related code (bsc#1012628). - selftests/cpu-hotplug: Use return instead of exit (bsc#1012628). - iomap: iomap: fix memory corruption when recording errors during writeback (bsc#1012628). - ARM: dts: exynos: fix polarity of VBUS GPIO of Origen (bsc#1012628). - arm64: dts: exynos: fix polarity of "enable" line of NFC chip in TM2 (bsc#1012628). - arm64: ftrace: fix module PLTs with mcount (bsc#1012628). - ext4: don't run ext4lazyinit for read-only filesystems (bsc#1012628). - ext4: continue to expand file system when the target size doesn't reach (bsc#1012628). - ARM: Drop CMDLINE_* dependency on ATAGS (bsc#1012628). - ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family (bsc#1012628). - arm64: dts: ti: k3-j7200: fix main pinmux range (bsc#1012628). - arm64: dts: qcom: sm8450: fix UFS PHY serdes size (bsc#1012628). - arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (bsc#1012628). - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (bsc#1012628). - soc/tegra: fuse: Add missing of_node_put() in tegra_init_fuse() (bsc#1012628). - arm64: dts: qcom: sm8350-sagami: correct TS pin property (bsc#1012628). - ia64: export memory_add_physaddr_to_nid to fix cxl build error (bsc#1012628). - arm64: dts: marvell: 98dx25xx: use correct property for i2c gpios (bsc#1012628). - ARM: dts: kirkwood: lsxl: remove first ethernet port (bsc#1012628). - ARM: dts: kirkwood: lsxl: fix serial line (bsc#1012628). - ARM: dts: turris-omnia: Fix mpp26 pin name and comment (bsc#1012628). - arm64: dts: qcom: sc7180-trogdor: Keep pm6150_adc enabled for TZ (bsc#1012628). - arm64: dts: qcom: pm8350c: Drop PWM reg declaration (bsc#1012628). - arm64: dts: qcom: sa8295p-adp: disallow regulator mode switches (bsc#1012628). - arm64: dts: qcom: sc8280xp-lenovo-thinkpad-x13s: disallow regulator mode switches (bsc#1012628). - arm64: dts: qcom: sc8280xp-crd: disallow regulator mode switches (bsc#1012628). - arm64: dts: qcom: sc7280: Update lpasscore node (bsc#1012628). - arm64: dts: qcom: sc7280: Cleanup the lpasscc node (bsc#1012628). - arm64: dts: qcom: sdm845-xiaomi-polaris: Fix sde_dsi_active pinctrl (bsc#1012628). - dt-bindings: clock: exynosautov9: correct clock numbering of peric0/c1 (bsc#1012628). - arm64: dts: renesas: r9a07g043: Fix SCI{Rx,Tx} interrupt types (bsc#1012628). - arm64: dts: renesas: r9a07g054: Fix SCI{Rx,Tx} interrupt types (bsc#1012628). - arm64: dts: renesas: r9a07g044: Fix SCI{Rx,Tx} interrupt types (bsc#1012628). - ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (bsc#1012628). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (bsc#1012628). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (bsc#1012628). - locks: fix TOCTOU race when granting write lease (bsc#1012628). - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (bsc#1012628). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (bsc#1012628). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (bsc#1012628). - ALSA: hda/hdmi: Don't skip notification handling during PM operation (bsc#1012628). - ASoC: rockchip: i2s: use regmap_read_poll_timeout_atomic to poll I2S_CLR (bsc#1012628). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (bsc#1012628). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (bsc#1012628). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (bsc#1012628). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (bsc#1012628). - ASoC: wcd-mbhc-v2: Revert "ASoC: wcd-mbhc-v2: use pm_runtime_resume_and_get()" (bsc#1012628). - ASoC: stm: Fix PM disable depth imbalance in stm32_i2s_probe (bsc#1012628). - ASoC: stm32: spdifrx: Fix PM disable depth imbalance in stm32_spdifrx_probe (bsc#1012628). - ASoC: stm32: dfsdm: Fix PM disable depth imbalance in stm32_adfsdm_probe (bsc#1012628). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (bsc#1012628). - ALSA: dmaengine: increment buffer pointer atomically (bsc#1012628). - ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() (bsc#1012628). - ASoC: codecs: tx-macro: fix kcontrol put (bsc#1012628). - virtio-gpu: fix shift wrapping bug in virtio_gpu_fence_event_create() (bsc#1012628). - drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() (bsc#1012628). - ASoC: SOF: ipc4-topology: Free the ida when IPC fails in sof_ipc4_widget_setup() (bsc#1012628). - ALSA: usb-audio: Properly refcounting clock rate (bsc#1012628). - ALSA: hda/hdmi: Fix the converter allocation for the silent stream (bsc#1012628). - ALSA: hda/hdmi: change type for the 'assigned' variable (bsc#1012628). - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (bsc#1012628). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (bsc#1012628). - drm/msm: lookup the ICC paths in both mdp5/dpu and mdss devices (bsc#1012628). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (bsc#1012628). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (bsc#1012628). - ASoC: rockchip: i2s: use regmap_read_poll_timeout to poll I2S_CLR (bsc#1012628). - drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue() (bsc#1012628). - drm/omap: dss: Fix refcount leak bugs (bsc#1012628). - ASoC: SOF: mediatek: mt8195: Import namespace SND_SOC_SOF_MTK_COMMON (bsc#1012628). - ASoC: mediatek: mt8195-mt6359: Properly register sound card for SOF (bsc#1012628). - drm/bochs: fix blanking (bsc#1012628). - drm/virtio: set fb_modifiers_not_supported (bsc#1012628). - ALSA: hda: beep: Simplify keep-power-at-enable behavior (bsc#1012628). - ASoC: wm_adsp: Handle optional legacy support (bsc#1012628). - ASoC: rsnd: Add check for rsnd_mod_power_on (bsc#1012628). - drm/bridge: it6505: Fix the order of DP_SET_POWER commands (bsc#1012628). - drm/bridge: megachips: Fix a null pointer dereference bug (bsc#1012628). - drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() (bsc#1012628). - platform/chrome: cros_ec_typec: Correct alt mode index (bsc#1012628). - platform/chrome: cros_ec_typec: Add bit offset for DP VDO (bsc#1012628). - drm: fix drm_mipi_dbi build errors (bsc#1012628). - drm/panel: use 'select' for Ili9341 panel driver helpers (bsc#1012628). - platform/x86: msi-laptop: Fix resource cleanup (bsc#1012628). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (bsc#1012628). - ASoC: tas2764: Fix mute/unmute (bsc#1012628). - ASoC: tas2764: Drop conflicting set_bias_level power setting (bsc#1012628). - ASoC: tas2764: Allow mono streams (bsc#1012628). - ASoC: soc-pcm.c: call __soc_pcm_close() in soc_pcm_close() (bsc#1012628). - drm/virtio: Fix same-context optimization (bsc#1012628). - drm/i915/dg2: Bump up CDCLK for DG2 (bsc#1012628). - platform/chrome: fix memory corruption in ioctl (bsc#1012628). - platform/chrome: fix double-free in chromeos_laptop_prepare() (bsc#1012628). - drm/msm: Make .remove and .shutdown HW shutdown consistent (bsc#1012628). - ASoC: amd: acp: add missing platform_device_unregister() in acp_pci_probe() (bsc#1012628). - ASoC: mt6359: fix tests for platform_get_irq() failure (bsc#1012628). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (bsc#1012628). - drm/dp_mst: fix drm_dp_dpcd_read return value checks (bsc#1012628). - drm/format-helper: Fix test on big endian architectures (bsc#1012628). - drm/bridge: parade-ps8640: Fix regulator supply order (bsc#1012628). - drm/bridge: tc358767: Add of_node_put() when breaking out of loop (bsc#1012628). - drm/bridge: anx7625: Fix refcount bug in anx7625_parse_dt() (bsc#1012628). - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (bsc#1012628). - video/aperture: Disable and unregister sysfb devices via aperture helpers (bsc#1012628). - drm/bridge: it6505: Power on downstream device in .atomic_enable (bsc#1012628). - drm/vc4: drv: Call component_unbind_all() (bsc#1012628). - drm/mipi-dsi: Detach devices when removing the host (bsc#1012628). - drm/bridge: Avoid uninitialized variable warning (bsc#1012628). - drm: bridge: adv7511: unregister cec i2c device after cec adapter (bsc#1012628). - drm: bridge: adv7511: fix CEC power down control register offset (bsc#1012628). - net: mvpp2: fix mvpp2 debugfs leak (bsc#1012628). - once: add DO_ONCE_SLOW() for sleepable contexts (bsc#1012628). - net/ieee802154: reject zero-sized raw_sendmsg() (bsc#1012628). - net: wwan: iosm: Call mutex_init before locking it (bsc#1012628). - eth: sp7021: fix use after free bug in spl2sw_nvmem_get_mac_address (bsc#1012628). - bnx2x: fix potential memory leak in bnx2x_tpa_stop() (bsc#1012628). - eth: lan743x: reject extts for non-pci11x1x devices (bsc#1012628). - net: prestera: acl: Add check for kmemdup (bsc#1012628). - af_unix: Fix memory leaks of the whole sk due to OOB skb (bsc#1012628). - net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks() (bsc#1012628). - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller (bsc#1012628). - Bluetooth: hci_sync: Fix not indicating power state (bsc#1012628). - spi: Ensure that sg_table won't be used after being freed (bsc#1012628). - tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited (bsc#1012628). - sctp: handle the error returned from sctp_auth_asoc_init_active_key (bsc#1012628). - mISDN: fix use-after-free bugs in l1oip timer handlers (bsc#1012628). - eth: alx: take rtnl_lock on resume (bsc#1012628). - vhost/vsock: Use kvmalloc/kvfree for larger packets (bsc#1012628). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (bsc#1012628). - wifi: rtl8xxxu: gen2: Enable 40 MHz channel width (bsc#1012628). - Bluetooth: Prevent double register of suspend (bsc#1012628). - spi: s3c64xx: Fix large transfers with DMA (bsc#1012628). - netfilter: nft_fib: Fix for rpath check with VRF devices (bsc#1012628). - xfrm: Reinject transport-mode packets through workqueue (bsc#1012628). - Bluetooth: hci_core: Fix not handling link timeouts propertly (bsc#1012628). - i2c: mlxbf: support lock mechanism (bsc#1012628). - libbpf: Don't require full struct enum64 in UAPI headers (bsc#1012628). - cw1200: fix incorrect check to determine if no element is found in list (bsc#1012628). - skmsg: Schedule psock work if the cached skb exists on the psock (bsc#1012628). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (bsc#1012628). - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (bsc#1012628). - spi: cadence-quadspi: Fix PM disable depth imbalance in cqspi_probe (bsc#1012628). - x86/cpu: Include the header of init_ia32_feat_ctl()'s prototype (bsc#1012628). - wifi: ath11k: fix peer addition/deletion error on sta band migration (bsc#1012628). - libbpf: restore memory layout of bpf_object_open_opts (bsc#1012628). - x86/microcode/AMD: Track patch allocation size explicitly (bsc#1012628). - mips: dts: ralink: mt7621: fix external phy on GB-PC2 (bsc#1012628). - wifi: ath11k: fix number of VHT beamformee spatial streams (bsc#1012628). - wifi: ath11k: fix failed to find the peer with peer_id 0 when disconnected (bsc#1012628). - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (bsc#1012628). - flow_dissector: Do not count vlan tags inside tunnel payload (bsc#1012628). - selftests/bpf: Adapt cgroup effective query uapi change (bsc#1012628). - bpftool: Fix wrong cgroup attach flags being assigned to effective progs (bsc#1012628). - bpf, cgroup: Reject prog_attach_flags array when effective query (bsc#1012628). - netfilter: conntrack: revisit the gc initial rescheduling bias (bsc#1012628). - netfilter: conntrack: fix the gc rescheduling delay (bsc#1012628). - libbpf: Fix NULL pointer exception in API btf_dump__dump_type_data (bsc#1012628). - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure (bsc#1012628). - wifi: ath11k: Include STA_KEEPALIVE_ARP_RESPONSE TLV header by default (bsc#1012628). - libbpf: Fix crash if SEC("freplace") programs don't have attach_prog_fd set (bsc#1012628). - bpf: Ensure correct locking around vulnerable function find_vpid() (bsc#1012628). - net: fs_enet: Fix wrong check in do_pd_setup (bsc#1012628). - Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release (bsc#1012628). - wifi: mt76: mt7921e: fix rmmod crash in driver reload test (bsc#1012628). - wifi: mt76: mt7915: do not check state before configuring implicit beamform (bsc#1012628). - wifi: mt76: fix uninitialized pointer in mt7921_mac_fill_rx (bsc#1012628). - wifi: mt76: mt7915: fix mcs value in ht mode (bsc#1012628). - wifi: mt76: mt7921: fix the firmware version report (bsc#1012628). - wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload (bsc#1012628). - wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_[start, stop]_ap (bsc#1012628). - wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nested_tlv (bsc#1012628). - wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup (bsc#1012628). - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload (bsc#1012628). - wifi: mt76: sdio: fix transmitting packet hangs (bsc#1012628). - wifi: mt76: mt7921: fix use after free in mt7921_acpi_read() (bsc#1012628). - wifi: mt76: mt7915: fix an uninitialized variable bug (bsc#1012628). - wifi: mt76: sdio: poll sta stat when device transmits data (bsc#1012628). - wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (bsc#1012628). - wifi: mt76: mt7921u: fix race issue between reset and suspend/resume (bsc#1012628). - wifi: mt76: mt7921s: fix race issue between reset and suspend/resume (bsc#1012628). - wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (bsc#1012628). - Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev() (bsc#1012628). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (bsc#1012628). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (bsc#1012628). - bpf: btf: fix truncated last_member_type_id in btf_struct_resolve (bsc#1012628). - spi: meson-spicc: do not rely on busy flag in pow2 clk ops (bsc#1012628). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (bsc#1012628). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (bsc#1012628). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (bsc#1012628). - wifi: mac80211: mlme: assign link address correctly (bsc#1012628). - selftests/xsk: Avoid use-after-free on ctx (bsc#1012628). - wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() (bsc#1012628). - wifi: wfx: prevent underflow in wfx_send_pds() (bsc#1012628). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (bsc#1012628). - wifi: rtw89: pci: correct TX resource checking in low power mode (bsc#1012628). - wifi: rtw89: pci: fix interrupt stuck after leaving low power mode (bsc#1012628). - bpf: Only add BTF IDs for socket security hooks when CONFIG_SECURITY_NETWORK is on (bsc#1012628). - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend (bsc#1012628). - bpf: Use this_cpu_{inc_return|dec} for prog->active (bsc#1012628). - bpf: Use this_cpu_{inc|dec|inc_return} for bpf_task_storage_busy (bsc#1012628). - wifi: ath11k: Fix incorrect QMI message ID mappings (bsc#1012628). - bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1012628). - bpf: Disable preemption when increasing per-cpu map_locked (bsc#1012628). - selftests/xsk: Add missing close() on netns fd (bsc#1012628). - xsk: Fix backpressure mechanism on Tx (bsc#1012628). - x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (bsc#1012628). - spi: mt7621: Fix an error message in mt7621_spi_probe() (bsc#1012628). - esp: choose the correct inner protocol for GSO on inter address family tunnels (bsc#1012628). - audit: free audit_proctitle only on task exit (bsc#1012628). - audit: explicitly check audit_context->context enum value (bsc#1012628). - ice: set tx_tstamps when creating new Tx rings via ethtool (bsc#1012628). - bpftool: Fix a wrong type cast in btf_dumper_int (bsc#1012628). - wifi: mac80211: allow bw change during channel switch in mesh (bsc#1012628). - wifi: mac80211_hwsim: fix link change handling (bsc#1012628). - wifi: mac80211: mlme: don't add empty EML capabilities (bsc#1012628). - wifi: mac80211: fix use-after-free (bsc#1012628). - wifi: cfg80211: get correct AP link chandef (bsc#1012628). - wifi: mac80211: properly set old_links when removing a link (bsc#1012628). - bpf: Fix reference state management for synchronous callbacks (bsc#1012628). - net: prestera: cache port state for non-phylink ports too (bsc#1012628). - tsnep: Fix TSNEP_INFO_TX_TIME register define (bsc#1012628). - leds: lm3601x: Don't use mutex after it was destroyed (bsc#1012628). - bpf: Fix ref_obj_id for dynptr data slices in verifier (bsc#1012628). - bpf: Cleanup check_refcount_ok (bsc#1012628). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (bsc#1012628). - wifi: ath10k: Set tx credit to one for WCN3990 snoc based devices (bsc#1012628). - wifi: rtlwifi: 8192de: correct checking of IQK reload (bsc#1012628). - libbpf: Initialize err in probe_map_create (bsc#1012628). - m68k: Process bootinfo records before saving them (bsc#1012628). - x86/paravirt: add extra clobbers with ZERO_CALL_USED_REGS enabled (bsc#1012628). - NFSD: Fix handling of oversized NFSv4 COMPOUND requests (bsc#1012628). - NFSD: Protect against send buffer overflow in NFSv2 READDIR (bsc#1012628). - SUNRPC: Fix svcxdr_init_encode's buflen calculation (bsc#1012628). - SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation (bsc#1012628). - nfsd: Fix a memory leak in an error handling path (bsc#1012628). - objtool: Preserve special st_shndx indexes in elf_update_symbol (bsc#1012628). - ACPI: PCC: Fix Tx acknowledge in the PCC address space handler (bsc#1012628). - ACPI: PCC: replace wait_for_completion() (bsc#1012628). - ACPI: PCC: Release resources on address space setup failure path (bsc#1012628). - ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (bsc#1012628). - ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd() (bsc#1012628). - ARM: 9243/1: riscpc: Unbreak the build (bsc#1012628). - erofs: use kill_anon_super() to kill super in fscache mode (bsc#1012628). - erofs: fix order >= MAX_ORDER warning due to crafted negative i_size (bsc#1012628). - MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create() (bsc#1012628). - MIPS: SGI-IP30: Fix platform-device leak in bridge_platform_create() (bsc#1012628). - sh: machvec: Use char[] for section boundaries (bsc#1012628). - cpufreq: amd-pstate: Fix initial highest_perf value (bsc#1012628). - thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() (bsc#1012628). - acl: return EOPNOTSUPP in posix_acl_fix_xattr_common() (bsc#1012628). - ntfs3: rework xattr handlers and switch to POSIX ACL VFS helpers (bsc#1012628). - userfaultfd: open userfaultfds with O_RDONLY (bsc#1012628). - ima: fix blocking of security.ima xattrs of unsupported algorithms (bsc#1012628). - selinux: use "grep -E" instead of "egrep" (bsc#1012628). - smb3: must initialize two ACL struct fields to zero (bsc#1012628). - drm/amdgpu: Enable F32_WPTR_POLL_ENABLE in mqd (bsc#1012628). - drm/amdgpu: Enable VCN PG on GC11_0_1 (bsc#1012628). - drm/amd/display: explicitly disable psr_feature_enable appropriately (bsc#1012628). - drm/amd/display: Add HUBP surface flip interrupt handler (bsc#1012628). - drm/amd/display: Fix vblank refcount in vrr transition (bsc#1012628). - drm/amd/display: Enable 2 to 1 ODM policy if supported (bsc#1012628). - drm/amd/display: Enable dpia support for dcn314 (bsc#1012628). - drm/amd/display: Validate DSC After Enable All New CRTCs (bsc#1012628). - drm/amd/display: zeromem mypipe heap struct before using it (bsc#1012628). - drm/amd/display: Update PMFW z-state interface for DCN314 (bsc#1012628). - drm/amd/display: Fix watermark calculation (bsc#1012628). - drm/i915: Fix display problems after resume (bsc#1012628). - drm/i915: Fix watermark calculations for DG2 CCS+CC modifier (bsc#1012628). - drm/i915: Fix watermark calculations for DG2 CCS modifiers (bsc#1012628). - drm/i915: Fix watermark calculations for gen12+ CCS+CC modifier (bsc#1012628). - drm/i915: Fix watermark calculations for gen12+ MC CCS modifier (bsc#1012628). - drm/i915: Fix watermark calculations for gen12+ RC CCS modifier (bsc#1012628). - drm/i915/guc: Fix revocation of non-persistent contexts (bsc#1012628). - drm/i915/gt: Use i915_vm_put on ppgtt_create error paths (bsc#1012628). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (bsc#1012628). - drm/nouveau/kms/nv140-: Disable interlacing (bsc#1012628). - staging: greybus: audio_helper: remove unused and wrong debugfs usage (bsc#1012628). - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (bsc#1012628). - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (bsc#1012628). - KVM: nVMX: Don't propagate vmcs12's PERF_GLOBAL_CTRL settings to vmcs02 (bsc#1012628). - KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" (bsc#1012628). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (bsc#1012628). - blk-wbt: call rq_qos_add() after wb_normal is initialized (bsc#1012628). - blk-throttle: fix that io throttle can only work for single bio (bsc#1012628). - media: cedrus: Fix endless loop in cedrus_h265_skip_bits() (bsc#1012628). - media: cedrus: Set the platform driver data earlier (bsc#1012628). - media: cedrus: Fix watchdog race condition (bsc#1012628). - efi: libstub: drop pointless get_memory_map() call (bsc#1012628). - thunderbolt: Explicitly enable lane adapter hotplug events at startup (bsc#1012628). - rpmsg: char: Avoid double destroy of default endpoint (bsc#1012628). - tracing: Fix reading strings from synthetic events (bsc#1012628). - tracing: Add "(fault)" name injection to kernel probes (bsc#1012628). - tracing: Move duplicate code of trace_kprobe/eprobe.c into header (bsc#1012628). - tracing: Do not free snapshot if tracer is on cmdline (bsc#1012628). - tracing: Add ioctl() to force ring buffer waiters to wake up (bsc#1012628). - tracing: Wake up waiters when tracing is disabled (bsc#1012628). - tracing: Wake up ring buffer waiters on closing of the file (bsc#1012628). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (bsc#1012628). - tracing/eprobe: Fix alloc event dir failed when event name no set (bsc#1012628). - ring-buffer: Fix race between reset page and reading page (bsc#1012628). - ring-buffer: Add ring_buffer_wake_waiters() (bsc#1012628). - ring-buffer: Check pending waiters when doing wake ups as well (bsc#1012628). - ring-buffer: Have the shortest_full queue be the shortest not longest (bsc#1012628). - ring-buffer: Allow splice to read previous partially read pages (bsc#1012628). - ftrace: Still disable enabled records marked as disabled (bsc#1012628). - ftrace: Properly unset FTRACE_HASH_FL_MOD (bsc#1012628). - livepatch: fix race between fork and KLP transition (bsc#1012628). - ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1012628). - ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1012628). - ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1012628). - ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1012628). - ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1012628). - ext4: fix i_version handling in ext4 (bsc#1012628). - ext4: place buffer head allocation before handle start (bsc#1012628). - ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1012628). - ext4: unconditionally enable the i_version counter (bsc#1012628). - ext4: don't increase iversion counter for ea_inodes (bsc#1012628). - ext4: fix check for block being out of directory size (bsc#1012628). - ext4: make ext4_lazyinit_thread freezable (bsc#1012628). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1012628). - ext4: avoid crash when inline data creation follows DIO write (bsc#1012628). - ext2: Add sanity checks for group and filesystem size (bsc#1012628). - jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1012628). - jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1012628). - jbd2: fix potential buffer head reference count leak (bsc#1012628). - jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1012628). - f2fs: allow direct read for zoned device (bsc#1012628). - f2fs: fix to do sanity check on summary info (bsc#1012628). - f2fs: fix to do sanity check on destination blkaddr during recovery (bsc#1012628). - f2fs: increase the limit for reserve_root (bsc#1012628). - f2fs: flush pending checkpoints when freezing super (bsc#1012628). - f2fs: complete checkpoints during remount (bsc#1012628). - f2fs: fix wrong continue condition in GC (bsc#1012628). - btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer (bsc#1012628). - btrfs: fix missed extent on fsync after dropping extent maps (bsc#1012628). - btrfs: fix race between quota enable and quota rescan ioctl (bsc#1012628). - btrfs: enhance unsupported compat RO flags handling (bsc#1012628). - btrfs: fix alignment of VMA for memory mapped files on THP (bsc#1012628). - fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1012628). - ksmbd: Fix user namespace mapping (bsc#1012628). - ksmbd: Fix wrong return value and message length check in smb2_ioctl() (bsc#1012628). - ksmbd: fix endless loop when encryption for response fails (bsc#1012628). - ksmbd: fix incorrect handling of iterate_dir (bsc#1012628). - smb3: do not log confusing message when server returns no network interfaces (bsc#1012628). - hwrng: core - let sleep be interrupted when unregistering hwrng (bsc#1012628). - fbdev: smscufx: Fix use-after-free in ufx_ops_open() (bsc#1012628). - pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback (bsc#1012628). - gpio: rockchip: request GPIO mux to pinctrl when setting direction (bsc#1012628). - scsi: qedf: Populate sysfs attributes for vport (bsc#1012628). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1012628). - slimbus: qcom-ngd: cleanup in probe error path (bsc#1012628). - slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure (bsc#1012628). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1012628). - powerpc/Kconfig: Fix non existing CONFIG_PPC_FSL_BOOKE (bsc#1012628). - powercap: intel_rapl: Use standard Energy Unit for SPR Dram RAPL domain (bsc#1012628). - LoadPin: Fix Kconfig doc about format of file with verity digests (bsc#1012628). - cpufreq: qcom-cpufreq-hw: Fix uninitialized throttled_freq warning (bsc#1012628). - NFSD: Protect against send buffer overflow in NFSv3 READ (bsc#1012628). - NFSD: Protect against send buffer overflow in NFSv2 READ (bsc#1012628). - NFSD: Protect against send buffer overflow in NFSv3 READDIR (bsc#1012628). - serial: 8250: Request full 16550A feature probing for OxSemi PCIe devices (bsc#1012628). - serial: 8250: Let drivers request full 16550A feature probing (bsc#1012628). - serial: ar933x: Deassert Transmit Enable on ->rs485_config() (bsc#1012628). - serial: Deassert Transmit Enable on probe in driver-specific way (bsc#1012628). - serial: stm32: Deassert Transmit Enable on ->rs485_config() (bsc#1012628). - serial: cpm_uart: Don't request IRQ too early for console port (bsc#1012628). - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (bsc#1012628). - xen/gntdev: Accommodate VMA splitting (bsc#1012628). - xen/gntdev: Prevent leaking grants (bsc#1012628). - mm/mmap: undo ->mmap() when arch_validate_flags() fails (bsc#1012628). - mm/uffd: fix warning without PTE_MARKER_UFFD_WP compiled in (bsc#1012628). - mm/damon: validate if the pmd entry is present before accessing (bsc#1012628). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1012628). - clocksource/drivers/arm_arch_timer: Fix CNTPCT_LO and CNTVCT_LO value (bsc#1012628). - arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored (bsc#1012628). - arm64: mte: move register initialization to C (bsc#1012628). - drm/udl: Restore display mode on resume (bsc#1012628). - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (bsc#1012628). - drm/virtio: Unlock reservations on dma_resv_reserve_fences() error (bsc#1012628). - drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error (bsc#1012628). - drm/virtio: Check whether transferred 2D BO is shmem (bsc#1012628). - dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg (bsc#1012628). - dmaengine: qcom-adm: fix wrong sizeof config in slave_config (bsc#1012628). - dmaengine: mxs: use platform_driver_register (bsc#1012628). - dm: verity-loadpin: Only trust verity targets with enforcement (bsc#1012628). - Revert "drm/amdgpu: use dirty framebuffer helper" (bsc#1012628). - nvme-multipath: fix possible hang in live ns resize with ANA access (bsc#1012628). - nvmem: core: Fix memleak in nvmem_register() (bsc#1012628). - UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK (bsc#1012628). - riscv: Pass -mno-relax only on lld < 15.0.0 (bsc#1012628). - riscv: always honor the CONFIG_CMDLINE_FORCE when parsing dtb (bsc#1012628). - riscv: Make VM_WRITE imply VM_READ (bsc#1012628). - riscv: Allow PROT_WRITE-only mmap() (bsc#1012628). - riscv: vdso: fix NULL deference in vdso_join_timens() when vfork (bsc#1012628). - parisc: Fix userspace graphics card breakage due to pgtable special bit (bsc#1012628). - parisc: fbdev/stifb: Align graphics memory size to 4MB (bsc#1012628). - RISC-V: Make port I/O string accessors actually work (bsc#1012628). - RISC-V: Re-enable counter access from userspace (bsc#1012628). - riscv: topology: fix default topology reporting (bsc#1012628). - arm64: topology: move store_cpu_topology() to shared code (bsc#1012628). - regulator: qcom_rpm: Fix circular deferral regression (bsc#1012628). - net: thunderbolt: Enable DMA paths only after rings are enabled (bsc#1012628). - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (bsc#1012628). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (bsc#1012628). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (bsc#1012628). - arm64: dts: qcom: sdm845-mtp: correct ADC settle time (bsc#1012628). - platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure (bsc#1012628). - quota: Check next/prev free block number after reading from quota file (bsc#1012628). - HID: multitouch: Add memory barriers (bsc#1012628). - mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1012628). - btf: Export bpf_dynptr definition (bsc#1012628). - fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1012628). - fs: dlm: handle -EBUSY first in lock arg validation (bsc#1012628). - fs: dlm: fix race between test_bit() and queue_work() (bsc#1012628). - i2c: designware: Fix handling of real but unexpected device interrupts (bsc#1012628). - mmc: sdhci-sprd: Fix minimum clock limit (bsc#1012628). - mmc: sdhci-tegra: Use actual clock rate for SW tuning correction (bsc#1012628). - mmc: renesas_sdhi: Fix rounding errors (bsc#1012628). - can: kvaser_usb_leaf: Fix CAN state after restart (bsc#1012628). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (bsc#1012628). - can: kvaser_usb_leaf: Fix overread with an invalid command (bsc#1012628). - can: kvaser_usb: Fix use of uninitialized completion (bsc#1012628). - mmc: core: Add SD card quirk for broken discard (bsc#1012628). - usb: add quirks for Lenovo OneLink+ Dock (bsc#1012628). - usb: gadget: uvc: Fix argument to sizeof() in uvc_register_video() (bsc#1012628). - xhci: dbc: Fix memory leak in xhci_alloc_dbc() (bsc#1012628). - iio: pressure: dps310: Reset chip after timeout (bsc#1012628). - iio: pressure: dps310: Refactor startup procedure (bsc#1012628). - iio: adc: ad7923: fix channel readings for some variants (bsc#1012628). - iio: ltc2497: Fix reading conversion results (bsc#1012628). - iio: dac: ad5593r: Fix i2c read protocol requirements (bsc#1012628). - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1012628). - cifs: destage dirty pages before re-reading them for cache=none (bsc#1012628). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1012628). - io_uring: correct pinned_vm accounting (bsc#1012628). - io_uring/af_unix: defer registered files gc to io_uring release (bsc#1012628). - io_uring/net: handle -EINPROGRESS correct for IORING_OP_CONNECT (bsc#1012628). - io_uring: limit registration w/ SINGLE_ISSUER (bsc#1012628). - io_uring/net: don't update msg_name if not provided (bsc#1012628). - io_uring/net: fix fast_iov assignment in io_setup_async_msg() (bsc#1012628). - io_uring/rw: don't lose short results on io_setup_async_rw() (bsc#1012628). - io_uring/rw: fix unexpected link breakage (bsc#1012628). - io_uring/net: don't lose partial send/recv on fail (bsc#1012628). - io_uring/rw: don't lose partial IO result on fail (bsc#1012628). - io_uring: add custom opcode hooks on fail (bsc#1012628). - mtd: rawnand: atmel: Unmap streaming DMA mappings (bsc#1012628). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (bsc#1012628). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (bsc#1012628). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (bsc#1012628). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (bsc#1012628). - ALSA: usb-audio: Fix NULL dererence at error path (bsc#1012628). - ALSA: usb-audio: Fix potential memory leaks (bsc#1012628). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (bsc#1012628). - ALSA: oss: Fix potential deadlock at unregistration (bsc#1012628). - commit beade21 ++++ kernel-firmware: - Update to version 20221017 (git commit 48407ffd7adb): * cnm: update chips&media wave521c firmware. * brcm: add symlink for Pi Zero 2 W NVRAM file * rtw89: 8852b: add initial fw v0.27.32.0 * iwlwifi: add new FWs from core72-129 release * iwlwifi: update 9000-family firmwares to core72-129 * rtl_bt: Update RTL8852C BT USB firmware to 0xD5B8_A40A * amdgpu: update GC 10.3.6 RLC firmware * amdgpu: update GC 10.3.7 RLC firmware * amdgpu: update Yellow Carp RLC firmware * amdgpu: update Beige Goby RLC firmware * amdgpu: update Dimgrey Cavefish RLC firmware * amdgpu: update Navy Flounder RLC firmware * amdgpu: update Sienna Cichlid RLC firmware * mediatek: Update mt8195 SOF firmware to v0.4.1 * qcom: add squashed version of a530 zap shader * rtw89: 8852c: update fw to v0.27.56.1 * rtw89: 8852c: update fw to v0.27.56.0 * mediatek: Update mt8186 SCP firmware - Update Cirrus CS35L41 firmware (bsc#1203699) cirrus-WHENCE-update.patch - Update aliases from 6.1-rc1 kernel ++++ libXrender: - Update to version 0.9.11 * Update README for gitlab migration * Update configure.ac bug URL for gitlab migration * Fix spelling/wording issues * gitlab CI: add a basic build test * Remove unnecessary casts from malloc & free calls * Reduce variable scopes as recommended by cppcheck * Resolve -Wsign-compare warnings * Rename xDepth to xPDepth to quiet -Wshadow warnings * fix coredumps in XRenderComputeTrapezoids (issue #1) * autogen.sh: use quoted string variables * autogen: add default patch prefix * WIP: Documentation * autogen.sh: use exec instead of waiting for configure to finish * Add missing HAVE_CONFIG_H guard to Xrenderint.h * amend cppcheck-scope change, fixing c89 build * additional cppcheck-scope warning * cppcheck (removing unused assignment lets variable scope reduction) * use casts to reduce compiler warnings (no object change) * use _Xconst with DataInt32/DataInt16/memcpy to reduce strict compiler warnings * use _X_UNUSED for compiler-warnings * whitespace fix * fix regression * fix coredumps in XRenderComputeTrapezoids (issue #1) * autogen.sh: use quoted string variables * autogen: add default patch prefix * WIP: Documentation * autogen.sh: use exec instead of waiting for configure to finish * Add missing HAVE_CONFIG_H guard to Xrenderint.h * amend cppcheck-scope change, fixing c89 build * additional cppcheck-scope warning * cppcheck (removing unused assignment lets variable scope reduction) * use casts to reduce compiler warnings (no object change) * use _Xconst with DataInt32/DataInt16/memcpy to reduce strict compiler warnings * use _X_UNUSED for compiler-warnings * whitespace fix * fix regression ++++ python-psutil: - update to version 5.9.3: * Enhancements + 2040, [macOS]: provide wheels for arm64 architecture. (patch by Matthieu Darbois) * Bug fixes + 2116, [macOS], [critical]: `psutil.net_connections`_ fails with RuntimeError. + 2135, [macOS]: Process.environ() may contain garbage data. Fix out-of-bounds read around sysctl_procargs. (patch by Bernhard Urban-Forster) + 2138, [Linux], [critical]: can't compile psutil on Android due to undefined ethtool_cmd_speed symbol. + 2142, [POSIX]: net_if_stats() 's flags on Python 2 returned unicode instead of str. (patch by Matthieu Darbois) + 2147, [macOS] Fix disk usage report on macOS 12+. (patch by Matthieu Darbois) + 2150, [Linux] Process.threads() may raise NoSuchProcess. Fix race condition. (patch by Daniel Li) + 2153, [macOS] Fix race condition in test_posix.TestProcess.test_cmdline. (patch by Matthieu Darbois) ------------------------------------------------------------------ ------------------ 2022-10-21 - Oct 21 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - Add patch to fix LLVM optimization to avoid failure on armv7 (https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/19217, boo#1204267): * u_0001-gallivm-Fix-LLVM-optimization-with-the-new-pass-mana.patch ++++ Mesa-drivers: - Add patch to fix LLVM optimization to avoid failure on armv7 (https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/19217, boo#1204267): * u_0001-gallivm-Fix-LLVM-optimization-with-the-new-pass-mana.patch ++++ gstreamer: - Update to version 1.20.4: + Highlighted bugfixes in 1.20.4: - avaudiodec: fix playback issue with WMA files, would throw an error at EOS with FFmpeg 5.x - Fix deadlock when loading gst-editing-services plugin - Fix input buffering capacity in live mode for aggregator, video/audio aggregator subclasses, muxers - glimagesink: fix crash on Android - subtitle handling and subtitle overlay fixes - matroska-mux: allow width + height changes for avc3|hev1|vp8|vp9 - rtspsrc: fix control url handling for spec compliant servers and add fallback for incompliant servers - WebRTC fixes - RTP retransmission fixes - video: fixes for formats with 4x subsampling and horizontal co-sited chroma (Y41B, YUV9, YVU9 and IYU9) - Fix consuming of the macOS package as a framework in XCode - Performance improvements - Miscellaneous bug fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - buffer: drop parent meta in deep copy/foreach_metadata - devicemonitor: Use a sync bus handler for the provider to avoid accumulating all messages until the provider is stopped - element: Fix requesting of pads with string templates - gst: . Protect initialization state with a recursive mutex . Add missing define guard for build without gstreamer debug logging support - gst_init: Initialize static plugins just before dynamic plugins - info: Parse "NONE" as a valid level name - meta: Set the parent refcount of the GstStructure correctly - pluginloader: Don't hang on short reads/writes - tracers: leaks: . Fix potentially invalid memory access when trying to detect object type . Fix object-refings.class flags - uri: When setting the same string again do nothing - value: Don't loop forever when serializing invalid flag + Base Libraries: - aggregator: . Fix input buffering in live mode (was too low before in many cases) . Fix reversed active/flushing arguments in debug log output . Reset EOS flag after receiving a stream-start event + Core Elements: queue2: - Hold the lock when modifying sinkresult - Fix deadlock when deactivate is called in pull mode ++++ gstreamer-plugins-base: - Update to version 1.20.4: + decodebin3: - Fix mutex leaks - Fix memory issues with active selection list - uridecodebin3, urisourcebin: Event handling fixes - Fix EOS event sequence + parsebin: - Avoid crash with unknown streams - SIGSEGV during HLS stream using souphttpsrc + glimagesink: - Only allow setting the GL display/context if it is a valid value - Segfault on android devices + gstgl: Fix several memory leaks in macOS + opusenc: improve inband-fec property documentation + playsink: Hold a reference to the soft volume element + pbutils: descriptions: fix gst_pb_utils_get_caps_description_flags() + rtspurl: Use gst_uri_join_strings() in gst_rtsp_url_get_request_uri_with_control() instead of a hand-crafted, wrong version + rtspconnection: protect cancellable by a mutex + sdpmessage: Don't set SDP medias from caps without media/payload/clock-rate fields + samiparse: fix handling of self-closing tags + ssaparse: include required system headers for isspace() and sscanf() functions + subparse: fix crash when parsing invalid timestamps in mpl2 + subparse fixes + textoverlay: Don't miscalculate text running times + videoaggregator: always convert when user provides converter-config + video: Fix scaling in 4x horizontal co-sited chroma (Y41B, YUV9, YVU9 and IYU9) + xmptag: register musicbrainz tags during init to fix critical in jpegparse + xvimagesink: fix image leaks in error code path + tests: skip unit tests for dependency-less elements that have been disabled ++++ kernel-default: - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (bsc#1203922). - commit fc9be74 - Refresh patches.suse/drm-amdgpu-Fix-for-BO-move-issue.patch. Update upstream status. - commit 48205db ++++ harfbuzz: - Update to version 5.3.1: + Subsetter repacker fixes + Adjust Grapheme clusters for Katakana voiced sound marks + New hb-subset option --preprocess-face - Add harfbuzz-5.3.1-Fix_check-symbols_failure.patch: Fix failing tests. ++++ python310-core: - Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to allow building of documentation with the latest Sphinx 5.3.0 (gh#python/cpython#98366). ++++ readline: - Extend version linker map file to detect usage of new symbols (boo#1204336) ++++ systemd: - Import commit f78bba8d037cc26c09bbdd167625b2d7fe1f5a30 (merge of v251.6) Beside the merge of v251.6, it also includes the following backport: - 07aaa898bd pstore: do not try to load all known pstore modules For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/07aa29e3942fb46b0aed5405c88e8d3179ca958f...f78bba8d037cc26c09bbdd167625b2d7fe1f5a30 ++++ python310: - Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to allow building of documentation with the latest Sphinx 5.3.0 (gh#python/cpython#98366). ++++ python-pyOpenSSL: - Upstream post-release doc fix (gh#pyca/pyopenssl#1150) * The minimum cryptography version is now 38.0.x (and we now pin releases against cryptography major versions to prevent future breakage) - Add pyOpenSSL-pr1158-conditional-__all__.patch gh#pyca/pyopenssl#1158 ++++ rsync: - New version fixes bug (boo#1203727): implicit containing directory sometimes rejected as unrequested - update to 3.2.7 * BUG FIXES: - Fixed the client-side validating of the remote sender's filtering behavior. - More fixes for the "unrequested file-list name" name, including a copy of "/" with `--relative` enabled and a copy with a lot of related paths with `--relative` enabled (often derived from a `--files-from` list). - When rsync gets an unpack error on an ACL, mention the filename. - Avoid over-setting sanitize_paths when a daemon is serving "/" (even if "use chroot" is false). * ENHANCEMENTS: - Added negotiated daemon-auth support that allows a stronger checksum digest to be used to validate a user's login to the daemon. Added SHA512, SHA256, and SHA1 digests to MD5 & MD4. These new digests are at the highest priority in the new daemon-auth negotiation list. - Added support for the SHA1 digest in file checksums. While this tends to be overkill, it is available if someone really needs it. This overly-long checksum is at the lowest priority in the normal checksum negotiation list. See [`--checksum-choice`](rsync.1#opt) (`--cc`) and the `RSYNC_CHECKSUM_LIST` environment var for how to customize this. - Improved the xattr hash table to use a 64-bit key without slowing down the key's computation. This should make extra sure that a hash collision doesn't happen. - If the `--version` option is repeated (e.g. `-VV`) then the information is output in a (still readable) JSON format. Client side only. - The script `support/json-rsync-version` is available to get the JSON style version output from any rsync. The script accepts either text on stdin * *or** an arg that specifies an rsync executable to run with a doubled `--version` option. If the text we get isn't already in JSON format, it is converted. Newer rsync versions will provide more complete json info than older rsync versions. Various tweaks are made to keep the flag names consistent across versions. - The [`use chroot`](rsyncd.conf.5#) daemon parameter now defaults to "unset" so that rsync can use chroot when it works and a sanitized copy when chroot is not supported (e.g., for a non-root daemon). Explicitly setting the parameter to true or false (on or off) behaves the same way as before. - The `--fuzzy` option was optimized a bit to try to cut down on the amount of computations when considering a big pool of files. The simple heuristic from Kenneth Finnegan resuled in about a 2x speedup. - If rsync is forced to use protocol 29 or before (perhaps due to talking to an rsync before 3.0.0), the modify time of a file is limited to 4-bytes. Rsync now interprets this value as an unsigned integer so that a current year past 2038 can continue to be represented. This does mean that years prior to 1970 cannot be represented in an older protocol, but this trade-off seems like the right choice given that (1) 2038 is very rapidly approaching, and (2) newer protocols support a much wider range of old and new dates. - The rsync client now treats an empty destination arg as an error, just like it does for an empty source arg. This doesn't affect a `host:` arg (which is treated the same as `host:.`) since the arg is not completely empty. The use of [`--old-args`](rsync.1#opt) (including via `RSYNC_OLD_ARGS`) allows the prior behavior of treating an empty destination arg as a ".". * PACKAGING RELATED: - The checksum code now uses openssl's EVP methods, which gets rid of various deprecation warnings and makes it easy to support more digest methods. On newer systems, the MD4 digest is marked as legacy in the openssl code, which makes openssl refuse to support it via EVP. You can choose to ignore this and allow rsync's MD4 code to be used for older rsync connections (when talking to an rsync prior to 3.0.0) or you can choose to configure rsync to tell openssl to enable legacy algorithms (see below). - A simple openssl config file is supplied that can be installed for rsync to use. If you install packaging/openssl-rsync.cnf to a public spot (such as `/etc/ssl/openssl-rsync.cnf`) and then run configure with the option `--with-openssl-conf=/path/name.cnf`, this will cause rsync to export the configured path in the OPENSSL_CONF environment variable (when the variable is not already set). This will enable openssl's MD4 code for rsync to use. - The packager may wish to include an explicit "use chroot = true" in the top section of their supplied /etc/rsyncd.conf file if the daemon is being installed to run as the root user (though rsync should behave the same even with the value unset, a little extra paranoia doesn't hurt). - I've noticed that some packagers haven't installed support/nameconvert for users to use in their chrooted rsync configs. Even if it is not installed as an executable script (to avoid a python3 dependency) it would be good to install it with the other rsync-related support scripts. - It would be good to add support/json-rsync-version to the list of installed support scripts. ------------------------------------------------------------------ ------------------ 2022-10-20 - Oct 20 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - update to 22.2.2 * This is the second bug fix release, back on the regular schedule. There's a lot here: nir, panfrost, gallium video, freedreno, nouveau, turnip, r300, gallium core, r600, virgl, core vulkan, anv, clover, d3d12, utils, radv, and plenty of zink. ++++ Mesa-drivers: - update to 22.2.2 * This is the second bug fix release, back on the regular schedule. There's a lot here: nir, panfrost, gallium video, freedreno, nouveau, turnip, r300, gallium core, r600, virgl, core vulkan, anv, clover, d3d12, utils, radv, and plenty of zink. ++++ bash: - Explicit require versioned libreadline8 as we face new ABI functions used by the bash (boo#1204336) ++++ kernel-default: - drm/amdgpu: Fix for BO move issue (bsc#1204160). - commit b9e3808 - drm/amdgpu: Fix VRAM BO swap issue (bsc#1204160). - commit 51f20d5 ++++ gcc12: - Update to gcc-12 branch head, 0aaef83351473e8f4eb774f8f99, git537 ------------------------------------------------------------------ ------------------ 2022-10-19 - Oct 19 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - lib/Kconfig.debug: Add check for non-constant .{s,u}leb128 support to DWARF5 (bsc#1012628). - Update config files. - hid: topre: Add driver fixing report descriptor (bsc#1012628). - Update config files. - arm64: errata: Add Cortex-A55 to the repeat tlbi list (bsc#1012628). - Update config files. - commit f78cd12 ++++ libX11: - U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch * security update for CVE-2022-3554 (bsc#1204422) ++++ python310-core: - Update to 3.10.8: - Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. (originally filed as CVE-2022-37460, later withdrawn) - Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. - When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. - The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed). - os.sched_yield() now release the GIL while calling sched_yield(2). - Bugfix: PyFunction_GetAnnotations() should return a borrowed reference. It was returning a new reference. - Fixed a missing incref/decref pair in Exception.__setstate__(). - Fix overly-broad source position information for chained comparisons used as branching conditions. - Fix undefined behaviour in _testcapimodule.c. - At Python exit, sometimes a thread holding the GIL can wait forever for a thread (usually a daemon thread) which requested to drop the GIL, whereas the thread already exited. To fix the race condition, the thread which requested the GIL drop now resets its request before exiting. - Fix a possible assertion failure, fatal error, or SystemError if a line tracing event raises an exception while opcode tracing is enabled. - Fix undefined behaviour in C code of null pointer arithmetic. - Do not expose KeyWrapper in _functools. - When loading a file with invalid UTF-8 inside a multi-line string, a correct SyntaxError is emitted. - Disable incorrect pickling of the C implemented classmethod descriptors. - Fix AttributeError missing name and obj attributes in . object.__getattribute__() bpo-42316: Document some places . where an assignment expression needs parentheses . - Wrap network errors consistently in urllib FTP support, so the test suite doesn’t fail when a network is available but the public internet is not reachable. - Fixes AttributeError when subprocess.check_output() is used with argument input=None and either of the arguments encoding or errors are used. - Avoid spurious tracebacks from asyncio when default executor cleanup is delayed until after the event loop is closed (e.g. as the result of a keyboard interrupt). - Avoid a crash in the C version of asyncio.Future.remove_done_callback() when an evil argument is passed. - Remove tokenize.NL check from tabnanny. - Make Semaphore run faster. - Fix generation of the default name of tkinter.Checkbutton. Previously, checkbuttons in different parent widgets could have the same short name and share the same state if arguments “name” and “variable” are not specified. Now they are globally unique. - Update bundled libexpat to 2.4.9 - Fix race condition in asyncio where process_exited() called before the pipe_data_received() leading to inconsistent output. - Fixed check in multiprocessing.resource_tracker that guarantees that the length of a write to a pipe is not greater than PIPE_BUF. - Corrected type annotation for dataclass attribute pstats.FunctionProfile.ncalls to be str. - Fix the faulthandler implementation of faulthandler.register(signal, chain=True) if the sigaction() function is not available: don’t call the previous signal handler if it’s NULL. - In inspect, fix overeager replacement of “typing.” in formatting annotations. - Fix asyncio.streams.StreamReaderProtocol to keep a strong reference to the created task, so that it’s not garbage collected - Fix handling compiler warnings (SyntaxWarning and DeprecationWarning) in codeop.compile_command() when checking for incomplete input. Previously it emitted warnings and raised a SyntaxError. Now it always returns None for incomplete input without emitting any warnings. - Fixed flickering of the turtle window when the tracer is turned off. - Allow asyncio.StreamWriter.drain() to be awaited concurrently by multiple tasks. - Fix broken asyncio.Semaphore when acquire is cancelled. - Fix ast.unparse() when ImportFrom.level is None - Improve performance of urllib.request.getproxies_environment when there are many environment variables - Fix ! in c domain ref target syntax via a conf.py patch, so it works as intended to disable ref target resolution. - Clarified the conflicting advice given in the ast documentation about ast.literal_eval() being “safe” for use on untrusted input while at the same time warning that it can crash the process. The latter statement is true and is deemed unfixable without a large amount of work unsuitable for a bugfix. So we keep the warning and no longer claim that literal_eval is safe. - Update tutorial introduction output to use 3.10+ SyntaxError invalid range. - Remove upstreamed test-int-timing.patch. ++++ systemd: - Don't create /var/lib/systemd/random-seed in %post (bsc#1181458) To make sure that the same seed is not replicated when installing from a 'golden' image. For regular installations the random seed file is initialized by the installer itself (bsc#1174964). Even if it didn't, the random seed file would be created on first boot anyway. ++++ python310: - Update to 3.10.8: - Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. (originally filed as CVE-2022-37460, later withdrawn) - Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. - When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. - The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed). - os.sched_yield() now release the GIL while calling sched_yield(2). - Bugfix: PyFunction_GetAnnotations() should return a borrowed reference. It was returning a new reference. - Fixed a missing incref/decref pair in Exception.__setstate__(). - Fix overly-broad source position information for chained comparisons used as branching conditions. - Fix undefined behaviour in _testcapimodule.c. - At Python exit, sometimes a thread holding the GIL can wait forever for a thread (usually a daemon thread) which requested to drop the GIL, whereas the thread already exited. To fix the race condition, the thread which requested the GIL drop now resets its request before exiting. - Fix a possible assertion failure, fatal error, or SystemError if a line tracing event raises an exception while opcode tracing is enabled. - Fix undefined behaviour in C code of null pointer arithmetic. - Do not expose KeyWrapper in _functools. - When loading a file with invalid UTF-8 inside a multi-line string, a correct SyntaxError is emitted. - Disable incorrect pickling of the C implemented classmethod descriptors. - Fix AttributeError missing name and obj attributes in . object.__getattribute__() bpo-42316: Document some places . where an assignment expression needs parentheses . - Wrap network errors consistently in urllib FTP support, so the test suite doesn’t fail when a network is available but the public internet is not reachable. - Fixes AttributeError when subprocess.check_output() is used with argument input=None and either of the arguments encoding or errors are used. - Avoid spurious tracebacks from asyncio when default executor cleanup is delayed until after the event loop is closed (e.g. as the result of a keyboard interrupt). - Avoid a crash in the C version of asyncio.Future.remove_done_callback() when an evil argument is passed. - Remove tokenize.NL check from tabnanny. - Make Semaphore run faster. - Fix generation of the default name of tkinter.Checkbutton. Previously, checkbuttons in different parent widgets could have the same short name and share the same state if arguments “name” and “variable” are not specified. Now they are globally unique. - Update bundled libexpat to 2.4.9 - Fix race condition in asyncio where process_exited() called before the pipe_data_received() leading to inconsistent output. - Fixed check in multiprocessing.resource_tracker that guarantees that the length of a write to a pipe is not greater than PIPE_BUF. - Corrected type annotation for dataclass attribute pstats.FunctionProfile.ncalls to be str. - Fix the faulthandler implementation of faulthandler.register(signal, chain=True) if the sigaction() function is not available: don’t call the previous signal handler if it’s NULL. - In inspect, fix overeager replacement of “typing.” in formatting annotations. - Fix asyncio.streams.StreamReaderProtocol to keep a strong reference to the created task, so that it’s not garbage collected - Fix handling compiler warnings (SyntaxWarning and DeprecationWarning) in codeop.compile_command() when checking for incomplete input. Previously it emitted warnings and raised a SyntaxError. Now it always returns None for incomplete input without emitting any warnings. - Fixed flickering of the turtle window when the tracer is turned off. - Allow asyncio.StreamWriter.drain() to be awaited concurrently by multiple tasks. - Fix broken asyncio.Semaphore when acquire is cancelled. - Fix ast.unparse() when ImportFrom.level is None - Improve performance of urllib.request.getproxies_environment when there are many environment variables - Fix ! in c domain ref target syntax via a conf.py patch, so it works as intended to disable ref target resolution. - Clarified the conflicting advice given in the ast documentation about ast.literal_eval() being “safe” for use on untrusted input while at the same time warning that it can crash the process. The latter statement is true and is deemed unfixable without a large amount of work unsuitable for a bugfix. So we keep the warning and no longer claim that literal_eval is safe. - Update tutorial introduction output to use 3.10+ SyntaxError invalid range. - Remove upstreamed test-int-timing.patch. ++++ python-setuptools: - Skip test_pbr_integration because it tries to install pbr using pip from network - Add fix-get-python-lib-python38.patch to fix get_python_lib() method in python3.8 bsc#1204395 - Update to version 65.5.0: * #3624: Fixed editable install for multi-module/no-package src-layout projects. * #3626: Minor refactorings to support distutils using stdlib logging module. * #3419: Updated the example version numbers to be compliant with PEP-440 on the "Specifying Your Project’s Version" page of the user guide. * #3569: Improved information about conflicting entries in the current working directory and editable install (in documentation and as an informational warning). * #3576: Updated version of validate_pyproject. - v65.4.1 * #3613: Fixed encoding errors in expand.StaticModule when system default encoding doesn't match expectations for source files. * #3617: Merge with pypa/distutils@6852b20 including fix for pypa/distutils#181. - v65.4.0 * #3609: Merge with pypa/distutils@d82d926 including support for DIST_EXTRA_CONFIG in pypa/distutils#177. - v65.3.0 * #3547: Stop ConfigDiscovery.analyse_name from splatting the Distribution.name attribute -- by :user:`jeamland` * #3554: Changed requires to requests in the pyproject.toml example in the :doc:`Dependency management section of the Quickstart guide ` -- by :user:`mfbutner` * #3561: Fixed accidental name matching in editable hooks. - v65.2.0 * #3553: Sync with pypa/distutils@22b9bcf, including fixed cross-compiling support and removing deprecation warning per pypa/distutils#169. - v65.1.1 * #3551: Avoided circular imports in meta path finder for editable installs when a missing module has the same name as its parent. - v65.1.0 * #3536: Remove monkeypatching of msvc9compiler. * #3538: Corrected documentation on how to use the legacy-editable mode. - v65.0.2 * #3505: Restored distutils msvccompiler and msvc9compiler modules and marked as deprecated (pypa/distutils@c802880). - v65.0.1 * #3529: Added clarification to :doc:`/userguide/quickstart` about support to setup.py. * #3526: Fixed backward compatibility of editable installs and custom build_ext commands inheriting directly from distutils. * #3528: Fixed buid_meta.prepare_metadata_for_build_wheel when given metadata_directory is ".". - v65.0.0 * #3505: Removed 'msvccompiler' and 'msvc9compiler' modules from distutils. * #3521: Remove bdist_msi and bdist_wininst commands, which have been deprecated since Python 3.9. Use older Setuptools for these behaviors if needed. * #3519: Changed the note in keywords documentation regarding editable installations to specify which setuptools version require a minimal setup.py file or not. - v64.0.3 * #3515: Fixed "inline" file copying for editable installations and optional extensions. * #3517: Fixed editable_wheel to ensure other commands are finalized before using them. This should prevent errors with plugins trying to use different commands or reinitializing them. * #3517: Augmented filter to prevent transient/temporary source files from being considered package_data or data_files. - v64.0.2 * #3506: Suppress errors in custom build_py implementations when running editable installs in favor of a warning indicating what is the most appropriate migration path. This is a transitional measure. Errors might be raised in future versions of setuptools. * #3512: Added capability of handling namespace packages created accidentally/purposefully via discovery configuration during editable installs. This should emulate the behaviour of a non-editable installation. - v64.0.1 * #3497: Fixed editable_wheel for legacy namespaces. * #3502: Fixed issue with editable install and single module distributions. * #3503: Added filter to ignore external .egg-info files in manifest. * Some plugins might rely on the fact that the .egg-info directory is produced inside the project dir, which may not be the case in editable installs (the .egg-info directory is produced inside the metadata directory given by the build frontend via PEP 660 hooks). - v64.0.0 * #3380: Passing some types of parameters via --global-option to setuptools PEP 517/PEP 660 backend is now considered deprecated. The user can pass the same arbitrary parameter via --build-option (--global-option is now reserved for flags like --verbose or --quiet). * Both --build-option and --global-option are supported as a transitional effort (a.k.a. "escape hatch"). In the future a proper list of allowed config_settings may be created. * #3265: Added implementation for editable install hooks (PEP 660). * #3380: Improved the handling of the config_settings parameter in both PEP 517 and PEP 660 interfaces: * #3392: Exposed get_output_mapping() from build_py and build_ext subcommands. This interface is reserved for the use of setuptools Extensions and third part packages are explicitly disallowed to calling it. However, any implementation overwriting build_py or build_ext are required to honour this interface. * #3412: Added ability of collecting source files from custom build sub-commands to sdist. This allows plugins and customization scripts to automatically add required source files in the source distribution. * #3414: Users can temporarily specify an environment variable SETUPTOOLS_ENABLE_FEATURES=legacy-editable as a escape hatch for the PEP 660 behavior. This setting is transitional and may be removed in the future. * #3484: Added transient compat mode to editable installs. This more will be temporarily available (to facilitate the transition period) for those that want to emulate the behavior of the develop command (in terms of what is added to sys.path). This mode is provided "as is", with limited support, and will be removed in future versions of setuptools. * #3414: Updated :doc:`Development Mode ` to reflect on the implementation of PEP 660. - v63.4.3 * #3496: Update to pypa/distutils@b65aa40 including more robust support for library/include dir handling in msvccompiler (pypa/distutils#153) and test suite improvements. - v63.4.2 * #3453: Bump vendored version of :pypi:`pyparsing` to 3.0.9. * #3481: Add warning for potential install_requires and extras_require misconfiguration in setup.cfg * #3487: Modified pyproject.toml validation exception handling to make relevant debugging information easier to spot. - v63.4.1 * #3482: Sync with pypa/distutils@274758f1c02048d295efdbc13d2f88d9923547f8, restoring compatibility shim in bdist.format_commands. - v63.4.0 * #2971: upload_docs command is deprecated once again. * #3443: Installed sphinx-hoverxref extension to show tooltips on internal an external references. -- by :user:`humitos` * #3444: Installed sphinx-notfound-page extension to generate nice 404 pages. - - by :user:`humitos` * #3480: Merge with pypa/distutils@c397f4c - v63.3.0 * #3475: Merge with pypa/distutils@129480b, including substantial delinting and cleanup, some refactoring around compiler logic, better messaging in cygwincompiler (pypa/distutils#161). ++++ raspberrypi-firmware: - Update to ab37ef59f (2022-10-18): * firmware: ldconfig: Add all, none, tryboot section support to autoboot.txt for start.elf * firmware: arm-dt: bootloader: Pass the original partition number when booting a ramdisk * firmware: arm_loader: HAT EEPROM support for GPIO bank 1 See: #1756 ++++ raspberrypi-firmware-config: - Update to ab37ef59f (2022-10-18): * firmware: ldconfig: Add all, none, tryboot section support to autoboot.txt for start.elf * firmware: arm-dt: bootloader: Pass the original partition number when booting a ramdisk * firmware: arm_loader: HAT EEPROM support for GPIO bank 1 See: #1756 ++++ raspberrypi-firmware-config-camera: - Update to ab37ef59f (2022-10-18): * firmware: ldconfig: Add all, none, tryboot section support to autoboot.txt for start.elf * firmware: arm-dt: bootloader: Pass the original partition number when booting a ramdisk * firmware: arm_loader: HAT EEPROM support for GPIO bank 1 See: #1756 ++++ selinux-policy: - Update to version 20221019. Refreshed: * distro_suse_to_distro_redhat.patch * fix_apache.patch * fix_chronyd.patch * fix_cron.patch * fix_init.patch * fix_kernel_sysctl.patch * fix_networkmanager.patch * fix_rpm.patch * fix_sysnetwork.patch * fix_systemd.patch * fix_systemd_watch.patch * fix_unconfined.patch * fix_unconfineduser.patch * fix_unprivuser.patch * fix_xserver.patch - Dropped fix_cockpit.patch as this is now packaged with cockpit itself - Remove the ipa module, freeip ships their own module - Added fix_alsa.patch to allow reading of config files in home directories - Extended fix_networkmanager.patch and fix_postfix.patch to account for SUSE systems - Added dontaudit_interface_kmod_tmpfs.patch to prevent AVCs when startproc queries the running processes - Updated fix_snapper.patch to allow snapper to talk to rpm via dbus ------------------------------------------------------------------ ------------------ 2022-10-18 - Oct 18 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.40.2: + Ensure that resolv.conf gets updated when the configuration changes. + Fix setting as bond primary an interface that doesn't exist yet when the bond is activated. + The number of autoconnect retries is now accounted independently for each device when there are profiles with multi-connect=multiple. + Don't print duplicate entries in the output of "NetworkManager - -print-config". + Fix the ifcfg-rh plugin to properly read infiniband P-Key connection profiles without an explicit interface name. + Allow the removal of a bond port connection profile from the bond via nmcli. + Fix race condition during the activation of veth profiles when the peer already exists. + Decline the DHCPv6 lease if all addresses fail IPv6 duplicate address detection (DAD). + Wait that devices get carrier before trying to resolve the system hostname on them via DNS. + Fix race condition during the initial activation of OVS interfaces. + Profiles generated by nm-initrd-generator now have lower than default priority. + Fix error when adding many SR-IOV virtual functions (VFs). ++++ libXmu: - Update to version 1.1.4 This release includes two notable changes to XmuConvertStandardSelection(): 1) It no longer supports XA_IP_ADDRESS, which only supported IPv4 addresses and simply provided the output of gethostbyname() on the local hostname. 2) XA_OWNER_OS no longer reports "BSD" for any Unix-like OS (including Linux) that it hadn't been coded to handle, instead relying on uname() where available to provide the OS name. The lack of bug reports about the previously misleading output for these suggests they're not widely used, with codesearch.debian.net only finding matches in libXmu and the rust bindings to libXmu, and not any consumers of these interfaces. ++++ libpciaccess: - Update to version 0.17 * Fix spelling/wording issues * meson: install man page in mandir/man1/, not mandir/1/ * gitlab CI: add a basic build test for both autotools and meson * gitlab CI: stop requiring Signed-off-by in commits * configure.ac: Use pkg-config to find zlib dependency info * Obtain correct value of is_64 and is_prefetchable PCI device fields * hurd_pci: Use __pci_conf_ variants of pci_conf_ * x86: Use gnumach device instead of /dev/mem on GNU systems && factorise ifdefs * x86: Remove mapping of regions during probe - otherwise remapping later fails * x86: Remove probe during create, other backends don't do this * hurd: device_open(pci), /servers/bus/pci fallback * x86: Sort devices by B/D/F due to recursive scan * hurd: Don't necessarily look up _SERVERS_BUS_PCI * Add a meson build system * autoconf: Add meson files to dist tarball * pciaccess.pc.in: add Libs.Private * Hurd: avoid using the deprecated RPC pci_get_ndevs() * hurd: Implement device memory mapping * Hurd: Fix initialization order * Add pci_device_disable() function * missed library installation in meson * hurd: Add missing round up size in map_dev_mem * hurd: Fix letting map_dev_mem map anywhere * hurd: Fix map_dev_mem from non-zero address * hurd: Restore initialization order * hurd: Fix pci_device_hurd_map_legacy * Add support for building on macOS w/o X11, using endian code from "portable_endian.h"... * Add parentheses to the macro definition * pci_sys set NULL after free * Add header protection macro in linux_devmem.h * Delete redundant symbols ';' - switched to meson build system ++++ libxshmfence: - Update to version 1.3.1 * Update README for gitlab migration * Update configure.ac bug URL for gitlab migration * Fix spelling/wording issues * gitlab CI: add a basic build test * alloc: prefer atomic close-on-exec without O_TMPFILE as well * alloc: prefer SHM_ANON on FreeBSD a la memfd_create ++++ raspberrypi-firmware: - Update to bfbd42ef2 (2022-10-14): * firmware: isp: Run ISP without hi-res output buffer * firmware: arm_dt: Export the bootloader EEPROM RSA public key via device-tree * firmware: Add tryboot A_B mode * firmware: il: isp: Correct order buffers were returned in * firmware: board_info: Fix Pi 400 PHY addresses See: #1754 ++++ raspberrypi-firmware-config: - Update to bfbd42ef2 (2022-10-14): * firmware: isp: Run ISP without hi-res output buffer * firmware: arm_dt: Export the bootloader EEPROM RSA public key via device-tree * firmware: Add tryboot A_B mode * firmware: il: isp: Correct order buffers were returned in * firmware: board_info: Fix Pi 400 PHY addresses See: #1754 ++++ raspberrypi-firmware-config-camera: - Update to bfbd42ef2 (2022-10-14): * firmware: isp: Run ISP without hi-res output buffer * firmware: arm_dt: Export the bootloader EEPROM RSA public key via device-tree * firmware: Add tryboot A_B mode * firmware: il: isp: Correct order buffers were returned in * firmware: board_info: Fix Pi 400 PHY addresses See: #1754 ------------------------------------------------------------------ ------------------ 2022-10-17 - Oct 17 2022 ------------------- ------------------------------------------------------------------ ++++ glib2-branding-openSUSE: - Fix default openSUSE wallpaper is not present in dark mode (boo#1204138). ++++ gpg2: - GnuPG 2.3.8: * gpg: Do not consider unknown public keys as non-compliant while decrypting. * gpg: Avoid to emit a compliance mode line if Libgcrypt is non-compliant. * gpg: Improve --edit-key setpref command to ease c+p. * gpg: Emit an ERROR status if --quick-set-primary-uid fails and allow to pass the user ID by hash. * gpg: Actually show symmetric+pubkey encrypted data as de-vs compliant. Add extra compliance checks for symkey_enc packets. * gpg: In de-vs mode use SHA-256 instead of SHA-1 as implicit preference. * gpgsm: Fix reporting of bad passphrase error during PKCS#11 import. * agent: Fix a regression in "READKEY --format=ssh". * agent: New option --need-attr for KEYINFO. * agent: New attribute "Remote-list" for use by KEYINFO. * scd: Fix problem with Yubikey 5.4 firmware. * dirmngr: Fix CRL Distribution Point fallback to other schemes. * dirmngr: New LDAP server flag "areconly" (A-record-only). * dirmngr: Fix upload of multiple keys for an LDAP server specified using the colon format. * dirmngr: Use LDAP schema v2 when a Base DN is specified. * dirmngr: Avoid caching expired certificates. * wkd: Fix path traversal attack in gpg-wks-server. Add the mail address to the pending request data. * wkd: New command --mirror for gpg-wks-client. * gpg-auth: New tool for authentication. * New common.conf option no-autostart. * Silence warnings from AllowSetForegroundWindow unless GNUPG_EXEC_DEBUG_FLAGS is used. * Rebase gnupg-detect_FIPS_mode.patch * Remove patch upstream: - gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch ++++ kernel-default: - rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. - commit bdc0bf7 - Update patches.kernel.org/6.0.2-022-wifi-cfg80211-mac80211-reject-bad-MBSSID-elemen.patch (bsc#1012628 bsc#1203770 CVE-2022-41674). - Update patches.kernel.org/6.0.2-023-wifi-mac80211-fix-MBSSID-parsing-use-after-free.patch (bsc#1012628 bsc#1204051 CVE-2022-42719). - Update patches.kernel.org/6.0.2-025-wifi-cfg80211-fix-BSS-refcounting-bugs.patch (bsc#1012628 bsc#1204059 CVE-2022-42720). - Update patches.kernel.org/6.0.2-026-wifi-cfg80211-avoid-nontransmitted-BSS-list-cor.patch (bsc#1012628 bsc#1204060 CVE-2022-42721). - Update patches.kernel.org/6.0.2-028-wifi-mac80211-fix-crash-in-beacon-protection-fo.patch (bsc#1012628 bsc#1204125 CVE-2022-42722). Add CVE references. - commit af756fb ++++ libgpg-error: - Update to 1.46: * Support for bidirectional pipes under Windows. * REG_DWORD types are now support in the Windows Registry. * Added ES_SYSHD_SOCK support for gpgrt_sysopen under Windows. * Fixed gpgrt_log_get_fd for the file case. * Avoids header problem with C11 and "noreturn". * The gpg-error-config command is not installed by default, because it is now replaced by use of pkg-config/gpgrt-config with gpg-error.pc. Supply --enable-install-gpg-error-config configure option, if it's really needed. * Fixed support of posix-lock for FreeBSD. * Build fixes for some Mingw tool chain versions. * Removed remaining support for WindowsCE. * Updated config.guess, config.sub, and config.rpath. * gpg-error-config is now only installed when enabled. * System paths are now stripped from --cflags --and --libs. ++++ libksba: - libksba 1.6.2: [bsc#1204357, CVE-2022-3515] * Fix integer overflow in the CRL parser. ++++ ncurses: - Add ncurses patch 20221015 + fix another memory-leak in tic. + update install-sh script from autoconf, to fix install problem for Ada95 with Arch; as noted in https://lists.gnu.org/archive/html/automake/2018-09/msg00005.html there are unaddressed issues. + update CF_XOPEN_SOURCE, adding GNU libc suffixes for abi64, abin32, x32 (report by Sven Joachim): + correct ifdef's for _nc_set_read_thread() (patch by Mikhail Korolev, cf: 20220813). ++++ tiff: - security update: * CVE-2022-2519 [bsc#1202968] * CVE-2022-2520 [bsc#1202973] * CVE-2022-2521 [bsc#1202971] + tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch ++++ libzypp: - Do not clean up MediaSetAccess before using the geoip file (fixes #424) - version 17.31.4 (22) ------------------------------------------------------------------ ------------------ 2022-10-16 - Oct 16 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Linux 6.0.2 (bsc#1012628). - nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() (bsc#1012628). - nilfs2: fix use-after-free bug of struct nilfs_root (bsc#1012628). - nilfs2: fix leak of nilfs_root in case of writer thread creation failure (bsc#1012628). - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (bsc#1012628). - nvme-pci: set min_align_mask before calculating max_hw_sectors (bsc#1012628). - random: restore O_NONBLOCK support (bsc#1012628). - random: clamp credited irq bits to maximum mixed (bsc#1012628). - ALSA: hda: Fix position reporting on Poulsbo (bsc#1012628). - efi: Correct Macmini DMI match in uefi cert quirk (bsc#1012628). - scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets" (bsc#1012628). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1012628). - scsi: stex: Properly zero out the passthrough command structure (bsc#1012628). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (bsc#1012628). - Revert "USB: fixup for merge issue with "usb: dwc3: Don't switch OTG -> peripheral if extcon is present"" (bsc#1012628). - Revert "usb: dwc3: Don't switch OTG -> peripheral if extcon is present" (bsc#1012628). - Revert "powerpc/rtas: Implement reentrant rtas call" (bsc#1012628). - Revert "crypto: qat - reduce size of mapped region" (bsc#1012628). - random: avoid reading two cache lines on irq randomness (bsc#1012628). - random: use expired timer rather than wq for mixing fast pool (bsc#1012628). - wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() (bsc#1012628). - wifi: cfg80211/mac80211: reject bad MBSSID elements (bsc#1012628). - wifi: mac80211: fix MBSSID parsing use-after-free (bsc#1012628). - wifi: cfg80211: ensure length byte is present before access (bsc#1012628). - wifi: cfg80211: fix BSS refcounting bugs (bsc#1012628). - wifi: cfg80211: avoid nontransmitted BSS list corruption (bsc#1012628). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (bsc#1012628). - wifi: mac80211: fix crash in beacon protection for P2P-device (bsc#1012628). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (bsc#1012628). - mctp: prevent double key removal and unref (bsc#1012628). - Input: xpad - add supported devices as contributed on github (bsc#1012628). - Input: xpad - fix wireless 360 controller breaking after suspend (bsc#1012628). - misc: pci_endpoint_test: Aggregate params checking for xfer (bsc#1012628). - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (bsc#1012628). - commit 7fb6561 ++++ mozilla-nss: - update to NSS 3.83 * bmo#1788875 - Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * bmo#1563221 - remove older oses that are unused part3/ BeOS * bmo#1563221 - remove older unix support in NSS part 3 Irix * bmo#1563221 - remove support for older unix in NSS part 2 DGUX * bmo#1563221 - remove support for older unix in NSS part 1 OSF * bmo#1778413 - Set nssckbi version number to 2.58 * bmp#1785297 - Add two SECOM root certificates to NSS * bmo#1787075 - Add two DigitalSign root certificates to NSS * bmo#1778412 - Remove Camerfirma Global Chambersign Root from NSS * bmo#1771100 - Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * bmo#1779361 - Removed skipping of ECH on equality of private and public server name * bmo#1779357 - Added comment and bug reference to ECHRandomHRRExtension bogo test * bmo#1779370 - Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * bmo#1779234 - Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * bmo# 1771100 - Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * bmo#1771100 - Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * bmo#1771100 - Update BoGo tests to recent BoringSSL version * bmo#1785846 - Bump minimum NSPR version to 4.34.1 ++++ mozilla-nspr: - update to version 4.35 * fixes for building with clang * use the number of online processors for the PR_GetNumberOfProcessors() API on some platforms * fix build on mips+musl libc * Add support for the LoongArch 64-bit architecture ------------------------------------------------------------------ ------------------ 2022-10-15 - Oct 15 2022 ------------------- ------------------------------------------------------------------ ++++ gettext-runtime: - Update to Version 0.21.1 * Runtime behaviour: - On AIX, locale names with a script or with an uppercase language are now supported. For example, sr_Cyrl_RS.UTF-8 is treated like sr_RS.UTF-8@cyrillic, and EN_US.UTF-8 is treated like en_US.UTF-8. * The base Unicode standard is now updated to 14.0.0. * Portability: - Building on macOS 11/arm64 is now supported. - Building on Linux/powerpc64le with glibc ≥ 2.35 is now supported. ------------------------------------------------------------------ ------------------ 2022-10-14 - Oct 14 2022 ------------------- ------------------------------------------------------------------ ++++ elfutils: - Add RISC-V specific patches: * 0001-libelf-Sync-elf.h-from-glibc.patch * 0002-backends-Handle-new-RISC-V-specific-definitions.patch * 0003-elflint-Allow-zero-p_memsz-for-PT_RISCV_ATTRIBUTES.patch * 0004-readelf-Handle-SHT_RISCV_ATTRIBUTES-like-SHT_GNU_ATT.patch * 0005-backends-Add-RISC-V-object-attribute-printing.patch ++++ fde-tools: - Add bsc1204037-mokutil-check-sb-state.patch to check the SecureBoot state with mokutil (bsc#1204037) ++++ gnutls: - Consolidate the FIPS hmac files [bsc#1203245] * Use the gnutls fipshmac tool instead of the brp-check-suse and rename it to reflect on the library version. * Remove not needed gnutls-FIPS-Run-CFB8-without-offset.patch - Add a gnutls.rpmlintrc file to remove a hidden-file-or-dir false positive for the FIPS hmac calculation. ++++ kernel-default: - series.conf: cleanup - update upstream reference and move into sorted section: - patches.suse/watchdog-wdat_wdt-fix-min-max-timer-value.patch - commit 64a2b58 - Refresh patches.suse/ACPI-resource-Add-ASUS-model-S5402ZA-to-quirks.patch. - Refresh patches.suse/ACPI-resource-Skip-IRQ-override-on-Asus-Vivobook-K34.patch. Update upstream status. They were merged already. - commit 098c340 - ACPI: resource: do IRQ override on LENOVO IdeaPad (bsc#1203794). - ACPI: resource: Add ASUS model S5402ZA to quirks (bsc#1203794). - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (bsc#1203794). - commit c7a2f55 ++++ libxml2: - Update to version 2.10.3 (bsc#1204366, CVE-2022-40303, bsc#1204367, CVE-2022-40304): + Security: - [CVE-2022-40304] Fix dict corruption caused by entity reference cycles - [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE - Fix overflow check in SAX2.c + Build system: cmake: Set SOVERSION - Rebase patches with quilt. ++++ libzypp: - Improve download of optional files (fixes #416) - Do not use geoip rewrites if the repo has explicit country settings. - Implement geoIP feature for zypp. This patch adds a feature to rewrite request URLs to the repo servers by querying a geoIP file from download.opensuse.org. This file can return a redirection target depending on the clients IP adress, this way we can directly contact a local mirror of d.o.o instead. The redir target stays valid for 24hrs. This feature can be disabled in zypp.conf by setting 'download.use_geoip_mirror = false'. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - version 17.31.3 (22) ++++ libxml2-python: - Update to version 2.10.3 (bsc#1204366, CVE-2022-40303, bsc#1204367, CVE-2022-40304): + Security: - [CVE-2022-40304] Fix dict corruption caused by entity reference cycles - [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE - Fix overflow check in SAX2.c + Build system: cmake: Set SOVERSION - Rebase patches with quilt. ------------------------------------------------------------------ ------------------ 2022-10-13 - Oct 13 2022 ------------------- ------------------------------------------------------------------ ++++ ansible: - update to 6.5.0: Ansible 6.5.0 will include ansible-core 2.13.5 as well as a curated set of Ansible collections to provide a vast number of modules and plugins. * The changelog for ansible-core 2.13 installed by this release of ansible is available here: https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst * Collections which have opted into being a part of the Ansible-6 unified changelog will have an entry on this page: https://github.com/ansible-community/ansible-build-data/blob/main/6/CHANGELOG-v6.rst ++++ dbus-1: - Disable asserts (bsc#1087072) ++++ dracut: - Update to version 057+suse.337.g4162a70e: * fix(network-legacy): misleading duplicate address detection using wicked (bsc#1201235) A series of fixes for NVMeoF boot (bsc#1203368): * fix(man): dracut.cmdline.7: clarify "rd.nvmf.discover=fc,auto" * fix(network): avoid double brackets around IPv6 address * feat(nvmf): set rd.neednet=1 if tcp records encountered * fix(man): dracut.cmdline(7): correct syntax for rd.nonvmf * fix(network): don't use same ifname multiple times * fix(nvmf): run cmdline hook before parse-ip-opts.sh * fix(nvmf): avoid calling "exit" in a cmdline hook * fix(nvmf): make sure "rd.nvmf.discover=fc,auto" takes precedence * fix(nvmf): don't use "finished" queue for autoconnect * fix(nvmf): don't create did-setup file * fix(nvmf): no need to load the nvme module * fix(nvmf): don't try to validate network connections in cmdline hook * fix(nvmf): nvme list-subsys prints the address using commas as separator * fix(systemd): add missing modprobe@.service (bsc#1203749) * fix(i18n): do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267) ++++ fde-tools: - Add bsc1204037-update-grub.cfg-for-pw-only.patch to update grub.cfg when the user only chooses the pass phrase to encrypt the disk. (bsc#1204037) ++++ hwdata: - update to 0.363: + Updated pci, usb and vendor ids. ++++ rdma-core: - Add rdma-ndd-disable-systemd-ProtectHostName-feature.patch to fix issue where rdma-ndd would not be aware of dynamic hostnames retrived through DHCP ++++ gcc12: - Update embedded newlib to version 4.2.0 * includes newlib-4.1.0-aligned_alloc.patch ++++ unbound: - update to 1.17.0 * Features - Merge #753: ACL per interface. (New interface-* configuration options). - Merge #760: PROXYv2 downstream support. (New proxy-protocol-port configuration option). * Bug Fixes - Fix #728: alloc_reg_obtain() core dump. Stop double alloc_reg_release when serviced_create fails. - Fix edns subnet so that scope 0 answers only match sourcemask 0 queries for answers from cache if from a query with sourcemask 0. - Fix unittest for edns subnet change. - Merge #730 from luisdallos: Fix startup failure on Windows 8.1 due to unsupported IPV6_USER_MTU socket option being set. - Fix ratelimit inconsistency, for ip-ratelimits the value is the amount allowed, like for ratelimits. - Fix #734 [FR] enable unbound-checkconf to detect more (basic) errors. - Fix to log accept error ENFILE and EMFILE errno, but slowly, once per 10 seconds. Also log accept failures when no slow down is used. - Fix to avoid process wide fcntl calls mixed with nonblocking operations after a blocked write. - Patch from Vadim Fedorenko that adds MSG_DONTWAIT to receive operations, so that instruction reordering does not cause mistakenly blocking socket operations. - Fix to wait for blocked write on UDP sockets, with a timeout if it takes too long the packet is dropped. - Fix for wait for udp send to stop when packet is successfully sent. - Fix #741: systemd socket activation fails on IPv6. - Fix to update config tests to fix checking if nonblocking sockets work on OpenBSD. - Slow down log frequency of write wait failures. - Fix to set out of file descriptor warning to operational verbosity. - Fix to log a verbose message at operational notice level if a thread is not responding, to stats requests. It is logged with thread identifiers. - Remove include that was there for debug purposes. - Fix to check pthread_t size after pthread has been detected. - Convert tdir tests to use the new skip_test functionality. - Remove unused testcode/mini_tpkg.sh file. - Better output for skipped tdir tests. - Fix doxygen warning in respip.h. - Fix to remove erroneous TC flag from TCP upstream. - Fix test tdir skip report printout. - Fix windows compile, the identifier interface is defined in headers. - Fix to close errno block in comm_point_tcp_handle_read outside of ifdef. - Fix static analysis report to remove dead code from the rpz_callback_from_iterator_module function. - Fix to clean up after the acl_interface unit test. - Merge #764: Leniency for target discovery when under load (for NRDelegation changes). - Use DEBUG_TDIR from environment in mini_tdir.sh for debugging. - Fix string comparison in mini_tdir.sh. - Make ede.tdir test more predictable by using static data. - Fix checkconf test for dnscrypt and proxy port. - Fix dnscrypt compile for proxy protocol code changes. - Fix to stop responses with TC flag from resulting in partial responses. It retries to fetch the data elsewhere, or fails the query and in depth fix removes the TC flag from the cached item. - Fix proxy length debug output printout typecasts. - Fix to stop possible loops in the tcp reuse code (write_wait list and tcp_wait list). Based on analysis and patch from Prad Seniappan and Karthik Umashankar. - Fix PROXYv2 header read for TCP connections when no proxied addresses are provided. ++++ python-contextvars: - use https for urls ++++ ovmf: - Update to edk2-stable202208 (jsc#PED-1410) - Features (https://github.com/tianocore/edk2/releases): Add CRC16 and CRC32C to MdePkg IntelFsp2Pkg/ConfigEditor: Support FSP 2.3 header Extend SecureBootVariableLib interfaces UEFI HTTPS Boot Support for HTTP Client Authentication (Basic or Digest) Support 64bit FspResetType for X64 build IntelFsp2Pkg/FspSecCore: Add FSP-I entry for SMM support Add PCI_DEVICE_PPI definition to EDK2 Support to assign the subject name to sign the capsule file - Patches (git log --oneline --reverse edk2-stable202205..edk2-stable202208): 7f0890776e MdeModulePkg/UniversalPayload: Align Identifier value with UPL spec b4be5f05dd UefiPayloadPkg: Align Identifier value with UPL spec dac2fc8146 UefiPayloadPkg: Align SpecRevision value with UPL spec 3ca7326b37 OvmfPkg/VirtioGpuDxe: replace struct copy with CopyMem call fa2b212d61 IntelFsp2Pkg: Add FSP 2.3 header support 11d8abcba2 IntelFsp2Pkg: FSP_TEMP_RAM_INIT call must follow X64 Calling Convention df1c7e91b4 IntelFsp2WrapperPkg: FSP_TEMP_RAM_INIT call for X64 Calling Convention 62044aa99b OvmfPkg/ResetVector: Removing SEV-ES CPUID bit check 54cd0d9b2f OvmfPkg: Fix TDVMCALL error in ApRunLoop.nasm 64706ef761 OvmfPkg: Search EFI_RESOURCE_MEMORY_UNACCEPTED for Fw hoblist 81ab97b7b9 OvmfPkg/AmdSev: remove unused SMM bits from .dsc and .fdf files 0223898f3e OvmfPkg/Microvm: drop CODE and VARS files b57911c84c OvmfPkg/FdtPciHostBridgeLib: io range is not mandatory 47f44097eb OvmfPkg/Platform: unfix PcdPciExpressBaseAddress ad3bafa7d5 OvmfPkg/Microvm/pcie: no vbeshim please bd10d4e201 OvmfPkg/Microvm/pcie: mPhysMemAddressWidth tweak 632574ced1 OvmfPkg/Microvm/pcie: add pcie support 5c9f151e0c OvmfPkg: CloudHv: Fix FW_BASE_ADDRESS 43f3cfce19 OvmfPkg: Check for QemuFwCfg availability before accessing it 3129ed374c OvmfPkg: CloudHv: Rely on QemuFwCfgLibNull implementation bf25f27e00 OvmfPkg: Don't access A20 gate register on Cloud Hypervisor 72c5afd0b4 Security: Add HashLibTdx b1567b2e15 CryptoPkg: Add SecCryptLib dc443e4437 SecurityPkg: Add definition of EFI_CC_EVENT_HOB_GUID a708536dce OvmfPkg: Introduce SecMeasurementLib 4b0a622635 OvmfPkg/IntelTdx: Measure Td HobList and Configuration FV ac03c339de OvmfPkg: Add PCDs for LAML/LASA field in CC EVENTLOG ACPI table f8264e1303 MdePkg: Define CC Measure EventLog ACPI Table 57a6ee3461 OvmfPkg/IntelTdx: Add TdTcg2Dxe 0a4019ec9d OvmfPkg/IntelTdx: Enable RTMR based measurement and measure boot 0b36dea3f8 BaseTools: Fix dependency issue in PcdValueInit 4f89e4b3e8 .pytool: UncrustifyCheck: Set IgnoreFiles path relative to package path 2818fda9bc Security: Add SecTpmMeasurementLibTdx ff0ffe5999 OvmfPkg: Implement MeasureHobList/MeasureFvImage a81a650da1 OvmfPkg: Delete SecMeasurementLibTdx ff36b2550f OvmfPkg/Sec: fix stack switch 21a9b605b8 CpuException: Avoid allocating code pages for DXE instance 34d505123e CpuException: Init global variables in-place 2fbc5ff0a5 CpuException: Avoid allocating page but using global variables 2a09527ebc CpuException: Remove InitializeCpuInterruptHandlers e7abb94d1f CpuException: Add InitializeSeparateExceptionStacks 54aeed7e00 MpInitLib: Allocate code buffer for PEI phase 76323c3145 MpInitLib: remove unneeded global ASM_PFX b4d7b9d2b5 MpInitLib: Put SEV logic in separate file 283ab9437a MpInitLib: Only allocate below 1MB memory for 16bit code ccc269756f MpInitLib: Move the Above1Mb vector allocation to MpInitLibInitialize f0b97e165e Revert "OvmfPkg/Sec: fix stack switch" b09ada6edc MdePkg: Remove "assert" from SmmCpuRendevousLibNull.c 92288f4334 MdePkg/BaseLib: Add CRC16-ANSI and CRC32c implementations e2ae0bed29 ArmPkg/ArmExceptionLib: Follow new CpuExceptionHandlerLib APIs 6676162f64 DxeMain: Fix the bug that StackGuard is not enabled 16d97fa601 OvmfPkg: Use PcdOvmfWorkAreaBase instead of PcdSevEsWorkAreaBase 05e57cc9ce SecurityPkg/HashLibTdx: Return EFI_UNSUPPORTED if it is not Tdx guest 92ab049719 BaseTools: output the intermediate library instance when error occurs cc2db6ebfb UefiPayloadPkg: Increase the PcdMaximumUnicodeStringLength e8034b534a UefiPayloadPkg: Always split page table entry to 4K if it covers stack. cfe165140a UefiPayloadPkg: UniversalPayloadBuild.py to support --pcd feature b97243dea3 MdeModulePkg/XhciDxe: Check return value of XHC_PAGESIZE register 3930d1791a ArmPlatformPkg: Remove overly verbose DEBUG lines in LcdGraphicsBlt aa1bce0e5e OvmfPkg: reduce the number of dsc include files for tpm libs 6c9f218bc0 OvmfPkg/Library: Create base HardwareInfoLib for PCI Host Bridges 2b1a5b8c61 Ovmf/HardwareInfoLib: Create Pei lib to parse directly from fw-cfg a1bd79c514 Ovmf/HardwareInfoLib: Add Dxe lib to dynamically parse heterogenous data 3497fd5c26 Ovmf/PlatformPei: Use host-provided GPA end if available 3f5b1b9132 OvmfPkg/PciHostBridgeUtilityLib: Initialize RootBridges apertures with spec f304308e1c ArmPlatformPkg: Add PCD for serial debug port interrupt 4bfd668e5e UefiCpuPkg: CpuDxe: Set RW and P Attributes on Split Pages 2aee08c0b6 UefiPayloadPkg: Backward support with python 3.6 8f0722434b ArmVirtPkg: Include DxeHardwareInfoLib library class in dsc 15b25045e6 Ovmf: Include HardwareInfoLib library classes for IntelTdx b600f253b3 BaseTools/Ecc: Fix grammar in Ecc error message 7f4eca4cc2 MdeModulePkg/XhciDxe: Add access xHCI Extended Capabilities Pointer 5914128871 BaseTools: Fix the GenMake bug for .cpp source file c13377153f MdePkg/Acpi62: Add type 7 NFIT Platform Capabilities Structure support 21e6ef7522 UefiPayloadPkg: Align Attribute value with UPL spec 8d0564deaf pip-requirements.txt: Update basetools version to 0.1.24 f966093f5b OvmfPkg/PlatformCI: add IntelTdxBuild.py 70586d4e3a MdePkg/Acpi62: Add bit definitions to NFIT Platform Capabilities Structure 7861b24dc9 ArmPkg/Drivers: ArmGicIsInterruptEnabled returns incorrect value e1eef3a8b0 NetworkPkg: Add Wi-Fi Wpa3 support in WifiConnectManager 134fbd552c SecurityPkg: UefiSecureBoot: Definitions of cert and payload structures d6bee54c45 SecurityPkg: PlatformPKProtectionLib: Added PK protection interface 56c717aafa SecurityPkg: SecureBootVariableLib: Updated time based payload creator 6de7c084db SecurityPkg: SecureBootVariableLib: Updated signature list creator 6eb4079475 SecurityPkg: SecureBootVariableLib: Added newly supported interfaces fe73e9cd89 SecurityPkg: SecureBootVariableProvisionLib: Updated implementation d2a0f379d5 SecurityPkg: Secure Boot Drivers: Added common header files 5678ebb42b SecurityPkg: SecureBootConfigDxe: Updated invocation pattern dbc4e3675f SecurityPkg: SecureBootVariableLib: Added unit tests 152e37cc5a OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency f193b945ea EmulatorPkg: Pipeline: Resolve SecureBootVariableLib dependency 9ab18fec82 StandaloneMmPkg: Fix issue about SpPcpuSharedBufSize field 31d3eeb103 StandaloneMmPkg: Replace DEBUG_INFO with DEBUG_ERROR 5496c763aa StandaloneMmPkg: Fix check buffer address failed issue from TF-A e93bc6309b UefiCpuPkg/SecCore: Add debug messages to illuminate data flow 86a0f84470 ArmVirtPkg: Pipeline: Resolving newly introduced dependency c8e30482fd .gitignore: Ignore build tools build logs f6f3cc7ead UefiPayloadPkg: Add CryptoDxe driver to UefiPayload 12dd064a18 MdePkg/include: Update DMAR definitions to Intel VT-d spec ver4.0 9ab389c01b UefiCpuPkg: Update SEC_IDT_TABLE struct 470206ba7f IntelFsp2Pkg: Update SEC_IDT_TABLE struct 0d23c447d6 DynamicTablesPkg: Add support to specify FADT minor revision 07c8e5e59b UefiPayloadPkg/PlatformBootManagerLib: Evenly space boot prompt 176016387f BaseTools: add '-p' for Linux 'cp' command. 039bdb4d3e BaseTools: Fix DSC LibraryClass precedence rule fc4a132c0e DynamicTables: Fix DT PCI interrupt flags parsing 792ebb6374 DynamicTablesPkg: Fix generated _HID value for SBSA c966204049 IntelFsp2Pkg: Add Definition of EDKII_PEI_VARIABLE_PPI 586b4a104b Maintainers.txt: Add IntelFsp2*Pkg Maintainer e18a5f813c Maintainers.txt: Update Maintainers/reviewers for UefiPayloadPkg e21b203911 UefiPayloadPkg: Add macro to support selective driver in UPL f0064ac3af Maintainers.txt: Update email address 6cda306da1 DynamicTablesPkg: AcpiSsdtPcieLibArm: Correct translation value 9ac155bf0b DynamicTablesPkg: AcpiSsdtPcieLibArm: Support UID > 0xF 19a8768365 DynamicTablesPkg: AcpiSsdtPcieLibArm: Create support library 671b0cea51 NetworkPkg/HttpBootDxe: Add Support for HTTP Boot Basic Authentication 140446cd59 IntelFsp2Pkg: Support 64bit FspResetType for X64 build. 24eac4caf3 IntelFsp2WrapperPkg: Support 64bit FspResetType for X64 build. 4824924377 IntelFsp2Pkg/FspSecCore: Add FSP-I API for SMM support. 3b8cee1781 Maintainers.txt: update Gary's email address 7ef91af84c EmulatorPkg/PosixFileSystem: Add NULL check on memory allocation 494f333aba MdeModulePkg/CoreDxe: Allow DXE Drivers to use untested memory 343f37b5c0 MdeModulePkg/SetupBrowserDxe:Follow spec'd way to reconnect driver c8af26627a ArmPkg/CpuDxe: drop ARM_PROCESSOR_TABLE pseudo-ACPI table 5a3641bfcd IntelFsp2Pkg: Add FSPI_ARCH_UPD. bf1ff540d9 MdePkg/UefiDevicePathLib: Add support for PEIMs 6964b5c48c MdeModulePkg/Include: Long debug string is truncated to 104 char d32a84b5ad BaseTools: INF should use latest Pcd value instead of default value 8ee26529d1 BaseTools/VolInfo: Correct alignment attributes display c0b7679aac BaseTools/VolInfo: Increase define for highest section value fca5de51e1 BaseTools/VolInfo: Correct EFI_SECTION_VERSION display 8a5782d704 UefiCpuPkg: Fix nasm warning "signed byte value exceeds" a47241f133 UefiPayloadPkg: Add macro to support selection of CryptoDxe driver 69f76d0f72 Maintainers.txt: Remove OvmfPkg/XenTimerDxe reference a8c4fe23c4 Maintainers.txt: Add missing github ids 7f1c89f167 Maintainers.txt: Remove reviewer Harry Han b68d566439 BaseTools/Capsule: Support signtool input subject name to sign capsule file e3d468acb9 BaseTools/VolInfo: Show encapsulation sections 2677286307 UefiPayloadPkg: Fix RelaAddress type always mismatch in if condition f26b70cb9f UefiPayloadPkg: Add support for logging to CBMEM console 57783adfb5 OvmfPkg: Change default to disable MptScsi and PvScsi 1774a44ad9 Maintainers.txt: Remove MptScsi and PvScsi reviewers 0e7add1d75 OvmfPkg/XenHypercallLib: Fix naming of AArch64 3eca64f157 IntelFsp2Pkg: FSPI_UPD is not mandatory. 0d0bfcb457 IntelFsp2Pkg: Fix GenCfgOpt bug for FSPI_UPD support. 8a210b9ac0 ShellPkg: Acpiview: Abbreviate field names to preserve alignment 65c4f3f2be DynamicTablesPkg: Handle error when IdMappingToken is NULL f5cea604a6 DynamicTablesPkg: IORT set reference to Id array only if present 238f903e8d DynamicTablesPkg: IORT set reference to interrupt array if present 4c55f6394f MdePkg: IORT header update for IORT Rev E.d spec cd67efa1b2 ShellPkg: Acpiview: IORT parser update for IORT Rev E.d spec de200b7e2c DynamicTablesPkg: Update ArmNameSpaceObjects for IORT Rev E.d e9150618ec DynamicTablesPkg: IORT generator updates for Rev E.d spec 6f4e10d6db SecurityPkg: Add retry mechanism for tpm command 19cbfaa431 OvmfPkg/QemuVideoDxe: Zero out PixelInformation in QueryMode a551de0d93 ArmVirtPkg: Fix KVM Guest Firmware 0dc9b78a46 Maintainers.txt: Add missing Github IDs for OvmfPkg TPM/TGC modules d219119721 UefiPayloadPkg/PlatformBootManagerLib: Correct spacing in boot prompt 79aab22fca UefiPayloadPkg: Add a Macro to enable Boot Logo 444260d45e UefiPayloadPkg: Load Boot Logo into ACPI table 86757f0b47 MdeModulePkg: Add EDKII_PCI_DEVICE_PPI definition a8f59e2eb4 MdeModulePkg/AhciPei: Use PCI_DEVICE_PPI to manage AHCI device 3e599bbc10 DynamicTablesPkg: Fix using RmrNodeCount unitlitialised a0a03b5154 BaseTools/GenSec: Fix typo f5f8c08db9 BaseTools/VolInfo: Show FV section boundaries d241a09afb BaseTools/VolInfo: Parse EFI_SECTION_FREEFORM_SUBTYPE_GUID header cf02322c98 BaseTools/GenSec: Support EFI_SECTION_FREEFORM_SUBTYPE_GUID sections 1ee1622817 Basetools/GenFw: Allow AARCH64 builds to use the --prm flag 9f197e44b1 PrmPkg: Enable external visibility on PRM symbols 21200d9fe6 PrmPkg: Build Prm Samples with GCC for AARCH64 57faeb782a PrmPkg: Support AArch64 builds using GCC 1da2012d93 PrmPkg: Add details on AArch64 build to the Readme. 0f7bccf584 UefiCpuPkg: Simplify InitializeSeparateExceptionStacks 9a24c3546e MdeModulePkg: Move CPU_EXCEPTION_INIT_DATA to UefiCpuPkg f1688ec9da UefiCpuPkg: Simplify the struct definition of CPU_EXCEPTION_INIT_DATA 75e3c2435c UefiCpuPkg: Create CpuPageTableLib for manipulating X86 paging structs f336e30ba1 UefiCpuPkg/CpuPageTableLib: Return error on invalid parameters bf334513b3 CpuPageTableLib: Fix a bug when a bit is 1 in Attribute, 0 in Mask 13a0471bfd CpuPageTableLib: Refactor the logic 9cb8974f06 CpuPageTableLib: Split the page entry when LA is aligned but PA is not c16f02f776 CpuPageTableLib: Avoid treating non-leaf entry as leaf one f4c845e46b CpuPageTableLib: Fix parent attributes are not inherited properly 9f53fd4ba7 CpuPageTableLib: Fix a bug to avoid unnecessary changing to page table 927113c83b CpuPageTableLib: Fix bug that wrongly requires extra size for mapping e9e2ecab2d CpuPageTableLib: define IA32_PAGE_LEVEL enum type internally e76496530c MdePkg/Library/UefiDevicePathLib: Add back StandaloneMm INF file bd06717863 MdeModulePkg: Enhance bus scan for all root bridge instances 74f44d920a ShellPkg/SmbiosView: Display extended memory info in smbiosview -t 17 83d5871184 UefiCpuPkg/PiSmmCpuDxeSmm: Add a new mIsShadowStack flag 7b4754904e UefiCpuPkg/PiSmmCpuDxeSmm: Remove mInternalCr3 in PiSmmCpuDxeSmm 62391b4ce9 MdeModulePkg/DxeIpl: Remove clearing CR0.WP when protecting pagetable 803ed060ee UefiPayloadPkg: Remove clearing CR0.WP when protecting pagetable a2b61de2f6 IntelFsp2Pkg: FSPM_ARCH2_UPD mismatching bug. 809b5a3d2a MdeModulePkg: Update the SMBIOS version by UPL 2812668bfc UefiCpuPkg/CpuPageTableLib/UnitTest: Add host based unit test 30d62f5e31 OvmfPkg/PlatformDxe: Check ExtractConfig and RouteConfig arguments b94836b224 OvmfPkg/VirtioGpuDxe: Check QueryMode arguments 3f282f4510 OvmfPkg/VirtioFsDxe: Check GetDriverName arguments 64a20bea97 MdeModulePkg/DumpDynPcd: Remove unsupported format specifiers 9102518d29 MdePkg: Improved Smbios Type9 table and Smbios spec v3.5.0 Changes 35d167ef3c ShellPkg: Improved Smbios Type 9 table changes in PrintInfo.c 68bf712d4f MdePkg: Added support for SMBIOS spec v3.6.0 to Smbios.h e2ac68a23b BaseTools/Source/C/GenSec: Fix EFI_SECTION_FREEFORM_SUBTYPE_GUID header d5fd86f256 ShellPkg: Adds Local APIC parser to AcpiView 2bb0020675 UefiPayloadPkg: Return PciRootBridges instead of NULL c15c9fa420 UefiPayloadPkg: Add macro to control NvmExpressDxe 938430741f RedfishPkg/RedfishDiscoverDxe: USB Redfish host interface is not supported eebef1b3b7 RedfishPkg: Redfish modules may need to use the functions which are private f2bf043aaa RedfishPkg: Redfish functions for REST requests are not fully spec complied dfdba857a6 UefiPayloadPkg: Fix Coverity report defect 4d83ee04f4 ShellPkg: Add revision check for DSDT Header on Arm 0ede7cad73 Maintainers.txt: Update maintainers list 722e03bc2e Revert "UefiCpuPkg/CpuPageTableLib/UnitTest: Add host based unit test" 166c49c212 Revert "ShellPkg: Adds Local APIC parser to AcpiView" 39ff9769ca Revert "BaseTools: Fix DSC LibraryClass precedence rule" ba0e0e4c6a BaseTools: Fix DevicePath GNUmakefile for macOS - Respin the following patches: ovmf-Revert-UefiCpuPkg-Replace-Opcode-with-the-correspond.patch ++++ vim: - Updated to version 9.0.0743, fixes the following problems * Virtual text "after" not correct with 'nowrap'. * Quitting/unloading/hiding a terminal buffer does not always work properly. * SubStation Alpha files are not recognized. * Wrong column when calling setcursorcharpos() with zero lnum. * of MenuPopup event is expanded like a file name. * With 'nowrap' two virtual text below not displayed correctly. * Wrong argument for append() gives two error messages. * With 'nowrap' virtual text "after" does not scroll left. * Compiler warning for unused variable in tiny build. * Extra empty line between two virtual text "below" when 'wrap' and 'number' are set. * Too many delete() calls in tests. * Virtual text "above" with padding not displayed correctly. * Virtual text "after" does not show with 'list' set. * Extra empty line below virtual text when 'list' is set. * Closure in compiled function gets same variable in block. * Virtual text "after" wraps to next line even when 'wrap' is off and 'list' is set. * Looping over list of lists and changing the list contents works in Vim9 script, not in a compiled function. * Help in the repository differs from patched version too much. * extend() test fails. * The rightleft and arabic features are disabled. * Startup test fails with right-left feature. * clang-tidy configuration files are not recognized. * No check for white space before and after "=<<". (Doug Kearns) * Use of strftime() is not safe. * Cursor position invalid when scrolling with 'smoothscroll' set. (Ernie Rael) * Breakindent and scrolloff tests fail. * Quickfix listing does not handle very long messages. * Lisp word only recognized when a space follows. * Cannot suppress completion "scanning" messages. * Mouse column not correctly used for popup_setpos. * prop_add_list() gives multiple errors for invalid argument. * Cannot specify an ID for each item with prop_add_list(). (Sergey Vlasov) * Starting cscope on Unix does not quote the arguments correctly. (Gary Johnson) ------------------------------------------------------------------ ------------------ 2022-10-12 - Oct 12 2022 ------------------- ------------------------------------------------------------------ ++++ ansible-core: - update to 2.13.5: Changelog https://github.com/ansible/ansible/blob/v2.13.5/changelogs/CHANGELOG-v2.13.rst * Bugfixes - ansible-galaxy - remove extra server api call during dependency resolution for requirements and dependencies that are already satisfied (#77443). - ansible-test - Allow disabled, unsupported, unstable and destructive integration test targets to be selected using their respective prefixes. - ansible-test - Allow unstable tests to run when targeted changes are made and the --allow-unstable-changed option is specified (resolves #74213). - apt - Fix module failure when a package is not installed and only_upgrade=True. Skip that package and check the remaining requested packages for upgrades. (#78762) - apt module should not traceback on invalid type given as package. issue 78663. - known_hosts - do not return changed status when a non-existing key is removed (#78598) - paramiko - Add back support for ssh_args, ssh_common_args, and ssh_extra_args for parsing the ProxyCommand (#78750) - plugin loader, fix detection for existing configuration before initializing for a plugin - Remove unneeded BuildRequires on python3-mock ++++ bash: - Don't strip binaries - Work around a signal mask issue with qemu linux-user emulation - Remove backup of patched tests ++++ lvm2-device-mapper: - lvm.conf should re-enable commented out option use_lvmlockd (bsc#1204219) - re-enable "use_lvmlockd = 0" in lvm.conf ++++ kernel-default: - Linux 6.0.1 (bsc#1012628). - xsk: Inherit need_wakeup flag for shared sockets (bsc#1012628). - fs: fix UAF/GPF bug in nilfs_mdt_destroy (bsc#1012628). - sparc: Unbreak the build (bsc#1012628). - Makefile.extrawarn: Move -Wcast-function-type-strict to W=1 (bsc#1012628). - hardening: Remove Clang's enable flag for - ftrivial-auto-var-init=zero (bsc#1012628). - docs: update mediator information in CoC docs (bsc#1012628). - hwmon: (aquacomputer_d5next) Fix Quadro fan speed offsets (bsc#1012628). - usb: mon: make mmapped memory read only (bsc#1012628). - USB: serial: ftdi_sio: fix 300 bps rate for SIO (bsc#1012628). - gpiolib: acpi: Add support to ignore programming an interrupt (bsc#1012628). - gpiolib: acpi: Add a quirk for Asus UM325UAZ (bsc#1012628). - RISC-V: Print SSTC in canonical order (bsc#1012628). - bpf: Gate dynptr API behind CAP_BPF (bsc#1012628). - net: ethernet: mtk_eth_soc: fix state in __mtk_foe_entry_clear (bsc#1012628). - bpf: Fix resetting logic for unreferenced kptrs (bsc#1012628). - Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works (bsc#1012628). - Update config files. - commit 0c45fd2 ++++ lvm2: - lvm.conf should re-enable commented out option use_lvmlockd (bsc#1204219) - re-enable "use_lvmlockd = 0" in lvm.conf ++++ libsoup: - Update to version 3.2.1: + When built against nghttp2 1.50.0+ be relaxed about header whitespace. + Fix possible crash when cancelling an HTTP/2 message. + Fix regresion where soup_server_message_get_socket() could return NULL. + Fix minor memory leak. - Disable tests on 32-bit while waiting for https://gitlab.gnome.org/GNOME/libsoup/-/issues/309 ++++ systemd: - Avoid expanding of macro in comment which leads to an error on installation (workaround for bsc#1203847) ++++ python-immutables: - Update to version 0.19 * Support for Python 3.11 ++++ raspberrypi-firmware-dt: - Update to 896b8da17ad1 (2022-10-03): * switch to 6.0 branch ------------------------------------------------------------------ ------------------ 2022-10-11 - Oct 11 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - update to 22.2.1 * lots of stuff here: llvmpipe, lavapipe, freedreno, aco, mesa, turnip, virgl, r600, zink, radv, core gallium, and nir. All in all, lots of good fixes all over the tree. ++++ Mesa-drivers: - update to 22.2.1 * lots of stuff here: llvmpipe, lavapipe, freedreno, aco, mesa, turnip, virgl, r600, zink, radv, core gallium, and nir. All in all, lots of good fixes all over the tree. ++++ tcpd: - Add hosts.allow and hosts.deny config files from the netcfg package, as they are tcpd specific, bsc#1099755 ++++ netcfg: - Remove hosts.allow and hosts.deny config files as they are only used by tcpd, which is not installed by default, bsc#1099755 ++++ pam: - pam_env: Using libeconf for reading configuration and environment files. (Patch: pam_env_econf.patch; Testcase: tst-pam_env-retval.c) ++++ patterns-alp: - skip kdump on non-supported architectures (bsc#1204214) ++++ timezone: - timezone update 2022e: * Jordan and Syria switch from +02/+03 with DST to year-round +03 ------------------------------------------------------------------ ------------------ 2022-10-10 - Oct 10 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Disabling netconfig compiling option for openSUSE Tumbleweed. ++++ kernel-default: - misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os (CVE-2022-3424 bsc#1204166). - commit cf55d04 ++++ kernel-firmware: - Apply the same workaround to uncompressed flat package, too (bsc#1204103) ++++ libffi: - add riscv64-handle-big-structures.patch ++++ ncurses: - Add ncurses patch 20221008 + correct a switch-statement case in configure script to allow for test builds with ABI=7. + modify misc/gen-pkgconfig.in to allow for the case where the library directory does not yet exist, since this is processed before doing an install (report by Michal Liszcz). ++++ zlib: - Add Power8 optimizations: * zlib-1.2.12-add-optimized-slide_hash-for-power.patch * zlib-1.2.12-add-vectorized-longest_match-for-power.patch * zlib-1.2.12-adler32-vector-optimizations-for-power.patch * zlib-1.2.12-fix-invalid-memory-access-on-ppc-and-ppc64.patch - Update zlib-1.2.12-IBM-Z-hw-accelerated-deflate-s390x.patch ++++ qemu: - Build fails due to exceeding 10 GB disk limit (10430 MB): raise disk space contraint to 12 GB ------------------------------------------------------------------ ------------------ 2022-10-9 - Oct 9 2022 ------------------- ------------------------------------------------------------------ ++++ gnutls: - Update to 3.7.8: * libgnutls: In FIPS140 mode, RSA signature verification is an approved operation if the key has modulus with known sizes (1024, 1280, 1536, and 1792 bits), in addition to any modulus sizes larger than 2048 bits, according to SP800-131A rev2. * libgnutls: gnutls_session_channel_binding performs additional checks when GNUTLS_CB_TLS_EXPORTER is requested. According to RFC9622 4.2, the "tls-exporter" channel binding is only usable when the handshake is bound to a unique master secret (i.e., either TLS 1.3 or extended master secret extension is negotiated). Otherwise the function now returns error. * libgnutls: usage of the following functions, which are designed to loosen restrictions imposed by allowlisting mode of configuration, has been additionally restricted. Invoking them is now only allowed if system-wide TLS priority string has not been initialized yet: - gnutls_digest_set_secure - gnutls_sign_set_secure - gnutls_sign_set_secure_for_certs - gnutls_protocol_set_enabled * Delete gnutls-3.6.6-set_guile_site_dir.patch and use the - -with-guile-extension-dir configure option to properly handle the guile extension directory. * Rebase gnutls-Make-XTS-key-check-failure-not-fatal.patch * Update gnutls.keyring * Add a build depencency on gtk-doc required by autoreconf ++++ harfbuzz: - Update to version 5.3.0: + Don’t add glyphs from dropped MATH or COLR tables to the subset glyphs + Map rlig to appropriate AAT feature selectors + Update USE data files to latest version + Check CBDT extents first before outline tables, to help with fonts that also include an empty glyf table + More work towards variable font instancing in the subsetter + Subsetter repacker improvements ++++ vim: - Updated to version 9.0.0709, fixes the following problems * Too many delete() calls in tests. * "const" and "final" both make the type a constant. (Daniel Steinberg) * Coverity warns for not checking return value. * Get an error for using const only when executing. * In Vim9 script a numbered function cannot be called. * Too many delete() calls in tests. * Calling a function from an "expr" option has too much overhead. * FEAT_TITLE was removed but is still used. * Evaluating "expr" options has more overhead than needed. * Build error and compiler warnings. * Underline color does not work in terminals that don't send a termresponse. * Syntax of commands in Vim9 script depends on +eval feature. * Popup menu highlight wrong on top of preview popup. (Yegappan Lakshmanan) * Checking for popup in screen_char() is too late, the attribute has already been changed. * Cannot scroll by screen line if a line wraps. * Missing part of the new option code. * Breakindent test fails. * Smoothscroll test fails. * 'smoothscroll' is not copied to a new window on :split. * CTRL-Y does not stop at line 1. (John Marriott) * with 'smoothscroll' set CTRL-E does not work properly when 'foldmethod' is set to "indent". (Yee Cheng Chin) * The 'splitscroll' option is not a good name. * When using powershell input redirection does not work. * No indication when the first line is broken for 'smoothscroll'. * Some tests are failing. * Build fails without the +conceal feature. * 'smoothscroll' not tested with 'number' and "n" in 'cpo'. * BS and DEL do not work properly in an interacive shell. (Gary Johnson) * Breakindent test fails. * passing modifier codes to a shell running in the GUI. (Gary Johnson) * Cannot specify another character to use instead of '@' at the end of the window. * Too many #ifdefs. * Wrong type of comment in SetSyn() function. * Mapping with CTRL keys does not work in the GUI. * Multi-byte "lastline" item in 'fillchars' does not work properly when the window is two columns wide. * Concealed characters do not work correctly. * Tests check for +cmdwin feature which is always present. * Bad redrawing with spell checking, using "C" and "$" in 'cpo'. * Setting 'cmdheight' has no effect if last window was resized. * Spacing-combining characters handled as composing, causing text to take more space than expected. * ml_get error when 'splitkeep' is "screen". (Marius Gedminas) * Too many delete() calls in tests. * No space for command line when there is a tabline. * Negative topline using CTRL-Y with 'smoothscroll' and 'diff'. (Ernie Rael) * Cursor line only partly shows with 'smoothscroll' and 'scrolloff' zero. * First line not scrolled properly with 'smoothscroll' and 'scrolloff' zero and using "k". * Search test screendump is outdated. * Breakindent test accepts wrong result. * Using exclamation marks on :function. * Tests failing with 'smoothscroll', 'number' and "n" in 'cpo'. * Tests failing with 'breakindent', 'number' and "n" in 'cpo'. * "<<<" shows for 'smoothscroll' even when 'showbreak is set. * Crash when popup with deleted timer is closed. (Igbanam Ogbuluijah) * Cannot specify a time for :echowindow. * FORTIFY_SOURCE causes a crash in Vim9 script. * "export def" does not work in a nested block. * Debugger does not display the whole command. * Compiler warning for unused function. * Buffer size for expanding tab not correctly computed. * lalloc(0) error in listchars test. * PoE filter files are not recognized. * browse() first argument cannot be a bool. * No native sound support on Mac OS. * Failing check for dictionary type for const any. * It is unclear if the +rightleft and +arabic features are actively being used. * Cursor in wrong position with Visual substitute. * VisVim is outdated, does not work with current Visual Studio. * Tiny build fails. * There is no real need for a "big" build. * With 'smoothscroll' the cursor position s not adjusted in a long line. * Incomplete testing cursor position after change with 'linebreak' set. * Failing check for argument type for const any. * CI runs "tiny" and "small" builds, which are the same. * Virtual text truncation does not take padding into account. * :help in a narrow window always opens at the top. * With 'smoothscroll' and 'scrolloff' non-zero the cursor position is not properly adjusted in a long line. * :confirm does not work properly for a terminal buffer. * Virtual text "after" not correct with 'nowrap'. ------------------------------------------------------------------ ------------------ 2022-10-8 - Oct 8 2022 ------------------- ------------------------------------------------------------------ ++++ curl: - Update connection info when using UNIX socket as endpoint connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch ++++ iproute2: - update to 6.0: * ipstats: Add param.h for musl * Update kernel headers * libbpf: add xdp program name support * iplink: bond_slave: add per port prio support * seg6: add support for SRv6 Headend Reduced Encapsulation * lib: Introduce ppp protocols * f_flower: Introduce PPPoE support ++++ kernel-firmware: - Workaround for update failure of kernel-firmware-qcom package due to the change from a directory to a symlink (bsc#1204103) ------------------------------------------------------------------ ------------------ 2022-10-7 - Oct 7 2022 ------------------- ------------------------------------------------------------------ ++++ glib2: - Add upstream patch to solve GIMP crashes: + f0dd96c28751f15d0703b384bfc7c314af01caa8.diff: glgo#GNOME/GLib!2770 Empty values are not valid GParamSpec. ++++ gnutls: - FIPS: Set error state when jent init failed in FIPS mode [bsc#1202146] * Add patch gnutls-FIPS-Set-error-state-when-jent-init-failed.patch ++++ kernel-default: - series.conf: cleanup - move upstreamed patches to sorted section: - patches.suse/ALSA-hda-realtek-Add-quirk-for-HP-Zbook-Firefly-14-G.patch - patches.suse/ALSA-hda-realtek-More-robust-component-matching-for-.patch - commit e926c4b ++++ kernel-default-base: - Add _diag modules for included socket types (boo#1204042) ++++ qemu: - Fixes bsc#1204082 * Patches added: block-io_uring-revert-Use-io_uring_regis.patch ------------------------------------------------------------------ ------------------ 2022-10-6 - Oct 6 2022 ------------------- ------------------------------------------------------------------ ++++ ansible-core: - add Conflict with ansible-test ++++ bash: - Add upstream patches * bash52-001 Expanding unset arrays in an arithmetic context can cause a segmentation fault. * bash52-002 Starting bash with an invalid locale specification for LC_ALL/LANG/LC_CTYPE can cause the shell to crash. - Do not run checks in parallel as it eats memory, a lot of memory - Disable alternate array implementation as it eats a lot of memory ++++ grub2: - Fix firmware oops after disk decrypting failure (bsc#1204037) * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch ++++ kernel-default: - fix coredump breakage (coredump fix). - commit 97b0626 ++++ ceph: - Update to 16.2.9-539-gea74dd900cd: + (bsc#1202292) ceph.spec.in: Add -DFMT_DEPRECATED_OSTREAM to CXXFLAGS ++++ readline: - Add patch readline82-001 and its signing readline82-001 * Starting a readline application with an invalid locale specification for LC_ALL/LANG/LC_CTYPE can cause it crash on the first call to readline. ++++ pam-config: - Update to Version 1.7 - Correctly handle --service option with /usr/lib/pam.d and /usr/etc/pam.d [bsc#1196613] ++++ salt: - Make pass renderer configurable and fix detected issues - Workaround fopen line buffering for binary mode (bsc#1203834) - Handle non-UTF-8 bytes in core grains generation (bsc#1202165) - Fix Syndic authentication errors (bsc#1199562) - Added: * make-pass-renderer-configurable-other-fixes-532.patch * ignore-non-utf8-characters-while-reading-files-with-.patch * fopen-workaround-bad-buffering-for-binary-mode-563.patch * backport-syndic-auth-fixes.patch ------------------------------------------------------------------ ------------------ 2022-10-5 - Oct 5 2022 ------------------- ------------------------------------------------------------------ ++++ glibc: - get-nscd-addresses.patch: get_nscd_addresses: Fix subscript typos (BZ [#29605]) - x86-64-avx2-string-functions.patch: check for required cpu features in AVX2 string functions (BZ #29611) - nscd-aicache.patch: nscd: Drop local address tuple variable (BZ #29607) ++++ kernel-default: - Revert "constraints: increase disk space for all architectures" (bsc#1203693). This reverts commit 43a9011f904bc7328d38dc340f5e71aecb6b19ca. - commit 3d33373 ++++ libfido2: - Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Support for hidraw(4) on FreeBSD; gh#597. * Improved support for FIDO 2.1 authenticators. * New API calls: + es384_pk_free; + es384_pk_from_EC_KEY; + es384_pk_from_EVP_PKEY; + es384_pk_from_ptr; + es384_pk_new; + es384_pk_to_EVP_PKEY; + fido_cbor_info_certs_len; + fido_cbor_info_certs_name_ptr; + fido_cbor_info_certs_value_ptr; + fido_cbor_info_maxrpid_minpinlen; + fido_cbor_info_minpinlen; + fido_cbor_info_new_pin_required; + fido_cbor_info_rk_remaining; + fido_cbor_info_uv_attempts; + fido_cbor_info_uv_modality. * Documentation and reliability fixes. - Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise "uv" instead of "clientPin". * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: + fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. ++++ libvirt: - Update to libvirt 8.8.0 - jsc#PED-620, jsc#PED-1540 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v8-8-0-2022-10-03 - spec: Switch from monolithic to modular daemons for Factory ++++ libzypp: - Resolver: Fix missing --[no]-recommends initialization in update (fixes #openSUSE/zypper#459, bsc#1201972) - Log ONLY_NAMESPACE_RECOMMENDED because this is what corresponds to --[no]-recommends. - version 17.31.2 (22) ++++ python-libvirt-python: - Update to 8.8.0 - Add all new APIs and constants in libvirt 8.8.0 - jsc#PED-620, jsc#PED-1540 ++++ qemu: - Due to change in where some documentation files are, if qemu-guest-agent is installed, we need to make sure we update it to our version (bsc#1203995) - The links in the forsplit dirs, in each subpackage, born to deal with package & subpackage splitting, are not really used. In fact, they're "Provides:"-ed by a bunch of subpackages, but there's no "Requires:" for any of them. Let's just get rid of them. ++++ raspberrypi-firmware-dt: - Update to a26d9d4da299 (2022-09-27): * switch to 5.19 branch ++++ zypper: - BuildRequires: libzypp-devel >= 17.31.2. - Fix --[no]-allow-vendor-change feedback in install command (bsc#1201972) - version 1.14.57 ------------------------------------------------------------------ ------------------ 2022-10-4 - Oct 4 2022 ------------------- ------------------------------------------------------------------ ++++ gnutls: - FIPS: Make XTS key check failure not fatal [bsc#1203779] * Add gnutls-Make-XTS-key-check-failure-not-fatal.patch ++++ kernel-default: - ALSA: hda/realtek: More robust component matching for CS35L41 (bsc#1203699). - ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model (bsc#1203699). - commit 25aa080 ++++ kexec-tools: - add kexec-tools-riscv64.patch ++++ llvm15: - Update to version 15.0.2. * This release contains bug-fixes for the LLVM 15.0.0 release. This release is API and ABI compatible with 15.0.0. - Rebase llvm-do-not-install-static-libraries.patch. ++++ libbpf: - update to 1.0.1: * fix inadvertently changed struct bpf_object_open_opts memory layout; * fix btf.h header relying on struct enum64 type defined in kernel UAPI headers; * fix NULL pointer exception in API btf_dump__dump_type_data; * remove struct btf_map_def accidentally left in bpf_helpers.h header. * All deprecated APIs and features removed! * support for syscall-specific kprobe/kretprobe (SEC("ksyscall/") and SEC("kretsyscall/")); * support for sleepable uprobe BPF programs (SEC("uprobe.s")); * support for per-cgroup LSM BPF programs (SEC("lsm_cgroup")); * support for new BPF CO-RE relocation TYPE_MATCHES; * bpf_prog_load() and bpf_map_create() are now smarter about handling program and map name on old kernels (it will be ignored if kernel doesn't support names); * BTF_KIND_ENUM64 support; * increase tracing attachment (kprobe/uprobe/tracepoint) robustness by using tracefs or debugfs, whichever is mounted; * new APIs for converting BPF enums to their string representation: * libbpf_bpf_prog_type_str(); * libbpf_bpf_map_type_str(); * libbpf_bpf_link_type_str(); * libbpf_bpf_attach_type_str(); * bpf_program__set_autoattach() and bpf_program__autoattach() to allow opting out from auto-attaching of BPF program by BPF skeleton; * perf_buffer__buffer() API to give access to underlying per-CPU buffer for BPF ringbuf; * bpf_obj_get_opts() API for more flexible fetching of BPF kernel objects' information. - see https://github.com/libbpf/libbpf/releases/tag/v1.0.0 for detailed changelog ++++ xz: - Move localised man pages to lang subpackage ++++ ncurses: - Add ncurses patch 20221001 + modify configure/scripts to work around interference by GNU grep 3.8 (report by Sam James). + update CF_XOPEN_SOURCE, adding variants "gnueabi" and "gnueabihf" to get _DEFAULT_SOURCE special case (report by Adam Sampson) - Port patch ncurses-6.3.dif ++++ libosinfo: - jsc#PED-2113 [Virt Tools] Refresh Virtualization Tools for Xen and KVM Management ++++ pango: - Update to version 1.50.11: + Don't crash for lack of fonts. + Avoid a crash in shaping. - Drop 639.patch: Fixed upstream. ++++ systemd: - Import commit 07aa29e3942fb46b0aed5405c88e8d3179ca958f (merge of v251.5) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/532faa39ebaa6f56e493cc938a91a40df082b74f...07aa29e3942fb46b0aed5405c88e8d3179ca958f ++++ osinfo-db: - jsc#PED-2113 [Virt Tools] Refresh Virtualization Tools for Xen and KVM Management ++++ qemu: - The old qemu-binfmt weappers around the various qemu-$ARCH Linux user emulation binaries (see, e.g., bsc#1186256) are not necessary any longer, and bsc#1143725 can now be considered fixed. * Patches dropped: linux-user-add-binfmt-wrapper-for-argv-0.patch linux-user-binfmt-support-host-binaries.patch - Fix bsc#1204001. Patches are not upstream, and have been picked up and backported from the ML. This is something we usually prefer to avoid, but this is urgent, and the patches looks fine, with high chances for them to be included as they are (and if they're not, we will revisit this, i.e., drop them and re-include the ones that are actually committed) * Patches added: linux-user-add-more-compat-ioctl-definit.patch linux-user-drop-conditionals-for-obsolet.patch linux-user-remove-conditionals-for-many-.patch meson-enforce-a-minimum-Linux-kernel-hea.patch - Improve the output of update_git.sh, by including the list of repos to which we have downstream patches. ++++ raspberrypi-firmware: - Update to 2b3cef2f4 (2022-09-30): * firmware: isp: Workaround for very unpleasant artifacts in the sharpening block * firmware: arm_loader: Raise maximum gzipped kernel size * firmware: arm-loader: Indicate tryboot status via /proc/device-tree/chosen/bootloader/tryboot * firmware: arm_loader: Increase TFTP block size to 1468 bytes See: raspberrypi/rpi-eeprom#375 * firmware: Add kernel= logging * firmware: camera_auto_detect changes See: #1750 * firmware: Fix USB boot See: #1744 * firmware: video decode/MJPEG fixes See: http://git/vc4/vc4/-/merge_requests/1548 * firmware: power: Restore VEC and PIXEL clocks after HDMI domain power cycle See: raspberrypi/linux#4962 * firmware: arm_loader: Never set warranty bit See: #1741 * firmware: vcfw: camera_subsystem: Fix loop counter for powering up devices See: https://forums.raspberrypi.com/viewtopic.php?t=338917 * firmware: ldconfig: Add [cm4s] conditional * firmware: platform: Set min_frequency for HDMI SM clock on Pi0-3 * firmware: power: Fix failover to secondary PMIC interface functions See: https://forums.raspberrypi.com/viewtopic.php?t=338429 * firmware: arm_loader: Correct GPIO expander initial state via SET_GPIO_CONFIG See: raspberrypi/linux#5107 * firmware: Disable BT flow control pins for Pi3 rev1.3 * firmware: arm_loader: initramfs over NVME fix See: #1731 * firmware: arm-dt: Export log buffer addresses to /proc/chosen/log * firmware: arm_loader: Fix GET_CLOCKS to not overwrite client buffer See: #1688 * firmware: arm_loader: Declare program_sdhost_use_dma ++++ raspberrypi-firmware-config: - Update to 2b3cef2f4 (2022-09-30): * firmware: isp: Workaround for very unpleasant artifacts in the sharpening block * firmware: arm_loader: Raise maximum gzipped kernel size * firmware: arm-loader: Indicate tryboot status via /proc/device-tree/chosen/bootloader/tryboot * firmware: arm_loader: Increase TFTP block size to 1468 bytes See: raspberrypi/rpi-eeprom#375 * firmware: Add kernel= logging * firmware: camera_auto_detect changes See: #1750 * firmware: Fix USB boot See: #1744 * firmware: video decode/MJPEG fixes See: http://git/vc4/vc4/-/merge_requests/1548 * firmware: power: Restore VEC and PIXEL clocks after HDMI domain power cycle See: raspberrypi/linux#4962 * firmware: arm_loader: Never set warranty bit See: #1741 * firmware: vcfw: camera_subsystem: Fix loop counter for powering up devices See: https://forums.raspberrypi.com/viewtopic.php?t=338917 * firmware: ldconfig: Add [cm4s] conditional * firmware: platform: Set min_frequency for HDMI SM clock on Pi0-3 * firmware: power: Fix failover to secondary PMIC interface functions See: https://forums.raspberrypi.com/viewtopic.php?t=338429 * firmware: arm_loader: Correct GPIO expander initial state via SET_GPIO_CONFIG See: raspberrypi/linux#5107 * firmware: Disable BT flow control pins for Pi3 rev1.3 * firmware: arm_loader: initramfs over NVME fix See: #1731 * firmware: arm-dt: Export log buffer addresses to /proc/chosen/log * firmware: arm_loader: Fix GET_CLOCKS to not overwrite client buffer See: #1688 * firmware: arm_loader: Declare program_sdhost_use_dma ++++ raspberrypi-firmware-config-camera: - Update to 2b3cef2f4 (2022-09-30): * firmware: isp: Workaround for very unpleasant artifacts in the sharpening block * firmware: arm_loader: Raise maximum gzipped kernel size * firmware: arm-loader: Indicate tryboot status via /proc/device-tree/chosen/bootloader/tryboot * firmware: arm_loader: Increase TFTP block size to 1468 bytes See: raspberrypi/rpi-eeprom#375 * firmware: Add kernel= logging * firmware: camera_auto_detect changes See: #1750 * firmware: Fix USB boot See: #1744 * firmware: video decode/MJPEG fixes See: http://git/vc4/vc4/-/merge_requests/1548 * firmware: power: Restore VEC and PIXEL clocks after HDMI domain power cycle See: raspberrypi/linux#4962 * firmware: arm_loader: Never set warranty bit See: #1741 * firmware: vcfw: camera_subsystem: Fix loop counter for powering up devices See: https://forums.raspberrypi.com/viewtopic.php?t=338917 * firmware: ldconfig: Add [cm4s] conditional * firmware: platform: Set min_frequency for HDMI SM clock on Pi0-3 * firmware: power: Fix failover to secondary PMIC interface functions See: https://forums.raspberrypi.com/viewtopic.php?t=338429 * firmware: arm_loader: Correct GPIO expander initial state via SET_GPIO_CONFIG See: raspberrypi/linux#5107 * firmware: Disable BT flow control pins for Pi3 rev1.3 * firmware: arm_loader: initramfs over NVME fix See: #1731 * firmware: arm-dt: Export log buffer addresses to /proc/chosen/log * firmware: arm_loader: Fix GET_CLOCKS to not overwrite client buffer See: #1688 * firmware: arm_loader: Declare program_sdhost_use_dma ++++ u-boot-rpiarm64: - Update to 2022.10 ++++ virt-manager: - jsc#PED-2113 [Virt Tools] Refresh Virtualization Tools for Xen and KVM Management ++++ xkeyboard-config: - Update to version 2.37 * bugfixes - supersedes U_Fixes-regression-from-c3c5d02-were-mistakenly-replac.patch ------------------------------------------------------------------ ------------------ 2022-10-3 - Oct 3 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - Add build_orig conditional switch for video codecs define. ++++ Mesa-drivers: - Add build_orig conditional switch for video codecs define. ++++ NetworkManager: - Drop dependency on sysconfig-netconfig: the collection of shell scripts is not required for regular operation. ++++ iputils: - Backport 2 fixes for bsc#1203957: 0001-ping-Add-SA_RESTART-to-sa_flags.patch 0002-ping-Make-ping_rts-struct-static.patch ++++ kernel-default: - Refresh patches.suse/vduse-prevent-uninitialized-memory-accesses.patch. Update upstream status. - commit 39efccd ++++ kernel-firmware: - Update to version 20220930 (git commit fdf1a6525852): * linux-firmware: Update AMD cpu microcode * mediatek: mt8195: Update scp.img to v2.0.11956 * mediatek: Add new mt8195 SOF firmware * mediatek: Update mt8186 SOF firmware to v0.2.1 * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * rtl_bt: Update RTL8852A BT USB firmware to 0xD9B8_8207 * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for MT7921 WiFi device * cxgb4: Update firmware to revision 1.27.0.0 (jsc#PED-1501) * i915: Add versionless HuC files for current platforms * i915: Add GuC v70.5.1 for DG1, DG2, TGL and ADL-P * qca: Update firmware files for BT chip WCN3991. * Removing crnv32 * amdgpu: update yellow carp DMCUB firmware * amdgpu: add firmware for VCN 3.1.2 IP block * amdgpu: add firmware for SDMA 5.2.6 IP block * amdgpu: add firmware for PSP 13.0.5 IP block * amdgpu: add firmware for GC 10.3.6 IP block * amdgpu: add firmware for DCN 3.1.5 IP block * qcom: rename Lenovo ThinkPad X13s firmware paths * rtw89: 8852c: update fw to v0.27.42.0 * rtw89: 8852c: update fw to v0.27.36.0 - Fix install-split.sh for dealing with a symlink of directory ++++ systemd-rpm-macros: - Bump to version 17 - Fix syntax error in %tmpfiles_create_package() (bsc#1203945) ++++ u-boot-rpiarm64: - Enable pcm051_rev3 config for Phytec Wega board ++++ xkeyboard-config: - Reduce python3 to python3-base ------------------------------------------------------------------ ------------------ 2022-10-2 - Oct 2 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update to 6.0 final - eliminate 1 patch - patches.suse/vduse-prevent-uninitialized-memory-accesses.patch - refresh configs (headers only) - commit a7dafe3 ++++ lttng-ust: - Update to version 2.13.5: * Fix: bytecode validator: reject specialised load field/context ref instructions. * Fix: bytecode validator: reject specialised load instructions. * Fix: event notification capture: validate buffer length. * Fix: event notification capture error handling. * Fix: lttng-ust-comm: wait on wrong child process. * fix: 'make dist' without javah. ------------------------------------------------------------------ ------------------ 2022-10-1 - Oct 1 2022 ------------------- ------------------------------------------------------------------ ++++ libglvnd: - update to 1.5.0: * Add BTI landing pads for aarch64 * Set current thread state to NULL in teardown * Moving setspecific to before DestroyThreadState * Fix a memory leak in libGLdispatch * Use assembly stubs on armv6 - drop libglvnd-add-bti.patch (upstream) ------------------------------------------------------------------ ------------------ 2022-9-30 - Sep 30 2022 ------------------- ------------------------------------------------------------------ ++++ curl: - Change the deprecated configure option --enable-hidden-symbols to the new --enable-symbol-hiding. ++++ transactional-update: - Version 4.1.0 - t-u: Add a "setup-kdump" command; implements [jsc#PED-1441] - Export TRANSACTIONAL_UPDATE_ROOT (the path to the snapshot) in the update environment; implements [jsc#PED-1078] - Add support for "notify" reboot method for desktop use [gh#openSUSE/transactional-update#93] - Fix kdump initrd recreation detection; the check was performed in the active snapshot instead of the target snapshot - Document register command [bsc#1202900] - Avoid unnecessary snapshots for register command [bsc#1202901] - Various optimizations for register command - Remove bogus error message when triggering reboot - Rework /etc overlay documentation in "The Transactional Update Guide" - Fix incorrect manpage formatting - Remove leftover "salt" reboot method in configuration example file - Replace deprecated std::mem_fn with lambdas ++++ fde-tools: - add build support for other architectures - spec file clean ups ++++ xz: - update to 5.2.7: * liblzma: - Add API doc note about the .xz decoder LZMA_MEMLIMIT_ERROR bug. - Add dest and src NULL checks to lzma_index_cat. The documentation states LZMA_PROG_ERROR can be returned from lzma_index_cat. Previously, lzma_index_cat could not return LZMA_PROG_ERROR. Now, the validation is similar to lzma_index_append, which does a NULL check on the index parameter. - Fix copying of check type statistics in lzma_index_cat(). The check type of the last Stream in dest was never copied to dest->checks (the code tried to copy it but it was done too late). This meant that the value returned by lzma_index_checks() would only include the check type of the last Stream when multiple lzma_indexes had been concatenated. In xz --list this meant that the summary would only list the check type of the last Stream, so in this sense this was only a visual bug. However, it's possible that some applications use this information for purposes other than merely showing it to the users in an informational message. I'm not aware of such applications though and it's quite possible that such applications don't exist. Regular streamed decompression in xz or any other application doesn't use lzma_index_cat() and so this bug cannot affect them. - Stream decoder: Fix restarting after LZMA_MEMLIMIT_ERROR. If lzma_code() returns LZMA_MEMLIMIT_ERROR it is now possible to use lzma_memlimit_set() to increase the limit and continue decoding. This was supposed to work from the beginning but there was a bug. With other decoders (.lzma or threaded .xz) this already worked correctly. - lzma_filters_copy: Keep dest[] unmodified if an error occurs. lzma_stream_encoder() and lzma_stream_encoder_mt() always assumed this. Before this patch, failing lzma_filters_copy() could result in free(invalid_pointer) or invalid memory reads in stream_encoder.c or stream_encoder_mt.c. To trigger this, allocating memory for a filter options structure has to fail. These are tiny allocations so in practice they very rarely fail. Certain badness in the filter chain array could also make lzma_filters_copy() fail but both stream_encoder.c and stream_encoder_mt.c validate the filter chain before trying to copy it, so the crash cannot occur this way. - lzma_index_append: Add missing integer overflow check. The documentation in src/liblzma/api/lzma/index.h suggests that both the unpadded (compressed) size and the uncompressed size are checked for overflow, but only the unpadded size was checked. The uncompressed check is done first since that is more likely to occur than the unpadded or index field size overflows. - Vaccinate against an ill patch from RHEL/CentOS 7. * xzgrep: - Fix compatibility with old shells. Turns out that some old shells don't like apostrophes (') inside command substitutions. The problem was introduced by commits 69d1b3fc29677af8ade8dc15dba83f0589cb63d6 (2022-03-29), bd7b290f3fe4faeceb7d3497ed9bf2e6ed5e7dc5 (2022-07-18), and a648978b20495b7aa4a8b029c5a810b5ad9d08ff (2022-07-19). 5.2.6 is the only stable release that included this problem. * Translations: Add Turkish translation. ++++ patterns-alp: - enable patterns building for riscv64 ++++ qemu: - Fix: bsc#1202665, CVE-2022-2962 * Patches added: net-tulip-Restrict-DMA-engine-to-memorie.patch - skip tests that don't work under qemu-linux-user emulation ++++ selinux-policy: - Updated quilt couldn't unpack tarball. This will cause ongoing issues so drop the sed statement in the %prep section and add distro_suse_to_distro_redhat.patch to add the necessary changes via a patch ++++ vim: - Updated to version 9.0.0626, fixes the following problems - fix boo#1203924 - CVE-2022-3352 * Error for modifying a const is not detected at compile time. * Leaking argument type array. * Too many delete() calls in tests. * When quitting the cmdline window with CTRL-C it remains visible. * Warning for using uninitialized value in mouse test. * A closure in a nested loop in a :def function does not work. * Build failure. * Various problems with 'nosplitscroll'. * Line number argument for :badd does not work. * Command line cleared when using :redrawstatus in CmdlineChanged autocommand event. * When the channel test fails there is no clue why. * Confusing error for "saveas" command with "nofile" buffer. * Chatito files are not recognized. * Unnecessary scrolling for message of only one line. * Cannot redraw the status lines when editing a command. * May not be able to use a pattern ad the debug prompt. * Terminal test sometimes hangs. * Virtual text highlight starts too early when 'number' is set. * Virtual text "above" highlights gap after it. * When at the command line :redrawstatus does not work well. * Virtual text highlight starts too early with 'nowrap' and 'number' set. * The win_line() function is much too long. * Declaring a loop variable at the start of a block is clumsy. * Compiler warns for unused argument in small version. * Build fails on Appveyor. * more compiler warnings for arguments in small version * Manually deleting temp test files. * Long sign text may overflow buffer. * Appveyor setup contains outdated lines. * Using freed memory when autocmd changes mark. * The win_line() function is much too long. * Edit test is flaky when run under valgrind. * The win_line() function is much too long. * Line number is displayed at virtual text "above". * Closure gets wrong value in for loop with two loop variables. * The do_set() function is much too long. * Manually deleting test temp files. * Long message test can be flaky. * Assigning stack variable to argument confuses Coverity. * Terminal pwd test fails with a very long path name. * Insufficient testing for assert and test functions. * Minor issues with setting a string option. * When a test is slow and CI times out there is no time info. * Supporting Ruby 1.8 makes code complicated. * Looping over empty out_loop[] entries. * reduce() with a compiled lambda could be faster. * Duplicated code in calling a :def function. * Crash when closing a tabpage and buffer is NULL. * Mode message is delayed when :echowin was used. (Maxim Kim) * Crash when using NUL in buffer that uses :source. * No error for "|" after "{" in lamda. * Using freed memory when command follows lambda. * Scrolling with 'nosplitscroll' in callback changing curwin. * Leaking memory with nested functions. * Valgrind reports possibly leaked memory. * Coverity warns for possibly using NULL pointer. * Timer test may get stuck at hit-enter prompt. * Elapsed time since testing started is not visible. * When a test gets stuck it just hangs forever. * HSL playlist files are not recognized. * Timer_info() test fails. * Cscope test causes problems when code for test timeout timer is included (even when commented out). * Nim files are not recognized. * 'completeopt' "longest" is not used for complete(). * Autocmd code is indented more than needed. * Cannot easily get out when using "vim file | grep word". * Insert complete tests leave a mapping behind. * Outdated dependencies go unnoticed. * Timer garbage collect test hangs on Mac M1. * The getchar() function behaves strangely with bracketed paste. * Unused loop variables. * Buffer underflow with unexpected :finally. * Using freed memory when 'tagfunc' wipes out buffer that holds 'complete'. * Adding a character for incsearch fails at end of line. * Only recognizing .m3u8 files is inconsistent. * Cscope test with wrong executable name fails. * When long message test fails the error message is not visible. * Missing change in test. * Unicode tables are outdated. * After exiting Insert mode spelling is not checked in the next line. * Message window popup shows on only one tab page. (Naruhiko Nishino) * Display not cleared when scrolling back in messages, a background color is set and t_ut is empty. * Makefile error message causes a shell error. * Extra newline in messages after a verbose shell message. * Cannot close a tab page with the middle mouse button. * Using negative array index with negative width window. * Latexmkrc files are not recognized. * GYP files are not recognized. * Too much indent. * New TypeScript extensions are not recognized. * With 'nosplitscroll' folds are not handled correctly. * Luacheckrc file is not recognized. * Dump file missing. * system() opens a terminal window when using the GUI and "!" is in 'guioptions'. * With spell checking, deleting a full stop at the end of a line does not update SpellCap at the start of the next line. * Blockedit test fails because of wrong indent. * Global interrupt test fails when run under valgrind. * Tests delete files with a separate delete() call. * Blockedit test passes with wrong result. * Running source tests leaves file behind. * SpellFileMissing autocmd may delete buffer. * Using reduce() on a list from range() is a bit slow. * Spell test fails because error message changed. * Calling function for reduce() has too much overhead. * Too many delete() calls in tests. * matchaddpos() can get slow when adding many matches. * Filetype test leaves file behind. * matchaddpos() can only add up to 8 matches. ------------------------------------------------------------------ ------------------ 2022-9-29 - Sep 29 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - re-disable video codecs https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/15258 ++++ Mesa-drivers: - re-disable video codecs https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/15258 ++++ docker: - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux. - Fix syntax of boolean dependency ++++ libXxf86vm: - modernize spec file, add license ++++ libcap: - update to 2.66: * Fix documentation typos in cap_from_text.3 * Some getpcaps code clean up and a fix for PID argument parsing from Jakub Wilk. * Slightly more robust Makefiles to address an error with make -j48 test observed * Include a simple Go program, captrace, to trace kernel capability validation checks * This program can be used to figure out what capabilities a program needs to operate. * captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for capability checks and whether or not they succeed for the system, a specific PID or a program's direct execution. * Trim down the default file capabilities for contrib/sucap/su to those actually needed and set USER and HOME environment variables so bash doesn't complain about a sourcing error. ++++ osinfo-db: - Update to database version 20220830 osinfo-db-20220830.tar.xz ++++ python-cryptography: - update to 38.0.1: * Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically seen in large CRLs). * Final deprecation of OpenSSL 1.1.0. The next release of ``cryptography`` will drop support. * We no longer ship ``manylinux2010`` wheels. Users should upgrade to the latest ``pip`` to ensure this doesn't cause issues downloading wheels on their platform. We now ship ``manylinux_2_28`` wheels for users on new enough platforms. * Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0. Users with the latest ``pip`` will typically get a wheel and not need Rust installed, but check :doc:`/installation` for documentation on installing a newer ``rustc`` if required. * :meth:`~cryptography.fernet.Fernet.decrypt` and related methods now accept both ``str`` and ``bytes`` tokens. * Parsing ``CertificateSigningRequest`` restores the behavior of enforcing that the ``Extension`` ``critical`` field must be correctly encoded DER. See `the issue `_ for complete details. * Added two new OpenSSL functions to the bindings to support an upcoming ``pyOpenSSL`` release. * When parsing :class:`~cryptography.x509.CertificateRevocationList` and :class:`~cryptography.x509.CertificateSigningRequest` values, it is now enforced that the ``version`` value in the input must be valid according to the rules of :rfc:`2986` and :rfc:`5280`. * Using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder` and other X.509 builders is deprecated and support will be removed in the next version. * Added additional APIs to :class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp`, including :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_hash_algorithm`, :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_algorithm`, :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature`, and :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.extension_bytes`. * Added :attr:`~cryptography.x509.Certificate.tbs_precertificate_bytes`, allowing users to access the to-be-signed pre-certificate data needed for signed certificate timestamp verification. * :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFHMAC` and :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC` now support :attr:`~cryptography.hazmat.primitives.kdf.kbkdf.CounterLocation.MiddleFixed` counter location. * Fixed :rfc:`4514` name parsing to reverse the order of the RDNs according to the section 2.1 of the RFC, affecting method :meth:`~cryptography.x509.Name.from_rfc4514_string`. * It is now possible to customize some aspects of encryption when serializing private keys, using :meth:`~cryptography.hazmat.primitives.serialization.PrivateFormat.encryption_builder`. * Removed several legacy symbols from our OpenSSL bindings. Users of pyOpenSSL versions older than 22.0 will need to upgrade. * Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES128` and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES256` classes. These classes do not replace :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES` (which allows all AES key lengths), but are intended for applications where developers want to be explicit about key length. ++++ python-pyOpenSSL: - update to 22.1.0: * Remove support for SSLv2 and SSLv3. * The minimum ``cryptography`` version is now 37.0.2. * The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored, changing its internal attributes. * Add ``OpenSSL.SSL.Connection.set_verify`` and ``OpenSSL.SSL.Connection.get_verify_mode`` to override the context object's verification flags. * Add ``OpenSSL.SSL.Connection.use_certificate`` and ``OpenSSL.SSL.Connection.use_privatekey`` to set a certificate per connection (and not just per context) ++++ python-requests: - requires python 3.7 or newer ++++ selinux-policy: - Update fix_networkmanager.patch to ensure NetworkManager chrony dispatcher is properly labled and update fix_chronyd.patch to ensure chrony helper script has proper label to be used by NetworkManager. Also allow NetworkManager_dispatcher_custom_t to query systemd status (bsc#1203824) ++++ shim: - shim-install: ensure grub.cfg created is not overwritten after installing grub related files ------------------------------------------------------------------ ------------------ 2022-9-28 - Sep 28 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Linux 5.19.12 (bsc#1012628). - drm/i915: Extract intel_edp_fixup_vbt_bpp() (bsc#1012628). - drm/i915/pps: Split pps_init_delays() into distinct parts (bsc#1012628). - drm/i915/bios: Split parse_driver_features() into two parts (bsc#1012628). - drm/i915/bios: Split VBT parsing to global vs. panel specific parts (bsc#1012628). - drm/i915/bios: Split VBT data into per-panel vs. global parts (bsc#1012628). - drm/i915/dsi: filter invalid backlight and CABC ports (bsc#1012628). - drm/i915/dsi: fix dual-link DSI backlight and CABC ports for display 11+ (bsc#1012628). - smb3: Move the flush out of smb2_copychunk_range() into its callers (bsc#1012628). - smb3: fix temporary data corruption in collapse range (bsc#1012628). - smb3: fix temporary data corruption in insert range (bsc#1012628). - usb: add quirks for Lenovo OneLink+ Dock (bsc#1012628). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (bsc#1012628). - smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait (bsc#1012628). - Revert "usb: add quirks for Lenovo OneLink+ Dock" (bsc#1012628). - Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio" (bsc#1012628). - xfrm: fix XFRMA_LASTUSED comment (bsc#1012628). - block: remove QUEUE_FLAG_DEAD (bsc#1012628). - block: stop setting the nomerges flags in blk_cleanup_queue (bsc#1012628). - block: simplify disk shutdown (bsc#1012628). - scsi: core: Fix a use-after-free (bsc#1012628). - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1012628). - USB: core: Fix RST error in hub.c (bsc#1012628). - USB: serial: option: add Quectel BG95 0x0203 composition (bsc#1012628). - USB: serial: option: add Quectel RM520N (bsc#1012628). - Revert "ALSA: usb-audio: Split endpoint setups for hw_params and prepare" (bsc#1012628). - ALSA: core: Fix double-free at snd_card_new() (bsc#1012628). - ALSA: hda/tegra: set depop delay for tegra (bsc#1012628). - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation (bsc#1012628). - ALSA: hda: Fix Nvidia dp infoframe (bsc#1012628). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (bsc#1012628). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (bsc#1012628). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop (bsc#1012628). - ALSA: hda/realtek: Re-arrange quirk table entries (bsc#1012628). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (bsc#1012628). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (bsc#1012628). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (bsc#1012628). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (bsc#1012628). - ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED (bsc#1012628). - iommu/vt-d: Check correct capability for sagaw determination (bsc#1012628). - exfat: fix overflow for large capacity partition (bsc#1012628). - btrfs: fix hang during unmount when stopping block group reclaim worker (bsc#1012628). - btrfs: fix hang during unmount when stopping a space reclaim worker (bsc#1012628). - btrfs: zoned: wait for extent buffer IOs before finishing a zone (bsc#1012628). - libperf evlist: Fix polling of system-wide events (bsc#1012628). - media: flexcop-usb: fix endpoint type check (bsc#1012628). - usb: dwc3: core: leave default DMA if the controller does not support 64-bit DMA (bsc#1012628). - thunderbolt: Add support for Intel Maple Ridge single port controller (bsc#1012628). - efi: x86: Wipe setup_data on pure EFI boot (bsc#1012628). - efi: libstub: check Shim mode using MokSBStateRT (bsc#1012628). - wifi: mt76: fix reading current per-tid starting sequence number for aggregation (bsc#1012628). - gpio: mockup: fix NULL pointer dereference when removing debugfs (bsc#1012628). - gpio: mockup: Fix potential resource leakage when register a chip (bsc#1012628). - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully (bsc#1012628). - riscv: fix a nasty sigreturn bug.. (bsc#1012628). - riscv: fix RISCV_ISA_SVPBMT kconfig dependency warning (bsc#1012628). - drm/i915/gem: Flush contexts on driver release (bsc#1012628). - drm/i915/gem: Really move i915_gem_context.link under ref protection (bsc#1012628). - xen/xenbus: fix xenbus_setup_ring() (bsc#1012628). - kasan: call kasan_malloc() from __kmalloc_*track_caller() (bsc#1012628). - can: flexcan: flexcan_mailbox_read() fix return value for drop = true (bsc#1012628). - net: mana: Add rmb after checking owner bits (bsc#1012628). - mm/slub: fix to return errno if kmalloc() fails (bsc#1012628). - mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context (bsc#1012628). - KVM: x86: Reinstate kvm_vcpu_arch.guest_supported_xcr0 (bsc#1012628). - KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES (bsc#1012628). - KVM: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled (bsc#1012628). - perf/arm-cmn: Add more bits to child node address offset field (bsc#1012628). - arm64: topology: fix possible overflow in amu_fie_setup() (bsc#1012628). - vmlinux.lds.h: CFI: Reduce alignment of jump-table to function alignment (bsc#1012628). - batman-adv: Fix hang up with small MTU hard-interface (bsc#1012628). - firmware: arm_scmi: Harden accesses to the reset domains (bsc#1012628). - firmware: arm_scmi: Fix the asynchronous reset requests (bsc#1012628). - arm64: dts: rockchip: Lower sd speed on quartz64-b (bsc#1012628). - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (bsc#1012628). - arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (bsc#1012628). - drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks (bsc#1012628). - arm64: dts: imx8mm: Reverse CPLD_Dn GPIO label mapping on MX8Menlo (bsc#1012628). - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (bsc#1012628). - arm64: dts: imx8mn: remove GPU power domain reset (bsc#1012628). - arm64: dts: imx8ulp: add #reset-cells for pcc (bsc#1012628). - dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() (bsc#1012628). - arm64: dts: rockchip: fix property for usb2 phy supply on rock-3a (bsc#1012628). - arm64: dts: rockchip: fix property for usb2 phy supply on rk3568-evb1-v10 (bsc#1012628). - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (bsc#1012628). - arm64: dts: rockchip: Remove 'enable-active-low' from rk3566-quartz64-a (bsc#1012628). - arm64: dts: imx8mm-verdin: extend pmic voltages (bsc#1012628). - netfilter: nf_conntrack_sip: fix ct_sip_walk_headers (bsc#1012628). - netfilter: nf_conntrack_irc: Tighten matching on DCC message (bsc#1012628). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1012628). - ice: Don't double unplug aux on peer initiated reset (bsc#1012628). - ice: Fix crash by keep old cfg when update TCs more than queues (bsc#1012628). - iavf: Fix cached head and tail value for iavf_get_tx_pending (bsc#1012628). - ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header (bsc#1012628). - net: core: fix flow symmetric hash (bsc#1012628). - wifi: iwlwifi: Mark IWLMEI as broken (bsc#1012628). - arm64: dts: tqma8mqml: Include phy-imx8-pcie.h header (bsc#1012628). - drm/mediatek: Fix wrong dither settings (bsc#1012628). - arm64: dts: imx8mp-venice-gw74xx: fix CAN STBY polarity (bsc#1012628). - arm64: dts: imx8mp-venice-gw74xx: fix ksz9477 cpu port (bsc#1012628). - ARM: dts: lan966x: Fix the interrupt number for internal PHYs (bsc#1012628). - net: phy: aquantia: wait for the suspend/resume operations to finish (bsc#1012628). - arm64: dts: imx8mp-venice-gw74xx: fix port/phy validation (bsc#1012628). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1012628). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (bsc#1012628). - net: bonding: Share lacpdu_mcast_addr definition (bsc#1012628). - net: bonding: Unsync device addresses on ndo_stop (bsc#1012628). - net: team: Unsync device addresses on ndo_stop (bsc#1012628). - drm/panel: simple: Fix innolux_g121i1_l01 bus_format (bsc#1012628). - mm/slab_common: fix possible double free of kmem_cache (bsc#1012628). - MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko (bsc#1012628). - MIPS: Loongson32: Fix PHY-mode being left unspecified (bsc#1012628). - um: fix default console kernel parameter (bsc#1012628). - iavf: Fix bad page state (bsc#1012628). - mlxbf_gige: clear MDIO gateway lock after read (bsc#1012628). - iavf: Fix set max MTU size with port VLAN and jumbo frames (bsc#1012628). - i40e: Fix VF set max MTU size (bsc#1012628). - i40e: Fix set max_tx_rate when it is lower than 1 Mbps (bsc#1012628). - netdevsim: Fix hwstats debugfs file permissions (bsc#1012628). - sfc: fix TX channel offset when using legacy interrupts (bsc#1012628). - sfc: fix null pointer dereference in efx_hard_start_xmit (bsc#1012628). - bnxt_en: fix flags to check for supported fw version (bsc#1012628). - gve: Fix GFP flags when allocing pages (bsc#1012628). - drm/hisilicon: Add depends on MMU (bsc#1012628). - of: mdio: Add of_node_put() when breaking out of for_each_xx (bsc#1012628). - net: ipa: properly limit modem routing table use (bsc#1012628). - sfc/siena: fix TX channel offset when using legacy interrupts (bsc#1012628). - sfc/siena: fix null pointer dereference in efx_hard_start_xmit (bsc#1012628). - wireguard: ratelimiter: disable timings test by default (bsc#1012628). - wireguard: netlink: avoid variable-sized memcpy on sockaddr (bsc#1012628). - net: enetc: move enetc_set_psfp() out of the common enetc_set_features() (bsc#1012628). - net: enetc: deny offload of tc-based TSN features on VF interfaces (bsc#1012628). - ipv6: Fix crash when IPv6 is administratively disabled (bsc#1012628). - net/sched: taprio: avoid disabling offload when it was never enabled (bsc#1012628). - net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs (bsc#1012628). - ice: config netdev tc before setting queues number (bsc#1012628). - ice: Fix interface being down after reset with link-down-on-close flag on (bsc#1012628). - netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain() (bsc#1012628). - netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain() (bsc#1012628). - netfilter: ebtables: fix memory leak when blob is malformed (bsc#1012628). - netfilter: nf_ct_ftp: fix deadlock when nat rewrite is needed (bsc#1012628). - net: ravb: Fix PHY state warning splat during system resume (bsc#1012628). - net: sh_eth: Fix PHY state warning splat during system resume (bsc#1012628). - gpio: tqmx86: fix uninitialized variable girq (bsc#1012628). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (bsc#1012628). - perf stat: Fix BPF program section name (bsc#1012628). - perf stat: Fix cpu map index in bperf cgroup code (bsc#1012628). - perf jit: Include program header in ELF files (bsc#1012628). - perf kcore_copy: Do not check /proc/modules is unchanged (bsc#1012628). - perf tools: Honor namespace when synthesizing build-ids (bsc#1012628). - drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() (bsc#1012628). - ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (bsc#1012628). - net/smc: Stop the CLC flow if no link to map buffers on (bsc#1012628). - net: phy: micrel: fix shared interrupt on LAN8814 (bsc#1012628). - bonding: fix NULL deref in bond_rr_gen_slave_id (bsc#1012628). - net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD (bsc#1012628). - net: sched: fix possible refcount leak in tc_new_tfilter() (bsc#1012628). - bnxt: prevent skb UAF after handing over to PTP worker (bsc#1012628). - selftests: forwarding: add shebang for sch_red.sh (bsc#1012628). - io_uring: ensure that cached task references are always put on exit (bsc#1012628). - serial: fsl_lpuart: Reset prior to registration (bsc#1012628). - serial: Create uart_xmit_advance() (bsc#1012628). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (bsc#1012628). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (bsc#1012628). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1012628). - phy: marvell: phy-mvebu-a3700-comphy: Remove broken reset support (bsc#1012628). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (bsc#1012628). - drm/i915/display: Fix handling of enable_psr parameter (bsc#1012628). - blk-mq: fix error handling in __blk_mq_alloc_disk (bsc#1012628). - block: call blk_mq_exit_queue from disk_release for never added disks (bsc#1012628). - block: Do not call blk_put_queue() if gendisk allocation fails (bsc#1012628). - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (bsc#1012628). - drm/gma500: Fix BUG: sleeping function called from invalid context errors (bsc#1012628). - drm/gma500: Fix WARN_ON(lock->magic != lock) error (bsc#1012628). - drm/gma500: Fix (vblank) IRQs not working after suspend/resume (bsc#1012628). - gpio: ixp4xx: Make irqchip immutable (bsc#1012628). - drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards (bsc#1012628). - drm/amdgpu: use dirty framebuffer helper (bsc#1012628). - drm/amdgpu: change the alignment size of TMR BO to 1M (bsc#1012628). - drm/amdgpu: add HDP remap functionality to nbio 7.7 (bsc#1012628). - drm/amdgpu: Skip reset error status for psp v13_0_0 (bsc#1012628). - drm/amd/display: Limit user regamma to a valid value (bsc#1012628). - drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport() (bsc#1012628). - drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule() (bsc#1012628). - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage (bsc#1012628). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (bsc#1012628). - gpio: mt7621: Make the irqchip immutable (bsc#1012628). - pmem: fix a name collision (bsc#1012628). - fsdax: Fix infinite loop in dax_iomap_rw() (bsc#1012628). - workqueue: don't skip lockdep work dependency in cancel_work_sync() (bsc#1012628). - i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible (bsc#1012628). - i2c: mlxbf: incorrect base address passed during io write (bsc#1012628). - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (bsc#1012628). - i2c: mlxbf: Fix frequency calculation (bsc#1012628). - i2c: mux: harden i2c_mux_alloc() against integer overflows (bsc#1012628). - drm/amdgpu: don't register a dirty callback for non-atomic (bsc#1012628). - certs: make system keyring depend on built-in x509 parser (bsc#1012628). - Makefile.debug: set -g unconditional on CONFIG_DEBUG_INFO_SPLIT (bsc#1012628). - Makefile.debug: re-enable debug info for .S files (bsc#1012628). - devdax: Fix soft-reservation memory description (bsc#1012628). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1012628). - ext4: limit the number of retries after discarding preallocations blocks (bsc#1012628). - ext4: make mballoc try target group first even with mb_optimize_scan (bsc#1012628). - ext4: avoid unnecessary spreading of allocations among groups (bsc#1012628). - ext4: use locality group preallocation for small closed files (bsc#1012628). - ext4: use buckets for cr 1 block scan instead of rbtree (bsc#1012628). - ext4: fixup possible uninitialized variable access in ext4_mb_choose_next_group_cr1() (bsc#1012628). - ext4: make directory inode spreading reflect flexbg size (bsc#1012628). - Update config files. - commit 95fa5b8 ++++ qemu: - Runs of the test-suite seem much more stable now, in this version of QEMU. (bsc#1203610) We are also fine re-enabling running them in parallel. - Switch QEMU Linux user to emulate the same CPU as the one of the host by default. This is a bit conrtoversial and tricky, when thinking about system emulation/virtualization. But for linux-user, it should be just fine. (bsc#1203684) * Patches added: linux-user-use-max-as-default-CPU-model-.patch ------------------------------------------------------------------ ------------------ 2022-9-27 - Sep 27 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - Pass -Dvideo-codecs=h264dec,h264enc,h265dec,h265enc,vc1dec to meson, keep support for hardware codecs inside vaapi, vdpau and vulkan. These were previously enabled automatically. - enabled "swrast" and "amd" Vulkan drivers on riscv64, which is upstream default anyway ... ++++ Mesa-drivers: - Pass -Dvideo-codecs=h264dec,h264enc,h265dec,h265enc,vc1dec to meson, keep support for hardware codecs inside vaapi, vdpau and vulkan. These were previously enabled automatically. - enabled "swrast" and "amd" Vulkan drivers on riscv64, which is upstream default anyway ... ++++ bash: - Update to final bash 5.2 a. When replacing a history entry, make sure the existing entry has a non-NULL timestamp before copying it; it may have been added by the application, not the history library. - Modernize run-tests ++++ kernel-default: - constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. - commit 43a9011 - ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel systems (bsc#1203767). - commit 2d94a9f - Refresh patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk.patch. Update to upstream version. - commit b4b8524 ++++ libXxf86vm: - Update to version 1.1.5 * Update README for gitlab migration * Update configure.ac bug URL for gitlab migration * Fix spelling/wording issues * gitlab CI: add a basic build test * Fix -Wsign-compare warning * Variable scope reductions as suggested by cppcheck * Update GetOldReq to use _XGetRequest() * autogen.sh: use quoted string variables * autogen: add default patch prefix * autogen.sh: use exec instead of waiting for configure to finish ++++ readline: - Update to final readline-8.2 r. When replacing a history entry, make sure the existing entry has a non-NULL timestamp before copying it; it may have been added by the application, not the history library. ++++ libvirt: - spec: Only drop redefinition of libexecdir on Factory and newer bsc#1203775 ++++ qemu: - Be less verbose when packaging documentation. In fact, with just a couple of (minor) re-arrangements, we can get rid of having to list all the files all the time - Package /etc/qemu/bridge.conf as '%config(noreplace). Next step will probably be to move it to /usr/etc/qemu (bsc#1201944) ++++ selinux-policy: - Update fix_xserver.patch to add greetd support (bsc#1198559) ------------------------------------------------------------------ ------------------ 2022-9-26 - Sep 26 2022 ------------------- ------------------------------------------------------------------ ++++ coreutils: - coreutils-tests-workaround-make-fdleak.patch: Add patch to work around a GNU make bug which leaks file descriptors when using the jobserver; this makes some tests fail. - coreutils.spec: Reference the patch. ++++ dtc: - makefile-bison-rule.patch: Makefile: fix infinite recursion by dropping non-existent `%.output` ++++ gcc12: - add gcc12-riscv-inline-atomics.patch, gcc12-riscv-pthread.patch: handle subword size inline atomics (needed by several openSUSE packages) ++++ openldap2: - bsc#1202931 - CVE-2022-31253 - Openldap start script allowed the ldap user to privilege escalate to root due to unbound chown commands. ++++ ncurses: - Add ncurses patch 20220924 + modify configure macro CF_BUILD_CC to check if the build-compiler works, rather than that it is different from the cross-compiler, e.g., to accommodate a compiler which can be used for either purpose with different flags (report by Mikhail Korolev). + fix another memory-leak in tic. + correct change for cppcheck in menu library (report/analysis by "tuxway", cf: 20220903). + update config.guess, config.sub - Correct offsets of patches * ncurses-6.3.dif ++++ open-iscsi: - Update to upstream version 2.1.8, which includes some bug fixes, and adds the ability to build using meson. The SPEC file was updated to use meson. Also, some files have moved: * the "lock" file has moved from /etc/iscsi to /var/lock/iscsi * the "database files" have moved from /etc/iscsi to /var/lib/iscsi ++++ rpm-config-SUSE: - Update to version 20220926: * Revert macros.debuginfo and prefer a direct rpm patch * Fix kernel builds after #59 * Redefine %__debug_install_post to simplify debuginfo setup * Fix bug not using custom name for summary and description in language packages (boo#1137381) ------------------------------------------------------------------ ------------------ 2022-9-25 - Sep 25 2022 ------------------- ------------------------------------------------------------------ ++++ ansible: - update to 6.4.0: Ansible 6.4.0 will include ansible-core 2.13.4 as well as a curated set of Ansible collections to provide a vast number of modules and plugins. * The changelog for ansible-core 2.13 installed by this release of ansible is available here: https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst * Collections which have opted into being a part of the Ansible-6 unified changelog will have an entry on this page: https://github.com/ansible-community/ansible-build-data/blob/main/6/CHANGELOG-v6.rst ++++ kernel-default: - Update to 6.0-rc7 - refresh configs - commit 74aafe0 ++++ pango: - Add 639.patch: layout: Fix crash when no font is installed. ++++ liburing: - skip checks on qemu_linux_user builds ++++ python-pyzmq: - update to version 24.0.1: * Fix several possible resource warnings and deprecation warnings when cleaning up contexts and sockets, especially in pyzmq's own tests and when implicit teardown of objects is happening during process teardown. ++++ timezone: - timezone update 2022d: * Palestine transitions are now Saturdays at 02:00 * Simplify three Ukraine zones into one ------------------------------------------------------------------ ------------------ 2022-9-24 - Sep 24 2022 ------------------- ------------------------------------------------------------------ ++++ bash: - add checks ++++ gawk: - double-free.patch: Yet another fix for Node_elem_new ++++ libdbusmenu-gtk2: - conditionalize valgrind dependency - it is optional and not available on all architectures ++++ libdbusmenu-gtk3: - conditionalize valgrind dependency - it is optional and not available on all architectures ++++ nghttp2: - update to 1.50.0: * https://nghttp2.org/blog/2022/09/21/nghttp2-v1-50-0/ This release adds nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation which disables checking leading and trailing white spaces against HTTP field value. ++++ openssl-1_1: - Added openssl-1_1-paramgen-default_to_rfc7919.patch * bsc#1180995 * Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode. ++++ libverto: - update to 0.3.2: * Fix use-after-free in verto_reinitialize * Fix use-after-free in verto_free() * Remove broken tevent support ------------------------------------------------------------------ ------------------ 2022-9-23 - Sep 23 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit-machines: - Require qemu-block-curl for installing over https (bsc#1199672) ++++ grub2: - Add patch to fix kernel relocation error in low memory * 0001-linux-fix-efi_relocate_kernel-failure.patch ++++ gtk3: - Fix unstable drag-and-drop on Wayland KDE, add: * gtk3-gdkwayland-Update-selections-offer-before-updating-dnd.patch https://gitlab.gnome.org/GNOME/gtk/-/commit/56100ab4 ++++ kernel-default: - Linux 5.19.11 (bsc#1012628). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (bsc#1012628). - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (bsc#1012628). - pinctrl: qcom: sc8180x: Fix wrong pin numbers (bsc#1012628). - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (bsc#1012628). - pinctrl: sunxi: Fix name for A100 R_PIO (bsc#1012628). - SUNRPC: Fix call completion races with call_decode() (bsc#1012628). - NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (bsc#1012628). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (bsc#1012628). - NFSv4.2: Update mode bits after ALLOCATE and DEALLOCATE (bsc#1012628). - Revert "SUNRPC: Remove unreachable error condition" (bsc#1012628). - drm/panel-edp: Fix delays for Innolux N116BCA-EA1 (bsc#1012628). - drm/meson: Correct OSD1 global alpha value (bsc#1012628). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (bsc#1012628). - drm/rockchip: vop2: Fix eDP/HDMI sync polarities (bsc#1012628). - drm/i915/vdsc: Set VDSC PIC_HEIGHT before using for DP DSC (bsc#1012628). - drm/i915/guc: Don't update engine busyness stats too frequently (bsc#1012628). - drm/i915/guc: Cancel GuC engine busyness worker synchronously (bsc#1012628). - block: blk_queue_enter() / __bio_queue_enter() must return - EAGAIN for nowait (bsc#1012628). - parisc: ccio-dma: Add missing iounmap in error path in ccio_probe() (bsc#1012628). - of/device: Fix up of_dma_configure_id() stub (bsc#1012628). - io_uring/msg_ring: check file type before putting (bsc#1012628). - cifs: revalidate mapping when doing direct writes (bsc#1012628). - cifs: don't send down the destination address to sendmsg for a SOCK_STREAM (bsc#1012628). - cifs: always initialize struct msghdr smb_msg completely (bsc#1012628). - blk-lib: fix blkdev_issue_secure_erase (bsc#1012628). - parisc: Allow CONFIG_64BIT with ARCH=parisc (bsc#1012628). - tools/include/uapi: Fix for parisc and xtensa (bsc#1012628). - drm/i915/gt: Fix perf limit reasons bit positions (bsc#1012628). - drm/i915: Set correct domains values at _i915_vma_move_to_active (bsc#1012628). - drm/amdgpu: make sure to init common IP before gmc (bsc#1012628). - drm/amdgpu: Don't enable LTR if not supported (bsc#1012628). - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (bsc#1012628). - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (bsc#1012628). - net: Find dst with sk's xfrm policy not ctl_sk (bsc#1012628). - dt-bindings: apple,aic: Fix required item "apple,fiq-index" in affinity description (bsc#1012628). - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (bsc#1012628). - ALSA: hda/sigmatel: Keep power up while beep is enabled (bsc#1012628). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (bsc#1012628). - commit b35e71f - config(arm*): disable CONFIG_PM_AUTOSLEEP and CONFIG_PM_WAKELOCKS (bsc#1189677) - commit 1c0b96b ++++ libaio: - skip testsuite on qemu_linux_user builds ++++ libffi: - update to 3.4.3: * All struct args are passed by value, regardless of size, as per ABIs. * Enable static trampolines for Cygwin. * Add support for Loongson's LoongArch64 architecture. * Fix x32 static trampolines. * Fix 32-bit x86 stdcall stack corruption. * Fix ILP32 aarch64 support. - includes fix for RISCV64 - disable LTO due to (ffi#733) ++++ nghttp2: - disable asio by default as it is deprecated by upstream and will be removed in the next release ++++ rpm: - Update the macros file to simplify the debuginfo installation We don't support parallel installation of the same debuginfo - and so don't patch the binaries to create unique build ids (easing pressure on reproducable builds when compiling twice) Patching this in rpm-config-SUSE is technically not possible (as you can't reliable undefine things defined in upstream macro). We tried in https://github.com/openSUSE/rpm-config-SUSE/pull/59 and /60: ++++ suse-module-tools: - Update to version 16.0.24: * Split kernel scriptlets into separate sub-package "suse-module-tools-scriptlets" on Tumbleweed (gh#openSUSE/suse-module-tools#64) ------------------------------------------------------------------ ------------------ 2022-9-22 - Sep 22 2022 ------------------- ------------------------------------------------------------------ ++++ gobject-introspection: - Switch to pcre2grep (pcre is dead upstream) ++++ kernel-default: - config.conf: reenable armv6hl configs - commit cd71399 - Refresh patches.suse/Revert-iommu-vt-d-Fix-possible-recursive-locking-in-.patch. Update upstream status. - commit a267615 ++++ llvm15: - Update to version 15.0.1. * This release contains bug-fixes for the LLVM 15.0.0 release. This release is API and ABI compatible with 15.0.0. - Rebase llvm-do-not-install-static-libraries.patch. ------------------------------------------------------------------ ------------------ 2022-9-21 - Sep 21 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - update to 22.2.0 * AMD RDNA3 Prep, Intel Arc Graphics, Many Vulkan Improvements; more details on Phoronix: https://www.phoronix.com/news/Mesa-22.2-Released - supersedes llvm15.patch - refreshed n_no-sse2-on-ix86-except-for-intel-drivers.patch ++++ Mesa-drivers: - update to 22.2.0 * AMD RDNA3 Prep, Intel Arc Graphics, Many Vulkan Improvements; more details on Phoronix: https://www.phoronix.com/news/Mesa-22.2-Released - supersedes llvm15.patch - refreshed n_no-sse2-on-ix86-except-for-intel-drivers.patch ++++ permissions: - skip tests on qemu user builds ++++ lvm2-device-mapper: - lvmlockd is not supporting sanlock (bsc#1203482) - set 1 for _supportsanlock in lvm2.spec for enabling sanlock. ++++ glibc: - makeflags.patch: Makerules: fix MAKEFLAGS assignment for upcoming make-4.4 (BZ# 29564) ++++ kernel-default: - media: dvb-core: Fix UAF due to refcount races at releasing (CVE-2022-41218 bsc#1202960). - commit 66556c1 - arm64: enable CONFIG_ARCH_RENESAS (bsc#1203558) Also compile everything as modules that isn't debug or deprecated that was previously disabled by the global RENESAS disablement. - commit b1f13b9 - config.conf: Reenable arm64 configs - Update config files, taken from 6.0-rc1 update from x86_64, enabling all new erratas, enabling all new modules - commit 9b3cde4 - Revert "iommu/vt-d: Fix possible recursive locking in intel_iommu_init()" (iommu bug). - commit 9392b7d ++++ llvm15: - Always drop -gnu from triple for consistency. Patch a test that was looking for -linux- in clang-test-xfail-gnuless-triple.patch. ++++ lvm2: - lvmlockd is not supporting sanlock (bsc#1203482) - set 1 for _supportsanlock in lvm2.spec for enabling sanlock. ++++ systemd: - Drop the old band aid used during the breakage introduced by the switch of /tmp to tmpfs This was done to address the regression reported in boo#1175779 but shouldn't be necessary anymore since the (few) affected users should have updated systemd during the last 2 years. - Move nss-systemd and nss-myhostname NSS modules into the main package ++++ unbound: - update to 1.16.3 fixes Non-Responsive Delegation Attack (CVE-2022-3204) ++++ podman: - Update to version 4.2.1: * Bump to v4.2.1 * Add release notes for v4.2.1 * remove SkipIfNotFedora() from events test * fix podman events with custom format * Drop stale config value resulting in asymmetric config * Fix list of default capabilities * Add container GID to additional groups * libpod: Ensure that generated container names are random * Fix bind-mount-option annotation in gen/play kube * Improved Windows compatibility for machine command * updated apiv2 tests to reflect hash compat fix * api: return imageID instead of imageName, for "Image" when Podman API is queried * Inhibit SIGTERM during Conmon startup * Fix example sections to follow the same format * Fix template name inconsistency * service: make move to sub-cgroup non fatal * Remove duplicate annotations in generated service yaml * Compat API image remove events now have 'delete' status * [CI:DOCS] Automatically set podman version in pkginstaller * Allow colons in windows file paths * Fixes isRootfull check using qemu machine on Windows * vendor containers/psgo@v1.7.3 * Allow podman to run in an environment with keys containing spaces * Document restrictions on transport in FROM * Improved Windows compatibility * pass environment variables to container clone * podman save: update --compress validation * sort hc.Binds returned from compat api * Cirrus: Update podman-machine comment * podman images and friends can take one image as argument * [CI:DOCS] Add .DS_Store to gitignore * podman-kube@.service.in: Remove Restart=never option with typo * Fix #15499 already connected network * [CI:DOCS] Cirrus: Update meta-task for EC2 image * fix CI: remove hardcodeded alpine version * fix CI: remove hardcodeded alpine version * Preserve all unknown PolicyRequirement fields on (podman image trust set) * Reorganize the types in policy.go a bit * Add support for showing keyPaths in (podman image trust show) * Support (image trust show) for sigstoreSigned entries * BREAKING CHANGE: Change how (podman image trust show) represents multiple requirements * Reorganize descriptionsOfPolicyRequirements a bit * Use the full descriptionsOfPolicyRequirements for the default scope * Rename haveMatchRegistry to registriesDConfigurationForScope * Rename tempTrustShowOutput to entry * Split descriptionsOfPolicyRequirements out of getPolicyShowOutput * Recognize the new lookaside names for simple signing sigstore * Add a unit test for trust.PolicyDescription * Make the output of (podman image trust show) deterministic * Make most of pkg/trust package-private * Move most of ImageEngine.ShowTrust into pkg/trust.PolicyDescription * Add support for sigstoreSigned in (podman image trust set) * Create new policy entries together with validating input * Improve validation of data in ImageEngine.SetTrust * Move most of imageEngine.SetTrust to pkg/trust.AddPolicyEntries * Add a variable for scope * Make trust.CreateTempFile private * Reorganize pkg/trust * Remove an unused trust.ShowOutput type * Remove commented out code * libpod: UpdateContainerStatus: do not wait for container * Skip / update some tests under runc * Bump to v4.2.1-dev * test: update apply-podman-deltas for new tests * build: implement --cache-to,--cache-from and --cache-ttl * vendor: bump buildah to v1.27.0 ++++ qemu: - Switch to %autosetup for all products (this required some changes in update_git.sh) - Run check-qtest sequentially, as it's more reliable, when in OBS - Build with libbpf, fdt and capstone support - Drop the patch adding our support document, and deal with that in the spec file directly * Patches dropped: doc-add-our-support-doc-to-the-main-proj.patch ++++ u-boot-rpiarm64: - Update to 2022.10-rc5 ------------------------------------------------------------------ ------------------ 2022-9-20 - Sep 20 2022 ------------------- ------------------------------------------------------------------ ++++ bash: - Enable parallel builds by splitting clean and all at make time (Thanks to Christopher Yeleighton) - Do not copy more than 1 byte for \(aq becoming a "'" in quotes-man2html.patch ++++ cockpit: - new version 276.1 - login: Use valid selectors when testing for :is() / :where() support. - stability and performance improvements - previous changes https://cockpit-project.org/blog/cockpit-275.html - css-overrides.patch, hide-docs.patch, remove-pwscore.patch: refreshed - kdump-close.patch, kdump-refactor.patch, kdump-suse.patch: upstreamed and removed ++++ cockpit-podman: - new version 53. Changes since 49.1 include, * Use NumberInput for Image Run Dialog * Fix events with large number of containers * Translation updates * Add Volumes and Env Variables to container details * Show volume permission in container integration tab * Allow no system users to set restart policy * Show image history * Stability and performance improvements ++++ gawk: - double-free.patch: Fix Node_elem_new op, replacing upref.patch - pma.patch: Replace with upstream solution - nan-sign.patch: Fix negative NaN issue on RiscV, replacing nan-tests.patch ++++ grep: - efgrep-warning.patch: remove warning from [ef]grep ++++ kernel-default: - Linux 5.19.10 (bsc#1012628). - Input: goodix - add compatible string for GT1158 (bsc#1012628). - RDMA/irdma: Use s/g array in post send only when its valid (bsc#1012628). - gpio: 104-idio-16: Make irq_chip immutable (bsc#1012628). - gpio: 104-dio-48e: Make irq_chip immutable (bsc#1012628). - LoongArch: Fix arch_remove_memory() undefined build error (bsc#1012628). - LoongArch: Fix section mismatch due to acpi_os_ioremap() (bsc#1012628). - platform/x86: asus-wmi: Increase FAN_CURVE_BUF_LEN to 32 (bsc#1012628). - usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (bsc#1012628). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (bsc#1012628). - perf/arm_pmu_platform: fix tests for platform_get_irq() failure (bsc#1012628). - net: dsa: hellcreek: Print warning only once (bsc#1012628). - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (bsc#1012628). - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (bsc#1012628). - nvme-pci: add NVME_QUIRK_BOGUS_NID for Lexar NM610 (bsc#1012628). - drm/amd/pm: use vbios carried pptable for all SMU13.0.7 SKUs (bsc#1012628). - drm/amdgpu: disable FRU access on special SIENNA CICHLID card (bsc#1012628). - Input: iforce - add support for Boeder Force Feedback Wheel (bsc#1012628). - ieee802154: cc2520: add rc code in cc2520_tx() (bsc#1012628). - gpio: mockup: remove gpio debugfs when remove device (bsc#1012628). - r8152: add PID for the Lenovo OneLink+ Dock (bsc#1012628). - tg3: Disable tg3 device on system reboot to avoid triggering AER (bsc#1012628). - Bluetooth: MGMT: Fix Get Device Flags (bsc#1012628). - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (bsc#1012628). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (bsc#1012628). - dt-bindings: iio: gyroscope: bosch,bmg160: correct number of pins (bsc#1012628). - kvm: x86: mmu: Always flush TLBs when enabling dirty logging (bsc#1012628). - peci: cpu: Fix use-after-free in adev_release() (bsc#1012628). - drm/msm/rd: Fix FIFO-full deadlock (bsc#1012628). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (bsc#1012628). - Input: goodix - add support for GT1158 (bsc#1012628). - ACPI: resource: skip IRQ override on AMD Zen platforms (bsc#1012628). - RDMA/mlx5: Fix UMR cleanup on error flow of driver init (bsc#1012628). - RDMA/mlx5: Add a umr recovery flow (bsc#1012628). - RDMA/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (bsc#1012628). - net/mlx5: Use software VHCA id when it's supported (bsc#1012628). - net/mlx5: Introduce ifc bits for using software vhca id (bsc#1012628). - iommu/vt-d: Fix kdump kernels boot failure with scalable mode (bsc#1012628). - commit 28d7d4c ++++ expat: - update to 2.4.9: (bsc#1203438) * Security fixes: - CVE-2022-40674 -- Heap use-after-free vulnerability in function doContent. Expected impact is denial of service or potentially arbitrary code execution. * Bug fixes: - MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0 - docs: Fix documentation on effect of switch XML_DTD on symbol visibility in doc/reference.html * Other changes: - MinGW: Make fix-xmltest-log.sh drop more Wine bug output - Autotools: Sync CMake templates with CMake 3.22 - CMake: Migrate from use of CMAKE_*_POSTFIX to dedicated variables EXPAT_*_POSTFIX to stop affecting other projects - Windows|CMake: Add missing -DXML_STATIC to test runners and fuzzers - Windows|CMake: Render .def file from a template to fix linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON - MinGW|CMake: Apply MSVC .def file when linking - MinGW|CMake: Sync library name with GNU Autotools, i.e. produce libexpat-1.dll rather than libexpat.dll by default. Filename libexpat.dll.a is unaffected. - MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in toolchain file "cmake/mingw-toolchain.cmake" to avoid error "windres: Command not found" on e.g. Ubuntu 20.04 - CMake: Unify inconsistent use of set() and option() in context of public build time options to take need for set(.. FORCE) in projects using Expat by means of add_subdirectory(..) off Expat's users' shoulders - Stop exporting API symbols when building a static library - Resolve use of deprecated "fgrep" by "grep -F" - CMake: Make documentation on variables a bit more consistent - CMake: Drop leading whitespace from a #cmakedefine line in file expat_config.h.cmake - xmlwf: Fix harmless variable mix-up in function nsattcmp - Address Cppcheck warnings - Address Clang 15 compiler warnings - Version info bumped from 9:8:8 to 9:9:8; see https://verbump.de/ for what these numbers do * Infrastructure: - CI: Windows: Start covering MSVC 2022 - CI: macOS: Migrate off deprecated macOS 10.15 - CI: Linux: Make migration off deprecated Ubuntu 18.04 work - CI: Upgrade Clang from 14 to 15 - apply-clang-format.sh: Add support for BSD find - coverage.sh: Exclude MinGW headers - coverage.sh: Fix name collision for -funsigned-char ++++ harfbuzz: - Update to version 5.2.0: + Fix regressions in hb-ft font functions for FT_Faces with transformation matrix. + The experimental hb-repacker API now supports splitting several GPOS subtable types when needed. + The HarfBuzz extensions to OpenType font format are now opt-in behind build-time flags. + The experimental hb-subset variable fonts instantiation API can now instantiate more font tables and arbitrary axis locations. + Unicode 15 support. + Various documentation improvements. + The hb-view command line tool now detects WezTerm inline images support. + Fix FreeType and ICU dependency lookup with meson. + New API: - +HB_SCRIPT_KAWI - +HB_SCRIPT_NAG_MUNDARI - Drop patch fixed upstream: + harfbuzz-5.1.0-repacker-fix-signedness-of-char-in-tests.patch ++++ systemd: - Give the instructions to create a home directory with systemd-homed in the description of the systemd-experimental sub-package ++++ qemu: - Updated to latest upstream version 7.1 * https://wiki.qemu.org/ChangeLog/7.1 Be sure to also check the following pages: * https://qemu-project.gitlab.io/qemu/about/removed-features.html * https://qemu-project.gitlab.io/qemu/about/deprecated.html Some notable changes: * [x86] Support for architectural LBRs on KVM virtual machines * [x86] The libopcode-based disassembler has been removed. Use Capstone instead * [LoongArch] Add initial support for the LoongArch64 architecture. * [ARM] The emulated SMMUv3 now advertises support for SMMUv3.2-BBML2 * [ARM] The xlnx-zynqmp SoC model now implements the 4 TTC timers * [ARM] The versal machine now models the Cortex-R5s in the Real-Time Processing Unit (RPU) subsystem * [ARM] The virt board now supports emulation of the GICv4.0 * [ARM] New emulated CPU types: Cortex-A76, Neoverse-N1 * [HPPA] Fix serial port pass-through from host to guest * [HPPA] Lots of general code improvements and tidy-ups * [RISC-V] RISC-V * [RISC-V] Add support for privileged spec version 1.12.0 * [RISC-V] Use privileged spec version 1.12.0 for virt machine by default * [RISC-V] Allow software access to MIP SEIP * [RISC-V] Add initial support for the Sdtrig extension * [RISC-V] Optimisations and improvements for the vector extension * [VFIO] Experimental support for exposing emulated PCI devices over the new vfio-user protocol (a vfio-user client is not yet available in QEMU, though) * [QMP] The on-cbw-error option for copy-before-write filter, to specify behavior on CBW (copy before write) operation failure. * [QMP] The cbw-timeout option for copy-before-write filter, to specify timeout for CBW operation. * [QMP] New commands query-stats and query-stats-schema to retrieve statistics from various QEMU subsystems (right now only from KVM). * [QMP] The PanicAction can now be configured to report an exit-failure (useful for automated testing) * [Networking] QEMU can be compiled with the system slirp library even when using CFI. This requires libslirp 4.7. * [Migration] Support for zero-copy-send on Linux, which reduces CPU usage on the source host. Note that locked memory is needed to support this * Patches added: Revert-tests-qtest-enable-more-vhost-use.patch meson-remove-pkgversion-from-CONFIG_STAM.patch * Patches dropped: AIO-Reduce-number-of-threads-for-32bit-h.patch Makefile-Don-t-check-pc-bios-as-pre-requ.patch Revert-8dcb404bff6d9147765d7dd3e9c849337.patch Revert-qht-constify-qht_statistics_init.patch XXX-dont-dump-core-on-sigabort.patch acpi_piix4-Fix-migration-from-SLE11-SP2.patch configure-only-populate-roms-if-softmmu.patch configure-remove-pkgversion-from-CONFIG_.patch coroutine-ucontext-use-QEMU_DEFINE_STATI.patch coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch coroutine-win32-use-QEMU_DEFINE_STATIC_C.patch hostmem-default-the-amount-of-prealloc-t.patch hw-usb-hcd-ehci-fix-writeback-order.patch i8254-Fix-migration-from-SLE11-SP2.patch intc-exynos4210_gic-replace-snprintf-wit.patch modules-generates-per-target-modinfo.patch modules-introduces-module_kconfig-direct.patch pc-bios-s390-ccw-net-avoid-warning-about.patch pci-fix-overflow-in-snprintf-string-form.patch qemu-cvs-gettimeofday.patch qemu-cvs-ioctl_debug.patch qemu-cvs-ioctl_nodirection.patch qht-Revert-some-constification-in-qht.c.patch qom-handle-case-of-chardev-spice-module-.patch scsi-lsi53c895a-fix-use-after-free-in-ls.patch scsi-lsi53c895a-really-fix-use-after-fre.patch softmmu-Always-initialize-xlat-in-addres.patch sphinx-change-default-language-to-en.patch test-add-mapping-from-arch-of-i686-to-qe.patch tests-Fix-block-tests-to-be-compatible-w.patch tests-qtest-Move-the-fuzz-tests-to-x86-o.patch usb-Help-compiler-out-to-avoid-a-warning.patch ++++ shim: - Add "tpm_record_pcrs" to EFI grub.cfg ------------------------------------------------------------------ ------------------ 2022-9-19 - Sep 19 2022 ------------------- ------------------------------------------------------------------ ++++ bash: - Small change in quotes-man2html.patch * Use a simple "'" aka quote instead of "′" for "\(aq" ++++ grub2: - Add safety measure to pcr snapshot by checking platform and tpm status * safe_tpm_pcr_snapshot.patch ++++ ncurses: - Add ncurses patch 20220917 + reduce memory-leak in tic by separating allocations for struct entry from TERMTYPE2 (cf: 20220430). + improve interaction between tic -v option and NCURSES_TRACE, by processing the latter only when -v option does not set _nc_tracing. + modify curses_trace() to show the trace-mask as symbols, e.g., TRACE_ORDINARY, DEBUG_LEVEL(3). ++++ protobuf: - update to 21.6: C++: * Reduce memory consumption of MessageSet parsing ++++ patterns-alp: - cockpit pattern: explicitly require libpwquality-tools to resolve image build dependency issue ++++ ovmf: - Add patches to disable option ROM on sev (bsc#1199156) ovmf-bsc1199156-OvmfPkg-IncompatiblePciDeviceSupportDxe-Ignore-Optio.patch ++++ vim: - Updated to version 9.0.0500, fixes the following problems - boo#1203508 - CVE-2022-3234 - boo#1203509 - CVE-2022-3235 * On an AZERTY keyboard digit keys get the shift modifier. * Incorrect color for modeless selection with GTK. * A few problems with 'splitscroll'. * Function called at debug prompt is also debugged. * Substitute prompt does not highlight an empty match. * Splitting a line with a text prop "above" moves it to a new line below. * Vim9: block in for loop doesn't behave like a code block. * Loop variable can't be found. * 'scroll' is not always updated. * ASAN warning for integer overflow. * Command line test leaves directory behind. * With virtual text "above" indenting doesn't work well. * Cursor moves when cmdwin is closed when 'splitscroll' is off. * Virtual text wrong after adding line break after line. * Build failure. * Exectution stack underflow without the +eval feature. (Dominique Pellé) * Cursor moves if cmdwin is closed when 'splitscroll' is off. * In a :def function all closures in a loop get the same variables. * No test for what patch 9.0.0469 fixes. * Virtual text "below" doesn't show in list mode. * fullcommand() only works for the current script version. * fullcommand() test failure. * Not using deferred delete in tests. * Varargs does not work for replacement function of substitute(). * Missing dependency may cause crashes on incomplete build. * Test for 'splitscroll' takes too much time. * Valva Date Format files are not recognized. * Cannot use a :def varargs function with substitute(). * In a :def function all closures in a loop get the same variables. * "g0" moves to wrong location with virtual text "above". * Illegal memory access when replacing in virtualedit mode. * In a :def function all closures in a loop get the same variables. * Text scrolled with 'nosplitscroll', autocmd win opened and help window closed. * Using freed memory with combination of closures. * Cursor in wrong position with virtual text "above" and 'showbreak'. * Using "end_lnum" with virtual text causes problems. * Using freed memory with cmdwin and BufEnter autocmd. * No good reason to build without the float feature. * Cmdwin test fails on MS-Windows. * Perl test fails. * Small build misses float function declaraitons. * Closure doesn't work properly in nested loop. * No good reason to keep supporting Windows-XP. * LyRiCs files are not recognized. * Various small issues. * In :def function list created after const is locked. * When quitting the cmdline window with CTRL-C it remains visible. ------------------------------------------------------------------ ------------------ 2022-9-18 - Sep 18 2022 ------------------- ------------------------------------------------------------------ ++++ gobject-introspection: - Update to version 1.74.0: + Update the GIR data for GLib, GObject, GModule, and GIO. ++++ glib2: - Update to version 2.74.0: + Use EPOLL_CLOEXEC by default + Fixed various regression on GRegex as per the PCRE2 porting + Fixed various memory leaks + Bugs fixed: glgo#GNOME/gtksourceview#278, glgo#GNOME/gtksourceview#283, glgo#GNOME/GLib#2688, glgo#GNOME/GLib#2713, glgo#GNOME/GLib#2719, glgo#GNOME/GLib#2729, glgo#GNOME/GLib#2733, glgo#GNOME/GLib#2737, glgo#GNOME/GLib#2741, glgo#GNOME/gtk#4400, glgo#GNOME/GLib!2820, glgo#GNOME/GLib!2855, glgo#GNOME/GLib!2861, glgo#GNOME/GLib!2868, glgo#GNOME/GLib!2873, glgo#GNOME/GLib!2874, glgo#GNOME/GLib!2875, glgo#GNOME/GLib!2876, glgo#GNOME/GLib!2879, glgo#GNOME/GLib!2881, glgo#GNOME/GLib!2882, glgo#GNOME/GLib!2883, glgo#GNOME/GLib!2900. + Updated translations. ++++ gsettings-desktop-schemas: - Update to version 43.0: + Updated translations. ++++ kernel-default: - Update to 6.0-rc6 - commit 2132e28 ++++ libksba: - libksba 1.6.1: * Allow an OCSP server not to return the sent nonce - fix rpmlint warnings ++++ python310-core: - test-int-timing.patch: gh-96710: Make the test timing more lenient for the int/str DoS regression test. (#96717) ++++ python310: - test-int-timing.patch: gh-96710: Make the test timing more lenient for the int/str DoS regression test. (#96717) ------------------------------------------------------------------ ------------------ 2022-9-17 - Sep 17 2022 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - update to 5.19.1: * fix memory leaks (extent buffer, path) * check: verify block device size vs item * rescue fix-device-size: allow to shrink device item * receive: fix crash on wrong pinter free() * other: * experimental: support for block-group-tree * documentation updates * new tests ++++ filesystem: - Update /usr/etc/skel per XDG Directory Specification: * Add .local/bin to eventually replace bin for user executable files * Use .local/share/fonts instead of .fonts for user specific fonts * Add missing dirs: .local/share .local/state ++++ at-spi2-core: - Update to version 2.46.0: + Fix GetInterfaces documentation on org.a11y.atspi.Accessible interface. ++++ mozilla-nss: - update to NSS 3.82 * bmo#1330271 - check for null template in sec_asn1{d,e}_push_state * bmo#1735925 - QuickDER: Forbid NULL tags with non-zero length * bmo#1784724 - Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * bmo#1784191 - Cast the result of GetProcAddress * bmo#1681099 - pk11wrap: Tighten certificate lookup based on PKCS #11 URI. ++++ popt: - popt 1.19: * various build system fixes * various developer visible fixes * Fix the handling of superfluous args passed with = * Fix multiple resource and memory leaks * Fix '=' getting shown for short options * Improve random number handling * translation updates and documentation improvements - refresh spec file, run tests, package license in every package, and treat all compiler warnings and errors ++++ python-charset-normalizer: - update to 2.1.1: * Function `normalize` scheduled for removal in 3.0 * Removed useless call to decode in fn is_unprintable (#206) ++++ python-pyzmq: - update to version 24.0.0: * Breaking changes: + Due to a libzmq bug causing unavoidable crashes for some users, Windows wheels no longer bundle libzmq with AF_UNIX support. In order to enable AF_UNIX on Windows, pyzmq must be built from source, linking an appropriate build of libzmq (e.g. libzmq-v142). AF_UNIX support will be re-enabled in pyzmq wheels when libzmq published fixed releases. + Using a {class}zmq.Context as a context manager or deleting a context without closing it now calls {meth}zmq.Context.destroy at exit instead of {meth}zmq.Context.term. This will have little effect on most users, but changes what happens when user bugs result in a context being implicitly destroyed while sockets are left open. In almost all cases, this will turn what used to be a hang into a warning. However, there may be some cases where sockets are actively used in threads, which could result in a crash. To use sockets across threads, it is critical to properly and explicitly close your contexts and sockets, which will always avoid this issue. ------------------------------------------------------------------ ------------------ 2022-9-16 - Sep 16 2022 ------------------- ------------------------------------------------------------------ ++++ fde-tools: - Move the (shipped) keyfile into /root to avoid issues with r/o root ++++ grub2: - Fix installation failure due to unavailable nvram device on ppc64le (bsc#1201361) * 0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch - Add patches to dynamically allocate additional memory regions for EFI systems (bsc#1202438) * 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch * 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch * 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch * 0004-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch * 0005-kern-efi-mm-Implement-runtime-addition-of-pages.patch - Enlarge the default heap size and defer the disk cache invalidation (bsc#1202438) * 0001-kern-efi-mm-Enlarge-the-default-heap-size.patch * 0002-mm-Defer-the-disk-cache-invalidation.patch ++++ at-spi2-core: - Add libatk-1_0-0 and libatk-bridge-2_0-0 to baselibs.conf, build 32bit support. ++++ colord: - Add colord-CVE-2021-42523.patch: fix a small memory leak on db open failure (boo#1202802 CVE-2021-42523). ++++ pango: - Update to version 1.50.10: + Avoid some unnecessary strdups. + Fix line height computations with a non-trivial CTM. ++++ libpng16: - update to 1.6.38: * Added configurations and scripts for continuous integration. * Fixed various errors in the handling of tRNS, hIST and eXIf. * Implemented many stability improvements across all platforms. * Updated the internal documentation. ++++ microos-tools: - Update to version 2.17: - selinux-autorelabel-generator: Don't cross partition boundaries for /.snapshots when relabeling [issue#11] ++++ python-idna: - update to 3.4: * Update to Unicode 15.0.0 * Migrate to pyproject.toml for build information (PEP 621) * Correct another instance where generic exception was raised instead of IDNAError for malformed input * Source distribution uses zeroized file ownership for improved reproducibility ------------------------------------------------------------------ ------------------ 2022-9-15 - Sep 15 2022 ------------------- ------------------------------------------------------------------ ++++ bash: - Add patch quotes-man2html.patch * Fix boo#1203091 -- BASH(1) Manual Page: Unprocessed macro aq ++++ e2fsprogs: - Refresh e2fsprogs.keyring based on currently provided keys. ++++ glib-networking: - Update to version 2.74.0: + Updated translations. ++++ grub2: - Add patches for ALP FDE support * 0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch * 0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch * 0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch * 0004-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch * 0005-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch * 0006-EFI-console-Do-not-set-colorstate-until-the-first-te.patch * 0007-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch * 0008-linuxefi-Use-common-grub_initrd_load.patch * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch * 0010-templates-import-etc-crypttab-to-grub.cfg.patch * grub-read-pcr.patch * efi-set-variable-with-attrs.patch * tpm-record-pcrs.patch * tpm-protector-dont-measure-sealed-key.patch * tpm-protector-export-secret-key.patch * grub-install-record-pcrs.patch * grub-unseal-debug.patch ++++ kernel-default: - Linux 5.19.9 (bsc#1012628). - efi: libstub: Disable struct randomization (bsc#1012628). - efi: capsule-loader: Fix use-after-free in efi_capsule_write (bsc#1012628). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (bsc#1012628). - fs: only do a memory barrier for the first set_buffer_uptodate() (bsc#1012628). - soc: fsl: select FSL_GUTS driver for DPIO (bsc#1012628). - Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()" (bsc#1012628). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1012628). - scsi: core: Allow the ALUA transitioning state enough time (bsc#1012628). - scsi: megaraid_sas: Fix double kfree() (bsc#1012628). - drm/gem: Fix GEM handle release errors (bsc#1012628). - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (bsc#1012628). - drm/amdgpu: fix hive reference leak when adding xgmi device (bsc#1012628). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (bsc#1012628). - drm/amdgpu: Remove the additional kfd pre reset call for sriov (bsc#1012628). - drm/radeon: add a force flush to delay work when radeon (bsc#1012628). - scsi: ufs: core: Reduce the power mode change timeout (bsc#1012628). - Revert "parisc: Show error if wrong 32/64-bit compiler is being used" (bsc#1012628). - parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() (bsc#1012628). - parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines (bsc#1012628). - arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (bsc#1012628). - netfilter: conntrack: work around exceeded receive window (bsc#1012628). - thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR (bsc#1012628). - cpufreq: check only freq_table in __resolve_freq() (bsc#1012628). - net/core/skbuff: Check the return value of skb_copy_bits() (bsc#1012628). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (bsc#1012628). - fbdev: omapfb: Fix tests for platform_get_irq() failure (bsc#1012628). - fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1012628). - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (bsc#1012628). - x86/sev: Mark snp_abort() noreturn (bsc#1012628). - drm/amdgpu: add sdma instance check for gfx11 CGCG (bsc#1012628). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (bsc#1012628). - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (bsc#1012628). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (bsc#1012628). - ALSA: hda: Once again fix regression of page allocations with IOMMU (bsc#1012628). - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (bsc#1012628). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (bsc#1012628). - ALSA: usb-audio: Clear fixed clock rate at closing EP (bsc#1012628). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (bsc#1012628). - tracefs: Only clobber mode/uid/gid on remount if asked (bsc#1012628). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (bsc#1012628). - tracing: Fix to check event_mutex is held while accessing trigger list (bsc#1012628). - btrfs: zoned: set pseudo max append zone limit in zone emulation mode (bsc#1012628). - btrfs: zoned: fix API misuse of zone finish waiting (bsc#1012628). - vfio/type1: Unpin zero pages (bsc#1012628). - kprobes: Prohibit probes in gate area (bsc#1012628). - perf: RISC-V: fix access beyond allocated array (bsc#1012628). - debugfs: add debugfs_lookup_and_remove() (bsc#1012628). - sched/debug: fix dentry leak in update_sched_domain_debugfs (bsc#1012628). - drm/amd/display: fix memory leak when using debugfs_lookup() (bsc#1012628). - driver core: fix driver_set_override() issue with empty strings (bsc#1012628). - nvmet: fix a use-after-free (bsc#1012628). - drm/i915/bios: Copy the whole MIPI sequence block (bsc#1012628). - drm/i915/slpc: Let's fix the PCODE min freq table setup for SLPC (bsc#1012628). - drm/i915: Implement WaEdpLinkRateDataReload (bsc#1012628). - scsi: mpt3sas: Fix use-after-free warning (bsc#1012628). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1012628). - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree (bsc#1012628). - cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock (bsc#1012628). - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1012628). - smb3: missing inode locks in zero range (bsc#1012628). - spi: bitbang: Fix lsb-first Rx (bsc#1012628). - ASoC: cs42l42: Only report button state if there was a button interrupt (bsc#1012628). - Revert "soc: imx: imx8m-blk-ctrl: set power device name" (bsc#1012628). - arm64: dts: imx8mm-verdin: update CAN clock to 40MHz (bsc#1012628). - arm64: dts: imx8mm-verdin: use level interrupt for mcp251xfd (bsc#1012628). - ASoC: qcom: sm8250: add missing module owner (bsc#1012628). - regmap: spi: Reserve space for register address/padding (bsc#1012628). - arm64: dts: imx8mp-venice-gw74xx: fix sai2 pin settings (bsc#1012628). - arm64: dts: imx8mq-tqma8mq: Remove superfluous interrupt-names (bsc#1012628). - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (bsc#1012628). - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (bsc#1012628). - ARM: dts: imx6qdl-vicut1.dtsi: Fix node name backlight_led (bsc#1012628). - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (bsc#1012628). - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (bsc#1012628). - arm64: dts: ls1028a-qds-65bb: don't use in-band autoneg for 2500base-x (bsc#1012628). - soc: imx: gpcv2: Assert reset before ungating clock (bsc#1012628). - arm64: dts: verdin-imx8mm: add otg2 pd to usbphy (bsc#1012628). - arm64: dts: imx8mm-venice-gw7901: fix port/phy validation (bsc#1012628). - arm64: dts: freescale: verdin-imx8mm: fix atmel_mxt_ts reset polarity (bsc#1012628). - arm64: dts: freescale: verdin-imx8mp: fix atmel_mxt_ts reset polarity (bsc#1012628). - regulator: core: Clean up on enable failure (bsc#1012628). - ASoC: SOF: Kconfig: Make IPC_FLOOD_TEST depend on SND_SOC_SOF (bsc#1012628). - ASoC: SOF: Kconfig: Make IPC_MESSAGE_INJECTOR depend on SND_SOC_SOF (bsc#1012628). - tee: fix compiler warning in tee_shm_register() (bsc#1012628). - RDMA/irdma: Fix drain SQ hang with no completion (bsc#1012628). - arm64: dts: renesas: r8a779g0: Fix HSCIF0 interrupt number (bsc#1012628). - RDMA/cma: Fix arguments order in net device validation (bsc#1012628). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (bsc#1012628). - RDMA/hns: Fix supported page size (bsc#1012628). - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (bsc#1012628). - RDMA/hns: Remove the num_qpc_timer variable (bsc#1012628). - wifi: wilc1000: fix DMA on stack objects (bsc#1012628). - ARM: at91: pm: fix self-refresh for sama7g5 (bsc#1012628). - ARM: at91: pm: fix DDR recalibration when resuming from backup and self-refresh (bsc#1012628). - ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges (bsc#1012628). - ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges (bsc#1012628). - ARM: dts: at91: sama7g5ek: specify proper regulator output ranges (bsc#1012628). - ARM: dts: at91: sama5d27_wlsom1: don't keep ldo2 enabled all the time (bsc#1012628). - ARM: dts: at91: sama5d2_icp: don't keep vdd_other enabled all the time (bsc#1012628). - netfilter: br_netfilter: Drop dst references before setting (bsc#1012628). - netfilter: nf_tables: clean up hook list when offload flags check fails (bsc#1012628). - riscv: dts: microchip: use an mpfs specific l2 compatible (bsc#1012628). - netfilter: nf_conntrack_irc: Fix forged IP logic (bsc#1012628). - RDMA/srp: Set scmnd->result only when scmnd is not NULL (bsc#1012628). - ALSA: usb-audio: Inform the delayed registration more properly (bsc#1012628). - ALSA: usb-audio: Register card again for iface over delayed_register option (bsc#1012628). - rxrpc: Fix ICMP/ICMP6 error handling (bsc#1012628). - rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2() (bsc#1012628). - afs: Use the operation issue time instead of the reply time for callbacks (bsc#1012628). - kunit: fix assert_type for comparison macros (bsc#1012628). - Revert "net: phy: meson-gxl: improve link-up behavior" (bsc#1012628). - sch_sfb: Don't assume the skb is still around after enqueueing to child (bsc#1012628). - tipc: fix shift wrapping bug in map_get() (bsc#1012628). - net: introduce __skb_fill_page_desc_noacc (bsc#1012628). - tcp: TX zerocopy should not sense pfmemalloc status (bsc#1012628). - ice: Fix DMA mappings leak (bsc#1012628). - ice: use bitmap_free instead of devm_kfree (bsc#1012628). - i40e: Fix kernel crash during module removal (bsc#1012628). - iavf: Detach device during reset task (bsc#1012628). - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (bsc#1012628). - block: don't add partitions if GD_SUPPRESS_PART_SCAN is set (bsc#1012628). - RDMA/siw: Pass a pointer to virt_to_page() (bsc#1012628). - bonding: use unspecified address if no available link local address (bsc#1012628). - bonding: add all node mcast address when slave up (bsc#1012628). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1012628). - IB/core: Fix a nested dead lock as part of ODP flow (bsc#1012628). - RDMA/mlx5: Set local port to one when accessing counters (bsc#1012628). - btrfs: zoned: fix mounting with conventional zones (bsc#1012628). - erofs: fix error return code in erofs_fscache_{meta_,}read_folio (bsc#1012628). - erofs: fix pcluster use-after-free on UP platforms (bsc#1012628). - nvme-tcp: fix UAF when detecting digest errors (bsc#1012628). - nvme-tcp: fix regression that causes sporadic requests to time out (bsc#1012628). - tcp: fix early ETIMEDOUT after spurious non-SACK RTO (bsc#1012628). - btrfs: fix the max chunk size and stripe length calculation (bsc#1012628). - nvmet: fix mar and mor off-by-one errors (bsc#1012628). - RDMA/irdma: Report the correct max cqes from query device (bsc#1012628). - RDMA/irdma: Return error on MR deregister CQP failure (bsc#1012628). - RDMA/irdma: Return correct WC error for bind operation failure (bsc#1012628). - RDMA/irdma: Report RNR NAK generation in device caps (bsc#1012628). - net: dsa: felix: disable cut-through forwarding for frames oversized for tc-taprio (bsc#1012628). - net: dsa: felix: access QSYS_TAG_CONFIG under tas_lock in vsc9959_sched_speed_set (bsc#1012628). - net: ethernet: mtk_eth_soc: fix typo in __mtk_foe_entry_clear (bsc#1012628). - net: ethernet: mtk_eth_soc: check max allowed hash in mtk_ppe_check_skb (bsc#1012628). - net/smc: Fix possible access to freed memory in link clear (bsc#1012628). - io_uring: recycle kbuf recycle on tw requeue (bsc#1012628). - net: phy: lan87xx: change interrupt src of link_up to comm_ready (bsc#1012628). - sch_sfb: Also store skb len before calling child enqueue (bsc#1012628). - libperf evlist: Fix per-thread mmaps for multi-threaded targets (bsc#1012628). - perf dlfilter dlfilter-show-cycles: Fix types for print format (bsc#1012628). - perf script: Fix Cannot print 'iregs' field for hybrid systems (bsc#1012628). - perf record: Fix synthesis failure warnings (bsc#1012628). - hwmon: (tps23861) fix byte order in resistance register (bsc#1012628). - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (bsc#1012628). - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (bsc#1012628). - lsm,io_uring: add LSM hooks for the new uring_cmd file op (bsc#1012628). - selinux: implement the security_uring_cmd() LSM hook (bsc#1012628). - Smack: Provide read control for io_uring_cmd (bsc#1012628). - MIPS: loongson32: ls1c: Fix hang during startup (bsc#1012628). - kbuild: disable header exports for UML in a straightforward way (bsc#1012628). - i40e: Refactor tc mqprio checks (bsc#1012628). - i40e: Fix ADQ rate limiting for PF (bsc#1012628). - net: bonding: replace dev_trans_start() with the jiffies of the last ARP/NS (bsc#1012628). - bonding: accept unsolicited NA message (bsc#1012628). - swiotlb: avoid potential left shift overflow (bsc#1012628). - iommu/amd: use full 64-bit value in build_completion_wait() (bsc#1012628). - s390/boot: fix absolute zero lowcore corruption on boot (bsc#1012628). - time64.h: consolidate uses of PSEC_PER_NSEC (bsc#1012628). - net: dsa: felix: tc-taprio intervals smaller than MTU should send at least one packet (bsc#1012628). - hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map" not defined (bsc#1012628). - hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors (bsc#1012628). - hwmon: (mr75203) fix voltage equation for negative source input (bsc#1012628). - hwmon: (mr75203) fix multi-channel voltage reading (bsc#1012628). - hwmon: (mr75203) enable polling for all VM channels (bsc#1012628). - iommu/vt-d: Fix possible recursive locking in intel_iommu_init() (bsc#1012628). - perf evlist: Always use arch_evlist__add_default_attrs() (bsc#1012628). - perf stat: Fix L2 Topdown metrics disappear for raw events (bsc#1012628). - Revert "arm64: kasan: Revert "arm64: mte: reset the page tag in page->flags"" (bsc#1012628). - hwmon: (asus-ec-sensors) add support for Strix Z690-a D4 (bsc#1012628). - hwmon: (asus-ec-sensors) add support for Maximus XI Hero (bsc#1012628). - hwmon: (asus-ec-sensors) add missing sensors for X570-I GAMING (bsc#1012628). - hwmon: (asus-ec-sensors) add definitions for ROG ZENITH II EXTREME (bsc#1012628). - hwmon: (asus-ec-sensors) autoload module via DMI data (bsc#1012628). - arm64/bti: Disable in kernel BTI when cross section thunks are broken (bsc#1012628). - iommu/vt-d: Correctly calculate sagaw value of IOMMU (bsc#1012628). - iommu/virtio: Fix interaction with VFIO (bsc#1012628). - Update config files. - commit 0312ea1 ++++ polkit: - obsolete libpolkit0 also from baselibs. ++++ libsoup: - Update to version 3.2.0: + No changes, stable bump only. ++++ libvirt: - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. ++++ python310-pyparsing: - Fix incorrect usage of non-bundled pip revealed by python-rpm-macros update. ++++ qemu: - pcre-devel-static is only needed when building against glib2 < 2.73. After that, glib2 was migrated to pcre2. ------------------------------------------------------------------ ------------------ 2022-9-14 - Sep 14 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - llvm15.patch: backport of commits 2037c34f245, 301bcbac0e5, 6983c8580a2 to support LLVM 15 ++++ Mesa-drivers: - llvm15.patch: backport of commits 2037c34f245, 301bcbac0e5, 6983c8580a2 to support LLVM 15 ++++ ansible-core: - update to 2.13.4: Changelog https://github.com/ansible/ansible/blob/v2.13.4/changelogs/CHANGELOG-v2.13.rst * Bugfixes - Fix for network_cli not getting all relevant connection options - ansible-galaxy - Fix detection of --role-file in arguments for implicit role invocation (#78204) - ansible-galaxy - Fix exit codes for role search and delete (#78516) - ansible-test - Fix change detection for ansible-test's own integration tests. - ansible-test - ansible-doc sanity test - Correctly determine the fully-qualified collection name for plugins in subdirectories, resolving #78490. - apt - don't actually update the cache in check mode with update_cache=true. - apt - don't mark existing packages as manually installed in check mode (#66413). - apt - fix package selection to include /etc/apt/preferences(.d) (#77969) - urls - Guard imports of urllib3 by catching Exception instead of ImportError to prevent exceptions in the import process of optional dependencies from preventing use of urls.py (#78648) - wait_for - Read file and perform comparisons using bytes to avoid decode errors (#78214) ++++ diffutils: - Skip gnulib test test-free under qemu emulation (bsc#1202260) ++++ dracut: - Update to version 057+suse.315.gd210fc38: * chore(suse): update spec Fix "directories not owned by a package" caused by bash-completion directories not owned by dracut. Do not install modules incompatible with the system architecture. * chore(suse): change default persistent policy * ci(suse.conf.example): update SUSE-specific config * chore(suse): fix 99-debug.conf ++++ e2fsprogs: - Spec file cleanup: + Drop remainders regarding -mini packages, which was not a thing since Jan 2014. + Split build of fuse2fs out into a sep build (_multibuild enabled). ++++ file: - Add patch file-zstd.patch from upstream mailing list * Add zstd decompression support - Run also upstream standard checks ++++ gnutls: - FIPS: Run the CFB8 cipher selftest without offset [bsc#1203245] * CFB8 list of ciphers: GNUTLS_CIPHER_AES_{128,192,256}_CFB8 * Add gnutls-FIPS-Run-CFB8-without-offset.patch ++++ hwdata: - update to 0.362: + Updated pci, usb and vendor ids. ++++ less: - Update to 608: * Add the --header option (github #43). * Add the --no-number-headers option (github #178). * Add the --status-line option. * Add the --redraw-on-quit option (github #36). * Add the --search-options option (github #213). * Add the --exit-follow-on-close option (github #244). * Add 'H' color type to set color of header lines. * Add #version conditional to lesskey. * Add += syntax to variable section in lesskey files. * Allow option name in -- command to end with '=' in addition to '\n'. * Add $HOME/.config to possible locations of lesskey file (github #153). * Add $XDG_STATE_HOME and $HOME/.local/state to possible locations of history file (github #223). * Don't read or write history file in secure mode (github #201). * Fix display of multibyte and double-width chars in prompt. * Fix ESC-BACKSPACE command when BACKSPACE key does not send 0x08 (github #188). * Add more \k codes to lesskey format. * Fix bug when empty file is modified while viewing it. * Fix bug when parsing a malformed lesskey file (githb #234). * Fix bug scrolling history when --incsearch is set (github #214). * Fix buffer overflow when invoking lessecho with more than 63 -m/-n options (github #198). * Fix buffer overflow in bin_file (github #271). * Fix bug restoring color at end of highlighted text. * Fix bug in parsing lesskey file. * Defer moving cursor to lower left in some more cases. * Suppress TAB filename expansion in some cases where it doesn't make sense. * Fix termlib detection when compiler doesn't accept calls to undeclared functions. * Escape filenames when invoking LESSCLOSE. * Fix bug using multibyte UTF-8 char in search string with --incsearch (github #273). ++++ openssl-3: - Do not make libopenssl3-32bit obsolete libopenssl1_1-32bit. They are independent libraries and can be installed simultaneously. ++++ logrotate: - Ignoring vendor logs settings in /usr/etc/logrotate.d if they have already been defined by the the admin in the /etc/logrotate.d directory (bsc#1173319). - Removed logrotate-3.20.0-man_logrotate.patch. - Added logrotate-vendor-dir.patch ++++ rsync: - Use bundled SLP patch now that upstream fixed it: * Remove rsync-3.2.5-slp.patch ------------------------------------------------------------------ ------------------ 2022-9-13 - Sep 13 2022 ------------------- ------------------------------------------------------------------ ++++ bash: - Update to bash 5.2 rc4 Pos. aa is now enabled by default. m. Readline now checks for changes to locale settings (LC_ALL/LC_CTYPE/LANG) each time it is called, and modifies the appropriate locale-specific display - Port patches * bash-2.03-manual.patch * bash-5.2.dif ++++ permissions: - Update to version 20220912: * chkstat: also consider group controlled paths (bsc#1203018, CVE-2022-31252) ++++ cockpit: - Fix cockpit-storage dependencies - Merge SUSE branding into cockpit package ++++ cryptsetup: - Add virtual provides for 'integritysetup' and 'veritysetup' to match package names provided by Fedora/RHEL, to allow the same set of dependencies to be used across all RPM distributions. ++++ e2fsprogs: - enabled fuse2fs build which enable to mount ext2/3/4 via FUSE ++++ fde-tools: - Introduce a specific unit script that takes care of mounting root early (to avoid conflicts with ignition). ++++ file: - update to 5.43: * Add octal indirect magic * avoid infinite loop in non-wide code * Obey MAGIC_CONTINUE with multiple magic files * Fix bug with large flist * PR/364: Detect non-nul-terminated core filenames from QEMU * PR/359: Add support for http://ndjson.org/ * PR/362: Fix wide printing * PR/358: Fix width for -f - - drop file-boo1201350.patch (upstream) ++++ gawk: - upref.patch: Add missing UPREF ++++ gnutls: - provide a libgnutls30-hmac-32bit to avoid uninstallable wine when pattern-base-fips is installed [boo#1203353] ++++ libdrm: - disabled intel driver on s390x ++++ rdma-core: - Update to v42.0 - Fixes for all providers - Dropped patches merged upstream: - util-Add-barriers-support-for-RISC-V.patch - cmake-Make-modprobe.d-path-configurable.patch - Update gen-pandoc.sh to support python3 ++++ readline: - Update to readline-8.2-rc4 m. Readline now checks for changes to locale settings (LC_ALL/LC_CTYPE/LANG) each time it is called, and modifies the appropriate locale-specific display and key binding variables when the locale changes. - Port patch readline-8.2.dif ++++ python-pycairo: - Update to version 1.21.0: * Require Python 3.7+ * Require meson 0.53+ * Using setup.py directly to build/install pycairo is deprecated. Use meson instead. * setup.py now requires setuptools. Previously it was optional. * The complete API reference is now included in the typing stubs, so it can be consumed/shown by IDEs. - Add f5a795ea.patch: Some test improvements for cairo 1.17.6 ++++ vim: - Updated to version 9.0.0453, fixes the following problems - boo#1203272 - CVE-2022-3153 - boo#1203194 - CVE-2022-3134 - boo#1203110 - CVE-2022-3099 * Writefile test leaves files behind. * Freeing the wrong string on failure. * Coverity complains about unused value. * Covertity still complains about using return value of getc(). * GUI: when CTRL-D is mapped in Insert mode it gets inserted. (Yasuhiro Matsumoto) * Some code blocks are nested too deep. * repeating a mapping does not use the right script context. * The do_arg_all() function is too long. * Crash when 'tagfunc' closes the window. * Cannot use a partial with :defer. * Using separate delete() call instead of writefile() 'D' flag. * Inverted condition is a bit confusing. * Signals test often fails on FreeBSD. * Cygwin: multibyte characters may be broken in terminal window. * Clang warnings for function prototypes. * :findrepl does not escape '&' and '~' properly. * :defer not tested with exceptions and ":qa!". * Members of funccall_T are inconsistently named. * Using :defer in expression funcref not tested. * GUI test sometimes hangs on CI. * CI uses older clang version. * Javascript module files are not recoginzed. * 'equalalways' may be off when 'laststatus' is zero. * Crash when passing invalid arguments to assert_fails(). * Arguments in a partial not used by a :def function. * Deferred functions not invoked when partial func exits. * matchstr() does match column offset. (Yasuhiro Matsumoto) * GUI test sometimes fails on MS-Windows. * #{g:x} was seen as a curly-braces expression. * Struct member cts_lnum is unused. * Only created files can be cleaned up with one call. * Compiler warning for unused argument. * ASAN reports a memory leak. * matchstr() still does not match column offset when done after a text search. * ml_get error when appending lines in popup window. * Jsonnet files are not recognized. * Manually deleting temp test files. * The :defer command does not check the function argument count and types. * Function went missing. * Not enough testing of the :all command. * "for" and "while" not recognized after :vim9cmd and :legacy. (Emanuele Torre) * gitattributes files are not recognized. * Autocmd test is a bit flaky on MS-Windows. * Failed flaky tests report only start time. * Drupal theme files are not recognized. * Autocmd test uses common file name. * Not all keys are tested for the MS-Windows GUI. * Cannot use repeat() with a blob. * Current mode shows in message window. * Crash when using for loop variable in closure. * Coverity warns for not checking allocation failure. * gitignore files are not recognized. * Compiler warning for uninitialized variable. * CI: running tests in parallel causes flakiness. * No error when a custom completion function returns something else than the expected list. * Cannot put virtual text above a line. * Cursor wrong if inserting before line with virtual text above. * Crash when using mkdir() with "R" flag in compiled function. * Closure in for loop test fails on some systems. * Virtual text "above" doesn't handel line numbers. * Blueprint files are not recognized. * Trying to declare g:variable gives confusing error. * When opening/closing window text moves up/down. * Message window may be positioned too low. * Using :echowin while at the hit-enter prompt causes problems. * SubRip files are not recognized. * There is no easy way to translate a string with a key code into a readable string. * Return value of argument check functions is inconsistent. * Virtual text "above" does not work with 'nowrap'. * Visual highlighting extends into virtual text prop. * On an AZERTY keyboard digit keys get the shift modifier. ------------------------------------------------------------------ ------------------ 2022-9-12 - Sep 12 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - commit a5f18a6 - iommu: Fix false ownership failure on AMD systems with PASID activated (bsc#1202492). - commit c4990ab - Drop temporary workaround patch for HD-audio IOMMU bug (bsc#1202492) The proper upstream fix will be merged instead - commit 23d9d61 ++++ llvm15: - Use correct LLVM_HOST_TRIPLE for riscv64 ++++ libdrm: - update to 2.4.113: * amdgpu: update marketing names * sync i915_pciids with kernel * atomic: fix atomic_add_unless() fallback's return value * intel: Avoid aliasing violation * intel: Hook up new platforms IDs * meson: auto-enable etnaviv on arm, arc, mips and loongarch architectures * modetest: use drmGetFormatName() * lots of testsuite and CI improvements - enable intel support everywhere as there are now discrete intel GPUs - enable vc4 support on armv7/aarch64 - simplify valgrind support ifdefery ++++ jitterentropy: - updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ++++ ncurses: - Add ncurses patch 20220910 + amend verbose-option change to make this affect level 3, e.g., using "tic -cv3 terminfo". + work around musl's nonstandard use of feature test macros by adding a definition for NCURSES_WIDECHAR to the generated ".pc" and *-config files (report by Sam James). - Add ncurses patch 20220903 + modify verbose-option of infocmp, tic, toe to enable debug-tracing if that is configured. - Add ncurses patch 20220827 + modify configure scripts to use overlooked cases for LD and PKG_CONFIG variables (report by Alan Webb, Gentoo #866398). + modify nsterm to use xterm+alt1049 (report by Paul Handly) -TD + modify putty to use xterm+alt1049 -TD - Correct offsets of patches * ncurses-5.9-ibm327x.dif * ncurses-6.3.dif ++++ rpm: - update to rpm-4.17.1.1 * Fix upstream branch setting in "%autosetup -S git" * Revert "Strip the target triplet GNU suffix more precisely." ++++ ovmf: - Modified ovmf.changes log, using PED-1410 instead of PED-1359 for pushing to SLE15-SP5. ++++ rsync: - update to 3.2.6: * More path-cleaning improvements in the file-list validation code to avoid rejecting of valid args. * A file-list validation fix for a --files-from file that ends without a line-terminating character. * Added a safety check that prevents the sender from removing destination files when a local copy using --remove-source-files has some files that are shared between the sending & receiving hierarchies, including the case where the source dir & destination dir are identical. * Fixed a bug in the internal MD4 checksum code that could cause the digest to be sporadically incorrect (the openssl version was/is fine). * A minor tweak to rrsync added "copy-devices" to the list of known args, but left it disabled by default. ++++ selinux-policy: - Revamped rtorrent module ++++ shim: - Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066) ++++ suse-module-tools: - Update to version 16.0.23: * cert-script: skip cert handling if efivarfs is not writable (bsc#1201066) * driver-check.sh, unblacklist: convert egrep to grep -E (bsc#1203092) ------------------------------------------------------------------ ------------------ 2022-9-11 - Sep 11 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update to 6.0-rc5 - eliminate 5 patches: - patches.suse/ASoC-nau8540-Implement-hw-constraint-for-rates.patch - patches.suse/ASoC-nau8821-Implement-hw-constraint-for-rates.patch - patches.suse/ASoC-nau8824-Fix-semaphore-unbalance-at-error-paths.patch - patches.suse/ASoC-nau8824-Implement-hw-constraint-for-rates.patch - patches.suse/ASoC-nau8825-Implement-hw-constraint-for-rates.patch - refresh configs - commit f7dcc92 ++++ python310-core: - Update to 3.10.7: - Fix for CVE-2020-10735 (bsc#1203125) Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. - Other bug fixes: - Fixed a bug that caused _PyCode_GetExtra to return garbage for negative indexes. - Fix format string in _PyPegen_raise_error_known_location that can lead to memory corruption on some 64bit systems. The function was building a tuple with i (int) instead of n (Py_ssize_t) for Py_ssize_t arguments. - Fix misleading contents of error message when converting an all-whitespace string to float. - coroutine.throw() now properly initializes the frame.f_back when resuming a stack of coroutines. This allows e.g. traceback.print_stack() to work correctly when an exception (such as CancelledError) is thrown into a coroutine. - ast.parse() will no longer parse function definitions with positional-only params when passed feature_version less than (3, 8). - Correct conversion of numbers.Rational’s to float. - Fix a performance regression in logging TimedRotatingFileHandler. Only check for special files when the rollover time has passed. - Fix unused localName parameter in the Attr class in xml.dom.minidom. - Update bundled pip to 22.2.2. - Fail gracefully if EPERM or ENOSYS is raised when loading crypt methods. This may happen when trying to load MD5 on a Linux kernel with FIPS enabled. - Improve discoverability of the higher level concurrent.futures module by providing clearer links from the lower level threading and multiprocessing modules. - Update the default RFC base URL from deprecated tools.ietf.org to datatracker.ietf.org - Fix stylesheet not working in Windows CHM htmlhelp docs. - The documentation now lists which members of C structs are part of the Limited API/Stable ABI. - Mitigate the inherent race condition from using find_unused_port() in testSockName() by trying to find an unused port a few times before failing. - Build and test with OpenSSL 1.1.1q - Document handling of extensions in Save As dialogs. - Include prompts when saving Shell (interactive input and output). ++++ python310: - Update to 3.10.7: - Fix for CVE-2020-10735 (bsc#1203125) Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. - Other bug fixes: - Fixed a bug that caused _PyCode_GetExtra to return garbage for negative indexes. - Fix format string in _PyPegen_raise_error_known_location that can lead to memory corruption on some 64bit systems. The function was building a tuple with i (int) instead of n (Py_ssize_t) for Py_ssize_t arguments. - Fix misleading contents of error message when converting an all-whitespace string to float. - coroutine.throw() now properly initializes the frame.f_back when resuming a stack of coroutines. This allows e.g. traceback.print_stack() to work correctly when an exception (such as CancelledError) is thrown into a coroutine. - ast.parse() will no longer parse function definitions with positional-only params when passed feature_version less than (3, 8). - Correct conversion of numbers.Rational’s to float. - Fix a performance regression in logging TimedRotatingFileHandler. Only check for special files when the rollover time has passed. - Fix unused localName parameter in the Attr class in xml.dom.minidom. - Update bundled pip to 22.2.2. - Fail gracefully if EPERM or ENOSYS is raised when loading crypt methods. This may happen when trying to load MD5 on a Linux kernel with FIPS enabled. - Improve discoverability of the higher level concurrent.futures module by providing clearer links from the lower level threading and multiprocessing modules. - Update the default RFC base URL from deprecated tools.ietf.org to datatracker.ietf.org - Fix stylesheet not working in Windows CHM htmlhelp docs. - The documentation now lists which members of C structs are part of the Limited API/Stable ABI. - Mitigate the inherent race condition from using find_unused_port() in testSockName() by trying to find an unused port a few times before failing. - Build and test with OpenSSL 1.1.1q - Document handling of extensions in Save As dialogs. - Include prompts when saving Shell (interactive input and output). ------------------------------------------------------------------ ------------------ 2022-9-10 - Sep 10 2022 ------------------- ------------------------------------------------------------------ ++++ libXft: - Update to version 2.3.6 * Fixes a regression in 2.3.5 for XftTextExtents* length-checks. ++++ python-psutil: - update to version 5.9.2: * Bug fixes + 2093_, [FreeBSD], **[critical]**: `pids()`_ may fail with ENOMEM. Dynamically increase the "malloc()" buffer size until it's big enough. + 2095_, [Linux]: `net_if_stats()`_ returns incorrect interface speed for 100GbE network cards. + 2113_, [FreeBSD], **[critical]**: `virtual_memory()`_ may raise ENOMEM due to missing "#include " directive. (patch by Peter Jeremy) + 2128_, [NetBSD]: `swap_memory()`_ was miscalculated. (patch by Thomas Klausner) ++++ sudo: - Modified sudo-sudoers.patch * bsc#1177578 * Removed redundant and confusing 'secure_path' settings in sudo-sudoers file. ------------------------------------------------------------------ ------------------ 2022-9-9 - Sep 9 2022 ------------------- ------------------------------------------------------------------ ++++ dmidecode: 2 recommended fixes from upstream: - news-fix-typo.patch: We ship the NEWS file so avoid including a typo in it. - dmioem-fix-segmentation-fault-in-dmi_hp_240_attr.patch: Passing NULL to a %s printf conversion specifier is illegal, and can result in a segmentation fault. Current version of glibc doesn't mind, but alternative, past or future libc implementations could crash, so let's fix it. ++++ dnsmasq: - Ensure the dnsmasq user's group is used - Remove nogroup requirement ++++ multipath-tools: - Update to version 0.9.1+52+suse.be8809e: * Code-identical to 0.9.1+48+suse.9c6c435 (merge in git repo to preserve history; fix revision in _service file). ++++ numactl: - Update to version 2.0.15.0.g01a39cb: * Create codeql.yml * Create makefile.yml * Fix crash when memhog uses local policy * Fix memhog uses the wrong policy but still works properly * Fix the example usage in the man manual. * fix memory and file handle leaks * Do not reuse variable names in subscopes and delete useless blank lines * Delete unused header files * Limit the scope of function * avoid declaring a global variable * Fix build error on riscv64 by linking libatomic ++++ patterns-base: - drop recommends for ucode-intel and ucode-amd, these packages have supplements to be pulled in on the respective cpus and there is no point having both installed (doubling the number of reboot-needed updates) ++++ rsync: - Build SLE version with g++-11 to work around nondeterministic g++-7 (boo#1193895) ------------------------------------------------------------------ ------------------ 2022-9-8 - Sep 8 2022 ------------------- ------------------------------------------------------------------ ++++ glib2: - Replace pkgconfig(libpcre) with pkgconfig(libpcre2-8) BuildRequires. No longer used by glib (replaced by pcre2 in 2.73.2). ++++ glibc: - errlist-edeadlock.patch: errlist: add missing entry for EDEADLOCK (BZ [#29545]) ++++ kernel-default: - Linux 5.19.8 (bsc#1012628). - drm/msm/dp: make eDP panel as the first connected connector (bsc#1012628). - drm/msm/dsi: fix the inconsistent indenting (bsc#1012628). - drm/msm/dpu: populate wb or intf before reset_intf_cfg (bsc#1012628). - drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 (bsc#1012628). - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (bsc#1012628). - drm/msm/dsi: Fix number of regulators for SDM660 (bsc#1012628). - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (bsc#1012628). - platform/x86: x86-android-tablets: Fix broken touchscreen on Chuwi Hi8 with Windows BIOS (bsc#1012628). - xsk: Fix corrupted packets for XDP_SHARED_UMEM (bsc#1012628). - drm/msm/gpu: Drop qos request if devm_devfreq_add_device() fails (bsc#1012628). - peci: aspeed: fix error check return value of platform_get_irq() (bsc#1012628). - iio: adc: mcp3911: make use of the sign bit (bsc#1012628). - skmsg: Fix wrong last sg check in sk_msg_recvmsg() (bsc#1012628). - bpf: Restrict bpf_sys_bpf to CAP_PERFMON (bsc#1012628). - ip_tunnel: Respect tunnel key's "flow_flags" in IP tunnels (bsc#1012628). - bpf, cgroup: Fix kernel BUG in purge_effective_progs (bsc#1012628). - drm/i915/gvt: Fix Comet Lake (bsc#1012628). - ieee802154/adf7242: defer destroy_workqueue call (bsc#1012628). - bpf: Fix a data-race around bpf_jit_limit (bsc#1012628). - drm/i915/ttm: fix CCS handling (bsc#1012628). - drm/i915/display: avoid warnings when registering dual panel backlight (bsc#1012628). - ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array (bsc#1012628). - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (bsc#1012628). - xhci: Fix null pointer dereference in remove if xHC has only one roothub (bsc#1012628). - Revert "xhci: turn off port power in shutdown" (bsc#1012628). - bpf: Allow helpers to accept pointers with a fixed size (bsc#1012628). - bpf: Tidy up verifier check_func_arg() (bsc#1012628). - bpf: Do mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO (bsc#1012628). - Bluetooth: hci_event: Fix vendor (unknown) opcode status handling (bsc#1012628). - Bluetooth: hci_sync: Fix suspend performance regression (bsc#1012628). - Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1012628). - Bluetooth: hci_sync: hold hdev->lock when cleanup hci_conn (bsc#1012628). - net: sparx5: fix handling uneven length packets in manual extraction (bsc#1012628). - net: smsc911x: Stop and start PHY during suspend and resume (bsc#1012628). - openvswitch: fix memory leak at failed datapath creation (bsc#1012628). - nfp: flower: fix ingress police using matchall filter (bsc#1012628). - net: dsa: xrs700x: Use irqsave variant for u64 stats update (bsc#1012628). - drm/i915: fix null pointer dereference (bsc#1012628). - net: sched: tbf: don't call qdisc_put() while holding tree lock (bsc#1012628). - net/sched: fix netdevice reference leaks in attach_default_qdiscs() (bsc#1012628). - net: phy: micrel: Make the GPIO to be non-exclusive (bsc#1012628). - net: lan966x: improve error handle in lan966x_fdma_rx_get_frame() (bsc#1012628). - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (bsc#1012628). - cachefiles: fix error return code in cachefiles_ondemand_copen() (bsc#1012628). - cachefiles: make on-demand request distribution fairer (bsc#1012628). - mlxbf_gige: compute MDIO period based on i1clk (bsc#1012628). - kcm: fix strp_init() order and cleanup (bsc#1012628). - sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb (bsc#1012628). - tcp: annotate data-race around challenge_timestamp (bsc#1012628). - Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb" (bsc#1012628). - net/smc: Remove redundant refcount increase (bsc#1012628). - soundwire: qcom: fix device status array range (bsc#1012628). - mm/slab_common: Deleting kobject in kmem_cache_destroy() without holding slab_mutex/cpu_hotplug_lock (bsc#1012628). - platform/mellanox: mlxreg-lc: Fix coverity warning (bsc#1012628). - platform/mellanox: mlxreg-lc: Fix locking issue (bsc#1012628). - serial: fsl_lpuart: RS485 RTS polariy is inverse (bsc#1012628). - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (bsc#1012628). - staging: rtl8712: fix use after free bugs (bsc#1012628). - staging: r8188eu: Add Rosewill USB-N150 Nano to device tables (bsc#1012628). - staging: r8188eu: add firmware dependency (bsc#1012628). - Revert "powerpc: Remove unused FW_FEATURE_NATIVE references" (bsc#1012628). - powerpc: align syscall table for ppc32 (bsc#1012628). - powerpc/rtas: Fix RTAS MSR[HV] handling for Cell (bsc#1012628). - vt: Clear selection before changing the font (bsc#1012628). - musb: fix USB_MUSB_TUSB6010 dependency (bsc#1012628). - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (bsc#1012628). - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (bsc#1012628). - iio: light: cm3605: Fix an error handling path in cm3605_probe() (bsc#1012628). - iio: ad7292: Prevent regulator double disable (bsc#1012628). - iio: adc: mcp3911: correct "microchip,device-addr" property (bsc#1012628). - iio: adc: mcp3911: use correct formula for AD conversion (bsc#1012628). - misc: fastrpc: fix memory corruption on probe (bsc#1012628). - misc: fastrpc: fix memory corruption on open (bsc#1012628). - firmware_loader: Fix use-after-free during unregister (bsc#1012628). - firmware_loader: Fix memory leak in firmware upload (bsc#1012628). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (bsc#1012628). - landlock: Fix file reparenting without explicit LANDLOCK_ACCESS_FS_REFER (bsc#1012628). - mmc: core: Fix UHS-I SD 1.8V workaround branch (bsc#1012628). - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (bsc#1012628). - binder: fix UAF of ref->proc caused by race condition (bsc#1012628). - binder: fix alloc->vma_vm_mm null-ptr dereference (bsc#1012628). - cifs: fix small mempool leak in SMB2_negotiate() (bsc#1012628). - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (bsc#1012628). - riscv: kvm: move extern sbi_ext declarations to a header (bsc#1012628). - clk: ti: Fix missing of_node_get() ti_find_clock_provider() (bsc#1012628). - drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported" (bsc#1012628). - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (bsc#1012628). - Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops" (bsc#1012628). - clk: core: Fix runtime PM sequence in clk_core_unprepare() (bsc#1012628). - Input: rk805-pwrkey - fix module autoloading (bsc#1012628). - powerpc/papr_scm: Fix nvdimm event mappings (bsc#1012628). - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (bsc#1012628). - clk: bcm: rpi: Prevent out-of-bounds access (bsc#1012628). - clk: bcm: rpi: Add missing newline (bsc#1012628). - hwmon: (gpio-fan) Fix array out of bounds access (bsc#1012628). - gpio: pca953x: Add mutex_lock for regcache sync in PM (bsc#1012628). - gpio: realtek-otto: switch to 32-bit I/O (bsc#1012628). - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (bsc#1012628). - powerpc/papr_scm: Ensure rc is always initialized in papr_scm_pmu_register() (bsc#1012628). - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (bsc#1012628). - mm: pagewalk: Fix race between unmap and page walker (bsc#1012628). - xen-blkback: Advertise feature-persistent as user requested (bsc#1012628). - xen-blkfront: Advertise feature-persistent as user requested (bsc#1012628). - xen-blkfront: Cache feature_persistent value before advertisement (bsc#1012628). - thunderbolt: Use the actual buffer in tb_async_error() (bsc#1012628). - thunderbolt: Check router generation before connecting xHCI (bsc#1012628). - usb: dwc3: pci: Add support for Intel Raptor Lake (bsc#1012628). - media: mceusb: Use new usb_control_msg_*() routines (bsc#1012628). - xhci: Add grace period after xHC start to prevent premature runtime suspend (bsc#1012628). - usb: dwc3: disable USB core PHY management (bsc#1012628). - usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop (bsc#1012628). - usb: dwc3: fix PHY disable sequence (bsc#1012628). - USB: serial: ch341: fix lost character on LCR updates (bsc#1012628). - USB: serial: ch341: fix disabled rx timer on older devices (bsc#1012628). - USB: serial: cp210x: add Decagon UCA device id (bsc#1012628). - USB: serial: option: add support for OPPO R11 diag port (bsc#1012628). - USB: serial: option: add Quectel EM060K modem (bsc#1012628). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (bsc#1012628). - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (bsc#1012628). - usb: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (bsc#1012628). - usb: typec: tcpm: Return ENOTSUPP for power supply prop writes (bsc#1012628). - usb: dwc2: fix wrong order of phy_power_on and phy_init (bsc#1012628). - usb: cdns3: fix issue with rearming ISO OUT endpoint (bsc#1012628). - usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer (bsc#1012628). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (bsc#1012628). - usb-storage: Add ignore-residue quirk for NXP PN7462AU (bsc#1012628). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1012628). - s390: fix nospec table alignments (bsc#1012628). - USB: core: Prevent nested device-reset calls (bsc#1012628). - usb: xhci-mtk: relax TT periodic bandwidth allocation (bsc#1012628). - usb: xhci-mtk: fix bandwidth release issue (bsc#1012628). - usb: gadget: f_uac2: fix superspeed transfer (bsc#1012628). - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (bsc#1012628). - USB: gadget: Fix obscure lockdep violation for udc_mutex (bsc#1012628). - dma-buf/dma-resv: check if the new fence is really later (bsc#1012628). - arm64/kexec: Fix missing extra range for crashkres_low (bsc#1012628). - driver core: Don't probe devices after bus_type.match() probe deferral (bsc#1012628). - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected (bsc#1012628). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (bsc#1012628). - ip: fix triggering of 'icmp redirect' (bsc#1012628). - net: Use u64_stats_fetch_begin_irq() for stats fetch (bsc#1012628). - net: mac802154: Fix a condition in the receive path (bsc#1012628). - ALSA: memalloc: Revive x86-specific WC page allocations again (bsc#1012628). - ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 (bsc#1012628). - ALSA: seq: oss: Fix data-race for max_midi_devs access (bsc#1012628). - ALSA: seq: Fix data-race at module auto-loading (bsc#1012628). - drm/i915/backlight: Disable pps power hook for aux based backlight (bsc#1012628). - drm/i915/guc: clear stalled request after a reset (bsc#1012628). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (bsc#1012628). - drm/i915: Skip wm/ddb readout for disabled pipes (bsc#1012628). - tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (bsc#1012628). - tty: n_gsm: initialize more members at gsm_alloc_mux() (bsc#1012628). - tty: n_gsm: replace kicktimer with delayed_work (bsc#1012628). - tty: n_gsm: avoid call of sleeping functions from atomic context (bsc#1012628). - commit 0330383 - Refresh patches.suse/Revert-usb-typec-ucsi-add-a-common-function-ucsi_unr.patch. Update upstream info. - commit 9b6c180 ++++ fuse3: - Update to release 3.12.0 * The max_idle_threads parameter has been deprecated in favor of the new max_threads* parameter * struct fuse_loop_config is now private and has to be constructed using fuse_loop_cfg_create() * fuse_session_loop_mt() now accepts struct fuse_loop_config * as NULL pointer. * fuse_parse_cmdline() now accepts a max_threads option. ++++ libgcrypt: - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] * Add libgcrypt-FIPS-rndjent_poll.patch * Rebase libgcrypt-jitterentropy-3.4.0.patch ++++ open-isns: - Update to version 0.102: * Preparing for version v0.102 * meson: just specify subdir for header-file install. * build: only specify version in one place * Fix two compiler warnings in slp.c * meson: update README * meson: small option usage cleanup * meson: several updates based on review * meson: fix error building shared lib with version * meson: convert some args to 'features' * meson: update README with meson info * Add a decprecation warning to configure script. * meson: Add ability to disable static library build * meson builds now working * git: ignore all shared library files * build: Remove these two files, no longer used * Add a package config file for libisns.a * isnsd: socket: Make sure to create IPv6 socket default * isnsadm: Fix unparse command line options "-V" and "-r" * Typo: s/overried/override/ * Removed bash-specific function definitions. Also, added patch to quiet compiler (soon upstream): * Quiet-a-commpiler-warning.patch This changes the SPEC file to use the new meson build system, supported in open-isns starting with version 0.102, instead of autoconf/make. Changes in the code: * no longer deliver isnsetup script or man page (development only) * now deliver a package config file for the library * now deliver both the static library and a shared library ------------------------------------------------------------------ ------------------ 2022-9-7 - Sep 7 2022 ------------------- ------------------------------------------------------------------ ++++ ansible: - update to 6.3.0: * Ansible 6.3.0 will include ansible-core 2.13.3 as well as a curated set of Ansible collections to provide a vast number of modules and plugins. * The changelog for ansible-core 2.13 installed by this release of ansible is available here: https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst * Collections which have opted into being a part of the Ansible-6 unified changelog will have an entry on this page: https://github.com/ansible-community/ansible-build-data/blob/main/6/CHANGELOG-v6.rst - update to 6.2.0: * Ansible 6.2.0 will include ansible-core 2.13.2 as well as a curated set of Ansible collections to provide a vast number of modules and plugins. * The changelog for ansible-core 2.13 installed by this release of ansible is available here: https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst * Collections which have opted into being a part of the Ansible-6 unified changelog will have an entry on this page: https://github.com/ansible-community/ansible-build-data/blob/main/6/CHANGELOG-v6.rst ++++ ansible-core: - update to 2.13.3: Changelog https://github.com/ansible/ansible/blob/v2.13.3/changelogs/CHANGELOG-v2.13.rst * Bugfixes - Avoid 'unreachable' error when chmod on AIX has 255 as return code. - Fix PluginLoader to mimic Python import machinery by adding module to sys.modules before exec - Fix dnf module documentation to indicate that comparison operators for package version require spaces around them (#78295) - ansible-connection - decrypt vaulted parameters before sending over the socket, as vault secrets are not available on the other side. - ansible-galaxy - Fix reinitializing the whole collection directory with ansible-galaxy collection init ns.coll --force. Now directories and files that are not included in the collection skeleton will be removed. - ansible-galaxy - do not require mandatory keys in the galaxy.yml of source collections when listing them (#70180). - ansible-galaxy - fix listing collections that contains metadata but the namespace or name are not strings. - ansible-galaxy - fix setting the cache for paginated responses from Galaxy NG/AH (#77911). - ansible-test - Delegation for commands which generate output for programmatic consumption no longer redirect all output to stdout. The affected commands and options are shell, sanity --lint, sanity --list-tests, integration --list-targets, coverage analyze - ansible-test - Delegation now properly handles arguments given after -- on the command line. - ansible-test - Test configuration for collections is now parsed only once, prior to delegation. Fixes issue: #78334 - ansible-test - The shell command no longer redirects all output to stdout when running a provided command. Any command output written to stderr will be mixed with the stderr output from ansible-test. - ansible-test - The shell command no longer requests a TTY when using delegation unless an interactive shell is being used. An interactive shell is the default behavior when no command is given to pass to the shell. - dnf - fix output parsing on systems with LANGUAGE set to a language other than English (#78193) - if a config setting prevents running ansible it should at least show it's "origin". - prevent type annotation shim failures from causing runtime failures (#77860) - template module/lookup - fix convert_data option that was effectively always set to True for Jinja macros (#78141) - uri - properly use uri parameter use_proxy (#58632) - yum - fix traceback when releasever is specified with latest (#78058) ++++ filesystem: - Add /usr/lib/environment.d: new base directory for XDG_CONFIG_DIRS (boo#1201802). ++++ k3s-selinux: - Update to version 1.2.stable.2: * Bump pip/setuptools version; switch to https for git clone * Use SHA256 to sign packages instead of default SHA1 ++++ kernel-default: - Revert "Revert "btrfs: check if root is readonly while setting security" (bsc#1203114) This reverts commit 2b3da4915c03713f32e48582d3a1130238586489. iWe can revert it as microos-tools are fixed now: https://build.opensuse.org/request/show/1001364 - commit 9291084 ++++ libgcrypt: - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. * Add libgcrypt-FIPS-kdf-leylength.patch - FIPS: Zeroize buffer and digest in check_binary_integrity() * Add libgcrypt-FIPS-Zeroize-hmac.patch [bsc#1191020] ++++ multipath-tools: - Update to version 0.9.1+48+suse.9c6c435: * Upstream version update * kpartx_id: remove bashism * Doc: add multipathc.8 manual page ++++ libssh: - Update to version 0.10.4 * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.4 ------------------------------------------------------------------ ------------------ 2022-9-6 - Sep 6 2022 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - Update to version 84.87+git20220822.6b9f7a3: * Simplify XDG_CONFIG_DIRS (boo#1201802) ++++ librsvg: - Update to version 2.55.1: + As an experiment, I'll move librsvg from even-odd versioning (odd minor version is unstable, even minor version is stable), to the versioning scheme that GNOME uses these days. So, 2.55.x is the new stable series. + There is a new development guide for librsvg, for people who want to help in its development. I hope this will be especially useful to Outreachy and Summer of Code interns: https://gnome.pages.gitlab.gnome.org/librsvg/devel-docs/index.html + Define missing crate metadata for Cargo.toml. + Add some tests that were missing for the C API. + Fix the basic test suite in Windows. + Miscellaneous fixes for the build and CI. ++++ glibc: - syslog-large-messages.patch: syslog: Fix large messages (CVE-2022-39046, bsc#1203011, BZ #29536) - dlmopen-libc-early-init.patch: elf: Call __libc_early_init for reused namespaces (BZ #29528) - ldd-vdso-dependency.patch: elf: Restore how vDSO dependency is printed with LD_TRACE_LOADED_OBJECTS (BZ #29539) - syslog-extra-whitespace.patch: syslog: Remove extra whitespace between timestamp and message (BZ #29544) ++++ gnutls: - FIPS: Additional modifications to the SLI. [bsc#1190698] * Mark CMAC and GMAC and non-approved in gnutls_pbkfd2(). * Mark HMAC keylength less than 112 bits as non-approved in gnutls_pbkfd2(). * Adapt the pbkdf2 selftest and the regression tests accordingly. * Add gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch ++++ gsettings-desktop-schemas: - Update to version 43.rc.1: + Update default background file extension to webp + Updated translations. ++++ health-checker: - Update to version 1.7 * Before rollback make sure /.snapshots is mounted rw * Fix typos and spelling errors. Note: in case an application is parsing the output it will need to adopt to the new strings. ++++ kernel-default: - vduse: prevent uninitialized memory accesses (CVE-2022-2308 bsc#1202573). - commit 70d9c50 ++++ kernel-firmware: - Update to version 20220902 (git commit 2f2f0181581d): * Mellanox: Add new mlxsw_spectrum firmware xx.2010.3146 * amdgpu: update beige goby VCN firmware * amdgpu: update dimgrey cavefish VCN firmware * amdgpu: update navy flounder VCN firmware * amdgpu: update sienna cichlid VCN firmware (bsc#1202707) * rtl_bt: Update RTL8852C BT USB firmware to 0xDFB8_5A33 * mediatek: reference the LICENCE file for MediaTek firmwares * mediatek: Add new mt8186 SOF firmware * ice: Update package to 1.3.30.0 * QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00438 * brcm: Add nvram for Lenovo Yoga Tablet 2 830F/L and 1050F/L tablets * brcm: Add nvram for the Xiaomi Mi Pad 2 tablet * brcm: Add nvram for the Asus TF103C tablet * Add amd-ucode README file * qca: Update firmware files for BT chip WCN6750. This commit will update required firmware files for WCN6750. * amdgpu: Update Yellow Carp VCN firmware * qcom: Add firmware for Lenovo ThinkPad X13s - Update aliases from 6.0-rc - Update topics list for mtk-sof ++++ llvm15: - Update to version 15.0.0. * For details, see the release notes: - https://releases.llvm.org/15.0.0/docs/ReleaseNotes.html - https://releases.llvm.org/15.0.0/tools/clang/docs/ReleaseNotes.html - https://releases.llvm.org/15.0.0/tools/clang/tools/extra/docs/ReleaseNotes.html - https://releases.llvm.org/15.0.0/projects/libcxx/docs/ReleaseNotes.html - https://releases.llvm.org/15.0.0/tools/lld/docs/ReleaseNotes.html * New LLVM tools: - llvm-debuginfod: Provides debug info to remote hosts. - llvm-dwarfutil: Can copy and manipulate debug info. - llvm-remark-size-diff: Compute diff between remark files. * New Clang tools: - clang-offload-packager: Bundle multiple objects into single fat binaries including offload code. - clang-pseudo: Approximate heuristic parser for C++. - Rebase patches: * check-no-llvm-exegesis.patch * link-clang-tools-extra-shared.patch * lld-default-sha1.patch * llvm-do-not-install-static-libraries.patch * lto-disable-cache.patch - Drop patches that have landed upstream: * clang-repl-private-deps.patch * llvm-glibc-2-36.patch * llvm-scev-fix-isImpliedViaMerge.patch - Drop llvm-lifetime-for-rust.patch: this is now solved via attributes and LLVM doesn't need a hardcoded list of allocation functions anymore. - Add llvm-link-atomic.patch to fix build on ppc. - Add libcxx-test-library-path.patch to fix libc++ tests failing without RUNPATH on libc++.so. - Add libcxxabi-fix-armv7-test.patch to fix tests on armv7l. - Thanks to Andreas Schwab for most of the rebasing! ++++ libXft: - Update to version 2.3.5 * bugfix release ++++ libyaml: - Add baselibs.conf: produce libyaml-0-2-32bit, required by libcamera -> pipewire. ++++ ovmf: - Because 5 revert patches in edk2-stable202205 for nasm-2.14 is against 15-SP4/Leap 15.4 and earlier version. So add suse_version and sle_version checking logic in ovmf.spec when applying revert patches. (jsc#PED-1410) ++++ sysuser-tools: - Use append so if a pre file already exists it isn't overridden ------------------------------------------------------------------ ------------------ 2022-9-5 - Sep 5 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - Update kdump-suse.patch to match upstream. ++++ gawk: - Update to gawk 5.2.0 * Numeric scalars now compare in the same way as C for the relational operators. Comparison order for sorting has not changed * If the AWK_HASH environment variable is set to "fnv1a" gawk will use the FNV1-A hash function for associative arrays * There is now a new function, mkbool(), that creates Boolean-typed values * As BWK awk has supported interval expressions since 2019, they are now enabled even if --traditional is supplied * The rwarray extension has two new functions, writeall() and readall() * The new `gawkbug' script should be used for reporting bugs * The manual page (doc/gawk.1) has been considerably reduced in size * Gawk now supports Terence Kelly's "persistent malloc" (pma), allowing gawk to preserve its variables, arrays and user-defined functions between runs * Some subtle issues with untyped array elements being passed to functions have been fixed * Syntax errors are now immediately fatal - gawk-5.1.1-Disable-racy-test-in-test-iolint.awk.patch: removed - pma.patch: Handle hole bigger than half the address space - nan-tests.patch: fix non-portable NaN tests ++++ gsettings-desktop-schemas: - Update to version 43.rc: + Add setting for touchpad acceleration profiles + Add specific schema for trackpoint pointer devices + Updated translations. ++++ kernel-default: - Refresh patches.kernel.org/5.19.5-001-kbuild-dummy-tools-avoid-tmpdir-leak-in-dummy-.patch. Make it really create the file. Sometimes, quilt is confused. - commit 11a0be1 - Revert "btrfs: check if root is readonly while setting security xattr" (bsc#1203114). - commit 2b3da49 - Linux 5.19.7 (bsc#1012628). - arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level (bsc#1012628). - net: neigh: don't call kfree_skb() under spin_lock_irqsave() (bsc#1012628). - net/af_packet: check len when min_header_len equals to 0 (bsc#1012628). - android: binder: fix lockdep check on clearing vma (bsc#1012628). - btrfs: tree-checker: check for overlapping extent items (bsc#1012628). - btrfs: fix lockdep splat with reloc root extent buffers (bsc#1012628). - btrfs: move lockdep class helpers to locking.c (bsc#1012628). - ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1012628). - platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (bsc#1012628). - testing: selftests: nft_flowtable.sh: use random netns names (bsc#1012628). - netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y (bsc#1012628). - drm/amdgpu: Fix interrupt handling on ih_soft ring (bsc#1012628). - drm/amdgpu: Add secure display TA load for Renoir (bsc#1012628). - drm/amdgpu: Add decode_iv_ts helper for ih_v6 block (bsc#1012628). - drm/amd/display: avoid doing vm_init multiple time (bsc#1012628). - drm/amd/display: Fix plug/unplug external monitor will hang while playback MPO video (bsc#1012628). - drm/amdgpu: Increase tlb flush timeout for sriov (bsc#1012628). - drm/amd/display: Fix pixel clock programming (bsc#1012628). - drm/amd/pm: add missing ->fini_xxxx interfaces for some SMU13 asics (bsc#1012628). - drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid (bsc#1012628). - drm/amdgpu: disable 3DCGCG/CGLS temporarily due to stability issue (bsc#1012628). - ksmbd: don't remove dos attribute xattr on O_TRUNC open (bsc#1012628). - s390/hypfs: avoid error message under KVM (bsc#1012628). - ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41 (bsc#1012628). - neigh: fix possible DoS due to net iface start/stop loop (bsc#1012628). - net: lan966x: fix checking for return value of platform_get_irq_byname() (bsc#1012628). - ksmbd: return STATUS_BAD_NETWORK_NAME error status if share is not configured (bsc#1012628). - drm/amd/pm: Fix a potential gpu_metrics_table memory leak (bsc#1012628). - drm/amdkfd: Handle restart of kfd_ioctl_wait_events (bsc#1012628). - drm/amd/pm: skip pptable override for smu_v13_0_7 (bsc#1012628). - drm/amd/display: Fix TDR eDP and USB4 display light up issue (bsc#1012628). - drm/amd/display: clear optc underflow before turn off odm clock (bsc#1012628). - drm/amd/display: For stereo keep "FLIP_ANY_FRAME" (bsc#1012628). - drm/amd/display: Fix HDMI VSIF V3 incorrect issue (bsc#1012628). - drm/amd/display: Avoid MPC infinite loop (bsc#1012628). - drm/amd/display: Device flash garbage before get in OS (bsc#1012628). - drm/amd/display: Add a missing register field for HPO DP stream encoder (bsc#1012628). - rtla: Fix tracer name (bsc#1012628). - ASoC: rt5640: Fix the JD voltage dropping issue (bsc#1012628). - ASoC: sh: rz-ssi: Improve error handling in rz_ssi_probe() error path (bsc#1012628). - fs/ntfs3: Fix work with fragmented xattr (bsc#1012628). - mmc: sdhci-of-dwcmshc: Re-enable support for the BlueField-3 SoC (bsc#1012628). - mmc: sdhci-of-dwcmshc: rename rk3568 to rk35xx (bsc#1012628). - mmc: sdhci-of-dwcmshc: add reset call back for rockchip Socs (bsc#1012628). - mmc: mtk-sd: Clear interrupts when cqe off/disable (bsc#1012628). - HID: intel-ish-hid: ipc: Add Meteor Lake PCI device ID (bsc#1012628). - HID: thrustmaster: Add sparco wheel and fix array length (bsc#1012628). - HID: nintendo: fix rumble worker null pointer deref (bsc#1012628). - HID: asus: ROG NKey: Ignore portion of 0x5a report (bsc#1012628). - HID: Add Apple Touchbar on T2 Macs in hid_have_special_driver list (bsc#1012628). - HID: AMD_SFH: Add a DMI quirk entry for Chromebooks (bsc#1012628). - HID: add Lenovo Yoga C630 battery quirk (bsc#1012628). - HID: input: fix uclogic tablets (bsc#1012628). - ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 (bsc#1012628). - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (bsc#1012628). - bpf: Don't redirect packets with invalid pkt_len (bsc#1012628). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (bsc#1012628). - fbdev: fb_pm2fb: Avoid potential divide by zero error (bsc#1012628). - net: fix refcount bug in sk_psock_get (2) (bsc#1012628). - HID: hidraw: fix memory leak in hidraw_release() (bsc#1012628). - USB: gadget: Fix use-after-free Read in usb_udc_uevent() (bsc#1012628). - media: pvrusb2: fix memory leak in pvr_probe (bsc#1012628). - udmabuf: Set the DMA mask for the udmabuf device (v2) (bsc#1012628). - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (bsc#1012628). - Revert "PCI/portdrv: Don't disable AER reporting in get_port_device_capability()" (bsc#1012628). - Bluetooth: L2CAP: Fix build errors in some archs (bsc#1012628). - arm64: errata: Add Cortex-A510 to the repeat tlbi list (bsc#1012628). - Update config files. Set CONFIG_ARM64_ERRATUM_2441009=y as per default. - docs: kerneldoc-preamble: Test xeCJK.sty before loading (bsc#1012628). - crypto: lib - remove unneeded selection of XOR_BLOCKS (bsc#1012628). - firmware: tegra: bpmp: Do only aligned access to IPC memory area (bsc#1012628). - drm/vc4: hdmi: Depends on CONFIG_PM (bsc#1012628). - drm/vc4: hdmi: Rework power up (bsc#1012628). - commit 6d5067d ++++ libsoup: - Update to version 3.1.4: + Numerous improvements to HTTP/2 reliablity. + Fix `http` proxy authentication with default proxy resolver. + Fix undefined ``ssize_t`` with MSVC. ++++ sqlite3: - update to 3.39.3: * Use a statement journal on DML statement affecting two or more database rows if the statement makes use of a SQL functions that might abort. * Use a mutex to protect the PRAGMA temp_store_directory and PRAGMA data_store_directory statements, even though they are decremented and documented as not being threadsafe. ++++ libssh: - Update to version 0.10.3 * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.3 ++++ systemd: - rc-local.service.8 belongs to the systemd-sysvcompat sub-package (bsc#1203053) ++++ tcpd: - use _libdir (boo#1191098) ++++ microos-tools: - Update to version 2.16: - 98selinux-microos: Make the btrfs subvolume writable temporarily [boo#1202395] ++++ patterns-base: - Add microos-tools to transactional_base (boo#1199520) ++++ vim: - Updated to version 9.0.0381, fixes the following problems - boo#1202962 - CVE-2022-3037 * Using common name in tests leads to flaky tests. * VDM files are not recognized. * Shell command is displayed in message window. * Screen flickers when 'cmdheight' is zero. * When updating the whole screen a popup may not be redrawn. * Clearing screen causes flicker. * Godot shader files are not recognized. * Command line type of CmdlineChange differs from getcmdtype(). * Cannot use the message popup window directly. * Crash when no errors and 'quickfixtextfunc' is set. * Using common name in tests leads to flaky tests. * Some changes for cmdheight=0 are not needed. * items() does not work on a list. (Sergey Vlasov) * OLD_DIGRAPHS is unused. * ":highlight" hangs when 'cmdheight' is zero. * Method tests fail. * Cannot use items() on a string. * Overwrite check may block BufWriteCmd. * Method test fails. * Test does not properly clean up. * Checks for Dictionary argument often give a vague error message. * Tests are flaky because of using a common file name. * Flicker when resetting cmdline_row after updating the screen. * Return value of list_append_list() not always checked. * No check if the return value of XChangeGC() is NULL. * The 'cmdheight' zero support causes too much trouble. * mapset() does not restore mapping properly. * ":wincmd =" equalizes in two directions. * ColorScheme autocommand triggered when colorscheme is not found. (Romain Lafourcade) * Error message for list argument could be clearer. * :horizontal modifier not fully supported. * Filetype of *.sil files not well detected. * :echowindow does not work in a compiled function. * Message window may obscure the command line. * using :echowindow in a timer clears part of message * Missing entry in switch. * Check for uppercase char in autoload name is wrong, it checks the name of the script. * :echowindow sets the in_echowindow flag too early. * 'linebreak' interferes with text property highlight if there is syntax highlighting. * 'breakindent' does not indent non-lists with "breakindentopt=list:-1". * Error message for wrong argument type is not specific. * Crash when invalid line number on :for is ignored. * Removing a listener may result in a memory leak and remove subsequent listerns. * Expanding ":e %" does not work for remote files. * Common names in test files causes tests to be flaky. * Clang static analyzer gives warnings. * File name used in test is unusual. * Cannot use import->Func() in lambda. (Israel Chauca Fuentes) * Coverity complains about dropping sign of character. * Old Coverity warning for using NULL pointer. * A failing flaky test doesn't mention the time. * Cleaning up afterwards can make a function messy. * Compiler warning for uninitialized variable. * Coverity warns for NULL check and unused return value. * Coverity still complains about dropping sign of character. * The footer feature is unused. * Clang warns for dead assignments. * Argument assignment does not work. * Compiler warning for uninitialized variable. (Tony Mechelynck) * Cleaning up after writefile() is a hassle. * Deleting files in tests is a hassle. * Writefile test leaves files behind. ------------------------------------------------------------------ ------------------ 2022-9-4 - Sep 4 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - aa-decode: use grep -E instead of deprecated egrep (boo#1203092) add apparmor-3.0.7-egrep.patch ++++ grep: - GNU grep 3.8: * The -P option is now based on PCRE2 instead of the older PCRE (boo#1201803) * egrep and fgrep commands, deprecated since release 2.5.3 (2007), now warn that they are obsolescent and should be replaced by grep -E and grep -F * The confusing GREP_COLOR environment variable is now obsolescent * Regular expressions with stray backslashes now cause warnings * Regular expressions like [:space:] are now errors even if POSIXLY_CORRECT is set, since POSIX now allows the GNU behavior * In locales using UTF-8 encoding, the regular expression '.' no longer sometimes fails to match Unicode characters * The -s option no longer suppresses "binary file matches" messages. - doc: fix man page syntax errors (bsc#1201001) ++++ kernel-default: - Update to 6.0-rc4 - refresh configs - commit c26d0f0 ++++ libapparmor: - aa-decode: use grep -E instead of deprecated egrep (boo#1203092) add apparmor-3.0.7-egrep.patch ++++ avahi: - avahi-daemon-check-dns.sh: convert obsolete egrep call to grep -E (boo#1203092) ++++ rpm: - remove-translations.diff: convert deprecated egrep to grep -E (boo#1203092) ++++ libsoup: - Update to version 3.1.3: + Fix compile error when `SOUP_VERSION_MAX_ALLOWED` is defined. - Changes from version 3.1.2: + Replace HTTP/2 tests using Quart with internal HTTP/2 server tests. + Improve version macros including adding ability to define `SOUP_DISABLE_DEPRECATION_WARNINGS`. - Drop -D http2_tests=disabled meson paramter: no longer supported. - Drop 299.patch: merged upstream. ++++ patterns-base: - Remove joe text editor. nano is already recommended and it's more well known and updated more frequently ------------------------------------------------------------------ ------------------ 2022-9-3 - Sep 3 2022 ------------------- ------------------------------------------------------------------ ++++ gobject-introspection: - Update to version 1.73.1: + Update the GIR data for GLib, GObject, GModule, and GIO + Disable rpath on Windows + Add llvm/mingw support on Windows + Fix annotations in libgirepository + Support C99 designated initializers when parsing C declarations + Add some more types to win32 GIR + Let doctool prepend emitting objects in GJS signals + Require a C99 toolchain like GLib ++++ llvm15: - Make sure we keep -DNDEBUG. At some point %{optflags} must have lost it, perhaps because CMake usually adds it on top. So when overriding CMAKE_{C,CXX}_FLAGS_RELWITHDEBINFO, we make sure to take over the other flags. We drop LLVM_ENABLE_ASSERTIONS=OFF, because that's the default anyway and hasn't helped here. - Add llvm-scev-fix-isImpliedViaMerge.patch: fixes a miscompilation caused by mixing up values of the current and previous iteration. (See gh#llvm/llvm-project#56242.) ++++ multipath-tools: - Update to version 0.9.0+134+suse.dbf2e2d: * Add multipathc command under GPL3.0, and split off libmpathutil (bsc#1202616) * Fix command completion in interactive mode (bsc#1201483) * multipathd: fix use-after-free in handle_path_wwid_change() (bsc#1201483) * Improve startup time for very large multipath.conf (bsc#1200523) * Avoid checker blocking event handling for huge number of devices (boo#1203085) * Cleanup sysfs accessors in libmultipath * Minor upstream bug fixes * Spelling fixes * Documentation: add ALUA info to README.md, delete README.alua ++++ libsoup: - Update to version 3.1.1: + Reintroduce some thread-safety to SoupSession (see https://libsoup.org/libsoup-3.0/client-thread-safety.html) + Add SoupServerMessage:tls-peer-certificate and SoupServerMessage:tls-peer-certificate-errors + Port docs to gi-docgen + Update documentation. - Replace pkgconfig(gtk-doc) with pkgconfig(gi-docgen) BuildRequires (and update options passed to meson) following upstreams port. - Add 299.patch: multithread-test: show error information in case of request failure. multithread-test: skip proxy tests if apache is not available. - Use ldconfig_scriptlets for post(un) handling. ------------------------------------------------------------------ ------------------ 2022-9-2 - Sep 2 2022 ------------------- ------------------------------------------------------------------ ++++ libsoup: - Update to version 3.0.8: + Fix `http` proxy authentication with default proxy resolver. + Numerous improvments to HTTP/2 reliability. ++++ libssh: - Update to version 0.10.2 * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.2 - Removed libssh-weak-attribute.patch ++++ systemd: - Enable building and include libcryptsetup-plugins provided by systemd Now that dracut 057 has been released we can enable building libcryptsetup plugins. These can be used by cryptsetup to extend functionality including fido2, pkcs11 and tpm2 support. ++++ libzypp: - UsrEtc: Store logrotate files in %{_distconfdir} if defined (fixes #402) - Log backtrace on SIGABRT too. - Need to explicitly enable building experimental code. Otherwise an old Notcurses++ package which happens to be present in the buildenv breaks the build (fixes #412). - Work around libyui/libyui#78 on code 15.4 and older. - Stop using std::*ary_function; deprecated and removed in c++17. - Don't expose header files which use types not available in c++11. In 15.3 and older, YAST and PK compile with -std=c++11. - Remove no longer needed %post code (bsc#1203649) - Enable zck support for SLE15-SP4 and newer. On Leap it is enabled since 15.1 (bsc#1189282) - version 17.31.1 (22) ++++ osinfo-db: - bsc#1202827 - Fail to deploy sle15sp5 guest via virt-install with osinfo add-sle15sp5-support.patch ++++ setools: - Added README.SUSE and drop recommend for python3-networkx altogether (bsc#1202676) ++++ zypper: - UsrEtc: Store logrotate files in %{_distconfdir} if defined (fixes #441, fixes #444) - Remove unneeded code to compute the PPP status. Since libzypp 17.23.0 the PPP status is auto established. No extra solver run is needed. - Make sure 'up' respects solver related CLI options (bsc#1201972) - Fix tests to use locale "C.UTF-8" rather than "en_US". - Fix man page (fixes #451) - version 1.14.56 ------------------------------------------------------------------ ------------------ 2022-9-1 - Sep 1 2022 ------------------- ------------------------------------------------------------------ ++++ chrony: - Update to 4.3: * Add local option to refclock directive to stabilise system clock with more stable free-running clock (e.g. TCXO, OCXO). * Add maxdelayquant option to server/pool/peer directive to replace maxdelaydevratio filter with long-term quantile-based filtering. * Add selection option to log directive. * Allow external PPS in PHC refclock without configurable pin. * Don't accept first interleaved response to minimise error in delay. * Don't use arc4random on Linux to avoid server performance loss. * Improve filter option to better handle missing NTP samples. * Improve stability with hardware timestamping and PHC refclock. * Update seccomp filter - Update clknetsim to snapshot f00531b. - Use a more specific conditional for the /usr/etc stuff. ++++ lvm2-device-mapper: - Update lvm2 from LVM2.2.03.15 to LVM2.2.03.16 * ** WHATS_NEW for 2.03.16 *** Version 2.03.16 - 18th May 2022 =============================== Fix segfault when handling selection with historical LVs. Add support --vdosettings with lvcreate, lvconvert, lvchange. Filtering multipath devices respects blacklist setting from multipath configuration. lvmdevices support for removing by device id using --deviceidtype and --deldev. Display writecache block size with lvs -o writecache_block_size. Improve cachesettings description in man lvmcache. Fix lossing of delete message on thin-pool extension. - Drop patches that have been merged into upstream - 0001-post-release.patch - 0002-asan-fix-some-reports-from-libasan.patch - 0003-make-generate.patch - 0004-tests-udev-pvscan-vgchange-fix-service-wait.patch - 0005-devices-file-do-not-clear-PVID-of-unread-devices.patch - 0006-tests-skip-vgchange-pvs-online.sh-on-rhel5.patch - 0007-dev_manager-fix-dm_task_get_device_list.patch - 0008-dev_manager-failing-status-is-not-internal-error.patch - 0009-clang-add-extra-check.patch - 0010-clang-possible-better-compilation-with-musl-c.patch - 0011-dev_manager-do-not-query-for-open_count.patch - 0012-dev_manager-use-list-info-for-preset-devs.patch - 0013-man-lvmcache-add-more-writecache-cachesettings-info.patch - 0014-man-update-cachesettings-option-description.patch - 0015-man-lvmcache-mention-writecache-memory-usage.patch - 0016-writecache-display-block-size-from-lvs.patch - 0017-devices-simplify-dev_cache_get_by_devt.patch - 0018-devices-drop-incorrect-paths-from-aliases-list.patch - 0019-devices-initial-use-of-existing-option.patch - 0020-devices-fix-dev_name-assumptions.patch - 0021-devices-use-dev-cache-aliases-handling-from-label-sc.patch - 0022-devices-only-close-PVs-on-LVs-when-scan_lvs-is-enabl.patch - 0023-writecache-check-memory-usage.patch - 0024-pvscan-don-t-use-udev-for-external-device-info.patch - 0025-vgchange-monitor-don-t-use-udev-info.patch - Add upstream patch - 0001-devices-file-move-clean-up-after-command-is-run.patch - 0002-devices-file-fail-if-devicesfile-filename-doesn-t-ex.patch - 0003-filter-mpath-handle-other-wwid-types-in-blacklist.patch - 0004-filter-mpath-get-wwids-from-sysfs-vpd_pg83.patch - 0005-pvdisplay-restore-reportformat-option.patch - 0006-exit-with-error-when-devicesfile-name-doesn-t-exist.patch - 0007-report-fix-pe_start-column-type-from-NUM-to-SIZ.patch - 0008-_vg_read_raw_area-fix-segfault-caused-by-using-null-.patch - 0009-mm-remove-libaio-from-being-skipped.patch - 0010-dmsetup-check-also-for-ouf-of-range-value.patch - 0011-devices-drop-double-from-sysfs-path.patch - 0012-devices-file-fix-pvcreate-uuid-matching-pvid-entry-w.patch - 0013-vgimportdevices-change-result-when-devices-are-not-a.patch - 0014-vgimportdevices-fix-locking-when-creating-devices-fi.patch - Update patch - bug-1184687_Add-nolvm-for-kernel-cmdline.patch - update lvm2.spec - indent some lines for easy read - add new man: lvm_import_vdo.8 dmfilemapd.8 - remove config item '--enable-cmirrord', which was obsoleted. - remove config item '--enable-realtime', which became default setting. - add config item "--enable-dmfilemapd" for new daemon dmfilemapd - lvm.conf - align upstream style, comment out default values ++++ transactional-update: - Migration of logrotate configuration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. ++++ gobject-introspection: - gi-find-deps.sh: extend js script parser to detect imports in the form import 'gi://GeocodeGlib?version=2.0'. ++++ glib-networking: - Update to version 2.74.rc: + Support PKCS #12 encrypted certificates. + Various improvements to Meson build system. + Multiple fixes for proxy tests. ++++ gtk3: - Drop pkgconfig(rest-0.7) BuildRequires: it seems to serve no purpose, nor can I find anything to suggest that gtk depends on it. ++++ kernel-default: - rpm/kernel-source.spec.in: simplify finding of broken symlinks "find -xtype l" will report them, so use that to make the search a bit faster (without using shell). - commit 13bbc51 - Linux 5.19.6 (bsc#1012628). - NFS: Fix another fsync() issue after a server reboot (bsc#1012628). - audit: fix potential double free on error path from fsnotify_add_inode_mark (bsc#1012628). - cgroup: Fix race condition at rebind_subsystems() (bsc#1012628). - parisc: Make CONFIG_64BIT available for ARCH=parisc64 only (bsc#1012628). - parisc: Fix exception handler for fldw and fstw instructions (bsc#1012628). - kernel/sys_ni: add compat entry for fadvise64_64 (bsc#1012628). - kprobes: don't call disarm_kprobe() for disabled kprobes (bsc#1012628). - mm/uffd: reset write protection when unregister with wp-mode (bsc#1012628). - mm/hugetlb: support write-faults in shared mappings (bsc#1012628). - mt76: mt7921: fix command timeout in AP stop period (bsc#1012628). - xfrm: fix refcount leak in __xfrm_policy_check() (bsc#1012628). - Revert "xfrm: update SA curlft.use_time" (bsc#1012628). - xfrm: clone missing x->lastused in xfrm_do_migrate (bsc#1012628). - af_key: Do not call xfrm_probe_algs in parallel (bsc#1012628). - xfrm: policy: fix metadata dst->dev xmit null pointer dereference (bsc#1012628). - fs: require CAP_SYS_ADMIN in target namespace for idmapped mounts (bsc#1012628). - Revert "net: macsec: update SCI upon MAC address change." (bsc#1012628). - NFSv4.2 fix problems with __nfs42_ssc_open (bsc#1012628). - SUNRPC: RPC level errors should set task->tk_rpc_status (bsc#1012628). - mm/smaps: don't access young/dirty bit if pte unpresent (bsc#1012628). - ntfs: fix acl handling (bsc#1012628). - rose: check NULL rose_loopback_neigh->loopback (bsc#1012628). - r8152: fix the units of some registers for RTL8156A (bsc#1012628). - r8152: fix the RX FIFO settings when suspending (bsc#1012628). - nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout (bsc#1012628). - ice: xsk: prohibit usage of non-balanced queue id (bsc#1012628). - ice: xsk: use Rx ring's XDP ring when picking NAPI context (bsc#1012628). - net/mlx5e: Properly disable vlan strip on non-UL reps (bsc#1012628). - net/mlx5: LAG, fix logic over MLX5_LAG_FLAG_NDEVS_READY (bsc#1012628). - net/mlx5: Eswitch, Fix forwarding decision to uplink (bsc#1012628). - net/mlx5: Disable irq when locking lag_lock (bsc#1012628). - net/mlx5: Fix cmd error logging for manage pages cmd (bsc#1012628). - net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (bsc#1012628). - net/mlx5e: Fix wrong application of the LRO state (bsc#1012628). - net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (bsc#1012628). - net: dsa: microchip: ksz9477: cleanup the ksz9477_switch_detect (bsc#1012628). - net: dsa: microchip: move switch chip_id detection to ksz_common (bsc#1012628). - net: dsa: microchip: move tag_protocol to ksz_common (bsc#1012628). - net: dsa: microchip: move vlan functionality to ksz_common (bsc#1012628). - net: dsa: microchip: move the port mirror to ksz_common (bsc#1012628). - net: dsa: microchip: update the ksz_phylink_get_caps (bsc#1012628). - net: dsa: microchip: keep compatibility with device tree blobs with no phy-mode (bsc#1012628). - net: ipa: don't assume SMEM is page-aligned (bsc#1012628). - net: phy: Don't WARN for PHY_READY state in mdio_bus_phy_resume() (bsc#1012628). - net: moxa: get rid of asymmetry in DMA mapping/unmapping (bsc#1012628). - bonding: 802.3ad: fix no transmission of LACPDUs (bsc#1012628). - net: ipvtap - add __init/__exit annotations to module init/exit funcs (bsc#1012628). - netfilter: ebtables: reject blobs that don't provide all entry points (bsc#1012628). - netfilter: nft_tproxy: restrict to prerouting hook (bsc#1012628). - bnxt_en: Use PAGE_SIZE to init buffer when multi buffer XDP is not in use (bsc#1012628). - bnxt_en: set missing reload flag in devlink features (bsc#1012628). - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (bsc#1012628). - bnxt_en: fix LRO/GRO_HW features in ndo_fix_features callback (bsc#1012628). - netfilter: nf_tables: disallow updates of implicit chain (bsc#1012628). - netfilter: nf_tables: make table handle allocation per-netns friendly (bsc#1012628). - netfilter: nft_payload: report ERANGE for too long offset and length (bsc#1012628). - netfilter: nft_payload: do not truncate csum_offset and csum_type (bsc#1012628). - netfilter: nf_tables: do not leave chain stats enabled on error (bsc#1012628). - netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families (bsc#1012628). - netfilter: nft_tunnel: restrict it to netdev family (bsc#1012628). - netfilter: nf_tables: disallow binding to already bound chain (bsc#1012628). - netfilter: flowtable: add function to invoke garbage collection immediately (bsc#1012628). - netfilter: flowtable: fix stuck flows on cleanup due to pending work (bsc#1012628). - net: Fix data-races around sysctl_[rw]mem_(max|default) (bsc#1012628). - net: Fix data-races around weight_p and dev_weight_[rt]x_bias (bsc#1012628). - net: Fix data-races around netdev_max_backlog (bsc#1012628). - net: Fix data-races around netdev_tstamp_prequeue (bsc#1012628). - ratelimit: Fix data-races in ___ratelimit() (bsc#1012628). - net: Fix data-races around sysctl_optmem_max (bsc#1012628). - net: Fix a data-race around sysctl_tstamp_allow_data (bsc#1012628). - net: Fix a data-race around sysctl_net_busy_poll (bsc#1012628). - net: Fix a data-race around sysctl_net_busy_read (bsc#1012628). - net: Fix a data-race around netdev_budget (bsc#1012628). - net: Fix data-races around sysctl_max_skb_frags (bsc#1012628). - net: Fix a data-race around netdev_budget_usecs (bsc#1012628). - net: Fix data-races around sysctl_fb_tunnels_only_for_init_net (bsc#1012628). - net: Fix data-races around sysctl_devconf_inherit_init_net (bsc#1012628). - net: Fix a data-race around gro_normal_batch (bsc#1012628). - net: Fix a data-race around netdev_unregister_timeout_secs (bsc#1012628). - net: Fix a data-race around sysctl_somaxconn (bsc#1012628). - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (bsc#1012628). - i40e: Fix incorrect address type for IPv6 flow rules (bsc#1012628). - net: ethernet: mtk_eth_soc: enable rx cksum offload for MTK_NETSYS_V2 (bsc#1012628). - net: ethernet: mtk_eth_soc: fix hw hash reporting for MTK_NETSYS_V2 (bsc#1012628). - rxrpc: Fix locking in rxrpc's sendmsg (bsc#1012628). - ionic: clear broken state on generation change (bsc#1012628). - ionic: fix up issues with handling EAGAIN on FW cmds (bsc#1012628). - ionic: VF initial random MAC address if no assigned mac (bsc#1012628). - net: stmmac: work around sporadic tx issue on link-up (bsc#1012628). - net: lantiq_xrx200: confirm skb is allocated before using (bsc#1012628). - net: lantiq_xrx200: fix lock under memory pressure (bsc#1012628). - net: lantiq_xrx200: restore buffer if memory allocation failed (bsc#1012628). - btrfs: fix silent failure when deleting root reference (bsc#1012628). - btrfs: replace: drop assert for suspended replace (bsc#1012628). - btrfs: add info when mount fails due to stale replace target (bsc#1012628). - btrfs: fix space cache corruption and potential double allocations (bsc#1012628). - btrfs: check if root is readonly while setting security xattr (bsc#1012628). - btrfs: fix possible memory leak in btrfs_get_dev_args_from_path() (bsc#1012628). - btrfs: update generation of hole file extent item when merging holes (bsc#1012628). - x86/boot: Don't propagate uninitialized boot_params->cc_blob_address (bsc#1012628). - perf/x86/intel: Fix pebs event constraints for ADL (bsc#1012628). - perf/x86/lbr: Enable the branch type for the Arch LBR by default (bsc#1012628). - x86/entry: Fix entry_INT80_compat for Xen PV guests (bsc#1012628). - x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (bsc#1012628). - x86/sev: Don't use cc_platform_has() for early SEV-SNP calls (bsc#1012628). - x86/bugs: Add "unknown" reporting for MMIO Stale Data (bsc#1012628). - x86/nospec: Unwreck the RSB stuffing (bsc#1012628). - x86/PAT: Have pat_enabled() properly reflect state when running on Xen (bsc#1012628). - loop: Check for overflow while configuring loop (bsc#1012628). - writeback: avoid use-after-free after removing device (bsc#1012628). - audit: move audit_return_fixup before the filters (bsc#1012628). - asm-generic: sections: refactor memory_intersects (bsc#1012628). - mm/damon/dbgfs: avoid duplicate context directory creation (bsc#1012628). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (bsc#1012628). - bootmem: remove the vmemmap pages from kmemleak in put_page_bootmem (bsc#1012628). - mm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte (bsc#1012628). - mm/mprotect: only reference swap pfn page if type match (bsc#1012628). - cifs: skip extra NULL byte in filenames (bsc#1012628). - s390: fix double free of GS and RI CBs on fork() failure (bsc#1012628). - fbdev: fbcon: Properly revert changes when vc_resize() failed (bsc#1012628). - Revert "memcg: cleanup racy sum avoidance code" (bsc#1012628). - shmem: update folio if shmem_replace_page() updates the page (bsc#1012628). - ACPI: processor: Remove freq Qos request for all CPUs (bsc#1012628). - nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf (bsc#1012628). - smb3: missing inode locks in punch hole (bsc#1012628). - ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (bsc#1012628). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (bsc#1012628). - riscv: signal: fix missing prototype warning (bsc#1012628). - riscv: traps: add missing prototype (bsc#1012628). - riscv: dts: microchip: correct L2 cache interrupts (bsc#1012628). - io_uring: fix issue with io_write() not always undoing sb_start_write() (bsc#1012628). - mm/hugetlb: fix hugetlb not supporting softdirty tracking (bsc#1012628). - Revert "md-raid: destroy the bitmap after destroying the thread" (bsc#1012628). - md: call __md_stop_writes in md_stop (bsc#1012628). - arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76 (bsc#1012628). - binder_alloc: add missing mmap_lock calls when using the VMA (bsc#1012628). - x86/nospec: Fix i386 RSB stuffing (bsc#1012628). - drm/amdkfd: Fix isa version for the GC 10.3.7 (bsc#1012628). - Documentation/ABI: Mention retbleed vulnerability info file for sysfs (bsc#1012628). - blk-mq: fix io hung due to missing commit_rqs (bsc#1012628). - perf python: Fix build when PYTHON_CONFIG is user supplied (bsc#1012628). - perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (bsc#1012628). - perf/x86/intel/ds: Fix precise store latency handling (bsc#1012628). - perf stat: Clear evsel->reset_group for each stat run (bsc#1012628). - arm64: fix rodata=full (bsc#1012628). - arm64/signal: Flush FPSIMD register state when disabling streaming mode (bsc#1012628). - arm64/sme: Don't flush SVE register state when allocating SME storage (bsc#1012628). - arm64/sme: Don't flush SVE register state when handling SME traps (bsc#1012628). - scsi: ufs: core: Enable link lost interrupt (bsc#1012628). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (bsc#1012628). - scsi: core: Fix passthrough retry counter handling (bsc#1012628). - riscv: dts: microchip: mpfs: fix incorrect pcie child node name (bsc#1012628). - riscv: dts: microchip: mpfs: remove ti,fifo-depth property (bsc#1012628). - riscv: dts: microchip: mpfs: remove bogus card-detect-delay (bsc#1012628). - riscv: dts: microchip: mpfs: remove pci axi address translation property (bsc#1012628). - bpf: Don't use tnum_range on array range checking for poke descriptors (bsc#1012628). - Delete patches.suse/mm-mprotect-fix-soft-dirty-check-in-can_change_pte_w.patch. - commit 9e364bb ++++ lvm2: - Update lvm2 from LVM2.2.03.15 to LVM2.2.03.16 * ** WHATS_NEW for 2.03.16 *** Version 2.03.16 - 18th May 2022 =============================== Fix segfault when handling selection with historical LVs. Add support --vdosettings with lvcreate, lvconvert, lvchange. Filtering multipath devices respects blacklist setting from multipath configuration. lvmdevices support for removing by device id using --deviceidtype and --deldev. Display writecache block size with lvs -o writecache_block_size. Improve cachesettings description in man lvmcache. Fix lossing of delete message on thin-pool extension. - Drop patches that have been merged into upstream - 0001-post-release.patch - 0002-asan-fix-some-reports-from-libasan.patch - 0003-make-generate.patch - 0004-tests-udev-pvscan-vgchange-fix-service-wait.patch - 0005-devices-file-do-not-clear-PVID-of-unread-devices.patch - 0006-tests-skip-vgchange-pvs-online.sh-on-rhel5.patch - 0007-dev_manager-fix-dm_task_get_device_list.patch - 0008-dev_manager-failing-status-is-not-internal-error.patch - 0009-clang-add-extra-check.patch - 0010-clang-possible-better-compilation-with-musl-c.patch - 0011-dev_manager-do-not-query-for-open_count.patch - 0012-dev_manager-use-list-info-for-preset-devs.patch - 0013-man-lvmcache-add-more-writecache-cachesettings-info.patch - 0014-man-update-cachesettings-option-description.patch - 0015-man-lvmcache-mention-writecache-memory-usage.patch - 0016-writecache-display-block-size-from-lvs.patch - 0017-devices-simplify-dev_cache_get_by_devt.patch - 0018-devices-drop-incorrect-paths-from-aliases-list.patch - 0019-devices-initial-use-of-existing-option.patch - 0020-devices-fix-dev_name-assumptions.patch - 0021-devices-use-dev-cache-aliases-handling-from-label-sc.patch - 0022-devices-only-close-PVs-on-LVs-when-scan_lvs-is-enabl.patch - 0023-writecache-check-memory-usage.patch - 0024-pvscan-don-t-use-udev-for-external-device-info.patch - 0025-vgchange-monitor-don-t-use-udev-info.patch - Add upstream patch - 0001-devices-file-move-clean-up-after-command-is-run.patch - 0002-devices-file-fail-if-devicesfile-filename-doesn-t-ex.patch - 0003-filter-mpath-handle-other-wwid-types-in-blacklist.patch - 0004-filter-mpath-get-wwids-from-sysfs-vpd_pg83.patch - 0005-pvdisplay-restore-reportformat-option.patch - 0006-exit-with-error-when-devicesfile-name-doesn-t-exist.patch - 0007-report-fix-pe_start-column-type-from-NUM-to-SIZ.patch - 0008-_vg_read_raw_area-fix-segfault-caused-by-using-null-.patch - 0009-mm-remove-libaio-from-being-skipped.patch - 0010-dmsetup-check-also-for-ouf-of-range-value.patch - 0011-devices-drop-double-from-sysfs-path.patch - 0012-devices-file-fix-pvcreate-uuid-matching-pvid-entry-w.patch - 0013-vgimportdevices-change-result-when-devices-are-not-a.patch - 0014-vgimportdevices-fix-locking-when-creating-devices-fi.patch - Update patch - bug-1184687_Add-nolvm-for-kernel-cmdline.patch - update lvm2.spec - indent some lines for easy read - add new man: lvm_import_vdo.8 dmfilemapd.8 - remove config item '--enable-cmirrord', which was obsoleted. - remove config item '--enable-realtime', which became default setting. - add config item "--enable-dmfilemapd" for new daemon dmfilemapd - lvm.conf - align upstream style, comment out default values ++++ libvirt: - Update to libvirt 8.7.0 - jsc#PED-620, jsc#PED-1540 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v8-7-0-2022-09-01 - Dropped patches: 9493c9b7-lxc-containter-fix-build-with-glibc-2.36.patch, c0d9adf2-virfile-Fix-build-with-glibc-2.36.patch ++++ libxml2: - Build for now with --with-legacy to enable APIs that have been deprecated recently. (bsc#1202965) ++++ patterns-alp: - rename MicroOS to ALP ++++ salt: - Add Amazon EC2 detection for virtual grains (bsc#1195624) - Fix the regression in schedule module releasded in 3004 (bsc#1202631) - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Change the delimeters to prevent possible tracebacks on some packages with dpkg_lowpkg - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) - Added: * fix-the-regression-in-schedule-module-releasded-in-3.patch * retry-if-rpm-lock-is-temporarily-unavailable-547.patch * change-the-delimeters-to-prevent-possible-tracebacks.patch * add-amazon-ec2-detection-for-virtual-grains-bsc-1195.patch * fix-state.apply-in-test-mode-with-file-state-module-.patch ++++ python-libvirt-python: - Update to 8.7.0 - Add all new APIs and constants in libvirt 8.7.0 - jsc#PED-620, jsc#PED-1540 ++++ libxml2-python: - Build for now with --with-legacy to enable APIs that have been deprecated recently. (bsc#1202965) ++++ rsync: - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. ++++ wpa_supplicant: - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. ------------------------------------------------------------------ ------------------ 2022-8-31 - Aug 31 2022 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - update to 5.19: * send: support protocol version 2 * fi show: print all missing devices * device stats: add tabular output * replace: add alias to device group (device replace) * check: validate free space tree items * fixes: * convert: support large filesystems (block count > 32bit) * recognize filesystems with verity enabled * mkfs and DUP could write out of order, fix it for zoned mode * build: * optional support for LZO and ZSTD in receive * compatibility with glibc 2.36 (mount.h) * add fallbacks for new GCC builtins * other: * corrupt-block: target specific items, offsets * documentation updates, new pages from wiki * new tests ++++ curl: - Update to 7.85.0: * Security fixes: [bsc#1202593, CVE-2022-35252] - control code in cookie denial of service * Changes: - quic: add support via wolfSSL - schannel: Add TLS 1.3 support - setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR * Bugfixes: - asyn-thread: fix socket leak on OOM - asyn-thread: make getaddrinfo_complete return CURLcode - base64: base64url encoding has no padding - configure: fix broken m4 syntax in TLS options - configure: if asked to use TLS, fail if no TLS lib was detected - connect: add quic connection information - connect: set socktype/protocol correctly - cookie: reject cookies with "control bytes" - cookie: treat a blank domain in Set-Cookie: as non-existing - curl: output warning when a cookie is dropped due to size - Curl_close: call Curl_resolver_cancel to avoid memory-leak - digest: fix memory leak, fix not quoted 'opaque' - digest: fix missing increment of 'nc' value for auth-int - digest: pass over leading spaces in qop values - digest: reject broken header with session protocol but without qop - doh: use https protocol by default - easy_lock.h: include sched.h if available to fix build - easy_lock.h: use __asm__ instead of asm to fix build - easy_lock: switch to using atomic_int instead of bool - ftp: use a correct expire ID for timer expiry - h2h3: fix overriding the 'TE: Trailers' header - hostip: resolve *.localhost to 127.0.0.1/::1 - HTTP3.md: update to msh3 v0.4.0 - hyper: use wakers for curl pause/resume - lib3026: reduce the number of threads to 100 - libssh2: make atime/mtime date overflow return error - libssh2: provide symlink name in SFTP dir listing - multi: have curl_multi_remove_handle close CONNECT_ONLY transfer - multi: use larger dns hash table for multi interface - multi_wait: fix skipping to populate revents for extra_fds - netrc: Use the password from lines without login - ngtcp2: Fix build error due to change in nghttp3 prototypes - ngtcp2: fix stall or busy loop on STOP_SENDING with upload data - ngtcp2: implement cb_h3_stop_sending and cb_h3_reset_stream callbacks - openssl: add 'CURL_BORINGSSL_VERSION' to identify BoringSSL - openssl: add cert path in error message - openssl: add details to "unable to set client certificate" error - openssl: fix BoringSSL symbol conflicts with LDAP and Schannel - select: do not return fatal error on EINTR from poll() - sendf: fix paused header writes since after the header API - sendf: skip storing HTTP headers if HTTP disabled - url: really use the user provided in the url when netrc entry exists - url: reject URLs with hostnames longer than 65535 bytes - url: treat missing usernames in netrc as empty - urldata: reduce size of several struct fields - vtls: make Curl_ssl_backend() return the enum type curl_sslbackend * Remove tests-for-32bit.patch fixed in the update * Rebase libcurl-ocloexec.patch ++++ kdump: - mkdumprd: replace mkinitrd with native dracut (bsc#1202443) ++++ kernel-default: - mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there. - commit 403d89f - kernel-source: include the kernel signature file We assume that the upstream tarball is used for released kernels. Then we can also include the signature file and keyring in the kernel-source src.rpm. Because of mkspec code limitation exclude the signature and keyring from binary packages always - mkspec does not parse spec conditionals. - commit e76c4ca - kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages - commit 4b42fb2 - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - commit 1bd288c ++++ cairo: - Update to version 1.17.6: + This snapshot sees the removal of the following backends and platform support: Qt4, BeOS, OS/2, DirectFB, DRM, Cogl, OpenVG. + Thanks to all past contributors for their work on them. If you were using any of these backends then you will need to stick to Cairo 1.16. + This snapshot is going to be the **last** release of Cairo with the Autotools build system. The Meson build has seen many improvements and it is considerably easier to maintain and faster to build. - Changes from version 1.17.4: + A particularly noteworthy improvement in this release is the addition of the meson build system as an alternative to autotools. + The cogl Cairo backend underwent significant development this cycle. + Subpixel positioning support allows improved glyph outlines with the Freetype font backend. + For a complete log of changes, please see https://cairographics.org/releases/ChangeLog.1.17.4 - Changes from version 1.17.2: + This snapshot provides the new support for writing floating point formats as 16 bpc PNGs, with support for RGBA128F and RGB96F formats. This new feature increases Cairo's pixman version requirement to 0.36.0. + Beyond this are a range of bugfixes. For a complete log of changes, please see https://cairographics.org/releases/ChangeLog.1.17.2 - Drop patches fixed upstream: + cairo-Use-FT_Done_MM_Var-instead-of-free-when-available.patch + cairo-composite_color_glyphs.patch + cairo-pdf-add-missing-flush.patch + cairo-do-not-override-explicitly-requested-grayscale-aa.patch - Rebase remaining patches with quilt. - Add 0001-Set-default-LCD-filter-to-FreeType-s-default.patch: Set default LCD filter to FreeType's default (patch merged upstream). - Use ldconfig_scriptlets macro for post(un) handling. ++++ schily: - pbosh.1: replace broken ".so sh.1" refernce with a symlink to bosh.1 ++++ gcc12: - Prune invalid-license rpmlint warnings, the SLE12 codestream doesn't get fixed but FF applies there, too. [bsc#1185337] ++++ libosinfo: - Add 3a0fef72.patch: build: Add option to select libsoup ABI. Following this, add conditional pkgconfig(libsoup-3.0) BuildRequires. - Modernize spec, use ldconfig_scriptlets macro for post(un) handling, package COPYING with license macro. ++++ openslp: - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. ++++ microos-tools: - Update to version 2.15 - 98selinux-microos: Add grep as dependency ++++ runc: - Update to runc v1.1.4. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.4. bsc#1202021 * Fix mounting via wrong proc fd. When the user and mount namespaces are used, and the bind mount is followed by the cgroup mount in the spec, the cgroup was mounted using the bind mount's mount fd. * Switch kill() in libcontainer/nsenter to sane_kill(). * Fix "permission denied" error from runc run on noexec fs. * Fix failed exec after systemctl daemon-reload. Due to a regression in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded. (boo#1202821) ------------------------------------------------------------------ ------------------ 2022-8-30 - Aug 30 2022 ------------------- ------------------------------------------------------------------ ++++ gdk-pixbuf: - Add 0001-jpeg-Increase-memory-limit-for-loading-image-data.patch: fix loading of larger images (glgo#GNOME/gdk-pixbuf#216). ++++ kernel-default: - Refresh patches.rpmify/kbuild-dummy-tools-pretend-we-understand-__LONG_DOUB.patch. - Refresh patches.suse/Revert-zram-remove-double-compression-logic.patch. - Refresh patches.suse/mm-gup-fix-FOLL_FORCE-COW-security-issue-and-remove-.patch. - wifi: mt76: mt7921e: fix crash in chip reset fail (bsc#1201845). Update to upstream versions and shuffle in series. - commit b7da698 - Update patches.kernel.org/5.19.2-1109-dm-fix-dm-raid-crash-if-md_handle_request-spl.patch (bsc#1012628 bsc#1202369). Add a bsc#. - commit 86a8641 ++++ gcc12: - Update to gcc-12 branch head, e927d1cf141f221c5a32574bde0, git416 * includes GCC 12.2 release * includes recent fixes backported from trunk ++++ lua54: - Add more upstream patches: * luabugs6.patch * luabugs7.patch ++++ snapper: - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. - version 0.10.3 ++++ libssh: - Update to version 0.10.1 * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.1 - Enable client and server testing * Added libssh-weak-attribute.patch ++++ libxml2: - Update to version 2.10.2: * Improvements: + Remove set-but-unused variable in xmlXPathScanName + Silence -Warray-bounds warning * Build system + build: require automake-1.16.3 or later + Remove generated files from distribution * Test suite: Don't create missing.xml when running testapi - Add configure --with-python=%{__python3} inbefore python build, as upstream no longer ships pre-grenerated files. - Use sed to fix env-script-interpreter in documentation example. - Pass with-ftp to configure, build ftp support. ++++ libxslt: - Update to version 1.1.37: * Improvements: + Don't use deprecated libxml2 macros + Don't mess with xmlDefaultSAXHandler * Build system: + Require automake-1.16.3 or later + Remove generated files from distribution + Add missing compile definition for static builds to Autotools ++++ microos-tools: - Update to version 2.14 - Fix Makefile to install sysext-add-debug - Update to version 2.13 - 98selinux-microos: Don't rely on selinux=1 [bsc#1202449] - Add sysext-add-debug - Make sure /var/lib/overlay exists before relabeling ++++ libxml2-python: - Update to version 2.10.2: * Improvements: + Remove set-but-unused variable in xmlXPathScanName + Silence -Warray-bounds warning * Build system + build: require automake-1.16.3 or later + Remove generated files from distribution * Test suite: Don't create missing.xml when running testapi - Add configure --with-python=%{__python3} inbefore python build, as upstream no longer ships pre-grenerated files. - Use sed to fix env-script-interpreter in documentation example. - Pass with-ftp to configure, build ftp support. ++++ vim: - ignore-flaky-test-failure.patch: Ignore failure of flaky tests - disable-unreliable-tests-arch.patch: Removed ------------------------------------------------------------------ ------------------ 2022-8-29 - Aug 29 2022 ------------------- ------------------------------------------------------------------ ++++ ca-certificates-mozilla: - Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 Removed: - Hellenic Academic and Research Institutions RootCA 2011 ++++ fde-tools: - Make the firstboot workflow smarter (offer different key protectors) ++++ librsvg: - Update of vendored dependencies. ++++ glib2: - Drop 99783e0408f8ae9628d2c7a30eb99806087da711.patch for 2.73.x branch, fixed upstream already. ++++ grub2: - Fix out of memory error cannot be prevented via disabling tpm (bsc#1202438) * 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch ++++ kernel-default: - Revert "block: freeze the queue earlier in del_gendisk" (bsc#1202534 bsc#1202589). - commit 157e5ea - Delete patches.suse/Revert-Revert-tcp-change-pingpong-threshold-to-3.patch. The test was disabled in python-eventlet. The code is correct, unlike the test. - commit 22072b3 - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1012628). - Linux 5.19.5 (bsc#1012628). - Refresh patches.kernel.org/5.19.4-144-kbuild-dummy-tools-avoid-tmpdir-leak-in-dummy-.patch. - commit 8b6f0a1 - Refresh patches.kernel.org/5.19.4-144-kbuild-dummy-tools-avoid-tmpdir-leak-in-dummy-.patch. Reenable the patch after fixing it (missing plugin-version.h in the patch). - commit 2ea108c - Update to 6.0-rc3 - eliminate 2 patches - patches.suse/0001-scsi-sd-Revert-Rework-asynchronous-resume-support.patch - patches.suse/Revert-zram-remove-double-compression-logic.patch - commit 824e6f8 ++++ gcc12: - Add gcc12-fifo-jobserver-support.patch that adds support for FIFO jobserver for make. ++++ lttng-ust: - Update to release 2.13.4 * Added missing closedir in _get_max_cpuid_from_sysfs() * File descriptor was leaked in get_possible_cpu_mask_from_sysfs * sessiond wait futex: handle spurious futex wakeups ++++ systemd: - Let systemd trust the RTC for 30 years after the last update instead of 15 (bsc#1202356) To allow for our systems to be used in edge locations without systemd updates for a long time. ++++ vim: - Updated to version 9.0.0313, fixes the following problems - boo#1202862 - CVE-2022-3016 - boo#1203155 - CVE-2022-2980 - boo#1203152 - CVE-2022-2982 - boo#1202689 - CVE-2022-2946 - boo#1202687 - CVE-2022-2923 - boo#1202599 - CVE-2022-2889 * Using NULL pointer when skipping compiled code. * Using freed memory with multiple line breaks in expression. * job_start() test may fail under valgrind. * Cannot read error message when abort() is called. * Crash when pattern looks below the last line. * Vim9: error message for missing type is not clear. * No error for comma missing in list in :def function. * Expanding "**" may loop forever with directory links. * Test with BufNewFile autocmd is flaky. * Removing multiple text properties takes many calls. * Cannot make difference between the end of :normal and a character in its argument. * 'autoshelldir' does not work with chunked respose. * Popup menu not removed when 'wildmenu' reset while it is visible. * Mac: cannot build if dispatch.h is not available. * Shift-Tab shows matches on cmdline when 'wildmenu' is off. * Build failure without the +wildmenu feature. * Crash when using ":mkspell" with an empty .dic file. * "make install" does not install shared syntax file. (James McCoy) * "make install" still fails. (Wilhelm Payne) * Text properties "below" sort differently on MS-Windows. * Cannot easily get the list of sourced scripts. * Mechanism to prevent recursive screen updating is incomplete. * Using freed memory when 'tagfunc' deletes the buffer. * Cannot add padding to virtual text without highlight. * Duplicate code in finding a script in the execution stack. * No test for what 9.0.0234 fixes. * Slightly inconsistent error messages. * Test output shows up in git. * Cursor in wrong place after virtual text. * A symlink to an autoload script results in two entries in the list of scripts, items expected in one are actually in the other. * Typo in function name. * Build failure without the eval feature. * Compiler warning for uninitialized variables. * "->" in ":scriptnames" output not tested yet. * Crash with mouse click when not initialized. * Using freed memory when using 'quickfixtextfunc' recursively. * bufload() reads a file even if the name is not a file name. (Cyker Way) * Build failure without the +quickfix feature. * Too many #ifdefs. * No good reason why the "gf" command is not in the tiny version. * Compiler warning for unused argument. * Build error without the +eval feature. * getscriptinfo() does not include the version. Cannot select entries by script name. * Some values of 'path' and 'tags' do not work in the tiny version. * Using INIT() in non-header files. * BufReadCmd not triggered when loading a "nofile" buffer. (Maxim Kim) * Konsole termresponse not recognized. * Netrw plugin does not show remote files. * BufEnter not triggered when using ":edit" in "nofile" buffer. * 'buftype' values not sufficiently tested. * Coverity CI: update-alternatives not needed with Ubuntu 20.04. * The +wildignore feature is nearly always available. * The tiny version has the popup menu but not 'wildmenu'. * The builtin termcap list depends on the version. * Build failure without the +eval feature. * A nested timout stops the previous timeout. * Cannot complete "syn list @cluster". * Using static buffer for multiple completion functions. * It is not easy to change the command line from a plugin. * Using freed memory when location list changed in autocmd. * Irix systems no longer exist. * When 'cmdheight' is zero some messages are not displayed. * Invalid memory write. * Compiler warning for variable set but not used. * Test failing. * Test causes another test to fail. * Messages window not hidden when starting a command line. * Crash when 'cmdheight' is 0 and popup_clear() used. * GUI drop files test sometimes fails. * Message in popup is shortened unnecessary. * Cursor position wrong after right aligned virtual text. (Iizuka Masashi) * Compiler warning for size_t to int conversion. * Error messages for setcmdline() could be better. * 'cpoptions' tests are flaky. * The message window popup is delayed after an error message. * CI for Coverity is bothered by deprecation warnings. * It is not easy to get information about a script. * WinScrolled is not triggered when only skipcol changes. * CI lists useless deprecation warnings. * Buffer write message is two lines in message popup window. * :echomsg doesn't work properly with cmdheight=0. * When cmdheight is zero the attention prompt doesn't show. * Invalid memory access when cmdheight is zero. * Output of :messages dissappears when cmdheight is zero. * Test for hit-Enter prompt fails. * Test for cmdheight zero fails. * Using common name in tests leads to flaky tests. ------------------------------------------------------------------ ------------------ 2022-8-28 - Aug 28 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - update to AppArmor 3.0.7 - fix setuptools version detection in buildpath.py - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.7 for the detailed upstream changelog - add dnsmasq-cpu-possible.diff: allow reading /sys/devices/system/cpu/possible in dnsmasc//libvirt-leaseshelper profile (boo#1202849) ++++ libapparmor: - update to AppArmor 3.0.7 - fix setuptools version detection in buildpath.py - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.7 for the detailed upstream changelog - add dnsmasq-cpu-possible.diff: allow reading /sys/devices/system/cpu/possible in dnsmasc//libvirt-leaseshelper profile (boo#1202849) ++++ fmt: - Update to release 9.1 * fmt::formatted_size now works at compile time * Fixed handling of invalid UTF-8 (#3038) * Improved Unicode support in ostream overloads of print * Added support for wide streams to fmt::streamed * Added the n specifier that disables the output of delimiters when formatting ranges (#2981) - Delete 0001-Fix-large-shift-in-uint128_fallback.patch 0002-Use-FMT_USE_FLOAT128-instead-of-__SIZEOF_FLOAT128__.patch 0001-Make-sure-the-correct-fmod-overload-is-called.patch (merged) ------------------------------------------------------------------ ------------------ 2022-8-27 - Aug 27 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Disable aac289653fa5adf9e9985e4912c1d24a3e8cbab2. It breaks with dummy tools. - commit 15b473a - Update config files. CONFIG_VIRTIO_HARDEN_NOTIFICATION was marked as BROKEN. - Linux 5.19.4 (bsc#1012628). - Revert "ALSA: hda: Fix page fault in snd_hda_codec_shutdown()" (bsc#1012628). - scsi: ufs: ufs-mediatek: Fix build error and type mismatch (bsc#1012628). - f2fs: fix null-ptr-deref in f2fs_get_dnode_of_data (bsc#1012628). - f2fs: revive F2FS_IOC_ABORT_VOLATILE_WRITE (bsc#1012628). - MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 (bsc#1012628). - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (bsc#1012628). - venus: pm_helpers: Fix warning in OPP during probe (bsc#1012628). - powerpc/64: Init jump labels before parse_early_param() (bsc#1012628). - smb3: check xattr value length earlier (bsc#1012628). - f2fs: fix to do sanity check on segment type in build_sit_entries() (bsc#1012628). - f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() (bsc#1012628). - ALSA: control: Use deferred fasync helper (bsc#1012628). - ALSA: pcm: Use deferred fasync helper (bsc#1012628). - ALSA: timer: Use deferred fasync helper (bsc#1012628). - ALSA: core: Add async signal helpers (bsc#1012628). - powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1012628). - ovl: warn if trusted xattr creation fails (bsc#1012628). - ASoC: codecs: va-macro: use fsgen as clock (bsc#1012628). - powerpc/32: Don't always pass -mcpu=powerpc to the compiler (bsc#1012628). - powerpc/32: Set an IBAT covering up to _einittext during init (bsc#1012628). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1012628). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1012628). - watchdog: export lockup_detector_reconfigure (bsc#1012628). - ASoC: Intel: sof_nau8825: Move quirk check to the front in late probe (bsc#1012628). - ASoC: Intel: sof_es8336: ignore GpioInt when looking for speaker/headset GPIO lines (bsc#1012628). - ASoC: Intel: sof_es8336: Fix GPIO quirks set via module option (bsc#1012628). - ASoC: SOF: Intel: hda: add sanity check on SSP index reported by NHLT (bsc#1012628). - ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops (bsc#1012628). - RISC-V: Add fast call path of crash_kexec() (bsc#1012628). - riscv: mmap with PROT_WRITE but no PROT_READ is invalid (bsc#1012628). - ASoC: nau8821: Don't unconditionally free interrupt (bsc#1012628). - riscv: dts: canaan: Add k210 topology information (bsc#1012628). - riscv: dts: sifive: Add fu740 topology information (bsc#1012628). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_irq_ctrl() (bsc#1012628). - ASoC: SOF: sof-client-probes: Only load the driver if IPC3 is used (bsc#1012628). - ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot (bsc#1012628). - ASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot (bsc#1012628). - modules: Ensure natural alignment for .altinstructions and __bug_table sections (bsc#1012628). - ALSA: hda: Fix page fault in snd_hda_codec_shutdown() (bsc#1012628). - ASoC: Intel: avs: Set max DMA segment size (bsc#1012628). - iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit (bsc#1012628). - mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start (bsc#1012628). - vfio: Clear the caps->buf to NULL after free (bsc#1012628). - KVM: PPC: Book3S HV: Fix "rm_exit" entry in debugfs timings (bsc#1012628). - tty: serial: Fix refcount leak bug in ucc_uart.c (bsc#1012628). - lib/list_debug.c: Detect uninitialized lists (bsc#1012628). - ext4: avoid resizing to a partial cluster size (bsc#1012628). - ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1012628). - ext4: avoid remove directory when directory is corrupted (bsc#1012628). - drivers:md:fix a potential use-after-free bug (bsc#1012628). - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (bsc#1012628). - md/raid5: Make logic blocking check consistent with logic that blocks (bsc#1012628). - md: Notify sysfs sync_completed in md_reap_sync_thread() (bsc#1012628). - phy: samsung: phy-exynos-pcie: sanitize init/power_on callbacks (bsc#1012628). - openrisc: io: Define iounmap argument as volatile (bsc#1012628). - Revert "RDMA/rxe: Create duplicate mapping tables for FMRs" (bsc#1012628). - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (bsc#1012628). - dmaengine: tegra: Add terminate() for Tegra234 (bsc#1012628). - selftests/kprobe: Do not test for GRP/ without event failures (bsc#1012628). - csky/kprobe: reclaim insn_slot on kprobe unregistration (bsc#1012628). - RDMA/rxe: Limit the number of calls to each tasklet (bsc#1012628). - ACPI: PPTT: Leave the table mapped for the runtime usage (bsc#1012628). - mmc: renesas_sdhi: newer SoCs don't need manual tap correction (bsc#1012628). - dmaengine: dw-axi-dmac: ignore interrupt if no descriptor (bsc#1012628). - dmaengine: dw-axi-dmac: do not print NULL LLI during error (bsc#1012628). - of: overlay: Move devicetree_corrupt() check up (bsc#1012628). - um: add "noreboot" command line option for PANIC_TIMEOUT=-1 setups (bsc#1012628). - PCI/ACPI: Guard ARM64-specific mcfg_quirks (bsc#1012628). - cxl: Fix a memory leak in an error handling path (bsc#1012628). - pinctrl: intel: Check against matching data instead of ACPI companion (bsc#1012628). - scsi: ufs: ufs-exynos: Change ufs phy control sequence (bsc#1012628). - mmc: tmio: avoid glitches when resetting (bsc#1012628). - habanalabs/gaudi: mask constant value before cast (bsc#1012628). - habanalabs/gaudi: fix shift out of bounds (bsc#1012628). - habanalabs/gaudi: invoke device reset from one code block (bsc#1012628). - habanalabs: add terminating NULL to attrs arrays (bsc#1012628). - coresight: etm4x: avoid build failure with unrolled loops (bsc#1012628). - gadgetfs: ep_io - wait until IRQ finishes (bsc#1012628). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1012628). - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1012628). - clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description (bsc#1012628). - zram: do not lookup algorithm in backends table (bsc#1012628). - uacce: Handle parent device removal or parent driver module rmmod (bsc#1012628). - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (bsc#1012628). - vboxguest: Do not use devm for irq (bsc#1012628). - usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch (bsc#1012628). - scsi: iscsi: Fix HW conn removal use after free (bsc#1012628). - usb: renesas: Fix refcount leak bug (bsc#1012628). - usb: host: ohci-ppc-of: Fix refcount leak bug (bsc#1012628). - usb: typec: mux: Add CONFIG guards for functions (bsc#1012628). - scsi: ufs: ufs-mediatek: Fix the timing of configuring device regulators (bsc#1012628). - clk: ti: Stop using legacy clkctrl names for omap4 and 5 (bsc#1012628). - drm/meson: Fix overflow implicit truncation warnings (bsc#1012628). - irqchip/tegra: Fix overflow implicit truncation warnings (bsc#1012628). - scsi: ufs: core: Add UFSHCD_QUIRK_HIBERN_FASTAUTO (bsc#1012628). - scsi: ufs: core: Add UFSHCD_QUIRK_BROKEN_64BIT_ADDRESS (bsc#1012628). - PCI: aardvark: Fix reporting Slot capabilities on emulated bridge (bsc#1012628). - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (bsc#1012628). - usb: gadget: uvc: calculate the number of request depending on framesize (bsc#1012628). - usb: cdns3 fix use-after-free at workaround 2 (bsc#1012628). - staging: r8188eu: add error handling of rtw_read32 (bsc#1012628). - staging: r8188eu: add error handling of rtw_read16 (bsc#1012628). - staging: r8188eu: add error handling of rtw_read8 (bsc#1012628). - platform/chrome: cros_ec_proto: don't show MKBP version if unsupported (bsc#1012628). - PCI: Add ACS quirk for Broadcom BCM5750x NICs (bsc#1012628). - HID: multitouch: new device class fix Lenovo X12 trackpad sticky (bsc#1012628). - thunderbolt: Change downstream router's TMU rate in both TMU uni/bidir mode (bsc#1012628). - x86/kvm: Fix "missing ENDBR" BUG for fastop functions (bsc#1012628). - x86/ibt, objtool: Add IBT_NOSEAL() (bsc#1012628). - net: mscc: ocelot: report ndo_get_stats64 from the wraparound-resistant ocelot->stats (bsc#1012628). - net: mscc: ocelot: make struct ocelot_stat_layout array indexable (bsc#1012628). - net: mscc: ocelot: fix race between ndo_get_stats64 and ocelot_check_stats_work (bsc#1012628). - net: mscc: ocelot: turn stats_lock into a spinlock (bsc#1012628). - KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (bsc#1012628). - KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (bsc#1012628). - drm/amdgpu: Fix use-after-free on amdgpu_bo_list mutex (bsc#1012628). - drm/sun4i: dsi: Prevent underflow when computing packet sizes (bsc#1012628). - drm/bridge: lvds-codec: Fix error checking of drm_of_lvds_get_data_mapping() (bsc#1012628). - drm/amdgpu: Avoid another list of reset devices (bsc#1012628). - drm/i915/ttm: don't leak the ccs state (bsc#1012628). - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (bsc#1012628). - drm/imx/dcss: get rid of HPD warning message (bsc#1012628). - can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() (bsc#1012628). - gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file (bsc#1012628). - kbuild: fix the modules order between drivers and libs (bsc#1012628). - igb: Add lock to avoid data race (bsc#1012628). - stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() (bsc#1012628). - dt-bindings: display: sun4i: Add D1 TCONs to conditionals (bsc#1012628). - fec: Fix timer capture timing in `fec_ptp_enable_pps()` (bsc#1012628). - tools/rtla: Fix command symlinks (bsc#1012628). - blk-mq: run queue no matter whether the request is the last request (bsc#1012628). - i40e: Fix to stop tx_timeout recovery if GLOBR fails (bsc#1012628). - regulator: pca9450: Remove restrictions for regulator-name (bsc#1012628). - i40e: Fix tunnel checksum offload with fragmented traffic (bsc#1012628). - i2c: imx: Make sure to unregister adapter on remove() (bsc#1012628). - modpost: fix module versioning when a symbol lacks valid CRC (bsc#1012628). - ice: Ignore error message when setting same promiscuous mode (bsc#1012628). - ice: Fix clearing of promisc mode with bridge over bond (bsc#1012628). - ice: Ignore EEXIST when setting promisc mode (bsc#1012628). - ice: Fix double VLAN error when entering promisc mode (bsc#1012628). - ice: Fix VF not able to send tagged traffic with no VLAN filters (bsc#1012628). - ice: Fix call trace with null VSI during VF reset (bsc#1012628). - ice: Fix VSI rebuild WARN_ON check for VF (bsc#1012628). - net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() (bsc#1012628). - net: dsa: don't warn in dsa_port_set_state_now() when driver doesn't support it (bsc#1012628). - net: genl: fix error path memory leak in policy dumping (bsc#1012628). - net: mscc: ocelot: fix address of SYS_COUNT_TX_AGING counter (bsc#1012628). - net: mscc: ocelot: fix incorrect ndo_get_stats64 packet counters (bsc#1012628). - net: dsa: felix: fix ethtool 256-511 and 512-1023 TX packet counters (bsc#1012628). - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (bsc#1012628). - net: sched: fix misuse of qcpu->backlog in gnet_stats_add_queue_cpu (bsc#1012628). - net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg (bsc#1012628). - net: fix potential refcount leak in ndisc_router_discovery() (bsc#1012628). - net: moxa: pass pdev instead of ndev to DMA functions (bsc#1012628). - mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice (bsc#1012628). - virtio_net: fix endian-ness for RSS (bsc#1012628). - net: qrtr: start MHI channel after endpoit creation (bsc#1012628). - net: dsa: mv88e6060: prevent crash on an unused port (bsc#1012628). - net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() (bsc#1012628). - spi: meson-spicc: add local pow2 clock ops to preserve rate between messages (bsc#1012628). - powerpc/pci: Fix get_phb_number() locking (bsc#1012628). - netfilter: nf_tables: check NFT_SET_CONCAT flag if field_count is specified (bsc#1012628). - netfilter: nf_tables: disallow NFT_SET_ELEM_CATCHALL and NFT_SET_ELEM_INTERVAL_END (bsc#1012628). - netfilter: nf_tables: NFTA_SET_ELEM_KEY_END requires concat and interval flags (bsc#1012628). - netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag (bsc#1012628). - netfilter: nf_tables: fix scheduling-while-atomic splat (bsc#1012628). - netfilter: nf_tables: really skip inactive sets when allocating name (bsc#1012628). - netfilter: nf_tables: possible module reference underflow in error path (bsc#1012628). - netfilter: nf_ct_irc: cap packet search space to 4k (bsc#1012628). - netfilter: nf_ct_ftp: prefer skb_linearize (bsc#1012628). - netfilter: nf_ct_h323: cap packet size at 64k (bsc#1012628). - netfilter: nf_ct_sane: remove pseudo skb linearization (bsc#1012628). - netfilter: nf_tables: disallow NFTA_SET_ELEM_KEY_END with NFT_SET_ELEM_INTERVAL_END flag (bsc#1012628). - fs/ntfs3: uninitialized variable in ntfs_set_acl_ex() (bsc#1012628). - netfilter: nf_tables: use READ_ONCE and WRITE_ONCE for shared generation id access (bsc#1012628). - netfilter: nfnetlink: re-enable conntrack expectation events (bsc#1012628). - RDMA/cxgb4: fix accept failure due to increased cpl_t5_pass_accept_rpl size (bsc#1012628). - RDMA/mlx5: Use the proper number of ports (bsc#1012628). - IB/iser: Fix login with authentication (bsc#1012628). - ASoC: codec: tlv320aic32x4: fix mono playback via I2S (bsc#1012628). - ASoC: tas2770: Fix handling of mute/unmute (bsc#1012628). - ASoC: tas2770: Drop conflicting set_bias_level power setting (bsc#1012628). - ASoC: tas2770: Allow mono streams (bsc#1012628). - ASoC: tas2770: Set correct FSYNC polarity (bsc#1012628). - ASoC: DPCM: Don't pick up BE without substream (bsc#1012628). - ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf() (bsc#1012628). - ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (bsc#1012628). - ASoC: Intel: avs: Fix potential buffer overflow by snprintf() (bsc#1012628). - iavf: Fix deadlock in initialization (bsc#1012628). - iavf: Fix reset error handling (bsc#1012628). - iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (bsc#1012628). - iavf: Fix adminq error handling (bsc#1012628). - nios2: add force_successful_syscall_return() (bsc#1012628). - nios2: restarts apply only to the first sigframe we build.. (bsc#1012628). - nios2: fix syscall restart checks (bsc#1012628). - nios2: traced syscall does need to check the syscall number (bsc#1012628). - nios2: don't leave NULLs in sys_call_table[] (bsc#1012628). - nios2: page fault et.al. are *not* restartable syscalls.. (bsc#1012628). - fs/ntfs3: Fix missing i_op in ntfs_read_mft (bsc#1012628). - fs/ntfs3: Do not change mode if ntfs_set_ea failed (bsc#1012628). - fs/ntfs3: Fix double free on remount (bsc#1012628). - fs/ntfs3: Don't clear upper bits accidentally in log_replay() (bsc#1012628). - fs/ntfs3: Fix NULL deref in ntfs_update_mftmirr (bsc#1012628). - fs/ntfs3: Fix using uninitialized value n when calling indx_read (bsc#1012628). - dpaa2-eth: trace the allocated address instead of page struct (bsc#1012628). - perf tests: Fix Track with sched_switch test for hybrid case (bsc#1012628). - perf parse-events: Fix segfault when event parser gets an error (bsc#1012628). - i2c: qcom-geni: Fix GPI DMA buffer sync-back (bsc#1012628). - perf probe: Fix an error handling path in 'parse_perf_probe_command()' (bsc#1012628). - nvme-fc: fix the fc_appid_store return value (bsc#1012628). - geneve: fix TOS inheriting for ipv4 (bsc#1012628). - fscache: don't leak cookie access refs if invalidation is in progress or failed (bsc#1012628). - atm: idt77252: fix use-after-free bugs caused by tst_timer (bsc#1012628). - tsnep: Fix tsnep_tx_unmap() error path usage (bsc#1012628). - xen/xenbus: fix return type in xenbus_file_read() (bsc#1012628). - nfp: ethtool: fix the display error of `ethtool -m DEVNAME` (bsc#1012628). - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (bsc#1012628). - tools build: Switch to new openssl API for test-libcrypto (bsc#1012628). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1012628). - tools/testing/cxl: Fix cxl_hdm_decode_init() calling convention (bsc#1012628). - vdpa_sim_blk: set number of address spaces and virtqueue groups (bsc#1012628). - vdpa_sim: use max_iotlb_entries as a limit in vhost_iotlb_init (bsc#1012628). - clk: imx93: Correct the edma1's parent clock (bsc#1012628). - ceph: don't leak snap_rwsem in handle_cap_grant (bsc#1012628). - tools/vm/slabinfo: use alphabetic order when two values are equal (bsc#1012628). - tools/testing/cxl: Fix decoder default state (bsc#1012628). - ceph: use correct index when encoding client supported features (bsc#1012628). - spi: dt-bindings: qcom,spi-geni-qcom: allow three interconnects (bsc#1012628). - dt-bindings: opp: opp-v2-kryo-cpu: Fix example binding checks (bsc#1012628). - spi: dt-bindings: zynqmp-qspi: add missing 'required' (bsc#1012628). - spi: dt-bindings: cadence: add missing 'required' (bsc#1012628). - dt-bindings: PCI: qcom: Fix reset conditional (bsc#1012628). - dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources (bsc#1012628). - dt-bindings: arm: qcom: fix MSM8994 boards compatibles (bsc#1012628). - dt-bindings: arm: qcom: fix MSM8916 MTP compatibles (bsc#1012628). - dt-bindings: arm: qcom: fix Longcheer L8150 compatibles (bsc#1012628). - dt-bindings: gpio: zynq: Add missing compatible strings (bsc#1012628). - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (bsc#1012628). - vsock: Fix memory leak in vsock_connect() (bsc#1012628). - plip: avoid rcu debug splat (bsc#1012628). - ipv6: do not use RT_TOS for IPv6 flowlabel (bsc#1012628). - mlx5: do not use RT_TOS for IPv6 flowlabel (bsc#1012628). - vxlan: do not use RT_TOS for IPv6 flowlabel (bsc#1012628). - geneve: do not use RT_TOS for IPv6 flowlabel (bsc#1012628). - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (bsc#1012628). - octeontx2-af: Fix key checking for source mac (bsc#1012628). - octeontx2-af: Fix mcam entry resource leak (bsc#1012628). - octeontx2-af: suppress external profile loading warning (bsc#1012628). - octeontx2-af: Apply tx nibble fixup always (bsc#1012628). - octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (bsc#1012628). - dt-bindings: input: iqs7222: Extend slider-mapped GPIO to IQS7222C (bsc#1012628). - dt-bindings: input: iqs7222: Correct bottom speed step size (bsc#1012628). - dt-bindings: input: iqs7222: Remove support for RF filter (bsc#1012628). - Input: iqs7222 - remove support for RF filter (bsc#1012628). - Input: iqs7222 - handle reset during ATI (bsc#1012628). - Input: iqs7222 - acknowledge reset before writing registers (bsc#1012628). - Input: iqs7222 - protect volatile registers (bsc#1012628). - Input: iqs7222 - fortify slider event reporting (bsc#1012628). - Input: iqs7222 - correct slider event disable logic (bsc#1012628). - Input: mt6779-keypad - match hardware matrix organization (bsc#1012628). - Input: exc3000 - fix return value check of wait_for_completion_timeout (bsc#1012628). - rtc: spear: set range max (bsc#1012628). - pinctrl: qcom: sm8250: Fix PDC map (bsc#1012628). - dt-bindings: pinctrl: mt8186: Add and use drive-strength-microamp (bsc#1012628). - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (bsc#1012628). - dt-bindings: pinctrl: mt8195: Add and use drive-strength-microamp (bsc#1012628). - dt-bindings: pinctrl: mt8195: Fix name for mediatek,rsel-resistance-in-si-unit (bsc#1012628). - pinctrl: amd: Don't save/restore interrupt status and wake status bits (bsc#1012628). - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (bsc#1012628). - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (bsc#1012628). - dt-bindings: pinctrl: mt8192: Use generic bias instead of pull-*-adv (bsc#1012628). - dt-bindings: pinctrl: mt8192: Add drive-strength-microamp (bsc#1012628). - pinctrl: renesas: rzg2l: Return -EINVAL for pins which have input disabled (bsc#1012628). - dt-bindings: arm: qcom: fix Alcatel OneTouch Idol 3 compatibles (bsc#1012628). - selftests: forwarding: Fix failing tests with old libnet (bsc#1012628). - net: atm: bring back zatm uAPI (bsc#1012628). - net: bgmac: Fix a BUG triggered by wrong bytes_compl (bsc#1012628). - net: dsa: felix: suppress non-changes to the tagging protocol (bsc#1012628). - net: phy: c45 baset1: do not skip aneg configuration if clock role is not specified (bsc#1012628). - net: bcmgenet: Indicate MAC is in charge of PHY PM (bsc#1012628). - net: phy: Warn about incorrect mdio_bus_phy_resume() state (bsc#1012628). - devlink: Fix use-after-free after a failed reload (bsc#1012628). - virtio-blk: Avoid use-after-free on suspend/resume (bsc#1012628). - virtio_net: fix memory leak inside XPD_TX with mergeable (bsc#1012628). - virtio: VIRTIO_HARDEN_NOTIFICATION is broken (bsc#1012628). - ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared (bsc#1012628). - SUNRPC: Don't reuse bvec on retransmission of the request (bsc#1012628). - SUNRPC: Reinitialise the backchannel request buffers before reuse (bsc#1012628). - SUNRPC: Fix xdr_encode_bool() (bsc#1012628). - sunrpc: fix expiry of auth creds (bsc#1012628). - m68k: coldfire/device.c: protect FLEXCAN blocks (bsc#1012628). - net: atlantic: fix aq_vec index out of range error (bsc#1012628). - can: j1939: j1939_session_destroy(): fix memory leak of skbs (bsc#1012628). - can: mcp251x: Fix race condition on receive interrupt (bsc#1012628). - bpf: Check the validity of max_rdwr_access for sock local storage map iterator (bsc#1012628). - bpf: Acquire map uref in .init_seq_private for sock{map,hash} iterator (bsc#1012628). - bpf: Acquire map uref in .init_seq_private for sock local storage map iterator (bsc#1012628). - bpf: Acquire map uref in .init_seq_private for hash map iterator (bsc#1012628). - bpf: Acquire map uref in .init_seq_private for array map iterator (bsc#1012628). - bpf: Don't reinit map value in prealloc_lru_pop (bsc#1012628). - bpf: Disallow bpf programs call prog_run command (bsc#1012628). - BPF: Fix potential bad pointer dereference in bpf_sys_bpf() (bsc#1012628). - selftests: mptcp: make sendfile selftest work (bsc#1012628). - mptcp: do not queue data on closed subflows (bsc#1012628). - mptcp: move subflow cleanup in mptcp_destroy_common() (bsc#1012628). - mptcp, btf: Add struct mptcp_sock definition when CONFIG_MPTCP is disabled (bsc#1012628). - NFSv4/pnfs: Fix a use-after-free bug in open (bsc#1012628). - NFSv4.1: RECLAIM_COMPLETE must handle EACCES (bsc#1012628). - NFSv4: Fix races in the legacy idmapper upcall (bsc#1012628). - NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (bsc#1012628). - NFSv4.1: Don't decrease the value of seq_nr_highest_sent (bsc#1012628). - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (bsc#1012628). - netfilter: nf_tables: fix crash when nf_trace is enabled (bsc#1012628). - Documentation: ACPI: EINJ: Fix obsolete example (bsc#1012628). - apparmor: Fix memleak in aa_simple_write_to_buffer() (bsc#1012628). - apparmor: fix reference count leak in aa_pivotroot() (bsc#1012628). - apparmor: fix overlapping attachment computation (bsc#1012628). - apparmor: fix setting unconfined mode on a loaded profile (bsc#1012628). - apparmor: fix aa_label_asxprint return check (bsc#1012628). - apparmor: Fix failed mount permission check error message (bsc#1012628). - apparmor: fix absroot causing audited secids to begin with = (bsc#1012628). - apparmor: fix quiet_denied for file rules (bsc#1012628). - can: ems_usb: fix clang's -Wunaligned-access warning (bsc#1012628). - dt-bindings: usb: mtk-xhci: Allow wakeup interrupt-names to be optional (bsc#1012628). - ALSA: hda: Fix crash due to jack poll in suspend (bsc#1012628). - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (bsc#1012628). - tracing: Have filter accept "common_cpu" to be consistent (bsc#1012628). - tracing/probes: Have kprobes and uprobes use $COMM too (bsc#1012628). - tracing/eprobes: Have event probes be consistent with kprobes and uprobes (bsc#1012628). - tracing/eprobes: Fix reading of string fields (bsc#1012628). - tracing/eprobes: Do not hardcode $comm as a string (bsc#1012628). - tracing/eprobes: Do not allow eprobes to use $stack, or % for regs (bsc#1012628). - tracing/perf: Fix double put of trace event when init fails (bsc#1012628). - x86/kprobes: Fix JNG/JNLE emulation (bsc#1012628). - cifs: Fix memory leak on the deferred close (bsc#1012628). - drm/i915: pass a pointer for tlb seqno at vma_invalidate_tlb() (bsc#1012628). - drm/i915/gt: Batch TLB invalidations (bsc#1012628). - drm/i915/gt: Skip TLB invalidations once wedged (bsc#1012628). - drm/i915/gt: Invalidate TLB of the OA unit at TLB invalidations (bsc#1012628). - drm/i915/gt: Ignore TLB invalidations on idle engines (bsc#1012628). - drm/amdgpu: change vram width algorithm for vram_info v3_0 (bsc#1012628). - btrfs: fix warning during log replay when bumping inode link count (bsc#1012628). - btrfs: fix lost error handling when looking up extended ref on log replay (bsc#1012628). - btrfs: reset RO counter on block group if we fail to relocate (bsc#1012628). - btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() (bsc#1012628). - mmc: meson-gx: Fix an error handling path in meson_mmc_probe() (bsc#1012628). - mmc: pxamci: Fix an error handling path in pxamci_probe() (bsc#1012628). - mmc: pxamci: Fix another error handling path in pxamci_probe() (bsc#1012628). - ata: libata-eh: Add missing command name (bsc#1012628). - s390/ap: fix crash on older machines based on QCI info missing (bsc#1012628). - drm/amd/display: Check correct bounds for stream encoder instances for DCN303 (bsc#1012628). - drm/amdgpu: Only disable prefer_shadow on hawaii (bsc#1012628). - drm/ttm: Fix dummy res NULL ptr deref bug (bsc#1012628). - drm/nouveau: recognise GA103 (bsc#1012628). - locking/atomic: Make test_and_*_bit() ordered on failure (bsc#1012628). - drm/i915/gem: Remove shared locking on freeing objects (bsc#1012628). - rds: add missing barrier to release_refill (bsc#1012628). - x86/mm: Use proper mask when setting PUD mapping (bsc#1012628). - KVM: Unconditionally get a ref to /dev/kvm module when creating a VM (bsc#1012628). - RDMA: Handle the return code from dma_resv_wait_timeout() properly (bsc#1012628). - ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU (bsc#1012628). - ALSA: info: Fix llseek return value when using callback (bsc#1012628). - commit 631b6cd ++++ libXau: - Update to version 1.0.10 * gitlab CI: add a basic build test * Fix spelling/wording issues * Autest.c: Fix -Wdiscarded-qualifiers warnings * Remove unnnecessary casts from malloc() and free() calls * XauReadAuth: move failure handling code to a common code block ++++ at-spi2-core: - Update to version 2.45.91: + Send device event controller events using the same signature as other events. + Document the Accessible, Action, and Cache dbus interfaces. + Fix license of atspi-gmain.c. - Add fdupes BuildRequires and macro, remove duplicate files. - Provide and Obsolete atk from libatk sub-package. ++++ schily: - Fix update-alternatives for rmt.1 ------------------------------------------------------------------ ------------------ 2022-8-26 - Aug 26 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.40.0: + During the build, stop relying on intltool for i18n and use gettext only. + Undeprecate nm_remote_connection_get_secrets() in libnm. + NetworkManager now will restart DHCP if the MAC changes on a device. - Drop intltool BuildRequires following upstream changes. - Refresh patches with quilt. - Stop passing dnssec_trigger=%{_libexecdir}/dnssec-trigger-script to meson, support dropped upstream. ++++ apparmor: - add profiles-permit-php-fpm-pid-files-directly-under-run.patch https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344) ++++ librsvg: - Update to version 2.55.0: + The Minimum Supported Rust Version (MSRV) is now Rust 1.58. + The release tarball no longer contains vendored Rust dependencies. Most distributions now have infrastructure to pull these themselves, so let's make the tarball smaller. + Accept patterns with userSpaceOnUse units for the stroke of axis-aligned lines. + Small reductions in memory consumption of the DOM tree. + Updates for the gtk-rs API. - Update to version 2.54.5: + Accept patterns with userSpaceOnUse units for the stroke of axis-aligned lines. ++++ llvm15: - Add llvm-lifetime-for-rust.patch to have Rust memory management functions considered as lifetime markers. This should aid dead store elimination to dynamically allocated memory in Rust code. ++++ libapparmor: - add profiles-permit-php-fpm-pid-files-directly-under-run.patch https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344) ++++ libcbor: - Install manual page in the correct man section ++++ nfs-utils: - sysconfig.nfs, nfs.conf: allow NFSv4 grace time to be set via sysconfig. SLE12 allowed this, SLE15 lost the ability. Add it back with the name NFSV4GRACETIME. Also improve description for NFSV4LEASETIME. (bsc#1202592) ++++ libssh: - Update to version 0.10.0 * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.0 - Removed 0001-Soften-behaviour-of-the-Compression-no-yes-option.patch ++++ selinux-policy: - Move SUSE directory from manual page section to html docu ------------------------------------------------------------------ ------------------ 2022-8-25 - Aug 25 2022 ------------------- ------------------------------------------------------------------ ++++ file: - Move magic files to /usr/share/file from /usr/share/misc, and then create symlinks from /usr/share/misc back to /usr/share/file as per FHS 3.0 ++++ glib2: - Add 99783e0408f8ae9628d2c7a30eb99806087da711.patch: gsocketclient: Fix passing NULL to g_task_get_cancellable(). Fix a regression from commit abddb42d14, where it could pass `NULL` to `g_task_get_cancellable()`, triggering a critical warning. This could happen because the lifetime of `data->task` is not as long as the lifetime of the `ConnectionAttempt`, but the code assumed it was. Fix the problem by keeping a strong ref to that `GCancellable` around until the `ConnectionAttempt` is finished being destroyed. ++++ kernel-default: - series.conf: cleanup - move recently added patches to "almost mainline" section - patches.suse/Revert-zram-remove-double-compression-logic.patch - patches.suse/ASoC-nau8821-Implement-hw-constraint-for-rates.patch - patches.suse/ASoC-nau8824-Fix-semaphore-unbalance-at-error-paths.patch - patches.suse/ASoC-nau8824-Implement-hw-constraint-for-rates.patch - patches.suse/ASoC-nau8825-Implement-hw-constraint-for-rates.patch - patches.suse/ASoC-nau8540-Implement-hw-constraint-for-rates.patch - commit 18ca0fb - Refresh USB type-C workaround patch (bsc#1202386) It landed in the upstream subsystem repo; also correct the bug reference - commit bf02544 - ASoC: nau8540: Implement hw constraint for rates (bsc#1201418). - ASoC: nau8825: Implement hw constraint for rates (bsc#1201418). - ASoC: nau8824: Implement hw constraint for rates (bsc#1201418). - ASoC: nau8824: Fix semaphore unbalance at error paths (bsc#1201418). - ASoC: nau8821: Implement hw constraint for rates (bsc#1201418). - commit ef72ecc ++++ libxml2: - Update to version 2.10.1: * Regressions: Fix xmlCtxtReadDoc with encoding * Bug fixes: Fix HTML parser with threads and --without-legacy * Build system: + Fix build with Python 3.10 + cmake: Disable version script on macOS + Remove Makefile rule to build testapi.c * Documentation: + Switch back to HTML output for API documentation + Port doc/examples/index.py to Python 3 + Fix order of exports in libxml2-api.xml + Remove libxml2-refs.xml ++++ osinfo-db: - Add support for openSUSE Leap 15.5, SLES 15.5, and SLE Micro 5.3 add-opensuse-leap-15.5-support.patch add-sle15sp5-support.patch add-slem5.3-support.patch ++++ pinentry: - update to 1.2.1: * qt: Support building with Qt 5.9. [T5592] * curses: Handle an error at curses initialization. [T5623] * curses: Specify fg/bg when an extention of Ncurses is not available. * qt: Fix translation of context menu entries. [T5786] * qt: Further improve the accessibility. [T5863] * qt: Fix moving focus to second input field when pressing Enter in first input field. [T5866] * qt: Update the cursor position when reformatting the text. [T5972] * qt: Use foreground raising code also with the confirm prompt. * Make the legacy qt4 version build again. [T5569] * Make sure an entered PIN is always cleared from memory. [T5977] * Build fixes for Windows. [T5893] ++++ libxml2-python: - Update to version 2.10.1: * Regressions: Fix xmlCtxtReadDoc with encoding * Bug fixes: Fix HTML parser with threads and --without-legacy * Build system: + Fix build with Python 3.10 + cmake: Disable version script on macOS + Remove Makefile rule to build testapi.c * Documentation: + Switch back to HTML output for API documentation + Port doc/examples/index.py to Python 3 + Fix order of exports in libxml2-api.xml + Remove libxml2-refs.xml ------------------------------------------------------------------ ------------------ 2022-8-24 - Aug 24 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - Add kdump-close.patch required by patches below. - Add kdump-refactor.patch and kdump-suse.patch to support SUSE kdump config management in cockpit. - Use a list of available brandings to include in cockpit-ws package instead of resolving by symlinks. ++++ fillup: - Makefile is not parallel-safe ++++ glibc: - nscd-netlink-cache-invalidation.patch: nscd: Fix netlink cache invalidation if epoll is used (boo#1199964, BZ #29415) ++++ kernel-default: - Update patches.kernel.org/5.19.2-1136-net_sched-cls_route-remove-from-list-when-han.patch references (add CVE-2022-2588 bsc#1202096). - Update patches.kernel.org/5.19.3-003-net_sched-cls_route-disallow-handle-of-0.patch references (add bsc#1202393). - commit cc8e6d6 ++++ jbigkit: - Makefile is not parallel-safe ++++ multipath-tools: - Update to version 0.9.0+55+suse.33d8854: * Avoid linking to libreadline to avoid licensing issue (bsc#1202616) ++++ libtasn1: - libtasn1 4.19.0: * Clarify libtasn1.map license * Fix ETYPE_OK out of bounds read * Update gnulib files and various maintenance fixes ++++ libvirt: - spec: Suppress error messages about nonexistent or unreadable files from grep ++++ tcpd: - Makefile is not parallel-safe ------------------------------------------------------------------ ------------------ 2022-8-23 - Aug 23 2022 ------------------- ------------------------------------------------------------------ ++++ llvm15: - Don't declare python3-clang as noarch: Python packages are installed into %{_libdir}. ++++ libgcrypt: - FIPS: gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] * Add libgcrypt-out-of-core-handler.patch ++++ zlib: - Update to 1.2.12: * A lot of bug fixes * Improve speed of crc32 functions * Use ARM crc32 instructions if the ARM architecture has them For the complete changes, see ChangeLog - Fixes CVE-2022-37434, heap-based buffer over-read or buffer overflow in inflate.c via a large gzip header extra field (CVE-2022-37434, bsc#1202175) - Added patches: * zlib-1.2.11-covscan-issues-rhel9.patch * zlib-1.2.11-covscan-issues.patch * zlib-1.2.12-s390-vectorize-crc32.patch * zlib-1.2.12-optimized-crc32-power8.patch * zlib-1.2.12-IBM-Z-hw-accelerated-deflate-s390x.patch * zlib-1.2.12-fix-configure.patch * zlib-1.2.12-correct-inputs-provided-to-crc-func.patch * zlib-1.2.12-fix-CVE-2022-37434.patch * zlib-1.2.5-minizip-fixuncrypt.patch - Removed patches: * bsc1197459.patch (upstreamed) * zlib-power8-fate325307.patch (replaced by zlib-1.2.12-optimized-crc32-power8.patch) * bsc1174736-DFLTCC_LEVEL_MASK-set-to-0x1ff.patch (replaced by zlib-1.2.12-IBM-Z-hw-accelrated-deflate-s390x.patch) * 410.patch (replaced by zlib-1.2.12-IBM-Z-hw-accelrated-deflate-s390x.patch) - Refreshed patches: * zlib-format.patch * zlib-no-version-check.patch - Disable profiling since it breaks tests - Update zlib-rpmlintrc ++++ ovmf: - Removed patches in ovmf-bsc1196879-sev-fix.patch which are merged to edk2-stable202205: - OvmfPkg/AmdSev: reserve snp pages - de463163d9 edk2-stable202205-rc1~292 - OvmfPkg/ResetVector: cache the SEV status MSR value - 63c50d3ff2 edk2-stable202205-rc1~291 - OvmfPkg/BaseMemEncryptLib: use the SEV_STATUS MSR - f1d1c337e7 edk2-stable202205-rc1~290 ------------------------------------------------------------------ ------------------ 2022-8-22 - Aug 22 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - update to 22.1.7: * fixes and cleanups all over the tree * most of the fixes are for zink * nice batch of fixes for the gallium dx9 frontend * some other fixes across the board ++++ Mesa-drivers: - update to 22.1.7: * fixes and cleanups all over the tree * most of the fixes are for zink * nice batch of fixes for the gallium dx9 frontend * some other fixes across the board ++++ boost-base: - ppc64le: added some new math libraries (bsc#1202594) ++++ cryptsetup: - cryptsetup 2.5.0: * Split manual pages into per-action pages and use AsciiDoc format. * Remove cryptsetup-reencrypt tool from the project and move reencryption to already existing "cryptsetup reencrypt" command. If you need to emulate the old cryptsetup-reencrypt binary, use simple wrappers script running "exec cryptsetup reencrypt $@". * LUKS2: implement --decryption option that allows LUKS removal. * Fix decryption operation with --active-name option and restrict it to be used only with LUKS2. * Do not refresh reencryption digest when not needed. This should speed up the reencryption resume process. * Store proper resilience data in LUKS2 reencrypt initialization. Resuming reencryption now does not require specification of resilience type parameters if these are the same as during initialization. * Properly wipe the unused area after reencryption with datashift in the forward direction. * Check datashift value against larger sector size. For example, it could cause an issue if misaligned 4K sector appears during decryption. * Do not allow sector size increase reencryption in offline mode. * Do not allow dangerous sector size change during reencryption. * Ask the user for confirmation before resuming reencryption. * Do not resume reencryption with conflicting parameters. * Add --force-offline-reencrypt option. * Do not allow nested encryption in LUKS reencrypt. * Support all options allowed with luksFormat with encrypt action. * Add resize action to integritysetup. * Remove obsolete dracut plugin reencryption example. * Fix possible keyslot area size overflow during conversion to LUKS2. * Allow use of --header option for cryptsetup close. * Fix activation of LUKS2 device with integrity and detached header. * Add ZEROOUT IOCTL support for crypt_wipe API call. * VERITY: set loopback sector size according to dm-verity block sizes. * veritysetup: dump device sizes. * LUKS2 token: prefer token PIN query before passphrase in some cases. When a user provides --token-type or specific --token-id, a token PIN query is preferred to a passphrase query. * LUKS2 token: allow tokens to be replaced with --token-replace option for cryptsetup token command. * LUKS2 token: do not continue operation when interrupted in PIN prompt. * Add --progress-json parameter to utilities. * Add support for --key-slot option in luksResume action. - move man pages to separate subpackage - drop backports handling ++++ transactional-update: - Version 4.0.1 - create_dirs_from_rpmdb: Just warn if no default SELinux context found [gh#openSUSE/transactional-update#88], [bsc#1188215] - create_dirs_from_rpmdb: Don't update the rpmdb cookie on failure [gh#openSUSE/transactional-update#88] - Handle directories owned by multiple packages [gh#openSUSE/transactional-update#90], [bsc#1188215] ++++ filesystem: - Revert last change, fr should be used like we do for all languages in all packages, no excpetion for xz with fr_FR. ++++ kernel-default: - scsi: sd: Revert "Rework asynchronous resume support" (rc1 testing). - commit 4aad010 - Update to 6.0-rc2 - drop upstreamed patch - patches.rpmify/kbuild-dummy-tools-pretend-we-understand-__LONG_DOUB.patch - refresh configs - commit 712f762 ++++ ncurses: - Add ncurses patch 20220820 + fix some cppcheck warnings, mostly style, in ncurses and c++ libraries and progs directory. + add curses_trace to ifdef's for START_TRACE in test/test.priv.h + update config.guess ++++ nghttp2: - update to 1.49.0: * https://nghttp2.org/blog/2022/08/22/nghttp2-v1-49-0/ ++++ shadow: - Update to 4.12.3: Revert removal of subid_init, which should have bumped soname. So note that 4.12 through 4.12.2 were broken for subid users. ++++ python-immutables: - Don't do mypy static type checking of the sources in order to avoid mypy in Ring1. The functionality of the binary rpm package is not affected by properly typed python sources. - Remove obsolete setup.py sed fix - Don't catchall sitearch files in %files section ++++ python-urllib3: - update to 1.26.12: * Deprecated the `urllib3[secure]` extra and the `urllib3.contrib.pyopenssl` module. Both will be removed in v2.x. See this `GitHub issue `_ for justification and info on how to migrate. ++++ trousers: - BuildRequire pkkconfig(udev) instead of udev: allow OBS to shortcut through the -mini flavors. ------------------------------------------------------------------ ------------------ 2022-8-21 - Aug 21 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Linux 5.19.3 (bsc#1012628). - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1012628). - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1012628). - btrfs: raid56: don't trust any cached sector in __raid56_parity_recover() (bsc#1012628). - btrfs: only write the sectors in the vertical stripe which has data stripes (bsc#1012628). - net_sched: cls_route: disallow handle of 0 (bsc#1012628). - tee: add overflow check in register_shm_helper() (bsc#1012628). - Revert "mm: kfence: apply kmemleak_ignore_phys on early allocated pool" (bsc#1012628). - commit 0140109 ++++ gcc12: - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ------------------------------------------------------------------ ------------------ 2022-8-20 - Aug 20 2022 ------------------- ------------------------------------------------------------------ ++++ sudo: - Update to 1.9.11p3: * Changes in Sudo 1.9.11 * Fixed a crash in the Python module with Python 3.9.10 on some systems. Additionally, make check now passes for Python 3.9.10. * Error messages sent via email now include more details, including the file name and the line number and column of the error. Multiple errors are sent in a single message. Previously, only the first error was included. * Fixed logging of parse errors in JSON format. Previously, the JSON logger would not write entries unless the command and runuser were set. These may not be known at the time a parse error is encountered. * Fixed a potential crash parsing sudoers lines larger than twice the value of LINE_MAX on systems that lack the getdelim() function. * The tests run by make check now unset the LANGUAGE environment variable. Otherwise, localization strings will not match if LANGUAGE is set to a non-English locale. Bug #1025. * The “starttime” test now passed when run under Debian faketime. Bug #1026. * The Kerberos authentication module now honors the custom password prompt if one has been specified. * The embedded copy of zlib has been updated to version 1.2.12. * Updated the version of libtool used by sudo to version 2.4.7. * Sudo now defines _TIME_BITS to 64 on systems that define __TIMESIZE in the header files (currently only GNU libc). This is required to allow the use of 64-bit time values on some 32-bit systems. * Sudo’s intercept and log_subcmds options no longer force the command to run in its own pseudo-terminal. It is now also possible to intercept the system(3) function. * Fixed a bug in sudo_logsrvd when run in store-first relay mode where the commit point messages sent by the server were incorrect if the command was suspended or received a window size change event. * Fixed a potential crash in sudo_logsrvd when the tls_dhparams configuration setting was used. * The intercept and log_subcmds functionality can now use ptrace(2) on Linux systems that support seccomp(2) filtering. This has the advantage of working for both static and dynamic binaries and can work with sudo’s SELinux RBAC mode. The following architectures are currently supported: i386, x86_64, aarch64, arm, mips (log_subcmds only), powerpc, riscv, and s390x. The default is to use ptrace(2) where possible; the new intercept_type sudoers setting can be used to explicitly set the type. * New Georgian translation from translationproject.org. * Fixed creating packages on CentOS Stream. * Fixed a bug in the intercept and log_subcmds support where the execve(2) wrapper was using the current environment instead of the passed environment pointer. Bug #1030. * Added AppArmor integration for Linux. A sudoers rule can now specify an APPARMOR_PROFILE option to run a command confined by the named AppArmor profile. * Fixed parsing of the server_log setting in sudo_logsrvd.conf. Non-paths were being treated as paths and an actual path was treated as an error. * Changes in Sudo 1.9.11p1: * Correctly handle EAGAIN in the I/O read/right events. This fixes a hang seen on some systems when piping a large amount of data through sudo, such as via rsync. Bug #963. * Changes to avoid implementation or unspecified behavior when bit shifting signed values in the protobuf library. * Fixed a compilation error on Linux/aarch64. * Fixed the configure check for seccomp(2) support on Linux. * Corrected the EBNF specification for tags in the sudoers manual page. GitHub issue #153. * Changes in Sudo 1.9.11p2: * Fixed a compilation error on Linux/x86_64 with the x32 ABI. * Fixed a regression introduced in 1.9.11p1 that caused a warning when logging to sudo_logsrvd if the command returned no output. * Changes in Sudo 1.9.11p3: * Fixed “connection reset” errors on AIX when running shell scripts with the intercept or log_subcmds sudoers options enabled. Bug #1034. * Fixed very slow execution of shell scripts when the intercept or log_subcmds sudoers options are set on systems that enable Nagle’s algorithm on the loopback device, such as AIX. Bug #1034. * Modified sudo-sudoers.patch - Added sudo-1.9.10-update_sudouser_to_utf8.patch * [bsc#1197998] * Enable sudouser LDAP schema to use UTF-8 encodings. * Sourced from https://github.com/sudo-project/sudo/pull/163 * Credit to William Brown, william.brown@suse.com ++++ tar: - drop tar-recursive--files-from.patch (causes bsc#918487) ------------------------------------------------------------------ ------------------ 2022-8-19 - Aug 19 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - skip code linting for packaging * removes pyflakes from the build requirements and thus Ring1 * see also https://gitlab.com/apparmor/apparmor/-/issues/121 ++++ kernel-default: - Revert "usb: typec: ucsi: add a common function ucsi_unregister_connectors()" (bsc#120238). - commit 46d0607 ++++ libapparmor: - skip code linting for packaging * removes pyflakes from the build requirements and thus Ring1 * see also https://gitlab.com/apparmor/apparmor/-/issues/121 ++++ lttng-ust: - Update to version 2.13.3: * Document ust lock async-signal-safety. * Fix: don't use strerror() from ust lock nocheck. * Fix: remove non-async-signal-safe fflush from ERR(). * Fix: Pointers are rejected by integer element compile time assertion for array and sequence. * Fix: statedump: invalid read during iter_end. * Fix: bytecode interpreter context_get_index() leaves byte order uninitialised. ++++ shadow: - Update to 4.12.2: * Address CVE-2013-4235 (TOCTTOU when copying directories) [bsc#916845] - Refresh useradd-userkeleton.patch: LSTAT() was removed with https://github.com/shadow-maint/shadow/pull/545 Let's use fstatat() now. ++++ libtirpc: - update to 1.3.3 (bsc#1201680, CVE-2021-46828): * Fix DoS vulnerability in libtirpc * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr * rpcb_clnt.c add mechanism to try v2 protocol first * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c - drop 0001-Fix-DoS-vulnerability-in-libtirpc.patch (upstream) ++++ userspace-rcu: - Update to version 0.13.2: * Revert "Fix: remove type constness in URCU_FORCE_CAST's C++ version". * Fix: futex.h: include headers outside extern C. * Fix: add missing unused attribute to _rcu_dereference. * Fix: change method used by _rcu_dereference to strip type constness. * Fix: remove type constness in URCU_FORCE_CAST's C++ version. * Move extern "C" down in include/urcu/urcu-bp.h. * Fix: ifdef linux specific cpu count compat. * Set git-review branch to stable-0.13. * Fix: sysconf(_SC_NPROCESSORS_CONF) can be less than max cpu id. * Fix: revise obsolete command in README.md. * Fix: workqueue: remove unused variable "ret". * Fix: futex wait: handle spurious futex wakeups. * Fix: Use %lu rather than %ld to print count. ++++ libvirt: - spec: Place 'Requires:' on compression binaries instead of their associated packages boo#1202569 ++++ python-pbr: - update to 5.10.0: * Specify Changelog procedure * Allow leading spaces when determining symbols * Adding python classifiers py38 & py39 ------------------------------------------------------------------ ------------------ 2022-8-18 - Aug 18 2022 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 057+suse.309.gb71946f6: * fix(dracut-initramfs-restore.sh): hide unpack errors (bsc#1199341) * chore(suse): remove suse-module-tools build requirement * fix(suse-initrd): always check that MACHINE_ID is not empty (bsc#1201780) ++++ grub2: - Fix tpm error stop tumbleweed from booting (bsc#1202374) * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch - Patch Removed * 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch ++++ kernel-default: - Update config files (bsc#1201361 bsc#1192968 https://github.com/rear/rear/issues/2554). ppc64: NVRAM=y - commit e3d4124 - Update config files: CONFIG_SPI_AMD=m on x86 (bsc#1201418) - commit 017ef8a - Workaround for missing HD-audio on AMD platforms (bsc#1202492). - commit 60e6173 - Linux 5.19.2 (bsc#1012628). - Revert "pNFS: nfs3_set_ds_client should set NFS_CS_NOPING" (bsc#1012628). - scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" (bsc#1012628). - pNFS/flexfiles: Report RDMA connection errors to the server (bsc#1012628). - nfsd: eliminate the NFSD_FILE_BREAK_* flags (bsc#1012628). - ALSA: usb-audio: Add quirk for Behringer UMC202HD (bsc#1012628). - ALSA: bcd2000: Fix a UAF bug on the error path of probing (bsc#1012628). - ALSA: hda/realtek: Add quirk for Clevo NV45PZ (bsc#1012628). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (bsc#1012628). - ALSA: hda/realtek: Add quirk for Lenovo Yoga9 14IAP7 (bsc#1012628). - ASoC: amd: yc: Update DMI table entries (bsc#1012628). - hwmon: (nct6775) Fix platform driver suspend regression (bsc#1012628). - wifi: mac80211_hwsim: fix race condition in pending packet (bsc#1012628). - wifi: mac80211_hwsim: add back erroneously removed cast (bsc#1012628). - wifi: mac80211_hwsim: use 32-bit skb cookie (bsc#1012628). - add barriers to buffer_uptodate and set_buffer_uptodate (bsc#1012628). - lockd: detect and reject lock arguments that overflow (bsc#1012628). - HID: hid-input: add Surface Go battery quirk (bsc#1012628). - HID: nintendo: Add missing array termination (bsc#1012628). - HID: wacom: Only report rotation for art pen (bsc#1012628). - HID: wacom: Don't register pad_input for touch switch (bsc#1012628). - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (bsc#1012628). - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (bsc#1012628). - KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 (bsc#1012628). - KVM: s390: pv: don't present the ecall interrupt twice (bsc#1012628). - KVM: Drop unused @gpa param from gfn=>pfn cache's __release_gpc() helper (bsc#1012628). - KVM: Put the extra pfn reference when reusing a pfn in the gpc cache (bsc#1012628). - KVM: Fully serialize gfn=>pfn cache refresh via mutex (bsc#1012628). - KVM: Fix multiple races in gfn=>pfn cache refresh (bsc#1012628). - KVM: Do not incorporate page offset into gfn=>pfn cache user address (bsc#1012628). - KVM: x86: Split kvm_is_valid_cr4() and export only the non-vendor bits (bsc#1012628). - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (bsc#1012628). - KVM: nVMX: Account for KVM reserved CR4 bits in consistency checks (bsc#1012628). - KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4 (bsc#1012628). - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (bsc#1012628). - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (bsc#1012628). - KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT (bsc#1012628). - KVM: SVM: Disable SEV-ES support if MMIO caching is disable (bsc#1012628). - KVM: x86: Tag kvm_mmu_x86_module_init() with __init (bsc#1012628). - KVM: x86/mmu: Fully re-evaluate MMIO caching when SPTE masks change (bsc#1012628). - KVM: x86: do not report preemption if the steal time cache is stale (bsc#1012628). - KVM: x86: revalidate steal time cache if MSR value changes (bsc#1012628). - KVM: x86/xen: Initialize Xen timer only once (bsc#1012628). - KVM: x86/xen: Stop Xen timer before changing IRQ (bsc#1012628). - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (bsc#1012628). - ALSA: hda/cirrus - support for iMac 12,1 model (bsc#1012628). - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (bsc#1012628). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (bsc#1012628). - LoongArch: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK (bsc#1012628). - tty: 8250: Add support for Brainboxes PX cards (bsc#1012628). - tty: vt: initialize unicode screen buffer (bsc#1012628). - vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1012628). - fs: Add missing umask strip in vfs_tmpfile (bsc#1012628). - thermal: sysfs: Fix cooling_device_stats_setup() error code path (bsc#1012628). - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (bsc#1012628). - fbcon: Fix accelerated fbdev scrolling while logo is still shown (bsc#1012628). - usbnet: Fix linkwatch use-after-free on disconnect (bsc#1012628). - usbnet: smsc95xx: Fix deadlock on runtime resume (bsc#1012628). - fix short copy handling in copy_mc_pipe_to_iter() (bsc#1012628). - crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak (bsc#1012628). - ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh() (bsc#1012628). - parisc: Fix device names in /proc/iomem (bsc#1012628). - parisc: Drop pa_swapper_pg_lock spinlock (bsc#1012628). - parisc: Check the return value of ioremap() in lba_driver_probe() (bsc#1012628). - parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode (bsc#1012628). - riscv:uprobe fix SR_SPIE set/clear handling (bsc#1012628). - riscv: lib: uaccess: fix CSR_STATUS SR_SUM bit (bsc#1012628). - dt-bindings: riscv: fix SiFive l2-cache's cache-sets (bsc#1012628). - riscv: dts: starfive: correct number of external interrupts (bsc#1012628). - RISC-V: cpu_ops_spinwait.c should include head.h (bsc#1012628). - RISC-V: Declare cpu_ops_spinwait in (bsc#1012628). - RISC-V: kexec: Fixup use of smp_processor_id() in preemptible context (bsc#1012628). - RISC-V: Fixup get incorrect user mode PC for kernel mode regs (bsc#1012628). - RISC-V: Fixup schedule out issue in machine_crash_shutdown() (bsc#1012628). - RISC-V: Add modules to virtual kernel memory layout dump (bsc#1012628). - RISC-V: Fix counter restart during overflow for RV32 (bsc#1012628). - RISC-V: Fix SBI PMU calls for RV32 (bsc#1012628). - RISC-V: Update user page mapping only once during start (bsc#1012628). - wireguard: selftests: set CONFIG_NONPORTABLE on riscv32 (bsc#1012628). - rtc: rx8025: fix 12/24 hour mode detection on RX-8035 (bsc#1012628). - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (bsc#1012628). - drm/shmem-helper: Add missing vunmap on error (bsc#1012628). - drm/vc4: hdmi: Disable audio if dmas property is present but empty (bsc#1012628). - drm/ingenic: Use the highest possible DMA burst size (bsc#1012628). - drm/fb-helper: Fix out-of-bounds access (bsc#1012628). - drm/hyperv-drm: Include framebuffer and EDID headers (bsc#1012628). - drm/dp/mst: Read the extended DPCD capabilities during system resume (bsc#1012628). - drm/nouveau: fix another off-by-one in nvbios_addr (bsc#1012628). - drm/nouveau: Don't pm_runtime_put_sync(), only pm_runtime_put_autosuspend() (bsc#1012628). - drm/nouveau/acpi: Don't print error when we get -EINPROGRESS from pm_runtime (bsc#1012628). - drm/nouveau/kms: Fix failure path for creating DP connectors (bsc#1012628). - drm/tegra: Fix vmapping of prime buffers (bsc#1012628). - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (bsc#1012628). - bpf: Fix KASAN use-after-free Read in compute_effective_progs (bsc#1012628). - btrfs: reject log replay if there is unsupported RO compat flag (bsc#1012628). - mtd: rawnand: arasan: Fix clock rate in NV-DDR (bsc#1012628). - mtd: rawnand: arasan: Update NAND bus clock instead of system clock (bsc#1012628). - um: Remove straying parenthesis (bsc#1012628). - um: seed rng using host OS rng (bsc#1012628). - iio: fix iio_format_avail_range() printing for none IIO_VAL_INT (bsc#1012628). - iio: light: isl29028: Fix the warning in isl29028_remove() (bsc#1012628). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1012628). - scsi: sg: Allow waiting for commands to complete on removed device (bsc#1012628). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1012628). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1012628). - soundwire: qcom: Check device status before reading devid (bsc#1012628). - ksmbd: fix memory leak in smb2_handle_negotiate (bsc#1012628). - ksmbd: prevent out of bound read for SMB2_TREE_CONNNECT (bsc#1012628). - ksmbd: prevent out of bound read for SMB2_WRITE (bsc#1012628). - ksmbd: fix use-after-free bug in smb2_tree_disconect (bsc#1012628). - ksmbd: fix heap-based overflow in set_ntacl_dacl() (bsc#1012628). - fuse: limit nsec (bsc#1012628). - fuse: ioctl: translate ENOSYS (bsc#1012628). - fuse: write inode in fuse_release() (bsc#1012628). - fuse: fix deadlock between atomic O_TRUNC and page invalidation (bsc#1012628). - serial: mvebu-uart: uart2 error bits clearing (bsc#1012628). - md-raid: destroy the bitmap after destroying the thread (bsc#1012628). - md-raid10: fix KASAN warning (bsc#1012628). - mbcache: don't reclaim used entries (bsc#1012628). - mbcache: add functions to delete entry if unused (bsc#1012628). - media: isl7998x: select V4L2_FWNODE to fix build error (bsc#1012628). - media: [PATCH] pci: atomisp_cmd: fix three missing checks on list iterator (bsc#1012628). - ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() (bsc#1012628). - powerpc: Restore CONFIG_DEBUG_INFO in defconfigs (bsc#1012628). - powerpc/64e: Fix early TLB miss with KUAP (bsc#1012628). - powerpc/fsl-pci: Fix Class Code of PCIe Root Port (bsc#1012628). - powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E (bsc#1012628). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1012628). - MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK (bsc#1012628). - coresight: Clear the connection field properly (bsc#1012628). - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (bsc#1012628). - USB: HCD: Fix URB giveback issue in tasklet function (bsc#1012628). - Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" (bsc#1012628). - ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC (bsc#1012628). - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (bsc#1012628). - usb: dwc3: gadget: refactor dwc3_repare_one_trb (bsc#1012628). - usb: dwc3: gadget: fix high speed multiplier setting (bsc#1012628). - netfilter: nf_tables: do not allow SET_ID to refer to another table (bsc#1012628). - netfilter: nf_tables: do not allow CHAIN_ID to refer to another table (bsc#1012628). - netfilter: nf_tables: do not allow RULE_ID to refer to another chain (bsc#1012628). - netfilter: nf_tables: upfront validation of data via nft_data_init() (bsc#1012628). - netfilter: nf_tables: disallow jump to implicit chain from set element (bsc#1012628). - netfilter: nf_tables: fix null deref due to zeroed list head (bsc#1012628). - epoll: autoremove wakers even more aggressively (bsc#1012628). - x86: Handle idle=nomwait cmdline properly for x86_idle (bsc#1012628). - arch: make TRACE_IRQFLAGS_NMI_SUPPORT generic (bsc#1012628). - arm64: kasan: do not instrument stacktrace.c (bsc#1012628). - arm64: stacktrace: use non-atomic __set_bit (bsc#1012628). - arm64: Do not forget syscall when starting a new thread (bsc#1012628). - arm64: fix oops in concurrently setting insn_emulation sysctls (bsc#1012628). - arm64: kasan: Revert "arm64: mte: reset the page tag in page->flags" (bsc#1012628). - arm64: errata: Remove AES hwcap for COMPAT tasks (bsc#1012628). - ext2: Add more validity checks for inode counts (bsc#1012628). - sched/fair: Introduce SIS_UTIL to search idle CPU based on sum of util_avg (bsc#1012628). - genirq: Don't return error on missing optional irq_request_resources() (bsc#1012628). - irqchip/mips-gic: Only register IPI domain when SMP is enabled (bsc#1012628). - genirq: GENERIC_IRQ_IPI depends on SMP (bsc#1012628). - sched/fair: fix case with reduced capacity CPU (bsc#1012628). - sched/core: Always flush pending blk_plug (bsc#1012628). - irqchip/mips-gic: Check the return value of ioremap() in gic_of_init() (bsc#1012628). - ARM: dts: imx6ul: add missing properties for sram (bsc#1012628). - ARM: dts: imx6ul: change operating-points to uint32-matrix (bsc#1012628). - ARM: dts: imx6ul: fix keypad compatible (bsc#1012628). - ARM: dts: imx6ul: fix csi node compatible (bsc#1012628). - ARM: dts: imx6ul: fix lcdif node compatible (bsc#1012628). - ARM: dts: imx6ul: fix qspi node compatible (bsc#1012628). - ARM: dts: BCM5301X: Add DT for Meraki MR26 (bsc#1012628). - ARM: dts: ux500: Fix Janice accelerometer mounting matrix (bsc#1012628). - ARM: dts: ux500: Fix Codina accelerometer mounting matrix (bsc#1012628). - ARM: dts: ux500: Fix Gavini accelerometer mounting matrix (bsc#1012628). - arm64: dts: qcom: timer should use only 32-bit size (bsc#1012628). - spi: synquacer: Add missing clk_disable_unprepare() (bsc#1012628). - ARM: OMAP2+: display: Fix refcount leak bug (bsc#1012628). - ARM: OMAP2+: pdata-quirks: Fix refcount leak bug (bsc#1012628). - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (bsc#1012628). - ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk (bsc#1012628). - ACPI: PM: save NVS memory for Lenovo G40-45 (bsc#1012628). - ACPI: LPSS: Fix missing check in register_device_clock() (bsc#1012628). - ARM: dts: qcom: sdx55: Fix the IRQ trigger type for UART (bsc#1012628). - arm64: dts: qcom: sc7280: Rename sar sensor labels (bsc#1012628). - arm64: dts: qcom: add missing AOSS QMP compatible fallback (bsc#1012628). - arm64: dts: qcom: ipq8074: fix NAND node name (bsc#1012628). - arm64: dts: allwinner: a64: orangepi-win: Fix LED node name (bsc#1012628). - ARM: shmobile: rcar-gen2: Increase refcount for new reference (bsc#1012628). - firmware: tegra: Fix error check return value of debugfs_create_file() (bsc#1012628). - hwmon: (dell-smm) Add Dell XPS 13 7390 to fan control whitelist (bsc#1012628). - PM: EM: convert power field to micro-Watts precision and align drivers (bsc#1012628). - ACPI: video: Use native backlight on Dell Inspiron N4010 (bsc#1012628). - hwmon: (sht15) Fix wrong assumptions in device remove callback (bsc#1012628). - PM: hibernate: defer device probing when resuming from hibernation (bsc#1012628). - selinux: fix memleak in security_read_state_kernel() (bsc#1012628). - selinux: Add boundary check in put_entry() (bsc#1012628). - io_uring: fix io_uring_cqe_overflow trace format (bsc#1012628). - kasan: test: Silence GCC 12 warnings (bsc#1012628). - wait: Fix __wait_event_hrtimeout for RT/DL tasks (bsc#1012628). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (bsc#1012628). - arm64: dts: renesas: beacon: Fix regulator node names (bsc#1012628). - spi: spi-altera-dfl: Fix an error handling path (bsc#1012628). - ARM: bcm: Fix refcount leak in bcm_kona_smc_init (bsc#1012628). - ACPI: processor/idle: Annotate more functions to live in cpuidle section (bsc#1012628). - ARM: dts: imx7d-colibri-emmc: add cpu1 supply (bsc#1012628). - ARM: dts: imx7-colibri: overhaul display/touch functionality (bsc#1012628). - ARM: dts: imx7-colibri: add usb dual-role switching using extcon (bsc#1012628). - ARM: dts: imx7-colibri: improve wake-up with gpio key (bsc#1012628). - ARM: dts: imx7-colibri: move aliases, chosen, extcon and gpio-keys (bsc#1012628). - ARM: dts: imx7-colibri-eval-v3: correct can controller comment (bsc#1012628). - soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values (bsc#1012628). - soc: amlogic: Fix refcount leak in meson-secure-pwrc.c (bsc#1012628). - arm64: dts: renesas: Fix thermal-sensors on single-zone sensors (bsc#1012628). - Revert "ARM: dts: imx6qdl-apalis: Avoid underscore in node name" (bsc#1012628). - x86/pmem: Fix platform-device leak in error path (bsc#1012628). - ARM: dts: ast2500-evb: fix board compatible (bsc#1012628). - ARM: dts: ast2600-evb: fix board compatible (bsc#1012628). - ARM: dts: ast2600-evb-a1: fix board compatible (bsc#1012628). - arm64: dts: mt8192: Fix idle-states nodes naming scheme (bsc#1012628). - arm64: dts: mt8192: Fix idle-states entry-method (bsc#1012628). - arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (bsc#1012628). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (bsc#1012628). - locking/lockdep: Fix lockdep_init_map_*() confusion (bsc#1012628). - arm64: dts: qcom: sc7180: Remove ipa_fw_mem node on trogdor (bsc#1012628). - soc: fsl: guts: machine variable might be unset (bsc#1012628). - spi: s3c64xx: constify fsd_spi_port_config (bsc#1012628). - block: fix infinite loop for invalid zone append (bsc#1012628). - arm64: dts: qcom: sdm845-akatsuki: Round down l22a regulator voltage (bsc#1012628). - ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg (bsc#1012628). - ARM: OMAP2+: Fix refcount leak in omapdss_init_of (bsc#1012628). - ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init (bsc#1012628). - arm64: dts: qcom: sdm630: disable GPU by default (bsc#1012628). - arm64: dts: qcom: sdm630: fix the qusb2phy ref clock (bsc#1012628). - arm64: dts: qcom: sdm630: fix gpu's interconnect path (bsc#1012628). - arm64: dts: qcom: sdm636-sony-xperia-ganges-mermaid: correct sdc2 pinconf (bsc#1012628). - cpufreq: zynq: Fix refcount leak in zynq_get_revision (bsc#1012628). - arm64: dts: renesas: r8a779m8: Drop operating points above 1.5 GHz (bsc#1012628). - arm64: dts: renesas: r9a07g054l2-smarc: Correct SoC name in comment (bsc#1012628). - regulator: qcom_smd: Fix pm8916_pldo range (bsc#1012628). - ACPI: APEI: Fix _EINJ vs EFI_MEMORY_SP (bsc#1012628). - ARM: dts: qcom: replace gcc PXO with pxo_board fixed clock (bsc#1012628). - ARM: dts: qcom-msm8974: fix irq type on blsp2_uart1 (bsc#1012628). - soc: qcom: ocmem: Fix refcount leak in of_get_ocmem (bsc#1012628). - soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register (bsc#1012628). - ARM: dts: qcom: msm8974: add required ranges to OCMEM (bsc#1012628). - ARM: dts: qcom: pm8841: add required thermal-sensor-cells (bsc#1012628). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (bsc#1012628). - lib: overflow: Do not define 64-bit tests on 32-bit (bsc#1012628). - stack: Declare {randomize_,}kstack_offset to fix Sparse warnings (bsc#1012628). - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node (bsc#1012628). - arm64: dts: qcom: msm8994: add required ranges to OCMEM (bsc#1012628). - perf/x86/intel: Fix PEBS memory access info encoding for ADL (bsc#1012628). - perf/x86/intel: Fix PEBS data source encoding for ADL (bsc#1012628). - arm64: dts: exynosautov9: correct spi11 pin names (bsc#1012628). - ACPI: VIOT: Fix ACS setup (bsc#1012628). - m68k: virt: Fix missing platform_device_unregister() on error in virt_platform_init() (bsc#1012628). - arm64: dts: qcom: sm6125: Move sdc2 pinctrl from seine-pdx201 to sm6125 (bsc#1012628). - arm64: dts: qcom: sm6125: Append -state suffix to pinctrl nodes (bsc#1012628). - arm64: dts: qcom: msm8996: correct #clock-cells for QMP PHY nodes (bsc#1012628). - arm64: dts: qcom: sc7280: drop PCIe PHY clock index (bsc#1012628). - arm64: dts: qcom: sm8250: add missing PCIe PHY clock-cells (bsc#1012628). - arm64: dts: mt7622: fix BPI-R64 WPS button (bsc#1012628). - arm64: tegra: Mark BPMP channels as no-memory-wc (bsc#1012628). - arm64: tegra: Fix SDMMC1 CD on P2888 (bsc#1012628). - arm64: dts: qcom: sc7280: fix PCIe clock reference (bsc#1012628). - erofs: wake up all waiters after z_erofs_lzma_head ready (bsc#1012628). - erofs: avoid consecutive detection for Highmem memory (bsc#1012628). - spi: Return deferred probe error when controller isn't yet available (bsc#1012628). - blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created (bsc#1012628). - spi: dw: Fix IP-core versions macro (bsc#1012628). - spi: Fix simplification of devm_spi_register_controller (bsc#1012628). - spi: tegra20-slink: fix UAF in tegra_slink_remove() (bsc#1012628). - hwmon: (sch56xx-common) Add DMI override table (bsc#1012628). - hwmon: (drivetemp) Add module alias (bsc#1012628). - blktrace: Trace remapped requests correctly (bsc#1012628). - PM: domains: Ensure genpd_debugfs_dir exists before remove (bsc#1012628). - dm writecache: return void from functions (bsc#1012628). - dm writecache: count number of blocks read, not number of read bios (bsc#1012628). - dm writecache: count number of blocks written, not number of write bios (bsc#1012628). - dm writecache: count number of blocks discarded, not number of discard bios (bsc#1012628). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (bsc#1012628). - soc: qcom: Make QCOM_RPMPD depend on PM (bsc#1012628). - soc: qcom: socinfo: Fix the id of SA8540P SoC (bsc#1012628). - arm64: dts: qcom: msm8998: Make regulator voltages multiple of step-size (bsc#1012628). - arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment (bsc#1012628). - ARM: dts: qcom: msm8974: Disable remoteprocs by default (bsc#1012628). - irqdomain: Report irq number for NOMAP domains (bsc#1012628). - perf: RISC-V: Add of_node_put() when breaking out of for_each_of_cpu_node() (bsc#1012628). - drivers/perf: arm_spe: Fix consistency of SYS_PMSCR_EL1.CX (bsc#1012628). - nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() (bsc#1012628). - sched: only perform capability check on privileged operation (bsc#1012628). - sched/numa: Initialise numa_migrate_retry (bsc#1012628). - x86/extable: Fix ex_handler_msr() print condition (bsc#1012628). - io_uring: move to separate directory (bsc#1012628). - io_uring: define a 'prep' and 'issue' handler for each opcode (bsc#1012628). - io_uring: Don't require reinitable percpu_ref (bsc#1012628). - selftests/seccomp: Fix compile warning when CC=clang (bsc#1012628). - thermal/tools/tmon: Include pthread and time headers in tmon.h (bsc#1012628). - tools/power turbostat: Fix file pointer leak (bsc#1012628). - dm: return early from dm_pr_call() if DM device is suspended (bsc#1012628). - pwm: sifive: Simplify offset calculation for PWMCMP registers (bsc#1012628). - pwm: sifive: Ensure the clk is enabled exactly once per running PWM (bsc#1012628). - pwm: sifive: Shut down hardware only after pwmchip_remove() completed (bsc#1012628). - pwm: lpc18xx: Fix period handling (bsc#1012628). - erofs: update ctx->pos for every emitted dirent (bsc#1012628). - dt-bindings: display: bridge: ldb: Fill in reg property (bsc#1012628). - drm/i915: remove unused GEM_DEBUG_DECL() and GEM_DEBUG_BUG_ON() (bsc#1012628). - drm/rockchip: vop2: unlock on error path in vop2_crtc_atomic_enable() (bsc#1012628). - drm: bridge: DRM_FSL_LDB should depend on ARCH_MXC (bsc#1012628). - drm/bridge: anx7625: Use DPI bus type (bsc#1012628). - drm/mgag200: Acquire I/O lock while reading EDID (bsc#1012628). - drm/meson: Fix refcount leak in meson_encoder_hdmi_init (bsc#1012628). - drm/dp: Export symbol / kerneldoc fixes for DP AUX bus (bsc#1012628). - drm/bridge: tc358767: Handle dsi_lanes == 0 as invalid (bsc#1012628). - drm/bridge: tc358767: Make sure Refclk clock are enabled (bsc#1012628). - ath10k: do not enforce interrupt trigger type (bsc#1012628). - ath11k: Fix warning on variable 'sar' dereference before check (bsc#1012628). - ath11k: Init hw_params before setting up AHB resources (bsc#1012628). - drm/edid: reset display info in drm_add_edid_modes() for NULL edid (bsc#1012628). - drm/bridge: lt9611: Use both bits for HDMI sensing (bsc#1012628). - drm/st7735r: Fix module autoloading for Okaya RH128128T (bsc#1012628). - drm/panel: Fix build error when CONFIG_DRM_PANEL_SAMSUNG_ATNA33XC20=y && CONFIG_DRM_DISPLAY_HELPER=m (bsc#1012628). - drm: bridge: adv7511: Move CEC definitions to adv7511_cec.c (bsc#1012628). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (bsc#1012628). - wifi: wilc1000: use correct sequence of RESET for chip Power-UP/Down (bsc#1012628). - ath11k: fix netdev open race (bsc#1012628). - ath11k: fix IRQ affinity warning on shutdown (bsc#1012628). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (bsc#1012628). - drm/ssd130x: Only define a SPI device ID table when built as a module (bsc#1012628). - selftests/bpf: Fix test_run logic in fexit_stress.c (bsc#1012628). - sample: bpf: xdp_router_ipv4: Allow the kernel to send arp requests (bsc#1012628). - selftests/bpf: Fix tc_redirect_dtime (bsc#1012628). - libbpf: Fix is_pow_of_2 (bsc#1012628). - ath11k: fix missing skb drop on htc_tx_completion error (bsc#1012628). - ath11k: Fix incorrect debug_mask mappings (bsc#1012628). - ath11k: Avoid REO CMD failed prints during firmware recovery (bsc#1012628). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (bsc#1012628). - drm/mediatek: Modify dsi funcs to atomic operations (bsc#1012628). - drm/mediatek: Separate poweron/poweroff from enable/disable and define new funcs (bsc#1012628). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (bsc#1012628). - drm/meson: encoder_cvbs: Fix refcount leak in meson_encoder_cvbs_init (bsc#1012628). - drm/meson: encoder_hdmi: Fix refcount leak in meson_encoder_hdmi_init (bsc#1012628). - drm/bridge: lt9611uxc: Cancel only driver's work (bsc#1012628). - drm/amdgpu: fix scratch register access method in SRIOV (bsc#1012628). - drm/amdgpu/display: Prepare for new interfaces (bsc#1012628). - i2c: npcm: Remove own slave addresses 2:10 (bsc#1012628). - i2c: npcm: Correct slave role behavior (bsc#1012628). - i2c: mxs: Silence a clang warning (bsc#1012628). - virtio-gpu: fix a missing check to avoid NULL dereference (bsc#1012628). - drm/virtio: Fix NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1012628). - libbpf: Fix uprobe symbol file offset calculation logic (bsc#1012628). - drm: adv7511: override i2c address of cec before accessing it (bsc#1012628). - crypto: sun8i-ss - fix error codes in allocate_flows() (bsc#1012628). - crypto: sun8i-ss - Fix error codes for dma_mapping_error() (bsc#1012628). - crypto: sun8i-ss - fix a NULL vs IS_ERR() check in sun8i_ss_hashkey (bsc#1012628). - net: fix sk_wmem_schedule() and sk_rmem_schedule() errors (bsc#1012628). - can: netlink: allow configuring of fixed bit rates without need for do_set_bittiming callback (bsc#1012628). - drm/vkms: check plane_composer->map[0] before using it (bsc#1012628). - can: netlink: allow configuring of fixed data bit rates without need for do_set_data_bittiming callback (bsc#1012628). - drm/bridge: anx7625: Zero error variable when panel bridge not present (bsc#1012628). - drm/bridge: it6505: Add missing CRYPTO_HASH dependency (bsc#1012628). - i2c: Fix a potential use after free (bsc#1012628). - libbpf: Fix internal USDT address translation logic for shared libraries (bsc#1012628). - selftests/bpf: Don't force lld on non-x86 architectures (bsc#1012628). - tcp: fix possible freeze in tx path under memory pressure (bsc#1012628). - crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs() (bsc#1012628). - net: ag71xx: fix discards 'const' qualifier warning (bsc#1012628). - ping: convert to RCU lookups, get rid of rwlock (bsc#1012628). - raw: use more conventional iterators (bsc#1012628). - raw: convert raw sockets to RCU (bsc#1012628). - raw: Fix mixed declarations error in raw_icmp_error() (bsc#1012628). - media: atmel: atmel-sama7g5-isc: fix warning in configs without OF (bsc#1012628). - media: camss: csid: fix wrong size passed to devm_kmalloc_array() (bsc#1012628). - media: tw686x: Register the irq at the end of probe (bsc#1012628). - media: amphion: return error if format is unsupported by vpu (bsc#1012628). - media: Hantro: Correct G2 init qp field (bsc#1012628). - media: imx-jpeg: Correct some definition according specification (bsc#1012628). - media: imx-jpeg: Leave a blank space before the configuration data (bsc#1012628). - media: imx-jpeg: Align upwards buffer size (bsc#1012628). - media: imx-jpeg: Implement drain using v4l2-mem2mem helpers (bsc#1012628). - media: rcar-vin: Fix channel routing for Ebisu (bsc#1012628). - wifi: mac80211: set STA deflink addresses (bsc#1012628). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (bsc#1012628). - wifi: rtw89: 8852a: rfk: fix div 0 exception (bsc#1012628). - drm/radeon: fix incorrrect SPDX-License-Identifiers (bsc#1012628). - drm/amd: Don't show warning on reading vbios values for SMU13 3.1 (bsc#1012628). - drm/amdkfd: correct sdma queue number of sdma 6.0.1 (bsc#1012628). - torture: Adjust to again produce debugging information (bsc#1012628). - rcutorture: Fix ksoftirqd boosting timing and iteration (bsc#1012628). - test_bpf: fix incorrect netdev features (bsc#1012628). - drm/display: Fix build error without CONFIG_OF (bsc#1012628). - selftests/bpf: Fix rare segfault in sock_fields prog test (bsc#1012628). - crypto: ccp - During shutdown, check SEV data pointer before using (bsc#1012628). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (bsc#1012628). - media: imx-jpeg: Disable slot interrupt when frame done (bsc#1012628). - media: amphion: output firmware error message (bsc#1012628). - drm/mcde: Fix refcount leak in mcde_dsi_bind (bsc#1012628). - media: hdpvr: fix error value returns in hdpvr_read (bsc#1012628). - media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set (bsc#1012628). - media: sta2x11: remove VIRT_TO_BUS dependency (bsc#1012628). - media: mediatek: vcodec: Initialize decoder parameters after getting dec_capability (bsc#1012628). - media: mediatek: vcodec: Skip SOURCE_CHANGE & EOS events for stateless (bsc#1012628). - media: driver/nxp/imx-jpeg: fix a unexpected return value problem (bsc#1012628). - media: tw686x: Fix memory leak in tw686x_video_init (bsc#1012628). - media: mediatek: vcodec: Fix non subdev architecture open power fail (bsc#1012628). - drm/vc4: kms: Use maximum FIFO load for the HVS clock rate (bsc#1012628). - drm/vc4: plane: Remove subpixel positioning check (bsc#1012628). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (bsc#1012628). - drm/vc4: dsi: Release workaround buffer and DMA (bsc#1012628). - drm/vc4: dsi: Correct DSI divider calculations (bsc#1012628). - drm/vc4: dsi: Correct pixel order for DSI0 (bsc#1012628). - drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type (bsc#1012628). - drm/vc4: dsi: Fix dsi0 interrupt support (bsc#1012628). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (bsc#1012628). - drm/vc4: hdmi: Add all the vc5 HDMI registers into the debugfs dumps (bsc#1012628). - drm/vc4: hdmi: Clear unused infoframe packet RAM registers (bsc#1012628). - drm/vc4: hdmi: Avoid full hdmi audio fifo writes (bsc#1012628). - drm/vc4: hdmi: Reset HDMI MISC_CONTROL register (bsc#1012628). - drm/vc4: hdmi: Switch to pm_runtime_status_suspended (bsc#1012628). - drm/vc4: hdmi: Move HDMI reset to pm_resume (bsc#1012628). - drm/vc4: hdmi: Fix timings for interlaced modes (bsc#1012628). - drm/vc4: hdmi: Force modeset when bpc or format changes (bsc#1012628). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (bsc#1012628). - drm/vc4: hdmi: Move pixel doubling from Pixelvalve to HDMI block (bsc#1012628). - mm: Account dirty folios properly during splits (bsc#1012628). - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (bsc#1012628). - selftests/xsk: Destroy BPF resources only when ctx refcount drops to 0 (bsc#1012628). - net: dsa: felix: update base time of time-aware shaper when adjusting PTP time (bsc#1012628). - net: dsa: felix: keep reference on entire tc-taprio config (bsc#1012628). - net: dsa: felix: drop oversized frames with tc-taprio instead of hanging the port (bsc#1012628). - selftests: net: fib_rule_tests: fix support for running individual tests (bsc#1012628). - drm/rockchip: vop: Don't crash for invalid duplicate_state() (bsc#1012628). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (bsc#1012628). - drm/mediatek: dpi: Remove output format of YUV (bsc#1012628). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (bsc#1012628). - drm/msm/dpu: move intf and wb assignment to dpu_encoder_setup_display() (bsc#1012628). - drm/msm/dpu: fix maxlinewidth for writeback block (bsc#1012628). - drm/msm/dpu: remove hard-coded linewidth limit for writeback (bsc#1012628). - drm/msm/hdmi: fill the pwr_regs bulk regulators (bsc#1012628). - drm: bridge: sii8620: fix possible off-by-one (bsc#1012628). - drm/msm: Fix fence rollover issue (bsc#1012628). - net: sched: provide shim definitions for taprio_offload_{get,free} (bsc#1012628). - net: dsa: felix: build as module when tc-taprio is module (bsc#1012628). - hinic: Use the bitmap API when applicable (bsc#1012628). - net: hinic: fix bug that ethtool get wrong stats (bsc#1012628). - net: hinic: avoid kernel hung in hinic_get_stats64() (bsc#1012628). - drm/bridge: anx7625: Fix NULL pointer crash when using edp-panel (bsc#1012628). - drm/msm: Avoid unclocked GMU register access in 6xx gpu_busy (bsc#1012628). - libbpf, riscv: Use a0 for RC register (bsc#1012628). - drm/msm/mdp5: Fix global state lock backoff (bsc#1012628). - drm/radeon: avoid bogus "vram limit (0) must be a power of 2" warning (bsc#1012628). - crypto: hisilicon/sec - don't sleep when in softirq (bsc#1012628). - crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq (bsc#1012628). - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment (bsc#1012628). - media: amphion: release core lock before reset vpu core (bsc#1012628). - drm/msm/dpu: Fix for non-visible planes (bsc#1012628). - media: atomisp: revert "don't pass a pointer to a local variable" (bsc#1012628). - media: mediatek: vcodec: decoder: Fix 4K frame size enumeration (bsc#1012628). - media: mediatek: vcodec: decoder: Fix resolution clamping in TRY_FMT (bsc#1012628). - media: mediatek: vcodec: decoder: Skip alignment for default resolution (bsc#1012628). - media: mediatek: vcodec: decoder: Drop max_{width,height} from mtk_vcodec_ctx (bsc#1012628). - media: mediatek: vcodec: Initialize decoder parameters for each instance (bsc#1012628). - media: amphion: defer setting last_buffer_dequeued until resolution changes are processed (bsc#1012628). - media: hantro: Be more accurate on pixel formats step_width constraints (bsc#1012628). - media: hantro: Fix RK3399 H.264 format advertising (bsc#1012628). - media: amphion: sync buffer status with firmware during abort (bsc#1012628). - media: amphion: only insert the first sequence startcode for vc1l format (bsc#1012628). - mt76: mt7915: fix endianness in mt7915_rf_regval_get (bsc#1012628). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (bsc#1012628). - mt76: mt7915: fix endian bug in mt7915_rf_regval_set() (bsc#1012628). - mt76: mt7921s: fix firmware download random fail (bsc#1012628). - mt76: mt7921: not support beacon offload disable command (bsc#1012628). - wifi: mac80211: reject WEP or pairwise keys with key ID > 3 (bsc#1012628). - wifi: cfg80211: do some rework towards MLO link APIs (bsc#1012628). - wifi: mac80211: move some future per-link data to bss_conf (bsc#1012628). - mt76: mt7615: do not update pm stats in case of error (bsc#1012628). - mt76: mt7921: do not update pm states in case of error (bsc#1012628). - mt76: mt7921s: fix possible sdio deadlock in command fail (bsc#1012628). - mt76: mt7921: fix aggregation subframes setting to HE max (bsc#1012628). - mt76: mt7921: enlarge maximum VHT MPDU length to 11454 (bsc#1012628). - mt76: mt7921: rely on mt76_dev in mt7921_mac_write_txwi signature (bsc#1012628). - mt76: mt7915: rely on mt76_dev in mt7915_mac_write_txwi signature (bsc#1012628). - mt76: connac: move mac connac2 defs in mt76_connac2_mac.h (bsc#1012628). - mt76: connac: move connac2_mac_write_txwi in mt76_connac module (bsc#1012628). - mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (bsc#1012628). - mt76: mt7615: fix throughput regression on DFS channels (bsc#1012628). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (bsc#1012628). - mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node() (bsc#1012628). - skmsg: Fix invalid last sg check in sk_msg_recvmsg() (bsc#1012628). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (bsc#1012628). - bpf, x64: Add predicate for bpf2bpf with tailcalls support in JIT (bsc#1012628). - bpf, x86: fix freeing of not-finalized bpf_prog_pack (bsc#1012628). - tcp: make retransmitted SKB fit into the send window (bsc#1012628). - libbpf: Fix the name of a reused map (bsc#1012628). - kunit: executor: Fix a memory leak on failure in kunit_filter_tests (bsc#1012628). - selftests: timers: valid-adjtimex: build fix for newer toolchains (bsc#1012628). - selftests: timers: clocksource-switch: fix passing errors from child (bsc#1012628). - bpf: Fix subprog names in stack traces (bsc#1012628). - wifi: nl80211: acquire wdev mutex for dump_survey (bsc#1012628). - media: v4l: async: Also match secondary fwnode endpoints (bsc#1012628). - media: ov7251: add missing disable functions on error in ov7251_set_power_on() (bsc#1012628). - fs: check FMODE_LSEEK to control internal pipe splicing (bsc#1012628). - media: cedrus: h265: Fix flag name (bsc#1012628). - media: uapi: HEVC: Change pic_order_cnt definition in v4l2_hevc_dpb_entry (bsc#1012628). - media: cedrus: h265: Fix logic for not low delay flag (bsc#1012628). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (bsc#1012628). - wifi: p54: Fix an error handling path in p54spi_probe() (bsc#1012628). - wifi: p54: add missing parentheses in p54_flush() (bsc#1012628). - drm/amdgpu: use the same HDP flush registers for all nbio 7.4.x (bsc#1012628). - drm/amdgpu: use the same HDP flush registers for all nbio 2.3.x (bsc#1012628). - drm/amdgpu: restore original stable pstate on ctx fini (bsc#1012628). - bpf: fix potential 32-bit overflow when accessing ARRAY map element (bsc#1012628). - libbpf: make RINGBUF map size adjustments more eagerly (bsc#1012628). - selftests/bpf: fix a test for snprintf() overflow (bsc#1012628). - libbpf: fix an snprintf() overflow check (bsc#1012628). - can: pch_can: do not report txerr and rxerr during bus-off (bsc#1012628). - can: rcar_can: do not report txerr and rxerr during bus-off (bsc#1012628). - can: sja1000: do not report txerr and rxerr during bus-off (bsc#1012628). - can: hi311x: do not report txerr and rxerr during bus-off (bsc#1012628). - can: sun4i_can: do not report txerr and rxerr during bus-off (bsc#1012628). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (bsc#1012628). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (bsc#1012628). - can: usb_8dev: do not report txerr and rxerr during bus-off (bsc#1012628). - can: error: specify the values of data[5..7] of CAN error frames (bsc#1012628). - libbpf: Fix str_has_sfx()'s return value (bsc#1012628). - can: pch_can: pch_can_error(): initialize errc before using it (bsc#1012628). - Bluetooth: hci_intel: Add check for platform_driver_register (bsc#1012628). - Bluetooth: When HCI work queue is drained, only queue chained work (bsc#1012628). - Bluetooth: mgmt: Fix refresh cached connection info (bsc#1012628). - Bluetooth: hci_sync: Fix resuming scan after suspend resume (bsc#1012628). - Bluetooth: hci_sync: Fix not updating privacy_mode (bsc#1012628). - Bluetooth: Add default wakeup callback for HCI UART driver (bsc#1012628). - i2c: cadence: Support PEC for SMBus block read (bsc#1012628). - i2c: qcom-geni: Use the correct return value (bsc#1012628). - btrfs: update stripe_sectors::uptodate in steal_rbio (bsc#1012628). - ip_tunnels: Add new flow flags field to ip_tunnel_key (bsc#1012628). - bpf: Set flow flag to allow any source IP in bpf_tunnel_key (bsc#1012628). - bpf: Fix bpf_xdp_pointer return pointer (bsc#1012628). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (bsc#1012628). - wifi: ath11k: Fix register write failure on QCN9074 (bsc#1012628). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (bsc#1012628). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (bsc#1012628). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (bsc#1012628). - media: cedrus: hevc: Add check for invalid timestamp (bsc#1012628). - hantro: Remove incorrect HEVC SPS validation (bsc#1012628). - drm/amd/display: fix signedness bug in execute_synaptics_rc_command() (bsc#1012628). - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (bsc#1012628). - net/mlx5e: TC, Fix post_act to not match on in_port metadata (bsc#1012628). - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (bsc#1012628). - net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ size (bsc#1012628). - net/mlx5e: Fix calculations related to max MPWQE size (bsc#1012628). - net/mlx5e: Modify slow path rules to go to slow fdb (bsc#1012628). - net/mlx5: Adjust log_max_qp to be 18 at most (bsc#1012628). - net/mlx5: DR, Fix SMFS steering info dump format (bsc#1012628). - net/mlx5: Fix driver use of uninitialized timeout (bsc#1012628). - ax25: fix incorrect dev_tracker usage (bsc#1012628). - crypto: hisilicon/hpre - don't use GFP_KERNEL to alloc mem during softirq (bsc#1012628). - crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of (bsc#1012628). - crypto: hisilicon/sec - fix auth key size error (bsc#1012628). - net: allow unbound socket for packets in VRF when tcp_l3mdev_accept set (bsc#1012628). - netdevsim: fib: Fix reference count leak on route deletion failure (bsc#1012628). - wifi: rtw88: check the return value of alloc_workqueue() (bsc#1012628). - iavf: Fix max_rate limiting (bsc#1012628). - iavf: Fix 'tc qdisc show' listing too many queues (bsc#1012628). - netdevsim: Avoid allocation warnings triggered from user space (bsc#1012628). - net: rose: fix netdev reference changes (bsc#1012628). - net: ice: fix error NETIF_F_HW_VLAN_CTAG_FILTER check in ice_vsi_sync_fltr() (bsc#1012628). - net: ionic: fix error check for vlan flags in ionic_set_nic_features() (bsc#1012628). - dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock (bsc#1012628). - net: usb: make USB_RTL8153_ECM non user configurable (bsc#1012628). - net/mlx5e: xsk: Discard unaligned XSK frames on striding RQ (bsc#1012628). - wireguard: ratelimiter: use hrtimer in selftest (bsc#1012628). - wireguard: allowedips: don't corrupt stack when detecting overflow (bsc#1012628). - HID: amd_sfh: Don't show client init failed as error when discovery fails (bsc#1012628). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (bsc#1012628). - mtd: maps: Fix refcount leak in of_flash_probe_versatile (bsc#1012628). - mtd: maps: Fix refcount leak in ap_flash_init (bsc#1012628). - mtd: rawnand: meson: Fix a potential double free issue (bsc#1012628). - clk: renesas: rzg2l: Fix reset status function (bsc#1012628). - of: check previous kernel's ima-kexec-buffer against memory bounds (bsc#1012628). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1012628). - scsi: qla2xxx: edif: bsg refactor (bsc#1012628). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1012628). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1012628). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1012628). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1012628). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1012628). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1012628). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1012628). - KVM: SVM: Unwind "speculative" RIP advancement if INTn injection "fails" (bsc#1012628). - KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (bsc#1012628). - KVM: x86/mmu: Drop RWX=0 SPTEs during ept_sync_page() (bsc#1012628). - phy: samsung: exynosautov9-ufs: correct TSRV register configurations (bsc#1012628). - PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains() (bsc#1012628). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (bsc#1012628). - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (bsc#1012628). - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (bsc#1012628). - mtd: partitions: Fix refcount leak in parse_redboot_of (bsc#1012628). - mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset (bsc#1012628). - mtd: spear_smi: Don't skip cleanup after mtd_device_unregister() failed (bsc#1012628). - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (bsc#1012628). - mtd: spear_smi: Drop if with an always false condition (bsc#1012628). - mtd: st_spi_fsm: Warn about failure to unregister mtd device (bsc#1012628). - mtd: st_spi_fsm: Disable clock only after device was unregistered (bsc#1012628). - PCI: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (bsc#1012628). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (bsc#1012628). - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (bsc#1012628). - usb: cdns3: fix random warning message when driver load (bsc#1012628). - usb: gadget: uvc: Fix comment blocks style (bsc#1012628). - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (bsc#1012628). - usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init() (bsc#1012628). - usbip: vudc: Don't enable IRQs prematurely (bsc#1012628). - usb: host: ohci-at91: add support to enter suspend using SMC (bsc#1012628). - usb: xhci: tegra: Fix error check (bsc#1012628). - dmaengine: dw: dmamux: Export the module device table (bsc#1012628). - dmaengine: dw: dmamux: Fix build without CONFIG_OF (bsc#1012628). - netfilter: xtables: Bring SPDX identifier back (bsc#1012628). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1012628). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1012628). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1012628). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1012628). - scsi: qla2xxx: edif: Fix session thrash (bsc#1012628). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1012628). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1012628). - iio: accel: bma400: Fix the scale min and max macro values (bsc#1012628). - platform/chrome: cros_ec: Always expose last resume result (bsc#1012628). - iio: sx9324: Fix register field spelling (bsc#1012628). - iio: accel: bma400: Reordering of header files (bsc#1012628). - iio: accel: bma400: conversion to device-managed function (bsc#1012628). - iio: accel: bma400: Add triggered buffer support (bsc#1012628). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (bsc#1012628). - iio: accel: adxl313: Fix alignment for DMA safety (bsc#1012628). - iio: accel: adxl355: Fix alignment for DMA safety (bsc#1012628). - iio: accel: adxl367: Fix alignment for DMA safety (bsc#1012628). - iio: accel: bma220: Fix alignment for DMA safety (bsc#1012628). - iio: accel: sca3000: Fix alignment for DMA safety (bsc#1012628). - iio: accel: sca3300: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ad7266: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ad7280a: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ad7292: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ad7298: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ad7476: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ad7606: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ad7766: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ad7768-1: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ad7887: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ad7923: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ad7949: Fix alignment for DMA safety (bsc#1012628). - iio: adc: hi8435: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ltc2496: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ltc2497: Fix alignment for DMA safety (bsc#1012628). - iio: adc: max1027: Fix alignment for DMA safety (bsc#1012628). - iio: adc: max11100: Fix alignment for DMA safety (bsc#1012628). - iio: adc: max1118: Fix alignment for DMA safety (bsc#1012628). - iio: adc: max1241: Fix alignment for DMA safety (bsc#1012628). - iio: adc: mcp320x: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-adc0832: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-adc108s102: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-adc12138: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-ads131e08: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-ads7950: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-ads8344: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-ads8688: Fix alignment for DMA safety (bsc#1012628). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (bsc#1012628). - iio: addac: ad74413r: Fix alignment for DMA safety (bsc#1012628). - iio: amplifiers: ad8366: Fix alignment for DMA safety (bsc#1012628). - iio: common: ssp: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5064: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5360: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5421: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5449: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5504: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5592r: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5686: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5755: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5761: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5764: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5766: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5770r: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad5791: Fix alignment for DMA saftey (bsc#1012628). - iio: dac: ad7293: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad7303: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ad8801: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ltc2688: Fix alignment for DMA safety (bsc#1012628). - iio: dac: mcp4922: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ti-dac5571: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ti-dac7311: Fix alignment for DMA safety (bsc#1012628). - iio: dac: ti-dac7612: Fix alignment for DMA safety (bsc#1012628). - iio: frequency: ad9523: Fix alignment for DMA safety (bsc#1012628). - iio: frequency: adf4350: Fix alignment for DMA safety (bsc#1012628). - iio: frequency: adf4371: Fix alignment for DMA safety (bsc#1012628). - iio: frequency: admv1013: Fix alignment for DMA safety (bsc#1012628). - iio: frequency: admv1014: Fix alignment for DMA safety (bsc#1012628). - iio: frequency: admv4420: Fix alignment for DMA safety (bsc#1012628). - iio: frequency: adrf6780: Fix alignment for DMA safety (bsc#1012628). - iio: gyro: adis16080: Fix alignment for DMA safety (bsc#1012628). - iio: gyro: adis16130: Fix alignment for DMA safety (bsc#1012628). - iio: gyro: adxrs450: Fix alignment for DMA safety (bsc#1012628). - iio: gyro: fxas210002c: Fix alignment for DMA safety (bsc#1012628). - iio: imu: fxos8700: Fix alignment for DMA safety (bsc#1012628). - iio: imu: inv_icm42600: Fix alignment for DMA safety (bsc#1012628). - iio: imu: inv_icm42600: Fix alignment for DMA safety in buffer code (bsc#1012628). - iio: imu: mpu6050: Fix alignment for DMA safety (bsc#1012628). - iio: potentiometer: ad5110: Fix alignment for DMA safety (bsc#1012628). - iio: potentiometer: ad5272: Fix alignment for DMA safety (bsc#1012628). - iio: potentiometer: max5481: Fix alignment for DMA safety (bsc#1012628). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (bsc#1012628). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (bsc#1012628). - iio: proximity: as3935: Fix alignment for DMA safety (bsc#1012628). - iio: resolver: ad2s1200: Fix alignment for DMA safety (bsc#1012628). - iio: resolver: ad2s90: Fix alignment for DMA safety (bsc#1012628). - iio: temp: ltc2983: Fix alignment for DMA safety (bsc#1012628). - iio: temp: max31865: Fix alignment for DMA safety (bsc#1012628). - iio: temp: maxim_thermocouple: Fix alignment for DMA safety (bsc#1012628). - clk: mediatek: reset: Fix written reset bit offset (bsc#1012628). - clk: imx93: use adc_root as the parent clock of adc1 (bsc#1012628). - clk: imx93: correct nic_media parent (bsc#1012628). - clk: imx: clk-fracn-gppll: fix mfd value (bsc#1012628). - clk: imx: clk-fracn-gppll: Return rate in rate table properly in ->recalc_rate() (bsc#1012628). - clk: imx: clk-fracn-gppll: correct rdiv (bsc#1012628). - RDMA/rxe: fix xa_alloc_cycle() error return value check again (bsc#1012628). - lib/test_hmm: avoid accessing uninitialized pages (bsc#1012628). - mm/memremap: fix memunmap_pages() race with get_dev_pagemap() (bsc#1012628). - KVM: Don't set Accessed/Dirty bits for ZERO_PAGE (bsc#1012628). - KVM: selftests: Convert s390x/diag318_test_handler away from VCPU_ID (bsc#1012628). - KVM: selftests: Use vm_create_with_vcpus() in max_guest_memory_test (bsc#1012628). - devcoredump: remove the useless gfp_t parameter in dev_coredumpv and dev_coredumpm (bsc#1012628). - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (bsc#1012628). - scsi: iscsi: Allow iscsi_if_stop_conn() to be called from kernel (bsc#1012628). - scsi: iscsi: Add helper to remove a session from the kernel (bsc#1012628). - scsi: iscsi: Fix session removal on shutdown (bsc#1012628). - dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction semantics (bsc#1012628). - KVM: x86: Fix errant brace in KVM capability handling (bsc#1012628). - mtd: hyperbus: rpc-if: Fix RPM imbalance in probe error path (bsc#1012628). - mtd: dataflash: Add SPI ID table (bsc#1012628). - clk: qcom: camcc-sm8250: Fix halt on boot by reducing driver's init level (bsc#1012628). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (bsc#1012628). - driver core: fix potential deadlock in __driver_attach (bsc#1012628). - clk: qcom: clk-krait: unlock spin after mux completion (bsc#1012628). - coresight: configfs: Fix unload of configurations on module exit (bsc#1012628). - coresight: syscfg: Update load and unload operations (bsc#1012628). - usb: gadget: f_mass_storage: Make CD-ROM emulation works with Windows OS (bsc#1012628). - clk: qcom: gcc-msm8939: Add missing SYSTEM_MM_NOC_BFDCD_CLK_SRC (bsc#1012628). - clk: qcom: gcc-msm8939: Fix bimc_ddr_clk_src rcgr base address (bsc#1012628). - clk: qcom: gcc-msm8939: Add missing system_mm_noc_bfdcd_clk_src (bsc#1012628). - clk: qcom: gcc-msm8939: Point MM peripherals to system_mm_noc clock (bsc#1012628). - usb: host: xhci: use snprintf() in xhci_decode_trb() (bsc#1012628). - RDMA/rxe: Add a responder state for atomic reply (bsc#1012628). - RDMA/rxe: Fix deadlock in rxe_do_local_ops() (bsc#1012628). - clk: qcom: ipq8074: fix NSS core PLL-s (bsc#1012628). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (bsc#1012628). - clk: qcom: ipq8074: fix NSS port frequency tables (bsc#1012628). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (bsc#1012628). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (bsc#1012628). - clk: qcom: camcc-sm8250: Fix topology around titan_top power domain (bsc#1012628). - clk: qcom: clk-rcg2: Fail Duty-Cycle configuration if MND divider is not enabled (bsc#1012628). - clk: qcom: clk-rcg2: Make sure to not write d=0 to the NMD register (bsc#1012628). - kernfs: fix potential NULL dereference in __kernfs_remove (bsc#1012628). - mm: rmap: use the correct parameter name for DEFINE_PAGE_VMA_WALK (bsc#1012628). - mm/migration: return errno when isolate_huge_page failed (bsc#1012628). - mm/migration: fix potential pte_unmap on an not mapped pte (bsc#1012628). - mm: introduce clear_highpage_kasan_tagged (bsc#1012628). - kasan: fix zeroing vmalloc memory with HW_TAGS (bsc#1012628). - mm/mempolicy: fix get_nodes out of bound access (bsc#1012628). - phy: ti: tusb1210: Don't check for write errors when powering on (bsc#1012628). - phy: rockchip-inno-usb2: Sync initial otg state (bsc#1012628). - PCI: dwc: Stop link on host_init errors and de-initialization (bsc#1012628). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (bsc#1012628). - PCI: dwc: Disable outbound windows only for controllers using iATU (bsc#1012628). - PCI: dwc: Set INCREASE_REGION_SIZE flag based on limit address (bsc#1012628). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (bsc#1012628). - PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" exists (bsc#1012628). - soundwire: bus_type: fix remove and shutdown support (bsc#1012628). - soundwire: revisit driver bind/unbind and callbacks (bsc#1012628). - KVM: arm64: Don't return from void function (bsc#1012628). - dmaengine: sf-pdma: Add multithread support for a DMA channel (bsc#1012628). - PCI: endpoint: Don't stop controller when unbinding endpoint function (bsc#1012628). - phy: qcom-qmp: fix the QSERDES_V5_COM_CMN_MODE register (bsc#1012628). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1012628). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1012628). - intel_th: Fix a resource leak in an error handling path (bsc#1012628). - intel_th: msu-sink: Potential dereference of null pointer (bsc#1012628). - intel_th: msu: Fix vmalloced buffers (bsc#1012628). - binder: fix redefinition of seq_file attributes (bsc#1012628). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (bsc#1012628). - rtla/utils: Use calloc and check the potential memory allocation failure (bsc#1012628). - habanalabs: fix double unlock on error in map_device_va() (bsc#1012628). - dt-bindings: mmc: sdhci-msm: Fix issues in yaml bindings (bsc#1012628). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (bsc#1012628). - mmc: mxcmmc: Silence a clang warning (bsc#1012628). - mmc: renesas_sdhi: Get the reset handle early in the probe (bsc#1012628). - memstick/ms_block: Fix some incorrect memory allocation (bsc#1012628). - memstick/ms_block: Fix a memory leak (bsc#1012628). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (bsc#1012628). - of: device: Fix missing of_node_put() in of_dma_set_restricted_buffer (bsc#1012628). - mmc: block: Add single read for 4k sector cards (bsc#1012628). - KVM: s390: pv: leak the topmost page table when destroy fails (bsc#1012628). - PCI/portdrv: Don't disable AER reporting in get_port_device_capability() (bsc#1012628). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (bsc#1012628). - scsi: smartpqi: Fix DMA direction for RAID requests (bsc#1012628). - xtensa: iss/network: provide release() callback (bsc#1012628). - xtensa: iss: fix handling error cases in iss_net_configure() (bsc#1012628). - usb: gadget: udc: amd5536 depends on HAS_DMA (bsc#1012628). - usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() (bsc#1012628). - usb: dwc3: core: Deprecate GCTL.CORESOFTRESET (bsc#1012628). - usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup (bsc#1012628). - usb: dwc3: qcom: fix missing optional irq warnings (bsc#1012628). - eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write() (bsc#1012628). - phy: stm32: fix error return in stm32_usbphyc_phy_init (bsc#1012628). - phy: rockchip-inno-usb2: Ignore OTG IRQs in host mode (bsc#1012628). - interconnect: imx: fix max_node_id (bsc#1012628). - KVM: arm64: Fix hypervisor address symbolization (bsc#1012628). - um: random: Don't initialise hwrng struct with zero (bsc#1012628). - mm: percpu: use kmemleak_ignore_phys() instead of kmemleak_free() (bsc#1012628). - RDMA/irdma: Fix a window for use-after-free (bsc#1012628). - RDMA/irdma: Fix VLAN connection with wildcard address (bsc#1012628). - RDMA/irdma: Fix setting of QP context err_rq_idx_valid field (bsc#1012628). - RDMA/rtrs-srv: Fix modinfo output for stringify (bsc#1012628). - RDMA/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (bsc#1012628). - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (bsc#1012628). - RDMA/hns: Fix incorrect clearing of interrupt status register (bsc#1012628). - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (bsc#1012628). - RDMA/rxe: Fix BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup (bsc#1012628). - iio: cros: Register FIFO callback after sensor is registered (bsc#1012628). - clk: qcom: Drop mmcx gdsc supply for dispcc and videocc (bsc#1012628). - clk: qcom: gdsc: Bump parent usage count when GDSC is found enabled (bsc#1012628). - clk: qcom: gcc-msm8939: Fix weird field spacing in ftbl_gcc_camss_cci_clk (bsc#1012628). - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (bsc#1012628). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (bsc#1012628). - iio: adc: max1027: unlock on error path in max1027_read_single_value() (bsc#1012628). - HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() (bsc#1012628). - HID: amd_sfh: Add NULL check for hid device (bsc#1012628). - dmaengine: imx-dma: Cast of_device_get_match_data() with (uintptr_t) (bsc#1012628). - scripts/gdb: fix 'lx-dmesg' on 32 bits arch (bsc#1012628). - RDMA/rxe: Fix mw bind to allow any consumer key portion (bsc#1012628). - mmc: core: quirks: Add of_node_put() when breaking out of loop (bsc#1012628). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (bsc#1012628). - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (bsc#1012628). - HID: alps: Declare U1_UNICORN_LEGACY support (bsc#1012628). - RDMA/rxe: For invalidate compare according to set keys in mr (bsc#1012628). - RDMA/rxe: Fix rnr retry behavior (bsc#1012628). - PCI: tegra194: Fix Root Port interrupt handling (bsc#1012628). - PCI: tegra194: Fix link up retry sequence (bsc#1012628). - HID: amd_sfh: Handle condition of "no sensors" (bsc#1012628). - USB: serial: fix tty-port initialized comments (bsc#1012628). - usb: xhci_plat_remove: avoid NULL dereference (bsc#1012628). - usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() (bsc#1012628). - mtd: spi-nor: fix spi_nor_spimem_setup_op() call in spi_nor_erase_{sector,chip}() (bsc#1012628). - staging: fbtft: core: set smem_len before fb_deferred_io_init call (bsc#1012628). - KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (bsc#1012628). - tools/power/x86/intel-speed-select: Fix off by one check (bsc#1012628). - platform/x86: pmc_atom: Match all Lex BayTrail boards with critclk_systems DMI table (bsc#1012628). - platform/mellanox: mlxreg-lc: Fix error flow and extend verbosity (bsc#1012628). - platform/olpc: Fix uninitialized data in debugfs write (bsc#1012628). - RDMA/srpt: Duplicate port name members (bsc#1012628). - RDMA/srpt: Introduce a reference count in struct srpt_device (bsc#1012628). - RDMA/srpt: Fix a use-after-free (bsc#1012628). - android: binder: stop saving a pointer to the VMA (bsc#1012628). - mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region (bsc#1012628). - selftests/vm: fix errno handling in mrelease_test (bsc#1012628). - tools/testing/selftests/vm/hugetlb-madvise.c: silence uninitialized variable warning (bsc#1012628). - selftest/vm: uninitialized variable in main() (bsc#1012628). - rtla: Fix Makefile when called from -C tools/ (bsc#1012628). - rtla: Fix double free (bsc#1012628). - virtio: replace restricted mem access flag with callback (bsc#1012628). - xen: don't require virtio with grants for non-PV guests (bsc#1012628). - selftests: kvm: set rax before vmcall (bsc#1012628). - of/fdt: declared return type does not match actual return type (bsc#1012628). - RDMA/mlx5: Add missing check for return value in get namespace flow (bsc#1012628). - RDMA/rxe: Fix error unwind in rxe_create_qp() (bsc#1012628). - block/rnbd-srv: Set keep_id to true after mutex_trylock (bsc#1012628). - null_blk: fix ida error handling in null_add_dev() (bsc#1012628). - nbd: add missing definition of pr_fmt (bsc#1012628). - mtip32xx: fix device removal (bsc#1012628). - nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (bsc#1012628). - nvme: define compat_ioctl again to unbreak 32-bit userspace (bsc#1012628). - nvme: catch -ENODEV from nvme_revalidate_zones again (bsc#1012628). - block/bio: remove duplicate append pages code (bsc#1012628). - block: ensure iov_iter advances for added pages (bsc#1012628). - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1012628). - ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1012628). - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1012628). - usb: cdns3: Don't use priv_dev uninitialized in cdns3_gadget_ep_enable() (bsc#1012628). - opp: Fix error check in dev_pm_opp_attach_genpd() (bsc#1012628). - ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe (bsc#1012628). - ASoC: samsung: Fix error handling in aries_audio_probe (bsc#1012628). - ASoC: imx-audmux: Silence a clang warning (bsc#1012628). - ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe (bsc#1012628). - ASoC: max98390: use linux/gpio/consumer.h to fix build (bsc#1012628). - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (bsc#1012628). - ASoC: codecs: da7210: add check for i2c_add_driver (bsc#1012628). - ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe (bsc#1012628). - serial: pic32: fix missing clk_disable_unprepare() on error in pic32_uart_startup() (bsc#1012628). - serial: 8250: Create serial_lsr_in() (bsc#1012628). - serial: 8250: Get preserved flags using serial_lsr_in() (bsc#1012628). - serial: 8250_dw: Use serial_lsr_in() in dw8250_handle_irq() (bsc#1012628). - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (bsc#1012628). - ASoC: SOF: make ctx_store and ctx_restore as optional (bsc#1012628). - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (bsc#1012628). - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (bsc#1012628). - ASoC: cs35l45: Add endianness flag in snd_soc_component_driver (bsc#1012628). - rpmsg: char: Add mutex protection for rpmsg_eptdev_open() (bsc#1012628). - rpmsg: mtk_rpmsg: Fix circular locking dependency (bsc#1012628). - remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init (bsc#1012628). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1012628). - profiling: fix shift too large makes kernel panic (bsc#1012628). - remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init (bsc#1012628). - KVM: PPC: Book3s: Fix warning about xics_rm_h_xirr_x (bsc#1012628). - rpmsg: Fix possible refcount leak in rpmsg_register_device_override() (bsc#1012628). - selftests/powerpc: Skip energy_scale_info test on older firmware (bsc#1012628). - ASoC: samsung: h1940_uda1380: include proepr GPIO consumer header (bsc#1012628). - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1012628). - ASoC: soc-core.c: fixup snd_soc_of_get_dai_link_cpus() (bsc#1012628). - ASoC: samsung: change gpiod_speaker_power and rx1950_audio from global to static variables (bsc#1012628). - serial: 8250_dw: Take port lock while accessing LSR (bsc#1012628). - ASoC: codecs: wsa881x: handle timeouts in resume path (bsc#1012628). - vfio/mlx5: Protect mlx5vf_disable_fds() upon close device (bsc#1012628). - vfio: Split migration ops from main device ops (bsc#1012628). - net/ice: fix initializing the bitmap in the switch code (bsc#1012628). - tty: n_gsm: fix user open not possible at responder until initiator open (bsc#1012628). - tty: n_gsm: fix tty registration before control channel open (bsc#1012628). - tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (bsc#1012628). - tty: n_gsm: fix missing timer to handle stalled links (bsc#1012628). - tty: n_gsm: fix non flow control frames during mux flow off (bsc#1012628). - tty: n_gsm: fix packet re-transmission without open control channel (bsc#1012628). - tty: n_gsm: fix race condition in gsmld_write() (bsc#1012628). - tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1012628). - tty: n_gsm: fix resource allocation order in gsm_activate_mux() (bsc#1012628). - ASoC: qcom: Fix missing of_node_put() in asoc_qcom_lpass_cpu_platform_probe() (bsc#1012628). - MIPS: Loongson64: Fix section mismatch warning (bsc#1012628). - ASoC: imx-card: Fix DSD/PDM mclk frequency (bsc#1012628). - remoteproc: qcom: wcnss: Fix handling of IRQs (bsc#1012628). - vfio/ccw: Remove UUID from s390 debug log (bsc#1012628). - vfio/ccw: Fix FSM state if mdev probe fails (bsc#1012628). - vfio/ccw: Do not change FSM state in subchannel event (bsc#1012628). - ASoC: audio-graph-card2.c: use of_property_read_u32() for rate (bsc#1012628). - serial: 8250_fsl: Don't report FE, PE and OE twice (bsc#1012628). - tty: n_gsm: fix wrong T1 retry count handling (bsc#1012628). - tty: n_gsm: fix DM command (bsc#1012628). - tty: n_gsm: fix flow control handling in tx path (bsc#1012628). - tty: n_gsm: fix missing corner cases in gsmld_poll() (bsc#1012628). - MIPS: vdso: Utilize __pa() for gic_pfn (bsc#1012628). - ASoC: SOF: mediatek: fix mt8195 StatvectorSel wrong setting (bsc#1012628). - swiotlb: fail map correctly with failed io_tlb_default_mem (bsc#1012628). - lib/bitmap: fix off-by-one in bitmap_to_arr64() (bsc#1012628). - ASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes (bsc#1012628). - cpufreq: mediatek: fix error return code in mtk_cpu_dvfs_info_init() (bsc#1012628). - ASoc: audio-graph-card2: Fix refcount leak bug in __graph_get_type() (bsc#1012628). - ASoC: mt6359: Fix refcount leak bug (bsc#1012628). - ASoC: SOF: ipc-msg-injector: fix copy in sof_msg_inject_ipc4_dfs_write() (bsc#1012628). - serial: 8250_bcm7271: Save/restore RTS in suspend/resume (bsc#1012628). - iommu/exynos: Handle failed IOMMU device registration properly (bsc#1012628). - 9p: Drop kref usage (bsc#1012628). - 9p: Add client parameter to p9_req_put() (bsc#1012628). - net: 9p: fix refcount leak in p9_read_work() error handling (bsc#1012628). - MIPS: Fixed __debug_virt_addr_valid() (bsc#1012628). - rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge (bsc#1012628). - leds: pwm-multicolor: Don't show -EPROBE_DEFER as errors (bsc#1012628). - kfifo: fix kfifo_to_user() return type (bsc#1012628). - lib/smp_processor_id: fix imbalanced instrumentation_end() call (bsc#1012628). - proc: fix a dentry lock race between release_task and lookup (bsc#1012628). - remoteproc: qcom: pas: Check if coredump is enabled (bsc#1012628). - remoteproc: sysmon: Wait for SSCTL service to come up (bsc#1012628). - mfd: t7l66xb: Drop platform disable callback (bsc#1012628). - mfd: max77620: Fix refcount leak in max77620_initialise_fps (bsc#1012628). - ASoC: amd: yc: Decrease level of error message (bsc#1012628). - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (bsc#1012628). - perf tools: Fix dso_id inode generation comparison (bsc#1012628). - riscv: spinwait: Fix hartid variable type (bsc#1012628). - s390/crash: fix incorrect number of bytes to copy to user space (bsc#1012628). - s390/zcore: fix race when reading from hardware system area (bsc#1012628). - perf test: Fix test case 83 ('perf stat CSV output linter') on s390 (bsc#1012628). - ASoC: fsl_asrc: force cast the asrc_format type (bsc#1012628). - ASoC: fsl-asoc-card: force cast the asrc_format type (bsc#1012628). - ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format (bsc#1012628). - ASoC: imx-card: use snd_pcm_format_t type for asrc_format (bsc#1012628). - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (bsc#1012628). - fuse: Remove the control interface for virtio-fs (bsc#1012628). - ASoC: audio-graph-card: Add of_node_put() in fail path (bsc#1012628). - ASoC: audio-graph-card2: Add of_node_put() in fail path (bsc#1012628). - watchdog: f71808e_wdt: Add check for platform_driver_register (bsc#1012628). - watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource (bsc#1012628). - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (bsc#1012628). - ASoC: Intel: sof_rt5682: Perform quirk check first in card late probe (bsc#1012628). - video: fbdev: amba-clcd: Fix refcount leak bugs (bsc#1012628). - video: fbdev: sis: fix typos in SiS_GetModeID() (bsc#1012628). - ASoC: mchp-spdifrx: disable end of block interrupt on failures (bsc#1012628). - powerpc/32: Call mmu_mark_initmem_nx() regardless of data block mapping (bsc#1012628). - powerpc/32s: Fix boot failure with KASAN + SMP + JUMP_LABEL_FEATURE_CHECK_DEBUG (bsc#1012628). - powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32 (bsc#1012628). - video: fbdev: offb: Include missing linux/platform_device.h (bsc#1012628). - pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1012628). - powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case (bsc#1012628). - powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias (bsc#1012628). - selftests/powerpc: Fix matrix multiply assist test (bsc#1012628). - serial: 8250_bcm2835aux: Add missing clk_disable_unprepare() (bsc#1012628). - tty: serial: qcom-geni-serial: Fix get_clk_div_rate() which otherwise could return a sub-optimal clock rate (bsc#1012628). - tty: serial: fsl_lpuart: correct the count of break characters (bsc#1012628). - s390/smp: enforce lowcore protection on CPU restart (bsc#1012628). - perf stat: Revert "perf stat: Add default hybrid events" (bsc#1012628). - f2fs: fix to invalidate META_MAPPING before DIO write (bsc#1012628). - f2fs: fix to check inline_data during compressed inode conversion (bsc#1012628). - f2fs: fix to remove F2FS_COMPR_FL and tag F2FS_NOCOMP_FL at the same time (bsc#1012628). - cifs: Fix memory leak when using fscache (bsc#1012628). - powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader (bsc#1012628). - powerpc/xive: Fix refcount leak in xive_get_max_prio (bsc#1012628). - powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address (bsc#1012628). - perf symbol: Fail to read phdr workaround (bsc#1012628). - kprobes: Forbid probing on trampoline and BPF code areas (bsc#1012628). - x86/bus_lock: Don't assume the init value of DEBUGCTLMSR.BUS_LOCK_DETECT to be zero (bsc#1012628). - powerpc/pci: Fix PHB numbering when using opal-phbid (bsc#1012628). - genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO (bsc#1012628). - scripts/faddr2line: Fix vmlinux detection on arm64 (bsc#1012628). - tty: serial: qcom-geni-serial: Fix %lu -> %u in print statements (bsc#1012628). - powerpc/64e: Fix kexec build error (bsc#1012628). - sched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed (bsc#1012628). - x86/numa: Use cpumask_available instead of hardcoded NULL check (bsc#1012628). - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (bsc#1012628). - tools/thermal: Fix possible path truncations (bsc#1012628). - sched: Fix the check of nr_running at queue wakelist (bsc#1012628). - sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle (bsc#1012628). - sched/core: Do not requeue task on CPU excluded from cpus_mask (bsc#1012628). - x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (bsc#1012628). - f2fs: do not allow to decompress files have FI_COMPRESS_RELEASED (bsc#1012628). - video: fbdev: vt8623fb: Check the size of screen before memset_io() (bsc#1012628). - video: fbdev: arkfb: Check the size of screen before memset_io() (bsc#1012628). - video: fbdev: s3fb: Check the size of screen before memset_io() (bsc#1012628). - scsi: ufs: core: Correct ufshcd_shutdown() flow (bsc#1012628). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (bsc#1012628). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1012628). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1012628). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1012628). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1012628). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1012628). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1012628). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1012628). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1012628). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1012628). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1012628). - cifs: fix lock length calculation (bsc#1012628). - x86/bugs: Enable STIBP for IBPB mitigated RETBleed (bsc#1012628). - ftrace/x86: Add back ftrace_expected assignment (bsc#1012628). - x86/kprobes: Update kcb status flag after singlestepping (bsc#1012628). - x86/olpc: fix 'logical not is only applied to the left hand side' (bsc#1012628). - SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1012628). - posix-cpu-timers: Cleanup CPU timers before freeing them during exec (bsc#1012628). - Input: gscps2 - check return value of ioremap() in gscps2_probe() (bsc#1012628). - __follow_mount_rcu(): verify that mount_lock remains unchanged (bsc#1012628). - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (bsc#1012628). - csky: abiv1: Fixup compile error (bsc#1012628). - drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1012628). - drm/mediatek: Keep dsi as LP00 before dcs cmds transfer (bsc#1012628). - crypto: blake2s - remove shash module (bsc#1012628). - firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (bsc#1012628). - intel_th: pci: Add Meteor Lake-P support (bsc#1012628). - intel_th: pci: Add Raptor Lake-S PCH support (bsc#1012628). - intel_th: pci: Add Raptor Lake-S CPU support (bsc#1012628). - KVM: set_msr_mce: Permit guests to ignore single-bit ECC errors (bsc#1012628). - KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (bsc#1012628). - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (bsc#1012628). - PCI/AER: Iterate over error counters instead of error strings (bsc#1012628). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (bsc#1012628). - dm writecache: set a default MAX_WRITEBACK_JOBS (bsc#1012628). - kexec_file: drop weak attribute from functions (bsc#1012628). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1012628). - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1012628). - tracing/events: Add __vstring() and __assign_vstr() helper macros (bsc#1012628). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (bsc#1012628). - net/9p: Initialize the iounit field during fid creation (bsc#1012628). - ARM: Marvell: Update PCIe fixup (bsc#1012628). - timekeeping: contribute wall clock to rng on time change (bsc#1012628). - locking/csd_lock: Change csdlock_debug from early_param to __setup (bsc#1012628). - block: don't allow the same type rq_qos add more than once (bsc#1012628). - btrfs: tree-log: make the return value for log syncing consistent (bsc#1012628). - btrfs: ensure pages are unlocked on cow_file_range() failure (bsc#1012628). - btrfs: fix error handling of fallback uncompress write (bsc#1012628). - btrfs: reset block group chunk force if we have to wait (bsc#1012628). - btrfs: properly flag filesystem with BTRFS_FEATURE_INCOMPAT_BIG_METADATA (bsc#1012628). - block: add bdev_max_segments() helper (bsc#1012628). - btrfs: zoned: revive max_zone_append_bytes (bsc#1012628). - btrfs: replace BTRFS_MAX_EXTENT_SIZE with fs_info->max_extent_size (bsc#1012628). - btrfs: convert count_max_extents() to use fs_info->max_extent_size (bsc#1012628). - btrfs: let can_allocate_chunk return error (bsc#1012628). - btrfs: zoned: finish least available block group on data bg allocation (bsc#1012628). - btrfs: zoned: disable metadata overcommit for zoned (bsc#1012628). - btrfs: store chunk size in space-info struct (bsc#1012628). - btrfs: zoned: introduce space_info->active_total_bytes (bsc#1012628). - btrfs: zoned: activate metadata block group on flush_space (bsc#1012628). - btrfs: zoned: activate necessary block group (bsc#1012628). - btrfs: zoned: write out partially allocated region (bsc#1012628). - btrfs: zoned: wait until zone is finished when allocation didn't progress (bsc#1012628). - btrfs: join running log transaction when logging new name (bsc#1012628). - intel_idle: make SPR C1 and C1E be independent (bsc#1012628). - ACPI: CPPC: Do not prevent CPPC from working in the future (bsc#1012628). - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1012628). - s390/unwind: fix fgraph return address recovery (bsc#1012628). - KVM: x86/pmu: Introduce the ctrl_mask value for fixed counter (bsc#1012628). - KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (bsc#1012628). - KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU doesn't support global_ctrl (bsc#1012628). - KVM: x86/pmu: Accept 0 for absent PMU MSRs when host-initiated if !enable_pmu (bsc#1012628). - Revert "KVM: x86/pmu: Accept 0 for absent PMU MSRs when host-initiated if !enable_pmu" (bsc#1012628). - KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (bsc#1012628). - KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (bsc#1012628). - dm raid: fix address sanitizer warning in raid_status (bsc#1012628). - dm raid: fix address sanitizer warning in raid_resume (bsc#1012628). - dm: fix dm-raid crash if md_handle_request() splits bio (bsc#1012628). - mm/damon/reclaim: fix potential memory leak in damon_reclaim_init() (bsc#1012628). - hugetlb_cgroup: fix wrong hugetlb cgroup numa stat (bsc#1012628). - batman-adv: tracing: Use the new __vstring() helper (bsc#1012628). - tracing: Use a struct alignof to determine trace event field alignment (bsc#1012628). - ext4: fix reading leftover inlined symlinks (bsc#1012628). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1012628). - ext4: fix extent status tree race in writeback error recovery path (bsc#1012628). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1012628). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1012628). - ext4: correct max_inline_xattr_value_size computing (bsc#1012628). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1012628). - ext4: fix warning in ext4_iomap_begin as race between bmap and write (bsc#1012628). - Documentation: ext4: fix cell spacing of table heading on blockmap table (bsc#1012628). - ext4: check if directory block is within i_size (bsc#1012628). - ext4: make sure ext4_append() always allocates new block (bsc#1012628). - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1012628). - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1012628). - ext4: fix race when reusing xattr blocks (bsc#1012628). - KEYS: asymmetric: enforce SM2 signature use pkey algo (bsc#1012628). - tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH (bsc#1012628). - tpm: Add check for Failure mode for TPM2 modules (bsc#1012628). - xen-blkback: fix persistent grants negotiation (bsc#1012628). - xen-blkback: Apply 'feature_persistent' parameter when connect (bsc#1012628). - xen-blkfront: Apply 'feature_persistent' parameter when connect (bsc#1012628). - powerpc: Fix eh field when calling lwarx on PPC32 (bsc#1012628). - powerpc64/ftrace: Fix ftrace for clang builds (bsc#1012628). - net_sched: cls_route: remove from list when handle is 0 (bsc#1012628). - Revert "drm/bridge: anx7625: Use DPI bus type" (bsc#1012628). - tcp: fix over estimation in sk_forced_mem_schedule() (bsc#1012628). - crypto: lib/blake2s - reduce stack frame usage in self test (bsc#1012628). - raw: remove unused variables from raw6_icmp_error() (bsc#1012628). - raw: fix a typo in raw_icmp_error() (bsc#1012628). - Revert "mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv" (bsc#1012628). - Revert "devcoredump: remove the useless gfp_t parameter in dev_coredumpv and dev_coredumpm" (bsc#1012628). - mptcp: refine memory scheduling (bsc#1012628). - wifi: cfg80211: handle IBSS in channel switch (bsc#1012628). - wifi: nl80211: hold wdev mutex for tid config (bsc#1012628). - wifi: nl80211: relax wdev mutex check in wdev_chandef() (bsc#1012628). - wifi: nl80211: acquire wdev mutex earlier in start_ap (bsc#1012628). - wifi: cfg80211: remove chandef check in cfg80211_cac_event() (bsc#1012628). - tracing: Use a copy of the va_list for __assign_vstr() (bsc#1012628). - net: dsa: felix: fix min gate len calculation for tc when its first gate is closed (bsc#1012628). - Revert "s390/smp: enforce lowcore protection on CPU restart" (bsc#1012628). - powerpc/kexec: Fix build failure from uninitialised variable (bsc#1012628). - io_uring: mem-account pbuf buckets (bsc#1012628). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (bsc#1012628). - ASoC: Intel: avs: Use lookup table to create modules (bsc#1012628). - geneve: Use ip_tunnel_key flow flags in route lookups (bsc#1012628). - vxlan: Use ip_tunnel_key flow flags in route lookups (bsc#1012628). - Update config files. - commit 6c252ef ++++ gpgme: - gpgme 1.18.0 * New keylist mode to force refresh via external methods * The keylist operations now create an import result to report the result of the locate keylist modes * core: Return BAD_PASSPHRASE error code on symmetric decryption failure * cpp, qt: Do not export internal symbols anymore * cpp, qt: Support revocation of own OpenPGP keys * qt: The file name of (signed and) encrypted data can now be set * cpp, qt: Support setting the primary user ID * python: Fix segv(NULL) when inspecting contect after exeception - includes changes from version 1.17.1: * qt: Fix a bug in the ABI compatibility of 1.17.0 - includes changes from 1.17.0: * New context flag "key-origin" * New context flag "import-filter" * New export mode to export secret subkeys * Detect errors during the export of secret keys * New function gpgme_op_receive_keys to import keys from a keyserver without first running a key listing * Detect bad passphrase error in certificate import * Allow setting --key-origin when importing keys * Support components "keyboxd", "gpg-agent", "scdaemon", "dirmngr", "pinentry", and "socketdir" in gpgme_get_dirinfo * Under Unix use poll(2) instead of select(2), when available. * Fix results returned by gpgme_data_* functions * Support closefrom also for glibc (drop upstream gpgme-use-glibc-closefrom.patch * cpp,qt: Add support for export of secret keys and secret subkeys. * cpp,qt: Support for adding existing subkeys to other keys * qt: Extend ChangeExpiryJob to change expiration of primary key and of subkeys at the same time * qt: Support WKD lookup without implicit import * qt: Allow specifying an import filter when importing keys * qt: Allow retrieving the default value of a config entry - drop patches included upstream * gpgme-1.16.0-Use-after-free-in-t-edit-sign-test.patch * gpgme-1.16.0-t-various-testSignKeyWithExpiration-32-bit.patch - add patches to fix tests: * gpgme-1.18.0-T6137-qt_test.patch ++++ libxml2: - Update to 2.10.0: * Security + [CVE-2022-2309] Reset nsNr in xmlCtxtReset + Reserve byte for NUL terminator and report errors consistently in xmlBuf and xmlBuffer + Fix missing NUL terminators in xmlBuf and xmlBuffer functions + Fix integer overflow in xmlBufferDump() + xmlBufAvail() should return length without including a byte for NUL terminator + Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() + Use xmlNewDocText in xmlXIncludeCopyRange + Fix use-after-free bugs when calling xmlTextReaderClose() before xmlFreeTextReader() on post-validating parser + Use UPDATE_COMPAT() consistently in buf.c + fix: xmlXPathParserContext could be double-delete in OOM case. * Removals and deprecations + Disable XPointer location support by default + Remove outdated xml2Conf.sh + Deprecate module init and cleanup functions + Remove obsolete XML Software Autoupdate (XSA) file + Remove DOCBparser + Remove obsolete Python test framework + Remove broken VxWorks support + Remove broken Mac OS 9 support + Remove broken bakefile support + Remove broken Visual Studio 2010 support + Remove broken Windows CE support + Deprecate IDREF-related functions in valid.h + Deprecate legacy functions + Disable legacy support by default + Deprecate all functions in nanoftp.h + Disable FTP support by default + Add XML_DEPRECATED macro + Remove elfgcchack.h * Regressions + Skip incorrectly opened HTML comments + Restore behavior of htmlDocContentDumpFormatOutput() * Bug fixes + Fix memory leak with invalid XSD + Make XPath depth check work with recursive invocations + Fix memory leak in xmlLoadEntityContent error path + Avoid double-free if malloc fails in inputPush + Properly fold whitespace around the QName value when validating an XSD schema. + Add whitespace folding for some atomic data types that it's missing on. + Don't add IDs containing unexpanded entity references * Improvements + Avoid calling xmlSetTreeDoc + Simplify xmlFreeNode + Don't reset nsDef when changing node content + Fix unintended fall-through in xmlNodeAddContentLen + Remove unused xmlBuf functions + Implement xpath1() XPointer scheme + Add configuration flag for XPointer locations support + Fix compiler warnings in Python code + Mark more static data as `const` + Make xmlStaticCopyNode non-recursive + Clean up encoding switching code + Simplify recursive pthread mutex + Use non-recursive mutex in dict.c + Fix parser progress checks + Avoid arithmetic on freed pointers + Improve buffer allocation scheme + Remove unneeded #includes + Add support for some non-standard escapes in regular expressions. + htmlParseComment: handle abruptly-closed comments + Add let variable tag support + Add value-of tag support + Remove useless call to xmlRelaxNGCleanupTypes + Don't include ICU headers in public headers + Update `xmlStrlen()` to use POSIX / ISO C `strlen()` + Fix unused variable warnings with disabled features + Only warn on invalid redeclarations of predefined entities + Remove unneeded code in xmlreader.c + Rework validation context flags * Portability + Use NAN/INFINITY if available to init XPath NaN/Inf + Fix Python tests on macOS + Fix xmlCleanupThreads on Windows + Fix reinitialization of library on Windows + Don't mix declarations and code in runtest.c + Use portable python shebangs + Use critical sections as mutex on Windows + Don't set HAVE_WIN32_THREADS in win32config.h + Use stdint.h with newer MSVC + Remove cruft from win32config.h + Remove isinf/isnan emulation in win32config.h + Always fopen files with "rb" + Remove __DJGPP__ checks + Remove useless __CYGWIN__ checks * Build system + Don't autogenerate doc/examples/Makefile.am + cmake: Install libxml.m4 on UNIX-like platforms + cmake: Use symbol versioning on UNIX-like platforms + Port genUnicode.py to Python 3 + Port gentest.py to Python 3 + cmake: Fix build without thread support + cmake: Install documentation in CMAKE_INSTALL_DOCDIR + cmake: Remove non needed files in docs dir + configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set + Move local Autoconf macros into m4 directory + Use XML_PRIVATE_LIBS in libxml2_la_LIBADD + Update libxml-2.0-uninstalled.pc.in + Remove LIBS from XML_PRIVATE_LIBS + Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS + Don't overlink executables + cmake: Adjust paths for UNIX or UNIX-like target systems + build: Make use of variables in libxml's pkg-config file + Avoid obsolescent `test -a` constructs + Move AM_MAINTAINER_MODE to AM section + configure.ac: make AM_SILENT_RULES([yes]) unconditional + Streamline documentation installation + Don't try to recreate COPYING symlink + Detect libm using libtool's macros + configure.ac: disable static libraries by default + python/Makefile.am: nest python docs in $(docdir) + python/Makefile.am: rely on global AM_INIT_AUTOMAKE + Makefile.am: install examples more idiomatically + configure.ac: remove useless AC_SUBST + Respect `--sysconfdir` in source files + Ignore configure backup file created by recent autoreconf too + Only install *.html and *.c example files + Remove --with-html-dir option + Rework documentation build system + Remove old website + Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings + Update genChRanges.py + Update build_glob.py + Remove ICONV_CONST test + Remove obsolete AC_HEADER checks + Don't check for standard C89 library functions + Don't check for standard C89 headers + Remove special configuration for certain maintainers * Test suite, CI + Disable network in API tests + testapi: remove leading slash from "/missing.xml" + Build Autotools CI tests out of source tree (VPATH) + Add --with-minimum build to CI tests + Fix warnings when testing --with-minimum build + cmake: Run all tests when threads are disabled + Also build CI tests with -Werror + Move doc/examples tests to new test suite + Simplify 'make check' targets + Fix schemas and relaxng tests + Remove unused result files + Allow missing result files in runtest + Move regexp tests to runtest + Move SVG tests to runtest.c + Move testModule to new test suite + Move testThreads to new test suite + Remove major parts of old test suite + Make testchar return an error on failure + Add CI job for static build + python/tests: open() relative to test scripts + Port some test scripts to Python 3 * Documentation + Improve documentation of tree manipulation API + Update xml2-config man page + Consolidate man pages + Rename xmlcatalog_man.xml + Make examples a standalone HTML page + Fix documentation in entities.c + Add note about optimization flags ++++ libxslt: - Update to 1.1.36: * Removals and deprecations + Remove SVN keyword anchors + Remove CVS and SVN-related code + Remove README.cvs-commits + Remove ChangeLog + Remove xsltwin32config.h * Improvements + Simplify xsltexports.h and exsltexports.h + Don't overlink executables with gcrypt + Fix quadratic behavior with variables and parameters + Remove case labels with XPointer location types + Add configure~ to .gitignore + Stop calling deprecated libxml2 functions * Portability + Use portable python shebangs (David Seifert) + Remove useless __CYGWIN__ checks + Remove cruft from win32config.h + crypto.c: Silence a compiler warning on Windows (Chun-wei Fan) * Build system + Add missing compile definition for static builds to CMake + Avoid obsolescent `test -a` constructs (David Seifert) + Only link libxml2 statically in purely static build + Set AC_CONFIG_MACRO_DIR + Allow AM_MAINTAINER_MODE to be disabled + Streamline and fix documentation installation + Don't try to recreate COPYING symlink + Remove special configuration for certain maintainers + configure.ac: produce tar.xz only (GNOME policy) (David Seifert) + Detect libm using libtool's macros (David Seifert) + configure.ac: disable static libraries by default (David Seifert) + python/Makefile.am: nest python docs in $(docdir) (David Seifert) + python/Makefile.am: rely on global AM_INIT_AUTOMAKE (David Seifert) + configure.ac: remove useless AC_SUBST (David Seifert) + Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings (David Seifert) + Change libxml2 Python config + Don't check for standard C89 library functions + Don't check for standard C89 headers + Remove --with-html-dir option + Also check for glibtoolize in autogen.sh + Rework documentation build system + Remove old website + CMake: Relax check for enabling crypto support on Windows (Chun-wei Fan) + Remove obsolete AC_HEADER_STDC autoconf macro (Vadim Zeitlin) + Remove special configuration for old maintainers * Test suite, CI + Remove test involving XPointer range-to function + Test recursion in EXSLT dynamic functions + Add CI job for static build * Documentation + Move tutorial images ++++ python-charset-normalizer: - Clean requirements: We don't need anything ++++ libxml2-python: - Update to 2.10.0: * Security + [CVE-2022-2309] Reset nsNr in xmlCtxtReset + Reserve byte for NUL terminator and report errors consistently in xmlBuf and xmlBuffer + Fix missing NUL terminators in xmlBuf and xmlBuffer functions + Fix integer overflow in xmlBufferDump() + xmlBufAvail() should return length without including a byte for NUL terminator + Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() + Use xmlNewDocText in xmlXIncludeCopyRange + Fix use-after-free bugs when calling xmlTextReaderClose() before xmlFreeTextReader() on post-validating parser + Use UPDATE_COMPAT() consistently in buf.c + fix: xmlXPathParserContext could be double-delete in OOM case. * Removals and deprecations + Disable XPointer location support by default + Remove outdated xml2Conf.sh + Deprecate module init and cleanup functions + Remove obsolete XML Software Autoupdate (XSA) file + Remove DOCBparser + Remove obsolete Python test framework + Remove broken VxWorks support + Remove broken Mac OS 9 support + Remove broken bakefile support + Remove broken Visual Studio 2010 support + Remove broken Windows CE support + Deprecate IDREF-related functions in valid.h + Deprecate legacy functions + Disable legacy support by default + Deprecate all functions in nanoftp.h + Disable FTP support by default + Add XML_DEPRECATED macro + Remove elfgcchack.h * Regressions + Skip incorrectly opened HTML comments + Restore behavior of htmlDocContentDumpFormatOutput() * Bug fixes + Fix memory leak with invalid XSD + Make XPath depth check work with recursive invocations + Fix memory leak in xmlLoadEntityContent error path + Avoid double-free if malloc fails in inputPush + Properly fold whitespace around the QName value when validating an XSD schema. + Add whitespace folding for some atomic data types that it's missing on. + Don't add IDs containing unexpanded entity references * Improvements + Avoid calling xmlSetTreeDoc + Simplify xmlFreeNode + Don't reset nsDef when changing node content + Fix unintended fall-through in xmlNodeAddContentLen + Remove unused xmlBuf functions + Implement xpath1() XPointer scheme + Add configuration flag for XPointer locations support + Fix compiler warnings in Python code + Mark more static data as `const` + Make xmlStaticCopyNode non-recursive + Clean up encoding switching code + Simplify recursive pthread mutex + Use non-recursive mutex in dict.c + Fix parser progress checks + Avoid arithmetic on freed pointers + Improve buffer allocation scheme + Remove unneeded #includes + Add support for some non-standard escapes in regular expressions. + htmlParseComment: handle abruptly-closed comments + Add let variable tag support + Add value-of tag support + Remove useless call to xmlRelaxNGCleanupTypes + Don't include ICU headers in public headers + Update `xmlStrlen()` to use POSIX / ISO C `strlen()` + Fix unused variable warnings with disabled features + Only warn on invalid redeclarations of predefined entities + Remove unneeded code in xmlreader.c + Rework validation context flags * Portability + Use NAN/INFINITY if available to init XPath NaN/Inf + Fix Python tests on macOS + Fix xmlCleanupThreads on Windows + Fix reinitialization of library on Windows + Don't mix declarations and code in runtest.c + Use portable python shebangs + Use critical sections as mutex on Windows + Don't set HAVE_WIN32_THREADS in win32config.h + Use stdint.h with newer MSVC + Remove cruft from win32config.h + Remove isinf/isnan emulation in win32config.h + Always fopen files with "rb" + Remove __DJGPP__ checks + Remove useless __CYGWIN__ checks * Build system + Don't autogenerate doc/examples/Makefile.am + cmake: Install libxml.m4 on UNIX-like platforms + cmake: Use symbol versioning on UNIX-like platforms + Port genUnicode.py to Python 3 + Port gentest.py to Python 3 + cmake: Fix build without thread support + cmake: Install documentation in CMAKE_INSTALL_DOCDIR + cmake: Remove non needed files in docs dir + configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set + Move local Autoconf macros into m4 directory + Use XML_PRIVATE_LIBS in libxml2_la_LIBADD + Update libxml-2.0-uninstalled.pc.in + Remove LIBS from XML_PRIVATE_LIBS + Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS + Don't overlink executables + cmake: Adjust paths for UNIX or UNIX-like target systems + build: Make use of variables in libxml's pkg-config file + Avoid obsolescent `test -a` constructs + Move AM_MAINTAINER_MODE to AM section + configure.ac: make AM_SILENT_RULES([yes]) unconditional + Streamline documentation installation + Don't try to recreate COPYING symlink + Detect libm using libtool's macros + configure.ac: disable static libraries by default + python/Makefile.am: nest python docs in $(docdir) + python/Makefile.am: rely on global AM_INIT_AUTOMAKE + Makefile.am: install examples more idiomatically + configure.ac: remove useless AC_SUBST + Respect `--sysconfdir` in source files + Ignore configure backup file created by recent autoreconf too + Only install *.html and *.c example files + Remove --with-html-dir option + Rework documentation build system + Remove old website + Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings + Update genChRanges.py + Update build_glob.py + Remove ICONV_CONST test + Remove obsolete AC_HEADER checks + Don't check for standard C89 library functions + Don't check for standard C89 headers + Remove special configuration for certain maintainers * Test suite, CI + Disable network in API tests + testapi: remove leading slash from "/missing.xml" + Build Autotools CI tests out of source tree (VPATH) + Add --with-minimum build to CI tests + Fix warnings when testing --with-minimum build + cmake: Run all tests when threads are disabled + Also build CI tests with -Werror + Move doc/examples tests to new test suite + Simplify 'make check' targets + Fix schemas and relaxng tests + Remove unused result files + Allow missing result files in runtest + Move regexp tests to runtest + Move SVG tests to runtest.c + Move testModule to new test suite + Move testThreads to new test suite + Remove major parts of old test suite + Make testchar return an error on failure + Add CI job for static build + python/tests: open() relative to test scripts + Port some test scripts to Python 3 * Documentation + Improve documentation of tree manipulation API + Update xml2-config man page + Consolidate man pages + Rename xmlcatalog_man.xml + Make examples a standalone HTML page + Fix documentation in entities.c + Add note about optimization flags ++++ vim: - Updated to version 9.0.0224, fixes the following problems - boo#1202552 - CVE-2022-2874 - boo#1202512 - CVE-2022-2849 - boo#1202511 - CVE-2022-2862 - boo#1202515 - CVE-2022-2845 - boo#1202421 - CVE-2022-2816 - boo#1202420 - CVE-2022-2817 - boo#1202414 - CVE-2022-2819 * indexof() may leak memory. * Cursor in wrong position when inserting after virtual text. (Ben Jackson) * Redraw flags are not named specifically. * Stacktrace not shown when debugging. * The override flag has no effect for virtual text. (Ben Jackson) * Build error with small features. * 'list' mode does not work properly with virtual text. * Invalid memory access when compiling :lockvar. * Invalid memory access when compiling :unlet. * Using freed memory with error in assert argument. * Splitting a line may duplicate virtual text. (Ben Jackson) * Not passing APC_INDENT flag. * Undo earlier test sometimes fails on MS-Windows. * 'shellslash' works differently when sourcing a script again. * Reading before the start of the line. * Cannot make a funcref with "s:func" in a def function in legacy script. * Invalid memory access with for loop over NULL string. * Accessing freed memory if compiling nested function fails. * No good reason why text objects are only in larger builds. * Typo in diffmode test. ------------------------------------------------------------------ ------------------ 2022-8-17 - Aug 17 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - update to 22.1.6: * llvmpipe: make last_fence a screen/rast object not a context one. llvmpipe: keep context list and use to track resource usage. * Revert "pan/bi: Require ATEST coverage mask input in R60" * intel/dev: drop warning for unhandled hwconfig keys * anv: Use sampleLocationsEnable for sample locations ++++ Mesa-drivers: - update to 22.1.6: * llvmpipe: make last_fence a screen/rast object not a context one. llvmpipe: keep context list and use to track resource usage. * Revert "pan/bi: Require ATEST coverage mask input in R60" * intel/dev: drop warning for unhandled hwconfig keys * anv: Use sampleLocationsEnable for sample locations ++++ boost-base: - update to 1.80.0: * no new libraries * for details on all the long list of changes, see https://www.boost.org/users/history/version_1_80_0.html - drop 0001-json-array-erase-relocate.patch boost-mp-locale-fix.patch: upstream ++++ conmon: - update to 2.1.3: * Port conmon to FreeBSD * Stop using g_unix_signal_add() to avoid threads * Rename CLI optionlog-size-global-max to log-global-size-max ++++ kexec-tools: - update to 2.0.25: * kexec-tools: Remove duplicate ultoa() definitions and redefine it * i386: pass rng seed via setup_data * kexec-tools: mips: Pass initrd parameter via cmdline * arm64/crashdump-arm64: increase CRASH_MAX_MEMORY_RANGES to 32k ++++ mozilla-nss: - update to NSS 3.81 * bmo#1762831 - Enable aarch64 hardware crypto support on OpenBSD * bmo#1775359 - make NSS_SecureMemcmp 0/1 valued * bmo#1779285 - Add no_application_protocol alert handler and test client error code is set * bmo#1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (boo#1202118) ++++ protobuf: - update to 21.5: PHP * Added getContainingOneof and getRealContainingOneof to descriptor. * fix PHP readonly legacy files for nested messages Python * Fixed comparison of maps in Python. ++++ python310-core: - fix import_failed.map to refer to the python 3.10 package versions ++++ mozilla-nspr: - update to version 4.34.1 * add file descriptor sanity checks in the NSPR poll function ++++ python310: - fix import_failed.map to refer to the python 3.10 package versions ++++ python-pyzmq: - update to version 23.2.1: * Improvements: + First release with wheels for Python 3.11 (thanks cibuildwheel!). + linux aarch64 wheels now bundle the same libzmq (4.3.4) as all other builds, thanks to switching to native arm builds on CircleCI. * Fixes: + Some type annotation fixes in devices. ++++ tar: - bsc1200657.patch was previously incomplete leading to deadlocks * bsc#1202436 * bsc1200657.patch updated ------------------------------------------------------------------ ------------------ 2022-8-16 - Aug 16 2022 ------------------- ------------------------------------------------------------------ ++++ filesystem: - Add French(France) (fr_FR) man pages directory - seen in xz ++++ kernel-default: - rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385) We do the move only on 15.5+. - commit 9c7ade3 - rpm/kernel-binary.spec.in: simplify find for usrmerged The type test and print line are the same for both cases. The usrmerged case only ignores more, so refactor it to make it more obvious. - commit 583c9be - x86: link vdso and boot with -z noexecstack - -no-warn-rwx-segments (binutils 2.39). - commit 4fdb301 - Makefile: link with -z noexecstack --no-warn-rwx-segments (binutils-2.39). - commit 7c9d0cf ++++ less: - Which need one /usr/bin/which, not the package which ++++ lz4: - Update to release 1.9.4 * Decompression speed on high-end ARM64 platform is improved, by ~+20%. * For the specific scenario of data compressed with -BD4 setting (small blocks, <= 64 KB, linked) decompressed block-by-block into a flush buffer (like lz4 CLI does), decompression speed is improved ~+70%. * For compressed data employing the lz4frame format (native format of lz4 CLI), it's possible to ignore checksum validation during decompression, resulting in speed improvements of ~+40% . This capability is exposed at both CLI (see --no-crc) and library levels. ++++ systemd: - Import commit 532faa39ebaa6f56e493cc938a91a40df082b74f (merge of v251.4) It includes the following fixes: - 739d7130cb home: drop conflicted headers (bsc#1202221) - 8fe0c12178 glibc: Remove #include to resolve fsconfig_command/mount_attr conflict with glibc 2.36 (bsc#1202221) - 0c5b7ee318 udev: allow to execute longer command line (bsc#1201766) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/8cd784e9250b38d20d8e14fccbfb211010283c79...532faa39ebaa6f56e493cc938a91a40df082b74f - Drop 1001-statx.patch, it's no more needed. ++++ liburing: - add test-xattr-don-t-rely-on-NUL-termination.patch (bsc#1202413) ++++ ovmf: - Update to edk2-stable202205 - Features (https://github.com/tianocore/edk2/releases): Support PEI 64bit in IntelFsp2Pkg and IntelFsp2WrapperPkg IntelFsp2Pkg: BaseFspCommonLib Support for X64 Build Add PrmPkg BaseTools Enhance GenFw to support PRM GCC build Enable Intel TDX in OvmfPkg Generate CloudHv target as PVH ELF binary Add parallel hash feature into BaseCryptLib Configure/Enable elliptic curve ciphers in OpenSSL Add FMMT tool into edk2 BaseTools Dynamic variable flash information cannot be passed in Standalone MM - Patches (git log --oneline --reverse edk2-stable202202~..edk2-stable202205): b24306f15d NetworkPkg: Fix incorrect unicode string of the AKM/Cipher Suite 2dbed52506 ArmVirtPkg/ArmVirtMemoryInitPeiLib: avoid redundant cache invalidation 54cddc3ad4 ArmVirtPkg/ArmVirtKvmTool: wire up configurable timeout de463163d9 OvmfPkg/AmdSev: reserve snp pages 63c50d3ff2 OvmfPkg/ResetVector: cache the SEV status MSR value in workarea f1d1c337e7 OvmfPkg/BaseMemEncryptLib: use the SEV_STATUS MSR value from workarea b1b89f9009 MdeModulePkg: Correct high-memory use in NvmExpressDxe 84338c0d49 MdeModulePkg: Replace Opcode with the corresponding instructions. d3febfd9ad MdePkg: Replace Opcode with the corresponding instructions. 7bc8b1d9f4 SourceLevelDebugPkg: Replace Opcode with the corresponding instructions. 2aa107c0aa UefiCpuPkg: Replace Opcode with the corresponding instructions. bbaa00dd01 MdePkg: Remove the macro definitions regarding Opcode. 6a890db161 BaseTools: Upgrade the version of NASM tool 497ac7b6d7 UefiPayloadPkg/PayloadLoaderPeim: Use INT64 as input parameter dc39554d58 edk2/MdeModulePkg/Debuglib: Add Standalone MM support 906242343f MdeModulePkg/GraphicsConsoleDxe: Check status to make sure no error b422b0fcf9 EmulatorPkg/EmuGopDxe: Set ModeInfo after Open successfully 589d51df26 MdeModulePkg/Usb/Keyboard.c: Don't request protocol before setting b909b4ad09 OvmfPkg: Make the Xen ELF header generator more flexible 0a707eb258 OvmfPkg: Xen: Use a new fdf include for the PVH ELF header 0015a4e0a8 OvmfPkg: Xen: Generate fdf include file from ELF header generator 9ac8c85d50 OvmfPkg: CloudHv: Remove VARS and CODE sections e1c7f9b4e5 OvmfPkg: Generate CloudHv as a PVH ELF binary d50d9e5549 OvmfPkg: CloudHv: Retrieve RSDP address from PVH 82bfd2e86d OvmfPkg: CloudHv: Rely on PVH memmap instead of CMOS b83d0a6438 OvmfPkg: CloudHv: Add README 4a68176cb5 UefiCpuPkg: Extend SMM CPU Service with rendezvous support. 949b8a3d97 Maintainers.txt: Add new reviewer for UefiPayloadPkg 091b6a1197 UefiPayloadPkg: Add build option for Above 4G Memory 4adc364c75 UefiPayloadPkg: Fix case of protocol 79f2734e5a MdeModulePkg: Add a check for metadata size in NvmExpress Driver af74efe494 UefiPayloadPkg: Make Boot Manager Key configurable 62fa37fe7b BlSupportSmm: fix definition of SetSmrr() 56530dec11 .pytool/Plugin/UncrustifyCheck: Output file diffs by default 2aac8bb7ef .pytool: Update to newest pytools c63ef58698 .azurepipelines: Updated python version f06941cc46 MdeModulePkg: Add bRefClkFreq card attribute programming support 2b175eeb6a RedfishPkg: fix memory leak issue 10b4c8f3b7 Maintainers: Update Maintainers.txt for edk2 Redfish modules 0fdd466c75 UefiCpuPkg/MpInitLib:remove optional in declaration 52e09dcd7a UefiCpuPkg: Support FFS3 GUID in SearchForBfvBase.asm a13dfc769b MdeModulePkg/DxeIpl: Create 5-level page table for long mode c8ea48bdf9 DynamicTablesPkg: Fix serial port namespace path in DBG2 414cd2a4d5 BaseTools/GenFw: Enhance GenFw to support PRM GCC build 33438f7354 EmulatorPkg/RedfishPlatformCredentialLib: Check EFI_SECURE_BOOT_MODE_NAME 5b56c52b5c EmulatorPkg/RedfishPlatformCredentialLib: Don't stop Redfish service 0531f61376 IntelFsp2Pkg: BaseFspDebugLibSerialPort Support for X64 411b3ff6dd IntelFsp2Pkg: BaseFspSwitchStackLib Support for X64 b429959bb6 MdeModulePkg/SdMmcPciHcDxe: Make timeout for SD card configurable 79a705fbaf UefiPayloadPkg: Hookup SD/MMC timeout 28eeb08d86 MdePkg/Include: Smbios Specification 3.5.0 changes c1e662101a CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib. 267a92fef3 MdePkg/AcpiXX.h: Update Error Severity type for Generic Error Status Block ec0b54849b IntelFsp2Pkg: BaseFspCommonLib Support for X64 5d8d8b5148 MdeModulePkg/NvmExpressDxe: fix check for Cap.Css 69218d5d28 MdeModulePkg/NvmExpressPei: fix check for NVM command set bf9230a9f3 BaseTools: Add the FeatureFlagExpression usage to the Source Section 3115377bf0 BaseTools: Remove the redundant __FLEXIBLE_SIZE from PcdValueInit.c 4a2e1000a1 CryptoPkg: update openssl submodule to 1.1.1n 355515a06a CryptoPkg? Redefinition bug in CrtLibSupport.h. 7b005f344e BaseTools: fix gcc12 warning 85021f8cf2 BaseTools: fix gcc12 warning 22130dcd98 Basetools: turn off gcc12 warning ec30a4a0c3 BaseTools:Support decimal version number in ECC check 3ef2071927 UefiCpuPkg: Update BFV searching algorithm in VTF0 691b178667 ShellPkg/AcpiView: Adds ACPI_PARSER bitfield parser 40004ff9d5 ShellPkg/AcpiView: PrintFormatter for FADT Flags field 7456990e8e MdeModulePkg/Ufs: bRefClkFreq attribute be programmed after fDeviceInit 237c966396 UefiPayloadPkg/UefiPayloadPkg.ci.yaml: Remove duplicated entry 76191052fd UefiPayloadPkg: Fix build error 449eb01a8d UefiPayloadPkg: Fix architecture in the build instruction c248802e40 UefiPayloadPkg: Fix PciHostBridgeLib 2b4b8013fe UefiPayloadPkg/Library/PlatformBootManagerLib: Remove broken VGA detection 55637a2894 UefiPayloadPkg: Make Boot Timeout configurable 2268920afc .azurepipelines: Use Python 3.8 c3ca70669e .azurepipelines: Use windows-2019 VM image 3b0de44759 EmulatorPkg: Use windows-2019 VM image 75628d27c0 OvmfPkg: Use windows-2019 VM image b328bb54c6 BaseTools/Bin: Update GCC ARM compiler version 3f0c788a5f MdePkg: Add Tdx.h 77228269e7 MdePkg: Update Cpuid.h for Tdx 818bc9596d MdePkg: Introduce basic Tdx functions in BaseLib c3001cb744 MdePkg: Add TdxLib to wrap Tdx operations eddcba40b5 UefiCpuPkg: Extend VmgExitLibNull to handle #VE exception daf8f642f3 OvmfPkg: Extend VmgExitLib to handle #VE exception de327f7d8a UefiCpuPkg/CpuExceptionHandler: Add base support for the #VE exception ab9d790901 MdePkg: Add helper functions for Tdx guest in BaseIoLibIntrinsic b6b2de8848 MdePkg: Support mmio for Tdx guest in BaseIoLibIntrinsic d74e932681 MdePkg: Support IoFifo for Tdx guest in BaseIoLibIntrinsic 3571fc906f MdePkg: Support IoRead/IoWrite for Tdx guest in BaseIoLibIntrinsic 7bed7ae6c5 UefiCpuPkg: Support TDX in BaseXApicX2ApicLib d983b102b3 MdePkg: Add macro to check SEV / TDX guest 88da06ca76 UefiCpuPkg: Enable Tdx support in MpInitLib 352eabdcd5 OvmfPkg: Add IntelTdx.h in OvmfPkg/Include/IndustryStandard 6a608255bb OvmfPkg: Add TdxMailboxLib 57bcfc3b06 OvmfPkg: Create initial version of PlatformInitLib 102cafedad OvmfPkg/PlatformInitLib: Add hob functions 9a9b33b3d6 OvmfPkg/PlatformPei: Move global variables to PlatformInfoHob 5a2574a82e OvmfPkg/PlatformPei: Refactor MiscInitialization 6d2ce5fd5c OvmfPkg/PlatformPei: Refactor MiscInitialization for CloudHV 3dd47f9544 OvmfPkg/PlatformPei: Refactor AddressWidthInitialization 432e4acd87 OvmfPkg/PlatformPei: Refactor MaxCpuCountInitialization f3801cf26c OvmfPkg/PlatformPei: Refactor QemuUc32BaseInitialization e510326245 OvmfPkg/PlatformPei: Refactor InitializeRamRegions 12e860a1e8 OvmfPkg/PlatformPei: Refactor MemMapInitialization cec82a64cf OvmfPkg/PlatformPei: Refactor NoexecDxeInitialization f53f449f15 OvmfPkg/PlatformPei: Refactor MiscInitialization 10460942ff OvmfPkg/PlatformInitLib: Create MemDetect.c 96047b6663 OvmfPkg/PlatformInitLib: Move functions to Platform.c b22ac35b75 OvmfPkg: Update PlatformInitLib to process Tdx hoblist ccca1c2d5d OvmfPkg/Sec: Declare local variable as volatile in SecCoreStartupWithStack 2b80269d98 OvmfPkg: Update Sec to support Tdx 6b27c11690 OvmfPkg: Check Tdx in QemuFwCfgPei to avoid DMA operation bec9104201 MdeModulePkg: Skip setting IA32_ERER.NXE if it has already been set fd306d1dbc MdeModulePkg: Add PcdTdxSharedBitMask cc3620f304 UefiCpuPkg: Update AddressEncMask in CpuPageTable e23f8f52fd OvmfPkg: Update PlatformInitLib for Tdx guest cf17156d7d OvmfPkg: Update PlatformPei to support Tdx guest 9fdc70af6b OvmfPkg: Update AcpiPlatformDxe to alter MADT table 5aa8018639 OvmfPkg/BaseMemEncryptTdxLib: Add TDX helper library fae5c1464d OvmfPkg: Add TdxDxe driver 07c721fea7 OvmfPkg/QemuFwCfgLib: Support Tdx in QemuFwCfgDxe 2520182122 OvmfPkg: Update IoMmuDxe to support TDX c2e7be4055 OvmfPkg: Rename XenTimerDxe to LocalApicTimerDxe 299c44cd4f UefiCpuPkg: Setting initial-count register as the last step c37cbc030d OvmfPkg: Switch timer in build time for OvmfPkg 580a6b616b OvmfPkg: Add TdxWorkArea definition 75942a52ae OvmfPkg: Add PrePiHobListPointerLibTdx 4fe2678411 OvmfPkg: Add PeilessStartupLib 1f29de4d20 OvmfPkg/IntelTdx: Add Sec to bring up both Legacy and Tdx guest 55fda68a80 OvmfPkg: Update TdxDxe to set TDX PCDs f674fa9cde OvmfPkg: Update DxeAcpiTimerLib to read HostBridgeDevId in PlatformInfoHob 149ed8e421 OvmfPkg/IncompatiblePciDeviceSupportDxe: Refine the configuration c477b2783f OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Td guest cb8349f01a MdeModulePkg: Update PciEnumeratorSupport to ignore OptionRom if needed 44a53a3bdd OvmfPkg: Introduce IntelTdxX64 for TDVF Config-B 7fda517c3d OvmfPkg: Add dependency of VariableSmm driver to make it work normally. b953265a27 UefiPayloadPkg: Add a new DebugPrintErrorLevelLib instance 0023e35cf4 UefiPayloadPkg: Change some configuration of the payload 3e130e40fc UefiPayloadPkg: Consume the new added DebugPrintErrorLevelLib instance f16b05a13b .pytool/Plugin/UncrustifyCheck: Update func to return absolute paths dbfbaedb21 .pytool/Plugin/UncrustifyCheck: Add ignore file support d932199d39 OvmfPkg: Revert Uncrustify formatting in VbeShim.h files ad6816c319 OvmfPkg: Do not check VbeShim.h formatting with Uncrustify d2998af211 PrmPkg: Add package and include headers 5f76c3e471 PrmPkg: Add PrmConfig protocol interface e189e01af2 PrmPkg/PrmContextBufferLib: Add initial library instance 3f7af17c6b PrmPkg/PrmConfigDxe: Add initial driver 9276e0d2b9 PrmPkg: Add initial PrmSamplePrintModule c63905aba7 PrmPkg: Add initial PrmSampleMemoryAllocationModule 27b1a840e4 PrmPkg: Add initial PrmSampleHardwareAccessModule 7c41ec47ca PrmPkg: Add initial PrmSampleContextBufferModule 97ab54c1b1 PrmPkg: Add initial package DSC file d2cb6e67a4 Readme.md: Add initial content e846797662 PrmPkg: Add ALLOCATE_CONTEXT_BUFFER_IN_FW build option a6f8946bc9 PrmPkg: Enable variable growth for the PRM_MODULE_EXPORT macro ef05955996 PrmPkg: Publish PRM operation region to support PRM ACPI _DSM invocation f96517f4d0 PrmPkg: Export major/minor version in PRM module PE COFF header 50e1432a40 PrmPkg: Add initial PrmSsdtInstallDxe module a409f4b67d PrmPkg: Remove PRM Module Update Lock 0797989c5d PrmPkg: Remove ALLOCATE_CONTEXT_BUFFER_IN_FW build flag 0b469caff6 PrmPkg/PrmContextBuffer.h: Add ACPI parameter support structures be2c927d7c PrmPkg/PrmLoaderDxe: Add ACPI parameter buffer support c1a7a50f67 PrmPkg/PrmSampleContextBufferModule: Remove OS debug print requirement 4c8486fd72 PrmPkg/PrmSampleHardwareAccessModule: Add non-print PRM handlers 7217263514 PrmPkg/SampleAcpiParameterBufferModule: Add initial module fec018624c PrmPkg/HardwareAccessModuleConfigLib: Add initial library d10b8dc5d8 PrmPkg/Samples/Readme.md: Add initial file 6b7dde7cdd PrmPkg: Refactor some PrmLoaderDxe functionality into libraries 4348c72ad0 PrmPkg/Application/PrmInfo: Add initial application e10c776487 PrmPkg: Enforce stricter types 2e55b0cd9e PrmPkg/Test/PrmPkgHostTest.dsc: Add initial file 3599f5479d PrmPkg/Test/UnitTest/Library: Add initial UEFI Boot Services test lib 82d15dc6c1 PrmPkg/Library/DxePrmContextBufferLib: Add host-based unit tests 68ee42c991 PrmPkg/DxePrmModuleDiscoveryLib: Add initial host-based unit tests c040831cf9 PrmPkg: Add PlatformGuid a9302b89a9 PrmPkg: Update PRM OpRegion f8e68587e2 Readme.md: Add iASL note and QEMU sample link 4a4aeaa446 PrmPkg: Replace PcdPrmPlatformGuid with EDKII_DSC_PLATFORM_GUID 17b2d64ced PrmPkg/Samples: Remove PrmSampleMemoryAllocationModule 050b2ba27d PrmPkg/Samples: Remove PrmSamplePrintModule 88f3d734f5 PrmPkg: Remove the concept of OS services deea4e58b0 Readme.md: Add a link to PRM Specification f3c11224b5 PrmPkg: Changes for edk2 repo transition a298a84478 PrmPkg: Apply uncrustify changes 94f905b3bf MdeModulePkg/HiiDatabase: Fix Setup numeric default value incorrect issue b8c5ba2337 BaseTools: efi_debugging.py: Add debugger agnostic dbg Python Classes 0d7fec9f79 BaseTools: Scripts/efi_gdb.py: Add gdb EFI commands and pretty Print 4f4afcd288 BaseTools: Scripts/efi_lldb.py: Add lldb EFI commands and pretty Print bfefdc2c49 UefiPayloadPkg: Fix PciHostBridgeLib 676084303d UefiPayloadPkg: Support IA32 Build 63e155f24d UefiPayloadPkg: Add dependency of VariableSmm driver. dab96cf02e UefiPayloadPkg: Add --quiet argument to Universal Payload build script 35a4b63247 NetworkPkg: Add PCDs for HTTP DNS RetryCount and RetryInterval 38a9afd0fb NetworkPkg/HttpDxe: Decofigure Tcp4 before reconfiguring 3974aa539e NetworkPkg/HttpDxe: Decofigure Tcp6 before reconfiguring c43ff5188d NetworkPkg/HttpDxe: Add ConnectionClose flag fo HTTP_PROTOCOL 753fd319e2 NetworkPkg/HttpDxe: Detect 'Connection: close' header 12a50c9ce1 NetworkPkg/HttpDxe: Detect HTTP/1.0 servers 5576b17363 BaseTools: Fix DevicePath tool build failure issue 4352d115c4 CryptoPkg/CrtLibSupport: add fcntl.h 3b4b49cf00 CryptoPkg/CrtLibSupport: add strstr() 58771f4b2d CryptoPkg/CrtLibSupport: add INT_MIN 2759e42fbc CryptoPkg/CrtLibSupport: add UINT_MAX fd5f347c84 CryptoPkg/CrtLibSupport: add MODULESDIR 03951e5645 CryptoPkg/CrtLibSupport: add off_t fab6285a73 CryptoPkg/CrtLibSupport: fix strcpy f5508a91e3 CryptoPkg/UnitTest: fix DH testcase c411566fad pip-requirements.txt: Update basetools version to 0.1.17 8a5727c7a8 Maintainers.txt: Add Michael Kubacki as UnitTestFrameworkPkg maintainer 1a49e2aa3c CryptoPkg: Add instrinsics to support building ECC on IA32 windows efc39e65e5 CryptoPkg: Reconfigure OpensslLib to add EC algorithms 0c901fcc20 CryptoPkg: Make EC source file config-able f3da13461c CryptoPkg/TlsLibNull: Remove MU_CHANGE comment markers 4cfb28f12a UefiPayloadPkg: Fix the build failure 9bf7291d63 ShellPkg: Update smbiosview type 41 with SMBIOS 3.5 fields 630df8c86e IntelFsp2Pkg: X64 compatible changes to support PEI in 64bit 6f219bef55 IntelFsp2Pkg: Add FSPx_ARCH2_UPD support for X64 d40965b987 IntelFsp2Pkg: Update FSP_GLOBAL_DATA and FSP_PLAT_DATA for X64 00aa71ce20 IntelFsp2Pkg: FspSecCore support for X64 6bec5a66ea IntelFsp2Pkg: SecFspSecPlatformLibNull support for X64 4a6ed7e46a IntelFsp2WrapperPkg: Adopt FSPM_UPD_COMMON_FSP24 for X64 86a2f3c439 IntelFsp2WrapperPkg: BaseFspWrapperApiLib support for X64 91a03f78ba IntelFsp2WrapperPkg: SecFspWrapperPlatformSecLibSample support for X64 3d97733f44 MdePkg: Add CC_GUEST_TYPE in ConfidentialComputingGuestAttr.h d020ac55b6 OvmfPkg: Replace GUEST_TYPE with CC_GUEST_TYPE 74a3eb975d MdePkg: Add CcProbeLibNull 2f44d77c68 OvmfPkg: Add CcProbeLib 2a7e1e890d OvmfPkg: Add CcProbeLib in *.dsc 7012cb73c4 MdePkg: Probe Cc guest in BaseIoLibIntrinsicSev 76fda1def3 OvmfPkg: Call CcProbe in SecMain.c instead of TsIsEnabled 532bd4ec38 CryptoPkg/Crt: fix strcpy build on older VS compilers 6d2baf9dfb PrmPkg/DxePrmContextBufferLib: Fix unit test GCC compilation errors 892787fed5 OvmfPkg/OvmfPkgX64: Adjust load sequence of TdxDxe and AmdSevDxe driver b06a007b64 CryptoPkg: Declare PcdEcEnabled in Library consuming OpensslLib fdfbf1fdab MdePkg: Update smbiosview type 9 with SMBIOS 3.5 fields a85ae8d964 ShellPkg: Update smbiosview type 9 with SMBIOS 3.5 fields 2306555bf9 UefiPayloadPkg: Fix IA32 entry build failure f4dfec6ca1 BaseTools: Move gPlatformFinalPcd to Datapipe and optimize size ee582858c4 .azurepipelines: Add NOOPT to all package builds 2d9d605714 .pytool/Plugin/UncrustifyCheck: Add Azure DevOps UI debug instructions b807174fec MdeModulePkg/GraphicsConsoleDxe: add modes 5a17629902 OvmfPkg: clear PcdConOut{Row,Column} 96e1d337e0 ArmVirtPkg: clear PcdConOut{Row,Column} 483d3bb716 ShellPkg: Update smbiosview type 0 with SMBIOS 3.5 fields ecc79b092e OvmfPkg/VirtioGpuDxe: add VirtioGpuSendCommandWithReply 182122914c OvmfPkg/VirtioGpuDxe: add GetDisplayInfo to virtio-gpu spec header. 82c07f2cc7 OvmfPkg/VirtioGpuDxe: add VirtioGpuGetDisplayInfo 5f6ecaa398 OvmfPkg/VirtioGpuDxe: use GopQueryMode in GopSetMode 86de090b99 OvmfPkg/VirtioGpuDxe: move code to GopInitialize 916f90baa5 OvmfPkg/VirtioGpuDxe: query native display resolution from host d372ab585a BaseTools/Conf: Fix Dynamic-Library-File template cabd96ad03 OvmfPkg: restore CompatImageLoaderDxe chunk 4092f1d397 OvmfPkg/Bhyve: add support for QemuFwCfg daa6cd8763 ArmPlatformPkg: Fix error message in Scripts/Ds5/edk2_debugger.py 5299568ce6 ArmPlatformPkg: Fix target initialisation in cmd_load_symbols.py 101f4c7892 ArmPlatformPkg: Fix EDK2_DSC check in Scripts/Makefile a64b944942 BaseTools: Add FMMT Python Tool 826527c9db UefiPayloadPkg: Add definition for PayloadCommandLine HOB d4eef3fe7c MdePkg: Add CpuLib to module INFs that depend on UefiCpuLib. a63b086e69 IntelFsp2Pkg: Add CpuLib to module INFs that depend on UefiCpuLib 3afa0a2096 IntelFsp2WrapperPkg: Add CpuLib to module INFs that depend on UefiCpuLib. 1783b099d3 OvmfPkg: Add CpuLib to module INFs that depend on UefiCpuLib. 86d41c077e UefiCpuPkg: Add CpuLib to module INFs that depend on UefiCpuLib. 2434f6f206 UefiPayloadPkg: Add CpuLib to module INFs that depend on UefiCpuLib. 247a0fc65e OvmfPkg: Add README for TDVF 8079d4dc4f MdePkg: add SmmCpuRendezvousLib.h and SmmCpuRendezvousLibNull implement. 1a6c837638 UefiPayloadPkg: Fix the UPL build failure 29ae55a0b8 PcAtChipsetPkg: Change the flow of PcRtcInit() a658ed30e5 MdeModulePkg/PCD: Pcd initialize DXE have assert 0e31124877 .pytool: Fix python command error in self introduction doc 43613b2fe8 CryptoPkg: Rename PCD about openssl EC configuration f753c36209 CryptoPkg: Separate auto-generated openssl config and edk2 openssl config 499b0d5fa5 CryptoPkg: Update process_files.pl to automatically add PCD config option a332ffb6ef CryptoPkg/openssl: update generated files 9dd964f5e5 CryptoPkg/openssl: disable codestyle checks for generated files b5cd30a79b UefiCpuPkg: Revert "UefiCpuPkg: Enable Tdx support in MpInitLib" ad629b5c5a OvmfPkg: Add MpInitLibDepLib related PPI/Protocol definitions 2f06e5af47 OvmfPkg: Add MpInitLibDepLib b63a49e056 OvmfPkg/Sec: Install MpInitLibDepLib PPIs in SecMain.c 73d6d41de0 OvmfPkg/TdxDxe: Install MpInitLibDepLib protocols deee7a100b OvmfPkg: Enable 2 different CpuMpPei and CpuDxe drivers 17702186b5 MdeModulePkg: PiSmmCore: Inspect memory guarded with pool headers d0efa681b6 UefiPayloadPkg: Simplify code logic 57ebb2994d UefiPayloadPkg: Add Serial IO device path according to related protocol ef01d63ef3 UefiPayloadPkg: Connect all root bridge in PlatformBootManagerBeforeConsole 35d9b7ea2d ArmPkg: Remove RVCT support b55b6d33e4 ArmPlatformPkg: Remove RVCT support e9eeb0ad2b CryptoPkg: Remove RVCT support 48b919cb14 MdePkg: Remove RVCT support 5621d81edf FatPkg: Remove RVCT support cc070e9e0c NetworkPkg: Remove RVCT support a744199470 ArmVirtPkg: Remove RVCT support b7a446f224 EmbeddedPkg: Remove RVCT support 57c84113a1 OvmfPkg: Remove RVCT support 708620d29d BaseTools: Remove RVCT support 2d1138a1a8 .azurepipelines: Fix cspell version to v5.20.0 7b126978e1 .pytool/plugin/SpellCheck: Allow compound words 2189c71026 .pytool/plugin/SpellCheck: Add more common words 0903042b66 MdeModulePkg: Add Variable Flash Info HOB 60b519456c MdeModulePkg/VariableFlashInfoLib: Add initial library 4dbebc2d10 MdeModulePkg/Variable: Consume Variable Flash Info 8db39c60cd MdeModulePkg/FaultTolerantWrite: Consume Variable Flash Info 524a15c1fa ArmVirtPkg/ArmVirt.dsc.inc: Add VariableFlashInfoLib a69eac7578 EmulatorPkg: Add VariableFlashInfoLib a7d3d4e7c4 OvmfPkg: Add VariableFlashInfoLib 1f026ababf UefiPayloadPkg: Add VariableFlashInfoLib a72d552f19 OvmfPkg/OvmfPkgX64: Use different CcProbeLib when SMM is on or off a21a3438f7 OvmfPkg: Make an Ia32/X64 hybrid build work with SEV 9c733f0b90 OvmfPkg: TdxDxe: Fix AsmRelocateApMailBoxLoop 07c0c2eb0a OvmfPkg: fix PcdFSBClock 16779ede2d Removed prefix to match AsmRelocateApMailBoxLoopStart - Removed patches in ovmf-bsc1196879-sev-fix.patch which are merged to mainline: - OvmfPkg/AmdSev: reserve snp pages - de463163d9 edk2-stable202205-rc1~292 - OvmfPkg/ResetVector: cache the SEV status MSR value - 63c50d3ff2 edk2-stable202205-rc1~291 - OvmfPkg/BaseMemEncryptLib: use the SEV_STATUS MSR - f1d1c337e7 edk2-stable202205-rc1~290 - Add the following patches for building edk2-stable202205 with nasm-2.14 on SLE15-SP3/SP4 and Leap 15.3/15.4. Those patches add marco back because nasm-2.14 doesn't support corresponding instructions. (jsc#PED-1410) - ovmf-Revert-MdePkg-Remove-the-macro-definitions-regarding.patch ovmf-Revert-UefiCpuPkg-Replace-Opcode-with-the-correspond.patch ovmf-Revert-SourceLevelDebugPkg-Replace-Opcode-with-the-c.patch ovmf-Revert-MdePkg-Replace-Opcode-with-the-corresponding-.patch ovmf-Revert-MdeModulePkg-Replace-Opcode-with-the-correspo.patch - Then reverted 5 patches in 84338c0d49~..bbaa00dd01 MdeModulePkg: Replace Opcode with the corresponding MdePkg: Replace Opcode with the corresponding SourceLevelDebugPkg: Replace Opcode with the UefiCpuPkg: Replace Opcode with the corresponding MdePkg: Remove the macro definitions regarding Opcode. - Change the size of ovmf-x86_64 to 4MB, otherwise OBS exposes the following error: [ 266s] GenFv: ERROR 3000: Invalid [ 266s] the required fv image size 0x1afed8 exceeds the set fv image size 0x1ac000 - [ovmf-x86_64]="-p OvmfPkg/OvmfPkgX64.dsc -D FD_SIZE_4MB" ++++ rsync: - Add upstream patch rsync-3.2.5-slp.patch, as the one included in the released tarball doesn't fully apply. - Drop patch rsync-CVE-2022-29154.patch, already included upstream. - Update to 3.2.5 * SECURITY FIXES: - Added some file-list safety checking that helps to ensure that a rogue sending rsync can't add unrequested top-level names and/or include recursive names that should have been excluded by the sender. These extra safety checks only require the receiver rsync to be updated. When dealing with an untrusted sending host, it is safest to copy into a dedicated destination directory for the remote content (i.e. don't copy into a destination directory that contains files that aren't from the remote host unless you trust the remote host). Fixes CVE-2022-29154. - A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue). * BUG FIXES: - Fixed the handling of filenames specified with backslash-quoted wildcards when the default remote-arg-escaping is enabled. - Fixed the configure check for signed char that was causing a host that defaults to unsigned characters to generate bogus rolling checksums. This made rsync send mostly literal data for a copy instead of finding matching data in the receiver's basis file (for a file that contains high-bit characters). - Lots of manpage improvements, including an attempt to better describe how include/exclude filters work. - If rsync is compiled with an xxhash 0.8 library and then moved to a system with a dynamically linked xxhash 0.7 library, we now detect this and disable the XX3 hashes (since these routines didn't stabilize until 0.8). * ENHANCEMENTS: - The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the extra file-list safety checking (should that be required). * PACKAGING RELATED: - A note to those wanting to patch older rsync versions: the changes in this release requires the quoted argument change from 3.2.4. Then, you'll want every single code change from 3.2.5 since there is no fluff in this release. - The build date that goes into the manpages is now based on the developer's release date, not on the build's local-timezone interpretation of the date. * DEVELOPER RELATED: - Configure now defaults GETGROUPS_T to gid_t when cross compiling. - Configure now looks for the bsd/string.h include file in order to fix the build on a host that has strlcpy() in the main libc but not defined in the main string.h file. ++++ timezone: - timezone update 2022c: * Work around awk bug * Improve tzselect on intercontinental Zones ------------------------------------------------------------------ ------------------ 2022-8-15 - Aug 15 2022 ------------------- ------------------------------------------------------------------ ++++ fde-tools: - Fixed typo of tpm2_key_protector_clear - Renamed to fde-tools-0.1 - included firstboot stuff ++++ gdk-pixbuf: - avoid bashism in baselibs postscript (bsc#1195391) ++++ glibc: - glibcextract-compile-c-snippet.patch: glibcextract.py: Add compile_c_snippet - sys-mount-kernel-definition.patch: linux: Mimic kernel definition for BLOCK_SIZE - sys-mount-usage.patch: linux: Fix sys/mount.h usage with kernel headers ++++ gtk3: - avoid bashism in baselibs postscript (bsc#1195391) ++++ kernel-default: - config.conf: reenable armv7hl configs - Update config files for armv7hl (following x86_64 settings, compiling as module unless DEBUG or DEPRECATED) - commit 0329b6a - Refresh patches.rpmify/kbuild-dummy-tools-pretend-we-understand-__LONG_DOUB.patch. Update upstream status. - commit 8711731 - armv7hl: rebuilt as an overlay over default config generated automatically with scripts/config-diff - commit 1d75725 - armv6/v7: enable BT_VIRTIO - commit ba8dcca - Refresh and re-apply i8042 quirk patch for ASUS ZenBook (bsc#1190256) - commit aeed1e4 - Update to 6.0-rc1 - eliminate 4 patches (all mainline) - patches.suse/0001-drm-Always-warn-if-user-defined-modes-are-not-suppor.patch - patches.suse/0001-drm-client-Don-t-add-new-command-line-mode.patch - patches.suse/0001-drm-client-Look-for-command-line-modes-first.patch - patches.suse/ath9k-fix-use-after-free-in-ath9k_hif_usb_rx_cb.patch - disable - patches.suse/Input-i8042-Apply-probe-defer-to-more-ASUS-ZenBook-m.patch - refresh - patches.suse/add-suse-supported-flag.patch - patches.suse/add-product-identifying-information-to-vmcoreinfo.patch - patches.suse/vfs-add-super_operations-get_inode_dev - patches.suse/Revert-zram-remove-double-compression-logic.patch - disable ARM architectures (need config update) - new config options - General setup - CONTEXT_TRACKING_USER_FORCE=n - RCU_NOCB_CPU_DEFAULT_ALL=n - CGROUP_FAVOR_DYNMODS=n - Power management and ACPI options - PM_USERSPACE_AUTOSLEEP=n - Networking support - NF_FLOW_TABLE_PROCFS=y - NET_DSA_TAG_RZN1_A5PSW=m - File systems - DLM_DEPRECATED_API=n - Security options - SECURITY_APPARMOR_INTROSPECT_POLICY=y - SECURITY_APPARMOR_EXPORT_BINARY=y - SECURITY_APPARMOR_PARANOID_LOAD=y - IMA_KEXEC=n - Cryptographic API - CRYPTO_FIPS_NAME="Linux Kernel Cryptographic API" - CRYPTO_FIPS_CUSTOM_VERSION=n - CRYPTO_HCTR2=m - CRYPTO_POLYVAL_CLMUL_NI=m - CRYPTO_ARIA=m - Kernel hacking - SHRINKER_DEBUG=n - RV=n - PCI support - PCI_EPF_VNTB=m - Block devices - BLK_DEV_UBLK=m - NVME Support - NVME_AUTH=n - NVME_TARGET_AUTH=n - Network device support - NET_DSA_MICROCHIP_KSZ_SPI=m - NET_VENDOR_WANGXUN=y - TXGBE=m - CAN_NETLINK=y - CAN_CAN327=m - CAN_ESD_USB=m - Sound card support - SND_CTL_FAST_LOOKUP=y - SND_CTL_INPUT_VALIDATION=n - SND_CTL_DEBUG=n - SND_SOC_AMD_ST_ES8336_MACH=m - SND_AMD_ASOC_REMBRANDT=m - SND_SOC_AMD_RPL_ACP6x=m - SND_SOC_INTEL_AVS_MACH_DA7219=m - SND_SOC_INTEL_AVS_MACH_DMIC=m - SND_SOC_INTEL_AVS_MACH_HDAUDIO=m - SND_SOC_INTEL_AVS_MACH_I2S_TEST=m - SND_SOC_INTEL_AVS_MACH_MAX98357A=m - SND_SOC_INTEL_AVS_MACH_MAX98373=m - SND_SOC_INTEL_AVS_MACH_NAU8825=m - SND_SOC_INTEL_AVS_MACH_RT274=m - SND_SOC_INTEL_AVS_MACH_RT286=m - SND_SOC_INTEL_AVS_MACH_RT298=m - SND_SOC_INTEL_AVS_MACH_RT5682=m - SND_SOC_INTEL_AVS_MACH_SSM4567=m - SND_SOC_SOF_METEORLAKE=m - SND_SOC_TAS2780=n - SND_SOC_WSA883X=n - USB support - UCSI_STM32G0=m - TYPEC_ANX7411=m - Microsoft Surface Platform-Specific Device Drivers - SURFACE_AGGREGATOR_HUB=m - SURFACE_AGGREGATOR_TABLET_SWITCH=m - Industrial I/O support - ENVELOPE_DETECTOR=n - SD_ADC_MODULATOR=n - VF610_ADC=n - Misc devices - TCG_TIS_I2C=m - SPI_MICROCHIP_CORE=m - PINCTRL_METEORLAKE=m - SENSORS_LT7182S=m - VIDEO_AR0521=m - LEDS_IS31FL319X=m - INFINIBAND_ERDMA=m - XEN_VIRTIO_FORCE_GRANT=n - VIDEO_STKWEBCAM=n - PWM_CLK=m - RESET_TI_TPS380X=n - ANDROID_BINDER_IPC=n - FPGA_MGR_MICROCHIP_SPI=m - OF dependent (i386, ppc64/ppc64le, riscv64) - VCPU_STALL_DETECTOR=m - DRM_PANEL_EBBG_FT8719=n - DRM_TI_DLPC3433=n - DRM_LOGICVC=n - DRM_IMX_LCDIF=n - I2C_HID_OF_ELAN=m - USB_ONBOARD_HUB=m - RTC_DRV_NCT3018Y=m - ppc64(le), s390x and riscv64 - SCSI_BUSLOGIC=m - SCSI_FLASHPOINT=n - ppc64le and riscv64 - CRYPTO_DEV_QAT_DH895xCC=m - CRYPTO_DEV_QAT_C3XXX=m - CRYPTO_DEV_QAT_C62X=m - CRYPTO_DEV_QAT_4XXX=m - CRYPTO_DEV_QAT_DH895xCCVF=m - CRYPTO_DEV_QAT_C3XXXVF=m - CRYPTO_DEV_QAT_C62XVF=m - ppc64 / ppc64le - PSERIES_PLPKS=y - KVM_BOOK3S_HV_P9_TIMING=n - KVM_BOOK3S_HV_P8_TIMING=n - RANDOMIZE_KSTACK_OFFSET=y - RANDOMIZE_KSTACK_OFFSET_DEFAULT=y - PSERIES_WDT=m - s390x - VFIO_PCI_ZDEV_KVM=y - riscv64 - ERRATA_THEAD_CMO=y - NONPORTABLE=n - RISCV_ISA_ZICBOM=y - RANDOM_TRUST_CPU=y - I2C_MICROCHIP_CORE=m - SND_SOC_HDA=m - USB_MUSB_POLARFIRE_SOC=m - RTC_DRV_POLARFIRE_SOC=m - commit c35dc38 ++++ libjpeg-turbo: - update to 2.1.4: * Fixed a regression introduced in 2.1.3 that caused build failures with Visual Studio 2010. * The tjDecompressHeader3() function in the TurboJPEG C API and the TJDecompressor.setSourceImage() method in the TurboJPEG Java API now accept "abbreviated table specification" (AKA "tables-only") datastreams, which can be used to prime the decompressor with quantization and Huffman tables that can be used when decompressing subsequent "abbreviated image" datastreams. * libjpeg-turbo now performs run-time detection of AltiVec instructions on OS X/PowerPC systems if AltiVec instructions are not enabled at compile time. This allows both AltiVec-equipped (PowerPC G4 and G5) and non-AltiVec-equipped (PowerPC G3) CPUs to be supported using the same build of libjpeg-turbo. * Fixed an error ("Bogus virtual array access") that occurred when attempting to decompress a progressive JPEG image with a height less than or equal to one iMCU (8 * the vertical sampling factor) using buffered-image mode with interblock smoothing enabled. This was a regression introduced by 2.1 beta1[6(b)]. * Fixed two issues that prevented partial image decompression from working properly with buffered-image mode: * Attempting to call jpeg_crop_scanline() after jpeg_start_decompress() but before jpeg_start_output() resulted in an error ("Improper call to JPEG library in state 207".) * Attempting to use jpeg_skip_scanlines() resulted in an error ("Bogus virtual array access") under certain circumstances. ++++ ncurses: - Add ncurses patch 20220813 + modify delscreen to more effectively delete all windows on the given screen. + amend portability note for delwin in manual page. + adapt test/test_delwin.c from example by Bill Gray. + account for prescreen data if freeing leaks in pthread-configuration + split-out _nc_set_read_thread(), to reduce compiler warnings about pthread_self(), which may/may not be a weak symbol. + improve pthread-configuration for test/worm.c ++++ shadow: - Update to 4.12.1: * Fix uk manpages - Remove shadow-4.12-remove-uk.patch: fixed upstream ++++ systemd: - Add patch 1001-statx.patch based on commit 3657d3a0 * to resolve conflicts with glibc 2.36 with * add dirty hack to get in src/basic/chattr-util.h, src/home/homework.h, src/home/homework-fscrypt.c, src/home/homed-manager.c, and src/home/homework-mount.c as well to avoid that does include ++++ libvirt: - Fix build with glibc 2.36 9493c9b7-lxc-containter-fix-build-with-glibc-2.36.patch, c0d9adf2-virfile-Fix-build-with-glibc-2.36.patch boo#1202321 ++++ zeromq: - drop xmlto and asciidoc buildrequires, these are only needed for non-release builds which do not ship with prebuilt docs ------------------------------------------------------------------ ------------------ 2022-8-14 - Aug 14 2022 ------------------- ------------------------------------------------------------------ ++++ vim: - Updated to version 9.0.0203, fixes the following problems * Textprop test with line2byte() fails on MS-Windows. * Quarto files are not recognized. * Extra space after virtual text when 'linebreak' is set. * Virtual text prop highlight continues after truncation. * Virtual text does not show if tehre is a text prop at same position. (Ben Jackson) * Virtual text without highlighting does not show. (Ben Jackson) * Command line height changes when maximizing window height. * Strange effects when using virtual text with "text_align" and non-zero column. (Martin Tournoij) * Invalid memory access for text prop without highlight. * The way 'cmdheight' can be made zero is inconsistent. * Messages test fails; window size incorrect when 'cmdheight' is made smaller. * Possible invalid memory access when 'cmdheight' is zero. (Martin Tournoij) * Search and match highlgith interfere with virtual text highlight. (Ben Jackson) * Cursor displayed in wrong position after removing text prop. (Ben Jackson) * Metafun files are not recogized. * Finding value in list may require a for loop. * Astro files are not detected. * ml_get error when switching buffer in Visual mode. * Cursor position wrong with two right-aligned virtual texts. * cursor in a wrong positoin if 'wrap' is off and using two right aligned text props in one line. * CursorLine highlight overrules virtual text highlight. * Code and help for indexof() is not ideal. * Confusing variable name. ------------------------------------------------------------------ ------------------ 2022-8-13 - Aug 13 2022 ------------------- ------------------------------------------------------------------ ++++ llvm15: - Use black RPM macro magic to deduplicate binary lists. This should have no effect on the generated RPM but shaves ~400 lines off the specfile and hopefully makes future maintenance easier. ------------------------------------------------------------------ ------------------ 2022-8-12 - Aug 12 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - Enable zink driver build on x86_64 ++++ Mesa-drivers: - Enable zink driver build on x86_64 ++++ NetworkManager-branding-openSUSE: - Expliciltly BuildRequire NetworkManager-branding-upstream: branding-upstream is produced by NetworkManager and is guaranteed to be the same version. Breaks a self-cycle. ++++ kernel-default: - drm/amd/display: Removing assert statements for Linux (bsc#1202366). - drm/amd/display: Add SMU logging code (bsc#1202366). - commit 9b717b4 - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch. Now iwlwifi queries *-72.ucode, but again, this is non-existing version. Correct to the existing *-71.ucode - commit 58a95c5 ++++ freetype2: - spec-cleaner - Move ftpdump from ft2demos to freetype - it's required by other packages and doesn't require any of the toolkits, so move its build early ++++ gcc12: - Update to gcc-12 branch head, 6b7d570a5001bb79e34c0d1626a, git372 * includes release candidate for GCC 12.2 ++++ xz: - update to 5.2.6 (CVE-2022-1271, bsc#1198062): * xz: - The --keep option now accepts symlinks, hardlinks, and setuid, setgid, and sticky files. - When copying metadata from the source file to the destination file, don't try to set the group (GID) if it is already set correctly. This avoids a failure on OpenBSD (and possibly on a few other OSes) where files may get created so that their group doesn't belong to the user, and fchown(2) can fail even if it needs to do nothing. - Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on MIPS32 because on MIPS32 userspace processes are limited to 2 GiB of address space. * liblzma: - Fixed a missing error-check in the threaded encoder. If a small memory allocation fails, a .xz file with an invalid Index field would be created. Decompressing such a file would produce the correct output but result in an error at the end. Thus this is a "mild" data corruption bug. Note that while a failed memory allocation can trigger the bug, it cannot cause invalid memory access. - The decoder for .lzma files now supports files that have uncompressed size stored in the header and still use the end of payload marker (end of stream marker) at the end of the LZMA stream. Such files are rare but, according to the documentation in LZMA SDK, they are valid. doc/lzma-file-format.txt was updated too. - Improved 32-bit x86 assembly files: * Support Intel Control-flow Enforcement Technology (CET) * Use non-executable stack on FreeBSD. * xzgrep: - Fixed arbitrary command injection via a malicious filename (CVE-2022-1271, ZDI-CAN-16587). A standalone patch for this was released to the public on 2022-04-07. A slight robustness improvement has been made since then and, if using GNU or *BSD grep, a new faster method is now used that doesn't use the old sed-based construct at all. This also fixes bad output with GNU grep >= 3.5 (2020-09-27) when xzgrepping binary files. - Fixed detection of corrupt .bz2 files. - Improved error handling to fix exit status in some situations and to fix handling of signals: in some situations a signal didn't make xzgrep exit when it clearly should have. It's possible that the signal handling still isn't quite perfect but hopefully it's good enough. - Documented exit statuses on the man page. - xzegrep and xzfgrep now use "grep -E" and "grep -F" instead of the deprecated egrep and fgrep commands. - Fixed parsing of the options -E, -F, -G, -P, and -X. The problem occurred when multiple options were specied in a single argument, for example, echo foo | xzgrep -Fe foo treated foo as a filename because -Fe wasn't correctly split into -F -e. - Added zstd support. * xzdiff/xzcmp: - Fixed wrong exit status. Exit status could be 2 when the correct value is 1. - Documented on the man page that exit status of 2 is used for decompression errors. - Added zstd support. * xzless: - Fix less(1) version detection. It failed if the version number from "less -V" contained a dot. ++++ nfs-utils: - Update to version 2.6.2 - https://kernel.org/pub/linux/utils/nfs-utils/2.6.2/2.6.2-Changelog - Remove patches from this release: - gcc12-fix.patch - 0001-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch - 0002-Update-autoconfig-files-to-work-with-v2.71.patch - 0003-autoconf-change-tirpc-to-check-for-a-file-not-for-an.patch - 0004-modprobe-protect-against-sysctl-errors.patch - Refresh nfs-utils-1.0.7-bind-syntax.patch - Added files: - /usr/lib/udev/rules.d/99-nfs.rules - /usr/libexec/nfsrahead - /usr/sbin/rpcctl - /usr/share/man/man5/nfsrahead.5.gz - /usr/share/man/man8/rpcctl.8.gz - Sort man page entries in %files section ++++ shadow: - Update to 4.12: * Add absolute path hint to --root * Various cleanups * Fix Ubuntu release used in CI tests * add -F options to userad * useradd manpage updates * Check for ownerid (not just username) in subid ranges * Declare file local functions static * Use strict prototypes * Do not drop const qualifier for Basename * Constify various pointers * Don't return uninitialized memory * Don't let compiler optimize away memory cleaning * Remove many obsolete compatibility checks and defines * Modify ID range check in useradd * Use "extern "C"" to make libsubid easier to use from C++ * French translation updates * Fix s/with-pam/with-libpam/ * Spanish translation updates * French translation fixes * Default max group name length to 32 * Fix PAM service files without-selinux * Improve manpages - groupadd, useradd, usermod - groups and id - pwck * Add fedora to CI builds * Fix condition under which pw_dir check happens * logoutd: switch to strncat * AUTHORS: improve markdown output * Handle ERANGE errors correctly * Check for fopen NULL return * Split get_salt() into its own fn juyin) * Get salt before chroot to ensure /dev/urandom. * Chpasswd code cleanup * Work around git safe.directory enforcement * Alphabetize order in usermod help * Erase password copy on error branches * Suggest using --badname if needed * Update translation files * Correct badnames option to badname * configure: replace obsolete autoconf macros * tests: replace egrep with grep -E * Update Ukrainian translations * Cleanups - Remove redeclared variable - Remove commented out code and FIXMEs - Add header guards - Initialize local variables * CI updates - Create github workflow to install dependencies - Enable CodeQL - Update actions version * libmisc: use /dev/urandom as fallback if other methods fail - Add shadow-4.12-remove-uk.patch: Disable non working Ukranian translation for now https://github.com/shadow-maint/shadow/issues/547 ------------------------------------------------------------------ ------------------ 2022-8-11 - Aug 11 2022 ------------------- ------------------------------------------------------------------ ++++ ALP-build-key: - Update key for new SUSE:ALP location ++++ NetworkManager: - Update to version 1.38.4: + Fix DAD for DHCPv6 addresses. + Wi-Fi: improvements for OWE networks. + Support EC private keys. + Various bugfixes. ++++ kernel-default: - Linux 5.19.1 (bsc#1012628). - x86/speculation: Add LFENCE to RSB fill sequence (bsc#1012628). - x86/speculation: Add RSB VM Exit protections (bsc#1012628). - macintosh/adb: fix oob read in do_adb_query() function (bsc#1012628). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586 (bsc#1012628). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587 (bsc#1012628). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558 (bsc#1012628). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675 (bsc#1012628). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007 (bsc#1012628). - Bluetooth: btusb: Add support of IMC Networks PID 0x3568 (bsc#1012628). - dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding (bsc#1012628). - Bluetooth: hci_bcm: Add DT compatible for CYW55572 (bsc#1012628). - Bluetooth: hci_bcm: Add BCM4349B1 variant (bsc#1012628). - Bluetooth: hci_qca: Return wakeup for qca_wakeup (bsc#1012628). - arm64: set UXN on swapper page tables (bsc#1012628). - ata: sata_mv: Fixes expected number of resources now IRQs are gone (bsc#1012628). - crypto: arm64/poly1305 - fix a read out-of-bound (bsc#1012628). - ACPI: APEI: Better fix to avoid spamming the console with old error logs (bsc#1012628). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (bsc#1012628). - ACPI: video: Force backlight native for some TongFang devices (bsc#1012628). - tools/vm/slabinfo: Handle files in debugfs (bsc#1012628). - block: fix default IO priority handling again (bsc#1012628). - commit a5bf6c0 - mm/mprotect: fix soft-dirty check in can_change_pte_writable() (bsc#1202013 CVE-2022-2590). - commit 46cb433 - Refresh patches.suse/Revert-zram-remove-double-compression-logic.patch. Update upstream status. - commit e707d80 - mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW (bsc#1202013 CVE-2022-2590). - commit cbcf3e8 ++++ podman: - Update to version 4.2.0: * Features - Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines. - A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod (#12843). - A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins (#14207). - A new command has been added, podman machine info, which displays information about the host and the versions of various machine components. - Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd. - The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context. - The podman play kube command now supports volumes with the BlockDevice and CharDevice types (#13951). - The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto (#7504). - The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation. - Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube (#13464). - The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work. - The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) (#13422). - The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609). - The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod. - The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release! - The podman create and podman run commands now include the -c short option for the --cpu-shares option. - The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773). - The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing. - The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context. - The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231). - The podman machine init command on Windows now fetches an image with packages pre-installed (#14698). - Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697). - The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230). - Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427). - The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up). - Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458). - The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583). - When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v. - The remote Podman client's podman push command now supports the --remove-signatures option (#14558). - The remote Podman client now supports the podman image scp command. - The podman image scp command now supports tagging the transferred image with a new name. - The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595). - The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions. - The podman events command now includes the -f short option for the --filter option. - The podman pull command now includes the -a short option for the --all-tags option. - The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP). - The Podman global option --url now has two aliases: -H and --host. - The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API. - Added the ability to create sigstore signatures in podman push and podman manifest push. - Added an option to read image signing passphrase from a file. * Changes - Paused containers can now be killed with the podman kill command. - The podman system prune command now removes unused networks. - The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman. - If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577). - The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148). - All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless. - The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers. - Init containers created with podman play kube now default to the once type (#14877). - Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048). - The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion. - The libpod/common package has been removed as it's not used anywhere. - The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233). * Bugfixes - Fixed a bug where bind-mounting /dev into a container which used the --init flag would cause the container to fail to start (#14251). - Fixed a bug where the podman image mount command would not pretty-print its output when multiple images were mounted. - Fixed a bug where the podman volume import command would print an unrelated error when attempting to import into a nonexistent volume (#14411). - Fixed a bug where the podman system reset command could race against other Podman commands (#9075). - Fixed a bug where privileged containers were not able to restart if the layout of host devices changed (#13899). - Fixed a bug where the podman cp command would overwrite directories with non-directories and vice versa. A new --overwrite flag to podman cp allows for retaining the old behavior if needed (#14420). - Fixed a bug where the podman machine ssh command would not preserve the exit code from the command run via ssh (#14401). - Fixed a bug where VMs created by podman machine would fail to start when created with more than 3072MB of RAM on Macs with M1 CPUs (#14303). - Fixed a bug where the podman machine init command would fail when run from C:\Windows\System32 on Windows systems (#14416). - Fixed a bug where the podman machine init --now did not respect proxy environment variables (#14640). - Fixed a bug where the podman machine init command would fail if there is no $HOME/.ssh dir (#14572). - Fixed a bug where the podman machine init command would add a connection even if creating the VM failed (#15154). - Fixed a bug where interrupting the podman machine start command could render the VM unable to start. - Fixed a bug where the podman machine list --format command would still print a heading. - Fixed a bug where the podman machine list command did not properly set the Starting field (#14738). - Fixed a bug where the podman machine start command could fail to start QEMU VMs when the machine name started with a number. - Fixed a bug where Podman Machine VMs with proxy variables could not be started more than once (#14636 and #14837). - Fixed a bug where containers created using the Podman API would, when the Podman API service was managed by systemd, be killed when the API service was stopped (BZ 2052697). - Fixed a bug where the podman -h command did not show help output. - Fixed a bug where the podman wait command (and the associated REST API endpoint) could return before a container had fully exited, breaking some tools like the Gitlab Runner. - Fixed a bug where healthchecks generated exec events, instead of health_status events (#13493). - Fixed a bug where the podman pod ps command could return an error when run at the same time as podman pod rm (#14736). - Fixed a bug where the podman systemd df command incorrectly calculated reclaimable storage for volumes (#13516). - Fixed a bug where an exported container checkpoint using a non-default OCI runtime could not be restored. - Fixed a bug where Podman, when used with a recent runc version, could not remove paused containers. - Fixed a bug where the remote Podman client's podman manifest rm command would remove images, not manifests (#14763). - Fixed a bug where Podman did not correctly parse wildcards for device major number in the podman run and podman create commands' --device-cgroup-rule option. - Fixed a bug where the podman play kube command on 32 bit systems where the total memory was calculated incorrectly (#14819). - Fixed a bug where the podman generate kube command could set ports and hostname incorrectly in generated YAML (#13030). - Fixed a bug where the podman system df --format "{{ json . }}" command would not output the Size and Reclaimable fields (#14769). - Fixed a bug where the remote Podman client's podman pull command would display duplicate progress output. - Fixed a bug where the podman system service command could leak memory when a client unexpectedly closed a connection when reading events or logs (#14879). - Fixed a bug where Podman containers could fail to run if the image did not contain an /etc/passwd file (#14966). - Fixed a bug where the remote Podman client's podman push command did not display progress information (#14971). - Fixed a bug where a lock ordering issue could cause podman pod rm to deadlock if it was run at the same time as a command that attempted to lock multiple containers at once (#14929). - Fixed a bug where the podman rm --force command would exit with a non-0 code if the container in question did not exist (#14612). - Fixed a bug where the podman container restore command would fail when attempting to restore a checkpoint for a container with the same name as an image (#15055). - Fixed a bug where the podman manifest push --rm command could remove image, instead of manifest lists (#15033). - Fixed a bug where the podman run --rm command could fail to remove the container if it failed to start (#15049). - Fixed a bug where the podman generate systemd --new command would create incorrect unit files when the container was created with the --sdnotify parameter (#15052). - Fixed a bug where the podman generate systemd --new command would fail when -h was used to create the container (#15124). * API - The Docker-compatible API now supports API version v1.41 (#14204). - Fixed a bug where containers created via the Libpod API had an incorrect umask set (#15036). - Fixed a bug where the remote parameter to the Libpod API's Build endpoint for Images was nonfunctional (#13831). - Fixed a bug where the Libpod List endpoint for Containers did not return the application/json content type header when there were no containers present (#14647). - Fixed a bug where the Compat Stats endpoint for Containers could return incorrect memory limits (#14676). - Fixed a bug where the Compat List and Inspect endpoints for Containers could return incorrect strings for container status. - Fixed a bug where the Compat Create endpoint for Containers did not properly handle disabling healthchecks (#14493). - Fixed a bug where the Compat Create endpoint for Networks did not support the mtu, name, mode, and parent options (#14482). - Fixed a bug where the Compat Create endpoint for Networks did not allow the creation of networks name bridge (#14983). - Fixed a bug where the Compat Inspect endpoint for Networks did not properly set netmasks in the SecondaryIPAddresses and SecondaryIPv6Addresses fields (#14674). - The Libpod Stats endpoint for Pods now supports streaming output via two new parameters, stream and delay (#14674). * Misc - Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server. - The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time. - Podman Machine support for QEMU installations at non-default paths has been improved. - The podman machine ssh command no longer prints spurious warnings every time it is run. - When accessing the WSL prompt on Windows, the rootless user will be preferred. - The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty. - The podman system prune command now no longer prints the Deleted Images header if no images were pruned. - The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573). - Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338) - Updated the containers/image library to v5.22.0 - Updated the containers/storage library to v1.42.0 (fixes bsc#1196751) - Updated the containers/common library to v0.49.1 - Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884). - Fixed an incorrect release note about regexp. - A new MacOS installer (via pkginstaller) is now supported. ++++ timezone: - timezone update 2022b: * Chile's DST is delayed by a week in September 2022 boo#1202324 * Iran no longer observes DST after 2022 * Rename Europe/Kiev to Europe/Kyiv * New zic -R option * Vanguard form now uses %z * Finish moving duplicate-since-1970 zones to 'backzone' ------------------------------------------------------------------ ------------------ 2022-8-10 - Aug 10 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit-machines: - Require qemu USB drivers needed by virt-install (bsc#1202166) ++++ iproute2: - update to 5.19: * ip/iplink_virt_wifi: add support for virt_wifi * Update kernel headers * libnetlink: Add filtering to rtnl_statsdump_req_filter() * ipstats: Add a "set" command * ipstats: Add a group "link" * libbpf: Use bpf_object__load instead of bpf_object__load_xattr * uapi: change name for zerocopy sendfile in tls * bridge: vxlan device vnifilter support * f_flower: Add num of vlans parameter ++++ kernel-default: - config: Disable reiserfs kernel module (bsc#1202309). Future access of reiserfs file systems can be done by using the FUSE implementation of reiserfs that ships with GRUB. $ grub2-mount /path/to/mountpoint - commit db8891f - kbuild: dummy-tools: pretend we understand __LONG_DOUBLE_128__ (ppc config fix). - Update config files. This sets PPC_LONG_DOUBLE_128 automatically and allows us to set DRM_AMD_SECURE_DISPLAY too. I set it to y to copy other architectures. - commit 48dfdff ++++ llvm15: - Add WebAssembly support for all architectures. ++++ at-spi2-core: - Update to version 2.45.90: + xml: - Add some documentation. - Fix event arguments. - Add some missing DeviceEventController methods. + Bind the AT-SPI bus to the graphical session. + Mark bus service as belonging to the session slice. + Add ATSPI_ROLE_PUSH_BUTTON_MENU. + Add an "announcement" event/signal to allow objects to send notifications. + Various code clean-ups and test improvements. - Add pkgconfig(libxml-2.0) BuildRequires: New dependency. - Add new sub-packages from the now included atk and at-spi2-atk packages: libatk-1_0-0, libatk-bridge-2_0-0 and typelib-1_0-Atk-1_0. - Provide/Obsolete at-spi2-atk-gtk2 by the main package. ++++ efivar: - Add efivar-bsc1202209-fix-glibc-2.36-build.patch to fix the build error against glibc 2.36 (bsc#1202209) ++++ pango: - Update to version 1.50.9: + Apply show flags to line separators. + Fix a thread-safety problem. ++++ openSUSE-build-key: - add gpg-pubkey-29b700a4-62b07e22.asc (bsc#1199184) ++++ python-pbr: - update to 5.9.0: * Future-proofing pyproject.toml * Use importlib-metadata for runtime package version lookups * Drop wheel from pyproject.toml examples * Changed minversion in tox to 3.18.0 ++++ vim: - Updated to version 9.0.0181, fixes the following problems * Comment about tabpage line above the wrong code. * After CTRL-Left-mouse click a mouse scroll also has CTRL. * Debugger test may fail when $CWD is very long. * Not enough characters accepted for 'spellfile'. * Truncating virtual text after a line not implemented. Cursor positioning wrong with Newline in the text. * execute() does not use the "legacy" command modifier. * "delmenu" does not remove autocmmands. Running menu test function alone fails. * Crash when adding and removing virtual text. (Ben Jackson) * Cursor positioned after virtual text in empty line. * Text property cannot override 'cursorline' highlight. * Substitute that joins lines drops text properties. * Missing part of change for "override" flag. * Cursor positioned wrong after two text properties with virtual text and "below" alignment. (Tim Pope) * A "below" aligned text property gets 'showbreak' displayed. * Test for fuzzy completion fails sometimes. * Error for using #{ in an expression is a bit confusing. * A "below" aligned text property does not work with 'nowrap'. * Warning for unused argument in small build. * No fold and sign column for virtual text with "below" align and 'nowrap'. * Text properties wrong after splitting a line. * Text properties with "right" and "after" alignment displayed wrong with 'nowrap'. * Giving E1170 only in an expression is confusing. * 'showbreak' displayed below truncated "after" text prop. * With 'nowrap' "below" property not displayed correctly. * Cannot build with small features. * Some diff mode tests fail. * Warning for uninitialized variable. (Tony Mechelynck) * Text property "below" gets indent if 'breakindent' is set. (Tim Pope) * Text property not adjusted for text inserted with "p". * Using freed memory with put command. * Looking up a text property type by ID is slow. * When using text properties the line text length is computed twice. * Checking for text properties could be a bit more efficient. * Cursor positioned wrong with two virtual text properties close together. (Ben Jackson) * Insufficient testing for line2byte() with text properties. * Various minor code formatting issues. * Quickfix line highlight is overruled by 'cursorline'. * Trying to allocate zero bytes. * Assert fails only on MS-Windows. * No error for using "#{ comment" in a compiled function. * Spell checking for capital not working with trailing space. * Checking character options is duplicated and incomplete. * Cursor position wrong with 'virtualedit' and mouse click after end of the line. (Hermann Mayer) * Cursor position wrong with virtual text before Tab. * Cursor position wrong with wrapping virtual text in empty line. * Stray logfile appears when running tests. ------------------------------------------------------------------ ------------------ 2022-8-9 - Aug 9 2022 ------------------- ------------------------------------------------------------------ ++++ coreutils: - refresh coreutils-i18n.patch from Fedora to make expand and unexpand more similar ++++ gdk-pixbuf: - Update to version 2.42.9: + Fix the check for maximum value of LZW initial code size (boo#1194633 CVE-2021-44648). + Use CMake for dependencies on Windows/MSVC. + Add option for building tests. + Move man pages to reStructuredText. + Disable relocation when built as a static libary on Windows. + Update wrap file for libjpeg-turbo. + Limit the memory size when loading image data. - Add docutils and pkgconfig(gi-docgen) BuildRequires: New dependencies. ++++ glib-networking: - Update to version 2.74.beta: + Drop environment proxy resolver to lowest priority. ++++ kernel-default: - Update config files -- set SECURITY_SELINUX_CHECKREQPROT_VALUE=0 (bsc#1202280) - commit 6a791bc - Revert "zram: remove double compression logic" (bsc#1202203). - commit 9739fe2 - mt76: mt7921e: fix crash in chip reset fail (bsc#1201845). - commit 6263241 - tools bpftool: Don't display disassembler-four-args feature test (bsc#1202195). - tools bpftool: Fix compilation error with new binutils (bsc#1202195). - tools bpf_jit_disasm: Don't display disassembler-four-args feature test (bsc#1202195). - tools bpf_jit_disasm: Fix compilation error with new binutils (bsc#1202195). - tools perf: Fix compilation error with new binutils (bsc#1202195). - tools include: add dis-asm-compat.h to handle version differences (bsc#1202195). - tools build: Don't display disassembler-four-args feature test (bsc#1202195). - tools build: Add feature test for init_disassemble_info API changes (bsc#1202195). - commit fa8853d - series.conf: remove blank line from sorted section It causes troubles when adding multiple patches -- the current ones are duplicated then. - commit 309e362 ++++ llvm15: - Add llvm-glibc-2-36.patch in order to address boo#1202215. ++++ util-linux: - Use %_pam_vendordir ++++ libcontainers-common: - Fix obvious typo in containers.conf ++++ ncurses: - Add ncurses patch 20220806 + amend end_of_stream() to allow for input files without a final newline. + check for non-textfiles to tic. ++++ libnftnl: - Update to release 1.2.3 * This release includes a compile time bugfix with clang and - D_FORTIFY_SOURCE=2. ++++ polkit: - Update to version 121: + Addition of duktape as a JS engine backend. + Other small fixes and improvements. For more details, visit: gitlab.freedesktop.org/polkit/polkit/-/blob/121/NEWS.md + Updated translations. - Drop merged-upstream patches: + CVE-2021-4034-pkexec-fix.patch; + 0001-CVE-2021-4115-GHSL-2021-077-fix.patch; + duktape-support.patch; + pkexec.patch. - Replace Intltool with Gettext as a build requirement following the migration from last release (0.120). - Add Meson as a build requirement while dropping Libtool and replace all Autotools macros with Meson ones. And pass the following options to Meson: session_tracking=libsystemd-login; systemdsystemunitdir=%{_unitdir}; os_type=suse; pam_module_dir=%{_pam_moduledir}; pam_prefix=%{_pam_vendordir}; examples=true; tests=true; gtk_doc=true; man=true and js_engine=duktape. - Drop no longer needed Libtool as a build requirement, following Autotools replacement. - Add explicit pkgconfig module build requirements for glib-2.0 and gobject-2.0 that are searched by the build scripts. They were already being pulled by their siblings [pkgconfig(gio-2.0) and pkgconfig(gio-unix-2.0)]. - Drop conditional macro, which was wrapping "BuildArch: noarch" for the doc subpackage, based on long gone EOLed (open)SUSE release (11.2). - Add missing 'Requires(post): permissions' for the pkexec subpackage. - Add python3-dbus-python and python3-python-dbusmock as build requirements in order to run test in the check section. - Add polkit-fix-pam-prefix.patch to use the value of pam_prefix Meson option, like it was designed to, rather than hard-coded path for pam configuration files. - Remove unneeded executable bit from 50-default.rules file. ++++ shadow: - Remove duplicate pam.d/useradd entry - Provide /etc/login.defs.d on SLE15 since we support and use it ++++ usbredir: - Update to version 0.13.0: + Fix regression on unserialize data + Removes usbredirserver + Improved header length checks when unserialising data + Fix usage of command line argument in usbredirect + Fix small memory leak on usbredirect - Drop 9426fdb1.patch and dffc41c3.patch: fixed upstream. - Drop 0001-Use-D_FORTIFY_SOURCE-instead-of-Wp-D_FORTIFY_SOURCE.patch: fixed upstream. - Add keyring to validate source signature. ------------------------------------------------------------------ ------------------ 2022-8-8 - Aug 8 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add dnsmasq.diff: missing r permissions for dnsmasq//libvirt-leaseshelper (boo#1202161) ++++ permissions: - Fix dependency from permissions-zypp-plugin to permissions. ++++ coreutils: - Remove python2 from buildrequires - appears to be a left over ++++ glib-networking: - Update to version 2.74.alpha: + Add build option for toggling debug logging. + Move gettext() usage out of hot paths. + Fix tests build when using openssl. + Properly free libproxy lookup results and require libproxy 0.4.16. + Add additional validation for proxy lookup results. + Allow using static libraries via meson subprojects. + Updated translations. - Update to version 2.72.2: + Drop environment proxy resolver to lowest priority. ++++ gnutls: - FIPS: Port GnuTLS to use jitterentropy [bsc#1202146, jsc#SLE-24941] * Add new dependency on jitterentropy * Add gnutls-FIPS-jitterentropy.patch ++++ gpg2: - Fix YubiKey 5 Nano support (boo#1202201), add gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch ++++ kbd: - Use %_pam_vendordir ++++ libapparmor: - add dnsmasq.diff: missing r permissions for dnsmasq//libvirt-leaseshelper (boo#1202161) ++++ rdma-core: - skip valgrind on riscv64 ++++ gcc12: - Remove workaround for obs-service-format_spec_file. ++++ libgcrypt: - FIPS: Port libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf - Add libgcrypt-jitterentropy-3.3.0.patch * Update the internal jitterentropy to version 3.4.0 - Add libgcrypt-jitterentropy-3.4.0.patch ++++ p11-kit: - skip testsuite on qemu arches, it fails ++++ polkit: - Use %_pam_vendordir ++++ shadow: - Use %_pam_vendordir macro ++++ openssh: - Use %_pam_vendordir ++++ read-only-root-fs: - Update to version 1.0+git20220808.cd59f4f: * Fix writableagain.conf ++++ sudo: - Use %_pam_vendordir macro - Fix errors around LICENSE.md (fixes building on SLE12 SP5 again) ------------------------------------------------------------------ ------------------ 2022-8-7 - Aug 7 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - update to 22.1.5: * radv: dynamic vertex input failure * anv: KHR-GL46.tessellation_shader.single.xfb_captures_data_from_correct_stage fails on TGL * anv: GTF-GL46.gtf32.GL3Tests.packed_pixels.packed_pixels_pbo failure * anv: ICL hiz issue * Error compiling gallium-nine on i686 using musl libc * dEQP-VK.memory.mapping.dedicated_alloc failing on bsw and gen9atom ++++ Mesa-drivers: - update to 22.1.5: * radv: dynamic vertex input failure * anv: KHR-GL46.tessellation_shader.single.xfb_captures_data_from_correct_stage fails on TGL * anv: GTF-GL46.gtf32.GL3Tests.packed_pixels.packed_pixels_pbo failure * anv: ICL hiz issue * Error compiling gallium-nine on i686 using musl libc * dEQP-VK.memory.mapping.dedicated_alloc failing on bsw and gen9atom ------------------------------------------------------------------ ------------------ 2022-8-6 - Aug 6 2022 ------------------- ------------------------------------------------------------------ ++++ glib2: - Update to version 2.73.3: + Revitalize G_REGEX_OPTIMIZE flag and use it to enable PCRE JIT compiler. + Fix some regressions due to the PCRE2 port. + Fix a pidfd leak that was introduced in the previous release. + Support compilation without a C++ toolchain. + GDBus: Use namespace-friendly protocol for Linux message buses, and optionally other connections. + Fix potential races in multi-threaded signal connections handling. + Add back gio-launch-desktop to redirect stdout/stderr of launched GDesktopAppInfo's to the journal with proper parent + Executables that are invoked when installing other software, typically from packaging system triggers, can now be installed into architecture-dependent locations. Unix OS distributors who install GLib for more than one architecture in parallel (multiarch or multilib installations) should consider building with -Dmultiarch=true, installing the bin/glib-compile-schemas and bin/gio-querymodules symbolic links in packages for the primary architecture, and omitting those symlinks from packages for secondary architectures. + Some enumerators introduced in previous releases have been changed, for better introspection results: - G_MARKUP_PARSE_FLAGS_NONE renamed to G_MARKUP_DEFAULT_FLAGS - G_TLS_CERTIFICATE_FLAGS_NONE renamed to G_TLS_CERTIFICATE_NO_FLAGS - G_APPLICATION_FLAGS_NONE was deprecated, use G_APPLICATION_DEFAULT_FLAGS now. + gfileinfo: Implement xattr attribute removal. + Add support to --delete option to gio set, to unset a file attribute. + Improve default value of glib_debug option: G_ENABLE_DEBUG will be defined only if using `--buildtype=debug` or enabled via `-Dglib_debug`, but it won't ever be set if an optimized build is requested (specifically if the optimization level is not `0` or `g`) as it may be the case when using `--buildtype=debugoptimized`. + Probably the first revision of any GNOME module ever released from Cuba :) + Bugs fixed: glgo#GNOME/Glib#566, glgo#GNOME/Glib#1187, glgo#GNOME/Glib#2509, glgo#GNOME/Glib#2542, glgo#GNOME/Glib#2588, glgo#GNOME/Glib#2682, glgo#GNOME/Glib#2692, glgo#GNOME/Glib#2694, glgo#GNOME/Glib#2699, glgo#GNOME/Glib#2700, glgo#GNOME/Glib#2703, glgo#GNOME/Glib#2705, glgo#GNOME/Glib#2708, glgo#GNOME/Glib!2299, glgo#GNOME/Glib!2759, glgo#GNOME/Glib!2812, glgo#GNOME/Glib!2813, glgo#GNOME/Glib!2814, glgo#GNOME/Glib!2815, glgo#GNOME/Glib!2818, glgo#GNOME/Glib!2822, glgo#GNOME/Glib!2823, glgo#GNOME/Glib!2825, glgo#GNOME/Glib!2826, glgo#GNOME/Glib!2827, glgo#GNOME/Glib!2829, glgo#GNOME/Glib!2830, glgo#GNOME/Glib!2832, glgo#GNOME/Glib!2833, glgo#GNOME/Glib!2835, glgo#GNOME/Glib!2836, glgo#GNOME/Glib!2851, glgo#GNOME/Glib!2853, glgo#GNOME/Glib!2854. + Updated translations. ++++ kernel-default: - Update patches.suse/Revert-Revert-tcp-change-pingpong-threshold-to-3.patch (bsc#1202188). Add a reference and refresh. - commit 5ea3c65 - Revert "Revert "tcp: change pingpong threshold to 3"" (eventlet tests fix). - commit 8268096 ------------------------------------------------------------------ ------------------ 2022-8-5 - Aug 5 2022 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - Update to version 84.87+git20220727.43b9e53: * Use HOSTTYPE in MACHTYPE * Move suse to VENDOR * Use /var/mail for MAIL ++++ btrfsprogs: - Remove reiserfs conversion from releases after SLE/Leap 15.X in preparation to remove the reiserfs package. ++++ cockpit-tukit: - Update to version 0.0.3~git28.b446f50: * Add missing plurals * Added translation using Weblate (Portuguese) * Translated using Weblate (Polish) * Add Swedish Translation * added/corrected de.po for german * initial version of czech translation * Add support for dict-format snapshots List * Fix URIError: malformed URI sequence * Reformat spec to match Factory ++++ kernel-default: - series.conf: cleanup - update upstream references and resort: - patches.suse/0001-drm-Always-warn-if-user-defined-modes-are-not-suppor.patch - patches.suse/0001-drm-client-Don-t-add-new-command-line-mode.patch - patches.suse/0001-drm-client-Look-for-command-line-modes-first.patch - update upstream references and move into sorted section: - patches.suse/ath9k-fix-use-after-free-in-ath9k_hif_usb_rx_cb.patch - commit 35466a9 ++++ kernel-firmware: - Update to version 20220804 (git commit e6185d5197fd): * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * Mellanox: Add new mlxsw_spectrum firmware xx.2010.3020 * linux-firmware: Add firmware for Cirrus CS35L41 * i915: Add GuC v70.4.1 for DG2 * i915: Add DMC v2.07 for DG2 * amdgpu partially revert "amdgpu: update beige goby to release 22.20" * mediatek: Update mt8183/mt8192/mt8195 SCP firmware * amdgpu: update renoir to release 22.20 * amdgpu: update beige goby to release 22.20 * amdgpu: update yellow carp to release 22.20 * amdgpu: update dimgrey cavefish to release 22.20 * amdgpu: update vega20 to release 22.20 * amdgpu: update vega12 to release 22.20 * amdgpu: update raven to release 22.20 * amdgpu: update navy flounder to release 22.20 * amdgpu: update vega10 to release 22.20 * amdgpu: update sienna cichlid to release 22.20 * amdgpu: update navi14 to release 22.20 * amdgpu: update green sardine to release 22.20 * amdgpu: update vangogh to release 22.20 * amdgpu: update navi12 to release 22.20 * amdgpu: update navi10 to release 22.20 * amdgpu: update picasso to release 22.20 * amdgpu: update aldebaran to release 22.20 * amdgpu: update psp 13.0.8 TA firmware * WHENCE: Fix the dangling symlinks fix - Revert the previous rtw88/rtw8822c_fw.bin change due to regression on HP Pavilion 15 (bsc#1202152) - Update alias from 5.19 ++++ read-only-root-fs: - Update to version 1.0+git20220805.4a3d850: * Work around read-only state of subvolumes in a different way ++++ shim: - Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120) ++++ virt-manager: - Update to 4.1.0 * Fix build with setuptools-61 (Peter Alfredsen, Miro Hrončok) * add UI and cli support for qemu-vdagent channel (Jonathon Jongsma) * cli: More --iothreads suboptions (Lin Ma) * launch_security: Use SEV-ES policy=0x07 if host supports it (Charles * Arnold) * cli: Add support for URL query with disks (Martin Kletzander) - Drop patches merged upstream: * c6107419-tests-Drop-usage-of-sgio-unfiltered.patch * 90e13549-Fix-build-with-setuptools-61+.patch * 46dc0616-setup-add-bits-for-setuptools-61.patch * 9ac94ef7-tests-Fix-another-sgio-filtered-case.patch * 34662fec-tests-Fix-with-latest-argcomplete.patch * d51541e1-Fix-UI-rename-with-firmware-efi.patch * b8a77805-domain-cpu-Clear-migratable-when-changing-to-custom-cpu.patch * 0d84bcfb-cli-Add-iothreadids-attributes-thread_pool_min-and-thread_pool_max.patch * 424283ad-launch_security-Use-SEV-ES-policy-0x07-if-host-supports-it.patch - Refresh patches * virtman-add-tooltip-to-firmware.patch - - changed surrounding imports * virtinst-set-cache-mode-unsafe-for-install.patch - - the patch changes the expected output in tests - Refresh test skips ------------------------------------------------------------------ ------------------ 2022-8-4 - Aug 4 2022 ------------------- ------------------------------------------------------------------ ++++ protobuf: - add 10355.patch to fix soversioning ------------------------------------------------------------------ ------------------ 2022-8-3 - Aug 3 2022 ------------------- ------------------------------------------------------------------ ++++ glib2: - Update to version 2.73.2: + Replace PCRE1 with PCRE2. + Preserve destruction order in gdataset, fixing various crashes during objects disposal. + Require C99 __VA_ARGS__. + Add NONE or DEFAULT members to most flags types. + GFile: Add some missing async APIs. + Improve internal and process documentation. + Add atomic compare-and-exchange APIs returning previous value. + Add G_DEFINE_ENUM_TYPE and G_DEFINE_ENUM_VALUE macros. + Add platform-independent G_ALWAYS_INLINE and G_NO_INLINE. + Use waitid() on pidfds rather than a global SIGCHLD handler. ++++ grep: - Skip more gnulib tests in qemu build ++++ texinfo: - In case of an update of package info: do never remove existing info page from dir file (boo#1201852) ++++ kernel-default: - Update config files (bsc#1184924). +RANDOM_TRUST_BOOTLOADER on arm This is set on all other platforms in Tumbleweed, and only on ARM in Leap. The ARM platform is unique in that it can have random source defined in EFI firmware as well as device tree, and we don't test this configuration in Factory because of the inverted config situation betwween Tumbleweed and Leap. - commit 1275841 ++++ libbpf: - Update to release 0.8.1: * make shared xsk creation network namespace aware ++++ libcontainers-common: - Resync containers.conf / storage.conf with Fedora - Create /etc/containers/registries.conf.d and add 000-shortnames.conf to it. ++++ harfbuzz: - harfbuzz 5.1.0: + More extensive buffer tracing messages + Fix hb-ft regression in bitmap fonts rendering + Support extension promotion of lookups in hb-subset-repacker + A new HB_GLYPH_FLAG_SAFE_TO_INSERT_TATWEEL for scripts that use elongation (e.g. Arabic) to signify where it is safe to insert tatweel glyph without interrupting shaping + Add --safe-to-insert-tatweel to hb-shape tool - add harfbuzz-5.1.0-repacker-fix-signedness-of-char-in-tests.patch from upstream to fix ARM and PPC builds ++++ jitterentropy: - updated to 3.4.0 * enhancement: add API call jent_set_fips_failure_callback as requested by Daniel Ojalvo * fix: Change the SHA-3 integration: The entropy pool is now a SHA-3 state. It is filled with the time delta containing entropy and auxiliary data that does not contain entropy using a SHA update operation. The auxiliary data is calculated by a SHA-3 hashing of some varying state data. The time delta that contains entropy is measured about the SHA-3 hasing of the auxiliary data. This satisfies FIPS 140-3 IG D.K resolutions 4, 6, and 8. * enhancement: add CMake support by Andrew Hopkins - updated to 3.3.1 * fix: bug fix in initialization logic by Vladis Dronov * fix: use __asm__ instead of asm to suit the C11 standard - added a -devel-static package to be able to link it static. ++++ polkit: - add split-provides for polkit:/usr/bin/pkexec. (bsc#1202070) ++++ python-M2Crypto: - update CVE-2020-25657-Bleichenbacher-attack.patch to actually contain the fix rather than just being empty (CVE-2020-25657, bsc#1178829) ++++ vim: - Updated to version 9.0.0135, fixes the following problems - boo#1202046 - CVE-2022-2571 - boo#1202049 - CVE-2022-2580 - boo#1202050 - CVE-2022-2581 - boo#1202051 - CVE-2022-2598 * Coverity warns for double free. * Some compilers warn for using an uninitialized variable. (Tony Mechelynck) * No test for what patch 8.1.1424 fixes. * When switching window in autocmd the restored cursor position may be wrong. * Star register is changed when deleting and both "unnamed" and "unnamedplus" are in 'clipboard'. * Error in autoload script not reported for 'foldexpr'. * Compiler warning for size_t to int conversion. * Command line completion of user command may have duplicates. (Dani Dickstein) * Cannot interrupt global command from command line. * ModeChanged event not triggered when leaving the cmdline window. * Using "terraform" filetype for .tfvars file is bad. * ":write" fails after ":file name" and then ":edit". * Tabline is not redrawn when entering command line. * MS-Windows: CTRL-[ on Belgian keyboard does not work like Esc. * Pattern for detecting bitbake files is not sufficient. * Fuzzy argument completion doesn't work for shell commands. * No error when assigning bool to a string option with setwinvar(). * Duplicate error number. * Plugins cannot change v:completed_item. * Sway config files are recognized as i3config. * Cursor restored unexpected with nested autocommand. * Conditions are always true. * Flag "new_value_alloced" is always true. * Long quickfix line is truncated for :clist. * missing include file in timer_create configure check. * Scrollback can be wrong after redrawing the command line. * Get hit-enter prompt for system() when '!' is in 'guioptions'. * Invalid memory access in diff mode with "dp" and undo. * Reading past end of line with insert mode completion. * If running configure with cached results -lrt may be missing. * Illegal memory access when pattern starts with illegal byte. * Illegal byte regexp test doesn't fail when fix is reversed. * Condition always has the same value. * Configure check for timer_create may give wrong error. * Writing over the end of a buffer on stack when making list of spell suggestions. * Help tag generation picks up words in code examples. * "nocombine" is missing from synIDattr(). * has() is not strict about parsing the patch version. * The command line takes up space even when not used. * When 'cmdheight' is zero pressing ':' may scroll a window. * Virtual text not displayed if 'signcolumn' is "yes". * Text of removed textprop with text is not freed. * No test for what patch 9.0.0155 fixes. * Tiny chance that creating a backup file fails. * Cannot put virtual text after or below a line. * Breakindent test fails. * Cannot build with small features. * Code has more indent than needed. * Cursor positioned wrong with virtual text after the line. * Expanding file names fails in directory with more than 255 entries. * Unused variable. * Coverity complains about possible double free. * Compiler warning for int/size_t usage. * Cursor position wrong when inserting around virtual text. * Virtual text with Tab is not displayed correctly. * Multi-byte characters in virtual text not handled correctly. * Virtual text after line moves to joined line. (Yegappan Lakshmanan) * No test for text property with column zero. ++++ virt-manager: - Upstream bug fixes (bsc#1027942) c6107419-tests-Drop-usage-of-sgio-unfiltered.patch 9ac94ef7-tests-Fix-another-sgio-filtered-case.patch b8a77805-domain-cpu-Clear-migratable-when-changing-to-custom-cpu.patch 0d84bcfb-cli-Add-iothreadids-attributes-thread_pool_min-and-thread_pool_max.patch 90e13549-Fix-build-with-setuptools-61+.patch 424283ad-launch_security-Use-SEV-ES-policy-0x07-if-host-supports-it.patch - Modified virtman-add-sev-memory-support.patch - Renamed upstream patches virtman-pr381-setuptools-61.patch to 46dc0616-setup-add-bits-for-setuptools-61.patch virtman-34662fe-argcomplete.patch to 34662fec-tests-Fix-with-latest-argcomplete.patch ------------------------------------------------------------------ ------------------ 2022-8-2 - Aug 2 2022 ------------------- ------------------------------------------------------------------ ++++ coreutils: - add missing hostname buildrequires ++++ transactional-update: - Version 4.0.0 - Last minute interface change: Changed "List" method of Snapshot D-Bus interface to return a map of properties instead of a comma separated list of strings; this will allow retrieving the snapshot properties even if they contain a comma in their value [boo#1202147] - Remove "Snapshot.hpp" as a public API for now - all public functionality is part of SnapshotManager.hpp - Add header file documentation for SnapshotManager.hpp - Add method to delete snapshot [gh#openSUSE/transactional-update#52] - Allow setting description of snapshot [gh#openSUSE/transactional-update#55] - create_dirs_from_rpmdb: set SELinux file context of missing directories [gh#openSUSE/transactional-update#84], [bsc#1197242] - Fix broken logrotate due to typo in config file [gh#openSUSE/transactional-update#87] - create_dirs_from_rpmdb: Fix handling return code of create_dirs() [gh#openSUSE/transactional-update#86] - Fix broken "shell" prompt after selfupdate - Add documented D-Bus interface definition files - Add tukit_sm_get_current and tukit_sm_get_default to C interface - Fixed typos ++++ glibc: - Update to glibc 2.36 Major new features: * Support for DT_RELR relative relocation format has been added to glibc * On Linux, the pidfd_open, pidfd_getfd, and pidfd_send_signal functions have been added * On Linux, the process_madvise function has been added * On Linux, the process_mrelease function has been added * The “no-aaaa” DNS stub resolver option has been added * On Linux, the fsopen, fsmount, move_mount, fsconfig, fspick, open_tree, and mount_setattr have been added * localedef now accepts locale definition files encoded in UTF-8 * Support for the mbrtoc8 and c8rtomb multibyte/UTF-8 character conversion functions has been added per the ISO C2X N2653 and C++20 P0482R6 proposals * The functions arc4random, arc4random_buf, and arc4random_uniform have been added Deprecated and removed features, and other changes affecting compatibility: * Support for prelink will be removed in the next release * The Linux kernel version check has been removed along with the LD_ASSUME_KERNEL environment variable * On Linux, The LD_LIBRARY_VERSION environment variable has been removed - get-nprocs-sched-uninit-read.patch, get-nprocs-inaccurate.patch, strcmp-rtm-fallback.path, pt-load-invalid-hole.patch, localedef-ld-monetary.patch, nptl-spurious-eintr.patch, strncpy-power9-vsx.patch, nptl-cleanup-async-restore.patch, read-chk-cancel.patch, wcrtomb-fortify.patch, nptl-cleanup-async-restore-2.patch: Removed ++++ kernel-default: - Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - commit 9816878 ++++ python310-core: - Update to 3.10.6: - gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. Vulnerability discovered, and initial fix proposed, by Hamza Avvan. (bsc#1202624, CVE-2021-28861) - gh-92888: Fix memoryview use after free when accessing the backing buffer in certain cases. - gh-95355: _PyPegen_Parser_New now properly detects token memory allocation errors. Patch by Honglin Zhu. - gh-94938: Fix error detection in some builtin functions when keyword argument name is an instance of a str subclass with overloaded __eq__ and __hash__. Previously it could cause SystemError or other undesired behavior. - gh-94949: ast.parse() will no longer parse parenthesized context managers when passed feature_version less than (3, 9). Patch by Shantanu Jain. - gh-94947: ast.parse() will no longer parse assignment expressions when passed feature_version less than (3, 8). Patch by Shantanu Jain. - gh-94869: Fix the column offsets for some expressions in multi-line f-strings ast nodes. Patch by Pablo Galindo. - gh-91153: Fix an issue where a bytearray item assignment could crash if it’s resized by the new value’s __index__() method. - gh-94329: Compile and run code with unpacking of extremely large sequences (1000s of elements). Such code failed to compile. It now compiles and runs correctly. - gh-94360: Fixed a tokenizer crash when reading encoded files with syntax errors from stdin with non utf-8 encoded text. Patch by Pablo Galindo - gh-94192: Fix error for dictionary literals with invalid expression as value. - gh-93964: Strengthened compiler overflow checks to prevent crashes when compiling very large source files. - gh-93671: Fix some exponential backtrace case happening with deeply nested sequence patterns in match statements. Patch by Pablo Galindo - gh-93021: Fix the __text_signature__ for __get__() methods implemented in C. Patch by Jelle Zijlstra. - gh-92930: Fixed a crash in _pickle.c from mutating collections during __reduce__ or persistent_id. - gh-92914: Always round the allocated size for lists up to the nearest even number. - gh-92858: Improve error message for some suites with syntax error before ‘:’ - gh-95339: Update bundled pip to 22.2.1. - gh-95045: Fix GC crash when deallocating _lsprof.Profiler by untracking it before calling any callbacks. Patch by Kumar Aditya. - gh-95087: Fix IndexError in parsing invalid date in the email module. - gh-95199: Upgrade bundled setuptools to 63.2.0. - gh-95194: Upgrade bundled pip to 22.2. - gh-93899: Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK and os.EFD_SEMAPHORE flags on older kernel versions where these flags are not present. Patch by Kumar Aditya. - gh-95166: Fix concurrent.futures.Executor.map() to cancel the currently waiting on future on an error - e.g. TimeoutError or KeyboardInterrupt. - gh-93157: Fix fileinput module didn’t support errors option when inplace is true. - gh-94821: Fix binding of unix socket to empty address on Linux to use an available address from the abstract namespace, instead of “0”. - gh-94736: Fix crash when deallocating an instance of a subclass of _multiprocessing.SemLock. Patch by Kumar Aditya. - gh-94637: SSLContext.set_default_verify_paths() now releases the GIL around SSL_CTX_set_default_verify_paths call. The function call performs I/O and CPU intensive work. - gh-94510: Re-entrant calls to sys.setprofile() and sys.settrace() now raise RuntimeError. Patch by Pablo Galindo. - gh-92336: Fix bug where linecache.getline() fails on bad files with UnicodeDecodeError or SyntaxError. It now returns an empty string as per the documentation. - gh-89988: Fix memory leak in pickle.Pickler when looking up dispatch_table. Patch by Kumar Aditya. - gh-94254: Fixed types of struct module to be immutable. Patch by Kumar Aditya. - gh-94245: Fix pickling and copying of typing.Tuple[()]. - gh-94207: Made _struct.Struct GC-tracked in order to fix a reference leak in the _struct module. - gh-94101: Manual instantiation of ssl.SSLSession objects is no longer allowed as it lead to misconfigured instances that crashed the interpreter when attributes where accessed on them. - gh-84753: inspect.iscoroutinefunction(), inspect.isgeneratorfunction(), and inspect.isasyncgenfunction() now properly return True for duck-typed function-like objects like instances of unittest.mock.AsyncMock. - This makes inspect.iscoroutinefunction() consistent with the behavior of asyncio.iscoroutinefunction(). Patch by Mehdi ABAAKOUK. - gh-83499: Fix double closing of file description in tempfile. - gh-79512: Fixed names and __module__ value of weakref classes ReferenceType, ProxyType, CallableProxyType. It makes them pickleable. - gh-90494: copy.copy() and copy.deepcopy() now always raise a TypeError if __reduce__() returns a tuple with length 6 instead of silently ignore the 6th item or produce incorrect result. - gh-90549: Fix a multiprocessing bug where a global named resource (such as a semaphore) could leak when a child process is spawned (as opposed to forked). - gh-79579: sqlite3 now correctly detects DML queries with leading comments. Patch by Erlend E. Aasland. - gh-93421: Update sqlite3.Cursor.rowcount when a DML statement has run to completion. This fixes the row count for SQL queries like UPDATE ... RETURNING. Patch by Erlend E. Aasland. - gh-91810: Suppress writing an XML declaration in open files in ElementTree.write() with encoding='unicode' and xml_declaration=None. - gh-93353: Fix the importlib.resources.as_file() context manager to remove the temporary file if destroyed late during Python finalization: keep a local reference to the os.remove() function. Patch by Victor Stinner. - gh-83658: Make multiprocessing.Pool raise an exception if maxtasksperchild is not None or a positive int. - gh-74696: shutil.make_archive() no longer temporarily changes the current working directory during creation of standard .zip or tar archives. - gh-91577: Move imports in SharedMemory methods to module level so that they can be executed late in python finalization. - bpo-47231: Fixed an issue with inconsistent trailing slashes in tarfile longname directories. - bpo-46755: In QueueHandler, clear stack_info from LogRecord to prevent stack trace from being written twice. - bpo-46053: Fix OSS audio support on NetBSD. - bpo-46197: Fix ensurepip environment isolation for subprocess running pip. - bpo-45924: Fix asyncio incorrect traceback when future’s exception is raised multiple times. Patch by Kumar Aditya. - bpo-34828: sqlite3.Connection.iterdump() now handles databases that use AUTOINCREMENT in one or more tables. - gh-94321: Document the PEP 246 style protocol type sqlite3.PrepareProtocol. - gh-86128: Document a limitation in ThreadPoolExecutor where its exit handler is executed before any handlers in atexit. - gh-61162: Clarify sqlite3 behavior when Using the connection as a context manager. - gh-87260: Align sqlite3 argument specs with the actual implementation. - gh-86986: The minimum Sphinx version required to build the documentation is now 3.2. - gh-88831: Augmented documentation of asyncio.create_task(). Clarified the need to keep strong references to tasks and added a code snippet detailing how to to this. - bpo-47161: Document that pathlib.PurePath does not collapse initial double slashes because they denote UNC paths. - gh-95280: Fix problem with test_ssl test_get_ciphers on systems that require perfect forward secrecy (PFS) ciphers. - gh-95212: Make multiprocessing test case test_shared_memory_recreate parallel-safe. - gh-91330: Added more tests for dataclasses to cover behavior with data descriptor-based fields. - gh-94208: test_ssl is now checking for supported TLS version and protocols in more tests. - gh-93951: In test_bdb.StateTestCase.test_skip, avoid including auxiliary importers. - gh-93957: Provide nicer error reporting from subprocesses in test_venv.EnsurePipTest.test_with_pip. - gh-57539: Increase calendar test coverage for calendar.LocaleTextCalendar.formatweekday(). - gh-92886: Fixing tests that fail when running with optimizations (-O) in test_zipimport.py - bpo-47016: Create a GitHub Actions workflow for verifying bundled pip and setuptools. Patch by Illia Volochii and Adam Turner. - gh-94841: Fix the possible performance regression of PyObject_Free() compiled with MSVC version 1932. - gh-95511: Fix the Shell context menu copy-with-prompts bug of copying an extra line when one selects whole lines. - gh-95471: In the Edit menu, move Select All and add a new separator. - gh-95411: Enable using IDLE’s module browser with .pyw files. - gh-89610: Add .pyi as a recognized extension for IDLE on macOS. This allows opening stub files by double clicking on them in the Finder. - gh-94538: Fix Argument Clinic output to custom file destinations. Patch by Erlend E. Aasland. - gh-94430: Allow parameters named module and self with custom C names in Argument Clinic. Patch by Erlend E. Aasland - gh-94930: Fix SystemError raised when PyArg_ParseTupleAndKeywords() is used with # in (...) but without PY_SSIZE_T_CLEAN defined. - gh-94864: Fix PyArg_Parse* with deprecated format units “u” and “Z”. It returned 1 (success) when warnings are turned into exceptions. - Reapply patches - bpo-31046_ensurepip_honours_prefix.patch - fix_configure_rst.patch - no-skipif-doctests.patch - skip-test_pyobject_freed_is_freed.patch ++++ libvirt: - Update to libvirt 8.6.0 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v8-6-0-2022-08-01 ++++ perl-Bootloader: - move binaries from /sbin to /usr/sbin (boo#1191088) - remove /boot/boot.readme while at it so we stay out of there ++++ python310: - Update to 3.10.6: - gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. Vulnerability discovered, and initial fix proposed, by Hamza Avvan. (bsc#1202624, CVE-2021-28861) - gh-92888: Fix memoryview use after free when accessing the backing buffer in certain cases. - gh-95355: _PyPegen_Parser_New now properly detects token memory allocation errors. Patch by Honglin Zhu. - gh-94938: Fix error detection in some builtin functions when keyword argument name is an instance of a str subclass with overloaded __eq__ and __hash__. Previously it could cause SystemError or other undesired behavior. - gh-94949: ast.parse() will no longer parse parenthesized context managers when passed feature_version less than (3, 9). Patch by Shantanu Jain. - gh-94947: ast.parse() will no longer parse assignment expressions when passed feature_version less than (3, 8). Patch by Shantanu Jain. - gh-94869: Fix the column offsets for some expressions in multi-line f-strings ast nodes. Patch by Pablo Galindo. - gh-91153: Fix an issue where a bytearray item assignment could crash if it’s resized by the new value’s __index__() method. - gh-94329: Compile and run code with unpacking of extremely large sequences (1000s of elements). Such code failed to compile. It now compiles and runs correctly. - gh-94360: Fixed a tokenizer crash when reading encoded files with syntax errors from stdin with non utf-8 encoded text. Patch by Pablo Galindo - gh-94192: Fix error for dictionary literals with invalid expression as value. - gh-93964: Strengthened compiler overflow checks to prevent crashes when compiling very large source files. - gh-93671: Fix some exponential backtrace case happening with deeply nested sequence patterns in match statements. Patch by Pablo Galindo - gh-93021: Fix the __text_signature__ for __get__() methods implemented in C. Patch by Jelle Zijlstra. - gh-92930: Fixed a crash in _pickle.c from mutating collections during __reduce__ or persistent_id. - gh-92914: Always round the allocated size for lists up to the nearest even number. - gh-92858: Improve error message for some suites with syntax error before ‘:’ - gh-95339: Update bundled pip to 22.2.1. - gh-95045: Fix GC crash when deallocating _lsprof.Profiler by untracking it before calling any callbacks. Patch by Kumar Aditya. - gh-95087: Fix IndexError in parsing invalid date in the email module. - gh-95199: Upgrade bundled setuptools to 63.2.0. - gh-95194: Upgrade bundled pip to 22.2. - gh-93899: Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK and os.EFD_SEMAPHORE flags on older kernel versions where these flags are not present. Patch by Kumar Aditya. - gh-95166: Fix concurrent.futures.Executor.map() to cancel the currently waiting on future on an error - e.g. TimeoutError or KeyboardInterrupt. - gh-93157: Fix fileinput module didn’t support errors option when inplace is true. - gh-94821: Fix binding of unix socket to empty address on Linux to use an available address from the abstract namespace, instead of “0”. - gh-94736: Fix crash when deallocating an instance of a subclass of _multiprocessing.SemLock. Patch by Kumar Aditya. - gh-94637: SSLContext.set_default_verify_paths() now releases the GIL around SSL_CTX_set_default_verify_paths call. The function call performs I/O and CPU intensive work. - gh-94510: Re-entrant calls to sys.setprofile() and sys.settrace() now raise RuntimeError. Patch by Pablo Galindo. - gh-92336: Fix bug where linecache.getline() fails on bad files with UnicodeDecodeError or SyntaxError. It now returns an empty string as per the documentation. - gh-89988: Fix memory leak in pickle.Pickler when looking up dispatch_table. Patch by Kumar Aditya. - gh-94254: Fixed types of struct module to be immutable. Patch by Kumar Aditya. - gh-94245: Fix pickling and copying of typing.Tuple[()]. - gh-94207: Made _struct.Struct GC-tracked in order to fix a reference leak in the _struct module. - gh-94101: Manual instantiation of ssl.SSLSession objects is no longer allowed as it lead to misconfigured instances that crashed the interpreter when attributes where accessed on them. - gh-84753: inspect.iscoroutinefunction(), inspect.isgeneratorfunction(), and inspect.isasyncgenfunction() now properly return True for duck-typed function-like objects like instances of unittest.mock.AsyncMock. - This makes inspect.iscoroutinefunction() consistent with the behavior of asyncio.iscoroutinefunction(). Patch by Mehdi ABAAKOUK. - gh-83499: Fix double closing of file description in tempfile. - gh-79512: Fixed names and __module__ value of weakref classes ReferenceType, ProxyType, CallableProxyType. It makes them pickleable. - gh-90494: copy.copy() and copy.deepcopy() now always raise a TypeError if __reduce__() returns a tuple with length 6 instead of silently ignore the 6th item or produce incorrect result. - gh-90549: Fix a multiprocessing bug where a global named resource (such as a semaphore) could leak when a child process is spawned (as opposed to forked). - gh-79579: sqlite3 now correctly detects DML queries with leading comments. Patch by Erlend E. Aasland. - gh-93421: Update sqlite3.Cursor.rowcount when a DML statement has run to completion. This fixes the row count for SQL queries like UPDATE ... RETURNING. Patch by Erlend E. Aasland. - gh-91810: Suppress writing an XML declaration in open files in ElementTree.write() with encoding='unicode' and xml_declaration=None. - gh-93353: Fix the importlib.resources.as_file() context manager to remove the temporary file if destroyed late during Python finalization: keep a local reference to the os.remove() function. Patch by Victor Stinner. - gh-83658: Make multiprocessing.Pool raise an exception if maxtasksperchild is not None or a positive int. - gh-74696: shutil.make_archive() no longer temporarily changes the current working directory during creation of standard .zip or tar archives. - gh-91577: Move imports in SharedMemory methods to module level so that they can be executed late in python finalization. - bpo-47231: Fixed an issue with inconsistent trailing slashes in tarfile longname directories. - bpo-46755: In QueueHandler, clear stack_info from LogRecord to prevent stack trace from being written twice. - bpo-46053: Fix OSS audio support on NetBSD. - bpo-46197: Fix ensurepip environment isolation for subprocess running pip. - bpo-45924: Fix asyncio incorrect traceback when future’s exception is raised multiple times. Patch by Kumar Aditya. - bpo-34828: sqlite3.Connection.iterdump() now handles databases that use AUTOINCREMENT in one or more tables. - gh-94321: Document the PEP 246 style protocol type sqlite3.PrepareProtocol. - gh-86128: Document a limitation in ThreadPoolExecutor where its exit handler is executed before any handlers in atexit. - gh-61162: Clarify sqlite3 behavior when Using the connection as a context manager. - gh-87260: Align sqlite3 argument specs with the actual implementation. - gh-86986: The minimum Sphinx version required to build the documentation is now 3.2. - gh-88831: Augmented documentation of asyncio.create_task(). Clarified the need to keep strong references to tasks and added a code snippet detailing how to to this. - bpo-47161: Document that pathlib.PurePath does not collapse initial double slashes because they denote UNC paths. - gh-95280: Fix problem with test_ssl test_get_ciphers on systems that require perfect forward secrecy (PFS) ciphers. - gh-95212: Make multiprocessing test case test_shared_memory_recreate parallel-safe. - gh-91330: Added more tests for dataclasses to cover behavior with data descriptor-based fields. - gh-94208: test_ssl is now checking for supported TLS version and protocols in more tests. - gh-93951: In test_bdb.StateTestCase.test_skip, avoid including auxiliary importers. - gh-93957: Provide nicer error reporting from subprocesses in test_venv.EnsurePipTest.test_with_pip. - gh-57539: Increase calendar test coverage for calendar.LocaleTextCalendar.formatweekday(). - gh-92886: Fixing tests that fail when running with optimizations (-O) in test_zipimport.py - bpo-47016: Create a GitHub Actions workflow for verifying bundled pip and setuptools. Patch by Illia Volochii and Adam Turner. - gh-94841: Fix the possible performance regression of PyObject_Free() compiled with MSVC version 1932. - gh-95511: Fix the Shell context menu copy-with-prompts bug of copying an extra line when one selects whole lines. - gh-95471: In the Edit menu, move Select All and add a new separator. - gh-95411: Enable using IDLE’s module browser with .pyw files. - gh-89610: Add .pyi as a recognized extension for IDLE on macOS. This allows opening stub files by double clicking on them in the Finder. - gh-94538: Fix Argument Clinic output to custom file destinations. Patch by Erlend E. Aasland. - gh-94430: Allow parameters named module and self with custom C names in Argument Clinic. Patch by Erlend E. Aasland - gh-94930: Fix SystemError raised when PyArg_ParseTupleAndKeywords() is used with # in (...) but without PY_SSIZE_T_CLEAN defined. - gh-94864: Fix PyArg_Parse* with deprecated format units “u” and “Z”. It returned 1 (success) when warnings are turned into exceptions. - Reapply patches - bpo-31046_ensurepip_honours_prefix.patch - fix_configure_rst.patch - no-skipif-doctests.patch - skip-test_pyobject_freed_is_freed.patch ++++ python-libvirt-python: - Update to 8.6.0 - Add all new APIs and constants in libvirt 8.6.0 ++++ python-urllib3: - update to 1.26.11 * Fix OverflowError when TLS is used on some Python versions ------------------------------------------------------------------ ------------------ 2022-8-1 - Aug 1 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - update to 22.1.4: * anv: disable non uniform indexing of UBOs * anv: use the right helper to invalidate memory * intel/fs: ray query fix for global address * isl: add new helper for format component compatibility * radeonsi: fix random PS wave size * r300: Keep rc_rename_regs() from overflowing * aco/ra: update register file when updating phi definition * radv: Fix vkCmdCopyQueryResults -> vkCmdResetPool hazard ++++ Mesa-drivers: - update to 22.1.4: * anv: disable non uniform indexing of UBOs * anv: use the right helper to invalidate memory * intel/fs: ray query fix for global address * isl: add new helper for format component compatibility * radeonsi: fix random PS wave size * r300: Keep rc_rename_regs() from overflowing * aco/ra: update register file when updating phi definition * radv: Fix vkCmdCopyQueryResults -> vkCmdResetPool hazard ++++ apparmor: - update to AppArmor 3.0.6 - fix LTO build in the parser - remove dbus deny rule in abstractions/exo-open - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.6 for the detailed upstream changelog - drop upstream patch dirtest-sort-mr900.diff ++++ coreutils: - refresh coreutils-i18n.patch to prevent unexpand from failing on control characters (brc#2112870) (bsc#1202029) - extend psuffix handling to be quilt(1) compatible ++++ libapparmor: - update to AppArmor 3.0.6 - fix LTO build in the parser - remove dbus deny rule in abstractions/exo-open - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.6 for the detailed upstream changelog - drop upstream patch dirtest-sort-mr900.diff ++++ libgcrypt: - Fix reproducible build problems: - Do not use %release in binaries (but use SOURCE_DATE_EPOCH) - Fix date call messed up by spec-cleaner ++++ ncurses: - Add ncurses patch 20220729 + fixes to build with dietlibc: + add configure check for fpathconf (report by Georg Lehner). + add configure check for math sine/cosine, needed in test/tclock, and eliminate pow() from test/hanoi (report by Georg Lehner). + use wcsnlen as an alternative to wmemchr if it is not found (adapted from patch by Georg Lehner). + trim out some unwanted linker options from ncurses*config and .pc files seen in Fedora 36+. - Port patch ncurses-6.3.dif ++++ tiff: - security update: * CVE-2022-34526 [bsc#1202026] + tiff-CVE-2022-34526.patch ++++ unbound: - update to 1.16.2 (boo#1202031 boo#1202033) * Features - Merge #718: Introduce infra-cache-max-rtt option to config max retransmit timeout. * Bug Fixes - Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699. - Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for one loop pass'. - Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on outbound tcp sockets. - Fix verbose EDE error printout. - Fix dname count in sldns parse type descriptor for SVCB and HTTPS. - For windows crosscompile, fix setting the IPV6_MTU socket option equivalent (IPV6_USER_MTU); allows cross compiling with latest cross-compiler versions. - Merge PR 714: Avoid treat normal hosts as unresponsive servers. And fixup the lock code. - iana portlist update. - Update documentation for 'outbound-msg-retry:'. - Tests for ghost domain fixes. ++++ osinfo-db: - update to 20220727 - drop: add-opensuse-leap-15.4-support.patch add-sle15sp4-support.patch add-slem5.1-support.patch add-slem5.2-support.patch opensuse-autoyast-desktop.patch: all upstream ++++ python310-packaging: - BuildIgnore python3-packaging for primary bootstrap. ++++ read-only-root-fs: - Update to version 1.0+git20220801.cbb90bc: * Add another workaround for read-only subvolumes (boo#1202000) * Correctly declare mount-overlay.sh as Bash file - Update source service URL ++++ rsync: - Security fix: [bsc#1201840, CVE-2022-29154] * arbitrary file write vulnerability via do_server_recv function * Added patch rsync-CVE-2022-29154.patch ------------------------------------------------------------------ ------------------ 2022-7-31 - Jul 31 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update to 5.19 final - refresh configs - commit e9f89c9 ++++ pcre2: - Fix the profiling call to be non-parallel again (fighting spec cleaner) ++++ python310-core: - Extend distutils-reproducible-compile.patch with a workaround for non reproducible pyc files issue 93317 ++++ python310: - Extend distutils-reproducible-compile.patch with a workaround for non reproducible pyc files issue 93317 ------------------------------------------------------------------ ------------------ 2022-7-30 - Jul 30 2022 ------------------- ------------------------------------------------------------------ ++++ permissions: - Avoid different Versions for subpackages to fix build-compare seeing the src rpm as equal. It replaces VERSION-RELEASE but that will fail if subpackages use a different Version ++++ kernel-default: - Linux 5.18.15 (bsc#1012628). - watch-queue: remove spurious double semicolon (bsc#1012628). - ASoC: SOF: Intel: disable IMR boot when resuming from ACPI S4 and S5 states (bsc#1012628). - ASoC: SOF: pm: add definitions for S4 and S5 states (bsc#1012628). - ASoC: SOF: pm: add explicit behavior for ACPI S1 and S2 (bsc#1012628). - watchqueue: make sure to serialize 'wqueue->defunct' properly (bsc#1012628). - x86/alternative: Report missing return thunk details (bsc#1012628). - x86/amd: Use IBPB for firmware calls (bsc#1012628). - exfat: use updated exfat_chain directly during renaming (bsc#1012628). - exfat: fix referencing wrong parent directory information after renaming (bsc#1012628). - crypto: qat - re-enable registration of algorithms (bsc#1012628). - crypto: qat - add param check for DH (bsc#1012628). - crypto: qat - add param check for RSA (bsc#1012628). - crypto: qat - remove dma_free_coherent() for DH (bsc#1012628). - crypto: qat - remove dma_free_coherent() for RSA (bsc#1012628). - crypto: qat - fix memory leak in RSA (bsc#1012628). - crypto: qat - add backlog mechanism (bsc#1012628). - crypto: qat - refactor submission logic (bsc#1012628). - crypto: qat - use pre-allocated buffers in datapath (bsc#1012628). - crypto: qat - set to zero DH parameters before free (bsc#1012628). - dlm: fix pending remove if msg allocation fails (bsc#1012628). - clk: lan966x: Fix the lan966x clock gate register address (bsc#1012628). - x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts (bsc#1012628). - perf/x86/intel/lbr: Fix unchecked MSR access error on HSW (bsc#1012628). - sched/deadline: Fix BUG_ON condition for deboosted tasks (bsc#1012628). - bpf: Make sure mac_header was set before using it (bsc#1012628). - mm/mempolicy: fix uninit-value in mpol_rebind_policy() (bsc#1012628). - KVM: Don't null dereference ops->destroy (bsc#1012628). - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers (bsc#1012628). - KVM: selftests: Fix target thread to be migrated in rseq_test (bsc#1012628). - gpio: gpio-xilinx: Fix integer overflow (bsc#1012628). - selftests: gpio: fix include path to kernel headers for out of tree builds (bsc#1012628). - net/sched: cls_api: Fix flow action initialization (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_max_reordering (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_abort_on_overflow (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_rfc1337 (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_stdurg (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_retrans_collapse (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_slow_start_after_idle (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_recovery (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_early_retrans (bsc#1012628). - tcp: Fix data-races around sysctl knobs related to SYN option (bsc#1012628). - udp: Fix a data-race around sysctl_udp_l3mdev_accept (bsc#1012628). - ip: Fix data-races around sysctl_ip_prot_sock (bsc#1012628). - ipv4: Fix data-races around sysctl_fib_multipath_hash_fields (bsc#1012628). - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy (bsc#1012628). - ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh (bsc#1012628). - can: rcar_canfd: Add missing of_node_put() in rcar_canfd_probe() (bsc#1012628). - drm/imx/dcss: Add missing of_node_put() in fail path (bsc#1012628). - drm/panel-edp: Fix variable typo when saving hpd absent delay from DT (bsc#1012628). - amt: do not use amt->nr_tunnels outside of lock (bsc#1012628). - amt: drop unexpected multicast data (bsc#1012628). - amt: drop unexpected query message (bsc#1012628). - amt: drop unexpected advertisement message (bsc#1012628). - amt: add missing regeneration nonce logic in request logic (bsc#1012628). - amt: use READ_ONCE() in amt module (bsc#1012628). - amt: remove unnecessary locks (bsc#1012628). - amt: use workqueue for gateway side message handling (bsc#1012628). - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (bsc#1012628). - net: dsa: sja1105: silent spi_device_id warnings (bsc#1012628). - be2net: Fix buffer overflow in be_get_module_eeprom (bsc#1012628). - gpio: pca953x: use the correct register address when regcache sync during init (bsc#1012628). - gpio: pca953x: use the correct range when do regmap sync (bsc#1012628). - gpio: pca953x: only use single read/write for No AI mode (bsc#1012628). - net: stmmac: remove redunctant disable xPCS EEE call (bsc#1012628). - net: dsa: fix NULL pointer dereference in dsa_port_reset_vlan_filtering (bsc#1012628). - net: dsa: move reset of VLAN filtering to dsa_port_switchdev_unsync_attrs (bsc#1012628). - net: dsa: fix dsa_port_vlan_filtering when global (bsc#1012628). - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (bsc#1012628). - i40e: Fix erroneous adapter reinitialization during recovery process (bsc#1012628). - net: lan966x: Fix usage of lan966x->mac_lock when used by FDB (bsc#1012628). - net: lan966x: Fix usage of lan966x->mac_lock inside lan966x_mac_irq_handler (bsc#1012628). - net: lan966x: Fix usage of lan966x->mac_lock when entry is removed (bsc#1012628). - net: lan966x: Fix usage of lan966x->mac_lock when entry is added (bsc#1012628). - net: lan966x: Fix taking rtnl_lock while holding spin_lock (bsc#1012628). - pinctrl: armada-37xx: make irq_lock a raw spinlock to avoid invalid wait context (bsc#1012628). - pinctrl: armada-37xx: Reuse GPIO fwnode in armada_37xx_irqchip_register() (bsc#1012628). - ACPI: CPPC: Don't require flexible address space if X86_FEATURE_CPPC is supported (bsc#1012628). - iavf: Fix missing state logs (bsc#1012628). - iavf: Fix handling of dummy receive descriptors (bsc#1012628). - iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (bsc#1012628). - iavf: Fix VLAN_V2 addition/rejection (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_fastopen (bsc#1012628). - tcp: Fix data-races around sysctl_max_syn_backlog (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_tw_reuse (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_notsent_lowat (bsc#1012628). - tcp: Fix data-races around some timeout sysctl knobs (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_reordering (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_migrate_req (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_syncookies (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_syn(ack)?_retries (bsc#1012628). - tcp: Fix data-races around keepalive sysctl knobs (bsc#1012628). - igmp: Fix data-races around sysctl_igmp_qrv (bsc#1012628). - igmp: Fix data-races around sysctl_igmp_max_msf (bsc#1012628). - igmp: Fix a data-race around sysctl_igmp_max_memberships (bsc#1012628). - igmp: Fix data-races around sysctl_igmp_llm_reports (bsc#1012628). - net: prestera: acl: use proper mask for port selector (bsc#1012628). - net/tls: Fix race in TLS device down flow (bsc#1012628). - net: stmmac: fix dma queue left shift overflow issue (bsc#1012628). - pinctrl: ocelot: Fix pincfg (bsc#1012628). - pinctrl: ocelot: Fix pincfg for lan966x (bsc#1012628). - perf tests: Fix Convert perf time to TSC test for hybrid (bsc#1012628). - perf tests: Stop Convert perf time to TSC test opening events twice (bsc#1012628). - i2c: cadence: Change large transfer count reset logic to be unconditional (bsc#1012628). - i2c: mlxcpld: Fix register setting for 400KHz frequency (bsc#1012628). - tcp/udp: Make early_demux back namespacified (bsc#1012628). - net: dsa: microchip: ksz_common: Fix refcount leak bug (bsc#1012628). - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (bsc#1012628). - net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (bsc#1012628). - stmmac: dwmac-mediatek: fix clock issue (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_probe_interval (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_probe_threshold (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_min_snd_mss (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_base_mss (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_mtu_probing (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_l3mdev_accept (bsc#1012628). - tcp: sk->sk_bound_dev_if once in inet_request_bound_dev_if() (bsc#1012628). - tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept (bsc#1012628). - ip: Fix a data-race around sysctl_fwmark_reflect (bsc#1012628). - ip: Fix a data-race around sysctl_ip_autobind_reuse (bsc#1012628). - ip: Fix data-races around sysctl_ip_nonlocal_bind (bsc#1012628). - ip: Fix data-races around sysctl_ip_fwd_update_priority (bsc#1012628). - ip: Fix data-races around sysctl_ip_fwd_use_pmtu (bsc#1012628). - ip: Fix data-races around sysctl_ip_no_pmtu_disc (bsc#1012628). - igc: Reinstate IGC_REMOVED logic and implement it properly (bsc#1012628). - Revert "e1000e: Fix possible HW unit hang after an s0ix exit" (bsc#1012628). - e1000e: Enable GPT clock before sending message to CSME (bsc#1012628). - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (bsc#1012628). - pinctrl: sunplus: Add check for kcalloc (bsc#1012628). - pinctrl: ralink: Check for null return of devm_kcalloc (bsc#1012628). - pinctrl: ralink: rename pinctrl-rt2880 to pinctrl-ralink (bsc#1012628). - pinctrl: ralink: rename MT7628(an) functions to MT76X8 (bsc#1012628). - RDMA/irdma: Fix sleep from invalid context BUG (bsc#1012628). - RDMA/irdma: Do not advertise 1GB page size for x722 (bsc#1012628). - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (bsc#1012628). - power: supply: ab8500_fg: add missing destroy_workqueue in ab8500_fg_probe (bsc#1012628). - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() (bsc#1012628). - ip: Fix data-races around sysctl_ip_default_ttl (bsc#1012628). - r8152: fix a WOL issue (bsc#1012628). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1012628). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1012628). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1012628). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1012628). - bus: mhi: host: pci_generic: add Telit FN990 (bsc#1012628). - bus: mhi: host: pci_generic: add Telit FN980 v1 hardware revision (bsc#1012628). - net: usb: ax88179_178a needs FLAG_SEND_ZLP (bsc#1012628). - drm/scheduler: Don't kill jobs in interrupt context (bsc#1012628). - drm/amd/display: Fix new dmub notification enabling in DM (bsc#1012628). - drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (bsc#1012628). - mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times (bsc#1012628). - mmc: sdhci-omap: Fix a lockdep warning for PM runtime init (bsc#1012628). - lockdown: Fix kexec lockdown bypass with ima policy (bsc#1012628). - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (bsc#1012628). - riscv: add as-options for modules with assembly compontents (bsc#1012628). - pinctrl: stm32: fix optional IRQ support to gpios (bsc#1012628). - pinctrl: armada-37xx: use raw spinlocks for regmap to avoid invalid wait context (bsc#1012628). - commit 0b7935a ------------------------------------------------------------------ ------------------ 2022-7-29 - Jul 29 2022 ------------------- ------------------------------------------------------------------ ++++ gnutls: - Update to 3.7.7: [bsc#1202020, CVE-2022-2509] * libgnutls: Fixed double free during verification of pkcs7 signatures. CVE-2022-2509 * libgnutls: gnutls_hkdf_expand now only accepts LENGTH argument less than or equal to 255 times hash digest size, to comply with RFC 5869 2.3. * libgnutls: Length limit for TLS PSK usernames has been increased from 128 to 65535 characters * libgnutls: AES-GCM encryption function now limits plaintext length to 2^39-256 bits, according to SP800-38D 5.2.1.1. * libgnutls: New block cipher functions have been added to transparently handle padding. gnutls_cipher_encrypt3 and gnutls_cipher_decrypt3 can be used in combination of GNUTLS_CIPHER_PADDING_PKCS7 flag to automatically add/remove padding if the length of the original plaintext is not a multiple of the block size. * libgnutls: New function for manual FIPS self-testing. * API and ABI modifications: - gnutls_fips140_run_self_tests: New function - gnutls_cipher_encrypt3: New function - gnutls_cipher_decrypt3: New function - gnutls_cipher_padding_flags_t: New enum * guile: Guile 1.8 is no longer supported * guile: Session record port treats premature termination as EOF Previously, a 'gnutls-error' exception with the 'error/premature-termination' value would be thrown while reading from a session record port when the underlying session was terminated prematurely. This was inconvenient since users of the port may not be prepared to handle such an exception. Reading from the session record port now returns the end-of-file object instead of throwing an exception, just like it would for a proper session termination. * guile: Session record ports can have a 'close' procedure. The 'session-record-port' procedure now takes an optional second parameter, and a new 'set-session-record-port-close!' procedure is provided to specify a 'close' procedure for a session record port. This 'close' procedure lets users specify cleanup operations for when the port is closed, such as closing the file descriptor or port that backs the underlying session. * Rebase patches: - gnutls-3.6.6-set_guile_site_dir.patch - gnutls-FIPS-TLS_KDF_selftest.patch - gnutls-FIPS-disable-failing-tests.patch * Remove patch merged upstream: - gnutls-FIPS-PBKDF2-KAT-requirements.patch - https://gitlab.com/gnutls/gnutls/merge_requests/1561 ++++ texinfo: - Do lua scripting only once for execute() function ++++ shim: - Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282) ------------------------------------------------------------------ ------------------ 2022-7-28 - Jul 28 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Create /etc/NetworkManager/conf.d by default, allowing easy override for NetworkManager.conf file with drop-in. - Move default config file to /usr/lib/NetworkManager/NetworkManager.conf, as part of main package. - Branding upstream package is now just a config drop-in to disable conncheck. - Ensure /usr/lib/NetworkManager/conf.d is part of the package. ++++ NetworkManager-branding-openSUSE: - Move conncheck config file out of /etc. No longer import main config file. ++++ cockpit: - Update suse-microos-branding.patch for new /etc/os-release ID. - Add storage-btrfs.patch to enable BTRFS use in cockpit-storage. ++++ docker: - Allow to install container-selinux instead of apparmor-parser. ++++ k3s-install: - Update to version 1.24.3+k3s1: * Update to v1.24.3 (#5870) * Address issues with etcd snapshots * Fix deletion of svclb DaemonSet when Service is deleted * Remove legacy bidirectional datastore sync code * Fix fatal error when reconciling bootstrap data * Promote v1.23.8+k3s2 to stable * Replace dapper testing with regular docker (#5805) * Fix issue with containerd stats missing from cadvisor metrics * Bump runc version to v1.1.3 * Bump remotedialer * Bump kine to v0.9.3 * Don't crash when service IPFamiliyPolicy is not set * Fix egress selector proxy/bind-address support * Add tests for down-level etcd join * Handle egress-selector-mode change during upgrade * Remove go-powershell dead dependency (#5777) * add 1.24 release channel (#5742) * Mark v1.23.8+k3s1 to stable * Update to v1.24.2 * Bump helm-controller * containerd: Enable enable_unprivileged_ports and enable_unprivileged_icmp by default * Enable compact tests for k3s s390x * Only listen on loopback when resetting * Ensure that CONTAINERD_ variables are not shadowed by later entries * Sanitize filenames for use in configmap keys * Disable urfave markdown/man docs generation * Delay service readiness until after startuphooks have finished (#5649) * add arm tests and upgrade tests (#5526) * Add alternate scripts location (#5692) * Introduce servicelb-namespace parameter * Move all klipper-lb daemonset to common namespace for PodSecurity * E2E: Dualstack test (#5617) * add support for pprof server (#5527) * Update security email contact (#5607) * E2E Improvements and groundwork for test-pad tool (#5593) * Integration Test: Startup (#5630) * Add FlannelConfCNI flag * Add ability to pass configuration options to flannel backend * Bump flannel to v0.18.1 * Remove kube-ipvs0 interface when cleaning up ++++ libnettle: - update to 3.8.1: * Avoid non-posix m4 argument references in the chacha implementation for arm64, powerpc64 and s390x. Reported by Christian Weisgerber, fix contributed by Mamone Tarsha. * Use explicit .machine pseudo-ops where needed in s390x assembly files. Bug report by Andreas K. Huettel, fix contributed by Mamone Tarsha. ++++ protobuf: - update to 21.4: * Reduce the required alignment of ArenaString from 8 to 4 ------------------------------------------------------------------ ------------------ 2022-7-27 - Jul 27 2022 ------------------- ------------------------------------------------------------------ ++++ bash: - Update to bash 5.2 rc2 gg. Since there is no `declare -' equivalent of `local -', make sure to use `local -' in the output of `local -p'. ++++ texinfo: - Check for filetrigger lua scriplets if rpm.execute() as function call is given and used this ++++ util-linux: - exclude bash-completion stuff for programs that are in util-linux-systemd from util-linux for real. ++++ readline: - Update to readline-8.2-rc2 ++++ selinux-policy: - fix_networkmanager.patch: Allow NetworkManager_dispatcher_tlp_t and NetworkManager_dispatcher_custom_t to access nscd socket (bsc#1201741) ++++ util-linux-systemd: - exclude bash-completion stuff for programs that are in util-linux-systemd from util-linux for real. ------------------------------------------------------------------ ------------------ 2022-7-26 - Jul 26 2022 ------------------- ------------------------------------------------------------------ ++++ bash-completion: - Add patch fix-curl-help-completion-bsc1200791.patch (bsc#1200791) * List all options for `curl --` ++++ fde-tools: - Initial build as package pcr-oracle ++++ kernel-default: - armv7hl: Update config files. (bsc#1201857) Unify IWLWIFI debug options with other archs. - armv7hl: Update config files. (bsc#1201857) Enable PCI wifi chips - commit 0cc672e ++++ augeas: - Unset MALLOC_PERTURB_ to speed up %check significantly (boo#1201884, gh#hercules-team#768) ++++ mozilla-nss: - update to NSS 3.80 * bmo#1774720 - Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * bmo#1617956 - Add support for asynchronous client auth hooks. * bmo#1497537 - nss-policy-check: make unknown keyword check optional. * bmo#1765383 - GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * bmo#1773022 - Mark 3.79 as an ESR release. * bmo#1764206 - Bump nssckbi version number for June. * bmo#1759815 - Remove Hellenic Academic 2011 Root. * bmo#1770267 - Add E-Tugra Roots. * bmo#1768970 - Add Certainly Roots. * bmo#1764392 - Add DigitCert Roots. * bmo#1759794 - Protect SFTKSlot needLogin with slotLock. * bmo#1366464 - Compare signature and signatureAlgorithm fields in legacy certificate verifier. * bmo#1771497 - Uninitialized value in cert_VerifyCertChainOld. * bmo#1771495 - Unchecked return code in sec_DecodeSigAlg. * bmo#1771498 - Uninitialized value in cert_ComputeCertType. * bmo#1760998 - Avoid data race on primary password change. * bmo#1769063 - Replace ppc64 dcbzl intrinisic. * bmo#1771036 - Allow LDFLAGS override in makefile builds. ++++ gcc12: - Add Provides of libstdc++6-pp-gccN to libstdc++6-pp. [bsc#1201848] ++++ ceph: - Update to 16.2.9-538-g9de83fa4064: + (bsc#1201604) cephfs-shell: move source to separate subdirectory ++++ selinux-policy: - Add fix_cloudform.patch to fix cloud-init runcmd issue with snapper (bnc#1201015) ++++ vim: - Updated to version 9.0.0073, fixes the following problems - CVE-2022-2522 - boo#1201863 - CVE-2022-2345 - boo#1201363 - CVE-2022-2343 - boo#1201356 - CVE-2022-2344 - boo#1201359 * In the quickfix window 'cursorline' overrules QuickFixLine highlighting. * On a Belgian keyboard CTRL-[ does not work. * Spell tests do not always clear the word list. * Spell dump may go beyond end of an array. * 'fillchars' cannot have window-local values. * 'listchars' test fails. * Not all systems have GDK_KEY_dead_circumflex. (Hisashi T Fujinaka) * Use of set_chars_option() is confusing. * A couple of filetype patterns do not have "*" before "/etc". * Missing change for filetype detection. * Insufficient testing for bracket commands. * Typos in comments, wrapping lines. * Reading past end of completion with a long line and 'infercase' set. * Reading past end of completion with duplicate match. * Using freed memory with recursive substitute. * Cursor in wrong column with mouse click after concealed text. * Csv and tsv files are not recognized. * Split else-if is confusing. * Using CTRL-C wih :append may hang Vim. * "zG" may throw an error if invalid character follows. * E1281 not tested with the old regexp engine. * Compiler warning for size_t to int conversion. * Bitbake files are not detected. * Wrong line number reported when :cexpr fails in :def function. * has('patch-xxx') returns true. * Test file has wrong name. * Accessing uninitialized memory when completing long line. * ml_get error with nested autocommand. * Compiler warnings for signed/unsigned char. * Too many type casts for dict_get functions. * Confusing error when using "q:" in command line window. * Cross-compiling doesn't work because of timer_create check. * Switching window uneccarily when getting buffer options. * Cannot show virtual text. * Build fails with tiny features. * Leaking memory when using text prop with inserted text. * Using utfc_ptr2char_len() when length is negative. * Command overlaps with printed text in scrollback. * Compiler warning for uninitialized variable. * Too many files recognized as bsdl. ------------------------------------------------------------------ ------------------ 2022-7-25 - Jul 25 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - update to AppArmor 3.0.5 - several additions to profiles and abstractions - bugfixes in parser and utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.5 for the detailed upstream changelog - remove upstream(ed) patchs: - apparmor-setuptools61-mr897.patch - dovecot-profiles-boo1199535-mr881.diff - php8-fpm-mr876.patch - python310-help-mr848.patch - samba-new-dcerpcd.patch - samba_deny_net_admin.patch - update-samba-bgqd.diff - update-usr-sbin-smbd.diff - apparmor-samba-include-permissions-for-shares.diff: remove upstreamed part - add dirtest-sort-mr900.diff to fix random test failures - change apache-extra-profile-include-if-exists.diff to the post-mv path (new quilt executes mv) - stop disabling lto (fixed upstream) (boo#1133091) - package profile-load script in -parser ++++ kernel-default: - config: riscv64: Enable DRM stack for early-boot graphics (boo#1201833) Replace fbdev's generic drivers with DRM-based simpledrm. Enables the DRM graphics stack for early-boot graphics, recovery and unsupported chipsets. - commit b8947d7 - config: armv7hl: Enable DRM stack for early-boot graphics (boo#1193475) Replace fbdev's generic drivers with DRM-based simpledrm. Enables the DRM graphics stack for early-boot graphics, recovery and unsupported chipsets. - commit 374bc62 - config: armv6hl: Enable DRM stack for early-boot graphics (boo#1193475) Replace fbdev's generic drivers with DRM-based simpledrm. Enables the DRM graphics stack for early-boot graphics, recovery and unsupported chipsets. - commit 07f549a - config: arm64: Enable DRM stack for early-boot graphics (boo#1193475) Replace fbdev's generic drivers with DRM-based simpledrm. Enables the DRM graphics stack for early-boot graphics, recovery and unsupported chipsets. - commit 146fbca - Update to 5.19-rc8 - update configs - PINCTRL_AMD=y (arm64 only, no longer allowed to be a module) - commit 96ba878 ++++ libapparmor: - update to AppArmor 3.0.5 - several additions to profiles and abstractions - bugfixes in parser and utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.5 for the detailed upstream changelog - remove upstream(ed) patchs: - apparmor-setuptools61-mr897.patch - dovecot-profiles-boo1199535-mr881.diff - php8-fpm-mr876.patch - python310-help-mr848.patch - samba-new-dcerpcd.patch - samba_deny_net_admin.patch - update-samba-bgqd.diff - update-usr-sbin-smbd.diff - apparmor-samba-include-permissions-for-shares.diff: remove upstreamed part - add dirtest-sort-mr900.diff to fix random test failures - change apache-extra-profile-include-if-exists.diff to the post-mv path (new quilt executes mv) - stop disabling lto (fixed upstream) (boo#1133091) - package profile-load script in -parser ++++ protobuf: - update to 21.3: * C++ * Add header search paths to Protobuf-C++.podspec (#10024) * Fixed Visual Studio constinit errors (#10232) * Fix #9947: make the ABI compatible between debug and non-debug builds (#10271) * UPB * Allow empty package names (fixes behavior regression in 4.21.0) * Fix a SEGV bug when comparing a non-materialized sub-message (#10208) * Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name) * for x in mapping now yields keys rather than values, to match Python conventions and the behavior of the old library. * Lookup operations now correctly reject unhashable types as map keys. * We implement repr() to use the same format as dict. * Fix maps to use the ScalarMapContainer class when appropriate * Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717) * PHP * Add "readonly" as a keyword for PHP and add previous classnames to descriptor pool (#10041) * Python * Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118) * Bazel * Add back a filegroup for :well_known_protos (#10061) ++++ perl: - fix build on ppc * updated patch: perl_skip_flaky_tests_powerpc.patch ++++ policycoreutils: - Add recommends for ausearch binary (bsc#1201043) ++++ shim: - Revoked the change in shim.spec for "use common SBAT values (boo#1193282)" - we need to build openSUSE Tumbleweed's shim on Leap 15.4 because Factory is unstable for building out a stable shim binary for signing. (bsc#1198458) - But the rpm-config-suse package in Leap 15.4 is direct copied from SLE 15.4 because closing-the-leap-gap. So sbat_distro_* variables are SLE version, not for openSUSE. (bsc#1198458) ------------------------------------------------------------------ ------------------ 2022-7-24 - Jul 24 2022 ------------------- ------------------------------------------------------------------ ++++ curl: - add tests-for-32bit.patch to fix testsuite on 32bit platforms ++++ kernel-default: - config: update and enable armv6hl Config option values were taken from global 5.19 updates while armv6hl configs were disabled, arm64 updates in commit 14beb34d0af9 ("config: update and enable arm64") and armv7hl config updates in commit 36833cf30926 ("config: update and enable armv7hl"). - commit de516ba - config: update and enable armv7hl The list below omits config options update globally while armv7hl configs were disabled and config options updated on arm64 for 5.19 in commit 14beb34d0af9 ("config: update and enable arm64"). - new config options - ARCH_BCMBCA=y - ARCH_HPE=y - ARCH_HPE_GXP=y - CPU_LITTLE_ENDIAN=y - ARM_ERRATA_764319=y - GVE=m - PINCTRL_IMXRT1170=y - GXP_WATCHDOG=m - MEDIA_CEC_RC=y - COMMON_CLK_EN7523=y - new config options in armv7hl/lpae - EDAC_SYNOPSYS=m - XILINX_INTC=y - commit 36833cf - config: update and enable arm64 The list below omits config options updated globally while arm64 configs were disabled. - new config options - ARM64_SME=y - CRYPTO_SM4_ARM64_CE_BLK=m - CRYPTO_SM4_ARM64_NEON_BLK=m - CAN_CTUCANFD_PLATFORM=m - QCOM_SSC_BLOCK_BUS=y - MTK_ADSP_IPC=m - MTD_NAND_ECC_MEDIATEK=m - NVME_APPLE=m - VMWARE_VMCI=m - SPI_MTK_SNFI=m - PINCTRL_IMXRT1170=m - PINCTRL_MT6795=y - PINCTRL_SC7280_LPASS_LPI=m - PINCTRL_SM8250_LPASS_LPI=m - ROCKCHIP_VOP=y - ROCKCHIP_VOP2=y - DRM_MSM_MDP4=y - DRM_MSM_MDP5=y - DRM_MSM_DPU=y - DRM_MSM_HDMI=y - DRM_PANEL_NEWVISION_NV3052C=m - DRM_FSL_LDB=m - DRM_LONTIUM_LT9211=m - DRM_DW_HDMI_GP_AUDIO=m - DRM_SSD130X_SPI=m - SND_SERIAL_GENERIC=m - SND_SOC_MT8195_MT6359=m - SND_SOC_SOF_MT8186=m - SND_SOC_TEGRA186_ASRC=m - LEDS_QCOM_LPG=m - TEGRA186_GPC_DMA=m - COMMON_CLK_MT8186=y - SC_GCC_8280XP=m - SC_LPASS_CORECC_7280=m - APPLE_RTKIT=m - APPLE_SART=m - PWM_XILINX=m - NVMEM_APPLE_EFUSES=m - INTERCONNECT_QCOM_SC8280XP=m - INTERCONNECT_QCOM_SDX65=m - HTE_TEGRA194=m - HTE_TEGRA194_TEST=n - TRUSTED_KEYS_CAAM=y - CRYPTO_DEV_FSL_CAAM_PRNG_API=y - FIPS_SIGNATURE_SELFTEST=n - PAGE_TABLE_CHECK=y - PAGE_TABLE_CHECK_ENFORCED=n - VMWARE_VMCI_VSOCKETS=m - commit 14beb34 ++++ harfbuzz: - harfbuzz 5.0.1, including changes from 5.0.0: + Improve for fonts with more than 65535 glyphs + Support version 2 of “avar” table + Improve support for some Arabic, Hebrew fonts + Support for specific script tags to be retained in the subsetter, and add “--layout-scripts” option to “hb-subset” tool + Improved handling of command line options + Improve support for multiple tables and font features, and font feature specific bug fixes ++++ python-urllib3: - update to 1.26.10: * Removed support for Python 3.5 * Fixed an issue where a ``ProxyError`` recommending configuring the proxy as HTTP instead of HTTPS could appear even when an HTTPS proxy wasn't configured. - refresh remove_mock.patch with extra mock usages ------------------------------------------------------------------ ------------------ 2022-7-23 - Jul 23 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - riscv: enable CONFIG_STRICT_DEVMEM - new config options - CONFIG_EXCLUSIVE_SYSTEM_RAM=y - CONFIG_IO_STRICT_DEVMEM=y - commit 2477a0c - riscv: enable CONFIG_FTRACE - new config options - CONFIG_BPF_LSM=y - CONFIG_TASKS_RUDE_RCU=y - CONFIG_TRACEPOINTS=y - CONFIG_KPROBES_ON_FTRACE=y - CONFIG_UPROBES=y - CONFIG_BATMAN_ADV_TRACING=n - CONFIG_NET_DROP_MONITOR=m - CONFIG_ATH5K_TRACER=n - CONFIG_ATH6KL_TRACING=n - CONFIG_WIL6210_TRACING=y - CONFIG_ATH10K_TRACING=n - CONFIG_ATH11K_TRACING=n - CONFIG_IWLWIFI_DEVICE_TRACING=n - CONFIG_STM_SOURCE_FTRACE=m - CONFIG_PSTORE_FTRACE=n - CONFIG_DEBUG_PAGE_REF=n - CONFIG_NOP_TRACER=y - CONFIG_TRACER_MAX_TRACE=y - CONFIG_TRACE_CLOCK=y - CONFIG_RING_BUFFER=y - CONFIG_EVENT_TRACING=y - CONFIG_CONTEXT_SWITCH_TRACER=y - CONFIG_RING_BUFFER_ALLOW_SWAP=y - CONFIG_TRACING=y - CONFIG_GENERIC_TRACER=y - CONFIG_BOOTTIME_TRACING=y - CONFIG_FUNCTION_TRACER=y - CONFIG_FUNCTION_GRAPH_TRACER=y - CONFIG_DYNAMIC_FTRACE=y - CONFIG_DYNAMIC_FTRACE_WITH_REGS=y - CONFIG_FUNCTION_PROFILER=y - CONFIG_STACK_TRACER=y - CONFIG_IRQSOFF_TRACER=n - CONFIG_SCHED_TRACER=y - CONFIG_HWLAT_TRACER=n - CONFIG_OSNOISE_TRACER=y - CONFIG_TIMERLAT_TRACER=y - CONFIG_FTRACE_SYSCALLS=y - CONFIG_TRACER_SNAPSHOT=y - CONFIG_TRACER_SNAPSHOT_PER_CPU_SWAP=y - CONFIG_BRANCH_PROFILE_NONE=y - CONFIG_PROFILE_ANNOTATED_BRANCHES=n - CONFIG_BLK_DEV_IO_TRACE=y - CONFIG_KPROBE_EVENTS=y - CONFIG_KPROBE_EVENTS_ON_NOTRACE=n - CONFIG_UPROBE_EVENTS=y - CONFIG_BPF_EVENTS=y - CONFIG_DYNAMIC_EVENTS=y - CONFIG_PROBE_EVENTS=y - CONFIG_BPF_KPROBE_OVERRIDE=n - CONFIG_FTRACE_MCOUNT_RECORD=y - CONFIG_FTRACE_MCOUNT_USE_CC=y - CONFIG_SYNTH_EVENTS=y - CONFIG_TRACE_EVENT_INJECT=n - CONFIG_TRACEPOINT_BENCHMARK=n - CONFIG_RING_BUFFER_BENCHMARK=m - CONFIG_TRACE_EVAL_MAP_FILE=n - CONFIG_FTRACE_RECORD_RECURSION=n - CONFIG_FTRACE_STARTUP_TEST=n - CONFIG_RING_BUFFER_STARTUP_TEST=n - CONFIG_RING_BUFFER_VALIDATE_TIME_DELTAS=n - CONFIG_PREEMPTIRQ_DELAY_TEST=m - CONFIG_SYNTH_EVENT_GEN_TEST=n - CONFIG_KPROBE_EVENT_GEN_TEST=n - commit 9875d6f - Linux 5.18.14 (bsc#1012628). - objtool: skip non-text sections when adding return-thunk sites (bsc#1012628). - x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current (bsc#1012628). - efi/x86: use naked RET on mixed mode call wrapper (bsc#1012628). - KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1012628). - tools arch x86: Sync the msr-index.h copy with the kernel sources (bsc#1012628). - tools headers cpufeatures: Sync with the kernel sources (bsc#1012628). - um: Add missing apply_returns() (bsc#1012628). - commit 847b26a - Linux 5.18.13 (bsc#1012628). - USB: serial: ftdi_sio: add Belimo device ids (bsc#1012628). - usb: typec: add missing uevent when partner support PD (bsc#1012628). - usb: dwc3: gadget: Fix event pending check (bsc#1012628). - gpio: sim: fix the chip_name configfs item (bsc#1012628). - tty: serial: samsung_tty: set dma burst_size to 1 (bsc#1012628). - x86/xen: Use clear_bss() for Xen PV guests (bsc#1012628). - ALSA: hda - Add fixup for Dell Latitidue E5430 (bsc#1012628). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (bsc#1012628). - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (bsc#1012628). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (bsc#1012628). - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (bsc#1012628). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (bsc#1012628). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (bsc#1012628). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1012628). - fix race between exit_itimers() and /proc/pid/timers (bsc#1012628). - mm: userfaultfd: fix UFFDIO_CONTINUE on fallocated shmem pages (bsc#1012628). - mm: sparsemem: fix missing higher order allocation splitting (bsc#1012628). - mm: split huge PUD on wp_huge_pud fallback (bsc#1012628). - mm/damon: use set_huge_pte_at() to make huge pte old (bsc#1012628). - tracing/histograms: Fix memory leak problem (bsc#1012628). - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (bsc#1012628). - ip: fix dflt addr selection for connected nexthop (bsc#1012628). - ARM: 9213/1: Print message about disabled Spectre workarounds only once (bsc#1012628). - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (bsc#1012628). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (bsc#1012628). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1012628). - btrfs: return -EAGAIN for NOWAIT dio reads/writes on compressed and inline extents (bsc#1012628). - btrfs: zoned: fix a leaked bioc in read_zone_info (bsc#1012628). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (bsc#1012628). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (bsc#1012628). - fs/remap: constrain dedupe of EOF blocks (bsc#1012628). - nilfs2: fix incorrect masking of permission flags for symlinks (bsc#1012628). - sh: convert nommu io{re,un}map() to static inline functions (bsc#1012628). - Revert "evm: Fix memleak in init_desc" (bsc#1012628). - reset: Fix devm bulk optional exclusive control getter (bsc#1012628). - arm64: dts: ls1028a: Update SFP node to include clock (bsc#1012628). - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (bsc#1012628). - riscv: dts: microchip: hook up the mpfs' l2cache (bsc#1012628). - spi: amd: Limit max transfer and message size (bsc#1012628). - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (bsc#1012628). - ARM: 9210/1: Mark the FDT_FIXED sections as shareable (bsc#1012628). - net/mlx5e: kTLS, Fix build time constant test in TX (bsc#1012628). - net/mlx5e: kTLS, Fix build time constant test in RX (bsc#1012628). - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (bsc#1012628). - net/mlx5e: CT: Use own workqueue instead of mlx5e priv (bsc#1012628). - net/mlx5e: Fix capability check for updating vnic env counters (bsc#1012628). - net/mlx5e: Ring the TX doorbell on DMA errors (bsc#1012628). - drm/amdgpu: keep fbdev buffers pinned during suspend (bsc#1012628). - drm/amdgpu/display: disable prefer_shadow for generic fb helpers (bsc#1012628). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (bsc#1012628). - drm/i915/guc: ADL-N should use the same GuC FW as ADL-S (bsc#1012628). - ima: Fix a potential integer overflow in ima_appraise_measurement (bsc#1012628). - ASoC: sgtl5000: Fix noise on shutdown/remove (bsc#1012628). - ASoC: tas2764: Add post reset delays (bsc#1012628). - ASoC: tas2764: Fix and extend FSYNC polarity handling (bsc#1012628). - ASoC: tas2764: Correct playback volume range (bsc#1012628). - ASoC: tas2764: Fix amp gain register offset & default (bsc#1012628). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (bsc#1012628). - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (bsc#1012628). - netfilter: ecache: move to separate structure (bsc#1012628). - netfilter: conntrack: split inner loop of list dumping to own function (bsc#1012628). - netfilter: ecache: use dedicated list for event redelivery (bsc#1012628). - netfilter: conntrack: include ecache dying list in dumps (bsc#1012628). - netfilter: conntrack: remove the percpu dying list (bsc#1012628). - netfilter: conntrack: fix crash due to confirmed bit load reordering (bsc#1012628). - net: stmmac: dwc-qos: Disable split header for Tegra194 (bsc#1012628). - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (bsc#1012628). - net: ocelot: fix wrong time_after usage (bsc#1012628). - sysctl: Fix data races in proc_dointvec() (bsc#1012628). - sysctl: Fix data races in proc_douintvec() (bsc#1012628). - sysctl: Fix data races in proc_dointvec_minmax() (bsc#1012628). - sysctl: Fix data races in proc_douintvec_minmax() (bsc#1012628). - sysctl: Fix data races in proc_doulongvec_minmax() (bsc#1012628). - sysctl: Fix data races in proc_dointvec_jiffies() (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_max_orphans (bsc#1012628). - inetpeer: Fix data-races around sysctl (bsc#1012628). - net: Fix data-races around sysctl_mem (bsc#1012628). - cipso: Fix data-races around sysctl (bsc#1012628). - icmp: Fix data-races around sysctl (bsc#1012628). - ipv4: Fix a data-race around sysctl_fib_sync_mem (bsc#1012628). - ARM: dts: at91: sama5d2: Fix typo in i2s1 node (bsc#1012628). - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (bsc#1012628). - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (bsc#1012628). - arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (bsc#1012628). - netfilter: nf_log: incorrect offset to network header (bsc#1012628). - nfp: fix issue of skb segments exceeds descriptor limitation (bsc#1012628). - vlan: fix memory leak in vlan_newlink() (bsc#1012628). - netfilter: nf_tables: replace BUG_ON by element length check (bsc#1012628). - RISC-V: KVM: Fix SRCU deadlock caused by kvm_riscv_check_vcpu_requests() (bsc#1012628). - drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist() (bsc#1012628). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (bsc#1012628). - mptcp: fix subflow traversal at disconnect time (bsc#1012628). - NFSD: Decode NFSv4 birth time attribute (bsc#1012628). - lockd: set fl_owner when unlocking files (bsc#1012628). - lockd: fix nlm_close_files (bsc#1012628). - net: marvell: prestera: fix missed deinit sequence (bsc#1012628). - ice: handle E822 generic device ID in PLDM header (bsc#1012628). - ice: change devlink code to read NVM in blocks (bsc#1012628). - tracing: Fix sleeping while atomic in kdb ftdump (bsc#1012628). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (bsc#1012628). - drm/i915/ttm: fix sg_table construction (bsc#1012628). - drm/i915/gt: Serialize GRDOM access between multiple engine resets (bsc#1012628). - drm/i915/gt: Serialize TLB invalidates with GT resets (bsc#1012628). - drm/i915/selftests: fix subtraction overflow bug (bsc#1012628). - bnxt_en: reclaim max resources if sriov enable fails (bsc#1012628). - bnxt_en: Fix bnxt_reinit_after_abort() code path (bsc#1012628). - bnxt_en: fix livepatch query (bsc#1012628). - bnxt_en: Fix bnxt_refclk_read() (bsc#1012628). - sysctl: Fix data-races in proc_dou8vec_minmax() (bsc#1012628). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (bsc#1012628). - tcp: Fix a data-race around sysctl_max_tw_buckets (bsc#1012628). - icmp: Fix a data-race around sysctl_icmp_echo_ignore_all (bsc#1012628). - icmp: Fix data-races around sysctl_icmp_echo_enable_probe (bsc#1012628). - icmp: Fix a data-race around sysctl_icmp_echo_ignore_broadcasts (bsc#1012628). - icmp: Fix a data-race around sysctl_icmp_ignore_bogus_error_responses (bsc#1012628). - icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr (bsc#1012628). - icmp: Fix a data-race around sysctl_icmp_ratelimit (bsc#1012628). - icmp: Fix a data-race around sysctl_icmp_ratemask (bsc#1012628). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (bsc#1012628). - tcp: Fix data-races around sysctl_tcp_ecn (bsc#1012628). - tcp: Fix a data-race around sysctl_tcp_ecn_fallback (bsc#1012628). - ipv4: Fix data-races around sysctl_ip_dynaddr (bsc#1012628). - nexthop: Fix data-races around nexthop_compat_mode (bsc#1012628). - net: ftgmac100: Hold reference returned by of_get_child_by_name() (bsc#1012628). - net: stmmac: fix leaks in probe (bsc#1012628). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (bsc#1012628). - ima: Fix potential memory leak in ima_init_crypto() (bsc#1012628). - drm/amd/display: Ignore First MST Sideband Message Return Error (bsc#1012628). - drm/amdkfd: correct the MEC atomic support firmware checking for GC 10.3.7 (bsc#1012628). - drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines (bsc#1012628). - drm/amd/pm: Prevent divide by zero (bsc#1012628). - drm/amd/display: Ensure valid event timestamp for cursor-only commits (bsc#1012628). - smb3: workaround negprot bug in some Samba servers (bsc#1012628). - sfc: fix use after free when disabling sriov (bsc#1012628). - netfs: do not unlock and put the folio twice (bsc#1012628). - seg6: fix skb checksum evaluation in SRH encapsulation/insertion (bsc#1012628). - seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors (bsc#1012628). - seg6: bpf: fix skb checksum in bpf_push_seg6_encap() (bsc#1012628). - sfc: fix kernel panic when creating VF (bsc#1012628). - net: atlantic: remove deep parameter on suspend/resume functions (bsc#1012628). - net: atlantic: remove aq_nic_deinit() when resume (bsc#1012628). - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (bsc#1012628). - net/tls: Check for errors in tls_device_init (bsc#1012628). - mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE (bsc#1012628). - ARM: 9211/1: domain: drop modify_domain() (bsc#1012628). - ARM: 9212/1: domain: Modify Kconfig help text (bsc#1012628). - ASoC: dt-bindings: Fix description for msm8916 (bsc#1012628). - tee: tee_get_drvdata(): fix description of return value (bsc#1012628). - s390/nospec: build expoline.o for modules_prepare target (bsc#1012628). - scsi: megaraid: Clear READ queue map's nr_queues (bsc#1012628). - scsi: ufs: core: Drop loglevel of WriteBoost message (bsc#1012628). - nvme: fix block device naming collision (bsc#1012628). - ksmbd: use SOCK_NONBLOCK type for kernel_accept() (bsc#1012628). - powerpc/xive/spapr: correct bitmap allocation size (bsc#1012628). - vdpa/mlx5: Initialize CVQ vringh only once (bsc#1012628). - vduse: Tie vduse mgmtdev and its device (bsc#1012628). - platform/x86: intel/pmc: Add Alder Lake N support to PMC core driver (bsc#1012628). - virtio_mmio: Add missing PM calls to freeze/restore (bsc#1012628). - virtio_mmio: Restore guest page size on resume (bsc#1012628). - netfilter: nf_tables: avoid skb access on nf_stolen (bsc#1012628). - netfilter: br_netfilter: do not skip all hooks with 0 priority (bsc#1012628). - scsi: hisi_sas: Limit max hw sectors for v3 HW (bsc#1012628). - cpufreq: pmac32-cpufreq: Fix refcount leak bug (bsc#1012628). - platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1012628). - platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1012628). - platform/x86: hp-wmi: Ignore Sanitization Mode event (bsc#1012628). - net: tipc: fix possible refcount leak in tipc_sk_create() (bsc#1012628). - NFC: nxp-nci: don't print header length mismatch on i2c error (bsc#1012628). - nvme-tcp: always fail a request when sending it failed (bsc#1012628). - nvme: fix regression when disconnect a recovering ctrl (bsc#1012628). - net: sfp: fix memory leak in sfp_probe() (bsc#1012628). - ASoC: ops: Fix off by one in range control validation (bsc#1012628). - pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux() (bsc#1012628). - ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove (bsc#1012628). - ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (bsc#1012628). - ASoC: Intel: sof_sdw: handle errors on card registration (bsc#1012628). - ASoC: rt711: fix calibrate mutex initialization (bsc#1012628). - ASoC: rt7*-sdw: harden jack_detect_handler (bsc#1012628). - ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe (bsc#1012628). - ASoC: SOF: Intel: hda-dsp: Expose hda_dsp_core_power_up() (bsc#1012628). - ASoC: SOF: Intel: hda-loader: Make sure that the fw load sequence is followed (bsc#1012628). - ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (bsc#1012628). - ASoC: wcd9335: Remove RX channel from old list before adding it to a new one (bsc#1012628). - ASoC: wcd9335: Fix spurious event generation (bsc#1012628). - ASoC: wcd938x: Fix event generation for some controls (bsc#1012628). - ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem (bsc#1012628). - ASoC: wm_adsp: Fix event for preloader (bsc#1012628). - ASoC: wm5110: Fix DRE control (bsc#1012628). - ASoC: cs35l41: Correct some control names (bsc#1012628). - ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error (bsc#1012628). - ASoC: dapm: Initialise kcontrol data for mux/demux controls (bsc#1012628). - ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1012628). - ASoC: cs47l15: Fix event generation for low power mux control (bsc#1012628). - ASoC: madera: Fix event generation for OUT1 demux (bsc#1012628). - ASoC: madera: Fix event generation for rate controls (bsc#1012628). - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (bsc#1012628). - pinctrl: imx: Add the zero base flag for imx93 (bsc#1012628). - x86: Clear .brk area at early boot (bsc#1012628). - soc: ixp4xx/npe: Fix unused match warning (bsc#1012628). - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 (bsc#1012628). - Revert "can: xilinx_can: Limit CANFD brp to 2" (bsc#1012628). - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (bsc#1012628). - ALSA: usb-audio: Add quirk for Fiero SC-01 (bsc#1012628). - ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (bsc#1012628). - nvme-pci: phison e16 has bogus namespace ids (bsc#1012628). - nvme: use struct group for generic command dwords (bsc#1012628). - wireguard: selftests: set fake real time in init (bsc#1012628). - wireguard: selftests: always call kernel makefile (bsc#1012628). - signal handling: don't use BUG_ON() for debugging (bsc#1012628). - ACPI: video: Fix acpi_video_handles_brightness_key_presses() (bsc#1012628). - vt: fix memory overlapping when deleting chars in the buffer (bsc#1012628). - s390/ap: fix error handling in __verify_queue_reservations() (bsc#1012628). - ACPI: CPPC: Fix enabling CPPC on AMD systems with shared memory (bsc#1012628). - serial: 8250: fix return error code in serial8250_request_std_resource() (bsc#1012628). - power: supply: core: Fix boundary conditions in interpolation (bsc#1012628). - serial: stm32: Clear prev values before setting RTS delays (bsc#1012628). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (bsc#1012628). - serial: 8250: Fix PM usage_count for console handover (bsc#1012628). - serial: mvebu-uart: correctly report configured baudrate value (bsc#1012628). - x86/pat: Fix x86_has_pat_wp() (bsc#1012628). - drm/i915/ttm: fix 32b build (bsc#1012628). - Refresh patches.suse/x86-mm-Simplify-RESERVE_BRK.patch. - commit b66ab1b ------------------------------------------------------------------ ------------------ 2022-7-22 - Jul 22 2022 ------------------- ------------------------------------------------------------------ ++++ libcap: - update to 2.65: * Fix syntax error in DEBUG build of protected code in setcap.c. * Prevent bash from reading the wrong startup files when the capsh --user=xxx argument is used to invoke a shell as the user xxx. This is done by capsh now changing the USER and HOME environment variables when --user is specified. The argument --noenv can be used to suppress this behavior to what used to be the problematic default. (Bug: 215926) * Improved documentation ++++ libdrm: - update to 2.4.112: * xf86drmMode: introduce drmModeConnectorGetPossibleCrtcs * xf86drmMode: introduce drmModeGetConnectorTypeName * xf86drmMode: constify drmModeAtomicReq functions * gen_table_fourcc: strip _MODIFIER suffix for INVALID * testsuite fixes ++++ python-gobject: - Update to version 3.42.2: + Error out instead of crashing when marshaling unsupported fundamental types in some cases. + Add a workaround for a PyPy 3.9+ bug when threads are used. + Fix crashes when marshaling zero terminated arrays for certain item types. + Fix a crash/refcounting error in case marshaling a hash table fails. + Make the test suite pass again with PyPy. + tests: support running tests with (MSVC) CPython 3.8+ on Windows. + interface: Fix leak when overriding GInterfaceInfo. + setup.py: look up pycairo headers without importing the module (helps with building on Windows and MSVC CPython 3.8+). ------------------------------------------------------------------ ------------------ 2022-7-21 - Jul 21 2022 ------------------- ------------------------------------------------------------------ ++++ gobject-introspection: - Update to version 1.73.0: + Update the GIR data for GLib, GObject, GModule, and GIO. + scanner: - Support pre-processor macros with zero arguments. - Support ISO C varargs in macros. + Fix subproject build. ++++ iptables: - add baselibs.conf for libip4tc2, will be needed by libsystemd-shared-251.so ++++ kernel-default: - arm64: Update config files. (bsc#1198737) Enable RTC_DRV_RX8025 to support RX-8035 on Traveres Ten64 board. - commit 74f2920 ++++ util-linux: - linux-fs.patch: Fix conflict between and ++++ gcc12: - Update to gcc-12 branch head, 4f15d2234608e82159d030dadb1, git287 * includes build fixes when building against glibc 2.33. ++++ openssl-3: - Update to 3.0.5: * The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. [bsc#1201148, CVE-2022-2274] * AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation would not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. [bsc#1201099, CVE-2022-2097] - Rebase patches: * openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch ++++ python310-core: - Switch from %primary_interpreter to prjconf-defined %primary_python (gh#openSUSE/python-rpm-macros#127). ++++ rpm: - update to rpm-4.17.1 * new bcond macro for a nicer way to define build conditionals * openPGP parser and IMA security fixes (CVE-2021-3521) * buildroot policy fixes - refreshed patches: * brp.diff - removed patches: * verbosearg.diff * ocaml-cmxs.diff * 0001-fix-minimize_writes.patch ++++ sqlite3: - update to 3.39.2: * Fix a performance regression in the query planner associated with rearranging the order of FROM clause terms in the presences of a LEFT JOIN. * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and 1345947, forum post 3607259d3c, and other minor problems discovered by internal testing. [boo#1201783] ++++ python310: - Switch from %primary_interpreter to prjconf-defined %primary_python (gh#openSUSE/python-rpm-macros#127). ++++ python310-packaging: - Refine build and runtime requirements for primary and non-primary builds ++++ python-rpm: - update to rpm-4.17.1 ++++ qemu: - Substantial rework of the spec file: * the 'make check' testsuite now runs in the %check section of the main package, not in a subpackage * switched from %setup to %autosetup * rearranged the content in order to minimize the use of %if, %ifarch, etc - Properly fix bsc#1198038, CVE-2022-0216 * Patches added: scsi-lsi53c895a-really-fix-use-after-fre.patch tests-qtest-Move-the-fuzz-tests-to-x86-o.patch - Make temp dir (for update_git.sh) configurable - Added new subpackages (audio-dbus, ui-dbus) - bsc#1199018 was never fixed in Factory's QEMU 6.2. It is now (since the patches are already in SeaBIOS 1.16.0) - Some tests are having issues when run in OBS. They seem to be due to race conditions, triggered by resource constraints of OBS workers. Let's disable them for now, while looking for a fix - Update to v7.0.0 (bsc#1201307). For full release notes, see: * https://wiki.qemu.org/ChangeLog/7.0 Be sure to also check the following pages: * https://qemu-project.gitlab.io/qemu/about/removed-features.html * https://qemu-project.gitlab.io/qemu/about/deprecated.html Some notable changes: * [ARM] The virt board has gained a new control knob to disable passing a RNG seed in the DTB (dtb-kaslr-seed) * [ARM] The AST2600 SoC now supports a dummy version of the i3c device * [ARM] The virt board can now run guests with KVM on hosts with restricted IPA ranges * [ARM] The virt board now supports virtio-mem-pci * [ARM] The virt board now supports specifying the guest CPU topology * [ARM] On the virt board, we now enable PAuth when using KVM or hvf and the host CPU supports it * [RISC-V] Add support for ratified 1.0 Vector extension * [RISC-V] Support for the Zve64f and Zve32f extensions * [RISC-V] Drop support for draft 0.7.1 Vector extension * [RISC-V] Support Zfhmin and Zfh extensions * [RISC-V] RISC-V KVM support * [RISC-V] Mark Hypervisor extension as non experimental * [RISC-V] Enable Hypervisor extension by default * [x86] Support for Intel AMX. * [PCI/PCIe] Q35: fix PCIe device becoming disabled after migration when ACPI based PCI hotplug is used (6b0969f1ec) * [PCI/PCIe] initial bits of SR/IOV support (250346169) * [PCI/PCIe] arm/virt: fixed PXB interrupt routing (e609301b45) * [PCI/PCIe] arm/virt: support for virtio-mem-pci (b1b87327a9) * [virtiofs] Fix for CVE-2022-0358 - behaviour with supplementary groups and SGID directories * [virtiofs] Improved security label support * [virtiofs] The virtiofsd in qemu is now starting to be deprecated; please start using and contributing to Rust virtiofsd * Patches dropped: acpi-validate-hotplug-selector-on-access.patch block-backend-Retain-permissions-after-m.patch block-qdict-Fix-Werror-maybe-uninitializ.patch brotli-fix-actual-variable-array-paramet.patch display-qxl-render-fix-race-condition-in.patch doc-Add-the-SGX-numa-description.patch hw-i386-amd_iommu-Fix-maybe-uninitialize.patch hw-intc-exynos4210_gic-provide-more-room.patch hw-nvme-fix-CVE-2021-3929.patch hw-nvram-at24-return-0xff-if-1-byte-addr.patch iotest-065-explicit-compression-type.patch iotest-214-explicit-compression-type.patch iotest-302-use-img_info_log-helper.patch iotest-303-explicit-compression-type.patch iotest-39-use-_qcow2_dump_header.patch iotests-60-more-accurate-set-dirty-bit-i.patch iotests-bash-tests-filter-compression-ty.patch iotests-common.rc-introduce-_qcow2_dump_.patch iotests-declare-lack-of-support-for-comp.patch iotests-drop-qemu_img_verbose-helper.patch iotests-massive-use-_qcow2_dump_header.patch iotests-MRCE-Write-data-to-source.patch iotests.py-filter-out-successful-output-.patch iotests.py-img_info_log-rename-imgopts-a.patch iotests.py-implement-unsupported_imgopts.patch iotests.py-qemu_img-create-support-IMGOP.patch iotests.py-rewrite-default-luks-support-.patch iotests-specify-some-unsupported_imgopts.patch meson-build-all-modules-by-default.patch numa-Enable-numa-for-SGX-EPC-sections.patch numa-Support-SGX-numa-in-the-monitor-and.patch python-aqmp-add-__del__-method-to-legacy.patch python-aqmp-add-_session_guard.patch python-aqmp-add-SocketAddrT-to-package-r.patch python-aqmp-add-socket-bind-step-to-lega.patch python-aqmp-add-start_server-and-accept-.patch python-aqmp-copy-type-definitions-from-q.patch python-aqmp-drop-_bind_hack.patch python-aqmp-fix-docstring-typo.patch python-aqmp-Fix-negotiation-with-pre-oob.patch python-aqmp-fix-race-condition-in-legacy.patch Python-aqmp-fix-type-definitions-for-myp.patch python-aqmp-handle-asyncio.TimeoutError-.patch python-aqmp-refactor-_do_accept-into-two.patch python-aqmp-remove-_new_session-and-_est.patch python-aqmp-rename-accept-to-start_serve.patch python-aqmp-rename-AQMPError-to-QMPError.patch python-aqmp-split-_client_connected_cb-o.patch python-aqmp-squelch-pylint-warning-for-t.patch python-aqmp-stop-the-server-during-disco.patch python-introduce-qmp-shell-wrap-convenie.patch python-machine-raise-VMLaunchFailure-exc.patch python-move-qmp-shell-under-the-AQMP-pac.patch python-move-qmp-utilities-to-python-qemu.patch python-qmp-switch-qmp-shell-to-AQMP.patch python-support-recording-QMP-session-to-.patch python-upgrade-mypy-to-0.780.patch qcow2-simple-case-support-for-downgradin.patch qemu-binfmt-conf.sh-should-use-F-as-shor.patch tests-qemu-iotests-040-Skip-TestCommitWi.patch tests-qemu-iotests-Fix-051-for-binaries-.patch tests-qemu-iotests-testrunner-Quote-case.patch tools-virtiofsd-Add-rseq-syscall-to-the-.patch ui-cursor-fix-integer-overflow-in-cursor.patch vhost-vsock-detach-the-virqueue-element-.patch virtiofsd-Drop-membership-of-all-supplem.patch virtio-net-fix-map-leaking-on-error-duri.patch Disable-some-tests-that-have-problems-in.patch * Patches added: intc-exynos4210_gic-replace-snprintf-wit.patch Revert-8dcb404bff6d9147765d7dd3e9c849337.patch ++++ util-linux-systemd: - linux-fs.patch: Fix conflict between and ------------------------------------------------------------------ ------------------ 2022-7-20 - Jul 20 2022 ------------------- ------------------------------------------------------------------ ++++ ansible: - BREAKING CHANGE: use this package for the ansible release made by the ansible community. This requires ansible-core, which will contain the actual ansible binar - rework ansible-rpmlintrc file to only use the filters we need - most of the errors are handled inside the %build section ++++ ansible-core: - package conflicts with ansible < 3, i.e. the old packaging scheme - update to 2.13.2: * Minor Changes - ansible-test - An improved error message is shown when the download of a pip bootstrap script fails. The download now uses urllib2 instead of urllib on Python 2. * Bugfixes - Move undefined check from concat to finalize (#78156) - ansible-doc - no longer list module and plugin aliases that are created with symlinks (#78137). - ansible-doc - when listing modules in collections, proceed recursively. This fixes module listing for community.general 5.x.y and community.network 4.x.y (#78137). - ansible-doc will not add 'website for' in ":ref:" substitutions as it made them confusing. - file backed cache plugins now handle concurrent access by making atomic updates to the files. - password lookup does not ignore k=v arguments anymore. - user - Fix error "Permission denied" in user module while generating SSH keys (#78017). - update to 2.13.1: * Minor Changes - Add an 'action_plugin' field for modules in runtime.yml plugin_routing. This fixes module_defaults by supporting modules-as-redirected-actions without redirecting module_defaults entries to the common action. With the runtime.yml above for ns.coll, a task such as will end up with defaults for eos_facts and eos_command since both modules redirect to the same action. To select an action plugin for a module without merging module_defaults, define an action_plugin field for the resolved module in the runtime.yml. The action_plugin field can be a redirected action plugin, as it is resolved normally. Using the modified runtime.yml, the example task will only use the ns.coll.eos_facts defaults. - ansible-galaxy - Support resolvelib versions 0.6.x, 0.7.x, and 0.8.x. The full range of supported versions is now >= 0.5.3, < 0.9.0. - ansible-test - Add RHEL 9.0 remote support. - ansible-test - Add support for Ubuntu VMs using the --remote option. - ansible-test - Add support for exporting inventory with ansible-test shell --export {path}. - ansible-test - Add support for multi-arch remotes. - ansible-test - Add support for running non-interactive commands with ansible-test shell. - ansible-test - Avoid using the mock_use_standalone_module setting for unit tests running on Python 3.8 or later. - ansible-test - Blocking mode is now enforced for stdin, stdout and stderr. If any of these are non-blocking then ansible-test will exit during startup with an error. - ansible-test - Improve consistency of output messages by using stdout or stderr for most output, but not both. - ansible-test - The shell command can be used outside a collection if no controller delegation is required. * Bugfixes - Add PyYAML >= 5.1 as a dependency of ansible-core to be compatible with Python 3.8+. - ansible-config dump - Only display plugin type headers when plugin options are changed if --only-changed is specified. - ansible-galaxy - handle unsupported versions of resolvelib gracefully. - ansible-test - Fix internal validation of remote completion configuration. - ansible-test - Prevent --target- prefixed options for the shell command from being combined with legacy environment options. - ansible-test - Sanity test output with the --lint option is no longer mixed in with bootstrapping output. - ansible-test - Subprocesses are now isolated from the stdin, stdout and stderr of ansible-test. This avoids issues with subprocesses tampering with the file descriptors, such as SSH making them non-blocking. As a result of this change, subprocess output from unit and integration tests on stderr now go to stdout. - ansible-test - Subprocesses no longer have access to the TTY ansible-test is connected to, if any. This maintains consistent behavior between local testing and CI systems, which typically do not provide a TTY. Tests which require a TTY should use pexpect or another mechanism to create a PTY. - apt module now correctly handles virtual packages. - lookup plugin - catch KeyError when lookup returns dictionary (#77789). - pip - fix cases where resolution of pip Python module fails when importlib.util has not already been imported - plugin loader - Sort results when fuzzy matching plugin names (#77966). - plugin loader will now load config data for plugin by name instead of by file to avoid issues with the same file being loaded under different names (fqcn + short name). - psrp connection now handles default to inventory_hostname correctly. - winrm connection now handles default to inventory_hostname correctly. - update to 2.13.0: Full changelog see https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst#v2130 - update to 2.12.7: * Minor Changes - Add an 'action_plugin' field for modules in runtime.yml plugin_routing. This fixes module_defaults by supporting modules-as-redirected-actions without redirecting module_defaults entries to the common action. With the runtime.yml above for ns.coll, a task such as will end up with defaults for eos_facts and eos_command since both modules redirect to the same action. To select an action plugin for a module without merging module_defaults, define an action_plugin field for the resolved module in the runtime.yml. The action_plugin field can be a redirected action plugin, as it is resolved normally. Using the modified runtime.yml, the example task will only use the ns.coll.eos_facts defaults. - ansible-test - Avoid using the mock_use_standalone_module setting for unit tests running on Python 3.8 or later. * Bugfixes - pip - fix cases where resolution of pip Python module fails when importlib.util has not already been imported - plugin loader - Sort results when fuzzy matching plugin names (#77966). - update to 2.12.6: * Bugfixes - Prevent losing unsafe on results returned from lookups (#77535) - arg_spec - Fix incorrect no_log warning when a parameter alias is used (#77576) - plugin loader will now load config data for plugin by name instead of by file to avoid issues with the same file being loaded under different names (fqcn + short name). - variablemanager, more efficient read of vars files - update to 2.12.5: * Bugfixes - Ansible.ModuleUtils.SID - Use user principal name as is for lookup in the Convert-ToSID function - #77316 - Fix traceback when installing a collection from a git repository and git is not installed (#77479). - ansible-test - Correctly detect when running as the root user (UID 0) on the origin host. The result of the detection was incorrectly being inverted. - ansible-test - Fix skipping of tests marked needs/python on the origin host. - ansible-test - Fix skipping of tests marked needs/root on the origin host. - ansible-test compile sanity test - do not crash if a column could not be determined for an error (#77465). - hostname - use file_get_content() to read the file containing the host name in the FileStrategy.get_permanent_hostname() method. This prevents a TypeError from being raised when the strategy is used (#77025). - script - skip in check mode since the plugin cannot determine if a change will occur. - shell/command - only skip in check mode if the options creates and removes are both None. - winrm - Ensure kinit is run with the same PATH env var as the Ansible process ++++ dracut: - Update to version 057+suse.303.gc4ea1bea: * fix(network-legacy): add auto timeout to wicked DHCP test (bsc#1198709) * fix(network-legacy): check if dhclient has --timeout option * fix(man): correct typo * fix(network-legacy): properly install dhclient * fix(fips): add missing bash dependency ++++ kernel-default: - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - commit e2263d4 - Refresh patches.suse/0001-fbdev-Disable-sysfb-device-registration-when-removin.patch. - Refresh patches.suse/0001-firmware-sysfb-Add-sysfb_disable-helper-function.patch. - Refresh patches.suse/0001-firmware-sysfb-Make-sysfb_create_simplefb-return-a-p.patch. Update upstream status. - commit 6a770c6 - Delete patches.kernel.org/5.18.12-013-objtool-skip-non-text-sections-when-adding-re.patch. No traces of the objtool patch in upstream whatsoever, so drop that. The rest: move out of patches.kernel.org as it hasn't landed there yet. Place the patches into sorted section instead where they belong. - commit 3415e51 ++++ python-iniconfig: - BuildRequire itself when building test flavour. ++++ qemu: - Fix bsc#1197084 * Patches added: hostmem-default-the-amount-of-prealloc-t.patch ++++ u-boot-rpiarm64: - Add board and usage documentation to the package (bsc#1201077) ++++ zypper: - lr: Allow shortening the Name column if table is wider than the terminal (bsc#1201638) - Don't accepts install/remove modifier without argument (bsc#1201576) - zypper-download: Set correct ExitInfoCode when failing to resolve argument. - zypper-download: Handle unresolvable arguments as error. This commit changes zypper-download such that it behaves more consistent to zypper-install when an argument can't be resolved. - version 1.14.55 ------------------------------------------------------------------ ------------------ 2022-7-19 - Jul 19 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Input: i8042 - Apply probe defer to more ASUS ZenBook models (bsc#1190256). - commit 6307fb1 ++++ systemd: - Enable oomd (bsc#1200456) It's part of the experimental sub-package for now. - Import commit 8cd784e9250b38d20d8e14fccbfb211010283c79 (merge of v251.3) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/32912879062bb1595d8498b6f9c77d5acd1dc66a...8cd784e9250b38d20d8e14fccbfb211010283c79 - Import commit 32912879062bb1595d8498b6f9c77d5acd1dc66a 111b96ca86 logind: don't delay login for root even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Enable bpf framework ++++ libvirt: - spec: Don't redefine libexecdir boo#1201565 ++++ libzypp: - Add PoolItem::statusReinit to reset the status it's initial state in the ResPool (might help bsc#1199895) This may either be 'KEEP_STATE bySOLVER' or 'LOCKED byUSER' if the PoolItem matched a hard lock defined in /etc/zypp/locks. - Fix building with GCC 13 on i586 (fixes #407, fixes #396) - Be prepared to receive exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and dependend code. This commit removes the MediaNetwork tech preview and all related code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloader and second: since the Provide API is going to completely replace the current media backend it would be extra work to ensure that changes on the Downloader do not break MediaNetwork. - version 17.31.0 (22) ++++ python-cffi: - update to 1.15.1: * If you call ffi.embedding_api() but don’t write any extern “Python” function there, then the resulting C code would fail an assert. Fixed. * Updated Windows/arm64 embedded libffi static lib to v3.4.2, and scripted to ease future updates (thanks Niyas Sait!) ++++ python-charset-normalizer: - update to 2.1.0: * Output the Unicode table version when running the CLI with `--version` * Re-use decoded buffer for single byte character sets * Fixing some performance bottlenecks * Workaround potential bug in cpython with Zero Width No-Break Space located * in Arabic Presentation Forms-B, Unicode 1.1 not acknowledged as space * CLI default threshold aligned with the API threshold from * Support for Python 3.5 (PR #192) * Use of backport unicodedata from `unicodedata2` as Python is quickly catching up, scheduled for removal in 3.0 ++++ python-cryptography: - update to 37.0.4: * updated wheels to b ecompiled against openssl 3.0.5 ++++ python-immutables: - update to 0.18: * Fix iteration when tree is 7 levels deep and has collissions * Test on python 3.10 * consolidate mypy and pytest config into pyproject.toml ++++ virt-manager: - Add Source URL - Add upstream patch virtman-pr381-setuptools-61.patch gh#virt-manager/virt-manager#381 - Enable tests * No python package should go untested * Use multibuild so that all runtime requirements are checked * Add virtman-34662fe-argcomplete.patch ------------------------------------------------------------------ ------------------ 2022-7-18 - Jul 18 2022 ------------------- ------------------------------------------------------------------ ++++ gsettings-desktop-schemas: - Update to version 43.alpha: + Fix description of use-same-proxy setting. + Updated translations. ++++ kernel-default: - config: i386: Enable DRM stack for early-boot graphics (boo#1193474) Replace fbdev's generic drivers with DRM-based simpledrm. Enables the DRM graphics stack for early-boot graphics, recovery and unsupported chipsets. - commit 3305623 - x86/bugs: Remove apostrophe typo (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 34930df - Refresh patches.rpmify/x86-asm-32-fix-ANNOTATE_UNRET_SAFE-use-on-32bit.patch. - Refresh patches.suse/tty-extract-tty_flip_buffer_commit-from-tty_flip_buf.patch. - Refresh patches.suse/tty-use-new-tty_insert_flip_string_and_push_buffer-i.patch. - Refresh patches.suse/x86-entry-Remove-UNTRAIN_RET-from-native_irq_return_.patch. - Refresh patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch. Update upstream status. - commit fcd7336 ++++ kernel-firmware: - Update to version 20220714 (git commit 84661a3ba62f): * amdgpu: update DMCUB firmware for DCN 3.1.6 * WHENCE: Correct dangling symlinks * Correct WHENCE entry for wfx firmware * bnx2: Drop unsupported Broadcom NetXtremeII firmware * bnx2: drop unsupported firmwares * bnx2: sort firmware names in filesystem order * Remove old Broadcom Everest (bnx2x) v4/5 firmware * drop Token Ring network firmwares * Drop TDA7706 radio firmware * Drop Intel WiMax firmware * Drop Computone IntelliPort Plus serial firmware * Drop ATM Ambassador devices firmware * brocade: drop old unsupported firmware revs * amdgpu: update yellow carp DMCUB firmware * linux-firmware: update firmware for MT7622 WiFi device * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * mediatek: Add SCP firmware for MT8186 * rtw88: 8822c: Update normal firmware to v9.9.13 * rtw88: 8822c: Update normal firmware to v9.9.12 - Drop obsoleted temporary patches: wfx-WHENCE-fix.diff brcm-symlink-fixes.diff - Minor update of README.build - Fix missing aliases for qlogic (bsc#1200889) ++++ alsa: - Update to version 1.2.7.2: minor updates, including fixes for PCM share plugin, rawmidi and UCM ++++ ncurses: - Add ncurses patch 20220716 + build-fix for test_mouse.c, for non-standard cfmakeraw. + improve shell-scripts with shellcheck + fix typo in run_tic.in (report/patch by Jan Starke). ++++ openssl-3: - Update to 3.0.4: [bsc#1199166, CVE-2022-1292] * In addition to the c_rehash shell command injection identified in CVE-2022-1292, further bugs where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection have been fixed. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. * Case insensitive string comparison no longer uses locales. It has instead been directly implemented. - Update to 3.0.3: * Case insensitive string comparison is reimplemented via new locale-agnostic comparison functions OPENSSL_str[n]casecmp always using the POSIX locale for comparison. The previous implementation had problems when the Turkish locale was used. * Fixed a bug in the c_rehash script which was not properly sanitising shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. [bsc#1199166, CVE-2022-1292] * Fixed a bug in the function 'OCSP_basic_verify' that verifies the signer certificate on an OCSP response. The bug caused the function in the case where the (non-default) flag OCSP_NOCHECKS is used to return a postivie response (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of 'OCSP_basic_verify' will not use the OCSP_NOCHECKS flag. In this case the 'OCSP_basic_verify' function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL "ocsp" application. When verifying an ocsp response with the "-no_cert_checks" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. [bsc#1199167, CVE-2022-1343] * Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the AAD data as the MAC key. This made the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. [bsc#1199168, CVE-2022-1434] * Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. [bsc#1199169, CVE-2022-1473] * The functions 'OPENSSL_LH_stats' and 'OPENSSL_LH_stats_bio' now only report the 'num_items', 'num_nodes' and 'num_alloc_nodes' statistics. All other statistics are no longer supported. For compatibility, these statistics are still listed in the output but are now always reported as zero. ++++ polkit: - split out pkexec into seperate package to make system hardening easier (to avoid installing it jsc#PED-132 jsc#PED-148). ++++ libslirp: - Update to version 4.7.0+44 (current git master): * Fix vmstate regression * msvc: use char* for pointer arithmetic * Align outgoing packets * Bump incoming packet alignment to 8 bytes * msvc: fix some gcc-specific pragma warnings * msvc: enable vmstate code on !gnuc * vmstate: only enable when building under GNU C * ncsitest: Fix build with msvc * Avoid running git-version-gen when building with MS VC * windows: export symbols * win32: replace strcasecmp with g_ascii_strcasecmp * Drop spurious inline * Avoid returning void * Fix arithmetic on void * * Avoid using ##__VA_ARGS__ gcc extension * Fix bitfields order for MSVC * Separate out SLIRP_PACKED to SLIRP_PACKED_BEGIN/END * Do not use ssize_t on Windows * Do not include unistd.h on windows, it does not have it * Accept build-aux/git-version-gen failing to run * container_of: avoid using __extension__ * ncsi: Add Mellanox Get Mac Address handler * slirp: Add out-of-band ethernet address * ncsi: Add OEM command handler * ncsi: Add basic test for Get Version ID response * ncsi: Use response header for payload length * ncsi: Pass command header to response handlers * src/slirp.h: Bump the minimum Windows version to Windows 7 * ncsi: Add Get Version ID command * ncsi: Pass Slirp structure to response handlers * slirp: Add manufacturer's ID * Add support for Haiku to meson.build * meson: add extra warnings * win32: declare some local functions as static * Include and for AF_INET6 and inet_pton * Release v4.7.0 * bump ABI version and age * slirp: invoke client callback before creating timers * pingtest: port to timer_new_opaque * introduce timer_new_opaque callback * introduce slirp_timer_new wrapper * icmp6: make ndp_send_ra static * Add sanitizers CI runs * socket: Handle ECONNABORTED from recv * bootp: fix g_str_has_prefix warning/critical * slirp: Don't duplicate packet in tcp_reass * Rename insque/remque -> slirp_[ins|rem]que * mbuf: Use SLIRP_DEBUG to enable mbuf debugging instead of DEBUG * Replace inet_ntoa() with safer inet_ntop() * Add VMS_END marker * bootp: add support for UEFI HTTP boot * IPv6 DNS proxying support * Add missing scope_id in caching * Drop fixed TODO * socket: Move closesocket(so->s_aux) to sofree * socket: Check so_type instead of so_tcpcb for Unix-to-inet translation * socket: Add s_aux field to struct socket for storing auxilliary socket * socket: Initialize so_type in socreate * socket: Allocate Unix-to-TCP hostfwd port from OS by binding to port 0 * Allow to disable internal DHCP server * slirp_pollfds_fill: Explain why dividing so_snd.sb_datalen by two * CI: run integration tests with slirp4netns * socket: Check address family for Unix-to-inet accept translation * socket: Add debug args for tcpx_listen (inet and Unix sockets) * socket: Restore original definition of fhost * socket: Move include to socket.h * Support Unix sockets in hostfwd * resolv: fix IPv6 resolution on Darwin * Use the exact sockaddr size in getnameinfo call * Initialize sin6_scope_id to zero * slirp_socketpair_with_oob: Connect pair through 127.0.0.1 * resolv: fix memory leak when using libresolv * pingtest: Add a trivial ping test * icmp: Support falling back on trying a SOCK_RAW socket ++++ systemd: - When systemd-container is installed install tar/gpg too So `machinectl import-tar` always works flawlessly. systemd-container already is an optional package and both tar and gpg are rather basic anyway so no harm should be done by requiring them. - Move the systemd sysupdate stuff from the main package to the experimental sub-package while it's still time. The method used (currently) for updating openSUSE distro is rpm, not systemd-sysupdate. ------------------------------------------------------------------ ------------------ 2022-7-17 - Jul 17 2022 ------------------- ------------------------------------------------------------------ ++++ docker: - Change to using systemd-sysusers ++++ kernel-default: - Update to 5.19-rc7 - drop obsolete patches - patches.suse/tty-extract-tty_flip_buffer_commit-from-tty_flip_buf.patch - patches.suse/tty-use-new-tty_insert_flip_string_and_push_buffer-i.patch - update configs (x86 only) - SPECULATION_MITIGATIONS=y - RETHUNK=y - CPU_UNRET_ENTRY=y - CPU_IBPB_ENTRY=y - CPU_IBRS_ENTRY=y - commit 900302b ++++ python-resolvelib: - update to 0.8.1: * A new reporter hook ``resolving_conflicts`` is added. The resolver triggers * this hook when it detects conflicts in the dependency tree, and before it * attempts to fix them. The hook accepts one single argument ``causes``, which * is a list of ``(requirement, parent)`` 2-tuples that represents all the * edges that lead to the detected conflicts. ++++ qemu: - Get rid of downstream patches breaking s390 modules. Replace them with the upstream proposed and Acked (but never committed) solution (bsc#1199015) * Patches added: modules-generates-per-target-modinfo.patch modules-introduces-module_kconfig-direct.patch * Patches dropped: Fix-the-module-building-problem-for-s390.patch modules-quick-fix-a-fundamental-error-in.patch ------------------------------------------------------------------ ------------------ 2022-7-16 - Jul 16 2022 ------------------- ------------------------------------------------------------------ ++++ python-gobject: - Work around vendored distutils in setuptools >= 60 incorrectly installing pkgconfig files into the wrong libdir ++++ python-pycairo: - Work around vendored distutils in setuptools >= 60 incorrectly installing pkgconfig files into the wrong libdir - Deduplicate files in python_sitearch ++++ python-setuptools: - update to version 63.2.0: * Changes + #3395: Included a performance optimization: setuptools.build_meta no longer tries to :func:`compile` the setup script code before :func:`exec`-ing it. * Misc + #3435: Corrected issue in macOS framework builds on Python 3.9 not installed by homebrew (pypa/distutils#158). ++++ qemu: - backport patches for having coroutine work well when LTO is used * Patches added: coroutine-ucontext-use-QEMU_DEFINE_STATI.patch coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch coroutine-win32-use-QEMU_DEFINE_STATIC_C.patch - seabios: drop patch that changes python in python2. Just go to python3 directly. * Patches dropped: seabios-use-python2-explicitly-as-needed.patch ------------------------------------------------------------------ ------------------ 2022-7-15 - Jul 15 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - let Mesa ignore Mesa-dri as dep to resolve a build cycle (related to boo#1201474 ++++ Mesa-drivers: - let Mesa ignore Mesa-dri as dep to resolve a build cycle (related to boo#1201474 ++++ apparmor: - Add apparmor-setuptools61-mr897.patch https://gitlab.com/apparmor/apparmor/-/merge_requests/897 - Add buildtime dependencies on python-rpm-macros and setuptools ++++ kernel-default: - Linux 5.18.12 (bsc#1012628). - Revert "mtd: rawnand: gpmi: Fix setting busy timeout setting" (bsc#1012628). - commit 3198c22 - Refresh patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch. Update upstream status. - commit 4fcb983 - x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit da1381f - x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit ce3ce6a - Refresh patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch. Update to upstream version. - commit 3f7e318 ++++ libapparmor: - Add apparmor-setuptools61-mr897.patch https://gitlab.com/apparmor/apparmor/-/merge_requests/897 - Add buildtime dependencies on python-rpm-macros and setuptools ++++ sqlite3: - update to 3.39.1: * Fix an incorrect result from a query that uses a view that contains a compound SELECT in which only one arm contains a RIGHT JOIN and where the view is not the first FROM clause term of the query that contains the view * Fix a long-standing problem with ALTER TABLE RENAME that can only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set to a very small value. * Fix a long-standing problem in FTS3 that can only arise when compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time option. * Fix the initial-prefix optimization for the REGEXP extension so that it works correctly even if the prefix contains characters that require a 3-byte UTF8 encoding. * Enhance the sqlite_stmt virtual table so that it buffers all of its output. ++++ perl: - move builtin.pm to perl-base as File::Copy relies on it since last update. This fixes execution of builtime source services in OBS. ++++ python310-packaging: - Split primary flavor in multibuild for possible inclusion into Ring0 ++++ python-psutil: - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - Refresh skip-obs.patch ++++ python310-pyparsing: - Split primary flavor in multibuild for possible inclusion into Ring0 - Remove hardcoded primary_python variable. ++++ qemu: - Fix the following bugs: - bsc#1198037, CVE-2021-4207 - bsc#1198038, CVE-2022-0216 - bsc#1201367, CVE-2022-35414 - bsc#1198035, CVE-2021-4206 - bsc#1198712, CVE-2022-26354 - bsc#1198711, CVE-2022-26353 * Patches added: display-qxl-render-fix-race-condition-in.patch scsi-lsi53c895a-fix-use-after-free-in-ls.patch softmmu-Always-initialize-xlat-in-addres.patch ui-cursor-fix-integer-overflow-in-cursor.patch vhost-vsock-detach-the-virqueue-element-.patch virtio-net-fix-map-leaking-on-error-duri.patch ------------------------------------------------------------------ ------------------ 2022-7-14 - Jul 14 2022 ------------------- ------------------------------------------------------------------ ++++ container-selinux: - Update to version 2.188.0: * Allow confined containers to mount overlay filesystems Fixed bsc#1201348 ++++ glibc: - nptl-cleanup-async-restore-2.patch: nptl: Fix ___pthread_unregister_cancel_restore asynchronous restore (bsc#1200093, BZ #29214) ++++ kernel-default: - rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer Dwarves 1.22 or newer is required to build kernels with BTF information embedded in modules. - commit ee19e9d - x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). Update upstream status. - commit eae54b1 - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() (bsc#1198829 CVE-2022-1462). - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462). - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() (bsc#1198829 CVE-2022-1462). - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462). - commit cec52d3 - x86/kvm: fix FASTOP_SIZE when return thunks are enabled (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 86ef7b4 ++++ libglvnd: - let libglvnd require Mesa-dri so GL drivers are available on Wayland-only desktop installations (boo#1201474) ++++ openldap2: - removed obsolete 0017-Resolve-error-handling-in-new-ctx-when-global.patch - update to 2.6.3 * Fixed librewrite declaration of calloc (ITS#9841) * Fixed libldap to check for NULL ld (ITS#9157) * Fixed libldap memory leaks (ITS#9876) * Fixed lloadd to correctly tag Notice of Disconnection (ITS#9856) * Fixed slapd delta-sync DN leak on ADD ops (ITS#9866) * Fixed slapd replication with back-glue (ITS#9868) * Fixed slapd lastbind replication with chaining (ITS#9863) * Fixed slapd-ldap to correctly set authzid (ITS#9863) * Fixed slapd-mdb to check for stale readers on MDB_READERS_FULL (ITS#7165) * Fixed slapd-mdb indexer task with replicated config (ITS#9858) * Fixed slapo-accesslog onetime memory leak (ITS#9864) * Fixed slapo-ppolicy interaction with slapo-rwm (ITS#9871) * Fixed slapo-rwm to handle escaping special characters (ITS#9817) * Fixed slapo-syncprov memory leaks (ITS#9867) * Fixed slapo-syncprov fallback in delta-sync mode (ITS#9823) * Fixed slapo-unique to not release NULL entry (ITS#8245) * doc: Fixed ldap_get_option(3) to clarify ldap_get/set_option restrictions (ITS#9824) ++++ patterns-base: - Have the base pattern recommend service(network) ++++ python310-packaging: - Setuptools itself does not depend on packaging anymore, only for pythondistdeps.py, That dependency will move to python-rpm-packaging soon. -- boo#1178257 - Use "setuptools" for building again. * Python 3.12 will drop the distutils fallback * Use the python-base vendored pip in a venv * Drop no-legacyversion-warning.patch - Remove nonsensical python362 flavor check. ++++ python310-pyparsing: - Update to version 3.0.9 * Added Unicode set BasicMultilingualPlane (may also be referenced as BMP) representing the Basic Multilingual Plane (Unicode characters up to code point 65535). Can be used to parse most language characters, but omits emojis, wingdings, etc. Raised in discussion with Dave Tapley (issue #392). * To address mypy confusion of pyparsing.Optional and typing.Optional resulting in error: "_SpecialForm" not callable message reported in issue #365, fixed the import in exceptions.py. Nice sleuthing by Iwan Aucamp and Dominic Davis-Foster, thank you! (Removed definitions of OptionalType, DictType, and IterableType and replaced them with typing.Optional, typing.Dict, and typing.Iterable throughout.) * Fixed typo in jinja2 template for railroad diagrams, thanks for the catch Nioub (issue #388). * Removed use of deprecated pkg_resources package in railroad diagramming code (issue #391). * Updated bigquery_view_parser.py example to parse examples at https://cloud.google.com/bigquery/docs/reference/legacy-sql - Release 3.0.8 * API CHANGE: modified pyproject.toml to require Python version 3.6.8 or later for pyparsing 3.x. Earlier minor versions of 3.6 fail in evaluating the version_info class (implemented using typing.NamedTuple). If you are using an earlier version of Python 3.6, you will need to use pyparsing 2.4.7. * Improved pyparsing import time by deferring regex pattern compiles. PR submitted by Anthony Sottile to fix issue #362, thanks! * Updated build to use flit, PR by Michał Górny, added BUILDING.md doc and removed old Windows build scripts - nice cleanup work! * More type-hinting added for all arithmetic and logical operator methods in ParserElement. PR from Kazantcev Andrey, thank you. * Fixed infix_notation's definitions of lpar and rpar, to accept parse expressions such that they do not get suppressed in the parsed results. PR submitted by Philippe Prados, nice work. * Fixed bug in railroad diagramming with expressions containing Combine elements. Reported by Jeremy White, thanks! * Added show_groups argument to create_diagram to highlight grouped elements with an unlabeled bounding box. * Added unicode_denormalizer.py to the examples as a demonstration of how Python's interpreter will accept Unicode characters in identifiers, but normalizes them back to ASCII so that identifiers print and 𝕡𝓻ᵢ𝓃𝘁 and 𝖕𝒓𝗂𝑛ᵗ are all equivalent. * Removed imports of deprecated sre_constants module for catching exceptions when compiling regular expressions. PR submitted by Serhiy Storchaka, thank you. - Use python-base bundled pip as frontend for flit-core ++++ python-setuptools: - Remove dependency on packaging -- boo#1178257 - Enable ini2toml[lite] tests ++++ selinux-policy: - Update to version 20220714. Refreshed: * fix_init.patch * fix_systemd_watch.patch ++++ suse-module-tools: - Update to version 16.0.22: * weak-modules2: only use kernel version under /run/regenerate-initrd (boo#1201387) ++++ tpm2.0-tools: - Disable tests in some architectures (ppc, ppc64, s390x) ------------------------------------------------------------------ ------------------ 2022-7-13 - Jul 13 2022 ------------------- ------------------------------------------------------------------ ++++ permissions: - Update to version 20220713: * postfix: add postlog setgid for maildrop binary (bsc#1201385) * libexec migration: KDE utilities now properly place their helpers * pccardctl: installation path has finally changed to /usr/sbin ++++ file: - Add upstream patch to fix boo#1201350 * file-boo1201350.patch which combines the commits c80065fe6900be5e794941e29b32440e9969b1c3 7e59d34206d7c962e093d4239e5367a2cd8b7623 f042050f59bfc037677871c4d1037c33273f5213 d471022b2772071877895759f209f2c346757a4c 441ac2b15508909e82ad467960df4ac0adf9644c ++++ kernel-default: - x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/static_call: Serialize __static_call_fixup() properly (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Disable RRSBA behavior (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Add Cannon lake to RETBleed affected CPU list (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 834606b - x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - Update config files. - commit 9dbc2f6 - x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/common: Stamp out the stepping madness (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Convert launched argument to flags (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Fix SPEC_CTRL write on SMT state change (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Fix firmware entry SPEC_CTRL handling (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Do IBPB fallback check only once (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - intel_idle: Disable IBRS during long idle (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Report Intel retbleed vulnerability (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Add kernel IBRS implementation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 023a0b9 - x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - Update config files. - commit a4a04c4 - x86/bugs: Report AMD retbleed vulnerability (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: Treat .text.__x86.* as noinstr (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/sev: Avoid using __x86_return_thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bpf: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/ftrace: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86,static_call: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: skip non-text sections when adding return-thunk sites (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/retpoline: Swizzle retpoline thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/retpoline: Cleanup some #ifdefery (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Don't call error_entry() for XENPV (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Switch the stack after error_entry() returns (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit bc4fd7c - config: riscv: disable RISCV_BOOT_SPINWAIT We now rely on the SBI HSM extension which is provided by openSBI 0.7 or later. - commit 8752291 - config: riscv: disable RISCV_SBI_V01 The SBI v0.1 API is obsolete. - commit 44178e7 ++++ multipath-tools: - Update to version 0.9.0+39+suse.51a2ab1: Upstream bug fixes: * libmultipath: fix find_multipaths_timeout for unknown hardware (boo#1201483) * multipath-tools: fix "multipath -ll" for Native NVME Multipath devices (boo#1201483) - Update to version 0.9.0+33+suse.fdc6686 * multipath.conf: add support for "protocol" subsection in "overrides" section to set certain config options by protocol. * Removed the previously deprecated options getuid_callout, config_dir, multipath_dir, pg_timeout * hwable fixes and additions * multipath.conf(5): add disclaimer about vendor support * libmultipath, kpartx: fix callers of dm_get_next_target() * Change built-in defaults for NVMe: group by prio, and immediate failback * Allow compilation with -D_FORTIFY_SOURCE=3 ++++ ceph: - Update to 16.2.9-536-g41a9f9a5573: + (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR + (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979) ++++ python-setuptools: - Update to version 63.1.0 * #3430: Merge with pypa/distutils@152c13d including pypa/distutils#155 (improved compatibility for editable installs on homebrew Python 3.9), pypa/distutils#150 (better handling of runtime_library_dirs on cygwin), and pypa/distutils#151 (remove warnings for namespace packages). - v63.0.0 * #3421: Drop setuptools' support for installing an entrypoint extra requirements at load time: - the functionality has been broken since v60.8.0. - the mechanism to do so is deprecated (fetch_build_eggs). - that use case (e.g. a custom command class entrypoint) is covered by making sure the necessary build requirements are declared. Documentation changes * #3397: Fix reference for keywords to point to the Core Metadata Specification instead of PEP 314 (the live standard is kept always up-to-date and consolidates several PEPs together in a single document). - v62.6.0 * #3253: Enabled using file: for requirements in setup.cfg -- by :user:`akx` (this feature is currently considered to be in beta stage). * #3255: Enabled using file: for dependencies and optional-dependencies in pyproject.toml -- by :user:`akx` (this feature is currently considered to be in beta stage). * #3391: Updated attr: to also extract simple constants with type annotations -- by :user:`karlotness` - v62.5.0 * #3347: Changed warnings and documentation notes about experimental aspect of pyproject.toml configuration: now [project] is a fully supported configuration interface, but the [tool.setuptools] table and sub-tables are still considered to be in beta stage. * #3383: In _distutils_hack, suppress/undo the use of local distutils when select tests are imported in CPython. * #3385: Modules used to parse and evaluate configuration from pyproject.toml files are intended for internal use only and that not part of the public API. - v62.4.0 * #3256: Added setuptools.command.build command to match distutils.command.build -- by :user:`isuruf` * #3366: Merge with pypa/distutils@75ed79d including reformat using black, fix for Cygwin support (pypa/distutils#139), and improved support for cross compiling (pypa/distutils#144 and pypa/distutils#145). - v62.3.4 * #3354: Improve clarity in warning about unlisted namespace packages. - v62.3.3 * #3336: Modified test_setup_install_includes_dependencies to work with custom PYTHONPATH –- by :user:`hroncok` - v62.3.2 * #3328: Include a first line summary to some of the existing multi-line warnings. - v62.3.1 * #3320: Fixed typo which causes namespace_packages to raise an error instead of warning. - v62.3.0 * #3262: Formally added deprecation messages for namespace_packages. The methodology that uses pkg_resources and namespace_packages for creating namespaces was already discouraged by the :doc:`setuptools docs ` and the :doc:`Python Packaging User Guide `, therefore this change just make the deprecation more official. Users can consider migrating to native/implicit namespaces (as introduced in PEP 420). * #3308: Relying on include_package_data to ensure sub-packages are automatically added to the build wheel distribution (as "data") is now considered a deprecated practice. This behaviour was controversial and caused inconsistencies (#3260). Instead, projects are encouraged to properly configure packages or use discovery tools. General information can be found in :doc:`userguide/package_discovery`. * #1806: Allowed recursive globs (**) in package_data. -- by :user:`nullableVoidPtr` * #3206: Fixed behaviour when both install_requires (in setup.py) and dependencies (in pyproject.toml) are specified. The configuration in pyproject.toml will take precedence over setup.py (in accordance with PEP 621). A warning was added to inform users. * #3274: Updated version of vendored pyparsing to 3.0.8 to avoid problems with upcoming deprecation in Python 3.11. * #3292: Added warning about incompatibility with old versions of importlib-metadata. - v62.2.0 * #3299: Optional metadata fields are now truly optional. Includes merge with pypa/distutils@a7cfb56 per pypa/distutils#138. * #3282: Added CI cache for setup.cfg examples used when testing setuptools.config. - v62.1.0 * #3249: Simplified package_dir obtained via auto-discovery. - v62.0.0 * #3151: Made setup.py develop --user install to the user site packages directory even if it is disabled in the current interpreter. * #3153: When resolving requirements use both canonical and normalized names -- by :user:`ldaniluk` * #3167: Honor unix file mode in ZipFile when installing wheel via install_as_egg -- by :user:`delijati` * #3088: Fixed duplicated tag with the dist-info command. * #3247: Fixed problem preventing readme specified as dynamic in pyproject.toml from being dynamically specified in setup.py. - v61.3.1 * #3233: Included missing test file setupcfg_examples.txt in sdist. * #3233: Added script that allows developers to download setupcfg_examples.txt prior to running tests. By caching these files it should be possible to run the test suite offline. - v61.3.0 * #3229: Disabled automatic download of trove-classifiers to facilitate reproducibility. * #3229: Updated pyproject.toml validation via validate-pyproject v0.7.1. * #3229: New internal tool made available for updating the code responsible for the validation of pyproject.toml. This tool can be executed via tox -e generate-validation-code. - v61.2.0 * #3215: Ignored a subgroup of invalid pyproject.toml files that use the [project] table to specify only requires-python (transitional). * Warning: Please note that future releases of setuptools will halt the build process if a pyproject.toml file that does not match the PyPA Specification is given. * #3215: Updated pyproject.toml validation, as generated by validate-pyproject==0.6.1. * #3218: Prevented builds from erroring if the project specifies metadata via pyproject.toml, but uses other files (e.g. setup.py) to complement it, without setting dynamic properly. * Important: This is a transitional behaviour. Future releases of setuptools may simply ignore externally set metadata not backed by dynamic or even halt the build with an error. * #3224: Merge changes from pypa/distutils@e1d5c9b1f6 + #3223: Fixed missing requirements with environment markers when optional-dependencies is set in pyproject.toml. - v61.1.1 * #3212: Fixed missing dependencies when running setup.py install. Note that calling setup.py install directly is still deprecated and will be removed in future versions of setuptools. Please check the release notes for :ref:`setup_install_deprecation_note`. - v61.1.0 * #3206: Changed setuptools.convert_path to an internal function that is not exposed as part of setuptools API. Future releases of setuptools are likely to remove this function. * #3202: Changed behaviour of auto-discovery to not explicitly expand package_dir for flat-layouts and to not use relative paths starting with ./. * #3203: Prevented pyproject.toml parsing from overwriting dist.include_package_data explicitly set in setup.py with default value. * #3208: Added a warning for non existing files listed with the file directive in setup.cfg and pyproject.toml. * #3208: Added a default value for dynamic classifiers in pyproject.toml when files are missing and errors being ignored. * #3211: Disabled auto-discovery when distribution class has a configuration attribute (e.g. when the setup.py script contains setup(..., configuration=...)). This is done to ensure extension-only packages created with numpy.distutils.misc_util.Configuration are not broken by the safe guard behaviour to avoid accidental multiple top-level packages in a flat-layout. * Note Users that don't set packages, py_modules, or configuration are still likely to observe the auto-discovery behavior, which may halt the build if the project contains multiple directories and/or multiple Python files directly under the project root. To disable auto-discovery please explicitly set either packages or py_modules. Alternatively you can also configure :ref:`custom-discovery`. - v61.0.0 * #3068: Deprecated setuptools.config.read_configuration, setuptools.config.parse_configuration and other functions or classes from setuptools.config. * Users that still need to parse and process configuration from setup.cfg can import a direct replacement from setuptools.config.setupcfg, however this module is transitional and might be removed in the future (the setup.cfg configuration format itself is likely to be deprecated in the future). * #2894: If you purposefully want to create an "empty distribution", please be aware that some Python files (or general folders) might be automatically detected and included. * Projects that currently don't specify both packages and py_modules in their configuration and contain extra folders or Python files (not meant for distribution), might see these files being included in the wheel archive or even experience the build to fail. * You can check details about the automatic discovery (and how to configure a different behaviour) in :doc:`/userguide/package_discovery`. * #3067: If the file pyproject.toml exists and it includes project metadata/config (via [project] table or [tool.setuptools]), a series of new behaviors that are not backward compatible may take place: - The default value of include_package_data will be considered to be True. - Setuptools will attempt to validate the pyproject.toml file according to PEP 621 specification. - The values specified in pyproject.toml will take precedence over those specified in setup.cfg or setup.py. * #2887: [EXPERIMENTAL] Added automatic discovery for py_modules and packages -- by :user:`abravalheri`. - Setuptools will try to find these values assuming that the package uses either the src-layout (a src directory containing all the packages or modules), the flat-layout (package directories directly under the project root), or the single-module approach (an isolated Python file, directly under the project root). - The automatic discovery will also respect layouts that are explicitly configured using the package_dir option. - For backward-compatibility, this behavior will be observed only if both py_modules and packages are not set. (Note: specifying ext_modules might also prevent auto-discover from taking place) - If setuptools detects modules or packages that are not supposed to be in the distribution, please manually set py_modules and packages in your setup.cfg or setup.py file. If you are using a flat-layout, you can also consider switching to src-layout. * #2887: [EXPERIMENTAL] Added automatic configuration for the name metadata -- by :user:`abravalheri`. - Setuptools will adopt the name of the top-level package (or module in the case of single-module distributions), only when name is not explicitly provided. - Please note that it is not possible to automatically derive a single name when the distribution consists of multiple top-level packages or modules. * #3066: Added vendored dependencies for :pypi:`tomli`, :pypi:`validate-pyproject`. - These dependencies are used to read pyproject.toml files and validate them. * #3067: [EXPERIMENTAL] When using pyproject.toml metadata, the default value of include_package_data is changed to True. * #3068: [EXPERIMENTAL] Add support for pyproject.toml configuration (as introduced by PEP 621). Configuration parameters not covered by standards are handled in the [tool.setuptools] sub-table. - In the future, existing setup.cfg configuration may be automatically converted into the pyproject.toml equivalent before taking effect (as proposed in #1688). Meanwhile users can use automated tools like :pypi:`ini2toml` to help in the transition. - Please note that the legacy backend is not guaranteed to work with pyproject.toml configuration. * #3125: Implicit namespaces (as introduced in PEP 420) are now considered by default during :doc:`package discovery `, when setuptools configuration and project metadata are added to the pyproject.toml file. - To disable this behaviour, use namespaces = False when explicitly setting the [tool.setuptools.packages.find] section in pyproject.toml. - This change is backwards compatible and does not affect the behaviour of configuration done in setup.cfg or setup.py. * #3152: [EXPERIMENTAL] Added support for attr: and cmdclass configurations in setup.cfg and pyproject.toml when package_dir is implicitly found via auto-discovery. * #3178: Postponed importing ctypes when hiding files on Windows. This helps to prevent errors in systems that might not have libffi installed. * #3179: Merge with pypa/distutils@267dbd25ac - v60.10.0 * #2971: Deprecated upload_docs command, to be removed in the future. * #3137: Use samefile from stdlib, supported on Windows since Python 3.2. * #3170: Adopt nspektr (vendored) to implement Distribution._install_dependencies. * #3120: Added workaround for intermittent failures of backend tests on PyPy. These tests now are marked with XFAIL, instead of erroring out directly. * #3124: Improved configuration for :pypi:`rst-linker` (extension used to build the changelog). * #3133: Enhanced isolation of tests using virtual environments - PYTHONPATH is not leaking to spawned subprocesses -- by :user:`befeleme` * #3147: Added options to provide a pre-built setuptools wheel or sdist for being used during tests with virtual environments. Paths for these pre-built distribution files can now be set via the environment variables: PRE_BUILT_SETUPTOOLS_SDIST and PRE_BUILT_SETUPTOOLS_WHEEL. - v60.9.2 * #3035: When loading distutils from the vendored copy, rewrite __name__ to ensure consistent importing from inside and out. - v60.9.1 * #3102: Prevent vendored importlib_metadata from loading distributions from older importlib_metadata. * #3103: Fixed issue where string-based entry points would be omitted. * #3107: Bump importlib_metadata to 4.11.1 addressing issue with parsing requirements in egg-info as found in PyPy. - v60.9.0 * #2876: In the build backend, allow single config settings to be supplied. * #2993: Removed workaround in distutils hack for get-pip now that pypa/get-pip#137 is closed. * #3085: Setuptools no longer relies on pkg_resources for entry point handling. * #3098: Bump vendored packaging to 21.3. * Removed bootstrap script. * Warning: Users trying to install the unmaintained :pypi:`pathlib` backport from PyPI/sdist/source code may find problems when using setuptools >= 60.9.0. This happens because during the installation, the unmaintained implementation of pathlib is loaded and may cause compatibility problems (it does not expose the same public API defined in the Python standard library). Whenever possible users should avoid declaring pathlib as a dependency. An alternative is to pre-build a wheel for pathlib using a separated virtual environment with an older version of setuptools and install the library directly from the pre-built wheel. - v60.8.2 * #3091: Make concurrent.futures import lazy in vendored more_itertools package to a avoid importing threading as a side effect (which caused gevent/gevent#1865). -- by :user:`maciejp-ro` - v60.8.1 * #3084: When vendoring jaraco packages, ensure the namespace package is converted to a simple package to support zip importer. - v60.8.0 * #3085: Setuptools now vendors importlib_resources and importlib_metadata and jaraco.text. Setuptools no longer relies on pkg_resources for ensure_directory nor parse_requirements. - v60.7.1 * #3072: Remove lorem_ipsum from jaraco.text when vendored. - v60.7.0 * #3061: Vendored jaraco.text and use line processing from that library in pkg_resources. * #3070: Avoid AttributeError in easy_install.create_home_path when sysconfig.get_config_vars values are not strings. - v60.6.0 * #3043: Merge with pypa/distutils@bb018f1ac3 including consolidated behavior in sysconfig.get_platform (pypa/distutils#104). * #3057: Don't include optional Home-page in metadata if no url is specified. -- by :user:`cdce8p` * #3062: Merge with pypa/distutils@b53a824ec3 including improved support for lib directories on non-x64 Windows builds. * #3054: Used Py3 syntax super().__init__() -- by :user:`imba-tjd` - v60.5.4 * #3009: Remove filtering of distutils warnings. * #3031: Suppress distutils replacement when building or testing CPython. - v60.5.3 * #3026: Honor sysconfig variables in easy_install. - v60.5.2 * #2993: In _distutils_hack, for get-pip, simulate existence of setuptools. - v60.5.1 * #2918: Correct support for Python 3 native loaders. - v60.5.0 * #2990: Set the .origin attribute of the distutils module to the module's __file__. - v60.4.0 * #2839: Removed requires sorting when installing wheels as an egg dir. * #2953: Fixed a bug that easy install incorrectly parsed Python 3.10 version string. * #3006: Fixed startup performance issue of Python interpreter due to imports of costly modules in _distutils_hack -- by :user:`tiran` * #2862: Added integration tests that focus on building and installing some packages in the Python ecosystem via pip -- by :user:`abravalheri` * #2952: Modified "vendoring" logic to keep license files. * #2968: Improved isolation for some tests that where inadvertently using the project root for builds, and therefore creating directories (e.g. build, dist, *.egg-info) that could interfere with the outcome of other tests -- by :user:`abravalheri`. * #2968: Introduced new test fixtures venv, venv_without_setuptools, bare_venv that rely on the jaraco.envs package. These new test fixtures were also used to remove the (currently problematic) dependency on the pytest_virtualenv plugin. * #2968: Removed tmp_src test fixture. Previously this fixture was copying all the files and folders under the project root, including the .git directory, which is error prone and increases testing time. Since tmp_src was used to populate virtual environments (installing the version of setuptools under test via the source tree), it was replaced by the new setuptools_sdist and setuptools_wheel fixtures (that are build only once per session testing and can be shared between all the workers for read-only usage). - v60.3.1 * #3002: Suppress AttributeError when detecting get-pip. - v60.3.0 * #2993: In _distutils_hack, bypass the distutils exception for pip when get-pip is being invoked, because it imports setuptools. * #2989: Merge with pypa/distutils@788cc159. Includes fix for config vars missing from sysconfig. - v60.2.0 * #2974: Setuptools now relies on the Python logging infrastructure to log messages. Instead of using distutils.log.*, use logging.getLogger(name).*. * #2987: Sync with pypa/distutils@2def21c5d74fdd2fe7996ee4030ac145a9d751bd, including fix for missing get_versions attribute (#2969), more reliance on sysconfig from stdlib. * #2962: Avoid attempting to use local distutils when the presiding version of Setuptools on the path doesn't have one. * #2983: Restore 'add_shim' as the way to invoke the hook. Avoids compatibility issues between different versions of Setuptools with the distutils local implementation. - v60.1.1 * #2980: Bypass distutils loader when setuptools module is no longer available on sys.path. - v60.1.0 * #2958: In distutils_hack, only add the metadata finder once. In ensure_local_distutils, rely on a context manager for reliable manipulation. * #2963: Merge with pypa/distutils@a5af364910. Includes revisited fix for pypa/distutils#15 and improved MinGW/Cygwin support from pypa/distutils#77. - v60.0.5 * #2960: Install schemes fall back to default scheme for headers. - v60.0.4 * #2954: Merge with pypa/distutils@eba2bcd310. Adds platsubdir to config vars available for substitution. - v60.0.3 * #2940: Avoid KeyError in distutils hack when pip is imported during ensurepip. - v60.0.2 * #2938: Select 'posix_user' for the scheme unless falling back to stdlib, then use 'unix_user'. - v60.0.1 * #2944: Add support for extended install schemes in easy_install. - v60.0.0 * #2896: Setuptools once again makes its local copy of distutils the default. To override, set SETUPTOOLS_USE_DISTUTILS=stdlib. - v59.8.0 * #2935: Merge pypa/distutils@460b59f0e68dba17e2465e8dd421bbc14b994d1f. - v59.7.0 * #2930: Require Python 3.7 - v59.6.0 * #2925: Merge with pypa/distutils@92082ee42c including introduction of deprecation warning on Version classes. - v59.4.0 * #2893: Restore deprecated support for newlines in the Summary field. - v59.3.0 * #2906: In ensure_local_distutils, re-use DistutilsMetaFinder to load the module. Avoids race conditions when _distutils_system_mod is employed. - v59.2.0 * #2875: Introduce changes from pypa/distutils@514e9d0, including support for overrides from Debian and pkgsrc, unlocking the possibility of making SETUPTOOLS_USE_DISTUTILS=local the default again. - v59.1.1 + #2885: Fixed errors when encountering LegacyVersions. - v59.1.0 * #2497: Update packaging to 21.2. * #2877: Back out deprecation of setup_requires and replace instead by a deprecation of setuptools.installer and fetch_build_egg. Now setup_requires is still supported when installed as part of a PEP 517 build, but is deprecated when an unsatisfied requirement is encountered. - v59.0.1 * #2880: Removed URL requirement for pytest-virtualenv in setup.cfg. PyPI rejects packages with dependencies external to itself. Instead the test dependency was overwritten via tox.ini - v59.0.0 * #2856: Support for custom commands that inherit directly from distutils is deprecated. Users should extend classes provided by setuptools instead. * #2870: Started failing on invalid inline description with line breaks :class:`ValueError` -- by :user:`webknjaz` * #2698: Exposed exception classes from distutils.errors via setuptools.errors. * #2866: Incorporate changes from pypa/distutils@f1b0a2b. - v58.5.3 * #2849: Add fallback for custom build_py commands inheriting directly from :mod:`distutils`, while still handling include_package_data=True for sdist. - v58.5.2 * #2847: Suppress 'setup.py install' warning under bdist_wheel. - v58.5.1 * #2846: Move PkgResourcesDeprecationWarning above implicitly-called function so that it's in the namespace when version warnings are generated in an environment that contains them. - v58.5.0 * #1461: Fix inconsistency with include_package_data and packages_data in sdist by replacing the loop breaking mechanism between the sdist and egg_info commands -- by :user:`abravalheri` - v58.4.0 * #2497: Officially deprecated PEP 440 non-compliant versions. - Refresh patches * sort-for-reproducibility.patch * remove_mock.patch - Do not replace the vendored imports from .extern anymore * Upstream vendors more packages than before and we need to avoid buildcycles, too. * The vendored stuff was packaged all the time. * Update License tag for vendored stuff. * Drop remove-more-itertools-dependency-cycle.patch ++++ selinux-policy: - Update fix_systemd.patch to add cap sys_admin and kernel_dgram_send for systemd_gpt_generator_t (bsc#1200911) ++++ tpm2.0-tools: - Add patch to fix leakage of TPM simulator process add_missing_shut_down_call_on_cleanup.patch - Add patch to fix fapi-quote-verify[_ecc].sh test fix_check_of_qualifying_data.patch - Enable test execution by default ------------------------------------------------------------------ ------------------ 2022-7-12 - Jul 12 2022 ------------------- ------------------------------------------------------------------ ++++ gpg2: - GnuPG 2.3.7: * CVE-2022-34903: garbled status messages could trick gpgme and other parsers to accept faked status lines [boo#1201225] * A number of bug fixes to the gpg command line interface * gpgsm gained a number of new options and got some rework on the PKCS#12 parser to support DFN issues keys * The gpg agent got some added options and UI tweaks * smart card support got a number of bug fixes, and improved support for Technology Nexus cards and Yubikey * The Telesec ESIGN application is now supported ++++ kernel-default: - Linux 5.18.11 (bsc#1012628). - io_uring: fix provided buffer import (bsc#1012628). - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (bsc#1012628). - ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628). - ALSA: cs46xx: Fix missing snd_card_free() call at probe error (bsc#1012628). - can: bcm: use call_rcu() instead of costly synchronize_rcu() (bsc#1012628). - can: grcan: grcan_probe(): remove extra of_node_get() (bsc#1012628). - can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628). - can: m_can: m_can_chip_config(): actually enable internal timestamping (bsc#1012628). - can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits (bsc#1012628). - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (bsc#1012628). - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (bsc#1012628). - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (bsc#1012628). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (bsc#1012628). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (bsc#1012628). - can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel() (bsc#1012628). - bpf: Fix incorrect verifier simulation around jmp32's jeq/jne (bsc#1012628). - bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals (bsc#1012628). - usbnet: fix memory leak in error case (bsc#1012628). - net: rose: fix UAF bug caused by rose_t0timer_expiry (bsc#1012628). - net: lan966x: hardcode the number of external ports (bsc#1012628). - netfilter: nft_set_pipapo: release elements in clone from abort path (bsc#1012628). - selftests/net: fix section name when using xdp_dummy.o (bsc#1012628). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (bsc#1012628). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (bsc#1012628). - can: rcar_canfd: Fix data transmission failed on R-Car V3U (bsc#1012628). - ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared (bsc#1012628). - MAINTAINERS: Remove iommu@lists.linux-foundation.org (bsc#1012628). - iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628). - iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628). - cxl/mbox: Use __le32 in get,set_lsa mailbox structures (bsc#1012628). - cxl: Fix cleanup of port devices on failure to probe driver (bsc#1012628). - fbdev: fbmem: Fix logo center image dx issue (bsc#1012628). - fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628). - fbcon: Disallow setting font bigger than screen size (bsc#1012628). - fbcon: Prevent that screen size is smaller than font size (bsc#1012628). - PM: runtime: Redefine pm_runtime_release_supplier() (bsc#1012628). - PM: runtime: Fix supplier device management during consumer probe (bsc#1012628). - memregion: Fix memregion_free() fallback definition (bsc#1012628). - video: of_display_timing.h: include errno.h (bsc#1012628). - fscache: Fix invalidation/lookup race (bsc#1012628). - fscache: Fix if condition in fscache_wait_on_volume_collision() (bsc#1012628). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1012628). - net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628). - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (bsc#1012628). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (bsc#1012628). - srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628). - ASoC: rt711: Add endianness flag in snd_soc_component_driver (bsc#1012628). - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (bsc#1012628). - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (bsc#1012628). - ASoC: SOF: ipc3-topology: Move and correct size checks in sof_ipc3_control_load_bytes() (bsc#1012628). - ASoC: SOF: Intel: hda: Fix compressed stream position tracking (bsc#1012628). - arm64: dts: qcom: sm8450: fix interconnects property of UFS node (bsc#1012628). - arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628). - arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node (bsc#1012628). - ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628). - arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct the uart2 pinctl value (bsc#1012628). - arm64: dts: imx8mp-evk: correct gpio-led pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings (bsc#1012628). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings (bsc#1012628). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings (bsc#1012628). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (bsc#1012628). - arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo (bsc#1012628). - ARM: at91: pm: use proper compatible for sama5d2's rtc (bsc#1012628). - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (bsc#1012628). - ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt (bsc#1012628). - ARM: dts: at91: sam9x60ek: fix eeprom compatible and size (bsc#1012628). - ARM: dts: at91: sama5d2_icp: fix eeprom compatibles (bsc#1012628). - ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628). - xsk: Clear page contiguity bit when unmapping pool (bsc#1012628). - i2c: piix4: Fix a memory leak in the EFCH MMIO support (bsc#1012628). - i40e: Fix dropped jumbo frames statistics (bsc#1012628). - i40e: Fix VF's MAC Address change on VM (bsc#1012628). - ARM: dts: stm32: add missing usbh clock and fix clk order on stm32mp15 (bsc#1012628). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1012628). - selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (bsc#1012628). - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (bsc#1012628). - selftests: forwarding: fix error message in learning_test (bsc#1012628). - ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628). - ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is supported (bsc#1012628). - ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (bsc#1012628). - ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported (bsc#1012628). - net/mlx5e: Fix matchall police parameters validation (bsc#1012628). - mptcp: Avoid acquiring PM lock for subflow priority changes (bsc#1012628). - mptcp: Acquire the subflow socket lock before modifying MP_PRIO flags (bsc#1012628). - mptcp: fix local endpoint accounting (bsc#1012628). - r8169: fix accessing unset transport header (bsc#1012628). - i2c: cadence: Unregister the clk notifier in error path (bsc#1012628). - net/sched: act_api: Add extack to offload_act_setup() callback (bsc#1012628). - net/sched: act_police: Add extack messages for offload failure (bsc#1012628). - net/sched: act_police: allow 'continue' action offload (bsc#1012628). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628). - dmaengine: imx-sdma: only restart cyclic channel when enabled (bsc#1012628). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (bsc#1012628). - misc: rtsx_usb: use separate command and response buffers (bsc#1012628). - misc: rtsx_usb: set return value in rsp_buf alloc err path (bsc#1012628). - dmaengine: dw-axi-dmac: Fix RMW on channel suspend register (bsc#1012628). - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (bsc#1012628). - ida: don't use BUG_ON() for debugging (bsc#1012628). - dmaengine: pl330: Fix lockdep warning about non-static key (bsc#1012628). - dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (bsc#1012628). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (bsc#1012628). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (bsc#1012628). - dmaengine: qcom: bam_dma: fix runtime PM underflow (bsc#1012628). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (bsc#1012628). - dmaengine: idxd: force wq context cleanup on device disable path (bsc#1012628). - commit 0e7e901 ++++ libaio: - add fix-splice-signature.patch to fix build on 32bit ++++ libidn2: - update to 2.3.3: * Upgrade IDNA Tables from Unicode 11 to 12 * Upgrade TR46 Tables from Unicode 13 to 14 * Updated gnulib files and various build fixes * Add self-check for the idn2 command line tool ++++ systemd: - systemd.spec: add files.experimental ++++ salt: - Fix test_ipc unit test - Added: * fix-test_ipc-unit-tests.patch ++++ python-M2Crypto: - Add CVE-2020-25657-Bleichenbacher-attack.patch (CVE-2020-25657, bsc#1178829), which mitigates the Bleichenbacher timing attacks in the RSA decryption API. - Add python-M2Crypto.keyring to verify GPG signature of tarball. ++++ virt-manager: - Upstream bug fix (bsc#1027942) d51541e1-Fix-UI-rename-with-firmware-efi.patch - Use autosetup in spec file ------------------------------------------------------------------ ------------------ 2022-7-11 - Jul 11 2022 ------------------- ------------------------------------------------------------------ ++++ hwdata: - update to 0.361: + Updated pci, usb and vendor ids. ++++ hidapi: - update to 0.12.0: * libusb: improved CMake dependency on Iconv (#405) - as a result, better support for NetBSD; * general: documentation improvements; * general: small code cleanups/improvements; * many windows specific fixes - spec-cleaner cleanups ++++ libnettle: - update to 3.8: This release includes a couple of new features, and many performance improvements. It adds assembly code for two more architectures: ARM64 and S390x. The new version is intended to be fully source and binary compatible with Nettle-3.6. The shared library names are libnettle.so.8.5 and libhogweed.so.6.5, with sonames libnettle.so.8 and libhogweed.so.6. New features: * AES keywrap (RFC 3394), contributed by Nicolas Mora. * SM3 hash function, contributed by Tianjia Zhang. * New functions cbc_aes128_encrypt, cbc_aes192_encrypt, cbc_aes256_encrypt. On processors where AES is fast enough, e.g., x86_64 with aesni instructions, the overhead of using Nettle's general cbc_encrypt can be significant. The new functions can be implemented in assembly, to do multiple blocks with reduced per-block overhead. Note that there's no corresponding new decrypt functions, since the general cbc_decrypt doesn't suffer from the same performance problem. Bug fixes: * Fix fat builds for x86_64 windows, these appear to never have worked. Optimizations: * New ARM64 implementation of AES, GCM, Chacha, SHA1 and SHA256, for processors supporting crypto extensions. Great speedups, and fat builds are supported. Contributed by Mamone Tarsha. * New s390x implementation of AES, GCM, Chacha, memxor, SHA1, SHA256, SHA512 and SHA3. Great speedups, and fat builds are supported. Contributed by Mamone Tarsha. * New PPC64 assembly for ecc modulo/redc operations, contributed by Amitay Isaacs, Martin Schwenke and Alastair D´Silva. * The x86_64 AES implementation using aesni instructions has been reorganized with one separate function per key size, each interleaving the processing of two blocks at a time (when the caller processes multiple blocks with each call). This gives a modest performance improvement on some processors. * Rewritten and faster x86_64 poly1305 assembly. - drop libnettle-s390x-CPACF-SHA-AES-support.patch (included in 3.8) ++++ ncurses: - Add ncurses patch 20220709 + lock the prescreen data consistently in newterm, etc., for the pthreads configuration (report by Tom de Vries). ++++ nfs-utils: - 0004-modprobe-protect-against-sysctl-errors.patch 0005-modprobe-avoid-error-messages-if-sbin-sysctl-fail.patch Suppress any errors from /sbin/sysctl, if for example, it isn't installed (bsc#1200710) ++++ nghttp2: - update to 1.48.0: * lib: Allow server to override RFC 9218 stream priority * lib: Add a server option to fallback to RFC 7540 priorities * lib: Add PRIORITY_UPDATE frame support * lib: Implement RFC 9218 extensible prioritization scheme * lib: Do not verify host field specific characters for response field * lib: No rfc7540 priorities * lib: Fix stream stall when initial window size is decreased * doc: Document how to change stream prioritization scheme * build: Compile with libressl 3.5 * build: EXTRA_DIST: List mruby files explicitly * build: Bump ngtcp2 and nghttp3 * build: Do not check application libraries if --enable-lib-only is given * src: Update default TLS cipher suites * nghttpx, h2load: Better pack UDP packets in one GSO write * nghttpx, h2load: Quic error handling * nghttpx, h2load: Fix QUIC performance regression * nghttp, nghttpd, nghttpx: Add ktls support * h2load: Send more packets without GSO per event loop * h2load: Add ktls support * nghttpd: Fix TLS read stall * nghttpx: Disable RFC 7540 priorities * nghttpx: Client always uses simpler TLS handshake * nghttpx: Add affinity-cookie-stickiness backend parameter * nghttpx: Fix broken session affinity * nghttpx: Limit CONNECTION_CLOSE and Retry under server amplification limit * integration: Go update * integration: Add go.mod * third-party: Bump llhttp to 75b45129db961e1fb3c56044e1b8f7721bfaee5d * third-party: Bump libbpf to v0.8.0 * third-party: Bump mruby to 3.1.0 * third-party: Bump neverbleed based on the latest head (GH-1708) ++++ protobuf-c: - Update to release 1.4.1 * Fixed unsigned integer overflow (GH#499) * Avoid shifting signed values (GH#508) - Remove 508.patch (merged) ++++ tpm2-0-tss: - Revert "Add version the configuration file tpm2-tss-fapi.conf" This generate whitelist problems in rpmlint. ++++ unbound: - update to 1.16.1 * Features - Fix #704: [FR] Statistics counter for number of outgoing UDP queries sent; introduces 'num.query.udpout' to the 'unbound-control stats' command. * Bug Fixes - makedist.sh picks up 32bit libssp-0.dll when 32bit compile. - Fix for edns client subnet to respect not looking in its cache when instructed to do so (e.g., prefetch). - Merge PR #688: Rpz url notify issue. - Note in the unbound.conf text that NOTIFY is allowed from the url: addresses for auth and rpz zones. - Remove unused LDNS function check for GOST Engine unloading. - Fix for loading locally stored zones that have lines with blanks or blanks and comments. - Fix #663: use after free issue with edns options. - Clarify -v flag manpage entry (#705) - Fix test program dohclient close to use portability routine. - Show the output of the exact .rpl run that failed with 'make test'. - Fix for cached 0 TTL records to not trigger prefetching when serve-expired-client-timeout is set. - Add debug option to the mini_tdir.sh test code. - Fix to not count cached NXDOMAIN for MAX_TARGET_NX. - Allow fallback to the parent side when MAX_TARGET_NX is reached. This will also allow MAX_TARGET_NX more NXDOMAINs. - iana portlist update. - Fix detection of libz on windows compile with static option. - Fix compile warning for windows compile. - Merge PR #706: NXNS fallback. - From #706: Cached NXDOMAIN does not increase the target nx responses. - From #706: Don't generate parent side queries if we already have the lame records in cache. - From #706: When a lame address is the best choice, don't try to generate target queries when the missing targets are all lame. - Merge PR #671 from Petr Menšík: Disable ED25519 and ED448 in FIPS mode on openssl3. - Merge PR #660 from Petr Menšík: Sha1 runtime insecure. - For #660: formatting, less verbose logging, add EDE information. - Fix for correct openssl error when adding windows CA certificates to the openssl trust store. - Improve val_sigcrypt.c::algo_needs_missing for one loop pass. - Reintroduce documentation and more EDE support for val_sigcrypt.c::dnskeyset_verify_rrset_sig. - Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for one loop pass'. - Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on outbound tcp sockets. ++++ selinux-policy: - postfix: Label PID files and some helpers correctly (bsc#1197242) ++++ u-boot-rpiarm64: - Update to 2022.07 ------------------------------------------------------------------ ------------------ 2022-7-10 - Jul 10 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update to 5.19-rc6 - update configs - s390x/zfcpdump - CRC32_S390=n - SHA512_S390=n - SHA1_S390=n - SHA256_S390=n - SHA3_256_S390=n - SHA3_512_S390=n - GHASH_S390=n - AES_S390=n - DES_S390=n - CHACHA_S390=n - KEXEC_FILE=n - commit 5477bdd ------------------------------------------------------------------ ------------------ 2022-7-9 - Jul 9 2022 ------------------- ------------------------------------------------------------------ ++++ cups: - Move the dbus-1 system.d file to /usr (bsc#1201346) ++++ avahi: - Move the dbus-1 system.d file to /usr (bsc#1201345) ------------------------------------------------------------------ ------------------ 2022-7-8 - Jul 8 2022 ------------------- ------------------------------------------------------------------ ++++ librsvg: - Replace dependency on unmaintained rust-packaging with cargo-packaging. ++++ kdump: - fix network-related dracut options handling for fadump case - drop the elevator=deadline kernel option (bsc#1193211) - fix broken URL in manpage (bsc#1187312) ++++ kernel-default: - Linux 5.18.10 (bsc#1012628). - xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628). - xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses() (bsc#1012628). - xen/blkfront: force data bouncing when backend is untrusted (bsc#1012628). - xen/netfront: force data bouncing when backend is untrusted (bsc#1012628). - xen/netfront: fix leaking data in shared pages (bsc#1012628). - xen/blkfront: fix leaking data in shared pages (bsc#1012628). - hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (bsc#1012628). - net: sparx5: mdb add/del handle non-sparx5 devices (bsc#1012628). - net: sparx5: Add handling of host MDB entries (bsc#1012628). - drm/fourcc: fix integer type usage in uapi header (bsc#1012628). - platform/x86: panasonic-laptop: filter out duplicate volume up/down/mute keypresses (bsc#1012628). - platform/x86: panasonic-laptop: don't report duplicate brightness key-presses (bsc#1012628). - platform/x86: panasonic-laptop: revert "Resolve hotkey double trigger bug" (bsc#1012628). - platform/x86: panasonic-laptop: sort includes alphabetically (bsc#1012628). - platform/x86: panasonic-laptop: de-obfuscate button codes (bsc#1012628). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (bsc#1012628). - drm/msm/gem: Fix error return on fence id alloc fail (bsc#1012628). - drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628). - drm/i915/gem: add missing else (bsc#1012628). - platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter (bsc#1012628). - drm/msm/dpu: Increment vsync_cnt before waking up userspace (bsc#1012628). - cifs: fix minor compile warning (bsc#1012628). - net: tun: avoid disabling NAPI twice (bsc#1012628). - mlxsw: spectrum_router: Fix rollback in tunnel next hop init (bsc#1012628). - ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628). - ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628). - nvmet: add a clear_ids attribute for passthru targets (bsc#1012628). - fanotify: refine the validation checks on non-dir inode mask (bsc#1012628). - tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (bsc#1012628). - ACPI: video: Change how we determine if brightness key-presses are handled (bsc#1012628). - nvmet-tcp: fix regression in data_digest calculation (bsc#1012628). - tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628). - cpufreq: qcom-hw: Don't do lmh things without a throttle interrupt (bsc#1012628). - epic100: fix use after free on rmmod (bsc#1012628). - tipc: move bc link creation back to tipc_node_create (bsc#1012628). - NFC: nxp-nci: Don't issue a zero length i2c_master_read() (bsc#1012628). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (bsc#1012628). - platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to ideapad_dytc_v4_allow_table[] (bsc#1012628). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1012628). - powerpc/memhotplug: Add add_pages override for PPC (bsc#1012628). - Update config files. - net: dsa: felix: fix race between reading PSFP stats and port stats (bsc#1012628). - net: bonding: fix use-after-free after 802.3ad slave unbind (bsc#1012628). - selftests net: fix kselftest net fatal error (bsc#1012628). - net: phy: ax88772a: fix lost pause advertisement configuration (bsc#1012628). - net: bonding: fix possible NULL deref in rlb code (bsc#1012628). - net: asix: fix "can't send until first packet is send" issue (bsc#1012628). - net/sched: act_api: Notify user space if any actions were flushed before error (bsc#1012628). - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (bsc#1012628). - netfilter: nft_dynset: restore set element counter when failing to update (bsc#1012628). - s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628). - vdpa/mlx5: Update Control VQ callback information (bsc#1012628). - lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch() (bsc#1012628). - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (bsc#1012628). - io_uring: ensure that send/sendmsg and recv/recvmsg check sqe->ioprio (bsc#1012628). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (bsc#1012628). - vfs: fix copy_file_range() regression in cross-fs copies (bsc#1012628). - NFSv4: Add an fattr allocation to _nfs4_discover_trunking() (bsc#1012628). - NFSD: restore EINVAL error translation in nfsd_commit() (bsc#1012628). - NFS: restore module put when manager exits (bsc#1012628). - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (bsc#1012628). - hwmon: (occ) Prevent power cap command overwriting poll response (bsc#1012628). - selftests: mptcp: Initialize variables to quiet gcc 12 warnings (bsc#1012628). - mptcp: fix conflict with (bsc#1012628). - selftests: mptcp: more stable diag tests (bsc#1012628). - mptcp: fix race on unaccepted mptcp sockets (bsc#1012628). - usbnet: fix memory allocation in helpers (bsc#1012628). - net: usb: asix: do not force pause frames support (bsc#1012628). - linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628). - RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628). - RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628). - net: dp83822: disable rx error interrupt (bsc#1012628). - net: dp83822: disable false carrier interrupt (bsc#1012628). - net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628). - net: tun: stop NAPI when detaching queues (bsc#1012628). - net: tun: unlink NAPI from device on destruction (bsc#1012628). - net: dsa: bcm_sf2: force pause link settings (bsc#1012628). - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (bsc#1012628). - virtio-net: fix race between ndo_open() and virtio_device_ready() (bsc#1012628). - net: usb: ax88179_178a: Fix packet receiving (bsc#1012628). - net: rose: fix UAF bugs caused by timer handler (bsc#1012628). - SUNRPC: Fix READ_PLUS crasher (bsc#1012628). - dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628). - dm raid: fix accesses beyond end of raid member array (bsc#1012628). - cpufreq: amd-pstate: Add resume and suspend callbacks (bsc#1012628). - powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628). - powerpc/book3e: Fix PUD allocation size in map_kernel_page() (bsc#1012628). - powerpc/prom_init: Fix kernel config grep (bsc#1012628). - parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628). - parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628). - ceph: wait on async create before checking caps for syncfs (bsc#1012628). - nvdimm: Fix badblocks clear off-by-one error (bsc#1012628). - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1 (bsc#1012628). - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP (AKA SPECTRIX S40G) (bsc#1012628). - s390/archrandom: simplify back to earlier design and initialize earlier (bsc#1012628). - net: phy: Don't trigger state machine while in suspend (bsc#1012628). - ipv6: take care of disable_policy when restoring routes (bsc#1012628). - ksmbd: use vfs_llseek instead of dereferencing NULL (bsc#1012628). - ksmbd: check invalid FileOffset and BeyondFinalZero in FSCTL_ZERO_DATA (bsc#1012628). - ksmbd: set the range of bytes to zero without extending file size in FSCTL_ZERO_DATA (bsc#1012628). - drm/amdgpu: To flush tlb for MMHUB of RAVEN series (bsc#1012628). - Revert "drm/amdgpu/display: set vblank_disable_immediate for DC" (bsc#1012628). - drm/amdgpu: fix adev variable used in amdgpu_device_gpu_recover() (bsc#1012628). - commit 97c4fd2 ++++ systemd: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network (bsc#1201276) This configuration files put in these directories are read by both udevd and systemd-networkd. ++++ tpm2-0-tss: - Update to 3.2.0 + Fixed * FAPI: fix curl_url_set call * FAPI: Fix usage of curl url (Should fix Ubuntu 22.04) * Fix buffer upcast leading to misalignment * Fix check whether SM3 is available * Update git.mk to support R/O src-dir * Fixed file descriptor leak when tcti initialization failed. * 32 Bit builds of the integration tests. * Primary key creation, in some cases the unique field was not cleared before calling create primary. * Primary keys was used for signing the object were cleared after loading. So access e.g. to the certificate did not work. * Primary keys created with Fapi_Create with an auth value, the auth_value was not used in inSensitive to recreate the primary key. Now the auth value callback is used to initialize inSensitive. * The not possible usage of policies for primary keys generated with Fapi_CreatePrimary has been fixed. * An infinite loop when parsing erroneous JSON was fixed in FAPI. * A buffer overflow in ESAPI xor parameter obfuscation was fixed. * Certificates could be read only once in one application The setting the init state of the state automaton for getting certificates was fixed. * A double free when executing policy action was fixed. * A leak in Fapi_Quote was fixed. * The wrong file locking in FAPI IO was fixed. * Enable creation of tss group and user on systems with busybox for fapi. * One fapi integration test did change the auth value of the storage hierarchy. * A leak in fapi crypto with ossl3 was fixed. * Add initial camelia support to FAPI * Fix tests of fapi PCR * Fix tests of ACT functionality if not supported by pTPM * Fix compiler (unused) warning when building without debug logging * Fix leaks in error cases of integration tests * Fix memory leak after ifapi_init_primary_finish failed * Fix double-close of stream in FAPI * Fix segfault when ESYS_TR_NONE is passed to Esys_TR_GetName * Fix the authorization of hierarchy objects used in policy secret. * Fix check of qualifying data in Fapi_VerifyQuote. * Fix some leaks in FAPI error cases. * Make scripts compatible with non-posix shells where test does not know -a and -o. * Fix usage of variable not initialized when fapi keystore is empty. + Added * Add additional IFX root CAs * Added support for SM2, SM3 and SM4. * Added support for OpenSSL 3.0.0. * Added authPolicy field to the TPMU_CAPABILITIES union. * Added actData field to the TPMU_CAPABILITIES union. * Added TPM2_CAP_AUTH_POLICIES * Added TPM2_CAP_ACT constants. * Added updates to the marshalling and unmarshalling of the TPMU_CAPABILITIES union. * Added updated to the FAPI serializations and deserializations of the TPMU_CAPABILITIES union and associated types. * Add CODE_OF_CONDUCT * tcti-mssim and tcti-swtpm gained support for UDX communication * Missing constant for TPM2_RH_PW + Removed * Removed support for OpenSSL < 1.1.0. * Marked TPMS_ALGORITHM_DESCRIPTION and corresponding MU routines as deprecated. * Those were errorous typedefs that are not use and not useful. So we will remove this with 3.3 * Marked TPM2_RS_PW as deprecated. Use TPM2_RH_PW instead. - Update to 3.1.1 + Fixed * Fixed file descriptor leak when tcti initialization failed. * Primary key creation, in some cases the unique field was not cleared before calling create primary. * Primary keys was used for signing the object were cleared after loading. So access e.g. to the certificate did not work. * Primary keys created with Fapi_Create with an auth value, the auth_value was not used in inSensitive to recreate the primary key. Now the auth value callback is used to initialize inSensitive. * The not possible usage of policies for primary keys generated with Fapi_CreatePrimary has been fixed. * An infinite loop when parsing erroneous JSON was fixed in FAPI. * A buffer overflow in ESAPI xor parameter obfuscation was fixed. * Certificates could be read only once in one application The setting the init state of the state automaton for getting certificates was fixed. * A double free when executing policy action was fixed. * A leak in Fapi_Quote was fixed. * The wrong file locking in FAPI IO was fixed. * One fapi integration test did change the auth value of the storage hierarchy. * Fix test of FAPI PCR * Fix leaks in error cases of integration tests * Fix segfault when ESYS_TR_NONE is passed to Esys_TR_GetName * Fix the authorization of hierarchy objects used in policy secret. * Fix check of qualifying data in Fapi_VerifyQuote. * Fix some leaks in FAPI error cases. * Fix usage of variable not initialized when fapi keystore is empty. + Added * Add additional IFX root CAs ++++ liburing: - add handle-eintr.patch, enable tests everywhere ++++ salt: - Add support for gpgautoimport in zypperpkg module - Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744) - Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372) - Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082) - Added: * fix-jinja2-contextfuntion-base-on-version-bsc-119874.patch * add-support-for-gpgautoimport-539.patch * fix-62092-catch-zmq.error.zmqerror-to-set-hwm-for-zm.patch * fix-salt.states.file.managed-for-follow_symlinks-tru.patch ++++ raspberrypi-firmware: - Update to df569e0 (2022-07-04): * firmware: video_decode: Stop decode on a colourspace change See: raspberrypi/linux#5059 * firmware: video_encode: Fix subsample image alignment assert * firmware: tc358762_DSI: Don't start the PV and DSI before the HVS * firmware: hello_pi: Fix some build issues See: #1728 * firmware: arm_dt: camera_auto_detect cam0 flag needs to look at Unicam instance, not port * firmware: platform: over-voltage Zero 2 W by two pips See: #1723 * firmware: arm_loader_dvfs: Only add clocks to boostable list when they have been boosted See: #1726 * firmware: arm_dt: Try upstream DTB files if downstream absent * firmware: arm_loader: Delay the USB controller switchover * firmware: Fix for vc_image YUYV family to YUV422 planar conversion function * firmware: vcgencmd display_power and camera_auto_detect fixes * firmware: variants: Add mjpg_encode to the standard firmware image * firmware: arm_loader_dvfs: Support CLOCK_HDMI as boostable clock See: raspberrypi/linux#5016 * firmware: dtblob: Use a cached alias to reduce boot time * firmware: hdmi: Reduce the number of EDID retries if hotplug is not detected * firmware: arm_loader: Support longer file paths See: #1720 * firmware: arm_loader_dvfs: Make arm only see its own boosts, fixed and min clocks * firmware: dtoverlay: Fix path rebasing and exports * firmware: dtoverlay: Fix clang warnings * firmware: dtoverlay: Add support for string escape sequences See: https://forums.raspberrypi.com/viewtopic.php?t=330792 * firmware: isp: R and B order must be swapped when reading VC_IMAGE_RGBA32 into the ISP See: http://git/vc4/vc4/-/merge_requests/1430 ++++ raspberrypi-firmware-config: - Update to df569e0 (2022-07-04): * firmware: video_decode: Stop decode on a colourspace change See: raspberrypi/linux#5059 * firmware: video_encode: Fix subsample image alignment assert * firmware: tc358762_DSI: Don't start the PV and DSI before the HVS * firmware: hello_pi: Fix some build issues See: #1728 * firmware: arm_dt: camera_auto_detect cam0 flag needs to look at Unicam instance, not port * firmware: platform: over-voltage Zero 2 W by two pips See: #1723 * firmware: arm_loader_dvfs: Only add clocks to boostable list when they have been boosted See: #1726 * firmware: arm_dt: Try upstream DTB files if downstream absent * firmware: arm_loader: Delay the USB controller switchover * firmware: Fix for vc_image YUYV family to YUV422 planar conversion function * firmware: vcgencmd display_power and camera_auto_detect fixes * firmware: variants: Add mjpg_encode to the standard firmware image * firmware: arm_loader_dvfs: Support CLOCK_HDMI as boostable clock See: raspberrypi/linux#5016 * firmware: dtblob: Use a cached alias to reduce boot time * firmware: hdmi: Reduce the number of EDID retries if hotplug is not detected * firmware: arm_loader: Support longer file paths See: #1720 * firmware: arm_loader_dvfs: Make arm only see its own boosts, fixed and min clocks * firmware: dtoverlay: Fix path rebasing and exports * firmware: dtoverlay: Fix clang warnings * firmware: dtoverlay: Add support for string escape sequences See: https://forums.raspberrypi.com/viewtopic.php?t=330792 * firmware: isp: R and B order must be swapped when reading VC_IMAGE_RGBA32 into the ISP See: http://git/vc4/vc4/-/merge_requests/1430 ++++ raspberrypi-firmware-config-camera: - Update to df569e0 (2022-07-04): * firmware: video_decode: Stop decode on a colourspace change See: raspberrypi/linux#5059 * firmware: video_encode: Fix subsample image alignment assert * firmware: tc358762_DSI: Don't start the PV and DSI before the HVS * firmware: hello_pi: Fix some build issues See: #1728 * firmware: arm_dt: camera_auto_detect cam0 flag needs to look at Unicam instance, not port * firmware: platform: over-voltage Zero 2 W by two pips See: #1723 * firmware: arm_loader_dvfs: Only add clocks to boostable list when they have been boosted See: #1726 * firmware: arm_dt: Try upstream DTB files if downstream absent * firmware: arm_loader: Delay the USB controller switchover * firmware: Fix for vc_image YUYV family to YUV422 planar conversion function * firmware: vcgencmd display_power and camera_auto_detect fixes * firmware: variants: Add mjpg_encode to the standard firmware image * firmware: arm_loader_dvfs: Support CLOCK_HDMI as boostable clock See: raspberrypi/linux#5016 * firmware: dtblob: Use a cached alias to reduce boot time * firmware: hdmi: Reduce the number of EDID retries if hotplug is not detected * firmware: arm_loader: Support longer file paths See: #1720 * firmware: arm_loader_dvfs: Make arm only see its own boosts, fixed and min clocks * firmware: dtoverlay: Fix path rebasing and exports * firmware: dtoverlay: Fix clang warnings * firmware: dtoverlay: Add support for string escape sequences See: https://forums.raspberrypi.com/viewtopic.php?t=330792 * firmware: isp: R and B order must be swapped when reading VC_IMAGE_RGBA32 into the ISP See: http://git/vc4/vc4/-/merge_requests/1430 ++++ raspberrypi-firmware-dt: - Update to 82c39f3914 (2022-07-06): * switch to 5.18 branch ++++ tpm2.0-tools: - Add missing dependencies for testing. - Add patch to properly skip getekcertificate if curl is missing 0001-tests-getekcertificate.sh-Skip-the-test-if-curl-is-n.patch ------------------------------------------------------------------ ------------------ 2022-7-7 - Jul 7 2022 ------------------- ------------------------------------------------------------------ ++++ glib2: - Update to version 2.73.1: + Remove the `-Diconv` configure option, as GLib now uses Meson’s built-in logic for finding which iconv implementation to use. + Move gvdb to a Meson subproject and git submodule to avoid duplicating its source. + Add `add_test_setup()` in Meson to allow GLib tests to be run under valgrind with correct settings easily, using `meson test --setup=valgrind`. + Fix deadlocks when disposing non-cancelled inotify `GFileMonitor`s. + Fix `file://` requests in webkit2gtk due to incorrect xdgmime update. + Fix build errors on macOS ≤10.7 for `LOCAL_PEERPID`. + Add new `g_atomic_int_exchange()` and `g_atomic_pointer_exchange()` APIs. + Add new `GListStore:n-items` property to allow easy binding in UIs. + Performance improvements for GObject construction and destruction. + Use a numeric space (U+2007) for padding with some `g_date_time_format()` placeholders. + Fix a slow memory leak in `GSocketClient` when using long-lived `GCancellable`s. ++++ openssl-1_1: - update to 1.1.1q: * [CVE-2022-2097, bsc#1201099] * Addresses situations where AES OCB fails to encrypt some bytes ++++ libselinux: - Fixed initrd check in selinux-ready (bnc#1186127) ++++ libzio: - switch to https download url ++++ openssl: - updated to 1.1.q release ++++ patterns-base: - Downgrade mailx to Suggests, most users don't even know what it is and this avoids pulling in smtp_daemon. ++++ salt: - Add support for name, pkgs and diff_attr parameters to upgrade function for zypper and yum (bsc#1198489) - Added: * add-support-for-name-pkgs-and-diff_attr-parameters-t.patch ++++ suse-module-tools: - Update to version 16.0.21: * kernel-scriptlets: don't pass flags to weak-modules2 (bsc#1195391) ++++ tpm2.0-tools: - Disable LTO for 5.2, to fix tpm2_makecredential with "-T none" (bsc#1201291) ------------------------------------------------------------------ ------------------ 2022-7-6 - Jul 6 2022 ------------------- ------------------------------------------------------------------ ++++ libnl3: - Update to release 3.7 * route/mdb: fix buffer overflow in mdb_msg_parser() * route/act: add NAT action ++++ open-iscsi: - Modify SPEC file so systemd unit files are mode 644 (not 755) (bsc#1200570) ++++ libsoup: - Update to version 3.0.7: + Fix leak in SoupAuthNTLM. + Fix constructing SoupAuthNTLM objects. + Disable mutual negotiation in SoupAuthNegotiate. + http2: - Do not advertise the `h2` protocool for proxy connections. - Remove left-over headers when HTTP/1 redirects to HTTP/2. - Handle HTTP_1_1_REQUIRED error. - Read request bodies synchronously for sync requests. - Properly handle server sending shut down GOAWAY. + tests: - Remove dependency on Apache's PHP module. - Depend upon Apache's http2 module. ++++ tiff: - security update * CVE-2022-2056 [bsc#1201176] * CVE-2022-2057 [bsc#1201175] * CVE-2022-2058 [bsc#1201174] + tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch ++++ openssh: - openssh-8.4p1-ssh_config_d.patch: admin overrides should take priority (listed first) over package defaults ------------------------------------------------------------------ ------------------ 2022-7-5 - Jul 5 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - drm/aperture: Run fbdev removal before internal helpers (boo#1193472) - commit aff8e8a - netfilter: nf_tables: stricter validation of element data (CVE-2022-34918 bsc#1201171). - commit a1fda0d ++++ fmt: - Update to release 9 * Switched to the internal floating point formatter for all decimal presentation formats. In particular this results in consistent rounding on all platforms and removing the s[n]printf fallback for decimal FP formatting. * Compile-time floating point formatting no longer requires the header-only mode. * Disabled automatic std::ostream insertion operator (operator<<) discovery when fmt/ostream.h is included to prevent ODR violations. You can get the old behavior by defining FMT_DEPRECATED_OSTREAM. * Added fmt::ostream_formatter that can be used to write formatter specializations that perform formatting via std::ostream. * Added the fmt::streamed function that takes an object and formats it via std::ostream. * Added experimental std::variant formatting support. * Added experimental std::filesystem::path formatting support. * Added a std::thread::id formatter to fmt/std.h. * Added support for nested specifiers to range formatting. - Add 0001-Fix-large-shift-in-uint128_fallback.patch 0002-Use-FMT_USE_FLOAT128-instead-of-__SIZEOF_FLOAT128__.patch 0001-Make-sure-the-correct-fmod-overload-is-called.patch ++++ libjpeg-turbo: - Add requires between baselibs ++++ protobuf-c: - Do not build static libraries - Run unit tests - Explicit files and directories for includedir, so we can detect what we actually install there - 508.patch: fixes invalid arithmetic shift (bsc#1200908, CVE-2022-33070) ++++ libvirt: - Update to libvirt 8.5.0 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v8-5-0-2022-07-01 - Drop downstream-only lxc patches. They received little interest upstream, are difficult to maintain, and are no longer required by the requester (SLE): 0001-Extract-stats-functions-from-the-qemu-driver.patch, 0002-lxc-implement-connectGetAllDomainStats.patch ++++ libzypp: - Fix building with GCC 12.x release (#396) - version 17.30.3 (22) ++++ patterns-base: - Use pipewire as default audio server in TW. ++++ python-libvirt-python: - Update to 8.5.0 - Add all new APIs and constants in libvirt 8.5.0 ++++ wpa_supplicant: - Add dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch (bsc#1201219) ++++ zypper: - Fix building with GCC 13 (fixes #448) - Put signing key supplying repository name in quotes. - version 1.14.54 ------------------------------------------------------------------ ------------------ 2022-7-4 - Jul 4 2022 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 057+suse.294.gaa9ea2d2: * fix(i18n): add required includes for keymaps (bsc#1200950) ++++ glib-networking: - Update to version 2.72.1 + Discard empty proxy environment variables. ++++ gtk3: - Add compatible dependency "python3-gobject-Gdk if python3-gobject" to the typelib package for SLE and Leap (boo#1200614). ++++ kernel-default: - fbdev: Disable sysfb device registration when removing conflicting (boo#1193472) - commit c76a69f - firmware: sysfb: Add sysfb_disable() helper function (boo#1193472) - commit 6072450 - firmware: sysfb: Make sysfb_create_simplefb() return a pdev pointer (boo#1193472) - commit 326d1c1 - Update to 5.19-rc5 - update contigs - VIRTIO_HARDEN_NOTIFICATION=n - commit 59940d4 ++++ kernel-firmware: - Update to version 20220622 (git commit 9ed4d42c51ac): * amdgpu: update Yellow Carp VCN firmware * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * qed: update 8.59.1.0 firmware * Link some devices that ship with the AW-CM256SM * Add initial AzureWave AW-CM256SM NVRAM file * Remove the Pine64 Quartz copy of the RPi NVRAM * qca: Update firmware files for BT chip WCN6750. * QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00409 * WHENCE: add symlinks for StarFive based boards * linux-firmware: wilc1000: update WILC1000 firmware to v15.6 * brcm: Add NVRAM file 43455 based Wifi/BT module as used on the Quartz64 Model B from Pine64. This file is based on the existing "brcm/brcmfmac43455-sdio.raspberrypi,4-model-b.txt" NVRAM file. * iwlwifi: add new FWs from core70-87 release * iwlwifi: update 9000-family firmwares to core70-87 - Temporary fix for incorrect symlinks for brcm in WHENCE: brcm-symlink-fixes.diff - Minor updates of scripts, sorting alphabetically and add version to Provides/Obsoletes - Update alias ++++ llvm15: - Update to version 14.0.6. * This release contains bug-fixes for the LLVM 14.0.0 release. This release is API and ABI compatible with 14.0.0. - Rebase llvm-do-not-install-static-libraries.patch. ++++ ncurses: - Add ncurses patch 20220703 + add consistency check in tic for u6/u7/u8/u9 and NQ capabilities. + use NQ to flag entries where the terminal does not support query and response -TD + use ansi+enq and decid+cpr in cases where the terminal probably supported the u6-u9 extension -TD + add/use apollo+vt132, xterm+alt47 -TD - Correct offsets of patches * ncurses-5.9-ibm327x.dif * ncurses-6.3.dif ++++ lsof: - Update remove-hostname.patch with the upstream version ++++ vim: - Updated to version 9.0.0032, fixes the following problems - fix CVE-2022-2285 - boo#1201134 - fix CVE-2022-2257 - boo#1201154 * Map functionality outside of map.c. * Functions are global while they could be local. * Plural messages not translated properly. * Hare files are not recognized. * Not all Visual Basic files are recognized. * No support for double, dotted and dashed underlines. * Cannot specify the variable name for "xxd -i". * Going past the end of a menu item with only modifier. * Returning 0 for has('patch-9.0.0') is inconsistent. * Reading beyond the end of the line with put command. * Signature files not detected properly. * Reproducing memory access errors can be difficult. * Missing part of the test override change. * With EXITFREE defined terminal menus are not cleared. * Comparing line pointer for 'breakindent' is not reliable. * Accessing memory beyond the end of the line. * Going over the end of the typahead. * Timers test not run where possible. * With some completion reading past end of string. * Invalid memory access when adding word with a control character to the internal spell word list. * Spell test fails. * On Solaris timer_create() exists but does not work. * May access part of typeahead buf that isn't filled. * Accessing beyond allocated memory when using the cmdline window in Ex mode. * Accessing freed memory with diff put. * The command line test is getting quite big. * The bitmaps/vim.ico file is not in the distribution. * Matchfuzzy test depends on path of current directory. * of user command does not have correct verbose value. * In the quickfix window 'cursorline' overrules QuickFixLine highlighting. ------------------------------------------------------------------ ------------------ 2022-7-3 - Jul 3 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - Update to 22.1.3 * a lot of zink fixes * There's a bit of everything else here, including some performance fixes for wsi/x11. ++++ Mesa-drivers: - Update to 22.1.3 * a lot of zink fixes * There's a bit of everything else here, including some performance fixes for wsi/x11. ++++ glib2: - Update to version 2.72.3 + Bugs fixed: glgo#GNOME/Glib!1941, glgo#GNOME/Glib!2597, glgo#GNOME/Glib!2639, glgo#GNOME/Glib!2670, glgo#GNOME/Glib!2703, glgo#GNOME/Glib!2709, glgo#GNOME/Glib!2720, glgo#GNOME/Glib!2750, glgo#GNOME/Glib!2687. ++++ kernel-default: - Linux 5.18.9 (bsc#1012628). - clocksource/drivers/ixp4xx: Drop boardfile probe path (bsc#1012628). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (bsc#1012628). - hinic: Replace memcpy() with direct assignment (bsc#1012628). - powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1012628). - io_uring: fix not locked access to fixed buf table (bsc#1012628). - commit 0e67dc1 ++++ harfbuzz: - harfbuzz 4.4.1: + Fix test failure with some compilers + Fix Telugu and Kannada kerning regression - includes changes from 4.4.0: + Caching of variable fonts shaping + Caching of format 2 “Contextual Substitution” and “Chained Contexts Substitution” lookups + Improved ANSI output from hb-view + Support for shaping legacy, pre-OpenType, Windows 3.1-era, Arabic fonts that relied on a fixed PUA encoding + Sinhala script is now shaped by the USE shaper instead of “indic” one + Thai shaper improvements + hb-ot-name API supports approximate BCP-47 language matching, for example asking for “en_US” in a font that has only “en” names will return them + Optimized TrueType glyph shape loading + Fix subsetting of HarfBuzz faces created via hb_face_create_for_tables() + Add 32 bit var store support to the subsetter + CVE-2022-33068: overflow in hb-ot-shape-fallback boo#1200900 ++++ pango: - Update to version 1.50.8: + Add some properties to fontmap and family. + Fix handling of ligature carets in mixed directions. ++++ protobuf: - Update to 21.2: - C++ - cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614) - Escape GetObject macro inside protoc-generated code (#9739) - Update CMake configuration to add a dependency on Abseil (#9793) - Fix cmake install targets (#9822) - Use __constinit only in GCC 12.2 and up (#9936) - Java - Update protobuf_version.bzl to separate protoc and per-language java … (#9900) - Python - Increment python major version to 4 in version.json for python upb (#9926) - The C extension module for Python has been rewritten to use the upb library. - This is expected to deliver significant performance benefits, especially when parsing large payloads. There are some minor breaking changes, but these should not impact most users. For more information see: https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates - PHP - [PHP] fix PHP build system (#9571) - Fix building packaged PHP extension (#9727) - fix: reserve "ReadOnly" keyword for PHP 8.1 and add compatibility (#9633) - fix: phpdoc syntax for repeatedfield parameters (#9784) - fix: phpdoc for repeatedfield (#9783) - Change enum string name for reserved words (#9780) - chore: [PHP] fix phpdoc for MapField keys (#9536) - Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996) - Ruby - Allow pre-compiled binaries for ruby 3.1.0 (#9566) - Implement respond_to? in RubyMessage (#9677) - [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722) - Do not use range based UTF-8 validation in truffleruby (#9769) - Improve range handling logic of RepeatedField (#9799) - Other - Fix invalid dependency manifest when using descriptor_set_out (#9647) - Remove duplicate java generated code (#9909) ++++ u-boot-rpiarm64: - Update to 2022.07-rc6 - Drop obsolete 0015-mx6qsabrelite-Enable-DM_ETH-to-re-e.patch - Add rbrom command to enter mask rom on Rockchip devices + 0015-cmd-boot-add-brom-cmd-to-reboot-to-.patch - Add rbrom command to enter mask rom on Allwinner devices + 0016-cmd-boot-add-brom-cmd-to-reboot-to-.patch - ATF is required to boot rk3399. Do not build without it (boo#1201120). ------------------------------------------------------------------ ------------------ 2022-7-2 - Jul 2 2022 ------------------- ------------------------------------------------------------------ ++++ zlib: - switch to https urls ------------------------------------------------------------------ ------------------ 2022-7-1 - Jul 1 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - tick/nohz: unexport __init-annotated tick_nohz_full_setup() (tick_nohz_full_setup fix). - commit 296483f ++++ libseccomp: - fix build of python3 bindings so that the debug* package names do not overlay with the main package ++++ sqlite3: - update to 3.39.0: * Add (long overdue) support for RIGHT and FULL OUTER JOIN * Add new binary comparison operators IS NOT DISTINCT FROM and IS DISTINCT FROM that are equivalent to IS and IS NOT, respective, for compatibility with PostgreSQL and SQL standards * Add a new return code (value "3") from the sqlite3_vtab_distinct() interface that indicates a query that has both DISTINCT and ORDER BY clauses * Added the sqlite3_db_name() interface * The unix os interface resolves all symbolic links in database filenames to create a canonical name for the database before the file is opened * Defer materializing views until the materialization is actually needed, thus avoiding unnecessary work if the materialization turns out to never be used * The HAVING clause of a SELECT statement is now allowed on any aggregate query, even queries that do not have a GROUP BY clause * Many microoptimizations collectively reduce CPU cycles by about 2.3%. - drop sqlite-src-3380100-atof1.patch, included upstream - add sqlite-src-3390000-func7-pg-181.patch to skip float precision related test failures on 32 bit ++++ podman: - Fix build on Leap Use libexec macro to set correct, per-distribution specific, directory. ++++ qemu: - Fix usb ehci boot failure (bsc#1192115) * Patches added: hw-usb-hcd-ehci-fix-writeback-order.patch ------------------------------------------------------------------ ------------------ 2022-6-30 - Jun 30 2022 ------------------- ------------------------------------------------------------------ ++++ kmod: - Update to release 30 * libkmod: support for the SM3 hash algorithm * modprobe: added the --wait option - Drop libkmod-Provide-info-even-for-modules-built-into-the.patch (merged) - Add 0001-testsuite-repair-read-of-uninitialized-memory.patch ++++ wayland: - Update to release 1.21 * This new release adds a new wl_pointer high-resolution scroll event, adds a few new convenience functions, and contains a collection of bug fixes. - Drop wayland-shm-Close-file-descriptors-not-needed.patch ++++ python-idna: - add version constraint for python-rpm-macros >= 20220106.80d3756, otherwise this fails to build on 15.3 at '%pyunittest discover -v' ------------------------------------------------------------------ ------------------ 2022-6-29 - Jun 29 2022 ------------------- ------------------------------------------------------------------ ++++ conmon: - Update to version 2.1.2: * add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 boo#1200285) * journald: print tag and name if both are specified * drop some logs to debug level ++++ docker: - Backport to fix a crash-on-start issue with dockerd. bsc#1200022 + 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch ++++ gnutls: - FIPS: * Add gnutls_ECDSA_signing.patch [bsc#1190698] - Check minimum keylength for symmetric key generation - Only allows ECDSA signature with valid set of hashes (SHA2 and SHA3) ++++ kernel-default: - Linux 5.18.8 (bsc#1012628). - random: schedule mix_interrupt_randomness() less often (bsc#1012628). - random: quiet urandom warning ratelimit suppression message (bsc#1012628). - ALSA: memalloc: Drop x86-specific hack for WC allocations (bsc#1012628). - ALSA: hda/via: Fix missing beep setup (bsc#1012628). - ALSA: hda/conexant: Fix missing beep setup (bsc#1012628). - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (bsc#1012628). - ALSA: hda/realtek - ALC897 headset MIC no sound (bsc#1012628). - ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (bsc#1012628). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (bsc#1012628). - ALSA: hda/realtek: Add quirk for Clevo NS50PU (bsc#1012628). - net: openvswitch: fix parsing of nw_proto for IPv6 fragments (bsc#1012628). - ipv4: ping: fix bind address validity check (bsc#1012628). - 9p: Fix refcounting during full path walks for fid lookups (bsc#1012628). - 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (bsc#1012628). - 9p: fix fid refcount leak in v9fs_vfs_get_link (bsc#1012628). - 9p: fix EBADF errors in cached mode (bsc#1012628). - btrfs: fix hang during unmount when block group reclaim task is running (bsc#1012628). - btrfs: prevent remounting to v1 space cache for subpage mount (bsc#1012628). - btrfs: add error messages to all unrecognized mount options (bsc#1012628). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (bsc#1012628). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (bsc#1012628). - mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (bsc#1012628). - mmc: mediatek: wait dma stop bit reset to 0 (bsc#1012628). - xen/gntdev: Avoid blocking in unmap_grant_pages() (bsc#1012628). - MAINTAINERS: Add new IOMMU development mailing list (bsc#1012628). - mtd: rawnand: gpmi: Fix setting busy timeout setting (bsc#1012628). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (bsc#1012628). - dm era: commit metadata in postsuspend after worker stops (bsc#1012628). - dm: do not return early from dm_io_complete if BLK_STS_AGAIN without polling (bsc#1012628). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (bsc#1012628). - tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (bsc#1012628). - filemap: Handle sibling entries in filemap_get_read_batch() (bsc#1012628). - mm/slub: add missing TID updates on slab deactivation (bsc#1012628). - drm/i915: Implement w/a 22010492432 for adl-s (bsc#1012628). - amd/display/dc: Fix COLOR_ENCODING and COLOR_RANGE doing nothing for DCN20+ (bsc#1012628). - drm/amd/display: Fix typo in override_lane_settings (bsc#1012628). - USB: serial: pl2303: add support for more HXN (G) types (bsc#1012628). - USB: serial: option: add Telit LE910Cx 0x1250 composition (bsc#1012628). - USB: serial: option: add Quectel EM05-G modem (bsc#1012628). - USB: serial: option: add Quectel RM500K module support (bsc#1012628). - drm/msm: Ensure mmap offset is initialized (bsc#1012628). - drm/msm: Fix double pm_runtime_disable() call (bsc#1012628). - netfilter: use get_random_u32 instead of prandom (bsc#1012628). - scsi: scsi_debug: Fix zone transition to full condition (bsc#1012628). - drm/msm: Switch ordering of runpm put vs devfreq_idle (bsc#1012628). - scsi: iscsi: Exclude zero from the endpoint ID range (bsc#1012628). - xsk: Fix generic transmit when completion queue reservation fails (bsc#1012628). - drm/msm: use for_each_sgtable_sg to iterate over scatterlist (bsc#1012628). - bpf: Fix request_sock leak in sk lookup helpers (bsc#1012628). - drm/sun4i: Fix crash during suspend after component bind failure (bsc#1012628). - bpf, x86: Fix tail call count offset calculation on bpf2bpf call (bsc#1012628). - selftests dma: fix compile error for dma_map_benchmark (bsc#1012628). - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (bsc#1012628). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (bsc#1012628). - KVM: arm64: Prevent kmemleak from accessing pKVM memory (bsc#1012628). - net: fix data-race in dev_isalive() (bsc#1012628). - veth: Add updating of trans_start (bsc#1012628). - tipc: fix use-after-free Read in tipc_named_reinit (bsc#1012628). - block: disable the elevator int del_gendisk (bsc#1012628). - rethook: Reject getting a rethook if RCU is not watching (bsc#1012628). - igb: fix a use-after-free issue in igb_clean_tx_ring (bsc#1012628). - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (bsc#1012628). - ethtool: Fix get module eeprom fallback (bsc#1012628). - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (bsc#1012628). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (bsc#1012628). - drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (bsc#1012628). - drm/msm/dp: force link training for display resolution change (bsc#1012628). - net: phy: at803x: fix NULL pointer dereference on AR9331 PHY (bsc#1012628). - perf test: Record only user callchains on the "Check Arm64 callgraphs are complete in fp mode" test (bsc#1012628). - perf test topology: Use !strncmp(right platform) to fix guest PPC comparision check (bsc#1012628). - perf arm-spe: Don't set data source if it's not a memory operation (bsc#1012628). - ipv4: fix bind address validity regression tests (bsc#1012628). - erspan: do not assume transport header is always set (bsc#1012628). - net/tls: fix tls_sk_proto_close executed repeatedly (bsc#1012628). - udmabuf: add back sanity check (bsc#1012628). - selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (bsc#1012628). - netfilter: nf_dup_netdev: do not push mac header a second time (bsc#1012628). - netfilter: nf_dup_netdev: add and use recursion counter (bsc#1012628). - xen-blkfront: Handle NULL gendisk (bsc#1012628). - x86/xen: Remove undefined behavior in setup_features() (bsc#1012628). - MIPS: Remove repetitive increase irq_err_count (bsc#1012628). - afs: Fix dynamic root getattr (bsc#1012628). - block: pop cached rq before potentially blocking rq_qos_throttle() (bsc#1012628). - ice: ignore protocol field in GTP offload (bsc#1012628). - ice: Fix switchdev rules book keeping (bsc#1012628). - ice: ethtool: advertise 1000M speeds properly (bsc#1012628). - ice: ethtool: Prohibit improper channel config for DCB (bsc#1012628). - io_uring: fail links when poll fails (bsc#1012628). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (bsc#1012628). - regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (bsc#1012628). - iommu/ipmmu-vmsa: Fix compatible for rcar-gen4 (bsc#1012628). - drm/amd: Revert "drm/amd/display: keep eDP Vdd on when eDP stream is already enabled" (bsc#1012628). - net: dsa: qca8k: reduce mgmt ethernet timeout (bsc#1012628). - igb: Make DMA faster when CPU is active on the PCIe link (bsc#1012628). - virtio_net: fix xdp_rxq_info bug after suspend/resume (bsc#1012628). - Revert "net/tls: fix tls_sk_proto_close executed repeatedly" (bsc#1012628). - sock: redo the psock vs ULP protection check (bsc#1012628). - nvme: move the Samsung X5 quirk entry to the core quirks (bsc#1012628). - gpio: winbond: Fix error code in winbond_gpio_get() (bsc#1012628). - s390/cpumf: Handle events cycles and instructions identical (bsc#1012628). - filemap: Fix serialization adding transparent huge pages to page cache (bsc#1012628). - KVM: SEV: Init target VMCBs in sev_migrate_from (bsc#1012628). - iio: mma8452: fix probe fail when device tree compatible is used (bsc#1012628). - iio: magnetometer: yas530: Fix memchr_inv() misuse (bsc#1012628). - iio: adc: xilinx-ams: fix return error variable (bsc#1012628). - iio: adc: vf610: fix conversion mode sysfs node name (bsc#1012628). - io_uring: make apoll_events a __poll_t (bsc#1012628). - io_uring: fix req->apoll_events (bsc#1012628). - usb: typec: wcove: Drop wrong dependency to INTEL_SOC_PMIC (bsc#1012628). - io_uring: fix wrong arm_poll error handling (bsc#1012628). - vmcore: convert copy_oldmem_page() to take an iov_iter (bsc#1012628). - s390/crash: add missing iterator advance in copy_oldmem_page() (bsc#1012628). - s390/crash: make copy_oldmem_page() return number of bytes copied (bsc#1012628). - xhci: turn off port power in shutdown (bsc#1012628). - xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (bsc#1012628). - xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (bsc#1012628). - usb: gadget: uvc: fix list double add in uvcg_video_pump (bsc#1012628). - usb: gadget: Fix non-unique driver names in raw-gadget driver (bsc#1012628). - USB: gadget: Fix double-free bug in raw_gadget driver (bsc#1012628). - usb: chipidea: udc: check request status before setting device address (bsc#1012628). - dt-bindings: usb: ohci: Increase the number of PHYs (bsc#1012628). - dt-bindings: usb: ehci: Increase the number of PHYs (bsc#1012628). - btrfs: fix race between reflinking and ordered extent completion (bsc#1012628). - btrfs: don't set lock_owner when locking extent buffer for reading (bsc#1012628). - btrfs: fix deadlock with fsync+fiemap+transaction commit (bsc#1012628). - f2fs: attach inline_data after setting compression (bsc#1012628). - f2fs: fix iostat related lock protection (bsc#1012628). - f2fs: do not count ENOENT for error case (bsc#1012628). - iio:humidity:hts221: rearrange iio trigger get and register (bsc#1012628). - iio:proximity:sx9324: Check ret value of device_property_read_u32_array() (bsc#1012628). - iio:chemical:ccs811: rearrange iio trigger get and register (bsc#1012628). - iio:accel:kxcjk-1013: rearrange iio trigger get and register (bsc#1012628). - iio:accel:bma180: rearrange iio trigger get and register (bsc#1012628). - iio:accel:mxc4005: rearrange iio trigger get and register (bsc#1012628). - iio: accel: mma8452: ignore the return value of reset operation (bsc#1012628). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (bsc#1012628). - iio: trigger: sysfs: fix use-after-free on remove (bsc#1012628). - iio: adc: stm32: fix maximum clock rate for stm32mp15x (bsc#1012628). - iio: imu: inv_icm42600: Fix broken icm42600 (chip id 0 value) (bsc#1012628). - iio: afe: rescale: Fix boolean logic bug (bsc#1012628). - iio: test: fix missing MODULE_LICENSE for IIO_RESCALE=m (bsc#1012628). - iio: adc: aspeed: Fix refcount leak in aspeed_adc_set_trim_data (bsc#1012628). - iio: adc: stm32: Fix ADCs iteration in irq handler (bsc#1012628). - iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (bsc#1012628). - iio: adc: stm32: fix vrefint wrong calibration value handling (bsc#1012628). - iio: adc: axp288: Override TS pin bias current for some models (bsc#1012628). - iio: adc: rzg2l_adc: add missing fwnode_handle_put() in rzg2l_adc_parse_properties() (bsc#1012628). - iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (bsc#1012628). - iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (bsc#1012628). - xtensa: xtfpga: Fix refcount leak bug in setup (bsc#1012628). - xtensa: Fix refcount leak bug in time.c (bsc#1012628). - parisc/stifb: Fix fb_is_primary_device() only available with CONFIG_FB_STI (bsc#1012628). - parisc: Fix flush_anon_page on PA8800/PA8900 (bsc#1012628). - parisc: Enable ARCH_HAS_STRICT_MODULE_RWX (bsc#1012628). - arm64: dts: ti: k3-j721s2: Fix overlapping GICD memory region (bsc#1012628). - powerpc/microwatt: wire up rng during setup_arch() (bsc#1012628). - powerpc: Enable execve syscall exit tracepoint (bsc#1012628). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1012628). - powerpc/powernv: wire up rng during setup_arch (bsc#1012628). - mm/memory-failure: disable unpoison once hw error happens (bsc#1012628). - mm: lru_cache_disable: use synchronize_rcu_expedited (bsc#1012628). - ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (bsc#1012628). - ARM: dts: imx6qdl: correct PU regulator ramp delay (bsc#1012628). - arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (bsc#1012628). - ARM: exynos: Fix refcount leak in exynos_map_pmu (bsc#1012628). - arm64: dts: exynos: Correct UART clocks on Exynos7885 (bsc#1012628). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (bsc#1012628). - ARM: Fix refcount leak in axxia_boot_secondary (bsc#1012628). - memory: mtk-smi: add missing put_device() call in mtk_smi_device_link_common (bsc#1012628). - memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (bsc#1012628). - ARM: cns3xxx: Fix refcount leak in cns3xxx_init (bsc#1012628). - modpost: fix section mismatch check for exported init/exit sections (bsc#1012628). - ARM: dts: bcm2711-rpi-400: Fix GPIO line names (bsc#1012628). - smb3: fix empty netname context on secondary channels (bsc#1012628). - random: update comment from copy_to_user() -> copy_to_iter() (bsc#1012628). - perf build-id: Fix caching files with a wrong build ID (bsc#1012628). - smb3: use netname when available on secondary channels (bsc#1012628). - dma-direct: use the correct size for dma_set_encrypted() (bsc#1012628). - kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (bsc#1012628). - powerpc/pseries: wire up rng during setup_arch() (bsc#1012628). - commit 4e30480 ++++ gcc12: - Update to gcc-12 branch head, 7811663964aa7e31c3939b859bb, git215 * includes libgomp mold linker detection fix * includes nvptx offload compiler build fix * includes s390x tsan executable stack fix ++++ libseccomp: - Use multibuild to get python3 support back ++++ liburing: - enable tests for != ppc64le ++++ python-requests: - rebased requests-no-hardcoded-version.patch - update to 2.28.1 * 2.28.1 (2022-06-29) - Improvements + Speed optimization in iter_content with transition to yield from. (#6170) - Dependencies + Added support for chardet 5.0.0 (#6179) + Added support for charset-normalizer 2.1.0 (#6169) * 2.28.0 (2022-06-09) - Deprecations + warning Requests has officially dropped support for Python 2.7. warning (#6091) + Requests has officially dropped support for Python 3.6 (including pypy3.6). (#6091) - Improvements + Wrap JSON parsing issues in Request's JSONDecodeError for payloads without an encoding to make json() API consistent. (#6097) + Parse header components consistently, raising an InvalidHeader error in all invalid cases. (#6154) + Added provisional 3.11 support with current beta build. (#6155) + Requests got a makeover and we decided to paint it black. (#6095) - Bugfixes + Fixed bug where setting CURL_CA_BUNDLE to an empty string would disable cert verification. All Requests 2.x versions before 2.28.0 are affected. (#6074) + Fixed urllib3 exception leak, wrapping urllib3.exceptions.SSLError with requests.exceptions.SSLError for content and iter_content. (#6057) + Fixed issue where invalid Windows registry entires caused proxy resolution to raise an exception rather than ignoring the entry. (#6149) + Fixed issue where entire payload could be included in the error message for JSONDecodeError. (#6036) ------------------------------------------------------------------ ------------------ 2022-6-28 - Jun 28 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - update zgrep-profile-mr870.diff: allow zgrep to execute egrep and fgrep (poo#113108) ++++ libapparmor: - update zgrep-profile-mr870.diff: allow zgrep to execute egrep and fgrep (poo#113108) ++++ openssl-1_1: - openssl-riscv64-config.patch: backport of riscv64 config support ++++ liburing: - update to 2.2: * Support non-libc builds. * Optimized syscall handling for x86-64/x86/aarch64. * Enable non-lib function calls for fast path functions. * Add support for multishot accept. * io_uring_register_files() will set RLIMIT_NOFILE if necessary. * Add support for registered ring fds, io_uring_register_ring_fd(), reducingthe overhead of an io_uring_enter() system call. * Add support for the message ring opcode. * Add support for newer request cancelation features. * Add support for IORING_SETUP_COOP_TASKRUN, which can help reduce the overhead of io_uring in general. Most applications should set this flag, see the io_uring_setup.2 man page for details. * Add support for registering a sparse buffer and file set. * Add support for a new buffer provide scheme, see io_uring_register_buf_ring.3 for details. * Add io_uring_submit_and_wait_timeout() for submitting IO and waiting for completions with a timeout. * Add io_uring_prep_{read,write}v2 prep helpers. * Add io_uring_prep_close_direct() helper. * Add support for SQE128 and CQE32, which are doubly sized SQE and CQE rings. This is needed for some cases of the new IORING_OP_URING_CMD, notably for NVMe passthrough. * ~5500 lines of man page additions, including adding ~90 new man pages. * Synced with the 5.19 kernel release, supporting all the features of 5.19 and earlier. * 24 new regression test cases, and ~7000 lines of new tests in general. * General optimizations and fixes. ++++ salt: - Fix ownership of salt thin directory when using the Salt Bundle - Set default target for pip from VENV_PIP_TARGET environment variable - Normalize package names once with pkg.installed/removed using yum (bsc#1195895) - Save log to logfile with docker.build - Use Salt Bundle in dockermod - Ignore erros on reading license files with dpkg_lowpkg (bsc#1197288) - Added: * normalize-package-names-once-with-pkg.installed-remo.patch * use-salt-bundle-in-dockermod.patch * fix-ownership-of-salt-thin-directory-when-using-the-.patch * ignore-erros-on-reading-license-files-with-dpkg_lowp.patch * set-default-target-for-pip-from-venv_pip_target-envi.patch * save-log-to-logfile-with-docker.build.patch ++++ python-pyzmq: - Update to 23.2.0 * Use zmq.Event enums in parse_monitor_message for nicer reprs * Fix building bundled libzmq with ZMQ_DRAFT_API=1 * Fix subclassing zmq.Context with additional arguments in the constructor. Subclasses may now have full control over the signature, rather than purely adding keyword-only arguments * Typos and other small fixes - Release 23.1.0 * Fix global name of zmq.EVENT_HANDSHAKE_* constants * Fix constants missing when using import zmq.green as zmq * {func}zmq.utils.monitor.recv_monitor_msg now supports async Sockets. - Release 23.0.0 * all zmq constants are now available as Python enums (e.g. zmq.SocketType.PULL, zmq.SocketOption.IDENTITY), generated statically from zmq.h instead of at compile-time. This means that checks for the presence of a constant (hasattr(zmq, 'RADIO')) is not a valid check for the presence of a feature. This practice has never been robust, but it may have worked sometimes. Use direct checks via e.g. {func}zmq.has or {func}zmq.zmq_version_info. * A bit more type coverage of Context.term and Context.socket * Remove all use of deprecated stdlib distutils * Update to Cython 0.29.30 (required for Python 3.11 compatibility) * Compatibility with Python 3.11.0b1 * Switch to myst for docs * Deprecate zmq.utils.strtypes, now unused * Updates to autoformatting, linting - Drop less-flaky.patch: pytest-rerunfailures without the flaky package can handle it. - Fix rpmlint errors * no-dependency-on python-base 3.X: depend on python(abi) = 3.X * unused-rpmlintrc-filter: Was unflavored, not required with the above -- drop rpmlintc * spurious-executable-perm: fix by chmod -x * obsolete-suse-version-check 1000. This package is not branched into any project for the maintenance of other distributions ++++ shim: - Update to 15.6 (bsc#1198458) - shim-15.6.tar.bz2 is downloaded from bsc#1198458#c76 which is from upstream grub2.cve_2021_3695.ms keybase channel. - For building 15.6~rc1 aarch64 image (d6eb9c6 Modernize aarch64), objcopy needs to support efi-app-aarch64 target. So we need the following patches in bintuils: - binutils-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch b69c9d41e8 AArch64: Add support for AArch64 EFI (efi-*-aarch64). - binutils-Re-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch 32384aa396 Re: AArch64: Add support for AArch64 EFI (efi-*-aarch64) - binutils-Re-Add-support-for-AArch64-EFI-efi-aarch64.patch d91c67e873 Re: Add support for AArch64 EFI (efi-*-aarch64) - Patches (git log --oneline --reverse 15.5~..77144e5a4) 448f096 MokManager: removed Locate graphic output protocol fail error message (bsc#1193315, bsc#1198458) a2da05f shim: implement SBAT verification for the shim_lock protocol bda03b8 post-process-pe: Fix a missing return code check af18810 CI: don't cancel testing when one fails ba580f9 CI: remove EOL Fedoras from github actions bfeb4b3 Remove aarch64 build tests before f35 38cc646 CI: Add f36 and centos9 CI build tests. b5185cb post-process-pe: Fix format string warnings on 32-bit platforms 31094e5 tests: also look for system headers in multi-arch directories 4df989a mock-variables.c: fix gcc warning 6aac595 test-str.c: fix gcc warnings with FORTIFY_SOURCE enabled 2670c6a Allow MokListTrusted to be enabled by default 5c44aaf Add code of conduct d6eb9c6 Modernize aarch64 9af50c1 Use ASCII as fallback if Unicode Box Drawing characters fail de87985 make: don't treat cert.S specially 803dc5c shim: use SHIM_DEVEL_VERBOSE when built in devel mode 6402f1f SBAT matching: Break out of the inner sbat loop if we find the entry. bb4b60e Add verify_image acfd48f Abstract out image reading 35d7378 Load additional certs from a signed binary 8ce2832 post-process-pe: there is no 's' argument. 465663e Add some missing PE image flag definitions 226fee2 PE Loader: support and require NX df96f48 Add MokPolicy variable and MOK_POLICY_REQUIRE_NX b104fc4 post-process-pe: set EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT f81a7cc SBAT revocation management abe41ab make: unbreak scan-build again for gnu-efi 610a1ac sbat.h: minor reformatting for legibility f28833f peimage.h: make our signature macros force the type 5d789ca Always initialize data/datasize before calling read_image() a50d364 sbat policy: make our policy change actions symbolic 5868789 load_certs: trust dir->Read() slightly less. a78673b mok.c: fix a trivial dead assignment 759f061 Fix preserve_sbat_uefi_variable() logic aa61fdf Give the Coverity scanner some more GCC blinders... 0214cd9 load_cert_file(): don't defererence NULL 1eca363 mok import: handle OOM case 75449bc sbat: Make nth_sbat_field() honor the size limit c0bcd04 shim-15.6~rc1 77144e5 SBAT Policy latest should be a one-shot - 15.5 release note https://github.com/rhboot/shim/releases Broken ia32 relocs and an unimportant submodule change. by @vathpela in #357 mok: allocate MOK config table as BootServicesData by @lcp in #361 Don't call QueryVariableInfo() on EFI 1.10 machines by @vathpela in #364 Relax the check for import_mok_state() by @lcp in #372 SBAT.md: trivial changes by @hallyn in #389 shim: another attempt to fix load options handling by @chrisccoulson in #379 Add tests for our load options parsing. by @vathpela in #390 arm/aa64: fix the size of .rela* sections by @lcp in #383 mok: fix potential buffer overrun in import_mok_state by @jyong2 in #365 mok: relax the maximum variable size check by @lcp in #369 Don't unhook ExitBootServices when EBS protection is disabled by @sforshee in #378 fallback: find_boot_option() needs to return the index for the boot entry in optnum by @jsetje in #396 httpboot: Ignore case when checking HTTP headers by @frozencemetery in #403 Fallback allocation errors by @vathpela in #402 shim: avoid BOOTx64.EFI in message on other architectures by @xypron in #406 str: remove duplicate parameter check by @xypron in #408 fallback: add compile option FALLBACK_NONINTERACTIVE by @xnox in #359 Test mok mirror by @vathpela in #394 Modify sbat.md to help with readability. by @eshiman in #398 csv: detect end of csv file correctly by @xypron in #404 Specify that the .sbat section is ASCII not UTF-8 by @daxtens in #413 tests: add "include-fixed" GCC directory to include directories by @diabonas in #415 pe: simplify generate_hash() by @xypron in #411 Don't make shim abort when TPM log event fails (RHBZ #2002265) by @rmetrich in #414 Fallback to default loader if parsed one does not exist by @julian-klode in #393 fallback: Fix for BootOrder crash when index returned by find_boot_option() is not in current BootOrder list by @rmetrich in #422 Better console checks by @vathpela in #416 docs: update SBAT UEFI variable name by @nicholasbishop in #421 Don't parse load options if invoked from removable media path by @julian-klode in #399 fallback: fix fallback not passing arguments of the first boot option by @martinezjavier in #433 shim: Don't stop forever at "Secure Boot not enabled" notification by @rmetrich in #438 Shim 15.5 coverity by @vathpela in #439 Allocate mokvar table in runtime memory. by @vathpela in #447 Remove post-process-pe on 'make clean' by @vathpela in #448 pe: missing perror argument by @xypron in #443 - Drop upstreamed patch: - shim-bsc1184454-allocate-mok-config-table-BS.patch - Allocate MOK config table as BootServicesData to avoid the error message from linux kernel - 4068fd42c8 15.5-rc1~70 - shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch - Handle ignore_db and user_insecure_mode correctly - 822d07ad4f07 15.5-rc1~73 - shim-bsc1185621-relax-max-var-sz-check.patch - Relax the maximum variable size check for u-boot - 3f327f546c219634b2 15.5-rc1~49 - shim-bsc1185261-relax-import_mok_state-check.patch - Relax the check for import_mok_state() when Secure Boot is off - 9f973e4e95b113 15.5-rc1~67 - shim-bsc1185232-relax-loadoptions-length-check.patch - Relax the check for the LoadOptions length - ada7ff69bd8a95 15.5-rc1~52 - shim-fix-aa64-relsz.patch - Fix the size of rela* sections for AArch64 - 34e3ef205c5d65 15.5-rc1~51 - shim-bsc1187260-fix-efi-1.10-machines.patch - Don't call QueryVariableInfo() on EFI 1.10 machines - 493bd940e5 15.5-rc1~69 - shim-bsc1185232-fix-config-table-copying.patch - Avoid buffer overflow when copying the MOK config table - 7501b6bb44 15.5-rc1~50 - shim-bsc1187696-avoid-deleting-rt-variables.patch - Avoid deleting the mirrored RT variables - b1fead0f7c9 15.5-rc1~37 - Add "rm -f *.o" after building MokManager/fallback in shim.spec to make sure all object files gets rebuilt - reference: https://github.com/rhboot/shim/pull/461 - The following fix-CVE-2022-28737-v6 patches against bsc#1198458 are included in shim-15.6.tar.bz2 - shim-bsc1198458-pe-Fix-a-buffer-overflow-when-SizeOfRawData-VirtualS.patch pe: Fix a buffer overflow when SizeOfRawData VirtualSize - shim-bsc1198458-pe-Perform-image-verification-earlier-when-loading-g.patch pe: Perform image verification earlier when loading grub - shim-bsc1198458-Update-advertised-sbat-generation-number-for-shim.patch Update advertised sbat generation number for shim - shim-bsc1198458-Update-SBAT-generation-requirements-for-05-24-22.patch Update SBAT generation requirements for 05/24/22 - shim-bsc1198458-Also-avoid-CVE-2022-28737-in-verify_image.patch Also avoid CVE-2022-28737 in verify_image() - 0006-shim-15.6-rc2.patch - 0007-sbat-add-the-parsed-SBAT-variable-entries-to-the-deb.patch sbat: add the parsed SBAT variable entries to the debug log - 0008-bump-version-to-shim-15.6.patch - Add mokutil command to post script for setting sbat policy to latest mode when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created. (bsc#1198458) - Add shim-bsc1198101-opensuse-cert-prompt.patch back to openSUSE shim to show the prompt to ask whether the user trusts openSUSE certificate or not (bsc#1198101) - Updated vendor dbx binary and script (bsc#1198458) - Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment. - Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin file which includes all .der for testing environment. ++++ toolbox: - Prefer podman as container runtime (unrelated part of [bnc#1200976]) ++++ vim: - Updated to version 9.0.0000, fixes the following problems - CVE-2022-2304 - boo#1201249 - CVE-2022-2289 - boo#1201139 - CVE-2022-2288 - boo#1201137 - CVE-2022-2287 - boo#1201136 - CVE-2022-2286 - boo#1201135 - CVE-2022-2284 - boo#1201133 - CVE-2022-2264 - boo#1201132 - CVE-2022-2231 - boo#1201150 - CVE-2022-2210 - boo#1201151 - CVE-2022-2207 - boo#1201153 - CVE-2022-2208 - boo#1201152 - CVE-2022-2206 - boo#1201155 * Reading beyond the end of the line with lisp indenting. * search() gets stuck with "c" and skip evaluates to true. * "make uninstall" does not remove colors/lists. * Still mentioning version8, some cosmetic issues. * In diff mode windows may get out of sync. (Gary Johnson) * TSTP and INT signal tests are not run with valgrind. * Fix for CTRL-key combinations causes more problems than it solves. * Accessing invalid memory after changing terminal size. * Might still access invalid memory. * Reading before the start of the line with BS in Replace mode. * Crash when deleting buffers in diff mode. * Invalid memory access after diff buffer manipulations. * Import test fails because 'diffexpr' isn't reset. * Test for DiffUpdated fails. * get(Fn, 'name') on funcref returns special byte code. * Cannot build with Python 3.11. * Nested :source may use NULL pointer. * Dependencies and proto files are outdated. * "make menu" still uses legacy script. ------------------------------------------------------------------ ------------------ 2022-6-27 - Jun 27 2022 ------------------- ------------------------------------------------------------------ ++++ curl: - Update to 7.84.0: * Security fixes: - (bsc#1200737, CVE-2022-32208): FTP-KRB bad message verification - (bsc#1200736, CVE-2022-32207): Unpreserved file permissions - (bsc#1200735, CVE-2022-32206): HTTP compression denial of service - (bsc#1200734, CVE-2022-32205): Set-Cookie denial of service * Changes: - curl: add --rate to set max request rate per time unit - curl: deprecate --random-file and --egd-file - curl_version_info: add CURL_VERSION_THREADSAFE - CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl - lib: make curl_global_init() threadsafe when possible - libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION - opts: deprecate RANDOM_FILE and EGDSOCKET - socks: support unix sockets for socks proxy * Bugfixes: - aws-sigv4: fix potentional NULL pointer arithmetic - bindlocal: don't use a random port if port number would wrap - c-hyper: mark status line as status for Curl_client_write() - ci: avoid `cmake -Hpath` - CI: bump FreeBSD 13.0 to 13.1 - ci: update github actions - cmake: add libpsl support - cmake: do not add libcurl.rc to the static libcurl library - cmake: enable curl.rc for all Windows targets - cmake: fix detecting libidn2 - cmake: support adding a suffix to the OS value - configure: skip libidn2 detection when winidn is used - configure: use the SED value to invoke sed - configure: warn about rustls being experimental - content_encoding: return error on too many compression steps - cookie: address secure domain overlay - cookie: apply limits - copyright.pl: parse and use .reuse/dep5 for skips - copyright: make repository REUSE compliant - curl.1: add a few see also --tls-max - curl.1: mention exit code zero too - curl: re-enable --no-remote-name - curl_easy_pause.3: remove explanation of progress function - curl_getdate.3: document that some illegal dates pass through - Curl_parsenetrc: don't access local pwbuf outside of scope - curl_url_set.3: clarify by default using known schemes only - CURLOPT_ALTSVC.3: document the file format - CURLOPT_FILETIME.3: fix the protocols this works with - CURLOPT_HTTPHEADER.3: improve comment in example - CURLOPT_NETRC.3: document the .netrc file format - CURLOPT_PORT.3: We discourage using this option - CURLOPT_RANGE.3: remove ranged upload advice - digest: added detection of more syntax error in server headers - digest: tolerate missing "realm" - digest: unquote realm and nonce before processing - DISABLED: disable 1021 for hyper again - docs/cmdline-opts: add copyright and license identifier to each file - docs/CONTRIBUTE.md: document the 'needs-votes' concept - docs: clarify data replacement policy for MIME API - doh: remove UNITTEST macro definition - examples/crawler.c: use the curl license - examples: remove fopen.c and rtsp.c - FAQ: Clarify Windows double quote usage - fopen: add Curl_fopen() for better overwriting of files - ftp: restore protocol state after http proxy CONNECT - ftp: when failing to do a secure GSSAPI login, fail hard - GHA/hyper: enable debug in the build - gssapi: improve handling of errors from gss_display_status - gssapi: initialize gss_buffer_desc strings - headers api: remove EXPERIMENTAL tag - http2: always debug print stream id in decimal with %u - http2: reject overly many push-promise headers - http: restore header folding behavior - hyper: use 'alt-used' - krb5: return error properly on decode errors - lib: make more protocol specific struct fields #ifdefed - libcurl-security.3: add "Secrets in memory" - libcurl-security.3: document CRLF header injection - libssh: skip the fake-close when libssh does the right thing - links: update dead links to the curl-wiki - log2changes: do not indent empty lines [ci skip] - macos9: remove partial support - Makefile.am: fix portability issues - Makefile.m32: delete obsolete options, improve -On [ci skip] - Makefile.m32: delete two obsolete OpenSSL options [ci skip] - Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip] - max-time.d: clarify max-time sets max transfer time - mprintf: ignore clang non-literal format string - netrc: check %USERPROFILE% as well on Windows - netrc: support quoted strings - ngtcp2: allow curl to send larger UDP datagrams - ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types - ngtcp2: enable Linux GSO - ngtcp2: extend QUIC transport parameters buffer - ngtcp2: fix alert_read_func return value - ngtcp2: fix typo in preprocessor condition - ngtcp2: handle error from ngtcp2_conn_submit_crypto_data - ngtcp2: send appropriate connection close error code - ngtcp2: support boringssl crypto backend - ngtcp2: use helper funcs to simplify TLS handshake integration - ntlm: provide a fixed fake host name - projects: fix third-party SSL library build paths for Visual Studio - quic: add Curl_quic_idle - quiche: support ca-fallback - rand: stop detecting /dev/urandom in cross-builds - remote-name.d: mention --output-dir - runtests.pl: add the --repeat parameter to the --help output - runtests: fix skipping tests not done event-based - runtests: skip starting the ssh server if user name is lacking - scripts/copyright.pl: fix the exclusion to not ignore man pages - sectransp: check for a function defined when __BLOCKS__ is undefined - select: return error from "lethal" poll/select errors - server/sws: support spaces in the HTTP request path - speed-limit/time.d: mention these affect transfers in either direction - strcase: some optimisations - test 2081: add a valid reply for the second request - test 675: add missing CR so the test passes when run through Privoxy - test414: add the '--resolve' keyword - test681: verify --no-remote-name - tests 266, 116 and 1540: add a small write delay - tests/data/test1501: kill ftp server after slow LIST response - tests/getpart: fix getpartattr to work with "data" and "data2" - tests/server/sws.c: change the HTTP writedelay unit to milliseconds - test{440,441,493,977}: add "HTTP proxy" keywords - tool_getparam: fix --parallel-max maximum value constraint - tool_operate: make sure --fail-with-body works with --retry - transfer: fix potential NULL pointer dereference - transfer: maintain --path-as-is after redirects - transfer: upload performance; avoid tiny send - url: free old conn better on reuse - url: remove redundant #ifdefs in allocate_conn() - url: URL encode the path when extracted, if spaces were set - urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts - urlapi: support CURLU_URLENCODE for curl_url_get() - urldata: reduce size of a few struct fields - urldata: remove three unused booleans from struct UserDefined - urldata: store tcp_keepidle and tcp_keepintvl as ints - version: allow stricmp() for sorting the feature list - vtls: make curl_global_sslset thread-safe - wolfssh.h: removed - wolfssl: correct the failf() message when a handle can't be made - wolfSSL: explicitly use compatibility layer - x509asn1: mark msnprintf return as unchecked ++++ dmidecode: - Update to upstream version 3.4: * Support for SMBIOS 3.4.0. This includes new memory device types, new processor upgrades, new slot types and characteristics, decoding of memory module extended speed, new system slot types, new processor characteristics and new format of Processor ID. * Support for SMBIOS 3.5.0. This includes new processor upgrades, BIOS characteristics, new slot characteristics, new on-board device types, new pointing device interface types, and a new record type (type 45 - Firmware Inventory Information). * Decode HPE OEM records 194, 199, 203, 236, 237, 238 ans 240. * Bug fixes: Fix OEM vendor name matching * Minor improvements: Skip details of uninstalled memory modules Don't display the raw CPU ID in quiet mode Improve the formatting of the manual pages * Obsoletes dmidecode-fix-crash-with-u-option.patch and dmidecode-fix-the-condition-error-in-ascii_filter.patch. ++++ kernel-default: - Update to 5.19-rc4 - update configs - FIPS_SIGNATURE_SELFTEST=n - commit c256fc8 ++++ ncurses: - Add ncurses patch 20220625 + improve man/curs_bkgd.3x, explaining that bkgdset can affect results for bkgd (report by Anton Vidovic). + correct dsl in dec+sl (report by Rajeev Pillai) -TD + add/use ansi+cpr, decid+cpr -TD - Correct offsets of patches * ncurses-5.9-ibm327x.dif * ncurses-6.3.dif ++++ rpm: - remove obsolete RPM-HOWTO from 1999 (removed RPM-HOWTO.tar.bz2) - move debugedit to separate package (Removed debuginfo-mono.patch, debuglink.diff, debugsubpkg.diff, finddebuginfo-absolute-links.diff, finddebuginfo.diff, singlefilemode.diff, debugedit-5.0.tar.xz) - move python-rpm-packaging to separate package (Removed python-rpm-packaging.diff, python-rpm-packaging.tar.bz2) ++++ mokutil: - Update to 0.6.0 + 6c98907 SBAT revocation update support + 0276891 mokutil: Add trust_mok_keys and untrust_mok_keys + 57bc385 mokutil: enable setting fallback verbosity and noreboot mode + b15e7c4 util: add the missing stdio.h - Drop mokutil-fix-missing-header.patch (upstream) ++++ openssl: - Update to 1.1.1p release ++++ python-PyYAML: - Actually we DO want to build the bindings. ------------------------------------------------------------------ ------------------ 2022-6-26 - Jun 26 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Linux 5.18.7 (bsc#1012628). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (bsc#1012628). - zonefs: fix zonefs_iomap_begin() for reads (bsc#1012628). - fsnotify: introduce mark type iterator (bsc#1012628). - fsnotify: consistent behavior for parent not watching children (bsc#1012628). - bpf: Fix calling global functions from BPF_PROG_TYPE_EXT programs (bsc#1012628). - selftests/bpf: Add selftest for calling global functions from freplace (bsc#1012628). - dt-bindings: nvmem: sfp: Add clock properties (bsc#1012628). - io_uring: use original request task for inflight tracking (bsc#1012628). - commit 531894c ------------------------------------------------------------------ ------------------ 2022-6-25 - Jun 25 2022 ------------------- ------------------------------------------------------------------ ++++ mozilla-nss: - sync with current SLE * latest FIPS changes incl. testsuite fixes (enabled now) nss-fips-180-3-csp-clearing.patch nss-fips-tests-enable-fips.patch nss-fips-tests-skip.patch nss-fips-pbkdf-kat-compliance.patch ------------------------------------------------------------------ ------------------ 2022-6-24 - Jun 24 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Bring back /sbin/netconfig as build option since the netconfig in SLE is not ready for usrmerge. ++++ kernel-default: - config: enable MLX90614 MLX90614 is I2C (SMBus) remote temperature sensor. The boards are available for SBCs: https://www.waveshare.com/product/modules/sensors/temperature-humidity-barometer/infrared-temperature-sensor.htm Enable the driver for potential users. Link: https://lists.opensuse.org/archives/list/kernel@lists.opensuse.org/thread/VHBAZ4YTJZ6H2DTMELYWILNGMRBXBMPI/ - commit 1a61419 ++++ libvirt: - spec: Include aarch64 in the list of architectures that 'Require' dmidecode boo#1196087 ++++ python-MarkupSafe: - Patch PKG-INFO to avoid pip failing on Python 3.6 with `ERROR: Package 'MarkupSafe' requires a different Python: 3.6.15 not in '>=3.7'`. ++++ selinux-policy: - Add fix_userdomain.patch to dontaudit UDP rpc ports (bsc#1193984) - Update to version 20220624. Refreshed: * fix_init.patch * fix_kernel_sysctl.patch * fix_logging.patch * fix_networkmanager.patch * fix_unprivuser.patch Dropped fix_hadoop.patch, not necessary anymore * Updated fix_locallogin.patch to allow accesses for nss-systemd (bsc#1199630) ++++ vim: - Updated to version 8.2.5154, fixes the following problems - fixed boo#1200184 - CVE-2022-2175 - boo#1200904 - CVE-2022-2182 - boo#1200903 - CVE-2022-2183 - boo#1200902 * Debugger test fails when run with valgrind. * Cannot build without the +channel feature. (Dominique Pellé) * Various small issues. * TIME_WITH_SYS_TIME is no longer supported by autoconf. * Seachpair timeout test is flaky. * Using "volatile int" in a signal handler might be wrong. * Startup test fails if there is a status bar at the top of the screen. (Ernie Rael) * Some tests fail when using valgrind. Spurious leak reports. * With 'lazyredraw' set completion menu may be displayed wrong. * Exit test causes spurious valgrind reports. * Memory leak when substitute expression nests. * Flaky test always fails on retry. * Invalid memory access when using an expression on the command line. * Cannot build without the +eval feature. (Tony Mechelynck) * Read past the end of the first line with ":0;'{". * Reading beyond the end of the line with lisp indenting. * search() gets stuck with "c" and skip evaluates to true. * "make uninstall" does not remove colors/lists. * Still mentioning version8, some cosmetic issues. ------------------------------------------------------------------ ------------------ 2022-6-23 - Jun 23 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - Add conflict between cockpit-networkmanager and cockpit-wicked as they use the same URL paths. ++++ glibc: - read-chk-cancel.patch: debug: make __read_chk a cancellation point (bsc#1200682, BZ #29274) - wcrtomb-fortify.patch: wcrtomb: Make behavior POSIX compliant (bsc#1200688) ++++ kernel-default: - Linux 5.18.6 (bsc#1012628). - Revert "drm/amd/display: Fix DCN3 B0 DP Alt Mapping" (bsc#1012628). - arm64: dts: imx8mm-beacon: Enable RTS-CTS on UART3 (bsc#1012628). - arm64: dts: imx8mn-beacon: Enable RTS-CTS on UART3 (bsc#1012628). - io_uring: reinstate the inflight tracking (bsc#1012628). - powerpc/kasan: Silence KASAN warnings in __get_wchan() (bsc#1012628). - ASoC: nau8822: Add operation for internal PLL off and on (bsc#1012628). - ASoC: qcom: lpass-platform: Update VMA access permissions in mmap callback (bsc#1012628). - drm/amd/display: Read Golden Settings Table from VBIOS (bsc#1012628). - drm/amdgpu: Resolve RAS GFX error count issue after cold boot on Arcturus (bsc#1012628). - drm/amdkfd: Use mmget_not_zero in MMU notifier (bsc#1012628). - dma-debug: make things less spammy under memory pressure (bsc#1012628). - ASoC: Intel: cirrus-common: fix incorrect channel mapping (bsc#1012628). - ASoC: cs42l52: Fix TLV scales for mixer controls (bsc#1012628). - ASoC: cs35l36: Update digital volume TLV (bsc#1012628). - ASoC: cs53l30: Correct number of volume levels on SX controls (bsc#1012628). - ASoC: cs42l52: Correct TLV for Bypass Volume (bsc#1012628). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (bsc#1012628). - ASoC: cs42l51: Correct minimum value for SX volume control (bsc#1012628). - drm/amdkfd: add pinned BOs to kfd_bo_list (bsc#1012628). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (bsc#1012628). - quota: Prevent memory allocation recursion while holding dq_lock (bsc#1012628). - ASoC: wm8962: Fix suspend while playing music (bsc#1012628). - ASoC: es8328: Fix event generation for deemphasis control (bsc#1012628). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (bsc#1012628). - ALSA: hda: MTL: add HD Audio PCI ID and HDMI codec vendor ID (bsc#1012628). - Input: soc_button_array - also add Lenovo Yoga Tablet2 1051F to dmi_use_low_level_irq (bsc#1012628). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (bsc#1012628). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1012628). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1012628). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1012628). - scsi: mpt3sas: Fix out-of-bounds compiler warning (bsc#1012628). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (bsc#1012628). - scsi: pmcraid: Fix missing resource cleanup in error case (bsc#1012628). - ALSA: hda/realtek - Add HW8326 support (bsc#1012628). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (bsc#1012628). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (bsc#1012628). - ipv6: Fix signed integer overflow in __ip6_append_data (bsc#1012628). - ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg (bsc#1012628). - net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (bsc#1012628). - mellanox: mlx5: avoid uninitialized variable warning with gcc-12 (bsc#1012628). - MIPS: Loongson-3: fix compile mips cpu_hwmon as module build error (bsc#1012628). - random: credit cpu and bootloader seeds by default (bsc#1012628). - gpio: dwapb: Don't print error on -EPROBE_DEFER (bsc#1012628). - platform/x86/intel: Fix pmt_crashlog array reference (bsc#1012628). - platform/x86/intel: pmc: Support Intel Raptorlake P (bsc#1012628). - platform/x86: gigabyte-wmi: Add Z690M AORUS ELITE AX DDR4 support (bsc#1012628). - platform/x86: gigabyte-wmi: Add support for B450M DS3H-CF (bsc#1012628). - platform/x86/intel: hid: Add Surface Go to VGBS allow list (bsc#1012628). - staging: r8188eu: fix rtw_alloc_hwxmits error detection for now (bsc#1012628). - staging: r8188eu: Fix warning of array overflow in ioctl_linux.c (bsc#1012628). - pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (bsc#1012628). - pNFS: Avoid a live lock condition in pnfs_update_layout() (bsc#1012628). - sunrpc: set cl_max_connect when cloning an rpc_clnt (bsc#1012628). - clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() (bsc#1012628). - i40e: Fix adding ADQ filter to TC0 (bsc#1012628). - i40e: Fix calculating the number of queue pairs (bsc#1012628). - i40e: Fix call trace in setup_tx_descriptors (bsc#1012628). - iavf: Fix issue with MAC address of VF shown as zero (bsc#1012628). - Drivers: hv: vmbus: Release cpu lock in error case (bsc#1012628). - tty: goldfish: Fix free_irq() on remove (bsc#1012628). - misc: atmel-ssc: Fix IRQ check in ssc_probe (bsc#1012628). - riscv: dts: microchip: re-add pdma to mpfs device tree (bsc#1012628). - io_uring: fix races with file table unregister (bsc#1012628). - io_uring: fix races with buffer table unregister (bsc#1012628). - drm/i915/reset: Fix error_state_read ptr + offset use (bsc#1012628). - net: hns3: set port base vlan tbl_sta to false before removing old vlan (bsc#1012628). - net: hns3: don't push link state to VF if unalive (bsc#1012628). - net: hns3: restore tm priority/qset to default settings when tc disabled (bsc#1012628). - net: hns3: fix PF rss size initialization bug (bsc#1012628). - net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (bsc#1012628). - nvme: add device name to warning in uuid_show() (bsc#1012628). - mlxsw: spectrum_cnt: Reorder counter pools (bsc#1012628). - ice: Fix PTP TX timestamp offset calculation (bsc#1012628). - ice: Sync VLAN filtering features for DVM (bsc#1012628). - ice: Fix queue config fail handling (bsc#1012628). - ice: Fix memory corruption in VF driver (bsc#1012628). - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (bsc#1012628). - net: remove noblock parameter from skb_recv_datagram() (bsc#1012628). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (bsc#1012628). - arm64: ftrace: fix branch range checks (bsc#1012628). - arm64: ftrace: consistently handle PLTs (bsc#1012628). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (bsc#1012628). - init: Initialize noop_backing_dev_info early (bsc#1012628). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1012628). - faddr2line: Fix overlapping text section failures, the sequel (bsc#1012628). - x86/ftrace: Remove OBJECT_FILES_NON_STANDARD usage (bsc#1012628). - i2c: npcm7xx: Add check for platform_driver_register (bsc#1012628). - irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (bsc#1012628). - irqchip/apple-aic: Fix refcount leak in build_fiq_affinity (bsc#1012628). - irqchip/apple-aic: Fix refcount leak in aic_of_ic_init (bsc#1012628). - irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (bsc#1012628). - irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (bsc#1012628). - irqchip/realtek-rtl: Fix refcount leak in map_interrupts (bsc#1012628). - sched: Fix balance_push() vs __sched_setscheduler() (bsc#1012628). - i2c: designware: Use standard optional ref clock implementation (bsc#1012628). - i2c: mediatek: Fix an error handling path in mtk_i2c_probe() (bsc#1012628). - mei: hbm: drop capability response on early shutdown (bsc#1012628). - mei: me: add raptor lake point S DID (bsc#1012628). - comedi: vmk80xx: fix expression for tx buffer size (bsc#1012628). - crypto: memneq - move into lib/ (bsc#1012628). - USB: serial: option: add support for Cinterion MV31 with new baseline (bsc#1012628). - USB: serial: io_ti: add Agilent E5805A support (bsc#1012628). - arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA transfer (bsc#1012628). - usb: dwc2: Fix memory leak in dwc2_hcd_init (bsc#1012628). - usb: cdnsp: Fixed setting last_trb incorrectly (bsc#1012628). - usb: dwc3: gadget: Fix IN endpoint max packet size allocation (bsc#1012628). - usb: dwc3: pci: Restore line lost in merge conflict resolution (bsc#1012628). - usb: gadget: u_ether: fix regression in setting fixed MAC address (bsc#1012628). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (bsc#1012628). - usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (bsc#1012628). - usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (bsc#1012628). - tty: n_gsm: Debug output allocation must use GFP_ATOMIC (bsc#1012628). - serial: 8250: Store to lsr_save_flags after lsr read (bsc#1012628). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (bsc#1012628). - md/raid5-ppl: Fix argument order in bio_alloc_bioset() (bsc#1012628). - dm: fix race in dm_start_io_acct (bsc#1012628). - dm mirror log: round up region bitmap size to BITS_PER_LONG (bsc#1012628). - drm/amdgpu: Fix GTT size reporting in amdgpu_ioctl (bsc#1012628). - drm/amd/display: Cap OLED brightness per max frame-average luminance (bsc#1012628). - audit: free module name (bsc#1012628). - cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle (bsc#1012628). - fs: account for group membership (bsc#1012628). - selinux: free contexts previously transferred in selinux_add_opt() (bsc#1012628). - ext4: fix super block checksum incorrect after mount (bsc#1012628). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1012628). - ext4: make variable "count" signed (bsc#1012628). - ext4: add reserved GDT blocks check (bsc#1012628). - KVM: arm64: Always start with clearing SVE flag on load (bsc#1012628). - KVM: arm64: Don't read a HW interrupt pending state in user context (bsc#1012628). - virtio-pci: Remove wrong address verification in vp_del_vqs() (bsc#1012628). - drm/i915/uc: remove accidental static from a local variable (bsc#1012628). - bpf: Use safer kvmalloc_array() where possible (bsc#1012628). - powerpc/book3e: get rid of #include (bsc#1012628). - dt-bindings: mfd: bd9571mwv: update rohm,bd9571mwv.yaml reference (bsc#1012628). - dt-bindings: interrupt-controller: update brcm,l2-intc.yaml reference (bsc#1012628). - dm: fix bio_set allocation (bsc#1012628). - clk: imx8mp: fix usb_root_clk parent (bsc#1012628). - Delete patches.suse/netfs-Eliminate-Clang-randstruct-warning.patch. - Update config files. - commit 5aa0763 ++++ openssl-1_1: - Update to 1.1.1p: * bsc#1185637 - updated certificates required for testing that failed when date is later than 1 June 2022 - removed openssl-update_expired_certificates.patch * [bsc#1200550, CVE-2022-2068] - more shell code injection issues in c_rehash ++++ parted: - drop type flag (SUSE specific) to fix bsc#1190847 refreshed patches: - parted-mac.patch - tests-adapt-to-SUSE.patch drop patches: - parted-type.patch - parted-type-accept-hex.patch - parted-json-no-type-flag.patch ++++ procps: - Some older products do not know about /usr/share/man/uk ++++ patterns-alp: - Ensure cockpit-networkmanager is installed if NM is installed. - Drop tallow (sync with MicroOS). ++++ perl: - Update to 5.36.0 * the signatures and isa features are no longer experimental and part of the v5.36 feature bundle * the v5.36 bundle also enables warnings * new '-g' command line flag (alias for -0777) * support for unicode 14.0 * regex sets are no longer considered experimental * experimental iterating over multiple values at a time * experimental new builtin module * experimental defer blocks * try/catch can now have a finally block * experimental non-ASCII delimiters for quote-like operators * a physically empty sort is now a compile-time error - Rebase perl-5.34.0.dif to perl-5.36.0.diff - Refresh perl-5.18.2-overflow.diff ++++ python-psutil: - Add patch mem-used-bsc1181475.patch (bsc#1181475) * Adopt change of used memory calculation from upstream of procps ------------------------------------------------------------------ ------------------ 2022-6-22 - Jun 22 2022 ------------------- ------------------------------------------------------------------ ++++ bash: - Update to bash 5.2 rc1 dd. In posix mode, the `printf' builtin checks for the `L' length modifier and uses long double for floating point conversion specifiers if it's present, double otherwise. ee. The `globbing' completion code now takes the `globstar' option into account. ff. `suspend -f' now forces the shell to suspend even if job control is not currently enabled. - Port patches * bash-2.03-manual.patch * bash-3.2-printf.patch * bash-4.1-bash.bashrc.dif * bash-5.2.dif ++++ container-selinux: - Update to version 2.187.0: * Allow container domains to use /dev/zero - Changes from 2.186.0: * Create policy for a container_device_t * Allow containers to shutdown & setopt userdomain:sockets - Changes from 2.183.0: * Allow containers to inherit all socket classes from container runtimes. - Changes from 2.182.0: * Allow containers to inherit all socket classes - Changes from 2.181.0: * Allow socket activated domains for tcp sockets from init_t and userdomains. ++++ gstreamer: - Update to version 1.20.3 + Highlighted bugfixes: - Security fixes in Matroska, MP4 and AVI demuxers - Fix scrambled video playback with hardware-accelerated VA-API decoders on certain Intel hardware - playbin3/decodebin3 regression fix for unhandled streams - Fragmented MP4 playback fixes - Android H.265 encoder mapping - Playback of MXF files produced by FFmpeg before March 2022 - Fix rtmp2sink crashes on 32-bit platforms - WebRTC improvements - D3D11 video decoder and screen recorder fixes - Performance improvements - Support for building against OpenCV 4.6 and other build fixes - Miscellaneous bug fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - clock: Avoid creating a weakref with every entry (performance improvement) - plugin: add Apache 2 license to list of known licenses to avoid warning - gst_plugin_load_file: force plugin reload if filename differs Add support for LoongArch ++++ gstreamer-plugins-base: - Update to version 1.20.3: + typefindfunctions: Fix WebVTT format detection for very short files + gldisplay: Reorder GST_GL_WINDOW check for egl-device + rtpbasepayload: Copy all buffer metadata instead of just GstMetas for the input meta buffer + codec-utils: Avoid out-of-bounds error + navigation: Fix Since markers for mouse scroll events + videoaggregator: Fix for unhandled negative rate + videoaggregator: Use floor() to calculate current position + video-color: Fix for missing clipping in PQ EOTF function + gst-play-1.0: Fix trick-mode handling in keyboard shortcut + audiovisualizer: shader: Fix out of bound write ++++ kernel-default: - Update config files. Run oldconfig which unsets CC_NO_ARRAY_BOUNDS as dummy tools emulate gcc 20. We are ignoring it thanks to update in packaging, so that real compilation sets this right later. - commit e4ff964 - rpm/check-for-config-changes: ignore GCC12/CC_NO_ARRAY_BOUNDS Upstream commit f0be87c42cbd (gcc-12: disable '-Warray-bounds' universally for now) added two new compiler-dependent configs: * CC_NO_ARRAY_BOUNDS * GCC12_NO_ARRAY_BOUNDS Ignore them -- they are unset by dummy tools (they depend on gcc version == 12), but set as needed during real compilation. - commit a14607c ++++ procps: - Add the patches * procps-3.3.17-library-bsc1181475.patch * procps-3.3.17-top-bsc1181475.patch which are backports of current newlib tree to solve bug bsc#1181475 * 'free' command reports misleading "used" value ++++ readline: - use https:// for source urls - Update to readline-8.2-rc1 ++++ podman: - Update to version 4.1.1: * The output of the podman load command now mirrors that of docker load. * Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0. * A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so. * Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable. * Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers. * The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries. * The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources. * The podman play kube command will now set default resource limits when the provided YAML does not include them. * The podman play kube command now supports a new option, --annotation, to add annotations to created containers. * The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile. * The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer. * The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them. * The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images. * The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network. * The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information. * The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers. * The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter. * The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format. * The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security. * The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for. * The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create. * The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961). * The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file. * The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}. * The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined. * The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization. * Fix CVE-2022-27191 / bsc#1197284 - Drop obsolete patches: * 0001-Adjust-buildah-to-opencontainers-selinux-v1.10.1.patch * 0001-Relabel-relabel-links-instead-of-their-targets.patch * 0002-specgen-do-not-set-OOMScoreAdj-by-default.patch * 0004-fix-Container.cGroupPath-skip-empty-line-to-avoid-fa.patch ++++ policycoreutils: - Handle missing translations properly in chcat. Added chcat_handle_missing_translations.patch (bsc#1200752) ++++ toolbox: - Update to version 2.3+git20220622.32785f7: * Only set --userns=keep-id when running rootless ++++ virt-manager: - bsc#1200691 - SLES 15 SP4 GMC --os-variant tag shouldn't be mandatory on s390x (see also bsc#1200422) revert-363fca41-virt-install-Require-osinfo-for-non-x86-HVM-case-too.patch ------------------------------------------------------------------ ------------------ 2022-6-21 - Jun 21 2022 ------------------- ------------------------------------------------------------------ ++++ dracut: - Update to version 057+suse.292.g508db4cd: See https://github.com/dracutdevs/dracut/releases/tag/057 for details. Additional changes: * fix(integrity): do not enable EVM if there is no key (bsc#1200718) * fix(dracut.sh): temporary workaround for kiwi (bsc#1199051) * chore(suse): update spec ++++ transactional-update: - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ++++ kernel-default: - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (CVE-2022-1679 bsc#1199487). - commit f4c43ea - ALSA: hda: Fix discovery of i915 graphics PCI device (bsc#1200611). - commit ef301cb - netfs: Fix gcc-12 warning by embedding vfs inode in netfs_i_context (gcc 12 warnings). - netfs: gcc-12: temporarily disable '-Wattribute-warning' for now (gcc 12 warnings). - gcc-12: disable '-Warray-bounds' universally for now (gcc 12 warnings). - Update config files. CC_NO_ARRAY_BOUNDS=y is manually selected, see commit b2fb712ddc6e. - gcc-12: disable '-Wdangling-pointer' warning for now (gcc 12 warnings). - wifi: rtlwifi: remove always-true condition pointed out by GCC 12 (gcc 12 warnings). - net: wwan: iosm: remove pointless null check (gcc 12 warnings). - eth: sun: cassini: remove dead code (gcc 12 warnings). - netfs: Eliminate Clang randstruct warning (gcc 12 warnings). - x86/boot: Wrap literal addresses in absolute_pointer() (gcc 12 warnings). - commit 983c97f - series.conf: remove empty line in sorted section It causes troubles to scripts. - commit b01fcd9 ++++ keyutils: - Add /etc/keys/evn and /usr/etc/keys/evm together with the IMA ones ++++ libproxy: - Add libproxy-perl-cflags.patch: perl: Use ccflags from %Config for libproxy module compilation; fixes perl test suite on i586. ++++ openslp: - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ++++ systemd: - Import commit 69abca7794ed06d823bc0a9bb55daf822adcc632 f29b146685 pstore: Run after modules are loaded - pstore is no more considered as an experimental feature: move it to udev package (bsc#1197802) - Adjust rpmlintrc for shlib-policy-name-error/multibuild case so that it's not only for x86_64. - spec: %suse_version rpm macro is already reserved and has a special meaning in openSUSE distros so rename it to %archive_version instead. ++++ libvirt: - spec: Move logrotate config files from /etc/logrotate.d to /usr/etc/logrotate.d ++++ policycoreutils: - Build and package translations for python-utils (boo#1200752). ++++ qemu: - Fix bugs boo#1200557 and boo#1199924 - Now that boo#1199924 is fixed, re-enable FORTIFY_SOURCE=3 * Patches added: pci-fix-overflow-in-snprintf-string-form.patch sphinx-change-default-language-to-en.patch ++++ ovmf: - add ovmf-tools_def-add-fno-omit-frame-pointer-to-GCC48_-IA32-.patch. It fixes crashes when linked using gcc 12 (bsc#1199597). ++++ rsync: - Removed %config flag for files in /usr directory. ++++ wpa_supplicant: - Removed %config flag for files in /usr directory. - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ------------------------------------------------------------------ ------------------ 2022-6-20 - Jun 20 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - Update to 22.1.2 " There's a lot of zink here, thanks to Mike for help with manually backporting parts of it! We've als got a bunch of fixes for panfrost, and some for intel, radeon, llvmpip, dzn, broadcom, nir, core gallium, the va state tracker, and freedren." ++++ Mesa-drivers: - Update to 22.1.2 " There's a lot of zink here, thanks to Mike for help with manually backporting parts of it! We've als got a bunch of fixes for panfrost, and some for intel, radeon, llvmpip, dzn, broadcom, nir, core gallium, the va state tracker, and freedren." ++++ cockpit: - Re-arrange patches and apply them manually again. Some were accidentally added and should be sle only ++++ cockpit-tukit: - Update to version 0.0.3~git10.d8579a3: * Update to cockpit 271 * Add translation template * Update translations * Add load-css-overrides.patch to start loading a custom CSS file ++++ librsvg: - Automatic update of vendored dependencies ++++ alsa: - Update to version 1.2.7.1: minor bug fixes, including the previous patches. For details, see https://www.alsa-project.org/wiki/Changes_v1.2.7_v1.2.7.1#alsa-lib - Drop obsoleted patches: 0001-conf-Use-ino64_t-to-save-and-compare-inode-numbers.patch 0002-control-eld-fix-the-decoding-for-older-hw.patch ++++ ncurses: - Add ncurses patch 20220618 + add a null-pointer check for term_names field in copy_termtype(), needed for MinGW port (report by Peiyuan Song, cf: 20220521). + revise kon/kon2/jfbterm to undo "linux2.6" change to smacs/rmacs/enacs (Debian #1012800) -TD + amended note for att610+cvis0, as per documentation for att610, att620, att730 -TD ++++ libproxy: - Update to version 0.4.18: + build: Allow configuration of sysconfig module. + config_envvar: Add environment variable for pacrunner debugging. + build: disable mozjs by default. + python: Support Python 3.10 and above. + Add Duktape pacrunner module. + config_kde: Compute list of config file locations ourselves. + cpmfog_gnome3: Add gnome-wayland to permitted DESKTOP_SESSION. - Drop libproxy-python-310.patch: fixed upstream. - Build duktape pacrunner module: + Add pkgconfig(duktape): new dependency. + Split new subpackage libproxy1-pacrunner-duktape. + Suggest duktape pacrunner for config modules recommending a pacrunner. ++++ logrotate: - Removed %{_distconfdir}/logrotate.d directory from spec file. It will be handled by package filesystem. ++++ perl-Bootloader: - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ++++ rsync: - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ++++ tar: - Fix race condition while creating intermediate subdirectories, bsc#1200657 * bsc1200657.patch ++++ vim: - Updated to version 8.2.5136, fixes the following problems - CVE-2022-2129 - boo#1200701 - CVE-2022-2124 - boo#1200697 - CVE-2022-2125 - boo#1200698 - CVE-2022-2126 - boo#1200700 * Autocmd test still fails on MS-Windows. * When the GUI shows a dialog tests get stuck. * Gcc gives warning for signed/unsigned difference. * CI runs on Windows 2019. * Cannot build with clang on MS-Windows. * Value of cmod_verbose is a bit complicated to use. * Some functions return a different value on failure. * Terminal test fails with some shell commands. * Using "'<,'>" in Ex mode may compare unrelated pointers. * Error message for unknown command may mention the command twice. (Malcolm Rowe) * Terminal test still fails with some shell commands. * Using uninitialized memory when using 'listchars'. * Spelldump test sometimes hangs. * Some terminal tests are not retried. * Memory usage tests are not retried. * MS-Windows with MinGW: $CC may be "cc" instead of "gcc". * Interrupt not caught in test. * Build fails with small features. * Default cmdwin mappings are re-mappable. * Some callers of rettv_list_alloc() check for not OK. (Christ van Willegen) * Retab test disabled because it hangs on MS-Windows. * Mode not updated after CTRL-O CTRL-C in Insert mode. * Icon filetype not recognized from the first line. * No test for --gui-dialog-file. * Timer becomes invalid after fork/exec, :gui gives errors. (Gabriel Dupras) * Time limit on searchpair() does not work properly. * Search timeout is overrun with some patterns. * "limit" option of matchfuzzy() not always respected. * Crash when calling a Lua callback from a :def function. (Bohdan Makohin) * Searching for quotes may go over the end of the line. * Interrupt test sometimes fails. * Lisp indenting my run over the end of the line. * Using invalid index when looking for spell suggestions. * When syntax timeout test fails it does not show the time. * Substitute may overrun destination buffer. * Using assert_true() does not show value on failure. * Syntax highlighting disabled when using synID() in searchpair() skip expression and it times out. (Jaehwang Jung) * Timeout handling is not optimal. * Edit test for mode message fails when using valgrind. * Timeout implementation is not optimal. * :mkview test doesn't test much. * Function has confusing name. * Running configure gives warnings for main() return type. ++++ wpa_supplicant: - Remove Revert-DBus-Add-sae-to-interface-key_mgmt-capabilities.patch Fixed in NetworkManager (glfo#NetworkManager/NetworkManager#a0988868). Wifi cards, wich do not support PMF/BIP ciphers, should not use SAE as key management. (bsc#1195312) ------------------------------------------------------------------ ------------------ 2022-6-19 - Jun 19 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update to 5.19-rc3 - update configs - XILINX_INTC=y (OF architectures - i386, ppc64/ppc64le, riscv64) - commit e8495ca ++++ python-msgpack: - update to 1.0.4: * Support Python 3.11 (beta) * refresh ci settings. * Don't define _*ENDIAN macro on Unix. * Update setuptools and black * Use PyFloat_Pack8() on Python 3.11a7 * Upgrade black to fix CI * Fix Unpacker max_buffer_length handling * ci: Update action versions. ------------------------------------------------------------------ ------------------ 2022-6-17 - Jun 17 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.38.2: + Fix race condition with pppd that caused failures when activating PPPoE connections. + Unbreak DHCPv6 over PPP. + Don't ignore IPv6 DNS servers received from PPP. + Fix crash while checking WEP capability of Wi-Fi interfaces. + Ensure DHCP is restarted every time the link goes up. + Fix struct alignment issues seen on some architectures. + Various other bugfixes and improvements. ++++ cockpit: - css-overrides.patch: css overrides for better theming support ++++ cockpit-machines: - load-css-overrides.patch: css overrides for better theming support ++++ cockpit-podman: - load-css-overrides.patch: css overrides for better theming support ++++ librsvg: - Update to version 2.54.4: + Support CSS Color 4 syntax for . Opacities can be specified as numbers or percentages now, e.g. 0.5 or 50%. + Roll back minimum required version of Pango to 1.46.0. + Fix Windows NMake install when documentation is not built. ++++ gtk3: - Add dependency "python3x-gobject-Gdk if python3x-gobject" to the typelib package (boo#1200614). ++++ open-iscsi: - For Tumbleweed, moved logrotate files from user-specific directory /etc/logrotate.d to vendor-specific /usr/etc/logrotate.d (for Stefan Schubert ) ++++ pam: - Keep old directory in filelist for migration ------------------------------------------------------------------ ------------------ 2022-6-16 - Jun 16 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Linux 5.18.5 (bsc#1012628). - x86/speculation/mmio: Print SMT warning (bsc#1012628). - KVM: x86/speculation: Disable Fill buffer clear within guests (bsc#1012628). - x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (bsc#1012628). - x86/speculation/srbds: Update SRBDS mitigation selection (bsc#1012628). - x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (bsc#1012628). - x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (bsc#1012628). - x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (bsc#1012628). - x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (bsc#1012628). - x86/speculation: Add a common function for MD_CLEAR mitigation update (bsc#1012628). - x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (bsc#1012628). - Documentation: Add documentation for Processor MMIO Stale Data (bsc#1012628). - commit 0ac72f9 ++++ llvm15: - Update to version 14.0.5. * This release contains bug-fixes for the LLVM 14.0.0 release. This release is API and ABI compatible with 14.0.0. - Rebase llvm-do-not-install-static-libraries.patch. ++++ salt: - Fix PAM auth issue due missing check for PAM_ACCT_MGM return value (CVE-2022-22967) (bsc#1200566) - Added: * fix-for-cve-2022-22967-bsc-1200566.patch ------------------------------------------------------------------ ------------------ 2022-6-15 - Jun 15 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - let Mesa-libGL-devel require libX11-devel via pkgconfig(x11) (boo#1200559) ++++ Mesa-drivers: - let Mesa-libGL-devel require libX11-devel via pkgconfig(x11) (boo#1200559) ++++ chrony: - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ++++ kernel-default: - Linux 5.18.4 (bsc#1012628). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (bsc#1012628). - staging: greybus: codecs: fix type confusion of list iterator variable (bsc#1012628). - iio: adc: ad7124: Remove shift from scan_type (bsc#1012628). - soundwire: qcom: fix an error message in swrm_wait_for_frame_gen_enabled() (bsc#1012628). - remoteproc: mediatek: Fix side effect of mt8195 sram power on (bsc#1012628). - remoteproc: mtk_scp: Fix a potential double free (bsc#1012628). - lkdtm/bugs: Check for the NULL pointer after calling kmalloc (bsc#1012628). - lkdtm/bugs: Don't expect thread termination without CONFIG_UBSAN_TRAP (bsc#1012628). - tty: goldfish: Use tty_port_destroy() to destroy port (bsc#1012628). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (bsc#1012628). - tty: n_tty: Restore EOF push handling behavior (bsc#1012628). - serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (bsc#1012628). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (bsc#1012628). - remoteproc: imx_rproc: Ignore create mem entry for resource table (bsc#1012628). - phy: rockchip-inno-usb2: Fix muxed interrupt support (bsc#1012628). - staging: r8188eu: fix struct rt_firmware_hdr (bsc#1012628). - usb: usbip: fix a refcount leak in stub_probe() (bsc#1012628). - usb: usbip: add missing device lock on tweak configuration cmd (bsc#1012628). - USB: storage: karma: fix rio_karma_init return (bsc#1012628). - usb: musb: Fix missing of_node_put() in omap2430_probe (bsc#1012628). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (bsc#1012628). - pwm: lp3943: Fix duty calculation in case period was clamped (bsc#1012628). - pwm: raspberrypi-poe: Fix endianness in firmware struct (bsc#1012628). - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (bsc#1012628). - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (bsc#1012628). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (bsc#1012628). - scripts/get_abi: Fix wrong script file name in the help message (bsc#1012628). - misc: fastrpc: fix an incorrect NULL check on list iterator (bsc#1012628). - firmware: stratix10-svc: fix a missing check on list iterator (bsc#1012628). - usb: typec: mux: Check dev_set_name() return value (bsc#1012628). - rpmsg: virtio: Fix possible double free in rpmsg_probe() (bsc#1012628). - rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (bsc#1012628). - rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (bsc#1012628). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (bsc#1012628). - iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (bsc#1012628). - iio: adc: sc27xx: fix read big scale voltage not right (bsc#1012628). - iio: adc: sc27xx: Fine tune the scale calibration values (bsc#1012628). - rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (bsc#1012628). - misc/pvpanic: Convert regular spinlock into trylock on panic path (bsc#1012628). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (bsc#1012628). - power: supply: core: Initialize struct to zero (bsc#1012628). - power: supply: axp288_fuel_gauge: Fix battery reporting on the One Mix 1 (bsc#1012628). - power: supply: axp288_fuel_gauge: Drop BIOS version check from "T3 MRD" DMI quirk (bsc#1012628). - power: supply: ab8500_fg: Allocate wq in probe (bsc#1012628). - serial: sifive: Report actual baud base rather than fixed 115200 (bsc#1012628). - export: fix string handling of namespace in EXPORT_SYMBOL_NS (bsc#1012628). - watchdog: rzg2l_wdt: Fix 32bit overflow issue (bsc#1012628). - watchdog: rzg2l_wdt: Fix Runtime PM usage (bsc#1012628). - watchdog: rzg2l_wdt: Fix 'BUG: Invalid wait context' (bsc#1012628). - watchdog: rzg2l_wdt: Fix reset control imbalance (bsc#1012628). - soundwire: intel: prevent pm_runtime resume prior to system suspend (bsc#1012628). - soundwire: qcom: return error when pm_runtime_get_sync fails (bsc#1012628). - coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (bsc#1012628). - ksmbd: fix reference count leak in smb_check_perm_dacl() (bsc#1012628). - extcon: ptn5150: Add queue work sync before driver release (bsc#1012628). - dt-bindings: remoteproc: mediatek: Make l1tcm reg exclusive to mt819x (bsc#1012628). - soc: rockchip: Fix refcount leak in rockchip_grf_init (bsc#1012628). - clocksource/drivers/riscv: Events are stopped during CPU suspend (bsc#1012628). - ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (bsc#1012628). - rtc: mt6397: check return value after calling platform_get_resource() (bsc#1012628). - rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe (bsc#1012628). - staging: r8188eu: add check for kzalloc (bsc#1012628). - serial: meson: acquire port->lock in startup() (bsc#1012628). - Revert "serial: 8250_mtk: Make sure to select the right FEATURE_SEL" (bsc#1012628). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (bsc#1012628). - serial: cpm_uart: Fix build error without CONFIG_SERIAL_CPM_CONSOLE (bsc#1012628). - serial: uartlite: Fix BRKINT clearing (bsc#1012628). - serial: digicolor-usart: Don't allow CS5-6 (bsc#1012628). - serial: rda-uart: Don't allow CS5-6 (bsc#1012628). - serial: txx9: Don't allow CS5-6 (bsc#1012628). - serial: sh-sci: Don't allow CS5-6 (bsc#1012628). - serial: sifive: Sanitize CSIZE and c_iflag (bsc#1012628). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (bsc#1012628). - serial: stm32-usart: Correct CSIZE, bits, and parity (bsc#1012628). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (bsc#1012628). - bus: ti-sysc: Fix warnings for unbind for serial (bsc#1012628). - driver: base: fix UAF when driver_attach failed (bsc#1012628). - driver core: fix deadlock in __device_attach (bsc#1012628). - watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking (bsc#1012628). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (bsc#1012628). - blk-mq: don't touch ->tagset in blk_mq_get_sq_hctx (bsc#1012628). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (bsc#1012628). - scsi: sd: Don't call blk_cleanup_disk() in sd_probe() (bsc#1012628). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (bsc#1012628). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (bsc#1012628). - amt: fix return value of amt_update_handler() (bsc#1012628). - amt: fix possible memory leak in amt_rcv() (bsc#1012628). - net: ethernet: ti: am65-cpsw: Fix fwnode passed to phylink_create() (bsc#1012628). - net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is unavailable (bsc#1012628). - spi: fsi: Fix spurious timeout (bsc#1012628). - drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq() (bsc#1012628). - net: lan966x: check devm_of_phy_get() for -EDEFER_PROBE (bsc#1012628). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1012628). - net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (bsc#1012628). - net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks (bsc#1012628). - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (bsc#1012628). - modpost: fix removing numeric suffixes (bsc#1012628). - block, loop: support partitions without scanning (bsc#1012628). - ep93xx: clock: Do not return the address of the freed memory (bsc#1012628). - jffs2: fix memory leak in jffs2_do_fill_super (bsc#1012628). - ubi: fastmap: Fix high cpu usage of ubi_bgt by making sure wl_pool not empty (bsc#1012628). - ubi: ubi_create_volume: Fix use-after-free when volume creation failed (bsc#1012628). - selftests/bpf: fix stacktrace_build_id with missing kprobe/urandom_read (bsc#1012628). - bpf: Fix probe read error in ___bpf_prog_run() (bsc#1012628). - block: take destination bvec offsets into account in bio_copy_data_iter (bsc#1012628). - nbd: don't clear 'NBD_CMD_INFLIGHT' flag if request is not completed (bsc#1012628). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (bsc#1012628). - riscv: read-only pages should not be writable (bsc#1012628). - net/smc: fixes for converting from "struct smc_cdc_tx_pend **" to "struct smc_wr_tx_pend_priv *" (bsc#1012628). - tcp: add accessors to read/set tp->snd_cwnd (bsc#1012628). - nfp: only report pause frame configuration for physical device (bsc#1012628). - block: use bio_queue_enter instead of blk_queue_enter in bio_poll (bsc#1012628). - bonding: NS target should accept link local address (bsc#1012628). - sfc: fix considering that all channels have TX queues (bsc#1012628). - sfc: fix wrong tx channel offset with efx_separate_tx_channels (bsc#1012628). - block: make bioset_exit() fully resilient against being called twice (bsc#1012628). - sched/autogroup: Fix sysctl move (bsc#1012628). - blk-mq: do not update io_ticks with passthrough requests (bsc#1012628). - net: phy: at803x: disable WOL at probe (bsc#1012628). - bonding: show NS IPv6 targets in proc master info (bsc#1012628). - erofs: fix 'backmost' member of z_erofs_decompress_frontend (bsc#1012628). - vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (bsc#1012628). - virtio: pci: Fix an error handling path in vp_modern_probe() (bsc#1012628). - net/mlx5: Don't use already freed action pointer (bsc#1012628). - net/mlx5e: TC NIC mode, fix tc chains miss table (bsc#1012628). - net/mlx5: CT: Fix header-rewrite re-use for tupels (bsc#1012628). - net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (bsc#1012628). - net/mlx5: correct ECE offset in query qp output (bsc#1012628). - net/mlx5e: Update netdev features after changing XDP state (bsc#1012628). - net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1012628). - tcp: tcp_rtx_synack() can be called from process context (bsc#1012628). - vdpa: ifcvf: set pci driver data in probe (bsc#1012628). - bonding: guard ns_targets by CONFIG_IPV6 (bsc#1012628). - octeontx2-af: fix error code in is_valid_offset() (bsc#1012628). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (bsc#1012628). - regulator: mt6315-regulator: fix invalid allowed mode (bsc#1012628). - net: ping6: Fix ping -6 with interface name (bsc#1012628). - net/sched: act_api: fix error code in tcf_ct_flow_table_fill_tuple_ipv6() (bsc#1012628). - gpio: pca953x: use the correct register address to do regcache sync (bsc#1012628). - afs: Fix infinite loop found by xfstest generic/676 (bsc#1012628). - drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (bsc#1012628). - scsi: sd: Fix potential NULL pointer dereference (bsc#1012628). - ax25: Fix ax25 session cleanup problems (bsc#1012628). - nfp: remove padding in nfp_nfdk_tx_desc (bsc#1012628). - tipc: check attribute length for bearer name (bsc#1012628). - driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction (bsc#1012628). - perf evsel: Fixes topdown events in a weak group for the hybrid platform (bsc#1012628). - perf parse-events: Move slots event for the hybrid platform too (bsc#1012628). - perf record: Support sample-read topdown metric group for hybrid platforms (bsc#1012628). - perf c2c: Fix sorting in percent_rmt_hitm_cmp() (bsc#1012628). - Bluetooth: MGMT: Add conditions for setting HCI_CONN_FLAG_REMOTE_WAKEUP (bsc#1012628). - Bluetooth: hci_sync: Fix attempting to suspend with unfiltered passive scan (bsc#1012628). - bluetooth: don't use bitmaps for random flag accesses (bsc#1012628). - dmaengine: idxd: set DMA_INTERRUPT cap bit (bsc#1012628). - mips: cpc: Fix refcount leak in mips_cpc_default_phys_base (bsc#1012628). - bootconfig: Make the bootconfig.o as a normal object file (bsc#1012628). - tracing: Make tp_printk work on syscall tracepoints (bsc#1012628). - tracing: Fix sleeping function called from invalid context on RT kernel (bsc#1012628). - tracing: Avoid adding tracer option before update_tracer_options (bsc#1012628). - i2c: mediatek: Optimize master_xfer() and avoid circular locking (bsc#1012628). - iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (bsc#1012628). - iommu/arm-smmu-v3: check return value after calling platform_get_resource() (bsc#1012628). - f2fs: remove WARN_ON in f2fs_is_valid_blkaddr (bsc#1012628). - f2fs: avoid infinite loop to flush node pages (bsc#1012628). - i2c: cadence: Increase timeout per message if necessary (bsc#1012628). - m68knommu: set ZERO_PAGE() to the allocated zeroed page (bsc#1012628). - m68knommu: fix undefined reference to `_init_sp' (bsc#1012628). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (bsc#1012628). - NFSv4: Don't hold the layoutget locks across multiple RPC calls (bsc#1012628). - video: fbdev: hyperv_fb: Allow resolutions with size > 64 MB for Gen1 (bsc#1012628). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (bsc#1012628). - RISC-V: use memcpy for kexec_file mode (bsc#1012628). - m68knommu: fix undefined reference to `mach_get_rtc_pll' (bsc#1012628). - rtla/Makefile: Properly handle dependencies (bsc#1012628). - f2fs: fix to tag gcing flag on page during file defragment (bsc#1012628). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (bsc#1012628). - drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid (bsc#1012628). - drm/panfrost: Job should reference MMU not file_priv (bsc#1012628). - powerpc/papr_scm: don't requests stats with '0' sized stats buffer (bsc#1012628). - netfilter: nat: really support inet nat without l3 address (bsc#1012628). - netfilter: nf_tables: use kfree_rcu(ptr, rcu) to release hooks in clean_net path (bsc#1012628). - netfilter: nf_tables: delete flowtable hooks via transaction list (bsc#1012628). - powerpc/kasan: Force thread size increase with KASAN (bsc#1012628). - NFSD: Fix potential use-after-free in nfsd_file_put() (bsc#1012628). - SUNRPC: Trap RDMA segment overflows (bsc#1012628). - netfilter: nf_tables: always initialize flowtable hook list in transaction (bsc#1012628). - ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (bsc#1012628). - netfilter: nf_tables: release new hooks on unsupported flowtable flags (bsc#1012628). - netfilter: nf_tables: memleak flow rule from commit path (bsc#1012628). - netfilter: nf_tables: bail out early if hardware offload is not supported (bsc#1012628). - amt: fix wrong usage of pskb_may_pull() (bsc#1012628). - amt: fix possible null-ptr-deref in amt_rcv() (bsc#1012628). - amt: fix wrong type string definition (bsc#1012628). - net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register (bsc#1012628). - xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (bsc#1012628). - stmmac: intel: Fix an error handling path in intel_eth_pci_probe() (bsc#1012628). - af_unix: Fix a data-race in unix_dgram_peer_wake_me() (bsc#1012628). - selftests net: fix bpf build error (bsc#1012628). - x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() (bsc#1012628). - bpf, arm64: Clear prog->jited_len along prog->jited (bsc#1012628). - net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (bsc#1012628). - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (bsc#1012628). - xsk: Fix handling of invalid descriptors in XSK TX batching API (bsc#1012628). - drm/amdgpu: fix limiting AV1 to the first instance on VCN3 (bsc#1012628). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (bsc#1012628). - net: mdio: unexport __init-annotated mdio_bus_init() (bsc#1012628). - net: xfrm: unexport __init-annotated xfrm4_protocol_init() (bsc#1012628). - net: ipv6: unexport __init-annotated seg6_hmac_init() (bsc#1012628). - net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules (bsc#1012628). - net/mlx5: Lag, filter non compatible devices (bsc#1012628). - net/mlx5: Fix mlx5_get_next_dev() peer device matching (bsc#1012628). - net/mlx5: Rearm the FW tracer after each tracer event (bsc#1012628). - net/mlx5: fs, fail conflicting actions (bsc#1012628). - ip_gre: test csum_start instead of transport header (bsc#1012628). - net: altera: Fix refcount leak in altera_tse_mdio_create (bsc#1012628). - net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete (bsc#1012628). - net: dsa: realtek: rtl8365mb: fix GMII caps for ports with internal PHY (bsc#1012628). - tcp: use alloc_large_system_hash() to allocate table_perturb (bsc#1012628). - drm: imx: fix compiler warning with gcc-12 (bsc#1012628). - nfp: flower: restructure flow-key for gre+vlan combination (bsc#1012628). - net: seg6: fix seg6_lookup_any_nexthop() to handle VRFs using flowi_l3mdev (bsc#1012628). - iov_iter: Fix iter_xarray_get_pages{,_alloc}() (bsc#1012628). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (bsc#1012628). - staging: rtl8712: fix a potential memory leak in r871xu_drv_init() (bsc#1012628). - iio: st_sensors: Add a local lock for protecting odr (bsc#1012628). - lkdtm/usercopy: Expand size of "out of frame" object (bsc#1012628). - drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() (bsc#1012628). - drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() (bsc#1012628). - drivers: staging: rtl8192eu: Fix deadlock in rtw_joinbss_event_prehandle (bsc#1012628). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (bsc#1012628). - tty: Fix a possible resource leak in icom_probe (bsc#1012628). - thunderbolt: Use different lane for second DisplayPort tunnel (bsc#1012628). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (bsc#1012628). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (bsc#1012628). - USB: host: isp116x: check return value after calling platform_get_resource() (bsc#1012628). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (bsc#1012628). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (bsc#1012628). - USB: hcd-pci: Fully suspend across freeze/thaw cycle (bsc#1012628). - char: xillybus: fix a refcount leak in cleanup_dev() (bsc#1012628). - sysrq: do not omit current cpu when showing backtrace of all active CPUs (bsc#1012628). - usb: dwc2: gadget: don't reset gadget's driver->bus (bsc#1012628). - usb: dwc3: host: Stop setting the ACPI companion (bsc#1012628). - usb: dwc3: gadget: Only End Transfer for ep0 data phase (bsc#1012628). - soundwire: qcom: adjust autoenumeration timeout (bsc#1012628). - misc: rtsx: set NULL intfdata when probe fails (bsc#1012628). - extcon: Fix extcon_get_extcon_dev() error handling (bsc#1012628). - extcon: Modify extcon device to be created after driver data is set (bsc#1012628). - clocksource/drivers/sp804: Avoid error on multiple instances (bsc#1012628). - staging: rtl8712: fix uninit-value in usb_read8() and friends (bsc#1012628). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (bsc#1012628). - serial: msm_serial: disable interrupts in __msm_console_write() (bsc#1012628). - kernfs: Separate kernfs_pr_cont_buf and rename_lock (bsc#1012628). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (bsc#1012628). - ksmbd: smbd: fix connection dropped issue (bsc#1012628). - md: protect md_unregister_thread from reentrancy (bsc#1012628). - ASoC: SOF: amd: Fixed Build error (bsc#1012628). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (bsc#1012628). - ASoC: rt5640: Do not manipulate pin "Platform Clock" if the "Platform Clock" is not in the DAPM (bsc#1012628). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1012628). - ceph: flush the mdlog for filesystem sync (bsc#1012628). - ceph: fix possible deadlock when holding Fwb to get inline_data (bsc#1012628). - net, neigh: Set lower cap for neigh_managed_work rearming (bsc#1012628). - drm/amd/display: Check if modulo is 0 before dividing (bsc#1012628). - drm/amd/display: Check zero planes for OTG disable W/A on clock change (bsc#1012628). - drm/radeon: fix a possible null pointer dereference (bsc#1012628). - drm/amd/pm: fix a potential gpu_metrics_table memory leak (bsc#1012628). - drm/amd/pm: Fix missing thermal throttler status (bsc#1012628). - drm/amd/pm: correct the metrics version for SMU 11.0.11/12/13 (bsc#1012628). - um: line: Use separate IRQs per line (bsc#1012628). - modpost: fix undefined behavior of is_arm_mapping_symbol() (bsc#1012628). - objtool: Mark __ubsan_handle_builtin_unreachable() as noreturn (bsc#1012628). - x86/cpu: Elide KCSAN for cpu_has() and friends (bsc#1012628). - jump_label,noinstr: Avoid instrumentation for JUMP_LABEL=n builds (bsc#1012628). - nbd: call genl_unregister_family() first in nbd_cleanup() (bsc#1012628). - nbd: fix race between nbd_alloc_config() and module removal (bsc#1012628). - nbd: fix io hung while disconnecting device (bsc#1012628). - Revert "PCI: brcmstb: Do not turn off WOL regulators on suspend" (bsc#1012628). - Revert "PCI: brcmstb: Add control of subdevice voltage regulators" (bsc#1012628). - Revert "PCI: brcmstb: Add mechanism to turn on subdev regulators" (bsc#1012628). - Revert "PCI: brcmstb: Split brcm_pcie_setup() into two funcs" (bsc#1012628). - cifs: fix potential deadlock in direct reclaim (bsc#1012628). - s390/gmap: voluntarily schedule during key setting (bsc#1012628). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1012628). - drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate (bsc#1012628). - nodemask: Fix return values to be unsigned (bsc#1012628). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1012628). - vringh: Fix loop descriptors check in the indirect cases (bsc#1012628). - platform/x86: barco-p50-gpio: Add check for platform_driver_register (bsc#1012628). - scripts/gdb: change kernel config dumping method (bsc#1012628). - platform/x86: hp-wmi: Resolve WMI query failures on some devices (bsc#1012628). - platform/x86: hp-wmi: Use zero insize parameter only when supported (bsc#1012628). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (bsc#1012628). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (bsc#1012628). - ALSA: hda/conexant - Fix loopback issue with CX20632 (bsc#1012628). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021 (bsc#1012628). - ALSA: hda/realtek: Add quirk for HP Dev One (bsc#1012628). - cifs: return errors during session setup during reconnects (bsc#1012628). - cifs: fix reconnect on smb3 mount types (bsc#1012628). - cifs: populate empty hostnames for extra channels (bsc#1012628). - scsi: sd: Fix interpretation of VPD B9h length (bsc#1012628). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1012628). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1012628). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1012628). - KVM: x86/mmu: Check every prev_roots in __kvm_mmu_free_obsolete_roots() (bsc#1012628). - KVM: SVM: fix tsc scaling cache logic (bsc#1012628). - filemap: Cache the value of vm_flags (bsc#1012628). - KEYS: trusted: tpm2: Fix migratable logic (bsc#1012628). - libata: fix reading concurrent positioning ranges log (bsc#1012628). - libata: fix translation of concurrent positioning ranges (bsc#1012628). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (bsc#1012628). - mmc: sdhci-pci-gli: Fix GL9763E runtime PM when the system resumes from suspend (bsc#1012628). - mmc: block: Fix CQE recovery reset success (bsc#1012628). - net: phy: dp83867: retrigger SGMII AN when link change (bsc#1012628). - net: openvswitch: fix misuse of the cached connection on tuple changes (bsc#1012628). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1012628). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (bsc#1012628). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (bsc#1012628). - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (bsc#1012628). - ixgbe: fix bcast packets Rx on VF after promisc removal (bsc#1012628). - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (bsc#1012628). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (bsc#1012628). - vduse: Fix NULL pointer dereference on sysfs access (bsc#1012628). - cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (bsc#1012628). - mm/huge_memory: Fix xarray node memory leak (bsc#1012628). - powerpc: Don't select HAVE_IRQ_EXIT_ON_IRQ_STACK (bsc#1012628). - drm/amdkfd:Fix fw version for 10.3.6 (bsc#1012628). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (bsc#1012628). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (bsc#1012628). - drm/amdgpu/jpeg2: Add jpeg vmid update under IB submit (bsc#1012628). - drm/amd/display: remove stale config guards (bsc#1012628). - drm/amdgpu: update VCN codec support for Yellow Carp (bsc#1012628). - virtio-rng: make device ready before making request (bsc#1012628). - powerpc/32: Fix overread/overwrite of thread_struct via ptrace (bsc#1012628). - random: avoid checking crng_ready() twice in random_init() (bsc#1012628). - random: mark bootloader randomness code as __init (bsc#1012628). - random: account for arch randomness in bits (bsc#1012628). - md/raid0: Ignore RAID0 layout if the second zone has only one device (bsc#1012628). - zonefs: fix handling of explicit_open option on mount (bsc#1012628). - iov_iter: fix build issue due to possible type mis-match (bsc#1012628). - dmaengine: idxd: add missing callback function to support DMA_INTERRUPT (bsc#1012628). - tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1012628). - net/mlx5: E-Switch, pair only capable devices (bsc#1012628). - Update config files. - commit c6d8e6e ++++ libcontainers-common: - Use $() again in %post, but with a space for POSIX compliance ++++ libnettle: - Make shared libraries executable ++++ libvorbis: - Remove bad %defattr - not needed and causes SHLIB non-executable rpmlint error ++++ libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag. - version 17.30.2 (22) ++++ python-PyYAML: - Clean up the SPEC file. ++++ zypper: - Basic JobReport for "cmdout/monitor". - versioncmp: if verbose, also print the edition 'parts' which are compared. - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally (fixes #433) - Honor the NO_COLOR environment variable when auto-detecting whether to use color (fixes #432) - Define table columns which should be sorted natural [case insensitive] (fixes #391, closes #396, fixes #424) - lr/ls: Use highlight color on name and alias as well. - version 1.14.53 ------------------------------------------------------------------ ------------------ 2022-6-14 - Jun 14 2022 ------------------- ------------------------------------------------------------------ ++++ filesystem: - Add Serbian (sr) man pages directory - Add /usr/etc/logrotate.d ++++ kernel-default: - kernel-binary.spec: check s390x vmlinux location As a side effect of mainline commit edd4a8667355 ("s390/boot: get rid of startup archive"), vmlinux on s390x moved from "compressed" subdirectory directly into arch/s390/boot. As the specfile is shared among branches, check both locations and let objcopy use one that exists. - commit cd15543 - Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442) - commit 93b1375 ++++ libcontainers-common: - Add missing Requires(post): sed, fixes boo#1200524 - Make %post compatible with dash ++++ libvirt: - spec: Closer alignment with upstream spec file, including enabling more unit tests ++++ systemd-presets-common-SUSE: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter "user", the save/apply-changes commands now work with user services instead of system ones (boo#1200485) ------------------------------------------------------------------ ------------------ 2022-6-13 - Jun 13 2022 ------------------- ------------------------------------------------------------------ ++++ btrfsprogs: - update to 5.18.1: * fixes: * convert: fix self reference of toplevel directory * build: make kernel lib headers compatible with C++ * zoned mode: verify minimum zone size 4MiB * libbtrfs: cleanups, merge headers and remove declarations of unexported symbols * other: documentation updates ++++ cockpit-machines: - Update to 271.2: * Fix test/reference setup in release tarball for tests ++++ file: - Update to 5.42: * PR/348: add missing cases to prevent file from aborting on random magic files. * PR/351: octalify filenames when not raw before printing. * fix regex cacheing bug (Dirk Mueller) * merge file_regcomp and file_regerror() to simplify the code and reduce memory requirements for storing regexes (Dirk Mueller) * cache regex (Dirk Mueller) * detect filesystem full by flushing output (Dirk Mueller) * implement running decompressor programs using posix_spawnp(2) instead of vfork(2) * Add support for msdos dates and times * use the system byte swapping functions if available (Werner Fink) - Port patches * file-5.17-option.dif * file-5.19-biorad.dif * file-5.19-printf.dif * file-5.19-zip2.0.dif * file-5.28-btrfs-image.dif * file-secure_getenv.patch - Remove patches now upstream * file-5.23-endian.patch * file-5.41-cache-regexps-locale-restore.patch * file-5.41-cache-regexps.patch - Port and rename patch file-5.41.dif which is now file-5.42.dif ++++ k3s-install: - Update to version 1.24.1+k3s1: * Set default egress-selector-mode to agent * Remove control-plane egress context and fix agent mode. * Refactor egress-selector pods mode to watch pods * Bump containerd and runc * Update flaky tests for v1.24 (#5625) * Revert "Give kubelet the node-ip value (#5579)" * Re-add --cloud-provider=external kubelet arg * Update to v1.24.1 (#5616) * Bump dynamiclistener to v0.3.3 * remove dweomer from maintainers (#5582) * Add support for configuring the EgressSelector mode * Give kubelet the node-ip value (#5579) * Remove errant unversioned etcd go.mod entry * Remove objects when removed from manifests (#5560) * Add apparmor-parser to OpenSUSE/SLE Micro test VMs * Bump sonobuoy version and fix deprecated arg * Build standalone containerd 1.6 * Remove --docker/dockershim support * Always set pod-infra-container-image to protect it from image GC * Remove deprecated flags from cloud-controller-manager * Remove deprecated flags from kube-apiserver * Remove deprecated flags from kubelet * Update Kubernetes to v1.24 * Bump golang to 1.18.1 * Update CNI version in config file * Fix typo in image scan script * Mark v1.23.6+k3s1 stable * Add "ipFamilyPolicy: PreferDualStack" to have dual-stack ingress support * Move auto-generated resolv.conf out of /tmp to prevent accidental cleanup * Check if user has a correct cluster-cidr and service-cidr config * Replace DefaultProxyDialerFn dialer injection with EgressSelector support * Ensure that WaitForAPIServerReady always re-dials through the loadbalancer * Don't start embedded kubelet until after apiserver is up * Add new `k3s completion` command for shell completion (#5461) * Use ListWatch helpers instead of bare List/Watch * server: Allow to enable network policies with IPv6-only * agent(netpol): Explicitly enable IPv4 when necessary * Bump kine to v0.9.1 for nats.io support * Make supervisor errors parsable by Kubernetes client libs * Drop unnecessary intermediate variable * Add systemd cgroup controller support * Add CNI Plugins and Flannel version to build scripts ++++ kernel-default: - drm/format-helper: Add RGB565-to-XRGB8888 conversion (boo#1193472) - commit b55db46 - drm/format-helper: Add RGB888-to-XRGB8888 conversion (boo#1193472) - commit 24daa98 - drm/format-helper: Print warning on missing format conversion (boo#1193472) - commit 4895b27 - config: add CC_NO_ARRAY_BOUNDS=y Mainline commit f0be87c42cbd ("gcc-12: disable '-Warray-bounds' universally for now") adds new config option CONFIG_CC_NO_ARRAY_BOUNDS which is only present for gcc12 (and not future gcc >= 13). Therefore it is not added with dummy gcc which pretends to be gcc20 but it is with Factory gcc12, resulting in failed "missing config option" check. As a quick hack, add CONFIG_CC_NO_ARRAY_BOUNDS=y to all full configs until we have a more robust solution (manually added config option won't survive a config update with run_oldconfig.sh). - commit b2fb712 - config: refresh - commit dbcb5bd - Update to 5.19-rc2 - drop obsolete patch - patches.suse/drm-amdgpu-always-flush-the-TLB-on-gfx8.patch - update configs - XEN_VIRTIO=y (x86 only) - commit 02193c9 ++++ ncurses: - Add ncurses patch 20220612 + modify waddch_literal() to allow for double-width base character when merging a combining character (report by Gavin Troy). + improve _tracecchar_t2() formatting of base+combining character. ++++ vim: - Updated to version 8.2.5083, fixes the following problems - CVE-2022-2042 - boo#1200471 - CVE-2022-2000 - boo#1200405 - CVE-2022-1968 - boo#1200270 - CVE-2022-1942 - boo#1200125 * A finished terminal in a popup window does not show a scrollbar. * Confusing error if first argument of popup_create() is wrong. * Scrollbar thumb in scrolled popup not visible. * Cannot close a terminal popup with "NONE" job. * Scrollbar thumb in tall scrolled popup not visible. * Can open a cmdline window from a substitute expression. * Command line test fails. * Can escape a terminal popup window when the job is finished. * vim_regsub() can overwrite the destination. * CurSearch highlight is often wrong. * When using XIM the gui test may fail. * Insufficient tests for autocommands. * Using freed memory when searching for pattern in path. * Check for autocmd_add() event argument is confusing. * CI checkout step title is a bit cryptic. * Cannot have a comment halfway an expression in an autocmd command block. * No good filetype for conf files similar to dosini. * Statusline is not updated when terminal title changes. * The channel log only contains some of the raw terminal output. * Using gettimeofday() for timeout is very inefficient. * input() does not handle composing characters properly. * Autoconf 2.71 produces many obsolete warnings. * Running configure fails. * C89 requires signal handlers to return void. * Coverity warns for dead code. * Error for a command may go over the end of IObuff. * No test for what 8.1.0052 fixes. * Wrong return type for main() in tee.c. * Can specify multispace listchars only for whole line. * Timer_create is not available on every Mac system. (Hisashi T Fujinaka) * Gcc 12.1 warning when building tee. * Unnecessary code. * With some Mac OS version clockid_t is redefined. * Using uninitialized value and freed memory in spell command. * Clang on MS-Windows produces warnings. * Spell test fails on MS-Windows. * Clang gives an out of bounds warning. * Unnecessary code. * Various warnings from clang on MS-Windows. * Substitute test has a one second delay. * DirChanged autocommand may use freed memory. (Shane-XB Qian) * When indenting gets out of hand it is hard to stop. * Retab test fails. ------------------------------------------------------------------ ------------------ 2022-6-12 - Jun 12 2022 ------------------- ------------------------------------------------------------------ ++++ mozilla-nss: - update to NSS 3.79 * bmo#205717 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. * bmo#1766907 - Update mercurial in clang-format docker image. * bmo#1454072 - Use of uninitialized pointer in lg_init after alloc fail. * bmo#1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. * bmo#1753315 - Add SECMOD_LockedModuleHasRemovableSlots. * bmo#1387919 - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. * bmo#1765753 - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. * bmo#1765753 - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. * bmo#1764788 - Correct invalid record inner and outer content type alerts. * bmo#1757075 - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. * bmo#1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle. * bmo#1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. * bmo#1769302 - NSS 3.79 should depend on NSPR 4.34 ------------------------------------------------------------------ ------------------ 2022-6-10 - Jun 10 2022 ------------------- ------------------------------------------------------------------ ++++ cockpit: - new version 271 https://cockpit-project.org/blog/cockpit-271.html - cockpit-redhatfont.diff: not needed, dropped - 0001-selinux-allow-login-to-read-motd-file.patch, hide-docs.patch, hide-pcp.patch remove-pwscore.patch: refreshed ++++ cockpit-machines: - Update to 271.1: https://github.com/cockpit-project/cockpit-machines/releases/tag/270.1 ++++ cockpit-podman: - new version 49.1 https://github.com/cockpit-project/cockpit-podman/releases/tag/49.1 ++++ kernel-default: - Add parameter to disable simple-framebuffer devices (boo#1193472) Temporary workaround for simpledrm bugs. - commit 1d1dbce - drivers/firmware: skip simpledrm if nvidia-drm.modeset=1 is set (boo#1193472) Temporary workaround for nvidia.ko with simpledrm. - commit c35bbe0 - drm/client: Don't add new command-line mode (boo#1193472) Backported for simpledrm support. - commit 141a4fc - drm/client: Look for command-line modes first (boo#1193472) Backported for simpledrm support. - commit 1bf947f - drm: Always warn if user-defined modes are not supported (boo#1193472) Backported for simpledrm support. - commit 95c4112 ------------------------------------------------------------------ ------------------ 2022-6-9 - Jun 9 2022 ------------------- ------------------------------------------------------------------ ++++ glibc: - Set SUSE_ZNOW=0 ++++ kernel-default: - Linux 5.18.3 (bsc#1012628). - binfmt_flat: do not stop relocating GOT entries prematurely on riscv (bsc#1012628). - parisc: fix a crash with multicore scheduler (bsc#1012628). - parisc/stifb: Implement fb_is_primary_device() (bsc#1012628). - parisc/stifb: Keep track of hardware path of graphics card (bsc#1012628). - RISC-V: Mark IORESOURCE_EXCLUSIVE for reserved mem instead of IORESOURCE_BUSY (bsc#1012628). - riscv: Initialize thread pointer before calling C functions (bsc#1012628). - riscv: Fix irq_work when SMP is disabled (bsc#1012628). - riscv: Wire up memfd_secret in UAPI header (bsc#1012628). - riscv: Move alternative length validation into subsection (bsc#1012628). - ALSA: hda/realtek - Add new type for ALC245 (bsc#1012628). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (bsc#1012628). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (bsc#1012628). - ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1012628). - USB: serial: pl2303: fix type detection for odd device (bsc#1012628). - USB: serial: option: add Quectel BG95 modem (bsc#1012628). - USB: new quirk for Dell Gen 2 devices (bsc#1012628). - usb: isp1760: Fix out-of-bounds array access (bsc#1012628). - usb: dwc3: gadget: Move null pinter check to proper place (bsc#1012628). - usb: core: hcd: Add support for deferring roothub registration (bsc#1012628). - fs/ntfs3: provide block_invalidate_folio to fix memory leak (bsc#1012628). - fs/ntfs3: Update valid size if -EIOCBQUEUED (bsc#1012628). - fs/ntfs3: Fix fiemap + fix shrink file size (to remove preallocated space) (bsc#1012628). - fs/ntfs3: Keep preallocated only if option prealloc enabled (bsc#1012628). - fs/ntfs3: Check new size for limits (bsc#1012628). - fs/ntfs3: In function ntfs_set_acl_ex do not change inode->i_mode if called from function ntfs_init_acl (bsc#1012628). - fs/ntfs3: Fix some memory leaks in an error handling path of 'log_replay()' (bsc#1012628). - fs/ntfs3: Update i_ctime when xattr is added (bsc#1012628). - fs/ntfs3: Restore ntfs_xattr_get_acl and ntfs_xattr_set_acl functions (bsc#1012628). - cifs: don't call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1012628). - cifs: fix ntlmssp on old servers (bsc#1012628). - cifs: fix potential double free during failed mount (bsc#1012628). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1012628). - xhci: Set HCD flag to defer primary roothub registration (bsc#1012628). - xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI (bsc#1012628). - platform/x86: intel-hid: fix _DSM function index handling (bsc#1012628). - x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (bsc#1012628). - perf/x86/intel: Fix event constraints for ICL (bsc#1012628). - x86/kexec: fix memory leak of elf header buffer (bsc#1012628). - x86/sgx: Set active memcg prior to shmem allocation (bsc#1012628). - kthread: Don't allocate kthread_struct for init and umh (bsc#1012628). - ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP (bsc#1012628). - ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP (bsc#1012628). - ptrace: Reimplement PTRACE_KILL by always sending SIGKILL (bsc#1012628). - btrfs: add "0x" prefix for unsupported optional features (bsc#1012628). - btrfs: return correct error number for __extent_writepage_io() (bsc#1012628). - btrfs: repair super block num_devices automatically (bsc#1012628). - btrfs: fix the error handling for submit_extent_page() for btrfs_do_readpage() (bsc#1012628). - btrfs: fix deadlock between concurrent dio writes when low on free data space (bsc#1012628). - btrfs: zoned: properly finish block group on metadata write (bsc#1012628). - btrfs: zoned: zone finish unused block group (bsc#1012628). - btrfs: zoned: finish block group when there are no more allocatable bytes left (bsc#1012628). - btrfs: zoned: fix comparison of alloc_offset vs meta_write_pointer (bsc#1012628). - iommu/vt-d: Add RPLS to quirk list to skip TE disabling (bsc#1012628). - drm/selftests: fix a shift-out-of-bounds bug (bsc#1012628). - drm/vmwgfx: validate the screen formats (bsc#1012628). - ath11k: fix the warning of dev_wake in mhi_pm_disable_transition() (bsc#1012628). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (bsc#1012628). - selftests/bpf: Fix vfs_link kprobe definition (bsc#1012628). - selftests/bpf: Fix parsing of prog types in UAPI hdr for bpftool sync (bsc#1012628). - ath11k: Change max no of active probe SSID and BSSID to fw capability (bsc#1012628). - selftests/bpf: Fix file descriptor leak in load_kallsyms() (bsc#1012628). - rtw89: ser: fix CAM leaks occurring in L2 reset (bsc#1012628). - rtw89: fix misconfiguration on hw_scan channel time (bsc#1012628). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (bsc#1012628). - b43legacy: Fix assigning negative value to unsigned variable (bsc#1012628). - b43: Fix assigning negative value to unsigned variable (bsc#1012628). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (bsc#1012628). - ipv6: fix locking issues with loops over idev->addr_list (bsc#1012628). - fbcon: Consistently protect deferred_takeover with console_lock() (bsc#1012628). - x86/platform/uv: Update TSC sync state for UV5 (bsc#1012628). - ACPICA: Avoid cache flush inside virtual machines (bsc#1012628). - libbpf: Fix a bug with checking bpf_probe_read_kernel() support in old kernels (bsc#1012628). - mac80211: minstrel_ht: fix where rate stats are stored (fixes debugfs output) (bsc#1012628). - drm/komeda: return early if drm_universal_plane_init() fails (bsc#1012628). - drm/amd/display: Disabling Z10 on DCN31 (bsc#1012628). - rcu-tasks: Fix race in schedule and flush work (bsc#1012628). - rcu-tasks: Handle sparse cpu_possible_mask in rcu_tasks_invoke_cbs() (bsc#1012628). - rcu: Make TASKS_RUDE_RCU select IRQ_WORK (bsc#1012628). - sfc: ef10: Fix assigning negative value to unsigned variable (bsc#1012628). - ALSA: jack: Access input_dev under mutex (bsc#1012628). - rtw88: fix incorrect frequency reported (bsc#1012628). - rtw88: 8821c: fix debugfs rssi value (bsc#1012628). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (bsc#1012628). - tools/power turbostat: fix ICX DRAM power numbers (bsc#1012628). - tcp: consume incoming skb leading to a reset (bsc#1012628). - loop: implement ->free_disk (bsc#1012628). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1012628). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1012628). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1012628). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1012628). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1012628). - cpuidle: PSCI: Improve support for suspend-to-RAM for PSCI OSI mode (bsc#1012628). - drm/amdgpu/pm: fix the null pointer while the smu is disabled (bsc#1012628). - drm/amd/pm: fix double free in si_parse_power_table() (bsc#1012628). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_status_clear() (bsc#1012628). - ASoC: rsnd: care return value from rsnd_node_fixed_index() (bsc#1012628). - net: macb: In ZynqMP initialization make SGMII phy configuration optional (bsc#1012628). - ath9k: fix QCA9561 PA bias level (bsc#1012628). - media: Revert "media: dw9768: activate runtime PM and turn off device" (bsc#1012628). - media: i2c: dw9714: Disable the regulator when the driver fails to probe (bsc#1012628). - media: venus: hfi: avoid null dereference in deinit (bsc#1012628). - media: venus: do not queue internal buffers from previous sequence (bsc#1012628). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (bsc#1012628). - media: cx25821: Fix the warning when removing the module (bsc#1012628). - md/bitmap: don't set sb values if can't pass sanity check (bsc#1012628). - mmc: jz4740: Apply DMA engine limits to maximum segment size (bsc#1012628). - drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit (bsc#1012628). - scsi: megaraid: Fix error check return value of register_chrdev() (bsc#1012628). - drm/amdgpu/sdma: Fix incorrect calculations of the wptr of the doorbells (bsc#1012628). - scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() (bsc#1012628). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1012628). - ath11k: disable spectral scan during spectral deinit (bsc#1012628). - ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408 (bsc#1012628). - drm/plane: Move range check for format_count earlier (bsc#1012628). - drm/amdkfd: Fix circular lock dependency warning (bsc#1012628). - drm/amd/pm: fix the compile warning (bsc#1012628). - ath10k: skip ath10k_halt during suspend for driver state RESTARTING (bsc#1012628). - arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (bsc#1012628). - drm: msm: fix error check return value of irq_of_parse_and_map() (bsc#1012628). - drm/msm/dpu: Clean up CRC debug logs (bsc#1012628). - xtensa: move trace_hardirqs_off call back to entry.S (bsc#1012628). - ath11k: fix warning of not found station for bssid in message (bsc#1012628). - scsi: target: tcmu: Fix possible data corruption (bsc#1012628). - ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL (bsc#1012628). - net/mlx5: use kvfree() for kvzalloc() in mlx5_ct_fs_smfs_matcher_create (bsc#1012628). - net/mlx5: fs, delete the FTE when there are no rules attached to it (bsc#1012628). - ASoC: dapm: Don't fold register value changes into notifications (bsc#1012628). - ASoC: SOF: ipc3-topology: Correct get_control_data for non bytes payload (bsc#1012628). - mlxsw: spectrum_dcb: Do not warn about priority changes (bsc#1012628). - mlxsw: Treat LLDP packets as control (bsc#1012628). - drm/amdgpu/psp: move PSP memory alloc from hw_init to sw_init (bsc#1012628). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (bsc#1012628). - regulator: mt6315: Enforce regulator-compatible, not name (bsc#1012628). - ice: always check VF VSI pointer values (bsc#1012628). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (bsc#1012628). - drm/tegra: gem: Do not try to dereference ERR_PTR() (bsc#1012628). - of: Support more than one crash kernel regions for kexec -s (bsc#1012628). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (bsc#1012628). - net/mlx5: Increase FW pre-init timeout for health recovery (bsc#1012628). - ASoC: Intel: sof_ssp_amp: fix no DMIC BE Link on Chromebooks (bsc#1012628). - scsi: hisi_sas: Undo RPM resume for failed notify phy event for v3 HW (bsc#1012628). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1012628). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1012628). - net: remove two BUG() from skb_checksum_help() (bsc#1012628). - s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES (bsc#1012628). - perf/amd/ibs: Cascade pmu init functions' return value (bsc#1012628). - sched/core: Avoid obvious double update_rq_clock warning (bsc#1012628). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (bsc#1012628). - dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (bsc#1012628). - fs: hold writers when changing mount's idmapping (bsc#1012628). - ASoC: SOF: amd: add missing platform_device_unregister in acp_pci_rn_probe (bsc#1012628). - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (bsc#1012628). - ipmi:ssif: Check for NULL msg when handling events and messages (bsc#1012628). - ipmi: Add an intializer for ipmi_smi_msg struct (bsc#1012628). - ipmi: Fix pr_fmt to avoid compilation issues (bsc#1012628). - kunit: bail out of test filtering logic quicker if OOM (bsc#1012628). - rtlwifi: Use pr_warn instead of WARN_ONCE (bsc#1012628). - mt76: mt7915: accept rx frames with non-standard VHT MCS10-11 (bsc#1012628). - mt76: mt7921: accept rx frames with non-standard VHT MCS10-11 (bsc#1012628). - mt76: fix encap offload ethernet type check (bsc#1012628). - media: rga: fix possible memory leak in rga_probe (bsc#1012628). - media: coda: limit frame interval enumeration to supported encoder frame sizes (bsc#1012628). - media: hantro: HEVC: unconditionnaly set pps_{cb/cr}_qp_offset values (bsc#1012628). - media: ccs-core.c: fix failure to call clk_disable_unprepare (bsc#1012628). - media: imon: reorganize serialization (bsc#1012628). - media: cec-adap.c: fix is_configuring state (bsc#1012628). - usbnet: Run unregister_netdev() before unbind() again (bsc#1012628). - Bluetooth: HCI: Add HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN quirk (bsc#1012628). - Bluetooth: btusb: Set HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN for QCA (bsc#1012628). - Bluetooth: btusb: Set HCI_QUIRK_BROKEN_ERR_DATA_REPORTING for QCA (bsc#1012628). - bnxt_en: Configure ptp filters during bnxt open (bsc#1012628). - media: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko (bsc#1012628). - openrisc: start CPU timer early in boot (bsc#1012628). - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (bsc#1012628). - ASoC: rt5645: Fix errorenous cleanup order (bsc#1012628). - nbd: Fix hung on disconnect request if socket is closed before (bsc#1012628). - drm/amd/pm: update smartshift powerboost calc for smu12 (bsc#1012628). - drm/amd/pm: update smartshift powerboost calc for smu13 (bsc#1012628). - drm/amdgpu: Move mutex_init(&smu->message_lock) to smu_early_init() (bsc#1012628). - btrfs: fix anon_dev leak in create_subvol() (bsc#1012628). - kunit: tool: make parser stop overwriting status of suites w/ no_tests (bsc#1012628). - net: phy: micrel: Allow probing without .driver_data (bsc#1012628). - media: exynos4-is: Fix compile warning (bsc#1012628). - media: hantro: Stop using H.264 parameter pic_num (bsc#1012628). - rtw89: cfo: check mac_id to avoid out-of-bounds (bsc#1012628). - of/fdt: Ignore disabled memory nodes (bsc#1012628). - blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1012628). - ASoC: max98357a: remove dependency on GPIOLIB (bsc#1012628). - ASoC: rt1015p: remove dependency on GPIOLIB (bsc#1012628). - ACPI: CPPC: Assume no transition latency if no PCCT (bsc#1012628). - nvme: set non-mdts limits in nvme_scan_work (bsc#1012628). - can: mcp251xfd: silence clang's -Wunaligned-access warning (bsc#1012628). - x86/microcode: Add explicit CPU vendor dependency (bsc#1012628). - net: ipa: ignore endianness if there is no header (bsc#1012628). - selftests/bpf: Add missing trampoline program type to trampoline_count test (bsc#1012628). - m68k: atari: Make Atari ROM port I/O write macros return void (bsc#1012628). - hwmon: (pmbus) Add get_voltage/set_voltage ops (bsc#1012628). - rxrpc: Return an error to sendmsg if call failed (bsc#1012628). - rxrpc, afs: Fix selection of abort codes (bsc#1012628). - afs: Adjust ACK interpretation to try and cope with NAT (bsc#1012628). - eth: tg3: silence the GCC 12 array-bounds warning (bsc#1012628). - char: tpm: cr50_i2c: Suppress duplicated error message in .remove() (bsc#1012628). - selftests/bpf: fix btf_dump/btf_dump due to recent clang change (bsc#1012628). - gfs2: use i_lock spin_lock for inode qadata (bsc#1012628). - linux/types.h: reinstate "__bitwise__" macro for user space use (bsc#1012628). - scsi: target: tcmu: Avoid holding XArray lock when calling lock_page (bsc#1012628). - kunit: fix executor OOM error handling logic on non-UML (bsc#1012628). - IB/rdmavt: add missing locks in rvt_ruc_loopback (bsc#1012628). - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (bsc#1012628). - ARM: dts: ox820: align interrupt controller node name with dtschema (bsc#1012628). - ARM: dts: socfpga: align interrupt controller node name with dtschema (bsc#1012628). - ARM: dts: s5pv210: align DMA channels with dtschema (bsc#1012628). - ASoC: amd: Add driver data to acp6x machine driver (bsc#1012628). - arm64: dts: qcom: msm8994: Fix the cont_splash_mem address (bsc#1012628). - arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count (bsc#1012628). - PM / devfreq: rk3399_dmc: Disable edev on remove() (bsc#1012628). - crypto: ccree - use fine grained DMA mapping dir (bsc#1012628). - crypto: qat - fix off-by-one error in PFVF debug print (bsc#1012628). - soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc (bsc#1012628). - fs: jfs: fix possible NULL pointer dereference in dbFree() (bsc#1012628). - arm64: dts: qcom: sdm845-xiaomi-beryllium: fix typo in panel's vddio-supply property (bsc#1012628). - ALSA: usb-audio: Add quirk bits for enabling/disabling generic implicit fb (bsc#1012628). - ALSA: usb-audio: Move generic implicit fb quirk entries into quirks.c (bsc#1012628). - ARM: OMAP1: clock: Fix UART rate reporting algorithm (bsc#1012628). - powerpc/fadump: Fix fadump to work with a different endian capture kernel (bsc#1012628). - fat: add ratelimit to fat*_ent_bread() (bsc#1012628). - pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources() (bsc#1012628). - ARM: versatile: Add missing of_node_put in dcscb_init (bsc#1012628). - ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (bsc#1012628). - arm64: dts: qcom: sc7280-idp: Configure CTS pin to bias-bus-hold for bluetooth (bsc#1012628). - arm64: dts: qcom: sc7280-qcard: Configure CTS pin to bias-bus-hold for bluetooth (bsc#1012628). - ARM: hisi: Add missing of_node_put after of_find_compatible_node (bsc#1012628). - cpufreq: Avoid unnecessary frequency updates due to mismatch (bsc#1012628). - PCI: microchip: Add missing chained_irq_enter()/exit() calls (bsc#1012628). - powerpc/rtas: Keep MSR[RI] set when calling RTAS (bsc#1012628). - PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (bsc#1012628). - PCI: cadence: Clear FLR in device capabilities register (bsc#1012628). - KVM: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES setting (bsc#1012628). - alpha: fix alloc_zeroed_user_highpage_movable() (bsc#1012628). - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (bsc#1012628). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1012628). - powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1012628). - powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1012628). - powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1012628). - macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled (bsc#1012628). - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1012628). - fanotify: fix incorrect fmode_t casts (bsc#1012628). - smb3: check for null tcon (bsc#1012628). - RDMA/hfi1: Prevent panic when SDMA is disabled (bsc#1012628). - cifs: do not use tcpStatus after negotiate completes (bsc#1012628). - Input: gpio-keys - cancel delayed work only in case of GPIO (bsc#1012628). - drm: fix EDID struct for old ARM OABI format (bsc#1012628). - drm/bridge_connector: enable HPD by default if supported (bsc#1012628). - drm/selftests: missing error code in igt_buddy_alloc_smoke() (bsc#1012628). - drm/omap: fix NULL but dereferenced coccicheck error (bsc#1012628). - dt-bindings: display: sitronix, st7735r: Fix backlight in example (bsc#1012628). - drm/bridge: anx7625: check the return on anx7625_aux_trans (bsc#1012628). - drm: ssd130x: Fix COM scan direction register mask (bsc#1012628). - drm: ssd130x: Always apply segment remap setting (bsc#1012628). - drm/solomon: Make DRM_SSD130X depends on MMU (bsc#1012628). - drm/format-helper: Rename drm_fb_xrgb8888_to_mono_reversed() (bsc#1012628). - drm/format-helper: Fix XRGB888 to monochrome conversion (bsc#1012628). - drm/ssd130x: Fix rectangle updates (bsc#1012628). - drm/ssd130x: Reduce temporary buffer sizes (bsc#1012628). - fbdev: defio: fix the pagelist corruption (bsc#1012628). - drm/vmwgfx: Fix an invalid read (bsc#1012628). - ath11k: acquire ab->base_lock in unassign when finding the peer by addr (bsc#1012628). - drm: bridge: it66121: Fix the register page length (bsc#1012628). - drm/bridge: it6505: Fix build error (bsc#1012628). - ath9k: fix ar9003_get_eepmisc (bsc#1012628). - drm/edid: fix invalid EDID extension block filtering (bsc#1012628). - drm/bridge: anx7625: add missing destroy_workqueue() in anx7625_i2c_probe() (bsc#1012628). - drm/bridge: adv7511: clean up CEC adapter when probe fails (bsc#1012628). - drm: bridge: icn6211: Fix register layout (bsc#1012628). - drm: bridge: icn6211: Fix HFP_HSW_HBP_HI and HFP_MIN handling (bsc#1012628). - mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG (bsc#1012628). - spi: qcom-qspi: Add minItems to interconnect-names (bsc#1012628). - ASoC: codecs: Fix error handling in power domain init and exit handlers (bsc#1012628). - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t (bsc#1012628). - ASoC: SOF: ipc3-topology: Set scontrol->priv to NULL after freeing it (bsc#1012628). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (bsc#1012628). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (bsc#1012628). - docs: driver-api/thermal/intel_dptf: Use copyright symbol (bsc#1012628). - x86/delay: Fix the wrong asm constraint in delay_loop() (bsc#1012628). - drm/mediatek: Add vblank register/unregister callback functions (bsc#1012628). - drm/mediatek: Fix DPI component detection for MT8192 (bsc#1012628). - drm/vc4: kms: Take old state core clock rate into account (bsc#1012628). - drm/vc4: hvs: Fix frame count register readout (bsc#1012628). - drm/mediatek: Fix mtk_cec_mask() (bsc#1012628). - drm/amd/amdgpu: Only reserve vram for firmware with vega9 MS_HYPERV host (bsc#1012628). - drm/vc4: hvs: Reset muxes at probe time (bsc#1012628). - drm/vc4: txp: Don't set TXP_VSTART_AT_EOF (bsc#1012628). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (bsc#1012628). - libbpf: Don't error out on CO-RE relos for overriden weak subprogs (bsc#1012628). - x86/PCI: Fix ALi M1487 (IBC) PIRQ router link value interpretation (bsc#1012628). - mptcp: optimize release_cb for the common case (bsc#1012628). - mptcp: reset the packet scheduler on incoming MP_PRIO (bsc#1012628). - mptcp: reset the packet scheduler on PRIO change (bsc#1012628). - nl80211: show SSID for P2P_GO interfaces (bsc#1012628). - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (bsc#1012628). - drm: mali-dp: potential dereference of null pointer (bsc#1012628). - drm/amd/amdgpu: Fix asm/hypervisor.h build error (bsc#1012628). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (bsc#1012628). - scftorture: Fix distribution of short handler delays (bsc#1012628). - net: ethernet: ti: am65-cpsw: Fix build error without PHYLINK (bsc#1012628). - net: dsa: mt7530: 1G can also support 1000BASE-X link mode (bsc#1012628). - ixp4xx_eth: fix error check return value of platform_get_irq() (bsc#1012628). - NFC: NULL out the dev->rfkill to prevent UAF (bsc#1012628). - cpufreq: governor: Use kobject release() method to free dbs_data (bsc#1012628). - efi: Allow to enable EFI runtime services by default on RT (bsc#1012628). - efi: Add missing prototype for efi_capsule_setup_info (bsc#1012628). - device property: Allow error pointer to be passed to fwnode APIs (bsc#1012628). - drm/amd/amdgpu: Remove static from variable in RLCG Reg RW (bsc#1012628). - net: dsa: qca8k: correctly handle mdio read error (bsc#1012628). - target: remove an incorrect unmap zeroes data deduction (bsc#1012628). - drbd: remove assign_p_sizes_qlim (bsc#1012628). - drbd: use bdev based limit helpers in drbd_send_sizes (bsc#1012628). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (bsc#1012628). - drbd: fix duplicate array initializer (bsc#1012628). - EDAC/dmc520: Don't print an error for each unconfigured interrupt line (bsc#1012628). - bpf: Move rcu lock management out of BPF_PROG_RUN routines (bsc#1012628). - drm/bridge: anx7625: Use uint8 for lane-swing arrays (bsc#1012628). - mtd: rawnand: denali: Use managed device resources (bsc#1012628). - HID: hid-led: fix maximum brightness for Dream Cheeky (bsc#1012628). - HID: elan: Fix potential double free in elan_input_configured (bsc#1012628). - drm/bridge: Fix error handling in analogix_dp_probe (bsc#1012628). - regulator: da9121: Fix uninit-value in da9121_assign_chip_model() (bsc#1012628). - drm/mediatek: dpi: Use mt8183 output formats for mt8192 (bsc#1012628). - signal: Deliver SIGTRAP on perf event asynchronously if blocked (bsc#1012628). - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (bsc#1012628). - sched/psi: report zeroes for CPU full at the system level (bsc#1012628). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (bsc#1012628). - drm/bridge: Fix it6505 Kconfig DRM_DP_AUX_BUS dependency (bsc#1012628). - cpufreq: Fix possible race in cpufreq online error path (bsc#1012628). - printk: add missing memory barrier to wake_up_klogd() (bsc#1012628). - printk: wake waiters for safe and NMI contexts (bsc#1012628). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (bsc#1012628). - media: i2c: max9286: fix kernel oops when removing module (bsc#1012628). - media: amphion: fix decoder's interlaced field (bsc#1012628). - media: hantro: Implement support for encoder commands (bsc#1012628). - media: hantro: Empty encoder capture buffers by default (bsc#1012628). - media: imx: imx-mipi-csis: Rename csi_state to mipi_csis_device (bsc#1012628). - media: imx: imx-mipi-csis: Fix active format initialization on source pad (bsc#1012628). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (bsc#1012628). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (bsc#1012628). - mtdblock: warn if opened on NAND (bsc#1012628). - inotify: show inotify mask flags in proc fdinfo (bsc#1012628). - fsnotify: fix wrong lockdep annotations (bsc#1012628). - spi: rockchip: fix missing error on unsupported SPI_CS_HIGH (bsc#1012628). - of: overlay: do not break notify on NOTIFY_{OK|STOP} (bsc#1012628). - selftests/damon: add damon to selftests root Makefile (bsc#1012628). - drm/msm: properly add and remove internal bridges (bsc#1012628). - drm/msm/dpu: adjust display_v_end for eDP and DP (bsc#1012628). - scsi: iscsi: Fix harmless double shift bug (bsc#1012628). - scsi: ufs: qcom: Fix ufs_qcom_resume() (bsc#1012628). - scsi: ufs: core: Exclude UECxx from SFR dump list (bsc#1012628). - drm/v3d: Fix null pointer dereference of pointer perfmon (bsc#1012628). - selftests/resctrl: Fix null pointer dereference on open failed (bsc#1012628). - libbpf: Fix logic for finding matching program for CO-RE relocation (bsc#1012628). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (bsc#1012628). - x86/pm: Fix false positive kmemleak report in msr_build_context() (bsc#1012628). - mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe() (bsc#1012628). - mtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe() (bsc#1012628). - x86/speculation: Add missing prototype for unpriv_ebpf_notify() (bsc#1012628). - ASoC: rk3328: fix disabling mclk on pclk probe failure (bsc#1012628). - perf tools: Add missing headers needed by util/data.h (bsc#1012628). - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (bsc#1012628). - drm/msm/dp: stop event kernel thread when DP unbind (bsc#1012628). - drm/msm/dp: fix error check return value of irq_of_parse_and_map() (bsc#1012628). - drm/msm/dp: reset DP controller before transmit phy test pattern (bsc#1012628). - drm/msm/dp: do not stop transmitting phy test pattern during DP phy compliance test (bsc#1012628). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (bsc#1012628). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (bsc#1012628). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (bsc#1012628). - drm/msm: add missing include to msm_drv.c (bsc#1012628). - drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H (bsc#1012628). - drm/bridge: it6505: Send DPCD SET_POWER to downstream (bsc#1012628). - drm/msm: Fix null pointer dereferences without iommu (bsc#1012628). - kunit: fix debugfs code to use enum kunit_status, not bool (bsc#1012628). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (bsc#1012628). - spi: cadence-quadspi: fix Direct Access Mode disable for SoCFPGA (bsc#1012628). - perf tools: Use Python devtools for version autodetection rather than runtime (bsc#1012628). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (bsc#1012628). - nl80211: don't hold RTNL in color change request (bsc#1012628). - x86: Fix return value of __setup handlers (bsc#1012628). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (bsc#1012628). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (bsc#1012628). - irqchip/aspeed-scu-ic: Fix irq_of_parse_and_map() return value (bsc#1012628). - x86/mm: Cleanup the control_va_addr_alignment() __setup handler (bsc#1012628). - arm64: fix types in copy_highpage() (bsc#1012628). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (bsc#1012628). - wl1251: dynamically allocate memory used for DMA (bsc#1012628). - linkage: Fix issue with missing symbol size (bsc#1012628). - ACPI: AGDI: Fix missing prototype warning for acpi_agdi_init() (bsc#1012628). - drm/msm/disp/dpu1: avoid clearing hw interrupts if hw_intr is null during drm uninit (bsc#1012628). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (bsc#1012628). - drm/msm/dp: fix event thread stuck in wait_event after kthread_stop() (bsc#1012628). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (bsc#1012628). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (bsc#1012628). - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (bsc#1012628). - media: uvcvideo: Fix missing check to determine if element is found in list (bsc#1012628). - arm64: stackleak: fix current_top_of_stack() (bsc#1012628). - iomap: iomap_write_failed fix (bsc#1012628). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (bsc#1012628). - selftests/bpf: Prevent skeleton generation race (bsc#1012628). - Revert "cpufreq: Fix possible race in cpufreq online error path" (bsc#1012628). - regulator: qcom_smd: Fix up PM8950 regulator configuration (bsc#1012628). - samples: bpf: Don't fail for a missing VMLINUX_BTF when VMLINUX_H is provided (bsc#1012628). - perf/amd/ibs: Use interrupt regs ip for stack unwinding (bsc#1012628). - ath11k: Don't check arvif->is_started before sending management frames (bsc#1012628). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1012628). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1012628). - wilc1000: fix crash observed in AP mode with cfg80211_register_netdevice() (bsc#1012628). - HID: amd_sfh: Modify the bus name (bsc#1012628). - HID: amd_sfh: Modify the hid name (bsc#1012628). - ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (bsc#1012628). - ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe (bsc#1012628). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (bsc#1012628). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (bsc#1012628). - PM: EM: Decrement policy counter (bsc#1012628). - dma-direct: don't fail on highmem CMA pages in dma_direct_alloc_pages (bsc#1012628). - ASoC: samsung: Fix refcount leak in aries_audio_probe (bsc#1012628). - block: Fix the bio.bi_opf comment (bsc#1012628). - kselftest/cgroup: fix test_stress.sh to use OUTPUT dir (bsc#1012628). - scripts/faddr2line: Fix overlapping text section failures (bsc#1012628). - media: aspeed: Fix an error handling path in aspeed_video_probe() (bsc#1012628). - media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe (bsc#1012628). - mt76: mt7915: fix DBDC default band selection on MT7915D (bsc#1012628). - mt76: mt7921: honor pm user configuration in mt7921_sniffer_interface_iter (bsc#1012628). - mt76: mt7915: fix unbounded shift in mt7915_mcu_beacon_mbss (bsc#1012628). - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (bsc#1012628). - mt76: mt7915: fix possible uninitialized pointer dereference in mt7986_wmac_gpio_setup (bsc#1012628). - mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector (bsc#1012628). - mt76: mt7915: do not pass data pointer to mt7915_mcu_muru_debug_set (bsc#1012628). - mt76: mt7915: report rx mode value in mt7915_mac_fill_rx_rate (bsc#1012628). - mt76: fix antenna config missing in 6G cap (bsc#1012628). - mt76: mt7921: fix kernel crash at mt7921_pci_remove (bsc#1012628). - mt76: do not attempt to reorder received 802.3 packets without agg session (bsc#1012628). - mt76: fix tx status related use-after-free race on station removal (bsc#1012628). - mt76: mt7915: fix twt table_mask to u16 in mt7915_dev (bsc#1012628). - media: st-delta: Fix PM disable depth imbalance in delta_probe (bsc#1012628). - media: atmel: atmel-isc: Fix PM disable depth imbalance in atmel_isc_probe (bsc#1012628). - media: i2c: rdacm2x: properly set subdev entity function (bsc#1012628). - media: exynos4-is: Change clk_disable to clk_disable_unprepare (bsc#1012628). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (bsc#1012628). - media: make RADIO_ADAPTERS tristate (bsc#1012628). - media: vsp1: Fix offset calculation for plane cropping (bsc#1012628). - media: atmel: atmel-sama5d2-isc: fix wrong mask in YUYV format check (bsc#1012628). - media: hantro: HEVC: Fix tile info buffer value computation (bsc#1012628). - Bluetooth: mt7921s: Fix the incorrect pointer check (bsc#1012628). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (bsc#1012628). - Bluetooth: use hdev lock in activate_scan for hci_is_adv_monitoring (bsc#1012628). - Bluetooth: use hdev lock for accept_list and reject_list in conn req (bsc#1012628). - Bluetooth: protect le accept and resolv lists with hdev->lock (bsc#1012628). - Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event (bsc#1012628). - Bluetooth: btmtksdio: fix possible FW initialization failure (bsc#1012628). - Bluetooth: btmtksdio: fix the reset takes too long (bsc#1012628). - media: mediatek: vcodec: Fix v4l2 compliance decoder cmd test fail (bsc#1012628). - io_uring: avoid io-wq -EAGAIN looping for !IOPOLL (bsc#1012628). - io_uring: only wake when the correct events are set (bsc#1012628). - irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack and handling (bsc#1012628). - irqchip/gic-v3: Refactor ISB + EOIR at ack time (bsc#1012628). - irqchip/gic-v3: Fix priority mask handling (bsc#1012628). - nvme: set dma alignment to dword (bsc#1012628). - m68k: math-emu: Fix dependencies of math emulation support (bsc#1012628). - net: annotate races around sk->sk_bound_dev_if (bsc#1012628). - sctp: read sk->sk_bound_dev_if once in sctp_rcv() (bsc#1012628). - net: hinic: add missing destroy_workqueue in hinic_pf_to_mgmt_init (bsc#1012628). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (bsc#1012628). - kselftest/arm64: bti: force static linking (bsc#1012628). - media: ov7670: remove ov7670_power_off from ov7670_remove (bsc#1012628). - media: i2c: ov2640: Depend on V4L2_ASYNC (bsc#1012628). - media: i2c: ov5648: fix wrong pointer passed to IS_ERR() and PTR_ERR() (bsc#1012628). - media: rkvdec: h264: Fix dpb_valid implementation (bsc#1012628). - media: rkvdec: h264: Fix bit depth wrap in pps packet (bsc#1012628). - regulator: scmi: Fix refcount leak in scmi_regulator_probe (bsc#1012628). - blk-cgroup: always terminate io.stat lines (bsc#1012628). - erofs: fix buffer copy overflow of ztailpacking feature (bsc#1012628). - net/mlx5e: Correct the calculation of max channels for rep (bsc#1012628). - ext4: reject the 'commit' option on ext2 filesystems (bsc#1012628). - drm/msm/dsi: don't powerup at modeset time for parade-ps8640 (bsc#1012628). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (bsc#1012628). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (bsc#1012628). - x86/sev: Annotate stack change in the #VC handler (bsc#1012628). - drm/msm: don't free the IRQ if it was not requested (bsc#1012628). - selftests/bpf: Add missed ima_setup.sh in Makefile (bsc#1012628). - drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path (bsc#1012628). - drm/i915: Fix CFI violation with show_dynamic_id() (bsc#1012628). - thermal/drivers/bcm2711: Don't clamp temperature at zero (bsc#1012628). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (bsc#1012628). - thermal/core: Fix memory leak in __thermal_cooling_device_register() (bsc#1012628). - thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe (bsc#1012628). - bfq: Relax waker detection for shared queues (bsc#1012628). - bfq: Allow current waker to defend against a tentative one (bsc#1012628). - ASoC: codecs: lpass: Fix passing zero to 'PTR_ERR' (bsc#1012628). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (bsc#1012628). - cpuidle: psci: Fix regression leading to no genpd governor (bsc#1012628). - cpuidle: riscv-sbi: Fix code to allow a genpd governor to be used (bsc#1012628). - platform/x86: intel_cht_int33fe: Set driver data (bsc#1012628). - PM: domains: Fix initialization of genpd's next_wakeup (bsc#1012628). - net: macb: Fix PTP one step sync support (bsc#1012628). - scsi: hisi_sas: Fix rescan after deleting a disk (bsc#1012628). - scsi: hisi_sas: Fix memory ordering in hisi_sas_task_deliver() (bsc#1012628). - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (bsc#1012628). - bonding: fix missed rcu protection (bsc#1012628). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (bsc#1012628). - perf parse-events: Support different format of the topdown event name (bsc#1012628). - net: stmmac: fix out-of-bounds access in a selftest (bsc#1012628). - amt: fix gateway mode stuck (bsc#1012628). - amt: fix memory leak for advertisement message (bsc#1012628). - hv_netvsc: Fix potential dereference of NULL pointer (bsc#1012628). - hwmon: (dimmtemp) Fix bitmap handling (bsc#1012628). - hwmon: (pmbus) Check PEC support before reading other registers (bsc#1012628). - rxrpc: Fix locking issue (bsc#1012628). - rxrpc: Fix listen() setting the bar too high for the prealloc rings (bsc#1012628). - rxrpc: Don't try to resend the request if we're receiving the reply (bsc#1012628). - rxrpc: Fix overlapping ACK accounting (bsc#1012628). - rxrpc: Don't let ack.previousPacket regress (bsc#1012628). - rxrpc: Fix decision on when to generate an IDLE ACK (bsc#1012628). - hinic: Avoid some over memory allocation (bsc#1012628). - dpaa2-eth: retrieve the virtual address before dma_unmap (bsc#1012628). - dpaa2-eth: use the correct software annotation field (bsc#1012628). - dpaa2-eth: unmap the SGT buffer before accessing its contents (bsc#1012628). - net: dsa: restrict SMSC_LAN9303_I2C kconfig (bsc#1012628). - net/smc: postpone sk_refcnt increment in connect() (bsc#1012628). - net/smc: fix listen processing for SMC-Rv2 (bsc#1012628). - dma-direct: don't over-decrypt memory (bsc#1012628). - Bluetooth: hci_conn: Fix hci_connect_le_sync (bsc#1012628). - Revert "net/smc: fix listen processing for SMC-Rv2" (bsc#1012628). - media: lirc: revert removal of unused feature flags (bsc#1012628). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (bsc#1012628). - arm64: dts: mt8192: Fix nor_flash status disable typo (bsc#1012628). - PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3 (bsc#1012628). - memory: samsung: exynos5422-dmc: Avoid some over memory allocation (bsc#1012628). - ARM: dts: BCM5301X: Update pin controller node name (bsc#1012628). - ARM: dts: suniv: F1C100: fix watchdog compatible (bsc#1012628). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (bsc#1012628). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (bsc#1012628). - arm64: defconfig: reenable SM_DISPCC_8250 (bsc#1012628). - PCI: cadence: Fix find_first_zero_bit() limit (bsc#1012628). - PCI: rockchip: Fix find_first_zero_bit() limit (bsc#1012628). - PCI: mediatek: Fix refcount leak in mtk_pcie_subsys_powerup() (bsc#1012628). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (bsc#1012628). - ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks (bsc#1012628). - arm64: dts: qcom: sc7280: Fix sar1_irq_odl node name (bsc#1012628). - arm64: dts: qcom: sc7280-herobrine: Drop outputs on fpmcu pins (bsc#1012628). - soc: qcom: llcc: Add MODULE_DEVICE_TABLE() (bsc#1012628). - cxl/pci: Add debug for DVSEC range init failures (bsc#1012628). - cxl/pci: Make cxl_dvsec_ranges() failure not fatal to cxl_pci (bsc#1012628). - KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (bsc#1012628). - KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault (bsc#1012628). - arm64: dts: juno: Fix SCMI power domain IDs for ETF and CS funnel (bsc#1012628). - crypto: qat - set CIPHER capability for DH895XCC (bsc#1012628). - crypto: qat - set COMPRESSION capability for DH895XCC (bsc#1012628). - platform/chrome: cros_ec: fix error handling in cros_ec_register() (bsc#1012628). - ARM: dts: imx6dl-colibri: Fix I2C pinmuxing (bsc#1012628). - platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls (bsc#1012628). - can: xilinx_can: mark bit timing constants as const (bsc#1012628). - ARM: dts: stm32: Fix PHY post-reset delay on Avenger96 (bsc#1012628). - dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible (bsc#1012628). - ARM: dts: qcom: sdx55: remove wrong unit address from RPMH RSC clocks (bsc#1012628). - arm64: dts: qcom: sm8450: Fix missing iommus for qup (bsc#1012628). - arm64: dts: qcom: sm8450: Fix missing iommus for qup1 (bsc#1012628). - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (bsc#1012628). - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (bsc#1012628). - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (bsc#1012628). - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (bsc#1012628). - misc: ocxl: fix possible double free in ocxl_file_register_afu (bsc#1012628). - hwrng: cn10k - Optimize cn10k_rng_read() (bsc#1012628). - hwrng: cn10k - Make check_rng_health() return an error code (bsc#1012628). - crypto: marvell/cesa - ECB does not IV (bsc#1012628). - gpiolib: of: Introduce hook for missing gpio-ranges (bsc#1012628). - pinctrl: bcm2835: implement hook for missing gpio-ranges (bsc#1012628). - drm/msm: simplify gpu_busy callback (bsc#1012628). - drm/msm: return the average load over the polling period (bsc#1012628). - arm: mediatek: select arch timer for mt7629 (bsc#1012628). - pinctrl/rockchip: support deferring other gpio params (bsc#1012628). - pinctrl: mediatek: mt8195: enable driver on mtk platforms (bsc#1012628). - arm64: dts: qcom: qrb5165-rb5: Fix can-clock node name (bsc#1012628). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1012628). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1012628). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (bsc#1012628). - scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() (bsc#1012628). - soc: bcm: Check for NULL return of devm_kzalloc() (bsc#1012628). - arm64: dts: ti: k3-am64-mcu: remove incorrect UART base clock rates (bsc#1012628). - ASoC: sh: rz-ssi: Propagate error codes returned from platform_get_irq_byname() (bsc#1012628). - ASoC: sh: rz-ssi: Release the DMA channels in rz_ssi_probe() error path (bsc#1012628). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (bsc#1012628). - nvdimm: Fix firmware activation deadlock scenarios (bsc#1012628). - nvdimm: Allow overwrite in the presence of disabled dimms (bsc#1012628). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (bsc#1012628). - crypto: ccp - Fix the INIT_EX data file open failure (bsc#1012628). - drivers/base/node.c: fix compaction sysfs file leak (bsc#1012628). - dax: fix cache flush on PMD-mapped pages (bsc#1012628). - drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (bsc#1012628). - firmware: arm_ffa: Fix uuid parameter to ffa_partition_probe (bsc#1012628). - firmware: arm_ffa: Remove incorrect assignment of driver_data (bsc#1012628). - ocfs2: fix mounting crash if journal is not alloced (bsc#1012628). - list: fix a data-race around ep->rdllist (bsc#1012628). - drm/msm/dpu: fix error check return value of irq_of_parse_and_map() (bsc#1012628). - powerpc/8xx: export 'cpm_setbrg' for modules (bsc#1012628). - pinctrl: renesas: r8a779a0: Fix GPIO function on I2C-capable pins (bsc#1012628). - pinctrl: renesas: r8a779f0: Fix GPIO function on I2C-capable pins (bsc#1012628). - pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources() (bsc#1012628). - powerpc/idle: Fix return value of __setup() handler (bsc#1012628). - powerpc/4xx/cpm: Fix return value of __setup() handler (bsc#1012628). - RDMA/hns: Add the detection for CMDQ status in the device initialization process (bsc#1012628). - arm64: dts: marvell: espressobin-ultra: fix SPI-NOR config (bsc#1012628). - arm64: dts: marvell: espressobin-ultra: enable front USB3 port (bsc#1012628). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (bsc#1012628). - ASoC: atmel-classd: Remove endianness flag on class d component (bsc#1012628). - proc: fix dentry/inode overinstantiating under /proc/${pid}/net (bsc#1012628). - ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() (bsc#1012628). - PCI: imx6: Fix PERST# start-up sequence (bsc#1012628). - PCI: mediatek-gen3: Assert resets to ensure expected init state (bsc#1012628). - module.h: simplify MODULE_IMPORT_NS (bsc#1012628). - module: fix [e_shstrndx].sh_size=0 OOB access (bsc#1012628). - tty: fix deadlock caused by calling printk() under tty_port->lock (bsc#1012628). - crypto: sun8i-ss - rework handling of IV (bsc#1012628). - crypto: sun8i-ss - handle zero sized sg (bsc#1012628). - crypto: cryptd - Protect per-CPU resource by disabling BH (bsc#1012628). - ARM: dts: at91: sama7g5: remove interrupt-parent from gic node (bsc#1012628). - ARM: dts: lan966x: swap dma channels for crypto node (bsc#1012628). - hugetlbfs: fix hugetlbfs_statfs() locking (bsc#1012628). - x86/mce: relocate set{clear}_mce_nospec() functions (bsc#1012628). - mce: fix set_mce_nospec to always unmap the whole page (bsc#1012628). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (bsc#1012628). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (bsc#1012628). - KVM: PPC: Book3S HV: Fix vcore_blocked tracepoint (bsc#1012628). - PCI: microchip: Fix potential race in interrupt handling (bsc#1012628). - cxl/mem: Drop mem_enabled check from wait_for_media() (bsc#1012628). - hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (bsc#1012628). - perf evlist: Keep topdown counters in weak group (bsc#1012628). - perf stat: Always keep perf metrics topdown events in a group (bsc#1012628). - mailbox: pcc: Fix an invalid-load caught by the address sanitizer (bsc#1012628). - powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1012628). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1012628). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1012628). - powerpc/perf: Fix the threshold compare group constraint for power10 (bsc#1012628). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1012628). - macintosh: via-pmu and via-cuda need RTC_LIB (bsc#1012628). - powerpc/xive: Fix refcount leak in xive_spapr_init (bsc#1012628). - powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (bsc#1012628). - powerpc/papr_scm: Fix leaking nvdimm_events_map elements (bsc#1012628). - powerpc/fsl_book3e: Don't set rodata RO too early (bsc#1012628). - gpio: sim: Use correct order for the parameters of devm_kcalloc() (bsc#1012628). - mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (bsc#1012628). - nfsd: destroy percpu stats counters after reply cache shutdown (bsc#1012628). - mailbox: forward the hrtimer if not queued and under a lock (bsc#1012628). - RDMA/rxe: Fix an error handling path in rxe_get_mcg() (bsc#1012628). - RDMA/hfi1: Prevent use of lock before it is initialized (bsc#1012628). - pinctrl: apple: Use a raw spinlock for the regmap (bsc#1012628). - KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (bsc#1012628). - Input: stmfts - do not leave device disabled in stmfts_input_open (bsc#1012628). - OPP: call of_node_put() on error path in _bandwidth_supported() (bsc#1012628). - dmaengine: ti: k3-psil-am62: Update PSIL thread for saul (bsc#1012628). - f2fs: fix to do sanity check on inline_dots inode (bsc#1012628). - f2fs: fix dereference of stale list iterator after loop body (bsc#1012628). - riscv: Fixup difference with defconfig (bsc#1012628). - iommu/amd: Enable swiotlb in all cases (bsc#1012628). - iommu/amd: Do not call sleep while holding spinlock (bsc#1012628). - iommu/mediatek: Fix 2 HW sharing pgtable issue (bsc#1012628). - iommu/mediatek: Add list_del in mtk_iommu_remove (bsc#1012628). - iommu/mediatek: Remove clk_disable in mtk_iommu_remove (bsc#1012628). - iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (bsc#1012628). - i2c: at91: use dma safe buffers (bsc#1012628). - cpufreq: mediatek: Use module_init and add module_exit (bsc#1012628). - cpufreq: mediatek: Unregister platform device on exit (bsc#1012628). - iommu/arm-smmu-v3-sva: Fix mm use-after-free (bsc#1012628). - MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (bsc#1012628). - iommu/mediatek: Fix NULL pointer dereference when printing dev_name (bsc#1012628). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (bsc#1012628). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (bsc#1012628). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (bsc#1012628). - NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (bsc#1012628). - NFS: Don't report ENOSPC write errors twice (bsc#1012628). - NFS: Do not report flush errors in nfs_write_end() (bsc#1012628). - NFS: Don't report errors from nfs_pageio_complete() more than once (bsc#1012628). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (bsc#1012628). - NFS: Further fixes to the writeback error handling (bsc#1012628). - NFS: Pass i_size to fscache_unuse_cookie() when a file is released (bsc#1012628). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (bsc#1012628). - dmaengine: stm32-mdma: remove GISR1 register (bsc#1012628). - dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (bsc#1012628). - i2c: npcm: Fix timeout calculation (bsc#1012628). - i2c: npcm: Correct register access width (bsc#1012628). - i2c: npcm: Handle spurious interrupts (bsc#1012628). - i2c: rcar: fix PM ref counts in probe error paths (bsc#1012628). - tracing: Reset the function filter after completing trampoline/graph selftest (bsc#1012628). - RISC-V: Split out the XIP fixups into their own file (bsc#1012628). - RISC-V: Fix the XIP build (bsc#1012628). - MIPS: RALINK: Define pci_remap_iospace under CONFIG_PCI_DRIVERS_GENERIC (bsc#1012628). - perf build: Fix btf__load_from_kernel_by_id() feature check (bsc#1012628). - perf c2c: Use stdio interface if slang is not supported (bsc#1012628). - rtla: Avoid record NULL pointer dereference (bsc#1012628). - rtla: Don't overwrite existing directory mode (bsc#1012628). - rtla: Minor grammar fix for rtla README (bsc#1012628). - rtla: Fix __set_sched_attr error message (bsc#1012628). - rtla: Remove procps-ng dependency (bsc#1012628). - tracing/timerlat: Notify IRQ new max latency only if stop tracing is set (bsc#1012628). - perf jevents: Fix event syntax error caused by ExtSel (bsc#1012628). - video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup (bsc#1012628). - NFSv4: Fix free of uninitialized nfs4_label on referral lookup (bsc#1012628). - NFSv4.1 mark qualified async operations as MOVEABLE tasks (bsc#1012628). - f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (bsc#1012628). - f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (bsc#1012628). - f2fs: fix to clear dirty inode in f2fs_evict_inode() (bsc#1012628). - f2fs: fix deadloop in foreground GC (bsc#1012628). - f2fs: don't need inode lock for system hidden quota (bsc#1012628). - f2fs: fix to do sanity check on total_data_blocks (bsc#1012628). - f2fs: don't use casefolded comparison for "." and ".." (bsc#1012628). - f2fs: fix fallocate to use file_modified to update permissions consistently (bsc#1012628). - f2fs: fix to do sanity check for inline inode (bsc#1012628). - objtool: Fix objtool regression on x32 systems (bsc#1012628). - objtool: Fix symbol creation (bsc#1012628). - wifi: mac80211: fix use-after-free in chanctx code (bsc#1012628). - iwlwifi: fw: init SAR GEO table only if data is present (bsc#1012628). - iwlwifi: mvm: fix assert 1F04 upon reconfig (bsc#1012628). - iwlwifi: mei: clear the sap data header before sending (bsc#1012628). - iwlwifi: mei: fix potential NULL-ptr deref (bsc#1012628). - ipmi:ipmb: Fix refcount leak in ipmi_ipmb_probe (bsc#1012628). - =?UTF-8?q?fs-writeback:=20writeback=5Fsb=5Finodes?= =?UTF-8?q?=EF=BC=9ARecalculate=20'wrote'=20according=20skipped=20pages?= (bsc#1012628). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (bsc#1012628). - bfq: Avoid false marking of bic as stably merged (bsc#1012628). - bfq: Avoid merging queues with different parents (bsc#1012628). - bfq: Split shared queues on move between cgroups (bsc#1012628). - bfq: Update cgroup information before merging bio (bsc#1012628). - bfq: Drop pointless unlock-lock pair (bsc#1012628). - bfq: Remove pointless bfq_init_rq() calls (bsc#1012628). - bfq: Track whether bfq_group is still online (bsc#1012628). - bfq: Get rid of __bio_blkcg() usage (bsc#1012628). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1012628). - ext4: mark group as trimmed only if it was fully scanned (bsc#1012628). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1012628). - ext4: fix journal_ioprio mount option handling (bsc#1012628). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1012628). - ext4: fix warning in ext4_handle_inode_extension (bsc#1012628). - ext4: fix memory leak in parse_apply_sb_mount_options() (bsc#1012628). - ext4: fix bug_on in ext4_writepages (bsc#1012628). - ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (bsc#1012628). - ext4: fix bug_on in __es_tree_search (bsc#1012628). - ext4: verify dir block before splitting it (bsc#1012628). - ext4: avoid cycles in directory h-tree (bsc#1012628). - ACPI: property: Release subnode properties with data nodes (bsc#1012628). - tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (bsc#1012628). - tracing: Have event format check not flag %p* on __get_dynamic_array() (bsc#1012628). - tracing: Fix potential double free in create_var_ref() (bsc#1012628). - tracing: Fix return value of trace_pid_write() (bsc#1012628). - tracing: Initialize integer variable to prevent garbage return value (bsc#1012628). - drm/amdgpu: add beige goby PCI ID (bsc#1012628). - PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (bsc#1012628). - PCI: qcom: Fix pipe clock imbalance (bsc#1012628). - PCI: qcom: Fix runtime PM imbalance on probe errors (bsc#1012628). - PCI: qcom: Fix unbalanced PHY init on probe errors (bsc#1012628). - staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() (bsc#1012628). - block: Fix potential deadlock in blk_ia_range_sysfs_show() (bsc#1012628). - mm, compaction: fast_find_migrateblock() should return pfn in the target zone (bsc#1012628). - s390/perf: obtain sie_block from the right address (bsc#1012628). - s390/stp: clock_delta should be signed (bsc#1012628). - dlm: fix plock invalid read (bsc#1012628). - dlm: uninitialized variable on error in dlm_listen_for_all() (bsc#1012628). - dlm: fix wake_up() calls for pending remove (bsc#1012628). - dlm: fix missing lkb refcount handling (bsc#1012628). - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (bsc#1012628). - scsi: dc395x: Fix a missing check on list iterator (bsc#1012628). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (bsc#1012628). - landlock: Add clang-format exceptions (bsc#1012628). - landlock: Format with clang-format (bsc#1012628). - selftests/landlock: Add clang-format exceptions (bsc#1012628). - selftests/landlock: Normalize array assignment (bsc#1012628). - selftests/landlock: Format with clang-format (bsc#1012628). - samples/landlock: Add clang-format exceptions (bsc#1012628). - samples/landlock: Format with clang-format (bsc#1012628). - landlock: Fix landlock_add_rule(2) documentation (bsc#1012628). - selftests/landlock: Make tests build with old libc (bsc#1012628). - selftests/landlock: Extend tests for minimal valid attribute size (bsc#1012628). - selftests/landlock: Add tests for unknown access rights (bsc#1012628). - selftests/landlock: Extend access right tests to directories (bsc#1012628). - selftests/landlock: Fully test file rename with "remove" access (bsc#1012628). - selftests/landlock: Add tests for O_PATH (bsc#1012628). - landlock: Change landlock_add_rule(2) argument check ordering (bsc#1012628). - landlock: Change landlock_restrict_self(2) check ordering (bsc#1012628). - selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (bsc#1012628). - landlock: Define access_mask_t to enforce a consistent access mask size (bsc#1012628). - landlock: Reduce the maximum number of layers to 16 (bsc#1012628). - landlock: Create find_rule() from unmask_layers() (bsc#1012628). - landlock: Fix same-layer rule unions (bsc#1012628). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (bsc#1012628). - drm/nouveau/subdev/bus: Ratelimit logging for fault errors (bsc#1012628). - drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (bsc#1012628). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (bsc#1012628). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (bsc#1012628). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (bsc#1012628). - drm/i915/dsi: fix VBT send packet port selection for ICL+ (bsc#1012628). - md: fix an incorrect NULL check in does_sb_need_changing (bsc#1012628). - md: fix an incorrect NULL check in md_reload_sb (bsc#1012628). - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (bsc#1012628). - mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (bsc#1012628). - media: coda: Fix reported H264 profile (bsc#1012628). - media: coda: Add more H264 levels for CODA960 (bsc#1012628). - ima: remove the IMA_TEMPLATE Kconfig option (bsc#1012628). - Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (bsc#1012628). - lib/string_helpers: fix not adding strarray to device's resource list (bsc#1012628). - RDMA/hfi1: Fix potential integer multiplication overflow errors (bsc#1012628). - mmc: core: Allows to override the timeout value for ioctl() path (bsc#1012628). - csky: patch_text: Fixup last cpu should be master (bsc#1012628). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (bsc#1012628). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (bsc#1012628). - thermal: devfreq_cooling: use local ops instead of global ops (bsc#1012628). - mt76: fix use-after-free by removing a non-RCU wcid pointer (bsc#1012628). - cfg80211: declare MODULE_FIRMWARE for regulatory.db (bsc#1012628). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (bsc#1012628). - um: virtio_uml: Fix broken device handling in time-travel (bsc#1012628). - um: Use asm-generic/dma-mapping.h (bsc#1012628). - um: chan_user: Fix winch_tramp() return value (bsc#1012628). - um: Fix out-of-bounds read in LDT setup (bsc#1012628). - MIPS: IP27: Remove incorrect `cpu_has_fpu' override (bsc#1012628). - MIPS: IP30: Remove incorrect `cpu_has_fpu' override (bsc#1012628). - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (bsc#1012628). - ftrace: Clean up hash direct_functions on register failures (bsc#1012628). - ksmbd: fix outstanding credits related bugs (bsc#1012628). - iommu/msm: Fix an incorrect NULL check on list iterator (bsc#1012628). - iommu/dma: Fix iova map result check bug (bsc#1012628). - kprobes: Fix build errors with CONFIG_KRETPROBES=n (bsc#1012628). - Revert "mm/cma.c: remove redundant cma_mutex lock" (bsc#1012628). - mm/page_owner: use strscpy() instead of strlcpy() (bsc#1012628). - mm/page_alloc: always attempt to allocate at least one page during bulk allocation (bsc#1012628). - nodemask.h: fix compilation error with GCC12 (bsc#1012628). - hugetlb: fix huge_pmd_unshare address update (bsc#1012628). - mm/memremap: fix missing call to untrack_pfn() in pagemap_range() (bsc#1012628). - xtensa/simdisk: fix proc_read_simdisk() (bsc#1012628). - rtl818x: Prevent using not initialized queues (bsc#1012628). - ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control (bsc#1012628). - carl9170: tx: fix an incorrect use of list iterator (bsc#1012628). - stm: ltdc: fix two incorrect NULL checks on list iterator (bsc#1012628). - bcache: improve multithreaded bch_btree_check() (bsc#1012628). - bcache: improve multithreaded bch_sectors_dirty_init() (bsc#1012628). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (bsc#1012628). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (bsc#1012628). - serial: pch: don't overwrite xmit->buf[0] by x_char (bsc#1012628). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (bsc#1012628). - gma500: fix an incorrect NULL check on list iterator (bsc#1012628). - arm64: dts: qcom: ipq8074: fix the sleep clock frequency (bsc#1012628). - arm64: tegra: Add missing DFLL reset on Tegra210 (bsc#1012628). - clk: tegra: Add missing reset deassertion (bsc#1012628). - phy: qcom-qmp: fix struct clk leak on probe errors (bsc#1012628). - ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (bsc#1012628). - ARM: pxa: maybe fix gpio lookup tables (bsc#1012628). - ceph: fix decoding of client session messages flags (bsc#1012628). - misc: fastrpc: fix list iterator in fastrpc_req_mem_unmap_impl (bsc#1012628). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1012628). - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (bsc#1012628). - dt-bindings: gpio: altera: correct interrupt-cells (bsc#1012628). - vdpasim: allow to enable a vq repeatedly (bsc#1012628). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1012628). - coresight: core: Fix coresight device probe failure issue (bsc#1012628). - phy: qcom-qmp: fix reset-controller leak on probe errors (bsc#1012628). - net: ipa: fix page free in ipa_endpoint_trans_release() (bsc#1012628). - net: ipa: fix page free in ipa_endpoint_replenish_one() (bsc#1012628). - media: lirc: add missing exceptions for lirc uapi header file (bsc#1012628). - kseltest/cgroup: Make test_stress.sh work if run interactively (bsc#1012628). - perf evlist: Extend arch_evsel__must_be_in_group to support hybrid systems (bsc#1012628). - Revert "random: use static branch for crng_ready()" (bsc#1012628). - staging: r8188eu: delete rtw_wx_read/write32() (bsc#1012628). - binder: fix sender_euid type in uapi header (bsc#1012628). - RDMA/hns: Remove the num_cqc_timer variable (bsc#1012628). - RDMA/rxe: Generate a completion for unsupported/invalid opcode (bsc#1012628). - ext4: only allow test_dummy_encryption when supported (bsc#1012628). - fs: add two trivial lookup helpers (bsc#1012628). - exportfs: support idmapped mounts (bsc#1012628). - md: Don't set mddev private to NULL in raid0 pers->free (bsc#1012628). - md: fix double free of io_acct_set bioset (bsc#1012628). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (bsc#1012628). - macsec: fix UAF bug for real_dev (bsc#1012628). - tty: n_gsm: Fix packet data hex dump output (bsc#1012628). - pinctrl/rockchip: support setting input-enable param (bsc#1012628). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1012628). - Update config files. * EFI_DISABLE_RUNTIME=n -- the default. * the rest is non-configurable. - Refresh patches.suse/vfs-add-super_operations-get_inode_dev. - commit b06f595 ++++ libX11: - Update to version 1.8.1 This release fixes the --enable-thread-safety-constructor option to the configure script to work as intended. In the previous release, the changes for this option may not have been enabled when the option was not specified or when the --enable option was specified. While we have enabled it by default, believing that doing so will reduce the number of bugs users encounter running libX11 clients, in some cases it may expose bugs in which clients had previously gotten away with calling libX11 functions while a libX11 lock is already held, and thus now deadlock, as discussed in https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/157 . ++++ nfs-utils: - 0001-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch Ensure sysctl setting work (bsc#1199856) - 0002-Update-autoconfig-files-to-work-with-v2.71.patch - 0003-autoconf-change-tirpc-to-check-for-a-file-not-for-an.patch Update for latest autoconf ++++ python310-core: - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the command injection in the mailcap module. - Fix building of documentation and the universal configuration of the %primary_interpreter. ++++ ceph: - Update to 16.2.9-158-gd93952c7eea: + cmake: check for python(\d)\.(\d+) when building boost + make-dist: patch boost source to support python 3.10 ++++ patterns-alp: - Ensure toolbox is installed by default. ++++ python310: - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the command injection in the mailcap module. - Fix building of documentation and the universal configuration of the %primary_interpreter. ++++ python-MarkupSafe: - Require python 3.6. There is no need to require a newer version and this way it builds on openSUSE Leap >= 15.3 ++++ python-cryptography: - Remove Python 3.6 deprecation warning on openSUSE Leap. * Added remove_python_3_6_deprecation_warning.patch ++++ python-gobject: - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs the actual pycairo underneath (boo#1179584). ++++ runc: - Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. (Includes a fix for bsc#1200088.) * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. * runc static binaries are now linked against libseccomp v2.5.4. - Remove upstreamed patches: - bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch ------------------------------------------------------------------ ------------------ 2022-6-8 - Jun 8 2022 ------------------- ------------------------------------------------------------------ ++++ dbus-1: - version provides - add split provides - remove unused/obsolete pre_checkin.sh ++++ dnsmasq: - Move the dbus-1 system.d file to /usr (bsc#1200344) ++++ glibc: - strncpy-power9-vsx.patch: powerpc: Fix VSX register number on __strncpy_power9 (BZ #29197) - nptl-cleanup-async-restore.patch: nptl: Fix __libc_cleanup_pop_restore asynchronous restore (bsc#1200093, BZ #29214) ++++ grub2: - Add tpm, tpm2, luks2 and gcry_sha512 to default grub.efi (bsc#1197625) - Make grub-tpm.efi a symlink to grub.efi * grub2.spec - Log error when tpm event log is full and continue * 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch - Patch superseded * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch - Add patches for automatic TPM disk unlock (jsc#SLE-24018) (bsc#1196668) * 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch * 0002-cryptodisk-Refactor-to-discard-have_it-global.patch * 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch * 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch * 0005-cryptodisk-Improve-cryptomount-u-error-message.patch * 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch * 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch * 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch * 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch * 0010-protectors-Add-key-protectors-framework.patch * 0011-tpm2-Add-TPM-Software-Stack-TSS.patch * 0012-protectors-Add-TPM2-Key-Protector.patch * 0013-cryptodisk-Support-key-protectors.patch * 0014-util-grub-protect-Add-new-tool.patch - Fix no disk unlocking happen (bsc#1196668) * 0001-crytodisk-fix-cryptodisk-module-looking-up.patch - Fix build error * fix-tpm2-build.patch ++++ kernel-default: - Update config files: disable CONFIG_NET_DSA_REALTEK_* on x86_64 (bsc#1200254) - commit 262234b - fs/ntfs3: Fix invalid free in log_replay (CVE-2022-1973 bsc#1200023). - commit 3433bd9 ++++ kernel-firmware: - Update to version 20220607 (git commit 02c69863c885): * rtl_bt: Update RTL8852A BT USB firmware to 0xDFB8_0634 * Makefile: replace mkdir by install * iwlwifi: remove old unsupported 3160/7260/7265/8000/8265 firmware * ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.9 * WHENCE: ath11k: move regdb.bin before board-2.bin * ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00157 * ath10k: QCA9888 hw2.0: update board-2.bin * ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00157 * ath10k: QCA4019 hw1.0: update board-2.bin * ath10k: WCN3990 hw1.0: add board-2.bin - Update aliases from 5.19-rc1 - Minor adjustment of spec template and makespec.sh to align with the latest TW format ++++ libcontainers-common: - Add missing comma to previous change ++++ systemd: - Import commit e9fc337d97539fcab23078ab3e06f6b2ce3a3c8d ca0b29521f sha256: fix compilation on efi-ia32 1bbbac6a7e test: enable virtio-rng device for QEMU guests ++++ usbredir: - Add upstream backported patches (boo#1199354): + 9426fdb1.patch: Check header length unserialising data. + dffc41c3.patch: usbredirect: fix leak on bad input. ++++ patterns-alp: - Remove k3s-linux requirement, it is now pulled by k3s-install. ++++ timezone: - switch to _multibuild - refresh keyring, enable keyring validation ++++ wpa_supplicant: - Move the dbus-1 system.d file to /usr (bsc#1200342) ------------------------------------------------------------------ ------------------ 2022-6-7 - Jun 7 2022 ------------------- ------------------------------------------------------------------ ++++ containerd: - Update to containerd v1.6.6 to fix CVE-2022-31030 and meet the requirements of Docker v20.10.17-ce. bsc#1200145 - Remove upstreamed patches: - bsc1200145-Limit-the-response-size-of-ExecSync.patch ++++ docker: - Update to Docker 20.10.17-ce. See upstream changelog online at . bsc#1200145 - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch ++++ kernel-default: - Update config files: restore CONFIG_I8K=y (bsc#1199958) - commit 04cadbf - update CVE and bugzilla references - patches.kernel.org/5.18.2-001-netfilter-nf_tables-disallow-non-stateful-expr.patch - add CVE-2022-1966 bsc#1200015 - patches.kernel.org/5.18.2-010-netfilter-nf_tables-sanitize-nft_set_desc_conc.patch - add CVE-2022-1972 bsc#1200019 - commit 6d13af9 - Update config files (only run_oldconfig.sh). - commit 695cfee ++++ ncurses: - Add ncurses patch 20220604 + add note on portable memory-leak checking in man/curs_memleaks.3x + remove u6-u9 from teken-2018 -TD + set "xterm-new" to "xterm-p370", add "xterm-p371" -TD ++++ libnftnl: - Update to release 1.2.2 * exthdr: tcp option reset support ++++ popt: - Create lang subpackage ++++ openssl: - Update to 1.1.1o release ------------------------------------------------------------------ ------------------ 2022-6-6 - Jun 6 2022 ------------------- ------------------------------------------------------------------ ++++ containerd: [ This patch was only released in SLES and Leap. ] - Backport patch to fix GHSA-5ffw-gxpp-mxpf CVE-2022-31030. bsc#1200145 + bsc1200145-Limit-the-response-size-of-ExecSync.patch - Update to containerd v1.5.12. Upstream release notes: ++++ kernel-default: - Update to 5.19-rc1 - eliminate 54 patches (48 stable, 5 mainline, 1 other) - patches.kernel.org/* - patches.rpmify/scripts-dummy-tools-add-pahole.patch - patches.suse/KVM-x86-avoid-calling-x86-emulator-without-a-decoded-instruction - patches.suse/Revert-net-af_key-add-check-for-pfkey_broadcast-in-f.patch - patches.suse/iommu-amd-Increase-timeout-waiting-for-GA-log-enablement - patches.suse/simplefb-Enable-boot-time-VESA-graphic-mode-selectio.patch - patches.rpmify/powerpc-64-BE-option-to-use-ELFv2-ABI-for-big-endian.patch - refresh - patches.suse/add-suse-supported-flag.patch - patches.suse/genksyms-add-override-flag.diff - patches.suse/kernel-add-product-identifying-information-to-kernel-build.patch - patches.suse/vfs-add-super_operations-get_inode_dev - 5.19-rc1 regression fix - patches.suse/drm-amdgpu-always-flush-the-TLB-on-gfx8.patch - disable ARM architectures (need config update) - new config options - General setup - CONFIG_BOOT_CONFIG_EMBED=n - CONFIG_INITRAMFS_PRESERVE_MTIME=y - Processor type and features - CONFIG_INTEL_TDX_GUEST=y - CONFIG_PERF_EVENTS_AMD_BRS=y - CONFIG_MICROCODE_LATE_LOADING=n - Enable loadable module support - CONFIG_MODULE_UNLOAD_TAINT_TRACKING=y - Memory Management options - CONFIG_PTE_MARKER_UFFD_WP=y - Networking support - CONFIG_CAN_CTUCANFD_PCI=m - File systems - CONFIG_CACHEFILES_ONDEMAND=n - CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP_DEFAULT_ON=n - Security options - CONFIG_TRUSTED_KEYS_TPM=y - CONFIG_TRUSTED_KEYS_TEE=y - CONFIG_RANDSTRUCT_NONE=y - Cryptographic API - CONFIG_CRYPTO_SM3_GENERIC=m - CONFIG_CRYPTO_SM4_GENERIC=m - CONFIG_SYSTEM_BLACKLIST_AUTH_UPDATE=y - Kernel hacking - CONFIG_DEBUG_NET=n - CONFIG_RCU_EXP_CPU_STALL_TIMEOUT=0 - Generic Driver Options - CONFIG_FW_LOADER_COMPRESS_XZ=y - CONFIG_FW_LOADER_COMPRESS_ZSTD=y - CONFIG_FW_UPLOAD=y - Firmware Drivers - CONFIG_EFI_DXE_MEM_ATTRIBUTES=y - CONFIG_EFI_DISABLE_RUNTIME=n - CONFIG_EFI_COCO_SECRET=y - Network device support - CONFIG_OCTEON_EP=m - CONFIG_SFC_SIENA=m - CONFIG_SFC_SIENA_MTD=y - CONFIG_SFC_SIENA_MCDI_MON=y - CONFIG_SFC_SIENA_SRIOV=y - CONFIG_SFC_SIENA_MCDI_LOGGING=y - CONFIG_ADIN1100_PHY=m - CONFIG_DP83TD510_PHY=m - CONFIG_WLAN_VENDOR_PURELIFI=y - CONFIG_PLFXLC=m - CONFIG_RTW89_8852CE=m - CONFIG_WLAN_VENDOR_SILABS=y - CONFIG_MTK_T7XX=m - Input device support - CONFIG_JOYSTICK_SENSEHAT=m - CONFIG_INPUT_IQS7222=m - Hardware Monitoring support - CONFIG_SENSORS_NCT6775_I2C=m - CONFIG_SENSORS_XDPE152=m - Sound card support - CONFIG_SND_SOC_CS35L45_SPI=m - CONFIG_SND_SOC_CS35L45_I2C=m - CONFIG_SND_SOC_MAX98396=m - CONFIG_SND_SOC_WM8731_I2C=n - CONFIG_SND_SOC_WM8731_SPI=n - CONFIG_SND_SOC_WM8940=n - Virtualization drivers - CONFIG_EFI_SECRET=m - CONFIG_SEV_GUEST=m - X86 Platform Specific Device Drivers - CONFIG_INTEL_IFS=m - CONFIG_WINMATE_FM07_KEYS=m - Industrial I/O support - CONFIG_DMARD06=n - CONFIG_IIO_RESCALE=m - CONFIG_DPOT_DAC=n - CONFIG_VF610_DAC=n - CONFIG_CM3605=n - CONFIG_AK8974=n - CONFIG_IIO_MUX=m - CONFIG_HTE=y - CONFIG_HTE=y - Misc devices - CONFIG_INTEL_MEI_GSC=m - CONFIG_MHI_BUS_EP=m - CONFIG_REGULATOR_RT5759=m - CONFIG_HID_MEGAWORLD_FF=m - CONFIG_TYPEC_MUX_FSA4480=m - CONFIG_LEDS_PWM_MULTICOLOR=m - CONFIG_CHROMEOS_ACPI=m - CONFIG_NVSW_SN2201=m - OF dependent (i386, ppc64/ppc64le, riscv64) - DRM_PANEL_NEWVISION_NV3052C=n - DRM_FSL_LDB=n - DRM_LONTIUM_LT9211=n - SND_SERIAL_GENERIC=m - LEDS_QCOM_LPG=m - OMAP_GPMC=m - OMAP_GPMC_DEBUG=n - PWM_XILINX=m - i386 - CAN_CTUCANFD_PLATFORM=m - ppc64/ppc64le - KASAN=n - s390x - S390_UV_UAPI=m - MUX_ADG792A=n - riscv64 - ERRATA_THEAD=y - ERRATA_THEAD_PBMT=y - RISCV_ISA_SVPBMT=y - KEXEC_FILE=y - COMPAT=y - ARCH_MMAP_RND_COMPAT_BITS=8 (default) - NETFILTER_XTABLES_COMPAT=y - CAN_CTUCANFD_PLATFORM=m - HW_RANDOM_POLARFIRE_SOC=m - DRM_DW_HDMI_GP_AUDIO=n - IMA_KEXEC=y - STACK_HASH_ORDER=20 (default) - PAGE_TABLE_CHECK=y - PAGE_TABLE_CHECK_ENFORCED=n - */debug - DEBUG_NET=y - commit 515f42c - Linux 5.18.2 (bsc#1012628). - netfilter: nf_tables: disallow non-stateful expression in sets earlier (bsc#1012628). - i2c: ismt: prevent memory corruption in ismt_access() (bsc#1012628). - assoc_array: Fix BUG_ON during garbage collect (bsc#1012628). - pipe: make poll_usage boolean and annotate its access (bsc#1012628). - pipe: Fix missing lock in pipe_resize_ring() (bsc#1012628). - net: ipa: compute proper aggregation limit (bsc#1012628). - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (bsc#1012628). - exfat: check if cluster num is valid (bsc#1012628). - netfilter: nft_limit: Clone packet limits' cost value (bsc#1012628). - netfilter: nf_tables: sanitize nft_set_desc_concat_parse() (bsc#1012628). - netfilter: nf_tables: hold mutex on netns pre_exit path (bsc#1012628). - netfilter: nf_tables: double hook unregistration in netns path (bsc#1012628). - netfilter: conntrack: re-fetch conntrack after insertion (bsc#1012628). - KVM: PPC: Book3S HV: fix incorrect NULL check on list iterator (bsc#1012628). - x86/fpu: KVM: Set the base guest FPU uABI size to sizeof(struct kvm_xsave) (bsc#1012628). - x86/kvm: Alloc dummy async #PF token outside of raw spinlock (bsc#1012628). - x86, kvm: use correct GFP flags for preemption disabled (bsc#1012628). - x86/uaccess: Implement macros for CMPXCHG on user addresses (bsc#1012628). - KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (bsc#1012628). - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (bsc#1012628). - KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (bsc#1012628). - KVM: x86: avoid loading a vCPU after .vm_destroy was called (bsc#1012628). - KVM: x86: Fix the intel_pt PMI handling wrongly considered from guest (bsc#1012628). - KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 (bsc#1012628). - KVM: x86/mmu: Don't rebuild page when the page is synced and no tlb flushing is required (bsc#1012628). - KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak (bsc#1012628). - crypto: caam - fix i.MX6SX entropy delay value (bsc#1012628). - crypto: ecrdsa - Fix incorrect use of vli_cmp (bsc#1012628). - crypto: qat - rework the VF2PF interrupt handling logic (bsc#1012628). - zsmalloc: fix races between asynchronous zspage free and page migration (bsc#1012628). - tools/memory-model/README: Update klitmus7 compat table (bsc#1012628). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (bsc#1012628). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (bsc#1012628). - ALSA: usb-audio: Configure sync endpoints before data (bsc#1012628). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (bsc#1012628). - ARM: dts: s5pv210: Correct interrupt name for bluetooth in Aries (bsc#1012628). - dm integrity: fix error code in dm_integrity_ctr() (bsc#1012628). - dm crypt: make printing of the key constant-time (bsc#1012628). - dm stats: add cond_resched when looping over entries (bsc#1012628). - dm verity: set DM_TARGET_IMMUTABLE feature flag (bsc#1012628). - raid5: introduce MD_BROKEN (bsc#1012628). - fs/ntfs3: validate BOOT sectors_per_clusters (bsc#1012628). - HID: multitouch: Add support for Google Whiskers Touchpad (bsc#1012628). - HID: multitouch: add quirks to enable Lenovo X12 trackpoint (bsc#1012628). - x86/sgx: Disconnect backing page references from dirty status (bsc#1012628). - x86/sgx: Mark PCMD page as dirty when modifying contents (bsc#1012628). - x86/sgx: Obtain backing storage page with enclave mutex held (bsc#1012628). - x86/sgx: Fix race between reclaimer and page fault handler (bsc#1012628). - x86/sgx: Ensure no data in PCMD page after truncate (bsc#1012628). - media: i2c: imx412: Fix reset GPIO polarity (bsc#1012628). - media: i2c: imx412: Fix power_off ordering (bsc#1012628). - tpm: Fix buffer access in tpm2_get_tpm_pt() (bsc#1012628). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1012628). - docs: submitting-patches: Fix crossref to 'The canonical patch format' (bsc#1012628). - NFS: Memory allocation failures are not server fatal errors (bsc#1012628). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (bsc#1012628). - bpf: Fill new bpf_prog_pack with illegal instructions (bsc#1012628). - bpf: Fix potential array overflow in bpf_trampoline_get_progs() (bsc#1012628). - bpf: Fix combination of jit blinding and pointers to bpf subprogs (bsc#1012628). - bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes (bsc#1012628). - bpf: Fix usage of trace RCU in local storage (bsc#1012628). - bpf: Fix excessive memory allocation in stack_map_alloc() (bsc#1012628). - bpf: Reject writes for PTR_TO_MAP_KEY in check_helper_mem_access (bsc#1012628). - bpf: Check PTR_TO_MEM | MEM_RDONLY in check_helper_mem_access (bsc#1012628). - bpf: Do write access check for kfunc and global func (bsc#1012628). - ALSA: usb-audio: Optimize TEAC clock quirk (bsc#1012628). - commit b7b9d3b ++++ alsa: - Backport upstream fixes for 32bit inode and ELD parsing: 0001-conf-Use-ino64_t-to-save-and-compare-inode-numbers.patch 0002-control-eld-fix-the-decoding-for-older-hw.patch ++++ libcontainers-common: - Add registry.suse.com as agreed on oSC22 Let's advertise usage of BCI images in general ++++ python310-core: - Update to 3.10.5: - Core and Builtins - gh-93418: Fixed an assert where an f-string has an equal sign ‘=’ following an expression, but there’s no trailing brace. For example, f”{i=”. - gh-91924: Fix __ltrace__ debug feature if the stdout encoding is not UTF-8. Patch by Victor Stinner. - gh-93061: Backward jumps after async for loops are no longer given dubious line numbers. - gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees. - The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for more details. - gh-92311: Fixed a bug where setting frame.f_lineno to jump over a list comprehension could misbehave or crash. - gh-92112: Fix crash triggered by an evil custom mro() on a metaclass. - gh-92036: Fix a crash in subinterpreters related to the garbage collector. When a subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a crash in deallocator functions expecting objects to be tracked by the GC, leak a strong reference to these objects on purpose, so they are never deleted and their deallocator functions are not called. Patch by Victor Stinner. - gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex. - bpo-47212: Raise IndentationError instead of SyntaxError for a bare except with no following indent. Improve SyntaxError locations for an un-parenthesized generator used as arguments. Patch by Matthieu Dartiailh. - bpo-47182: Fix a crash when using a named unicode character like "\N{digit nine}" after the main interpreter has been initialized a second time. - bpo-47117: Fix a crash if we fail to decode characters in interactive mode if the tokenizer buffers are uninitialized. Patch by Pablo Galindo. - bpo-39829: Removed the __len__() call when initializing a list and moved initializing to list_extend. Patch by Jeremiah Pascual. - bpo-46962: Classes and functions that unconditionally declared their docstrings ignoring the - -without-doc-strings compilation flag no longer do so. - The classes affected are ctypes.UnionType, pickle.PickleBuffer, testcapi.RecursingInfinitelyError, and types.GenericAlias. - The functions affected are 24 methods in ctypes. - Patch by Oleg Iarygin. - bpo-36819: Fix crashes in built-in encoders with error handlers that return position less or equal than the starting position of non-encodable characters. - Library - gh-93156: Accessing the pathlib.PurePath.parents sequence of an absolute path using negative index values produced incorrect results. - gh-89973: Fix re.error raised in fnmatch if the pattern contains a character range with upper bound lower than lower bound (e.g. [c-a]). Now such ranges are interpreted as empty ranges. - gh-93010: In a very special case, the email package tried to append the nonexistent InvalidHeaderError to the defect list. It should have been InvalidHeaderDefect. - gh-92839: Fixed crash resulting from calling bisect.insort() or bisect.insort_left() with the key argument not equal to None. - gh-91581: utcfromtimestamp() no longer attempts to resolve fold in the pure Python implementation, since the fold is never 1 in UTC. In addition to being slightly faster in the common case, this also prevents some errors when the timestamp is close to datetime.min. Patch by Paul Ganssle. - gh-92530: Fix an issue that occurred after interrupting threading.Condition.notify(). - gh-92049: Forbid pickling constants re._constants.SUCCESS etc. Previously, pickling did not fail, but the result could not be unpickled. - bpo-47029: Always close the read end of the pipe used by multiprocessing.Queue after the last write of buffered data to the write end of the pipe to avoid BrokenPipeError at garbage collection and at multiprocessing.Queue.close() calls. Patch by Géry Ogam. - gh-91401: Provide a fail-safe way to disable subprocess use of vfork() via a private subprocess._USE_VFORK attribute. While there is currently no known need for this, if you find a need please only set it to False. File a CPython issue as to why you needed it and link to that from a comment in your code. This attribute is documented as a footnote in 3.11. - gh-91910: Add missing f prefix to f-strings in error messages from the multiprocessing and asyncio modules. - gh-91810: ElementTree method write() and function tostring() now use the text file’s encoding (“UTF-8” if not available) instead of locale encoding in XML declaration when encoding="unicode" is specified. - gh-91832: Add required attribute to argparse.Action repr output. - gh-91700: Compilation of regular expression containing a conditional expression (?(group)...) now raises an appropriate re.error if the group number refers to not defined group. Previously an internal RuntimeError was raised. - gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown the per test event loop executor before returning from its run method so that a not yet stopped or garbage collected executor state does not persist beyond the test. - gh-90568: Parsing \N escapes of Unicode Named Character Sequences in a regular expression raises now re.error instead of TypeError. - gh-91595: Fix the comparison of character and integer inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu. - gh-90622: Worker processes for concurrent.futures.ProcessPoolExecutor are no longer spawned on demand (a feature added in 3.9) when the multiprocessing context start method is "fork" as that can lead to deadlocks in the child processes due to a fork happening while threads are running. - gh-91575: Update case-insensitive matching in the re module to the latest Unicode version. - gh-91581: Remove an unhandled error case in the C implementation of calls to datetime.fromtimestamp with no time zone (i.e. getting a local time from an epoch timestamp). This should have no user-facing effect other than giving a possibly more accurate error message when called with timestamps that fall on 10000-01-01 in the local time. Patch by Paul Ganssle. - bpo-47260: Fix os.closerange() potentially being a no-op in a Linux seccomp sandbox. - bpo-39064: zipfile.ZipFile now raises zipfile.BadZipFile instead of ValueError when reading a corrupt zip file in which the central directory offset is negative. - bpo-47151: When subprocess tries to use vfork, it now falls back to fork if vfork returns an error. This allows use in situations where vfork isn’t allowed by the OS kernel. - bpo-27929: Fix asyncio.loop.sock_connect() to only resolve names for socket.AF_INET or socket.AF_INET6 families. Resolution may not make sense for other families, like socket.AF_BLUETOOTH and socket.AF_UNIX. - bpo-43323: Fix errors in the email module if the charset itself contains undecodable/unencodable characters. - bpo-47101: hashlib.algorithms_available now lists only algorithms that are provided by activated crypto providers on OpenSSL 3.0. Legacy algorithms are not listed unless the legacy provider has been loaded into the default OSSL context. - bpo-46787: Fix concurrent.futures.ProcessPoolExecutor exception memory leak - bpo-45393: Fix the formatting for await x and not x in the operator precedence table when using the help() system. - bpo-46415: Fix ipaddress.ip_{address,interface,network} raising TypeError instead of ValueError if given invalid tuple as address parameter. - bpo-28249: Set doctest.DocTest.lineno to None when object does not have __doc__. - bpo-45138: Fix a regression in the sqlite3 trace callback where bound parameters were not expanded in the passed statement string. The regression was introduced in Python 3.10 by bpo-40318. Patch by Erlend E. Aasland. - bpo-44493: Add missing terminated NUL in sockaddr_un’s length - This was potentially observable when using non-abstract AF_UNIX datagram sockets to processes written in another programming language. - bpo-42627: Fix incorrect parsing of Windows registry proxy settings - bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of cursors in sqlite3 converters. Patch by Sergey Fedoseev. - Documentation - gh-86438: Clarify that -W and PYTHONWARNINGS are matched literally and case-insensitively, rather than as regular expressions, in warnings. - gh-92240: Added release dates for “What’s New in Python 3.X” for 3.0, 3.1, 3.2, 3.8 and 3.10 - gh-91888: Add a new gh role to the documentation to link to GitHub issues. - gh-91783: Document security issues concerning the use of the function shutil.unpack_archive() - gh-91547: Remove “Undocumented modules” page. - bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of shutil.copytree(). - bpo-38668: Update the introduction to documentation for os.path to remove warnings that became irrelevant after the implementations of PEP 383 and PEP 529. - bpo-47138: Pin Jinja to a version compatible with Sphinx version 3.2.1. - bpo-46962: All docstrings in code snippets are now wrapped into PyDoc_STR() to follow the guideline of PEP 7’s Documentation Strings paragraph. Patch by Oleg Iarygin. - bpo-26792: Improve the docstrings of runpy.run_module() and runpy.run_path(). Original patch by Andrew Brezovsky. - bpo-40838: Document that inspect.getdoc(), inspect.getmodule(), and inspect.getsourcefile() might return None. - bpo-45790: Adjust inaccurate phrasing in Defining Extension Types: Tutorial about the ob_base field and the macros used to access its contents. - bpo-42340: Document that in some circumstances KeyboardInterrupt may cause the code to enter an inconsistent state. Provided a sample workaround to avoid it if needed. - bpo-41233: Link the errnos referenced in Doc/library/exceptions.rst to their respective section in Doc/library/errno.rst, and vice versa. Previously this was only done for EINTR and InterruptedError. Patch by Yan “yyyyyyyan” Orestes. - bpo-38056: Overhaul the Error Handlers documentation in codecs. - bpo-13553: Document tkinter.Tk args. - Tests - gh-92886: Fixing tests that fail when running with optimizations (-O) in test_imaplib.py. - gh-92670: Skip test_shutil.TestCopy.test_copyfile_nonexistent_dir test on AIX as the test uses a trailing slash to force the OS consider the path as a directory, but on AIX the trailing slash has no effect and is considered as a file. - gh-91904: Fix initialization of PYTHONREGRTEST_UNICODE_GUARD which prevented running regression tests on non-UTF-8 locale. - gh-91607: Fix test_concurrent_futures to test the correct multiprocessing start method context in several cases where the test logic mixed this up. - bpo-47205: Skip test for sched_getaffinity() and sched_setaffinity() error case on FreeBSD. - bpo-47104: Rewrite asyncio.to_thread() tests to use unittest.IsolatedAsyncioTestCase. - bpo-29890: Add tests for ipaddress.IPv4Interface and ipaddress.IPv6Interface construction with tuple arguments. Original patch and tests by louisom. - Tools/Demos - gh-91583: Fix regression in the code generated by Argument Clinic for functions with the defining_class parameter. ++++ python310: - Update to 3.10.5: - Core and Builtins - gh-93418: Fixed an assert where an f-string has an equal sign ‘=’ following an expression, but there’s no trailing brace. For example, f”{i=”. - gh-91924: Fix __ltrace__ debug feature if the stdout encoding is not UTF-8. Patch by Victor Stinner. - gh-93061: Backward jumps after async for loops are no longer given dubious line numbers. - gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees. - The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for more details. - gh-92311: Fixed a bug where setting frame.f_lineno to jump over a list comprehension could misbehave or crash. - gh-92112: Fix crash triggered by an evil custom mro() on a metaclass. - gh-92036: Fix a crash in subinterpreters related to the garbage collector. When a subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a crash in deallocator functions expecting objects to be tracked by the GC, leak a strong reference to these objects on purpose, so they are never deleted and their deallocator functions are not called. Patch by Victor Stinner. - gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex. - bpo-47212: Raise IndentationError instead of SyntaxError for a bare except with no following indent. Improve SyntaxError locations for an un-parenthesized generator used as arguments. Patch by Matthieu Dartiailh. - bpo-47182: Fix a crash when using a named unicode character like "\N{digit nine}" after the main interpreter has been initialized a second time. - bpo-47117: Fix a crash if we fail to decode characters in interactive mode if the tokenizer buffers are uninitialized. Patch by Pablo Galindo. - bpo-39829: Removed the __len__() call when initializing a list and moved initializing to list_extend. Patch by Jeremiah Pascual. - bpo-46962: Classes and functions that unconditionally declared their docstrings ignoring the - -without-doc-strings compilation flag no longer do so. - The classes affected are ctypes.UnionType, pickle.PickleBuffer, testcapi.RecursingInfinitelyError, and types.GenericAlias. - The functions affected are 24 methods in ctypes. - Patch by Oleg Iarygin. - bpo-36819: Fix crashes in built-in encoders with error handlers that return position less or equal than the starting position of non-encodable characters. - Library - gh-93156: Accessing the pathlib.PurePath.parents sequence of an absolute path using negative index values produced incorrect results. - gh-89973: Fix re.error raised in fnmatch if the pattern contains a character range with upper bound lower than lower bound (e.g. [c-a]). Now such ranges are interpreted as empty ranges. - gh-93010: In a very special case, the email package tried to append the nonexistent InvalidHeaderError to the defect list. It should have been InvalidHeaderDefect. - gh-92839: Fixed crash resulting from calling bisect.insort() or bisect.insort_left() with the key argument not equal to None. - gh-91581: utcfromtimestamp() no longer attempts to resolve fold in the pure Python implementation, since the fold is never 1 in UTC. In addition to being slightly faster in the common case, this also prevents some errors when the timestamp is close to datetime.min. Patch by Paul Ganssle. - gh-92530: Fix an issue that occurred after interrupting threading.Condition.notify(). - gh-92049: Forbid pickling constants re._constants.SUCCESS etc. Previously, pickling did not fail, but the result could not be unpickled. - bpo-47029: Always close the read end of the pipe used by multiprocessing.Queue after the last write of buffered data to the write end of the pipe to avoid BrokenPipeError at garbage collection and at multiprocessing.Queue.close() calls. Patch by Géry Ogam. - gh-91401: Provide a fail-safe way to disable subprocess use of vfork() via a private subprocess._USE_VFORK attribute. While there is currently no known need for this, if you find a need please only set it to False. File a CPython issue as to why you needed it and link to that from a comment in your code. This attribute is documented as a footnote in 3.11. - gh-91910: Add missing f prefix to f-strings in error messages from the multiprocessing and asyncio modules. - gh-91810: ElementTree method write() and function tostring() now use the text file’s encoding (“UTF-8” if not available) instead of locale encoding in XML declaration when encoding="unicode" is specified. - gh-91832: Add required attribute to argparse.Action repr output. - gh-91700: Compilation of regular expression containing a conditional expression (?(group)...) now raises an appropriate re.error if the group number refers to not defined group. Previously an internal RuntimeError was raised. - gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown the per test event loop executor before returning from its run method so that a not yet stopped or garbage collected executor state does not persist beyond the test. - gh-90568: Parsing \N escapes of Unicode Named Character Sequences in a regular expression raises now re.error instead of TypeError. - gh-91595: Fix the comparison of character and integer inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu. - gh-90622: Worker processes for concurrent.futures.ProcessPoolExecutor are no longer spawned on demand (a feature added in 3.9) when the multiprocessing context start method is "fork" as that can lead to deadlocks in the child processes due to a fork happening while threads are running. - gh-91575: Update case-insensitive matching in the re module to the latest Unicode version. - gh-91581: Remove an unhandled error case in the C implementation of calls to datetime.fromtimestamp with no time zone (i.e. getting a local time from an epoch timestamp). This should have no user-facing effect other than giving a possibly more accurate error message when called with timestamps that fall on 10000-01-01 in the local time. Patch by Paul Ganssle. - bpo-47260: Fix os.closerange() potentially being a no-op in a Linux seccomp sandbox. - bpo-39064: zipfile.ZipFile now raises zipfile.BadZipFile instead of ValueError when reading a corrupt zip file in which the central directory offset is negative. - bpo-47151: When subprocess tries to use vfork, it now falls back to fork if vfork returns an error. This allows use in situations where vfork isn’t allowed by the OS kernel. - bpo-27929: Fix asyncio.loop.sock_connect() to only resolve names for socket.AF_INET or socket.AF_INET6 families. Resolution may not make sense for other families, like socket.AF_BLUETOOTH and socket.AF_UNIX. - bpo-43323: Fix errors in the email module if the charset itself contains undecodable/unencodable characters. - bpo-47101: hashlib.algorithms_available now lists only algorithms that are provided by activated crypto providers on OpenSSL 3.0. Legacy algorithms are not listed unless the legacy provider has been loaded into the default OSSL context. - bpo-46787: Fix concurrent.futures.ProcessPoolExecutor exception memory leak - bpo-45393: Fix the formatting for await x and not x in the operator precedence table when using the help() system. - bpo-46415: Fix ipaddress.ip_{address,interface,network} raising TypeError instead of ValueError if given invalid tuple as address parameter. - bpo-28249: Set doctest.DocTest.lineno to None when object does not have __doc__. - bpo-45138: Fix a regression in the sqlite3 trace callback where bound parameters were not expanded in the passed statement string. The regression was introduced in Python 3.10 by bpo-40318. Patch by Erlend E. Aasland. - bpo-44493: Add missing terminated NUL in sockaddr_un’s length - This was potentially observable when using non-abstract AF_UNIX datagram sockets to processes written in another programming language. - bpo-42627: Fix incorrect parsing of Windows registry proxy settings - bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of cursors in sqlite3 converters. Patch by Sergey Fedoseev. - Documentation - gh-86438: Clarify that -W and PYTHONWARNINGS are matched literally and case-insensitively, rather than as regular expressions, in warnings. - gh-92240: Added release dates for “What’s New in Python 3.X” for 3.0, 3.1, 3.2, 3.8 and 3.10 - gh-91888: Add a new gh role to the documentation to link to GitHub issues. - gh-91783: Document security issues concerning the use of the function shutil.unpack_archive() - gh-91547: Remove “Undocumented modules” page. - bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of shutil.copytree(). - bpo-38668: Update the introduction to documentation for os.path to remove warnings that became irrelevant after the implementations of PEP 383 and PEP 529. - bpo-47138: Pin Jinja to a version compatible with Sphinx version 3.2.1. - bpo-46962: All docstrings in code snippets are now wrapped into PyDoc_STR() to follow the guideline of PEP 7’s Documentation Strings paragraph. Patch by Oleg Iarygin. - bpo-26792: Improve the docstrings of runpy.run_module() and runpy.run_path(). Original patch by Andrew Brezovsky. - bpo-40838: Document that inspect.getdoc(), inspect.getmodule(), and inspect.getsourcefile() might return None. - bpo-45790: Adjust inaccurate phrasing in Defining Extension Types: Tutorial about the ob_base field and the macros used to access its contents. - bpo-42340: Document that in some circumstances KeyboardInterrupt may cause the code to enter an inconsistent state. Provided a sample workaround to avoid it if needed. - bpo-41233: Link the errnos referenced in Doc/library/exceptions.rst to their respective section in Doc/library/errno.rst, and vice versa. Previously this was only done for EINTR and InterruptedError. Patch by Yan “yyyyyyyan” Orestes. - bpo-38056: Overhaul the Error Handlers documentation in codecs. - bpo-13553: Document tkinter.Tk args. - Tests - gh-92886: Fixing tests that fail when running with optimizations (-O) in test_imaplib.py. - gh-92670: Skip test_shutil.TestCopy.test_copyfile_nonexistent_dir test on AIX as the test uses a trailing slash to force the OS consider the path as a directory, but on AIX the trailing slash has no effect and is considered as a file. - gh-91904: Fix initialization of PYTHONREGRTEST_UNICODE_GUARD which prevented running regression tests on non-UTF-8 locale. - gh-91607: Fix test_concurrent_futures to test the correct multiprocessing start method context in several cases where the test logic mixed this up. - bpo-47205: Skip test for sched_getaffinity() and sched_setaffinity() error case on FreeBSD. - bpo-47104: Rewrite asyncio.to_thread() tests to use unittest.IsolatedAsyncioTestCase. - bpo-29890: Add tests for ipaddress.IPv4Interface and ipaddress.IPv6Interface construction with tuple arguments. Original patch and tests by louisom. - Tools/Demos - gh-91583: Fix regression in the code generated by Argument Clinic for functions with the defining_class parameter. ------------------------------------------------------------------ ------------------ 2022-6-5 - Jun 5 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - removed libkms BuildRequires, since it has been dropped from libdrm ++++ Mesa-drivers: - removed libkms BuildRequires, since it has been dropped from libdrm ++++ iproute2: - update to 5.18: This is the release of iproute2 corresponding to the 5.18 kernel. There are not many new features in this release. * The build issues with libbpf should be fixed now. * Building with clang is now supported. * There are still some warnings with gcc-12 that will need to be fixed in the upstream kernel headers. ------------------------------------------------------------------ ------------------ 2022-6-4 - Jun 4 2022 ------------------- ------------------------------------------------------------------ ++++ lua54: - Added more numbered patches from upstream: * luabugs3.patch * luabugs4.patch (bsc#1201146, CVE-2022-33099) * luabugs5.patch ++++ python-Jinja2: - update to 3.1.2: * Add parameters to ``Environment.overlay`` to match ``__init__``. * Handle race condition in ``FileSystemBytecodeCache``. :issue:`1654` ------------------------------------------------------------------ ------------------ 2022-6-3 - Jun 3 2022 ------------------- ------------------------------------------------------------------ ++++ k3s-install: - Ensure k3s-selinux is required, instead of container-selinux. ++++ kernel-default: - Remove mistakenly enabled CONFIG_JBD2_DEBUG. - commit 7534680 ++++ libdrm: - update to 2.4.111 * bugfixes * drops libkms - added tegra-* tools on aarch64 to spefile ++++ patterns-alp: - Add k3s-selinux until fixed k3s-install pulls it. - Preinstall k3s-install. - No long requires haveged (boo#1190024): The mainline Linux Kernel has now HAVEGED algorithm build in internally (since version 5.6). ++++ toolbox: - Update to version 2.3+git20220603.bbeda2e: * Allow to choose runtime and try to retain the user's groups * (Try to) Avoid problems when packages touching bind mounts are upgraded * Try to make sure that (some) foreign distro images (kind of) work as toolboxes * Do not stop a toolbox with something running inside * Exit if neither podman or docker are usable * Support passing just the name of the container to create and enter command * Fix cleanup logic and make toolbox start a little less verbose * Always pull when creating a new toolbox * Add a "more sandboxing" mode ------------------------------------------------------------------ ------------------ 2022-6-2 - Jun 2 2022 ------------------- ------------------------------------------------------------------ ++++ ALP-build-key: - Initial key package for ALP ++++ Mesa: - Update to 22.1.1 * first bugfix release - supersedes U_llvmpipe-flush-resources-for-kms-swrast-path.patch ++++ Mesa-drivers: - Update to 22.1.1 * first bugfix release - supersedes U_llvmpipe-flush-resources-for-kms-swrast-path.patch ++++ openssl-1_1: - Update to 1.1.1o: [CVE-2022-1292, bsc#1199166] * Fixed a bug in the c_rehash script which was not properly sanitising shell metacharacters to prevent command injection. * Rebased openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch * Rebased openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch - Added openssl-update_expired_certificates.patch * Openssl failed tests because of expired certificates. * bsc#1185637 * Sourced from https://github.com/openssl/openssl/pull/18446/commits ++++ ceph: - Update to ceph-16.2.9-58-ge2e5cb80063: + (bsc#1200064, pr#480) Remove last vestiges of docker.io image paths ++++ snapper: - added generic plugin support (gh#openSUSE/snapper#727) ++++ unbound: - update to 1.16.0 * Features - Merge PR #604: Add basic support for EDE (RFC8914). * Bug Fixes - Fix #412: cache invalidation issue with CNAME+A. - Fix that TCP interface does not use TLS when TLS is also configured. - Fix #624: Unable to stop Unbound in Windows console (does not respond to CTRL+C command). - Fix #618: enabling interface-automatic disables DNS-over-TLS. Adds the option to list interface-automatic-ports. - Remove debug info from #618 fix. - Fix #628: A rpz-passthru action is not ending RPZ zone processing. - Fix for #628: fix rpz-passthru for qname trigger by localzone type. - Fix that address not available is squelched from the logs for udp connect failures. It is visible on verbosity 4 and more. - Merge #631 from mollyim: Replace OpenSSL's ERR_PACK with ERR_GET_REASON. - Fix to detect that no IPv6 support means that IPv6 addresses are useless for delegation point lookups. - update Makefile dependencies. - Fix check interface existence for support detection in remote lookup. - Fix #633: Document unix domain socket support for unbound-control. - Fix for #633: updated fix with new text. - Fix edns client subnet to add the option based on the option list, so that it is not state dependent, after the state fix of #605 for double EDNS options. - Fix for edns client subnet option add fix in removal code, from review. - Fix #630: Unify the RPZ log messages. - Merge #623 from rex4539: Fix typos. - Fix pythonmod for change in iter_dp_is_useless function prototype. - Fix compile warnings for printf ll format on mingw compile. - Merge PR #632 from scottrw93: Match cnames in ipset. - Various fixes for #632: variable initialisation, convert the qinfo to str once, accept trailing dot in the local-zone ipset option. - Fix #637: Integer Overflow in sldns_str2period function. - Fix for #637: fix integer overflow checks in sldns_str2period. - Fix configure for python to use sysutils, because distutils is deprecated. It uses sysutils when available, distutils otherwise. - Merge #644: Make `install-lib` make target install the pkg-config file. - Fix to ensure uniform handling of spaces and tabs when parsing RRs. - Fix to describe auth-zone and other configuration at the local-zone configuration option, to allow for more broadly view of the options. - Merge PR #648 from eaglegai: fix -q doesn't work when use with 'unbound-control stats_shm'. - Fix #651: [FR] Better logging for refused queries. - Fix spelling error in comment in sldns_str2wire_svcparam_key_lookup. - Fix zonemd check to allow unsupported algorithms to load. If there are only unsupported algorithms, or unsupported schemes, and no failed or successful other ZONEMD records, or malformed or bad ZONEMD records, the unsupported records allow the zone load. - Fix zonemd unsupported algo check. - Fix zonemd unsupported algo check reason to not copy to next record, and check for success for debug printout. - Fix zonemd unsupported algo check to print unsupported reason before zeroing it. - Fix zonemd unsupported algo check to set reason to NULL before the check routine, but after malformed checks, to get the correct NULL output when the digest matches. - Fix #670: SERVFAIL problems with unbound 1.15.0 running on OpenBSD 7.1. - Fix Python build in non-source directory; based on patch by Michael Tokarev. - Fix #673: DNS over TLS: error: SSL_handshake syscall: No route to host. - Merge #677: Allow using system certificates not only on Windows, from pemensik. - For #677: Added tls-system-cert to config parser and documentation. - Fix #417: prefetch and ECS causing cache corruption when used together. - Fix #678: [FR] modify behaviour of unbound-control rpz_enable zone, by updating unbound-control's documentation. - Fix typos in config_set_option for the 'num-threads' and 'ede-serve-expired' options. - Fix to silence test for ede error output to the console from the test setup script. - Fix ede test to not use default pidfile, and use local interface. - Fix some lint type warnings. - Fix #684: [FTBS] configure script error with libmnl on openSUSE 15.3 (and possibly other distributions) ++++ patterns-alp: - Requires ALP-build-key. ++++ suse-module-tools: - Update to version 16.0.20: * Bump version to 16.0.20 * driver-check.sh: avoid false positive error messages (boo#1200107) * don't hardcode /boot for kernel-related files (boo#1199873) * spec file: use "install -p" consistently ++++ xkeyboard-config: - U_Fixes-regression-from-c3c5d02-were-mistakenly-replac.patch * Regression fixed from c3c5d02rules: sort the names of multimedia keyboards alphabetically "\" at the end of line were mistakenly replacd by "/" - Update to version 2.36 * bugfixes * removed autotools support :-( - switched to meson ------------------------------------------------------------------ ------------------ 2022-6-1 - Jun 1 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - Add patch to fix glitches with KMS (boo#1199885): * U_llvmpipe-flush-resources-for-kms-swrast-path.patch ++++ Mesa-drivers: - Add patch to fix glitches with KMS (boo#1199885): * U_llvmpipe-flush-resources-for-kms-swrast-path.patch ++++ hwdata: - Update to version 0.360 (bsc#1200110): + Updated pci, usb and vendor ids. ++++ kernel-default: - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - commit dfccb72 - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - commit 0578d76 - KVM: x86: avoid calling x86 emulator without a decoded instruction (CVE-2022-1852 bsc#1199875). - commit b4b07c8 - KVM: x86: avoid calling x86 emulator without a decoded instruction (CVE-2022-1852 bsc#1199875). - commit 01a406d ++++ alsa: - Update to version 1.2.7: more extended UCM API, PCM rate,multi,direct plugin fixes and enhancements, compilation fixes, etc. For details see: https://www.alsa-project.org/wiki/Changes_v1.2.6.3_v1.2.7#alsa-lib ++++ parted: - use static keyring file (and switch to the release team keyring) ++++ systemd: - Upgrade to v251.2 (commit 949d6bb7201dd48167ee9716ed6278764d1f4c0f) See https://github.com/openSUSE/systemd/blob/SUSE/v251/NEWS for details. This includes the following bug fixes: - upstream commit e6b169418369abbc88c8f622e02e1d704a23d4ef (bsc#1137373 bsc#1181658 bsc#1194708 bsc#1195157 bsc#1197570) * Rebased 0001-conf-parser-introduce-early-drop-ins.patch * systemd-testsuite now requires python3-pexpect due to TEST-69-SHUTDOWN relying on this module. * sysusers.d/systemd-network.conf has been moved to systemd-network sub-package since the tmpfiles configuration snippets for networkd has also been moved to this sub-package. ++++ libvirt: - Update to libvirt 8.4.0 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v8-4-0-2022-06-01 ++++ pam: - Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d ++++ patterns-base: - No long recommend haveged (boo#1190024): The mainline Linux Kernel has now HAVEGED algorithm build in internally (since version 5.6). ++++ python-libvirt-python: - Update to 8.4.0 - Add all new APIs and constants in libvirt 8.4.0 ++++ python-pyOpenSSL: - Shift BuildRequires on openssl, it's only required for tests. ------------------------------------------------------------------ ------------------ 2022-5-31 - May 31 2022 ------------------- ------------------------------------------------------------------ ++++ glib2: - Update to version 2.72.2: + Bugs fixed: glgo#GNOME/GLib#2640, glgo#GNOME/GLib!2605, glgo#GNOME/GLib!2616, glgo#GNOME/GLib!2629, glgo#GNOME/GLib!2643, glgo#GNOME/GLib!2644, glgo#GNOME/GLib!2662, glgo#GNOME/GLib!2691. + Updated translations. ++++ grub2: - Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) * 0001-video-Remove-trailing-whitespaces.patch * 0002-loader-efi-chainloader-Simplify-the-loader-state.patch * 0003-commands-boot-Add-API-to-pass-context-to-loader.patch - Fix CVE-2022-28736 (bsc#1198496) * 0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch - Fix CVE-2022-28735 (bsc#1198495) * 0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch * 0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch * 0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch * 0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch - Fix CVE-2021-3695 (bsc#1191184) * 0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch - Fix CVE-2021-3696 (bsc#1191185) * 0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch * 0011-video-readers-png-Sanity-check-some-huffman-codes.patch * 0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch * 0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch * 0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch - Fix CVE-2021-3697 (bsc#1191186) * 0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch * 0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch - Fix CVE-2022-28733 (bsc#1198460) * 0017-net-ip-Do-IP-fragment-maths-safely.patch * 0018-net-netbuff-Block-overly-large-netbuff-allocs.patch * 0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch * 0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch * 0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch * 0022-net-tftp-Avoid-a-trivial-UAF.patch * 0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch - Fix CVE-2022-28734 (bsc#1198493) * 0024-net-http-Fix-OOB-write-for-split-http-headers.patch - Fix CVE-2022-28734 (bsc#1198493) * 0025-net-http-Error-out-on-headers-with-LF-without-CR.patch * 0026-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch * 0027-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch * 0028-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch * 0029-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch * 0030-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch * 0031-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch * 0032-Use-grub_loader_set_ex-for-secureboot-chainloader.patch - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused by 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch, when the root LV is completely in the boot LUN (bsc#1197948) * 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch ++++ k3s-install: - Drop inform-user-of-current-k3s-SELinux-support.patch, no longer needed. - Add dependency on container-selinux. - Drop dependencies on containerd, cni-plugins, conntrack-tools, runc packages since k3s ships its own stack. - Update to version 1.23.6+k3s1: * Fix issue with datastore corruption on cluster-reset (#5515) * Bump containerd for selinux fix (#5507) * Secrets Encryption: Add RetryOnConflict around updating nodes (#5495) * Fix issue with long-running apiserver endpoints watch (#5478) * Update Kubernetes to v1.23.6 (#5477) * Fix default ipv6 cidr (#5467) * E2E Validation Improvements (#5444) * Add s390x arch support for k3s (#5018) * Bump etcd to 3.5.3-k3s1 * Move IPv4/v6 selection into helpers * Fix issue with RKE2 servers hanging on listing apiserver addresses * Print a helpful error when trying to join additional servers but etcd is not in use * Use core constants for cert user/group values * Bump containerd to v1.5.11-k3s1 * Added option to deploy hardened k3s (#5415) * Added support for repeated extra arguments * update sonobuoy to 0.56.4 (#5419) * Bump Reencryption Test timeout, improve comments (#5431) * Added default endpoint for IPv6 * Update golangci-lint to 1.45.2 * fixes and updates to jenkinsfile (#5370) * Fixed flannel backend helper text * update trivy to 0.25.3 * fix: non-idiomatic returning of boolean expression (#5343) * Add certificate rotation integration tests (#5393) * Update helm-controller version * Move the apiserver addresses controller into the etcd package * Updated wireguard-native options and added log message * Added new flannel backend to use wireguard from flannel * Fix crash on early snapshot * Don't print password conversion rate * Allow agents to query non-apiserver supervisors for apiserver endpoints * Add client certificate authentication support to core Authenticator * Redact datastore and etcd snapshot config from serialization * netpol: Add dual-stack support * Allow using flannel wireguard backend in a custom config * Fixed http URL on etcd * Fixed loadbalancer in case of IPv6 addresses * Fixed etcd register * Fixed client URL * Skip setting up client tls when etcd server does not have tls enabled * add a wrapper around the containerd.New call to fix and pass the proper npipe connector * Updated localhost address on IPv6 only setup * Defragment etcd datastore before clearing alarms * Fix etcd-only secrets encryption rotation * Properly attach secrets-encrypt events to the node resource * Fix log spam due to servicelb event recorder namespace conflict * Ensure that apiserver ready channel checks re-dial every time * Fixed etcd URL in case of IPv6 address * vagrant: Set mount options for NFS * vagrant: Enable IPv6 and IP forwarding * go generate * Bump coredns to v1.9.1 * Update Kubernetes to v1.23.5-k3s1 * Refactor automation using terraform (#5268) * Defer ensuring node passwords on etcd-only nodes during initial cluster bootstrap * Replace CentOS 8 with Rocky Linux 8 for install testing (#5279) * E2E Split Server Test (#5286) * Handle empty entries in bootstrap path map * Update helm-controller * Track upstream changes to kubectl command execution * Add cross-compilation as sanity check (#5255) * Close additional leaked GPRC clients * Testing directory and documentation rework. (#5256) * Changed ipv6 config on flannel setup * Added ipv6 only support with flannel * fix function arg call (#5234) * Populate EtcdConfig in runtime from datastore when etcd is disabled (#5222) * Fixed log in case of ipv6 only config * Added switch case to check netMode * Fixed in case of empty address * Updated flannel to 0.17 * Support MixedProtocolLBService and clean up Daemonsets on type change. * Update Fossa API key variable to match what the plugin wants * Bump containerd to v1.5.10-k3s1 * Mark 1.22.7 as stable (#5192) * [master] changing package to k3s-io (#4846) * servicelb pool selector * Switch to drone-fossa plugin * E2E Add external DB options to ValidateCluster test (#5157) * Bootstrap the executor even when the agent is disabled * Fix etcd-snapshot commands by making setup more consistent. * Ignore cluster membership errors when reconciling from temp etcd * Move temporary etcd startup into etcd module * Wait for process to exit before returning from kill helper * Add function to clear local alarms on etcd startup * E2E secrets encryption test (#5144) * Add http/2 support to API server (#5149) * Disable ineffassign CI plugin for excessive false positives * Fix adding etcd-only node to existing cluster * Bump up github.com/containerd/stargz-snapshotter (v0.11.0) (#5032) * Remove unnecessary copies of etcdconfig struct * Remove unnecessary copies of runtime struct * Fix cluster bootstrap test * Add contributors documentation (#5154) * Add `--json` flag for `k3s secrets-encrypt status` (#5127) * add ability to specify etcd snapshot list output format (#5132) * Create encryption hash file if it doesn't exist (#5140) * Move testing lock from server creation to test start (#5155) * Update to V1.23.4 k3s1 (#5135) * Fix deploy controller resource deletion * Fix annoying netpol log * Add support for IPv6 only mode * E2E Test Improvements (#5102) * Migrate Ginkgo testing framework to V2, consolidate integration tests (#5097) * Add k3s etcd restoration integration test (#5014) * Remove the iptables rules from ipmasq flannel * Fix cluster validation and add upgrade cluster test (#5020) * Update CentOS 8 smoke vm's with vault repositories (#5092) * netpol: Use kube-router as a library * Check for `--kubeconfig` flag with embedded `kubectl` (#5064) * Update legacy-unknown-cert and legacy-unknown-key (#5057) * Bump K3s stable to v1.22.6 (#5050) * Update versions: * Fixes to Drone CI Stability (#4897) * Add server flag to access nonlocal/nondefault k3s server (#5016) * Update to v1.23.3 (#5027) * Add Rocket.Chat to list of adopters (#5017) * Move containerd wait into exported function * Update to v1.23.2 (#4997) * Add new upgradecluster E2E test (#4900) * Update packaged components * go generate * Upgrade: metrics server version bump from v0.5.0 to v0.5.2 * Remove ip6table rules when cleaning up k3s * Added debug log for IPv6 Masquerading rule * Bump etcd and containerd to track upstream * Skip CGroup v2 evac when agent is disabled * Added flannel-ipv6-masq flag to enable IPv6 nat * Added iptables masquerade rules for ipv6 on flannel * Adds the ability to compress etcd snapshots (#4866) * Enable logging on all subcommands (#4921) * Move ClusterResetRestore handling ControlConfig setup * Update building documentation for macOS (#4850) * Add basic etcd join test * Fix handling of agent-token fallback to token * Fix use of agent creds for secrets-encrypt and config validate * Don't skip the dev image when skipping airgap * Fix a typo: advertise-up -> advertise-ip (#4827) * Integration tests utilities improvements (#4832) * Enable make generate to use dapper and standardize go and gzip versions (#4861) * linter doesn't actually run on windows, found these while getting it running on a windows machine * Update channel.yaml for 1.23 * Export default parser * Require integration test to be run as sudo/root (#4824) * Fix cgroup smoke test (#4823) * Update golang * Update modules for Kubernetes v1.23 * Add tests to use vagrantfile (#4722) * Bump stable to v1.22.5+k3s1 (#4821) * package rename wasnt approved yet, backing out cruft that snuck into last pr * Fix panic checking name of uninitialized etcd member * Add etcd sonobuoy tests * Add variable to enforce max test concurrency * Fix previous channel detection * More codespell ignores * Update bootstrap logic to output all changed files on disk (#4800) * delete vendor dir * code changes to drop the vendor dir * Move flannel logs to logrus * Close agentReady channel only in k3s (#4792) * Close etcd clients to avoid leaking GRPC connections * Remove Disables, Skips and DisableKubeProxy from the comparing configs * Add initial skeleton ADOPTERS.md to better track large use cases (#4764) * Add ADR * Build standalone containerd * Build script cleanups * Bump k3s-root to v0.10.1 * Fix cold boot and reconcilation on secondary servers (#4747) * docs: adrs: Dual-stack in network policy agent * Fix snapshot restoration on fresh nodes (#4737) * Resolve Bootstrap Migration Edge Case (#4730) * Add in docs/adr to ensure we capture decisions properly during design calls (#4707) * Resolve restore bootstrap (#4704) * Update wharfie usage in windows code path * [master] Add validation to certificate rotation (#4692) * Bump runc to v1.0.3 * Add `SKIP_AIRGAP` enviroment variable for make (#4688) * Include node-external-ip in serving-kubelet.crt SANs (#4620) * Secrets-encryption rotation (#4372) * Check HA network parameters * Bump wharfie to v0.5.1 and use shared decompression code * bump kine to v0.8.1 * Update dynamiclistener * Nighlty automation vagrant rework (#4574) * Bump stable to v1.21.7+k3s1 (#4636) * Add cert rotation command (#4495) * Update maintainers list (#4622) * Improved cleanup for etcd unit test (#4537) * etcd snapshot functionality enhancements (#4453) * go generate * Add package version to traefik helm chart * Improve flannel logging * [master] Bump golang and containerd (#4538) * [master] Bump Kubernetes to v1.22.4-k3s1 (#4536) * Fix regression with cluster reset (#4521) * Improved regex for double equals arguments (#4505) * Removed value from warning about skipping flags (#4491) * tests/vagrant: refactor vagrant smoke tests (#4484) * [master] Add etcd extra args support for K3s (#4463) * Feature: Add CoreDNS Customization Options * Fix to allow etcd-snapshot to use config file with flags that are only used with k3s server. (#4464) * Increase agent's apiserver ready timeout (#4454) * go generate * Add dashboard annotations to Traefik helm chart * Allow svclb pod to enable ipv6 forwarding * update bootstrap logic (#4438) * Corrected skip check for dualstack on CI (#4427) * install: /usr/sbin/transactional-update (#4403) * Match to last After keyword for parser (#4383) * Replace gzip with pigz for faster builds (#4411) * Remove unit tests from drone CI (#4424) * [master] updating to new signals package in wrangler (#4399) * install.sh: fix path detection for sle-micro (#4398) * containerd: v1.5.7-k3s2 (#4387) * Bump klipper-lb image for arm fix * Update k3s CI to run all integration tests (#4358) * Enable Epics Action to automatically check off child issues in an epic (#4353) * refactor: Use plain channel send or receive * Fix log/reap reexec * containerd/cri: enable the btrfs snapshotter (#4316) * Fix other uses of NewForConfigOrDie in contexts where we could return err * Watch the local Node object instead of get/sleep looping * Block scheduler startup on untainted node when using embedded CCM * install.sh: initial support for sle-micro (#4331) * Update to v1.22.3 (#4354) * K3s Integration test fixes (#4341) * Update peer address when running cluster-reset * reset buffer after use (#4279) * Bump klipper-helm version * Added configuration input to etcd-snapshot (#4280) * install.sh: capture quoted environment variables (#4275) * Update to the newest flannel * Bump klog fork version * set duration to second (#4231) * Add etcd s3 timeout (#4207) * Copy old bootstrap buffer data for use during migration (#4215) * Fix race condition in cloud provider * Add containerd ready channel to delay etcd node join * maintainers: add Manuel and Michal (#4193) * Display cluster tls error only in debug mode (#4124) * Refactor log and reaper exec to omit MAINPID * vagrant: Add Ubuntu 21.04 support * vagrant: Update package list for Ubuntu * vagrant: Add support for vagrant-libvirt * vagrant: Change OS environment variable to DISTRO * Improve error message when using a "K10" prefixed token (#4180) * Add ability to reconcile bootstrap data between datastore and disk (#3398) * moving fossa to being inline step with a sles image * Add "etcd-" prefix to etcd-snapshot commands as aliases (#4161) * Dual-stack support LB controller * Update stable to v1.21.5+k3s2 * Add topologySpreadConstraints to support scaling of coredns * Bump containerd to v1.5.7+k3s1 * Don't evacuate the root cgroup when rootless * Skip tests that violate version skew policy * Send MAINPID to systemd when reexecing for logfile output * Properly handle operation as init process * set transport to skip verify if se skip flag passed (#4102) * Bump stable to v1.21.5+k3s1 (#4068) * Enable the inheritance of settings for ipv6 * Adding fossa anaylze/test drone step * Drop broken SupportNoneCgroupDriver support * Add 1.22 channel * Update build images to python3 for compat with recent gsutil change * Use the new klipper-lb image that has newer go and Alpine versions * Revert "Use the newer klipper-lb image" * Disable automounting service account token in servicelb pods * Make sure there are no duplicates in etcd member list (#4025) * Use the newer klipper-lb image * Enable JobTrackingWithFinalizers FeatureGate * Fix regression from commit 137e80cd865efe51aa3ef0323fd6b0a014b7b9de * Bump golang version * Update Kubernetes to v1.22.2-k3s1 * Remove expiremental from cluster commands (#4024) * Nvidia container runtime discovery in containerd config template (#3890) * Fix premature etcd shutdown when joining an existing cluster * Add StargzSupported stub for Windows * Retrieve "CONTAINERD_" environment variables * No-op when etcd member was already removed and use existing name for etcd controller (#4014) * Add tests to the dual-stack PR and enable dual-stack with flannel backend * Add dual-stack support * Bump helm-controller and klipper-helm image version * Return the error since it just gets logged and retried anyways * Use SubjectAccessReview to validate CCM RBAC * Set controller authn/authz kubeconfigs * Pass context into all Executor functions * Handle cgroup v1/2/hybrid in check-config.sh more explicitly/accurately * [master] Add `etcd-member-management` controller to K3s (#4001) * go mod tidy * Minor cleanup on cribbed function * Wait for apiserver readyz instead of healthz * Anything not EL7 is EL8 * Add exposed metrics listener instead of replacing loopback listener * Replace klog with non-exiting fork * SupportPodPidsLimit is locked to true of 1.20, making pids cgroup support mandatory * Migrate sqlite data to etcd when initializing the cluster * feat: add option to disable s3 over https * Ship Stargz Snapshotter (#2936) * Add missing node name entry to apiserver SAN list * added raspberry installation hint (#2379) * Update maintainers to reflect team changes * Bump kine for metrics/tls changes * Small updates to CONTRIBUTING (#3734) * Fix condition for adding kubernetes endpoints (#3941) * Bump stable to v1.21.4+k3s1 * Creation of K3s integration test Sonobuoy plugin (#3931) * Make consistent use of os-release vars * Fix issue where addon checksum was never stored * Move cniplugins version to 0.9.1 * Add functions to separate ipv4 from ipv6 functions * github actions: enable workflow_dispatch (#3923) * Redux: Enable K3s integration test to run on existing cluster (#3905) * Check /etc/os-release exists before sourcing it * install.sh: Inform user of current k3s+SELinux support status for SUSE/openSUSE systems * Remove runtime V1 (`containerd-shim`) * Update RootlessKit to v0.14.5 (#3902) * Fix rootless regression in 1.22 (Set KubeletInUserNamespace gate) (#3901) * Revert "Enable K3s integration test to run on existing cluster (#3892)" (#3899) * Enable K3s integration test to run on existing cluster (#3892) * Set osImage for docker image * Fix PREVIOUS_CHANNEL lookup when current minor release is not stable * Fix lint failures * Replace dropped v1beta1 APIs with v1 * Update wrangler to v0.8.5 * Wrap errors in runControllers for additional context * Disable deprecated insecure port * Update containerd to 1.5 * Update grpc * Update kine for etcd v3.5 compat * update golangci config to sync with RKE2 * Bump gopls and golangci-lint * Update etcd to v3.5.0 * Update Kubernetes to v1.22.1 * K3s Flock Integration Test (#3887) * Reset load balancer state during restoraion (#3877) * Add missing labels to stalebot config * Update Kubernetes to v1.21.4-k3s1 * Bump containerd to v1.4.9-k3s1 * Bump helm-controller to work around tiller crashes * Fix URL pruning when joining an etcd member (#3832) * Added new testing documentation (#3823) * Added locking system for integration tests (#3820) * Updated the code to use GetNetworkByName and tweaked logic. * Moved testing utils into tests directory. Improved gotests template. (#3805) * account for an s3 folder when listing objects (#3807) * Prevent snapshot commands from creating empty snapshot directory (#3783) * Use New Image Names (#3749) * Fix Node stuck at deletion (#3771) * Bump helm-controller to v0.10.2 * install.sh: Use built-in shell functionality instead of awk * Wrap context with lease before importing images * Fix initial start of etcd only nodes (#3748) * update rancher/local-path-provisioner to v0.0.20 * Update MAINTAINERS (#3744) * Improve config retrieval messages * Sync DisableKubeProxy into control struct * Add nightly automation tests * Add in stalebot config, starting with 6mo old stale issues. (#3739) * Notify systemd for etcd only node (#3732) * Exporting the AddFeatureGate function and adding a unit test for it. (#3661) * Added logic to strip any existing hyphens before processing the args. (#3662) * Fix to allow non-root users access to storage volumes. (#3714) * Wait until server is ready before configuring kube-proxy (#3716) * Introduction of Integration Tests (#3695) * add gotests templates (#3709) * Ignore markdown files for github actions (#3676) * Update 1.21 stable version * more fixes * more fixes * replace error with warn in delete * fix warning msg * migrate old token key format * simplifying the code * migrate empty string key properly * Fix multiple bootstrap keys found * move go routines for api server ready beneath wait group * Bump Kubernetes to v1.21.3 * Bump containerd to v1.4.8-k3s1 * adding startup hooks args to access to Disables and Skips (#3674) * Update .github/ISSUE_TEMPLATE/feature_request.md * Update .github/ISSUE_TEMPLATE/bug_report.md * Fix to allow prune to correctly cleanup custom named snapshots (#3649) * Add checkbox to denote backporting required on issue templates * Adding support for waitgroup to the Startuphooks (#3654) * Bump helm-controller to v0.10.1 (#3644) * Add issue template for creating release checklist issues (#3604) * fix a runtime core panic (#3627) * Convert existing unit tests to standard layout (#3621) * Upgrade k3s-root version * prevent snapshot save when snapshots are disabled (#3475) * 🐳 burp to inetaf/tcpproxy * Bump the packaged runc binary version * Update etcd snapshot error message to be more informative when etcd database is not found (#3568) * Fixing various bugs related to windows. * Update ROADMAP.md * Dispatch to rancher/system-agent-installer-k3s when tagged (#3589) * Update embedded kube-router (#3557) * missing build tag for windows * Set ulimits in docker-compose.yml * Update to v1.21.2 * Fix coverage reporting to include all packages, not just those with tests * Add unit tests for pkg/etcd (#3549) * Fix spelling to satisfy codespell check * Allow passing targeted environment variables to containerd * Add user-facing change section to PR template * (docs) Update README.md * Export cli server flags and etcd restoration functions (#3527) * Bump kine to resolve race condition and unrevisioned delete * Changes local storage pods to have 700 permissions (#3537) * Redux: Add Unit Test Coverage to CI (#3524) * Move cloud-controller-manager into an embedded executor (#3525) * Bump stable version to v1.21.2+k3s1 (#3526) * Adds a command-line flag '--disable-helm-controller' that will disable the server's built-in helm controller. * Revert "Add Unit Test Coverage to CI (#3494)" (#3499) * Add Unit Test Coverage to CI (#3494) * Basic windows agent that will join a cluster without CNI. * Fix storing bootstrap data with empty token string (#3422) * Fail to start k3s if nm-cloud-setup is enabled * Renamed client-cloud-controller crt and key (#3470) * Redux: Change containerd image leases from context lifespan to permanent (#3464) * Revert "Change containerd image leases from 24h to permanent (#3452)" (#3461) * Change containerd image leases from 24h to permanent (#3452) * Send systemd notifications for both server and agent (#3430) * Emit events for AddOn lifecycle * Add comments, clean up imports and function names * Tidy up function calls with many args * Add nodename to UA string for deploy controller * Changed iptables version check for fail if version is between 1.8.0 and 1.8.3 and using nf_tables mode (#3425) * Add kubernetes.default.svc to serving certs * Change Replace with ReplaceAll function * fix possible race where bootstrap data might not save * add log message indicating etcd snapshots are disabled * Fix RBAC cloud-controller-manager name 3308 (#3388) * cgroup2 CI: add rootless * k3s-rootless.service: use fuse-overlayfs snapshotter * Add a path for wireguard's privatekey * Initial windows support for agent (#3375) * Bump stable version to v1.21.1+k3s1 and add v1.21 channel * Update flannel version * containerd: v1.4.4-k3s2 * Bump channel stable version to v1.20.7+k3s1 * Fix shell expansion and file permission issues install.sh * runc: v1.0.0-rc95 (#3348) * move object channel defer close to goroutine * add retention default and wire in s3 prune * Handle conntrack-related sysctls in supervisor agent setup * Add support for multiple env files for systemd unit * add etcd snapshot save subcommand ++++ mozilla-nss: - update to NSS 3.78.1 * bmo#1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple ++++ rpm: - drop requires-ge-macro.diff: this is already in rpm-config-SUSE - enable-postin-scripts-error.diff: refresh ++++ libselinux: - Added restorecon_pin_file.patch. Fixes issus when running fixfiles/restorecon ++++ systemd: - Import commit 4dbc543953eabd4c578da67ce6e2970d6f96c406 (merge of v250.6) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/0d950479e58dd3af007eb3780d600a5446aac519...4dbc543953eabd4c578da67ce6e2970d6f96c406 ------------------------------------------------------------------ ------------------ 2022-5-30 - May 30 2022 ------------------- ------------------------------------------------------------------ ++++ cups: - Version upgrade to 2.4.2: See https://github.com/openprinting/cups/releases CUPS 2.4.2 brings the fix for CVE-2022-26691 (#bsc1199474) together with LibreSSL/OpenSSL and minimal AIX support. * Fixed certificate strings comparison for Local authorization (CVE-2022-26691) * The `cupsFileOpen` function no longer opens files for append in read-write mode (Issue #291) * The cupsd daemon removed processing temporary queue (Issue #364) * Fixed delay in IPP backend if GNUTLS is used and endpoint doesn't confirm closing the connection (Issue #365) * Fixed conditional jump based on uninitialized value in cups/ppd.c (Issue #329) * Fixed CSS related issues in CUPS Web UI (Issue #344) * Fixed copyright in CUPS Web UI trailer template (Issue #346) * mDNS hostname in device uri is not resolved when installaling a permanent IPP Everywhere queue (Issues #340, #343) * The `lpstat` command now reports when the scheduler is not running (Issue #352) * Updated the man pages concerning the `-h` option (Issue #357) * Re-added LibreSSL/OpenSSL support (Issue #362) * Updated the Solaris smf service file (Issue #368) * Fixed a regression in lpoptions option support (Issue #370) * The scheduler now regenerates the PPD cache information after changing the "cupsd.conf" file (Issue #371) * Updated the scheduler to set "auth-info-required" to "username,password" if a backend reports it needs authentication info but doesn't set a method for authentication (Issue #373) * Updated the configure script to look for the OpenSSL library the old way if pkg-config is not available (Issue #375) * Fixed the prototype for the `httpWriteResponse` function (Issue #380) * Brought back minimal AIX support (Issue #389) * `cupsGetResponse` did not always set the last error. * Fixed a number of old references to the Apple CUPS web page. * Restored the default/generic printer icon file for the web interface. * Removed old stylesheet classes that are no longer used by the web interface. - Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.2 ++++ kernel-default: - Linux 5.18.1 (bsc#1012628). - ALSA: ctxfi: Add SB046x PCI ID (bsc#1012628). - ACPI: sysfs: Fix BERT error region memory mapping (bsc#1012628). - random: check for signals after page of pool writes (bsc#1012628). - random: wire up fops->splice_{read,write}_iter() (bsc#1012628). - random: convert to using fops->write_iter() (bsc#1012628). - random: convert to using fops->read_iter() (bsc#1012628). - random: unify batched entropy implementations (bsc#1012628). - random: move randomize_page() into mm where it belongs (bsc#1012628). - random: move initialization functions out of hot pages (bsc#1012628). - random: make consistent use of buf and len (bsc#1012628). - random: use proper return types on get_random_{int,long}_wait() (bsc#1012628). - random: remove extern from functions in header (bsc#1012628). - random: use static branch for crng_ready() (bsc#1012628). - random: credit architectural init the exact amount (bsc#1012628). - random: handle latent entropy and command line from random_init() (bsc#1012628). - random: use proper jiffies comparison macro (bsc#1012628). - random: remove ratelimiting for in-kernel unseeded randomness (bsc#1012628). - random: move initialization out of reseeding hot path (bsc#1012628). - random: avoid initializing twice in credit race (bsc#1012628). - random: use symbolic constants for crng_init states (bsc#1012628). - siphash: use one source of truth for siphash permutations (bsc#1012628). - random: help compiler out with fast_mix() by using simpler arguments (bsc#1012628). - random: do not use input pool from hard IRQs (bsc#1012628). - random: order timer entropy functions below interrupt functions (bsc#1012628). - random: do not pretend to handle premature next security model (bsc#1012628). - random: use first 128 bits of input as fast init (bsc#1012628). - random: do not use batches when !crng_ready() (bsc#1012628). - random: insist on random_get_entropy() existing in order to simplify (bsc#1012628). - xtensa: use fallback for random_get_entropy() instead of zero (bsc#1012628). - sparc: use fallback for random_get_entropy() instead of zero (bsc#1012628). - um: use fallback for random_get_entropy() instead of zero (bsc#1012628). - x86/tsc: Use fallback for random_get_entropy() instead of zero (bsc#1012628). - nios2: use fallback for random_get_entropy() instead of zero (bsc#1012628). - arm: use fallback for random_get_entropy() instead of zero (bsc#1012628). - mips: use fallback for random_get_entropy() instead of just c0 random (bsc#1012628). - riscv: use fallback for random_get_entropy() instead of zero (bsc#1012628). - m68k: use fallback for random_get_entropy() instead of zero (bsc#1012628). - timekeeping: Add raw clock fallback for random_get_entropy() (bsc#1012628). - powerpc: define get_cycles macro for arch-override (bsc#1012628). - alpha: define get_cycles macro for arch-override (bsc#1012628). - parisc: define get_cycles macro for arch-override (bsc#1012628). - s390: define get_cycles macro for arch-override (bsc#1012628). - ia64: define get_cycles macro for arch-override (bsc#1012628). - init: call time_init() before rand_initialize() (bsc#1012628). - random: fix sysctl documentation nits (bsc#1012628). - HID: amd_sfh: Add support for sensor discovery (bsc#1012628). - lockdown: also lock down previous kgdb use (bsc#1012628). - commit df81444 ++++ mozilla-nss: - update to NSS 3.78 * bmo#1755264 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. * bmo#1294978 - Reworked overlong record size checks and added TLS1.3 specific boundaries. * bmo#1763120 - Add ECH Grease Support to tstclnt * bmo#1765003 - Add a strict variant of moz::pkix::CheckCertHostname. * bmo#1166338 - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. * bmo#1760813 - Make SEC_PKCS12EnableCipher succeed * bmo#1762489 - Update zlib in NSS to 1.2.12. ++++ ncurses: - Add ncurses patch 20220529 + expanded notes for teken/syscons -TD + fix overlooked copying of extended string-heap in copy_termtype (cf: 20220430). + update config.guess - Add ncurses patch 20220521 + improve memory-leak checking in several test-programs. + set trailing null on string passed from winsnstr() to wins_nwstr(). + modify del_curterm() to fix memory-leak introduced by change to copy_termtype(). - Update tack to 1.09-20220528 + Autoconf fixes ++++ libzypp: - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh. - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived. (bsc#1199042) - singletrans: no dry-run commit if doing just download-only. - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER (fixes #388) - version 17.30.1 (22) ------------------------------------------------------------------ ------------------ 2022-5-29 - May 29 2022 ------------------- ------------------------------------------------------------------ ++++ boost-base: - Fix failing conversion of cpp_dec_float to double, depending on locale (gh#boostorg/multiprecision#464, boo#1199968). Add boost-mp-locale-fix.patch ++++ btrfsprogs: - update to 5.18: * fixes: * dump-tree: don't print traling zeros in checksums * recognize paused balance as exclusive operation state, allow to start device add * convert: properly initialize target filesystem label * mkfs: don't create free space bitmaps for empty filesystem * restore: make lzo support build-time configurable, print supported compression in help text * update kernel-lib sources * other: * documentation updates, finish conversion to RST, CHANGES and INSTALL could be included into RST * fix build detection of experimental mode * new tests ++++ krb5: - update to 1.20.0: * Added a "disable_pac" realm relation to suppress adding PAC authdata to tickets, for realms which do not need to support S4U requests. * Most credential cache types will use atomic replacement when a cache is reinitialized using kinit or refreshed from the client keytab. * kprop can now propagate databases with a dump size larger than 4GB, if both the client and server are upgraded. * kprop can now work over NATs that change the destination IP address, if the client is upgraded. * Updated the KDB interface. The sign_authdata() method is replaced with the issue_pac() method, allowing KDB modules to add logon info and other buffers to the PAC issued by the KDC. * Host-based initiator names are better supported in the GSS krb5 mechanism. * Replaced AD-SIGNEDPATH authdata with minimal PACs. * To avoid spurious replay errors, password change requests will not be attempted over UDP until the attempt over TCP fails. * PKINIT will sign its CMS messages with SHA-256 instead of SHA-1. * Updated all code using OpenSSL to be compatible with OpenSSL 3. * Reorganized the libk5crypto build system to allow the OpenSSL back-end to pull in material from the builtin back-end depending on the OpenSSL version. * Simplified the PRNG logic to always use the platform PRNG. * Converted the remaining Tcl tests to Python. ++++ tiff: - update to 4.4.0: * TIFFIsBigTiff() function added. * Functions TIFFFieldSetGetSize() and TIFFieldSetGetCountSize() added. * LZWDecode(): major speed improvements (~30% faster) * Predictor 2 (horizontal differenciation): support 64-bit * Support libjpeg 9d * avoid hang in TIFFRewriteDirectory() if a classic file > 4 GB is attempted to be created * tif_jbig.c: fix crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed * TIFFFetchNormalTag(): avoid calling memcpy() with a null source pointer and size of zero * TIFFWriteDirectoryTagData(): turn assertion on data length into a runtime check * TIFFFetchStripThing(): avoid calling memcpy() with a null source pointer and size of zero * TIFFReadDirectory(): avoid calling memcpy() with a null source pointer and size of zero * TIFFYCbCrToRGBInit(): avoid Integer-overflow * TIFFGetField(TIFFTAG_STRIPBYTECOUNTS/TIFFTAG_STRIPOFFSETS): return error if returned pointer is NULL (fixes #342) * OJPEG: avoid assertion when using TIFFReadScanline() * TIFFReadDirectory: fix OJPEG hack * LZW codec: fix support for strips/tiles > 2 GB on Windows * TIFFAppendToStrip(): fix rewrite-in-place logic * Fix TIFFRewriteDirectory discarding directories. * TIFFReadCustomDirectory(): avoid crash when reading SubjectDistance tag on a non EXIF directory * Fix Segmentation fault printing GPS directory if Altitude tag is present * tif_jpeg.c: do not emit progressive scans with mozjpeg. (#266) * _TIFFRewriteField(): fix when writing a IFD with a single tile that is a sparse one, on big endian hosts * Fix all remaining uses of legacy Deflate compression id and warn on use. - drop tiff-CVE-2022-0907.patch, tiff-CVE-2022-0561.patch, tiff-CVE-2022-0562.patch, tiff-CVE-2022-0865.patch, tiff-CVE-2022-0909.patch, tiff-CVE-2022-0924.patch, tiff-CVE-2022-0908.patch, tiff-CVE-2022-1056,CVE-2022-0891.patch: all upstream - add signature validation, adds tiff.keyring ++++ mozilla-nspr: - update to version 4.34 * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. ++++ python310-packaging: - Add patch to fix testsuite on big-endian targets + fix-big-endian-build.patch ++++ vim: - Updated to version 8.2.5038, fixes the following problems - CVE-2022-1927 - boo#1200012 - CVE-2022-1897 - boo#1200010 - CVE-2022-1898 - boo#1200011 - CVE-2022-1886 - boo#1199969 - CVE-2022-1851 - boo#1199936 - CVE-2022-1796 - boo#1199747 - CVE-2022-1785 - boo#1199745 - CVE-2022-1771 - boo#1199693 - CVE-2022-1733 - boo#1199655 - CVE-2022-1769 - boo#1199658 - CVE-2022-1735 - boo#1199651 - CVE-2022-1720 - boo#1200732 - CVE-2022-1674 - boo#1199502 - CVE-2022-1621 - boo#1199435 - CVE-2022-1629 - boo#1199436 - CVE-2022-1619 - boo#1199333 - CVE-2022-1620 - boo#1199334 - CVE-2022-1616 - boo#1199331 * Valgrind warning for using uninitialized variable. * Screendump test may fail when using valgrind. * Vim9: misplaced elseif causes invalid memory access. * "P" in Visual mode still changes some registers. * Cannot make 'breakindent' use a specific column. * String interpolation only works in heredoc. * Test fails without the job/channel feature. (Dominique Pellé) * Test fails with the job/channel feature. * Vim9: redir in skipped block seen as assignment. * Channel log does not show invoking a timer callback. * Line number of lambda ignores line continuation. * Inconsistent capitalization in error messages. * Vim help presentation could be better. * Test failures because of changed error messages. * Distributed import files are not installed. * Buffer overflow with invalid command with composing chars. * Expression in command block does not look after NL when command is typed. * Comment inside an expression in lambda ignores the rest of the expression. * Coverity complains about pointer usage. * With latin1 encoding CTRL-W might go before the start of the command line. * Vim9 expression test fails without the job feature. * NULL pointer access when using invalid pattern. * Mouse wheel scrolling is inconsistent. * Cannot get the current cmdline completion type and position. * codecov includes MS-Windows install files. * codecov includes MS-Windows install header file. * Some users do not want a line comment always inserted. * No text formatting for // comment after a statement. * MODE_ enum entries names are too generic. * Imperfect coding. * The mode #defines are not clearly named. * Using execute() to define a lambda doesn't work. (Ernie Rael) * Popup_hide() does not always have effect. * String interpolation in :def function may fail. * Sometimes the cursor is in the wrong position. * Mouse in Insert mode test fails. * Fuzzy expansion of option names is not right. * Conceal character from matchadd() displayed too many times. * Can add invalid bytes with :spellgood. * Spell test fails because of new illegal byte check. * Mouse test fails on MS-Windows. * Test checks for terminal feature unnecessarily. * maparg() may return a string that cannot be reused. * Trailing backslash may cause reading past end of line. * #ifdef for crypt feature around too many lines. * Return type of remove() incorrect when using three arguments. * Various white space and cosmetic mistakes. * Off-by-one error in in statusline item. * Interpolated string expression requires escaping. * Crash with sequence of Perl commands. * Not easy to filter the output of maplist(). * A few more capitalization mistakes in error messages. * String interpolation fails when not evaluating. * With 'foldmethod' "indent" some lines are not included in the fold. (Oleg Koshovetc) * No test for what 8.2.4931 fixes. * Crash when matching buffer with invalid pattern. * matchfuzzypos() with "matchseq" does not have all positions. * Some code is never used. * '[ and '] marks may be wrong after undo. * Error when setting 'filetype' in help file again. * Changing 'switchbuf' may have no effect. * Text properties are wrong after "cc". (Axel Forsman) * Inconsistent use of white space. * Vim9: some code not covered by tests. * Text properties not adjusted when accepting spell suggestion. * Cannot use Perl heredoc in nested :def function. (Virginia Senioria) * Vim9: some code not covered by tests. * Text properties position wrong after shifting text. * Smart indenting done when not enabled. * GUI test will fail if color scheme changes. * With 'smartindent' inserting '}' after completion goes wrong. * Inserting line breaks text property spanning more then one line. * Text property in wrong position after auto-indent. * Reading past end of line with "gf" in Visual block mode. * Text properties in a wrong position after a block change. * A couple conditions are always true. * Using NULL regexp program. * Text properties that cross line boundary are not correctly updated for a deleted line. * Build error with a certain combination of features. * Files show up in git status. * Expanding path with "/**" may overrun end of buffer. * GUI: testing mouse move event depends on screen cell size. * Changing text in Visual mode may cause invalid memory access. * "eval 123" gives an error, "eval 'abc'" does not. * Vim9: interpolated string seen as range. * Vim9: compilation fails when using dict member when skipping. * Vim9: type error for list unpack mentions argument. * ":so" command may read after end of buffer. * Recursive command line loop may cause a crash. * Coverity complains about not restoring a saved value. * Memory access error when substitute expression changes window. * No error if engine selection atom is not at the start. * Accessing freed memory when line is flushed. * When 'shortmess' contains 'A' loading a session may still warn for an existing swap file. (Melker Österberg) * It is not possible to manipulate autocommands. * Colors in terminal window are not 100% correct. * Colors test fails in the GUI. * Dragging statusline fails for window with winbar. * PVS warns for possible array underrun. * Some github actions are outdated. * After deletion a small fold may be closable. * Textprop in wrong position when replacing multi-byte chars. * Cannot specify a function name for :defcompile. * Memory leak when :defcompile fails. * No test for hwat patch 8.1.0535 fixes. * Compiler warning for possibly uninitialized variable. (Tony Mechelynck) * smart/C/lisp indenting is optional, which makes the code more complex, while it only reduces the executable size a bit. * Tests are using legacy functions. * Still a compiler warning for possibly uninitialized variable. (Tony Mechelynck) * setbufline() may change Visual selection. (Qiming Zhao) * Python: changing hidden buffer can cause the display to be messed up. * Vim9: crash when using multiple funcref(). * Filetype test table is not properly sorted. * Checking translations affects the search pattern history. * deletebufline() may change Visual selection. * Cannot do bitwise shifts. * Right shift on negative number does not work as documented. * Compiler warning for uninitialized variable. (John Marriott) * Asan warns for undefined behavior. * Spell suggestion may use uninitialized memory. (Zdenek Dohnal) * When 'formatoptions' contains "/" wrongly wrapping a long trailing comment. * Fold may not be closeable after appending. * The terminal debugger uses various global variables. * Replacing an autocommand requires several lines. * Cannot select one character inside (). * After text formatting the cursor may be in an invalid position. * Byte offsets are wrong when using text properties. * Hoon and Moonscript files are not recognized. * Access before start of text with a put command. * Gcc 12.1 warns for uninitialized variable. * Vim9: some code is not covered by tests. * Cannot get the first screen column of a character. * Using 'imstatusfunc' and 'imactivatefunc' breaks 'foldopen'. * Build fails with normal features and +terminal. (Dominique Pellé) * 'completefunc'/'omnifunc' error does not end completion. * Substitute overwrites allocated buffer. * Using freed memory with "]d". * Vim9: a few lines not covered by tests. * Error for missing :endif when an exception was thrown. (Dani Dickstein) * Syntax regexp matching can be slow. * "textlock" is always zero. * autocmd_add() can only handle one event and pattern. * Cannot easily run the benchmarks. * Python 3 test fails without the GUI. * Build error with +eval but without +quickfix. Warning for uninitialized variable. * There is no way to get the byte index from a virtual column. * When splitting a window the changelist position moves. * Using two counters for timeout check in NFA engine. * Cursor position may be invalid after "0;" range. * A finished terminal in a popup window does not show a scrollbar. ------------------------------------------------------------------ ------------------ 2022-5-28 - May 28 2022 ------------------- ------------------------------------------------------------------ ++++ llvm15: - Update to version 14.0.4. * This release contains bug-fixes for the LLVM 14.0.0 release. This release is API and ABI compatible with 14.0.0. - Don't use gold for linking anymore: on s390x we use ld.bfd with LLVMgold.so, on ppc64 we disable ThinLTO for now. - Using ld.bfd on s390x exposed an issue with the existing llvm_build_tablegen_component_as_shared_library.patch: linking llvm-tblgen with libLLVM.so means we also have to link libraries used for that (like LLVMTableGenGlobalISel) with libLLVM.so. - Rewrite summary and description for llvm-gold to point out that it can also be used with ld.bfd, recommend with binutils. - Prefer RPM macros over shell scripting, so that we can better inspect the build script with substitutions in place. - More memory for stage 1 build jobs due to recent OOMs. - Add %_libclang_sonum RPM macro to llvm-devel, since that might now diverge from %_llvm_sonum. - Rebase llvm-do-not-install-static-libraries.patch. ------------------------------------------------------------------ ------------------ 2022-5-27 - May 27 2022 ------------------- ------------------------------------------------------------------ ++++ gnutls: - Update to version 3.7.6: * libgnutls: Fixed invalid write when gnutls_realloc_zero() is called with new_size < old_size. This bug caused heap corruption when gnutls_realloc_zero() has been set as gmp reallocfunc. * Remove gnutls-3.7.5-fix-gnutls_realloc_zero.patch: Fixed upstream. ++++ kernel-default: - Update config files -- DEBUG_INFO_DWARF5 (bsc#1199932) Set DEBUG_INFO_DWARF5 which makes use of dwarf5 on gcc-7 and newer. - commit d1b0a08 ++++ qemu: - It has been observed that building QEMU with _FORTIFY_SOURCE=3 causes problem (see bsc#1199924). Force it to =2 for now, while we investigate the issue. ++++ update-alternatives: - version update to 1.21.8 * fix CVE-2022-1664 [bsc#1199944], dpkg -- security update * lot of changes, see changelog - modified patches % update-alternatives-suse.patch (refreshed) ------------------------------------------------------------------ ------------------ 2022-5-26 - May 26 2022 ------------------- ------------------------------------------------------------------ ++++ dbus-1: - The great dbus package split of 22, in preperation for replacing dbus-daemon with dbus-broker currently there is no functional difference that will change later, this follows a similar setup to RedHat and Debian. * dbus-daemon is now in its own separate package * Create a dbus-1-common package with all the files and config that are shared between the dbus-daemon and dbus-broker implementations. * Create a dbus-1-tools package with the tools eventually we will likely want to move to only recommending this package Redhat and Debian have both already gone down this path. ++++ grub2: - Fix error message in displaying help on bootable snapshot (bsc#1199609) ++++ kernel-default: - Update patches.suse/Revert-net-af_key-add-check-for-pfkey_broadcast-in-f.patch Update to upstream version, update upstream reference and move into sorted section. - commit 3ae1db7 - series.conf: cleanup - update upstream reference and move into sorted section: - patches.suse/simplefb-Enable-boot-time-VESA-graphic-mode-selectio.patch - commit dc762c4 - kernel-binary.spec: Support radio selection for debuginfo. To disable debuginfo on 5.18 kernel a radio selection needs to be switched to a different selection. This requires disabling the currently active option and selecting NONE as debuginfo type. - commit 43b5dd3 - Update config files -- DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT (bsc#1199932) Set DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT which makes use of dwarf5 on gcc-11 and newer. - commit f439809 ------------------------------------------------------------------ ------------------ 2022-5-25 - May 25 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - buildrequire DirectX-Headers only on %{ix86} x86_64, since it's only relevant on these platforms ++++ Mesa-drivers: - buildrequire DirectX-Headers only on %{ix86} x86_64, since it's only relevant on these platforms ++++ gnutls: - Add gnutls-3.7.5-fix-gnutls_realloc_zero.patch: Fix memory corruption in gnutls_realloc_zero (gl#gnutls/gnutls#1367, boo#1199929). ++++ kernel-default: - random: do not use input pool from hard IRQs (bsc#1199803). - commit 3352b92 ++++ logrotate: - update to 3.20.1: * drop world-readable permission on state file even when ACLs are enabled (#446) - removed obsolete logrotate-CVE-2022-1348-follow-up.patch - Security fix: (bsc#1199652, CVE-2022-1348) * Add follow-up upstream patch for the introduced fix. * Added patch logrotate-CVE-2022-1348-follow-up.patch - Update patch: * logrotate-3.19.0-man_logrotate.patch -> logrotate-3.20.0-man_logrotate.patch - update to 3.20.0: * fix potential DoS from unprivileged users via the state file (CVE-2022-1348) * fix a misleading debug message with copytruncate and rotate 0 (#443) * add support for unsigned time_t (#438) * do not lock state file /dev/null (#433) ------------------------------------------------------------------ ------------------ 2022-5-24 - May 24 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - Calling patch with '-p1' (as the others are) so 'git show' .patch output works. - Generating 'n_stop-iris-flicker.patch' from 'git format-patch' vs. a standard diff. - Fixing up 'stop-iris-flicker.patch' patch name to follow standards. ++++ Mesa-drivers: - Calling patch with '-p1' (as the others are) so 'git show' .patch output works. - Generating 'n_stop-iris-flicker.patch' from 'git format-patch' vs. a standard diff. - Fixing up 'stop-iris-flicker.patch' patch name to follow standards. ++++ NetworkManager: - Fold NetworkManager-wifi back into the main package: The dep chain is not really different and it causes too many problems for users having that split. Not worth the pain (boo#1199710, boo#1199706). - As a consequence, also drop the recommends fro the main package to -wifi. ++++ grep: - use release keyring rather than full one for validation - Do not link an unversioned file by URL (and refresh keyring) ++++ libidn2: - Refresh libidn2.keyring ++++ wayland: - modernize spec file * use licensedir * use bcond * use https:// urls * spec-cleaner ++++ python-cryptography: - update to 37.0.2: * Fixed an issue where parsing an encrypted private key with the public loader functions would hang waiting for console input on OpenSSL 3.0.x rather than raising an error. * Restored some legacy symbols for older ``pyOpenSSL`` users. These will be removed again in the future, so ``pyOpenSSL`` users should still upgrade to the latest version of that package when they upgrade ``cryptography``. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.2. * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL 2.9.x and 3.0.x. The new minimum LibreSSL version is 3.1+. * **BACKWARDS INCOMPATIBLE:** Removed ``signer`` and ``verifier`` methods from the public key and private key classes. These methods were originally deprecated in version 2.0, but had an extended deprecation timeline due to usage. Any remaining users should transition to ``sign`` and ``verify``. * Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer supported by the OpenSSL project. The next release of ``cryptography`` will be the last to support compiling with OpenSSL 1.1.0. * Deprecated Python 3.6 support. Python 3.6 is no longer supported by the Python core team. Support for Python 3.6 will be removed in a future ``cryptography`` release. * Deprecated the current minimum supported Rust version (MSRV) of 1.41.0. In the next release we will raise MSRV to 1.48.0. Users with the latest ``pip`` will typically get a wheel and not need Rust installed, but check :doc:`/installation` for documentation on installing a newer ``rustc`` if required. * Deprecated :class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`, :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish` because they are legacy algorithms with extremely low usage. These will be removed in a future version of ``cryptography``. * Added limited support for distinguished names containing a bit string. * We now ship ``universal2`` wheels on macOS, which contain both ``arm64`` and ``x86_64`` architectures. Users on macOS should upgrade to the latest ``pip`` to ensure they can use this wheel, although we will continue to ship ``x86_64`` specific wheels for now to ease the transition. * This will be the final release for which we ship ``manylinux2010`` wheels. Going forward the minimum supported ``manylinux`` ABI for our wheels will be ``manylinux2014``. The vast majority of users will continue to receive ``manylinux`` wheels provided they have an up to date ``pip``. For PyPy wheels this release already requires ``manylinux2014`` for compatibility with binaries distributed by upstream. * Added support for multiple :class:`~cryptography.x509.ocsp.OCSPSingleResponse` in a :class:`~cryptography.x509.ocsp.OCSPResponse`. * Restored support for signing certificates and other structures in :doc:`/x509/index` with SHA3 hash algorithms. * :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` is disabled in FIPS mode. * Added support for serialization of PKCS#12 CA friendly names/aliases in :func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_key_and_certificates` * Added support for 12-15 byte (96 to 120 bit) nonces to :class:`~cryptography.hazmat.primitives.ciphers.aead.AESOCB3`. This class previously supported only 12 byte (96 bit). * Added support for :class:`~cryptography.hazmat.primitives.ciphers.aead.AESSIV` when using OpenSSL 3.0.0+. * Added support for serializing PKCS7 structures from a list of certificates with :class:`~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates`. * Added support for parsing :rfc:`4514` strings with :meth:`~cryptography.x509.Name.from_rfc4514_string`. * Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.AUTO` to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This can be used to verify a signature where the salt length is not already known. * Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.DIGEST_LENGTH` to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This constant will set the salt length to the same length as the ``PSS`` hash algorithm. * Added support for loading RSA-PSS key types with :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key` and :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`. This functionality is limited to OpenSSL 1.1.1e+ and loads the key as a normal RSA private key, discarding the PSS constraint information. ++++ python-psutil: - removed obsolete skip-partitions-erros.patch - update to 5.9.1 * Enhancements - 1053: drop Python 2.6 support. (patches by Matthieu Darbois and Hugo van Kemenade) - 2050, [Linux]: increase read(2) buffer size from 1k to 32k when reading /proc pseudo files line by line. This should help having more consistent results. - 2057, [OpenBSD]: add support for cpu_freq(). - 2107, [Linux]: Process.memory_full_info() (reporting process USS/PSS/Swap memory) now reads /proc/pid/smaps_rollup instead of /proc/pids/smaps, which makes it 5 times faster. * Bug fixes - 2048: AttributeError is raised if psutil.Error class is raised manually and passed through str. - 2049, [Linux]: cpu_freq() erroneously returns curr value in GHz while min and max are in MHz. - 2050, [Linux]: virtual_memory() may raise ValueError if running in a LCX container. ------------------------------------------------------------------ ------------------ 2022-5-23 - May 23 2022 ------------------- ------------------------------------------------------------------ ++++ bash-completion: - Add patch bsc1199724-modules.patch (bsc#1199724) * Enable upstream commit to list ko.zst modules as well ++++ kernel-default: - Add dtb-starfive - commit 85335b1 - Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process" (20220523022438.ofhehjievu2alj3h@lion.mk-sys.cz). - commit 2023975 ++++ openldap2: - Update to release 2.6.2 * Added support for OpenSSL 3.0 (ITS#9436) * Fixed ldapdelete to prune LDAP subentries (ITS#9737) * Fixed libldap to drop connection when non-LDAP data is received (ITS#9803) * Fixed libldap to allow newlines at end of included file (ITS#9811) * Fixed slapd slaptest conversion of olcLastBind (ITS#9808) * Fixed slapd to correctly init global_host earlier (ITS#9787) * Fixed slapd bconfig locking for cn=config replication (ITS#9584) * Fixed slapd usage of thread local counters (ITS#9789) * Fixed slapd to clear runqueue task correctly (ITS#9785) * Fixed slapd idletimeout handling (ITS#9820) * Fixed slapd syncrepl handling of new sessions (ITS#9584) * Fixed slapd to clear connections on bind (ITS#9799) * Fixed slapd to correctly advance connections index (ITS#9831) * Fixed slapd syncrepl ODSEE replication of unknown attr (ITS#9801) * Fixed slapd-asyncmeta memory leak in keepalive setting, slapd-ldap memory leak in keepalive setting, SEGV on config rewrite, ordering on config rewrite, memory leak in keepalive setting (ITS#9802) * Fixed slapo-pcache SEGV & slapd-monitor SEGV on shutdown (ITS#9809) * Fixed slapd-monitor crash when hitting sizelimit (ITS#9832) * Fixed slapd-sql to properly escape filter value (ITS#9815) * Fixed slapo-dynlist dynamic group regression (ITS#9825) * Fixed slapo-ppolicy operation handling to be consistent (ITS#9794) * Fixed slapo-translucent to correctly duplicate substring filters (ITS#9818) * Contrib: * Update ppm module to the 2.1 release (ITS#9814) * Documentation: * admin26: Document new lloadd features (ITS#9780) * Fixed slapd.conf(5)/slapd-config(5) syncrepl sizelimit/timelimit documentation (ITS#9804) * Fixed slapd-sock(5) to clarify "sockresps result" behavior (ITS#8255) ++++ ceph: - Update to 16.2.9.50-g7d9f12156fb: + (jsc#SES-2515) High-availability NFS export + (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname + (bsc#1196785) cephadm: avoid crashing on expected non-zero exit ++++ libunwind: - Fix dependencies - Fix file list ++++ osinfo-db: - Update to database version 20220516 osinfo-db-20220516.tar.xz ++++ podman: - Backport upstream commit be5abf03ababc ("fix: Container.cGroupPath() skip empty line to avoid false error logging") for fixing "Error parsing cgroup: expected 3 fields but got 1" (see bsc#1199790, as it applies to Factory/Tumbleweed too) * 0004-fix-Container.cGroupPath-skip-empty-line-to-avoid-fa.patch ++++ qemu: - Backport a GCC 12 aarch64 build fix (bsc#1199625) * Patches added: block-qdict-Fix-Werror-maybe-uninitializ.patch ++++ runc: - Backport to fix issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. bsc#1192051 bsc#1199565 + bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch ++++ systemd-presets-common-SUSE: - enable ignition-delete-config by default (bsc#1199524) ++++ virt-manager: - Change dependency on package xorriso to Requires from Recommends virt-manager.spec ------------------------------------------------------------------ ------------------ 2022-5-22 - May 22 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Update to 5.18 final - refresh configs (headers only) - commit d0f5e4b ++++ libxkbcommon: - Update to release 1.4.1 * Fix compose sequence overriding (common prefix) not working correctly. Regressed in 1.2.0. * Remove various bogus currency sign (particulary Euro and Korean Won) entries from the keysym <-> Unicode mappings. They prevented the real keysyms/codepoints for these from mapping correctly. ------------------------------------------------------------------ ------------------ 2022-5-21 - May 21 2022 ------------------- ------------------------------------------------------------------ ++++ gnutls: - update to 3.7.5: * add options disable session ticket usage in TLS 1.2 because it does not provide forward secrecy * For TLS 1.3 where session tickets do provide forward secrecy, the PFS priority string now only disables session tickets in TLS 1.2. * Future backward incompatibility: in the next major release of GnuTLS those flag and modifier are planned to be removed * gnutls-cli, gnutls-serv: Channel binding for printing information has been changed from tls-unique to tls-exporter as tls-unique is not supported in TLS 1.3. * Certificate sanity checks has been enhanced to make gnutls more RFC 5280 compliant: * Removed 3DES from FIPS approved algorithms * Optimized support for AES-SIV-CMAC algorithms * libgnutls: HKDF and AES-GCM algorithms are now approved in FIPS-140 mode when used in TLS ++++ harfbuzz: - Update to version 4.3.0: + Major speed up in loading and subsetting fonts, especially in handling CFF table. Subsetting some fonts is now 3 times faster + Speed up blending CFF2 table + Speed up hb_ot_tags_from_language() + Fix USE classification of U+10A38 to fix multiple marks on single Kharoshthi base + Fix parsing of empty CFF Index + Fix subsetting CPAL table with partial palette overlaps ------------------------------------------------------------------ ------------------ 2022-5-20 - May 20 2022 ------------------- ------------------------------------------------------------------ ++++ lsof: - Fix hostname in reproducible builds, bsc#1199709 * remove-hostname.patch ++++ selinux-policy: - Update to version 20220520 to pass stricter 3.4 toolchain checks - Update to version 20220428. Refreshed: * fix_apache.patch * fix_hadoop.patch * fix_init.patch * fix_iptables.patch * fix_kernel_sysctl.patch * fix_networkmanager.patch * fix_systemd.patch * fix_systemd_watch.patch * fix_unprivuser.patch * fix_usermanage.patch * fix_wine.patch ------------------------------------------------------------------ ------------------ 2022-5-19 - May 19 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - Update to 22.1.0 * lot of great featurres, including (since rc5) additional kopper backports for zink, and support for Intel's Alchemist DG2 platform. ++++ Mesa-drivers: - Update to 22.1.0 * lot of great featurres, including (since rc5) additional kopper backports for zink, and support for Intel's Alchemist DG2 platform. ++++ cockpit-machines: - Add suse-vv-install.patch to display SUSE hint for virt-viewer installation (bsc#1199673) ++++ cockpit-tukit: - Update to version 0.0.3~git6.03c747e: * Hide snapshot item extension part * Change help URL to official docs * Mention node_modules.sums in spec sources * Use compression for source archive ++++ gtk3: - Update to version 3.24.34: + Include legacy hicolor icons. + Fix the build with gcc 12. + X11: Trap errors when getting output properties. + Wayland: Ignore empty preedit updates. This fixes a problem with textview scrolling. + Updated translations. ++++ libbpf: - Update to release 0.8.0 * New features and APIs: - support auto-resolution of binaries and shared libraries from PATH, if necessary; - support attaching by function names (only by IP was supported before); - support attaching to USDTs (SEC("usdt/...") and bpf_program__attach_usdt()) with initially supported architectures: x86-64 (amd64); x86 (i386); s390x; ARM64 (aarch64); RISC V (riscv); - improved BPF verifier log reporting for CO-RE relocation failures (no more obscure "invalid func unknown#195896080" errors); - auto-adjust BPF ringbuf size according to host kernel's page size requirements; - high-level BPF map APIs: bpf_map__lookup_elem(), bpf_map__update_elem(), etc that validate key/value buffer sizes; - bpf_link_create() can create all bpf_link-based (including raw_tp, fentry/fexit, etc), falling back to bpf_raw_tracepoint_open() on old kernels transparently; - support opting out from auto-loading BPF programs declaratively with SEC("?..."); - support opting out from auto-creation of declarative BPF maps with bpf_map__set_autocreate(); - support multi-kprobes (SEC("kprobe.multi/...") and bpf_program__attach_kprobe_multi_opts()); - support target-less SEC() programs (e.g., SEC("kprobe"), SEC("tp"), etc); - support BPF sub-skeletons for "incomplete" BPF object files (requires matching bpftool to generate .subskel.h); - BPF cookie support for fentry/fexit/fmod_ret BPF programs (bpf_program__attach_trace_opts()); - support for custom SEC() handlers (libbpf_register_prog_handler()). * BPF-side API - BPF-side USDT APIs. See new usdt.bpf.h header: * BPF_USDT() program wrapper macro; bpf_usdt_arg(), bpf_usdt_arg_cnt(), * bpf_usdt_cookie() helpers; - new bpf_core_field_offset() CO-RE helper and support bpf_core_field_size(type, field) forms; - barrier() and barrier_var() macros for improving BPF code generation; - __kptr and __kptr_ref tags added; - ARC architecture support in bpf_tracing.h header; - new BPF helpers: * bpf_skb_set_tstamp(); * bpf_ima_file_hash(); * bpf_kptr_xchg(); * bpf_map_lookup_percpu_elem(). * Bug fixes - netlink bug fixes; - libbpf.pc fixes to support patch releases properly; - BPF_MAP_TYPE_PERF_EVENT_ARRAY map auto-pinning fix; - minor CO-RE fixes and improvements for some corner cases; - various other small fixes and improvements. ++++ salt: - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Added: * make-sure-saltcacheloader-use-correct-fileclient-519.patch ++++ selinux-policy: - Add fix_dnsmasq.patch to fix problems with virtualization on Microos (bsc#1199518) ------------------------------------------------------------------ ------------------ 2022-5-18 - May 18 2022 ------------------- ------------------------------------------------------------------ ++++ aaa_base: - Update to version 84.87+git20220518.dc83f4e: * Also in /etc/profile, rootsh is not restricted - Update to version 84.87+git20220518.78b2a0b: * The wrapper rootsh is not a restricted shell ++++ kernel-default: - perf: Fix sys_perf_event_open() race against self (CVE-2022-1729, bsc#1199507). - commit c1eda89 - Linux 5.17.9 (bsc#1012628). - batman-adv: Don't skb_split skbuffs with frag_list (bsc#1012628). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (bsc#1012628). - hwmon: (tmp401) Add OF device ID table (bsc#1012628). - mac80211: Reset MBSSID parameters upon connection (bsc#1012628). - net: rds: use maybe_get_net() when acquiring refcount on TCP sockets (bsc#1012628). - net: Fix features skip in for_each_netdev_feature() (bsc#1012628). - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (bsc#1012628). - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (bsc#1012628). - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (bsc#1012628). - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (bsc#1012628). - fbdev: simplefb: Cleanup fb_info in .fb_destroy rather than .remove (bsc#1012628). - fbdev: efifb: Cleanup fb_info in .fb_destroy rather than .remove (bsc#1012628). - fbdev: vesafb: Cleanup fb_info in .fb_destroy rather than .remove (bsc#1012628). - platform/surface: aggregator: Fix initialization order when compiling as builtin module (bsc#1012628). - ice: Fix race during aux device (un)plugging (bsc#1012628). - ice: clear stale Tx queue settings before configuring (bsc#1012628). - ice: fix PTP stale Tx timestamps cleanup (bsc#1012628). - ipv4: drop dst in multicast routing path (bsc#1012628). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (bsc#1012628). - netlink: do not reset transport header in netlink_recvmsg() (bsc#1012628). - net: chelsio: cxgb4: Avoid potential negative array offset (bsc#1012628). - fbdev: efifb: Fix a use-after-free due early fb_info cleanup (bsc#1012628). - net: sfc: fix memory leak due to ptp channel (bsc#1012628). - fanotify: do not allow setting dirent events in mask of non-dir (bsc#1012628). - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (bsc#1012628). - nfs: fix broken handling of the softreval mount option (bsc#1012628). - ionic: fix missing pci_release_regions() on error in ionic_probe() (bsc#1012628). - dim: initialize all struct fields (bsc#1012628). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (bsc#1012628). - procfs: prevent unprivileged processes accessing fdinfo dir (bsc#1012628). - selftests: vm: Makefile: rename TARGETS to VMTARGETS (bsc#1012628). - net: dsa: flush switchdev workqueue on bridge join error path (bsc#1012628). - arm64: vdso: fix makefile dependency on vdso.so (bsc#1012628). - virtio: fix virtio transitional ids (bsc#1012628). - s390/ctcm: fix variable dereferenced before check (bsc#1012628). - s390/ctcm: fix potential memory leak (bsc#1012628). - s390/lcs: fix variable dereferenced before check (bsc#1012628). - net/sched: act_pedit: really ensure the skb is writable (bsc#1012628). - net: ethernet: mediatek: ppe: fix wrong size passed to memset() (bsc#1012628). - net: bcmgenet: Check for Wake-on-LAN interrupt probe deferral (bsc#1012628). - drm/vc4: hdmi: Fix build error for implicit function declaration (bsc#1012628). - mlxsw: Avoid warning during ip6gre device removal (bsc#1012628). - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (bsc#1012628). - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (bsc#1012628). - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (bsc#1012628). - tls: Fix context leak on tls_device_down (bsc#1012628). - drm/vmwgfx: Fix fencing on SVGAv3 (bsc#1012628). - gfs2: Fix filesystem block deallocation for short writes (bsc#1012628). - hwmon: (asus_wmi_sensors) Fix CROSSHAIR VI HERO name (bsc#1012628). - hwmon: (f71882fg) Fix negative temperature (bsc#1012628). - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (bsc#1012628). - iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (bsc#1012628). - ASoC: max98090: Reject invalid values in custom control put() (bsc#1012628). - ASoC: max98090: Generate notifications on changes for custom control (bsc#1012628). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (bsc#1012628). - s390: disable -Warray-bounds (bsc#1012628). - ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (bsc#1012628). - io_uring: assign non-fixed early for async work (bsc#1012628). - net: emaclite: Don't advertise 1000BASE-T and do auto negotiation (bsc#1012628). - net: sfp: Add tx-fault workaround for Huawei MA5671A SFP ONT (bsc#1012628). - secure_seq: use the 64 bits of the siphash for port offset calculation (bsc#1012628). - tcp: use different parts of the port_offset for index and offset (bsc#1012628). - tcp: resalt the secret every 10 seconds (bsc#1012628). - tcp: add small random increments to the source port (bsc#1012628). - tcp: dynamically allocate the perturb table used by source ports (bsc#1012628). - tcp: increase source port perturb table to 2^16 (bsc#1012628). - tcp: drop the hash_32() part from the index calculation (bsc#1012628). - block: Do not call folio_next() on an unreferenced folio (bsc#1012628). - interconnect: Restore sync state by ignoring ipa-virt in provider count (bsc#1012628). - perf tests: Fix coresight `perf test` failure (bsc#1012628). - firmware_loader: use kernel credentials when reading firmware (bsc#1012628). - KVM: PPC: Book3S PR: Enable MSR_DR for switch_mmu_context() (bsc#1012628). - usb: xhci-mtk: fix fs isoc's transfer error (bsc#1012628). - x86/mm: Fix marking of unused sub-pmd ranges (bsc#1012628). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (bsc#1012628). - tty: n_gsm: fix buffer over-read in gsm_dlci_data() (bsc#1012628). - tty: n_gsm: fix mux activation issues in gsm_config() (bsc#1012628). - tty: n_gsm: fix invalid gsmtty_write_room() result (bsc#1012628). - usb: gadget: uvc: allow for application to cleanly shutdown (bsc#1012628). - usb: cdc-wdm: fix reading stuck on device close (bsc#1012628). - usb: typec: tcpci: Don't skip cleanup in .remove() on error (bsc#1012628). - usb: typec: tcpci_mt6360: Update for BMC PHY setting (bsc#1012628). - USB: serial: pl2303: add device id for HP LM930 Display (bsc#1012628). - USB: serial: qcserial: add support for Sierra Wireless EM7590 (bsc#1012628). - USB: serial: option: add Fibocom L610 modem (bsc#1012628). - USB: serial: option: add Fibocom MA510 modem (bsc#1012628). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (bsc#1012628). - fsl_lpuart: Don't enable interrupts too early (bsc#1012628). - genirq: Remove WARN_ON_ONCE() in generic_handle_domain_irq() (bsc#1012628). - serial: 8250_mtk: Fix UART_EFR register address (bsc#1012628). - serial: 8250_mtk: Fix register address for XON/XOFF character (bsc#1012628). - ceph: fix setting of xattrs on async created inodes (bsc#1012628). - Revert "mm/memory-failure.c: skip huge_zero_page in memory_failure()" (bsc#1012628). - mm/huge_memory: do not overkill when splitting huge_zero_page (bsc#1012628). - mm: mremap: fix sign for EFAULT error return value (bsc#1012628). - drm/vmwgfx: Disable command buffers on svga3 without gbobjects (bsc#1012628). - drm/nouveau/tegra: Stop using iommu_present() (bsc#1012628). - i40e: i40e_main: fix a missing check on list iterator (bsc#1012628). - net: phy: Fix race condition on link status change (bsc#1012628). - writeback: Avoid skipping inode writeback (bsc#1012628). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1012628). - ping: fix address binding wrt vrf (bsc#1012628). - ath11k: reduce the wait time of 11d scan and hw scan while add interface (bsc#1012628). - arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map (bsc#1012628). - net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (bsc#1012628). - net: phy: micrel: Pass .probe for KS8737 (bsc#1012628). - SUNRPC: Ensure that the gssproxy client can start in a connected state (bsc#1012628). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (bsc#1012628). - Revert "drm/amd/pm: keep the BACO feature enabled for suspend" (bsc#1012628). - dma-buf: call dma_buf_stats_setup after dmabuf is in valid list (bsc#1012628). - mm/hwpoison: use pr_err() instead of dump_page() in get_any_page() (bsc#1012628). - net: phy: micrel: Fix incorrect variable type in micrel (bsc#1012628). - mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (bsc#1012628). - commit eab1a2c ++++ lttng-ust: - Update to version 2.13.2 (changes since 2.13.0): * Fix: ust-compiler: constructor/destructor build on g++ 4.8. * ust-compiler: constructor/destructor whitespaces layout and macro dependency. * Fix: ust-cancelstate: include string.h for strerror. * Fix: libnuma is prepended to LIBS. * Fix: Allow disabling some abi compat tests. * Fix: generate probe registration constructor as a C++ constuctor. * Fix: nestable pthread cancelstate. * Fix: abort on decrement_sem_count during concurrent tracing start and teardown. * Fix: allocating C++ compound literal on heap with Clang. * Check for C++11 when building C++ probe providers. * fix: liblttng-ust-fd async-signal-safe close(). * tracepoints: print debug message when lttng-ust-tracepoint.so is not found. * Fix: static_assert unavailable with glibc < 2.16. * Fix: combined tracing of lttng-ust 2.12/2.13 generates corrupted traces. * doc/man: Document LTTNG_UST_ABORT_ON_CRITICAL variable. * Fix: remove autoconf features default value in help message. * Fix: add extern "C" to two header files. * Fix: __STDC_VERSION__ can be undefined in C++. * Fix: sample discarded events count before reserve. * Fix: ring buffer event counter. * Fix: concurrent exec(2) file descriptor leak. * Add "domain" parameter to the Log4j 2.x agent. * Fix: Convert custom loglevels in Log4j 2.x agent. * Fix: coverity reported null returns in Log4j2 agent. * Add a Log4j 2.x Java agent. * Fix: may be used uninitialised on powerpc. * Fix: doc/examples/java-log4j: fix paths to directories. * Fix: doc/examples/java-jul: fix paths to directories. ++++ parted: - add new type command from upstream added patches: - type-command.patch ++++ libunwind: - Adjust baselibs.conf for shlib guideline. ------------------------------------------------------------------ ------------------ 2022-5-17 - May 17 2022 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 4.0.0~rc4 - Fix building with GCC 12 - Fix stack overflow with very long commands / ids [bsc#1196149] - Use separate mount namespace for chroot, allowing overwriting the bind mounts from the update environment - this could have lead to data loss of the bind mount previously - Fix C error and exception handling for snapshots ++++ glibc: - nptl-spurious-eintr.patch: nptl: Handle spurious EINTR when thread cancellation is disabled (BZ #29029) ++++ grub2: - Fix installation over serial console ends up in infinite boot loop (bsc#1187810) * 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch - Fix ppc64le build error for new IEEE long double ABI * 0001-libc-config-merge-from-glibc.patch ++++ kernel-firmware: - Update to version 20220516 (git commit 251d29004ffc): * amdgpu: update beige goby firmware for 22.10 * amdgpu: update renoir firmware for 22.10 * amdgpu: update dimgrey cavefish firmware for 22.10 * amdgpu: update vega20 firmware for 22.10 * amdgpu: update yellow carp firmware for 22.10 * amdgpu: update vega12 firmware for 22.10 * amdgpu: update navy flounder firmware for 22.10 * amdgpu: update vega10 firmware for 22.10 * amdgpu: update raven2 firmware for 22.10 * amdgpu: update raven firmware for 22.10 * amdgpu: update sienna cichlid firmware for 22.10 * amdgpu: update green sardine firmware for 22.10 * amdgpu: update PCO firmware for 22.10 * amdgpu: update vangogh firmware for 22.10 * amdgpu: update navi14 firmware for 22.10 * amdgpu: update navi12 firmware for 22.10 * amdgpu: update navi10 firmware for 22.10 * amdgpu: update aldebaran firmware for 22.10 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * mediatek: Update mt8192 SCP firmware ++++ gcc12: - Update to gcc-12 branch head, 325d82b08696da17fb26bd2e1b6b, git78 ------------------------------------------------------------------ ------------------ 2022-5-16 - May 16 2022 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.38.0: + Add support for route type "throw". + Fix bug setting priority for IP addresses. + Static IPv6 addresses from "ipv6.addresses" are now preferred over addresses from DHCPv6, which are preferred over addresses from autoconf. This affects IPv6 source address selection, if the rules from RFC 6724, section 5 don't give a exhaustive match. + Static IPv6 addresses from "ipv6.addresses" are now interpreted with first address being preferred. Their order got inverted. This is now consistent with IPv4. + Wi-Fi hotspots will use a (stable) random channel number unless one is chosen manually. + Don't use unsupported SAE/WPA3 mode for AP mode. + NetworkManager will no longer advertise frequencies as supported when they're disallowed in configured regulatory domain. + Attempt to connect to WEP-encrypted Wi-Fi network will now fail gracefully with a recent version of wpa_supplicant when built without WEP support. As long as wpa_supplicant supports WEP, NetworkManager will continue to work. + Disable WPA3 transition mode for wifi.key-mgmt=wpa-psk if the NIC does not support PMF. This is known to cause problems in some setups. It is still possible to explicitly configure wifi.key-mgmt=sae for WPA3. + Add new dummy crypto backend "null" that does nothing. NetworkManager uses the crypto library when handling certificates for 802.1x profiles. + Veth devices with name "eth*" are now managed by default via the udev rule. This is to support managing the network in LXD containers. + The hostname received from DHCP is now shortened to the first dot (or to 64 characters, whatever comes first) if it's too long. + As the insecure WEP encryption for Wi-Fi network is phased out, nmcli now discourages its use when activating or modifying a profile. + Fix connectivity checks in case the check endpoint address resolves to multiple addresses. + Workaround libcurl blocking NetworkManager while resolving DNS names. + nmcli: indicate missing Wi-Fi hardware when showing rfkill setting. + nmcli: add connection migrate command to move a profile to a specified settings plugin. This allows to convert profiles in the deprecated ifcfg-rh format to keyfile. + Set "src" attribute for routes from DHCPv4 to the leased address. This helps with source address selection. + Various bugfixes and internal improvements. + Updated translations. - Recommend NetworkNanager-wifi from the main package: after the split, there is currently nothing pulling in NM-wifi. Preferably this would happen based on wifi chips prsence, but that is not yet done (boo#1199550). ++++ gpg2: - added tpm support, added a new subpackage gpg2-tpm ++++ kernel-default: - Linux 5.17.8 (bsc#1012628). - mm: fix invalid page pointer returned with FOLL_PIN gups (bsc#1012628). - mm,migrate: fix establishing demotion target (bsc#1012628). - mm/mlock: fix potential imbalanced rlimit ucounts adjustment (bsc#1012628). - mm/hwpoison: fix error page recovered but reported "not recovered" (bsc#1012628). - mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (bsc#1012628). - mm: shmem: fix missing cache flush in shmem_mfill_atomic_pte() (bsc#1012628). - mm: hugetlb: fix missing cache flush in hugetlb_mcopy_atomic_pte() (bsc#1012628). - mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (bsc#1012628). - mm: fix missing cache flush for all tail pages of compound page (bsc#1012628). - udf: Avoid using stale lengthOfImpUse (bsc#1012628). - rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (bsc#1012628). - Bluetooth: Fix the creation of hdev->name (bsc#1012628). - commit 718e8e9 - Update to 5.18-rc7 - commit 1778f40 ++++ ncurses: - Add ncurses patch 20220514 + further improvements to test/test_mouse.c; compare with ncurses test program menu A/a. ++++ libproxy: - Add libproxy-python-310.patch: Detect python 3.10. ++++ libunwind: - Add Conflict markers for earlier combined libunwind. ++++ u-boot-rpiarm64: - Remove build dependency on SDL, none of the installed tools need that - Use pkgconfig dependencies for gnutls, uuid, openssl ------------------------------------------------------------------ ------------------ 2022-5-15 - May 15 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add dovecot-profiles-boo1199535-mr881.diff: update dovecot profiles for latest dovecot (boo#1199535) ++++ librsvg: - Update to version 2.54.3: + Fix detection of gi-docgen. + Install the generated documentation in the correct place so that Devhelp can find it. - Changes from version 2.54.2: + Fix regressions when computing element geometries. + Add a --disable-gtk-doc option for the configure script, so people can disable generating documentation for cross-compiling. + MSVC: Support generating documentation, and passing introspection paths. ++++ libapparmor: - add dovecot-profiles-boo1199535-mr881.diff: update dovecot profiles for latest dovecot (boo#1199535) ------------------------------------------------------------------ ------------------ 2022-5-14 - May 14 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - autoselect libvdpau_r300/libvdpau_r600/libvdpau_radeonsi packages via hardware supplements on AMD GPUs ++++ Mesa-drivers: - autoselect libvdpau_r300/libvdpau_r600/libvdpau_radeonsi packages via hardware supplements on AMD GPUs ------------------------------------------------------------------ ------------------ 2022-5-13 - May 13 2022 ------------------- ------------------------------------------------------------------ ++++ iptables: - Update to release 1.8.8 * Add iptables-translate support for: sctp match's - -chunk-types option, connlimit match, multiport match's - -ports option, and the tcpmss match. * Reject setuid executables in libxtables for safety reasons * Extended arptables-nft with -C, -I, -R, -S cmomands and the "-c N,M" counter syntax. * Debug output in iptables-restore (all variants), iptables-nft and ebtables-nft when specifying -v multiple times * Improved performance of iptables-save and -restore ++++ open-iscsi: - Set initiatorname in %post (at end of install), for cases where root is read-only at startup time (bsc#1198457) ++++ systemd: - Update rpmlintrc for shlib-policy-name-error/multibuild case. ++++ libunwind: - Resolve rpmlint error "libunwind.x86_64: E: shlib-policy-name-error SONAME: libunwind-coredump.so.0, expected package suffix: 0" ++++ libyajl: - add libyajl-CVE-2022-24795.patch (CVE-2022-24795, bsc#1198405) ------------------------------------------------------------------ ------------------ 2022-5-12 - May 12 2022 ------------------- ------------------------------------------------------------------ ++++ chrony: - Moved 20-chrony file from user specif directory /etc/NetworkManager/dispatcher.d to vendor specific directory /usr/lib/NetworkManager/dispatcher.d. So, users changes can still be done in /etc and will not be overwritten by an update. ++++ glibc: - Follow the distro default gcc version to build the cross bootstrap packages. ++++ kernel-default: - Linux 5.17.7 (bsc#1012628). - PCI: aardvark: Update comment about link going down after link-up (bsc#1012628). - PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (bsc#1012628). - PCI: aardvark: Don't mask irq when mapping (bsc#1012628). - PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (bsc#1012628). - PCI: aardvark: Use separate INTA interrupt for emulated root bridge (bsc#1012628). - PCI: aardvark: Fix support for PME requester on emulated bridge (bsc#1012628). - PCI: aardvark: Add support for PME interrupts (bsc#1012628). - PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (bsc#1012628). - PCI: aardvark: Add support for ERR interrupt on emulated bridge (bsc#1012628). - PCI: aardvark: Enable MSI-X support (bsc#1012628). - PCI: aardvark: Fix setting MSI address (bsc#1012628). - PCI: aardvark: Add support for masking MSI interrupts (bsc#1012628). - PCI: aardvark: Refactor unmasking summary MSI interrupt (bsc#1012628). - PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (bsc#1012628). - PCI: aardvark: Make msi_domain_info structure a static driver structure (bsc#1012628). - PCI: aardvark: Make MSI irq_chip structures static driver structures (bsc#1012628). - PCI: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (bsc#1012628). - PCI: aardvark: Rewrite IRQ code to chained IRQ handler (bsc#1012628). - PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (bsc#1012628). - mmc: rtsx: add 74 Clocks in power on flow (bsc#1012628). - selftest/vm: verify remap destination address in mremap_test (bsc#1012628). - selftest/vm: verify mmap addr in mremap_test (bsc#1012628). - KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (bsc#1012628). - KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (bsc#1012628). - KVM: x86: Do not change ICR on write to APIC_SELF_IPI (bsc#1012628). - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (bsc#1012628). - KVM: selftests: Silence compiler warning in the kvm_page_table_test (bsc#1012628). - kvm: selftests: do not use bitfields larger than 32-bits for PTEs (bsc#1012628). - KVM: VMX: Exit to userspace if vCPU has injected exception and invalid state (bsc#1012628). - KVM: SEV: Mark nested locking of vcpu->lock (bsc#1012628). - iommu/dart: Add missing module owner to ops structure (bsc#1012628). - fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (bsc#1012628). - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (bsc#1012628). - net: rds: acquire refcount on TCP sockets (bsc#1012628). - gpio: mvebu: drop pwm base assignment (bsc#1012628). - parisc: Mark cr16 clock unstable on all SMP machines (bsc#1012628). - btrfs: always log symlinks in full mode (bsc#1012628). - smsc911x: allow using IRQ0 (bsc#1012628). - selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (bsc#1012628). - bnxt_en: Fix unnecessary dropping of RX packets (bsc#1012628). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (bsc#1012628). - dt-bindings: pci: apple,pcie: Drop max-link-speed from example (bsc#1012628). - selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (bsc#1012628). - rxrpc: Enable IPv6 checksums on transport socket (bsc#1012628). - mld: respect RCU rules in ip6_mc_source() and ip6_mc_msfilter() (bsc#1012628). - SUNRPC: Don't leak sockets in xs_local_connect() (bsc#1012628). - hinic: fix bug of wq out of bound access (bsc#1012628). - drm/msm/dp: remove fail safe mode related code (bsc#1012628). - selftests/net: so_txtime: usage(): fix documentation of default clock (bsc#1012628). - selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (bsc#1012628). - net: emaclite: Add error handling for of_address_to_resource() (bsc#1012628). - net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (bsc#1012628). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (bsc#1012628). - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (bsc#1012628). - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (bsc#1012628). - net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (bsc#1012628). - net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (bsc#1012628). - NFSv4: Don't invalidate inode attributes on delegation return (bsc#1012628). - RDMA/irdma: Fix possible crash due to NULL netdev in notifier (bsc#1012628). - RDMA/irdma: Reduce iWARP QP destroy time (bsc#1012628). - RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (bsc#1012628). - RDMA/siw: Fix a condition race issue in MPA request processing (bsc#1012628). - SUNRPC release the transport of a relocated task with an assigned transport (bsc#1012628). - ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec (bsc#1012628). - selftests/seccomp: Don't call read() on TTY from background pgrp (bsc#1012628). - net/mlx5e: TC, fix decap fallback to uplink when int port not supported (bsc#1012628). - net/mlx5e: Lag, Don't skip fib events on current dst (bsc#1012628). - net/mlx5e: Lag, Fix fib_info pointer assignment (bsc#1012628). - net/mlx5e: Lag, Fix use-after-free in fib event handler (bsc#1012628). - net/mlx5: Fix deadlock in sync reset flow (bsc#1012628). - net/mlx5: Avoid double clear or set of sync reset requested (bsc#1012628). - net/mlx5: Fix matching on inner TTC (bsc#1012628). - net/mlx5e: Fix the calling of update_buffer_lossy() API (bsc#1012628). - net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (bsc#1012628). - net/mlx5e: Don't match double-vlan packets if cvlan is not set (bsc#1012628). - net/mlx5e: Fix wrong source vport matching on tunnel rule (bsc#1012628). - net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (bsc#1012628). - net/mlx5e: Fix trust state reset in reload (bsc#1012628). - iommu/dart: check return value after calling platform_get_resource() (bsc#1012628). - iommu/vt-d: Drop stop marker messages (bsc#1012628). - ASoC: soc-ops: fix error handling (bsc#1012628). - ASoC: meson: axg-card: Fix nonatomic links (bsc#1012628). - ASoC: meson: axg-tdm-interface: Fix formatters in trigger" (bsc#1012628). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (bsc#1012628). - hwmon: (pmbus) disable PEC if not enabled (bsc#1012628). - hwmon: (adt7470) Fix warning on module removal (bsc#1012628). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (bsc#1012628). - gpio: visconti: Fix fwnode of GPIO IRQ (bsc#1012628). - NFC: netlink: fix sleep in atomic bug when firmware download timeout (bsc#1012628). - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (bsc#1012628). - nfc: replace improper check device_is_registered() in netlink related functions (bsc#1012628). - can: grcan: only use the NAPI poll budget for RX (bsc#1012628). - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (bsc#1012628). - can: grcan: use ofdev->dev when allocating DMA memory (bsc#1012628). - can: isotp: remove re-binding of bound socket (bsc#1012628). - can: grcan: grcan_close(): fix deadlock (bsc#1012628). - s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1012628). - s390/dasd: Fix read for ESE with blksize < 4k (bsc#1012628). - s390/dasd: prevent double format of tracks for ESE devices (bsc#1012628). - s390/dasd: fix data corruption for ESE devices (bsc#1012628). - ASoC: meson: Fix event generation for AUI CODEC mux (bsc#1012628). - ASoC: meson: Fix event generation for G12A tohdmi mux (bsc#1012628). - ASoC: meson: Fix event generation for AUI ACODEC mux (bsc#1012628). - ASoC: wm8958: Fix change notifications for DSP controls (bsc#1012628). - ASoC: rt9120: Correct the reg 0x09 size to one byte (bsc#1012628). - ASoC: da7219: Fix change notifications for tone generator frequency (bsc#1012628). - genirq: Synchronize interrupt thread startup (bsc#1012628). - btrfs: skip compression property for anything other than files and dirs (bsc#1012628). - btrfs: do not allow compression on nodatacow files (bsc#1012628). - btrfs: export a helper for compression hard check (bsc#1012628). - btrfs: do not BUG_ON() on failure to update inode when setting xattr (bsc#1012628). - btrfs: force v2 space cache usage for subpage mount (bsc#1012628). - btrfs: sysfs: export the balance paused state of exclusive operation (bsc#1012628). - net: stmmac: disable Split Header (SPH) for Intel platforms (bsc#1012628). - firewire: core: extend card->lock in fw_core_handle_bus_reset (bsc#1012628). - firewire: remove check of list iterator against head past the loop body (bsc#1012628). - firewire: fix potential uaf in outbound_phy_packet_callback() (bsc#1012628). - timekeeping: Mark NMI safe time accessors as notrace (bsc#1012628). - Revert "SUNRPC: attempt AF_LOCAL connect on setup" (bsc#1012628). - hwmon: (pmbus) delta-ahe50dc-fan: work around hardware quirk (bsc#1012628). - RISC-V: relocate DTB if it's outside memory region (bsc#1012628). - drm/amdgpu: do not use passthrough mode in Xen dom0 (bsc#1012628). - drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (bsc#1012628). - iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (bsc#1012628). - iommu/vt-d: Calculate mask for non-aligned flushes (bsc#1012628). - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (bsc#1012628). - x86/fpu: Prevent FPU state corruption (bsc#1012628). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (bsc#1012628). - mmc: core: Set HS clock speed before sending HS CMD13 (bsc#1012628). - mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (bsc#1012628). - mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (bsc#1012628). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (bsc#1012628). - ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (bsc#1012628). - parisc: Merge model and model name into one line in /proc/cpuinfo (bsc#1012628). - Revert "parisc: Mark sched_clock unstable only if clocks are not syncronized" (bsc#1012628). - Revert "parisc: Mark cr16 CPU clocksource unstable on all SMP machines" (bsc#1012628). - MIPS: Fix CP0 counter erratum detection for R4k CPUs (bsc#1012628). - ipmi:ipmi_ipmb: Fix null-ptr-deref in ipmi_unregister_smi() (bsc#1012628). - ipmi: When handling send message responses, don't process the message (bsc#1012628). - pci_irq_vector() can't be used in atomic context any longer. This conflicts with the usage of this function in nic_mbx_intr_handler(). age of this function in nic_mbx_intr_handler() (bsc#1012628). - commit c9a5fa1 ++++ openldap2: - bsc#1199277 - Resolve segfault when calling new ctx with global ctx * 0017-Resolve-error-handling-in-new-ctx-when-global.patch ++++ runc: - Add ExcludeArch for s390 (not s390x) since we've never supported it. ------------------------------------------------------------------ ------------------ 2022-5-11 - May 11 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - Update samba-new-dcerpcd.patch for aarch64 which needs some additional rules; (bnc#1198309). ++++ curl: - Update to 7.83.1: * Security fixes: - (bsc#1199225, CVE-2022-30115) HSTS bypass via trailing dot - (bsc#1199224, CVE-2022-27782) TLS and SSH connection too eager reuse - (bsc#1199223, CVE-2022-27781) CERTINFO never-ending busy-loop - (bsc#1199222, CVE-2022-27780) percent-encoded path separator in URL host - (bsc#1199221, CVE-2022-27779) cookie for trailing dot TLD - (bsc#1199220, CVE-2022-27778) removes wrong file on error * Bugfixes: - altsvc: fix host name matching for trailing dots - cirrus: Update to FreeBSD 12.3 - cirrus: Use pip for Python packages on FreeBSD - conn: fix typo 'connnection' -> 'connection' in two function names - cookies: make bad_domain() not consider a trailing dot fine - curl: free resource in error path - curl: guard against size_t wraparound in no-clobber code - CURLOPT_DOH_URL.3: mention the known bug - CURLOPT_HSTS*FUNCTION.3: document the involved structs as well - CURLOPT_SSH_AUTH_TYPES.3: fix the default - data/test376: set a proper name - GHA/mbedtls: enabled nghttp2 in the build - gha: build msh3 - gskit: fixed bogus setsockopt calls - gskit: remove unused function set_callback - hsts: ignore trailing dots when comparing hosts names - HTTP-COOKIES: add missing CURLOPT_COOKIESESSION - http: move Curl_allow_auth_to_host() - http_proxy/hyper: handle closed connections - hyper: fix test 357 - Makefile: fix "make ca-firefox" - mbedtls: bail out if rng init fails - mbedtls: fix compile when h2-enabled - mbedtls: fix some error messages - misc: use "autoreconf -fi" instead buildconf - msh3: get msh3 version from MsH3Version - msh3: print boolean value as text representation - msh3: psss remote_port to MsH3ConnectionOpen - ngtcp2: add ca-fallback support for OpenSSL backend - nss: return error if seemingly stuck in a cert loop - openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl - post_per_transfer: remove the updated file name - sectransp: bail out if SSLSetPeerDomainName fails - tests/server: declare variable 'reqlogfile' static - tests: fix markdown formatting in README - test{898,974,976}: add 'HTTP proxy' keywords - tls: check more TLS details for connection reuse - url: check SSH config match on connection reuse - urlapi: address (harmless) UndefinedBehavior sanitizer warning - urlapi: reject percent-decoding host name into separator bytes - x509asn1: make do_pubkey handle EC public keys ++++ gnutls: - disable kcapi usage for now, as kernel-obs-build not adjusted to contain the algorithms. bsc#1189283 ++++ hwdata: - Update to version 0.359: + Updated pci, usb and vendor ids. ++++ kernel-firmware: - Update to version 20220509 (git commit b19cbdca78ab): * mediatek: Update mt8183 SCP firmware * ice: Update package to 1.3.28.0 * i915: Add DMC v2.06 for DG2 * rtl_bt: Update RTL8852A BT USB firmware to 0xDBB7_C1D9 * amdgpu: update psp_13_0_8 firmware * amdgpu: update gc_10_3_7_rlc firmware * amdgpu: update dcn_3_1_6_dmcub firmware * ath11k: QCA6390 hw2.0: update to WLAN.HST.1.0.1-05266-QCAHSTSWPLZ_V2_TO_X86-1 * qcom: add firmware files for Adreno a420 & related generations * qcom: add firmware files for Adreno a330 * qcom: add firmware files for Adreno a220 * i915: Add GuC v70.1.2 for DG2 * rtw89: 8852c: add new firmware v0.27.20.0 for RTL8852C * Mellanox: Add lc_ini_bundle for xx.2010.1006 * Mellanox: xx.2010.1502: Distribute non-xz-compressed lc_ini_bundle * ath10k: QCA9984 hw1.0: update board-2.bin * ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00156 * ath10k: QCA9888 hw2.0: update board-2.bin * ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00156 * ath10k: QCA6174 hw3.0: update board-2.bin * ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00288-QCARMSWPZ-1 * ath10k: QCA4019 hw1.0: update board-2.bin * ath10k: QCA99X0 hw2.0: add board-2.bin * ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.7 * ath11k: WCN6750 hw1.0: add to WLAN.MSL.1.0.1-00887-QCAMSLSWPLZ-1 * ath11k: WCN6750 hw1.0: add board-2.bin * ath11k: QCN9074 hw1.0: add to WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1 * ath11k: QCN9074 hw1.0: add board-2.bin * ath11k: QCA6390 hw2.0: update board-2.bin * ath11k: IPQ8074 hw2.0: update to WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1 * ath11k: IPQ8074 hw2.0: update board-2.bin * ath11k: IPQ6018 hw1.0: update to WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1 * ath11k: IPQ6018 hw1.0: update board-2.bin * Mellanox: Add new mlxsw_spectrum firmware xx.2010.1502 * amdgpu: update yellow carp DMCUB firmware * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * linux-firmware: update firmware for MT7922 WiFi device * mediatek: Add mt8195 SCP firmware * qcom: apq8096: add modem firmware * qcom: apq8096: add aDSP firmware * rtl_bt: Add firmware and config files for RTL8852C * i915: Add GuC v70.1.1 for all platforms - Update aliases ++++ libapparmor: - Update samba-new-dcerpcd.patch for aarch64 which needs some additional rules; (bnc#1198309). ++++ multipath-tools: - Update to version 0.8.9+90+suse.71a70fb: * support overriding -D_FORTIFY_SOURCE in OPTFLAGS * add -U_FORTIFY_SOURCE to optflags to avoid compilation errors on old distros ++++ protobuf: - Do not use %%autosetup, but %%setup and %%patch on other line * Allows building on SLE-12-SP5 ++++ libvisual: - Remove old specfile constructs - Remove --with-pic, this is only useful with --enable-static - Make %install sh-compatible - Remove .la files, I do not think we will need it - Repair rpmlint error "libvisual.x86_64: E: shlib-policy-name-error SONAME: libvisual-0.4.so.0, expected package suffix: 0_4-0" ++++ qemu: - Filter out rpmlint error that is valid for qemu, but will have its badness increased in the future. ++++ runc: - Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. CVE-2022-29162 bsc#1199460 * A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and CVE-2022-29162. bsc#1199460 * `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. ------------------------------------------------------------------ ------------------ 2022-5-10 - May 10 2022 ------------------- ------------------------------------------------------------------ ++++ gcc12: - Enable PRU architecture for AM335x platforms ++++ multipath-tools: - Update to version 0.8.9+87+suse.a1eb122: * add ability to autodetect support for -D_FORTIFY_SOURCE=3 ++++ numactl: - Update to version 2.0.14.39.g8b18345: * numa(3): Fix typos and punctuation * Avoid libnuma.so dependency on util.o * test/prefered: add test cases for new 'preferred-many' policy * test/prefered: fix compiling problem * numa(3): Update the man page * Update to support multiple nodes * numademo: Add a new test for multiple-preferred-nodes policy * numactl: Simplify preferred selection * libnuma: Export interface to set/get preferred nodes * util: Add new preferred-many type ++++ python310-core: - Refresh bluez-devel-vendor.tar.xz ++++ python310: - Refresh bluez-devel-vendor.tar.xz ------------------------------------------------------------------ ------------------ 2022-5-9 - May 9 2022 ------------------- ------------------------------------------------------------------ ++++ checkpolicy: - Update to version 3.4 * warn on bogus IP address or netmask in nodecon statement * allow wildcard permissions in constraints * mention class name on invalid permission ++++ gstreamer: - Enable use of libunwind on riscv64 - Update to version 1.20.2 + Highlighted bugfixes: - avviddec: Remove vc1/wmv3 override and fix crashes on WMV files with FFMPEG 5.0+ - macOS: fix plugin discovery for GStreamer installed via brew and fix loading of Rust plugins - rtpbasepayload: various header extension handling fixes - rtpopusdepay: fix regression in stereo input handling if sprop-stereo is not advertised - rtspclientsink: fix possible shutdown deadlock - mpegts: gracefully handle "empty" program maps and fix AC-4 detection - mxfdemux: Handle empty VANC packets and fix EOS handling - playbin3: various playbin3, uridecodebin3, and playsink fixes - ptpclock: fix initial sync-up with certain devices - gltransformation: let graphene alloc its structures memory aligned - webrtcbin fixes and webrtc sendrecv example improvements - video4linux2: various fixes including some fixes for Raspberry Pi users - videorate segment handling fixes and other fixes - nvh264dec, nvh265dec: Fix broken key-unit trick modes and reverse playback - wpe: Reintroduce persistent WebContext - cerbero: Make it easier to consume 1.20.1 macOS GStreamer .pkgs - build fixes and gobject annotation fixes - bug fixes, security fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - devicemonitor: clean up signal handlers and hidden providers list - Leaks tracer: fix pthread_atfork return value check leading to bogus warning in log - Rust plugins: Not picked up by the plugin loader on macOS - Failed to use plugins of latest GStreamer version 1.20.x installed by brew on macOS - ptpclock: Allow at least 100ms delay between Sync/Follow_Up and Delay_Req/Delay_Resp messages. Fixes problems acquiring initial sync with certain devices - meson: Add -Wl,-rpath,${libdir} on macOS - registry: skip Rust dep builddirs when searching for plugins recursively ++++ gstreamer-plugins-base: - Update to version 1.20.2: + appsrc: Clarify buffer ref semantics in signals documentation + appsrc: fix annotations for bindings + typefind: Skip extension parsing for data:// URIs, fixing regression with mp4 files serialised to data uris + playbin3: various fixes + playbin3: fix missing lock when unknown stream type in pad-removed cb + decodebin3: fix collection leaks + decodebin3: Don't duplicate stream selections + discoverer: chain up to parent finalize methods in all our types to fix memory leaks + glmixerbin: slightly better pad/element creation + gltransformation: let graphene alloc its structures memory aligned + ogg: fix possible buffer overrun + rtpbasepayload: Don't write header extensions if there's no corresponding... + rtpbasepayload: always store input buffer meta before negotiation + rtpbasepayload: fix transfer annotation for push and push_list + subparse: don't try to index string with -1 + riff-media: fix memory leak after usage for g_strjoin() + playbin/playbin3: Allow setting a NULL URI + playsink: Complete reconfiguration on pad release. + parsebin: Expose streams of unknown type + pbutils: Fix wmv screen description detection + subparse: don't deref a potentially NULL variable + rawvideoparse: set format from caps in gst_raw_video_parse_set_config_from_caps + videodecoder: release stream lock after handling gap events + videorate: fix assertion when pushing last and only buffer without duration + videorate: Revert "don't reset on segment update" to fix segment handling regressions + gst-play-1.0, gst-launch-1.0: Enable win32 high-resolution timer also for MinGW build - Drop patch already included in 1.20.2: + 5a074a11f90e3d70b24bf0c535ab0480fad9e701.patch ++++ kernel-default: - Linux 5.17.6 (bsc#1012628). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (bsc#1012628). - floppy: disable FDRAWCMD by default (bsc#1012628). - USB: quirks: add a Realtek card reader (bsc#1012628). - USB: quirks: add STRING quirk for VCOM device (bsc#1012628). - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (bsc#1012628). - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (bsc#1012628). - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (bsc#1012628). - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (bsc#1012628). - usb: xhci: tegra:Fix PM usage reference leak of tegra_xusb_unpowergate_partitions (bsc#1012628). - xhci: Enable runtime PM on second Alderlake controller (bsc#1012628). - xhci: stop polling roothubs after shutdown (bsc#1012628). - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (bsc#1012628). - iio: dac: ad5592r: Fix the missing return value (bsc#1012628). - iio: scd4x: check return of scd4x_write_and_fetch (bsc#1012628). - iio: dac: ad5446: Fix read_raw not returning set value (bsc#1012628). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (bsc#1012628). - iio: imu: inv_icm42600: Fix I2C init possible nack (bsc#1012628). - usb: misc: fix improper handling of refcount in uss720_probe() (bsc#1012628). - usb: core: Don't hold the device lock while sleeping in do_proc_control() (bsc#1012628). - usb: typec: ucsi: Fix reuse of completion structure (bsc#1012628). - usb: typec: ucsi: Fix role swapping (bsc#1012628). - usb: gadget: uvc: Fix crash when encoding data for usb request (bsc#1012628). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (bsc#1012628). - usb: dwc3: Try usb-role-switch first in dwc3_drd_init (bsc#1012628). - usb: dwc3: core: Fix tx/rx threshold settings (bsc#1012628). - usb: dwc3: core: Only handle soft-reset in DCTL (bsc#1012628). - usb: dwc3: gadget: Return proper request status (bsc#1012628). - usb: dwc3: pci: add support for the Intel Meteor Lake-P (bsc#1012628). - usb: cdns3: Fix issue for clear halt endpoint (bsc#1012628). - usb: phy: generic: Get the vbus supply (bsc#1012628). - kernfs: fix NULL dereferencing in kernfs_remove (bsc#1012628). - binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0 (bsc#1012628). - binder: Address corner cases in deferred copy and fixup (bsc#1012628). - serial: imx: fix overrun interrupts in DMA mode (bsc#1012628). - serial: amba-pl011: do not time out prematurely when draining tx fifo (bsc#1012628). - serial: 8250: Also set sticky MCR bits in console restoration (bsc#1012628). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (bsc#1012628). - eeprom: at25: Use DMA safe buffers (bsc#1012628). - arch_topology: Do not set llc_sibling if llc_id is invalid (bsc#1012628). - topology: make core_mask include at least cluster_siblings (bsc#1012628). - ceph: fix possible NULL pointer dereference for req->r_session (bsc#1012628). - bus: mhi: host: pci_generic: Add missing poweroff() PM callback (bsc#1012628). - bus: mhi: host: pci_generic: Flush recovery worker during freeze (bsc#1012628). - arm64: dts: imx8mm-venice: fix spi2 pin configuration (bsc#1012628). - pinctrl: samsung: fix missing GPIOLIB on ARM64 Exynos config (bsc#1012628). - f2fs: should not truncate blocks during roll-forward recovery (bsc#1012628). - hex2bin: make the function hex_to_bin constant-time (bsc#1012628). - hex2bin: fix access beyond string end (bsc#1012628). - bus: fsl-mc-msi: Fix MSI descriptor mutex lock for msi_first_desc() (bsc#1012628). - riscv: patch_text: Fixup last cpu should be master (bsc#1012628). - x86/cpu: Load microcode during restore_processor_state() (bsc#1012628). - x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (bsc#1012628). - iocost: don't reset the inuse weight of under-weighted debtors (bsc#1012628). - virtio_net: fix wrong buf address calculation when using xdp (bsc#1012628). - cpufreq: qcom-hw: drop affinity hint before freeing the IRQ (bsc#1012628). - cpufreq: qcom-hw: fix the race between LMH worker and cpuhp (bsc#1012628). - cpufreq: qcom-hw: fix the opp entries refcounting (bsc#1012628). - cpufreq: qcom-cpufreq-hw: Fix throttle frequency value on EPSS platforms (bsc#1012628). - video: fbdev: udlfb: properly check endpoint type (bsc#1012628). - arm64: dts: meson: remove CPU opps below 1GHz for G12B boards (bsc#1012628). - arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards (bsc#1012628). - iio: dac: ad3552r: fix signedness bug in ad3552r_reset() (bsc#1012628). - iio:imu:bmi160: disable regulator in error path (bsc#1012628). - iio:filter:admv8818: select REGMAP_SPI for ADMV8818 (bsc#1012628). - mtd: rawnand: fix ecc parameters for mt7622 (bsc#1012628). - tee: optee: add missing mutext_destroy in optee_ffa_probe (bsc#1012628). - xsk: Fix l2fwd for copy mode + busy poll combo (bsc#1012628). - arm64: dts: imx8qm: Correct SCU clock controller's compatible property (bsc#1012628). - USB: Fix xhci event ring dequeue pointer ERDP update issue (bsc#1012628). - soc: imx: imx8m-blk-ctrl: Fix IMX8MN_DISPBLK_PD_ISI hang (bsc#1012628). - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (bsc#1012628). - iio:dac:ad3552r: Fix an IS_ERR() vs NULL check (bsc#1012628). - arm64: dts: imx8mq-tqma8mq: change the spi-nor tx (bsc#1012628). - arm64: dts: imx8mn: Fix SAI nodes (bsc#1012628). - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO pin labeling for CON1 (bsc#1012628). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (bsc#1012628). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (bsc#1012628). - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (bsc#1012628). - bus: ti-sysc: Make omap3 gpt12 quirk handling SoC specific (bsc#1012628). - ARM: dts: dra7: Fix suspend warning for vpe powerdomain (bsc#1012628). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (bsc#1012628). - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (bsc#1012628). - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (bsc#1012628). - ARM: dts: at91: fix pinctrl phandles (bsc#1012628). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (bsc#1012628). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (bsc#1012628). - interconnect: qcom: sc7180: Drop IP0 interconnects (bsc#1012628). - interconnect: qcom: sdx55: Drop IP0 interconnects (bsc#1012628). - ARM: dts: Fix mmc order for omap3-gta04 (bsc#1012628). - ARM: dts: am33xx-l4: Add missing touchscreen clock properties (bsc#1012628). - ARM: dts: am3517-evm: Fix misc pinmuxing (bsc#1012628). - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (bsc#1012628). - pinctrl: qcom: sm6350: fix order of UFS & SDC pins (bsc#1012628). - ipvs: correctly print the memory size of ip_vs_conn_tab (bsc#1012628). - phy: amlogic: fix error path in phy_g12a_usb3_pcie_probe() (bsc#1012628). - pinctrl: mediatek: moore: Fix build error (bsc#1012628). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (bsc#1012628). - mtd: fix 'part' field data corruption in mtd_info (bsc#1012628). - pinctrl: stm32: Do not call stm32_gpio_get() for edge triggered IRQs in EOI (bsc#1012628). - memory: renesas-rpc-if: Fix HF/OSPI data transfer in Manual Mode (bsc#1012628). - net: dsa: Add missing of_node_put() in dsa_port_link_register_of (bsc#1012628). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (bsc#1012628). - bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook (bsc#1012628). - pinctrl: rockchip: fix RK3308 pinmux bits (bsc#1012628). - tcp: md5: incorrect tcp_header_len for incoming connections (bsc#1012628). - pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (bsc#1012628). - tcp: ensure to use the most recently sent skb when filling the rate sample (bsc#1012628). - wireguard: device: check for metadata_dst with skb_valid_dst() (bsc#1012628). - sctp: check asoc strreset_chunk in sctp_generate_reconf_event (bsc#1012628). - ARM: dts: imx6ull-colibri: fix vqmmc regulator (bsc#1012628). - arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (bsc#1012628). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (bsc#1012628). - cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe (bsc#1012628). - net: hns3: clear inited state and stop client after failed to register netdev (bsc#1012628). - net: hns3: fix error log of tx/rx tqps stats (bsc#1012628). - net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (bsc#1012628). - net: hns3: add validity check for message data length (bsc#1012628). - net: hns3: add return value for mailbox handling in PF (bsc#1012628). - net/smc: sync err code when tcp connection was refused (bsc#1012628). - net: lan966x: fix a couple off by one bugs (bsc#1012628). - ip_gre: Make o_seqno start from 0 in native mode (bsc#1012628). - ip6_gre: Make o_seqno start from 0 in native mode (bsc#1012628). - ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode (bsc#1012628). - tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (bsc#1012628). - tcp: make sure treq->af_specific is initialized (bsc#1012628). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (bsc#1012628). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (bsc#1012628). - cpufreq: qcom-cpufreq-hw: Clear dcvs interrupts (bsc#1012628). - mctp: defer the kfree of object mdev->addrs (bsc#1012628). - net: bcmgenet: hide status block before TX timestamping (bsc#1012628). - net: phy: marvell10g: fix return value on error (bsc#1012628). - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (bsc#1012628). - drm/sun4i: Remove obsolete references to PHYS_OFFSET (bsc#1012628). - ice: wait 5 s for EMP reset after firmware flash (bsc#1012628). - Bluetooth: hci_event: Fix checking for invalid handle on error status (bsc#1012628). - net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK (bsc#1012628). - io_uring: check reserved fields for send/sendmsg (bsc#1012628). - io_uring: check reserved fields for recv/recvmsg (bsc#1012628). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1012628). - netfilter: conntrack: fix udp offload timeout sysctl (bsc#1012628). - platform/x86: asus-wmi: Potential buffer overflow in asus_wmi_evaluate_method_buf() (bsc#1012628). - platform/x86: asus-wmi: Fix driver not binding when fan curve control probe fails (bsc#1012628). - drm/amdkfd: Fix GWS queue count (bsc#1012628). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1012628). - tls: Skip tls_append_frag on zero copy size (bsc#1012628). - bnx2x: fix napi API usage sequence (bsc#1012628). - net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (bsc#1012628). - gfs2: Minor retry logic cleanup (bsc#1012628). - gfs2: Make sure not to return short direct writes (bsc#1012628). - gfs2: No short reads or writes upon glock contention (bsc#1012628). - perf arm-spe: Fix addresses of synthesized SPE events (bsc#1012628). - ixgbe: ensure IPsec VF<->PF compatibility (bsc#1012628). - net: enetc: allow tc-etf offload even with NETIF_F_CSUM_MASK (bsc#1012628). - Revert "ibmvnic: Add ethtool private flag for driver-defined queue limits" (bsc#1012628). - tcp: fix F-RTO may not work correctly when receiving DSACK (bsc#1012628). - ASoC: soc-pcm: use GFP_KERNEL when the code is sleepable (bsc#1012628). - ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN (bsc#1012628). - ASoC: rt711/5682: check if bus is active before deferred jack detection (bsc#1012628). - ASoC: Intel: soc-acpi: correct device endpoints for max98373 (bsc#1012628). - ASoC: wm8731: Disable the regulator when probing fails (bsc#1012628). - Input: cypress-sf - register a callback to disable the regulators (bsc#1012628). - ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1012628). - arch: xtensa: platforms: Fix deadlock in rs_close() (bsc#1012628). - ksmbd: increment reference count of parent fp (bsc#1012628). - ksmbd: set fixed sector size to FS_SECTOR_SIZE_INFORMATION (bsc#1012628). - erofs: fix use-after-free of on-stack io[] (bsc#1012628). - bonding: do not discard lowest hash bit for non layer3+4 hashing (bsc#1012628). - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (bsc#1012628). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1012628). - drivers: net: hippi: Fix deadlock in rr_close() (bsc#1012628). - powerpc/perf: Fix 32bit compile (bsc#1012628). - ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (bsc#1012628). - selftest/vm: verify mmap addr in mremap_test (bsc#1012628). - selftest/vm: verify remap destination address in mremap_test (bsc#1012628). - bfq: Fix warning in bfqq_request_over_limit() (bsc#1012628). - Revert "ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40" (bsc#1012628). - Revert "block: inherit request start time from bio for BLK_CGROUP" (bsc#1012628). - zonefs: Fix management of open zones (bsc#1012628). - zonefs: Clear inode information flags on inode creation (bsc#1012628). - kasan: prevent cpu_quarantine corruption when CPU offline and cache shrink occur at same time (bsc#1012628). - mtd: rawnand: qcom: fix memory corruption that causes panic (bsc#1012628). - netfilter: Update ip6_route_me_harder to consider L3 domain (bsc#1012628). - drm/amdgpu: don't runtime suspend if there are displays attached (v3) (bsc#1012628). - drm/i915: Check EDID for HDR static metadata when choosing blc (bsc#1012628). - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (bsc#1012628). - net: ethernet: stmmac: fix write to sgmii_adapter_base (bsc#1012628). - ACPI: processor: idle: Avoid falling back to C3 type C-states (bsc#1012628). - thermal: int340x: Fix attr.show callback prototype (bsc#1012628). - btrfs: fix direct I/O read repair for split bios (bsc#1012628). - btrfs: fix direct I/O writes for split bios on zoned devices (bsc#1012628). - btrfs: fix leaked plug after failure syncing log on zoned filesystems (bsc#1012628). - btrfs: zoned: use dedicated lock for data relocation (bsc#1012628). - btrfs: fix assertion failure during scrub due to block group reallocation (bsc#1012628). - ARM: dts: at91: sama7g5ek: enable pull-up on flexcom3 console lines (bsc#1012628). - ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC mode (bsc#1012628). - perf symbol: Pass is_kallsyms to symbols__fixup_end() (bsc#1012628). - perf symbol: Update symbols__fixup_end() (bsc#1012628). - perf symbol: Remove arch__symbols__fixup_end() (bsc#1012628). - tty: n_gsm: fix missing mux reset on config change at responder (bsc#1012628). - tty: n_gsm: fix restart handling via CLD command (bsc#1012628). - tty: n_gsm: fix decoupled mux resource (bsc#1012628). - tty: n_gsm: fix mux cleanup after unregister tty device (bsc#1012628). - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (bsc#1012628). - tty: n_gsm: fix frame reception handling (bsc#1012628). - tty: n_gsm: fix malformed counter for out of frame data (bsc#1012628). - netfilter: nft_socket: only do sk lookups when indev is available (bsc#1012628). - tty: n_gsm: fix insufficient txframe size (bsc#1012628). - tty: n_gsm: fix wrong DLCI release order (bsc#1012628). - tty: n_gsm: fix missing explicit ldisc flush (bsc#1012628). - tty: n_gsm: fix wrong command retry handling (bsc#1012628). - tty: n_gsm: fix wrong command frame length field encoding (bsc#1012628). - tty: n_gsm: fix wrong signal octets encoding in MSC (bsc#1012628). - tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (bsc#1012628). - tty: n_gsm: fix reset fifo race condition (bsc#1012628). - tty: n_gsm: fix incorrect UA handling (bsc#1012628). - tty: n_gsm: fix missing update of modem controls after DLCI open (bsc#1012628). - tty: n_gsm: fix broken virtual tty handling (bsc#1012628). - tty: n_gsm: fix invalid use of MSC in advanced option (bsc#1012628). - tty: n_gsm: fix software flow control handling (bsc#1012628). - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (bsc#1012628). - objtool: Fix code relocs vs weak symbols (bsc#1012628). - objtool: Fix type of reloc::addend (bsc#1012628). - powerpc/64: Add UADDR64 relocation support (bsc#1012628). - Update config files. - commit 35de487 - net: atlantic: always deep reset on pm op, fixing up my null deref regression (resume crash). - commit e2300f2 ++++ libcap-ng: - Update to 0.8.3: * Add vararg support to python bindings for capng_updatev * Add support for ambient capabilities * Add support for V3 filesystem capabilities * If procfs is not available, leave last_cap as CAP_LAST_CAP * If bounding and ambient not found in status, try prctl method * In capng_apply, move ambient caps to the end of the transaction * In capng_apply, return errors more aggressively. * In capng_apply, if the action includes the bounding set,resync with the kernel * Fix signed/unsigned warning in cap-ng.c * In capng_apply, return a unique error code to diagnose any failure * In capng_have_capability, return 0 for failure * Add the libdrop_ambient admin tool * In capng_apply, if we blew up in bounding set, allow setting capabilities * If PR_CAP_AMBIENT is not available, do not build libdrop_ambient * Improve last_cap check * Fix parameters to capng_updatev python bindings to be signed * Detect capability options at runtime to make containerization easier (ntkme) * Initialize the library when linked statically * Add gcc function attributes for deallocation ++++ multipath-tools: - Update to version 0.8.9+85+suse.a9da21c: * This is a pre-release of multipath-tools 0.9.0 * multipath.conf: add "protocol" subsection in "overrides" section This allows to set "dev_loss_tmo", "fast_io_fail_tmo", and "eh_deadline" on a per-protocol basis rather than per storage * multipath.conf: drop support for deprecated options: getuid_callout, pg_timeout, config_dir, multipath_dir * multipathd: don't switch to DAEMON_IDLE during startup (bsc#1199346, bsc#1197570) * multipathd: avoid delays during uevent processing (bsc#1199347) * Fixes for minor issues reported by coverity * Fix for memory leak with uid_attrs * Fix possibility to redefine -D_FORTIFY_SOURCE macro. * Updates for built in hardware db ++++ ncurses: - Add ncurses patch 20220507 + add test/test_mouse.c (patch by Leonid S Usov). + add a few debug-traces for tic, fix a couple of memory-leaks. ++++ open-iscsi: - Update to latest upstream, including: * Added 'distclean' to Makefile targets * Ensure Makefile '.PHONY' targets set up correctly * fix an iscsid logout bug generating a false error and cleanup logout error messages ++++ libselinux: - Update to version 3.4: * Use PCRE2 by default * Make selinux_log() and is_context_customizable() thread-safe * Prevent leakeing file descriptors * Correctly hash specfiles larger than 4G - Refreshed skip_cycles.patch ++++ libsemanage: - Update to version 3.4 * Optionally rebuild policy when modules are changed externally * Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() * Allow spaces in user/group names ++++ libsepol: - Update to version 3.4 * Add 'ioctl_skip_cloexec' policy capability * Add sepol_av_perm_to_string * Add policy utilities * Support IPv4/IPv6 address embedding * Hardened/added many validations * Add support for file types in writing out policy.conf * Allow optional file type in genfscon rules ++++ tiff: - security update: * CVE-2022-0907 [bsc#1197070] + tiff-CVE-2022-0907.patch - security update * CVE-2022-0561 [bsc#1195964] + tiff-CVE-2022-0561.patch * CVE-2022-0562 [bsc#1195965] + tiff-CVE-2022-0562.patch * CVE-2022-0865 [bsc#1197066] + tiff-CVE-2022-0865.patch * CVE-2022-0909 [bsc#1197072] + tiff-CVE-2022-0909.patch * CVE-2022-0924 [bsc#1197073] + tiff-CVE-2022-0924.patch * CVE-2022-0908 [bsc#1197074] + tiff-CVE-2022-0908.patch ++++ libvirt: - Update to libvirt 8.3.0 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v8-3-0-2022-05-02 ++++ policycoreutils: - Update to version 3.4 * fixfiles: Use parallel relabeling - Refreshed patches * get_os_version.patch * run_init.pamd.patch ++++ libselinux-bindings: - Update to version 3.4: * Use PCRE2 by default * Make selinux_log() and is_context_customizable() thread-safe * Prevent leakeing file descriptors * Correctly hash specfiles larger than 4G - Refreshed skip_cycles.patch ++++ python-libvirt-python: - Update to 8.3.0 - Add all new APIs and constants in libvirt 8.3.0 ++++ python-semanage: - Update to version 3.4 * Optionally rebuild policy when modules are changed externally * Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() * Allow spaces in user/group names ------------------------------------------------------------------ ------------------ 2022-5-8 - May 8 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - Add python310-help-mr848.patch so that Tumbleweed can switch python3 to Python 3.10 (https://gitlab.com/apparmor/apparmor/-/merge_requests/848) ++++ kernel-default: - Update to 5.18-rc6 - commit ed50f8f ++++ libapparmor: - Add python310-help-mr848.patch so that Tumbleweed can switch python3 to Python 3.10 (https://gitlab.com/apparmor/apparmor/-/merge_requests/848) ++++ sqlite3: - update to 3.38.5: * Fix a blunder in the CLI of the 3.38.4 release - includes changes from 3.38.4: * fix a byte-code problem in the Bloom filter pull-down optimization added by release 3.38.0 in which an error in the byte code causes the byte code engine to enter an infinite loop when the pull-down optimization encounters a NULL key ------------------------------------------------------------------ ------------------ 2022-5-7 - May 7 2022 ------------------- ------------------------------------------------------------------ ++++ nfs-utils: - switch to https urls ++++ lsof: - update to 4.95.0: * Update perl scripts for the past few decades of progress * Drop LSOF_CCDATE across all dialects to ensure reproducible builds * Fix FD field description. * Adjust alignment of buffer passed to stat(). * Clean up source code and documents. - remove trailing whitespace, - fix some issues in scripts found through shellcheck, and - fix spelling * man page: fix hyphen issues * Fix broken LSOF_CFLAGS_OVERRIDE. * [linux] Remove sysvlegacy function. * [linux] use close_range instead of calling close repeatedly * Add -Q option for adjusting exit status when failed to find a search item (#129) - drop lsof-no-build-date-etc.patch (obsolete) ++++ pigz: - update to 2.7: * Improved display of multiple-member gzip files * Better gzip compatibility and bug fixes - add pigz-2.7-NOTHREAD-tests.patch to fix tests ------------------------------------------------------------------ ------------------ 2022-5-6 - May 6 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - commit 5d4e32c ++++ gcc12: - Update to GCC 12.1 release, 1ea978e3066ac565a1ec28a96a4d61, git27 ++++ open-iscsi: - Updated to latest upstream version, tagged 2.1.7. Changes included: * updated/fixed test script * updated build system * several bug fixes, including one for bsc#1199264 ++++ systemd: - Import commit 0d950479e58dd3af007eb3780d600a5446aac519 (merge of v250.5) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/736db5a59f1ab1317ef64ec6e7dc394250178146...0d950479e58dd3af007eb3780d600a5446aac519 ++++ tiff: - security update * CVE-2022-1056 [bsc#1197631] * CVE-2022-0891 [bsc#1197068] + tiff-CVE-2022-1056,CVE-2022-0891.patch ++++ libunwind: - Enable build on riscv64 and run testsuite ++++ vim: - Updated to version 8.2.4877, fixes the following problems - CVE-2022-1420 - boo#1198748 - CVE-2022-1381 - boo#1198596 * Using wrong flag for using bell in the terminal. * Supercollider filetype not recognized. * No filetype override for .sys files. * Cannot use an imported function in a mapping. *