Packages changed: aaa_base (84.87+git20201123.4f16b16 -> 84.87+git20210308.d7a7d3a) augeas bcache-tools branding-openSUSE btrfsprogs (5.9 -> 5.11) busybox-links ca-certificates (2+git20210111.eeae41c -> 2+git20210309.8214505) cockpit (235 -> 238.1) cockpit-podman (26 -> 28.1) conmon (2.0.22 -> 2.0.26) container-selinux (2.154.0 -> 2.158.0) containers-systemd (0.0+git20210205.a4b07b6 -> 0.0+git20210222.f3de7fa) cryptsetup (2.3.4 -> 2.3.5) curl (7.74.0 -> 7.75.0) cyrus-sasl dbus-1 dracut (052+suse.93.g7bfaa6d9 -> 053+suse.90.gb89b6347) etcd (3.4.14 -> 3.4.15) file flannel (0.12.0 -> 0.13.0) fuse-overlayfs (1.1.2 -> 1.4.0) glibc gnutls (3.6.15 -> 3.7.1) gptfdisk grub2 haproxy (2.3.5+git0.5902ad99b -> 2.3.6+git0.7851701ed) hello-kubic (1.3 -> 1.4) installation-images-MicroOS (16.36 -> 16.56) iproute2 (5.10.0 -> 5.11) irqbalance (1.7.0 -> 1.7.0+git20210222.9db8d5c) kdump kernel-default-base (5.10.16 -> 5.11.6) kernel-source (5.10.16 -> 5.11.6) krb5 (1.18.3 -> 1.19.1) libcontainers-common libpng16 libxcrypt (4.4.17 -> 4.4.18) libxml2 libzypp (17.25.7 -> 17.25.8) lua54 mozilla-nss (3.60.1 -> 3.61) mozjs78 (78.7.0 -> 78.8.0) multipath-tools (0.8.5+12+suse.3b0e9ca -> 0.8.5+26+suse.2cbedfd) netcfg nfs-utils openssl-1_1 (1.1.1h -> 1.1.1j) patterns-base pcre podman (2.2.1 -> 3.0.1) polkit procps psmisc python-Babel python-importlib-metadata (3.4.0 -> 3.7.0) python-jsonpointer (2.0 -> 2.1) python-more-itertools (8.6.0 -> 8.7.0) python-networkx python-packaging (20.8 -> 20.9) python-pytz python-pyzmq python-zipp (3.4.0 -> 3.4.1) python38 (3.8.7 -> 3.8.8) python38-core (3.8.7 -> 3.8.8) rakkess (0.4.4 -> 0.4.7) raspberrypi-firmware (2021.01.21 -> 2021.03.10) raspberrypi-firmware-config (2021.01.21 -> 2021.03.10) raspberrypi-firmware-dt (2021.01.22 -> 2021.03.15) rbac-lookup (0.3.2 -> 0.6.3) rdma-core (31.3 -> 33.1) rebootmgr (1.3 -> 1.3.1) rook (1.4.5+git5.ge3c837f8 -> 1.5.7+git4.gae949004e) rpm salt selinux-policy (20210111 -> 20210223) snapper sqlite3 (3.34.1 -> 3.35.0) sssd (2.4.0 -> 2.4.2) supportutils system-users systemd (246.10 -> 246.11) systemd-default-settings (0.5 -> 0.7) toolbox (2.1+git20210203.a669e3a -> 2.1+git20210305.ca2bc53) transactional-update (3.1.4 -> 3.2.0) u-boot-rpiarm64 userspace-rcu (0.12.1 -> 0.12.2) vim (8.2.2411 -> 8.2.2607) wicked (0.6.64 -> 0.6.65) wpa_supplicant xfsprogs (5.10.0 -> 5.11.0) yast2 (4.3.51 -> 4.3.59) zstd (1.4.8 -> 1.4.9) zypper (1.14.42 -> 1.14.43) === Details === ==== aaa_base ==== Version update (84.87+git20201123.4f16b16 -> 84.87+git20210308.d7a7d3a) - Update to version 84.87+git20210308.d7a7d3a: * excluding new kernel string in version search * Fixing possible resource leak. Found by running ccpcheck on the source code. * Comment out 8-bit C1 conflicting with UTF-8 in /etc/inputrc * Fix keyseq specifications in /etc/inputrc{,.keys} ==== augeas ==== - Add new directives and options supported in chrony since 3.3 up to 4.0. * augeas-new_options_for_chrony.patch * [bsc#1178470] * sourced from https://github.com/hercules-team/augeas/pull/698 ==== bcache-tools ==== - bcache-tools: Update super block version in bch_set_feature_* routines (jsc#SLE-9807) 0028-bcache-tools-Update-super-block-version-in-bch_set_f.patch ==== branding-openSUSE ==== Subpackages: grub2-branding-openSUSE - move SUSE-brand to /usr/etc ==== btrfsprogs ==== Version update (5.9 -> 5.11) Subpackages: btrfsprogs-udev-rules libbtrfs0 - Update to 5.11 * fix device path canonicalization for device mapper devices * receive: remove workaround for setting capabilities, all stable kernels have been patched * receive: fix duplicate mount path detection * rescue: new subcommand create-control-device * device stats: minor fix for plain text format output * build: detect if e2fsprogs support 64bit timestamps * build: drop libmount, required functionality has been reimplemented * mkfs: warn when raid56 is used * balance convert: warn when raid56 is used * other * new and updated tests * documentation updates * seeding device * raid56 status * CI updates * docker images for various distros - Update to 5.10.1 * static build works again * other: * add a way to test static binaries with the testsuite * clarify scrub docs * update dependencies, minimum version for libmount is 2.24, this may change in the future - Update to 5.10 * scrub status: * print percentage of progress * add size unit options * fi usage: also print free space from statfs * convert: copy full 64 bit timestamp from ext4 if availalble * check: * add ability to repair extent item generation * new option to remove leftovers from inode number cache (-o inode_cache) * check for already running exclusive operation (balance, device add/...) when starting one * preliminary json output support for 'device stats' * fixes: * subvolume set-default: id 0 correctly falls back to toplevel * receive: align internal buffer to allow fast CRC calculation * logical-resolve: distinguish -o subvol and bind mounts * build: new dependency libmount * other * doc fixes and updates * new tests * ci on gitlab temporarily disabled * debugging output enhancements ==== busybox-links ==== Subpackages: busybox-coreutils busybox-gawk busybox-grep busybox-gzip busybox-sed - prepare usrmerge (boo#1029961) ==== ca-certificates ==== Version update (2+git20210111.eeae41c -> 2+git20210309.8214505) - Update to version 2+git20210309.8214505: * Make sure to trigger in transactional mode (boo#1179884) ==== cockpit ==== Version update (235 -> 238.1) Subpackages: cockpit-bridge cockpit-system - new version 238.1 https://cockpit-project.org/blog/cockpit-238.html https://cockpit-project.org/blog/cockpit-237.html - No longer recompress tarball at buildtime - Rebuild from git leveraging local-npm-registry (needs cockpit-redhatfont.diff) ==== cockpit-podman ==== Version update (26 -> 28.1) - new version 28.1 https://github.com/cockpit-project/cockpit-podman/releases/tag/28.1 - use upstream sources without bundled and pre-built dist since we want to rebuild it - use local-npm-registry for building - fix_dependencies.patch: fix build dependencies ==== conmon ==== Version update (2.0.22 -> 2.0.26) - Update to version 2.0.26: * conn_sock: do not fail on EAGAIN * fix segfault from a double freed pointer * Fix a bug where conmon could never spawn a container, because a disagreement between the caller and itself on where the attach socket was. * improve --full-attach to ignore the socket-dir directly. that means callers don't need to specify a socket dir at all (and can remove it) * add full-attach option to allow callers to not truncate a very long path for the attach socket * close only opened FDs * set locale to inherit environment ==== container-selinux ==== Version update (2.154.0 -> 2.158.0) - Update to version 2.158.0 - Add nfs remount support - Allow containers to execmod on nfs, samba and cephs remote shares - Allow confined users to send dbus messages to container_runtime ==== containers-systemd ==== Version update (0.0+git20210205.a4b07b6 -> 0.0+git20210222.f3de7fa) - Update to version 0.0+git20210222.f3de7fa: * Rewrite based on podman changes * Correct TimeoutStopSec to 70 * Replace KillMode=none with TimeoutStopSec ==== cryptsetup ==== Version update (2.3.4 -> 2.3.5) Subpackages: libcryptsetup12 - cryptsetup 2.3.5: * Fix partial reads of passphrase from an interactive terminal * Fix maximum length of password entered through a terminal * integritysetup: support new dm-integrity HMAC recalculation options * integritysetup: display of recalculating sector in dump command * veritysetup: fix verity FEC if stored in the same image with hashes * veritysetup: run FEC repair check even if root hash fails * veritysetup: do not process hash image if hash area is empty * veritysetup: store verity hash algorithm in superblock in lowercase * bitlk: fix a crash if the device disappears during BitLocker scan * bitlk: show a better error when trying to open an NTFS device * bitlk: add support for startup key protected VMKs * Fix LUKS1 repair code (regression since version 1.7.x) * Fix luksKeyChange for LUKS2 with assigned tokens * Fix cryptsetup resize using LUKS2 tokens * Print a visible error if device resize is not supported * Add error message when suspending wrong non-LUKS device * Fix default XTS mode key size in reencryption * Rephrase missing locking directory warning and move it to debug level * Many fixes for the use of cipher_null (empty debug cipher) * Fixes for libpasswdqc 2.0.x (optional passphrase quality check) * Fixes for problems discovered by various tools for code analysis * Various fixes to man pages - silence hmac packaging warnings - move licenses to licensedir ==== curl ==== Version update (7.74.0 -> 7.75.0) Subpackages: libcurl4 - Harden build, enable full RELRO - Never allow undefined symbols anywhere. - Update to 7.75.0 * Changes: - curl: add --create-file-mode [mode] - curl: add new variables to --write-out - dns: extend CURLOPT_RESOLVE syntax for adding non-permanent entries - gopher: implement secure gopher protocol - http: add Hyper as new optional HTTP backend - http: introduce AWS HTTP v4 Signature support * Bugfixes: - cmake: Add an option to disable libidn2 - cmake: enable gophers correctly in curl-config - cmake: expose CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG - digest_sspi: Show InitializeSecurityContext errors in verbose mode - getinfo: build with disabled HTTP support - http: get CURLOPT_REQUEST_TARGET working with a HTTP proxy - http_proxy: Fix CONNECT chunked encoding race condition - httpauth: make multi-request auth work with custom port - lib: pass in 'struct Curl_easy *' to most functions - lib: remove Curl_ prefix from many static functions - lib: save a bit of space with some structure packing - libssh: avoid plain free() of libssh-memory - mime: make sure setting MIMEPOST to NULL resets properly - multi_runsingle: bail out early on data->conn == NULL - ngtcp2: Fix http3 upload stall - ngtcp2: Fix stack buffer overflow - openssl: lowercase the hostname before using it for SNI - socks: use the download buffer instead - speedcheck: exclude paused transfers - too?_writeout: fix the -w time output units - url: if IDNA conversion fails, fallback to Transitional - Refresh libcurl-ocloexec.patch ==== cyrus-sasl ==== Subpackages: cyrus-sasl-gssapi libsasl2-3 - CVE-2020-8032: cyrus-sasl: Local privilege escalation to root due to insecure tmp file usage. (bsc#1180669) Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary files. ==== dbus-1 ==== Subpackages: libdbus-1-3 - retire /lib/dbus-1/system-services as it's deprecated ==== dracut ==== Version update (052+suse.93.g7bfaa6d9 -> 053+suse.90.gb89b6347) Subpackages: dracut-ima - Update to version 053+suse.90.gb89b6347: Highlights: https://github.com/dracutdevs/dracut/releases/tag/053 dracut.sh: unfreeze /boot on exit (d87ae137) proper return code for inst_multiple in dracut-init.sh (d437970c) fcoe: rename rd.nofcoe to rd.fcoe (6f7823bc) rd.nofcoe=0 should disable fcoe (805b46c2) i18n: get rid of eval calls (5387ed24), backported for 052 downstream create the keyboard symlinks again (9e1c7f3d), backported for 052 downstream network-manager: run as a service if systemd module is present (c17c5b76) rework how NM is started in debug mode (34c73b33) drm: skip empty modalias files in drm module setup (c3f24184) ==== etcd ==== Version update (3.4.14 -> 3.4.15) - Update to version 3.4.15: * version: 3.4.15 * [Backport-3.4] etcdserver/api/etcdhttp: log successful etcd server side health check in debug level * etcdserver: Fix 64 KB websocket notification message limit * vendor: bump gorilla/websocket * pkg/fileutil: fix F_OFD_ constants ==== file ==== Subpackages: file-magic libmagic1 - Remove patch file-5.12-zip.dif as it is upstream solved (boo#1183143) ==== flannel ==== Version update (0.12.0 -> 0.13.0) - update to 0.13.0: * Use multi-arch Docker images in the Kubernetes manifest * Accept existing XMRF policies and update them intead of raising errors * Add --no-sanity-check to iptables-wrapper-installer.sh for architectures other than amd64 * Use "docker manifest" to publish multi-arch Docker images * Add NET_RAW capability to support cri-o * remove glide * switch to go modules * Add and implement iptables-wrapper-installer.sh from https://github.com/kubernetes-sigs/iptables-wrappers * documentation: set priorityClassName to system-node-critical * Added a hint for firewall rules * Disabling ipv6 accept_ra explicitely on the created interface * use alpine 3.12 everywhere * windows: replace old netsh (rakelkar/gonetsh) with powershell commands * fix CVE-2019-14697 * Bugfix: VtepMac would be empty when lease re-acquire for windows * Use stable os and arch label for node * doc(awsvpc): correct the required permissions ==== fuse-overlayfs ==== Version update (1.1.2 -> 1.4.0) - Update to version 1.4.0 * add squash_to_uid and squash_to_gid * add squash_to_root mount option. * honor option "volatile". * when writing mode to xattr, create files with mode 0755. * support ID mapping when using xattr permissions. * allow opening not accessible but still referenced files. * invalidate directory cache on create/rename. * fix segfault if no mountpoint specified * fix file_exists_at musl compatibility * introduce extended attribute to override gid/uid/mode. * support writing uid/gid/mode to an extended attribute. * fix a memory leak, where inodes are maintained in memory even if not needed. ==== glibc ==== Subpackages: glibc-locale glibc-locale-base - nss-database-check-reload.patch: nsswitch: return result when nss database is locked (BZ #27343) - nss-load-chroot.patch: nss: Re-enable NSS module loading after chroot (bsc#1182323, BZ #27389) - x86-isa-level.patch: x86: Set minimum x86-64 level marker (bsc#1182522, BZ #27318) - nss-database-lookup.patch: nss: fix nss_database_lookup2's alternate handling (bsc#1182247, BZ #27416) - nss-revert-api.patch: remove - nscd-netgroupcache.patch: nscd: Fix double free in netgroupcache (CVE-2021-27645, bsc#1182733, BZ #27462) - Disable x86 ISA level for now (bsc#1182522, BZ #27318) - nss-revert-api.patch: Workaround for nss-compat brokeness (bsc#1182247, BZ #27416) - Fix build of utils flavor for usrmerge ==== gnutls ==== Version update (3.6.15 -> 3.7.1) - Update to 3.7.1: [bsc#1183456, CVE-2021-20232] [bsc#1183457, CVE-2021-20231] * Fixed potential use-after-free in sending "key_share" and "pre_shared_key" extensions. * Fixed a regression in handling duplicated certs in a chain. * Fixed sending of session ID in TLS 1.3 middlebox compatibility mode. In that mode the client shall always send a non-zero session ID to make the handshake resemble the TLS 1.2 resumption; this was not true in the previous versions. * Removed dependency on the external 'fipscheck' package, when compiled with --enable-fips140-mode. * Added padlock acceleration for AES-192-CBC. - Remove patches upstream: * gnutls-gnutls-cli-debug.patch * gnutls-ignore-duplicate-certificates.patch * gnutls-test-fixes.patch - Fix the test suite for tests/gnutls-cli-debug.sh [bsc#1171565] * Don't unset system priority settings in gnutls-cli-debug.sh * Upstream: gitlab.com/gnutls/gnutls/merge_requests/1387 - Add gnutls-gnutls-cli-debug.patch - Fix: Test certificates in tests/testpkcs11-certs have expired * Upstream bug: gitlab.com/gnutls/gnutls/issues/1135 - Add gnutls-test-fixes.patch - gnutls_x509_trust_list_verify_crt2: ignore duplicate certificates * Upstream bug: https://gitlab.com/gnutls/gnutls/issues/1131 - Add gnutls-ignore-duplicate-certificates.patch - Update to 3.7.0 * Depend on nettle 3.6 * Added a new API that provides a callback function to retrieve missing certificates from incomplete certificate chains * Added a new API that provides a callback function to output the complete path to the trusted root during certificate chain verification * OIDs exposed as gnutls_datum_t no longer account for the terminating null bytes, while the data field is null terminated. The affected API functions are: gnutls_ocsp_req_get_extension, gnutls_ocsp_resp_get_response, and gnutls_ocsp_resp_get_extension * Added a new set of API to enable QUIC implementation * The crypto implementation override APIs deprecated in 3.6.9 are now no-op * Added MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support * Support for padlock has been fixed to make it work with Zhaoxin CPU * The maximum PIN length for PKCS #11 has been increased from 31 bytes to 255 bytes - Remove patch fixed upstream: * gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch - Add version guards for the crypto-policies package - Fix threading bug in libgnutls [bsc#1173434] * Upstream bug: gitlab.com/gnutls/gnutls/issues/1044 - Require the crypto-policies package [bsc#1180051] - Use the centralized crypto policy profile (jsc#SLE-15832) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) * add gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch - FIPS: Add TLS KDF selftest (bsc#1176671) * add gnutls-FIPS-TLS_KDF_selftest.patch ==== gptfdisk ==== - fix regression from version 1.0.6: misleading warning when reading MBR disks, upstream commit f063fe08e424c99f133df18bf9dce49c851bcb0a - Add fix-spurious-warnings.patch ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin - Fix powerpc-ieee1275 lpar takes long time to boot with increasing number of nvme namespace (bsc#1177751) 0001-ieee1275-Avoiding-many-unecessary-open-close.patch - Fix chainloading windows on dual boot machine (bsc#1183073) * 0001-kern-efi-sb-Add-chainloaded-image-as-shim-s-verifiab.patch - VUL-0: grub2,shim: implement new SBAT method (bsc#1182057) * 0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch * 0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch * 0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch * 0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch * 0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch * 0036-util-mkimage-Improve-data_size-value-calculation.patch * 0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch * 0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch * 0039-grub-install-common-Add-sbat-option.patch - Fix CVE-2021-20225 (bsc#1182262) * 0022-lib-arg-Block-repeated-short-options-that-require-an.patch - Fix CVE-2020-27749 (bsc#1179264) * 0024-kern-parser-Fix-resource-leak-if-argc-0.patch * 0025-kern-parser-Fix-a-memory-leak.patch * 0026-kern-parser-Introduce-process_char-helper.patch * 0027-kern-parser-Introduce-terminate_arg-helper.patch * 0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch * 0029-kern-buffer-Add-variable-sized-heap-buffer.patch * 0030-kern-parser-Fix-a-stack-buffer-overflow.patch - Fix CVE-2021-20233 (bsc#1182263) * 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch - Fix CVE-2020-25647 (bsc#1177883) * 0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch - Fix CVE-2020-25632 (bsc#1176711) * 0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch - Fix CVE-2020-27779, CVE-2020-14372 (bsc#1179265) (bsc#1175970) * 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch * 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch * 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch * 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch * 0005-efi-Add-secure-boot-detection.patch * 0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch * 0007-verifiers-Move-verifiers-API-to-kernel-image.patch * 0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch * 0009-kern-Add-lockdown-support.patch * 0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch * 0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch * 0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch * 0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch * 0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch * 0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch * 0016-commands-setpci-Restrict-setpci-command-when-locked-.patch * 0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch * 0018-gdb-Restrict-GDB-access-when-locked-down.patch * 0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch * 0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch * 0041-squash-Add-secureboot-support-on-efi-chainloader.patch * 0042-squash-grub2-efi-chainload-harder.patch * 0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch * 0044-squash-kern-Add-lockdown-support.patch * 0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch * 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch - Drop patch supersceded by the new backport * 0001-linuxefi-fail-kernel-validation-without-shim-protoco.patch * 0001-shim_lock-Disable-GRUB_VERIFY_FLAGS_DEFER_AUTH-if-se.patch * 0007-linuxefi-fail-kernel-validation-without-shim-protoco.patch - Add SBAT metadata section to grub.efi - Drop shim_lock module as it is part of core of grub.efi * grub2.spec ==== haproxy ==== Version update (2.3.5+git0.5902ad99b -> 2.3.6+git0.7851701ed) - Update to version 2.3.6+git0.7851701ed: * [RELEASE] Released version 2.3.6 * BUG/MINOR: http-ana: Don't increment HTTP error counter on read error/timeout * BUG/MINOR: mux-h2: Fix typo in scheme adjustment * DOC: spoe: Add a note about fragmentation support in HAProxy * BUG/MEDIUM: spoe: Kill applets if there are pending connections and nbthread > 1 * BUG/MINOR: connection: Use the client's dst family for adressless servers * BUG/MINOR: tcp-act: Don't forget to set the original port for IPv4 set-dst rule * BUG/MINOR: http-ana: Only consider dst address to process originalto option * BUG/MINOR: mux-h1: Immediately report H1C errors from h1_snd_buf() * BUG/MINOR: stats: fix compare of no-maint url suffix * CLEANUP: muxes: Remove useless if condition in show_fd function * BUG/MINOR: ssl: potential null pointer dereference in ckchs_dup() * BUG/MEDIUM: resolvers: Reset address for unresolved servers * BUG/MEDIUM: resolvers: Reset server address and port for obselete SRV records * BUG/MINOR: resolvers: new callback to properly handle SRV record errors * BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record * BUG/MINOR: resolvers: Fix condition to release received ARs if not assigned * BUG/MINOR: fd: properly wait for !running_mask in fd_set_running_excl() * BUG/MINOR: proxy: wake up all threads when sending the hard-stop signal * BUG/MEDIUM: cli/shutdown sessions: make it thread-safe * BUG/MEDIUM: proxy: use thread-safe stream killing on hard-stop * BUG/MEDIUM: vars: make functions vars_get_by_{name,desc} thread-safe * BUG/MINOR: sample: secure convs that accept base64 string and var name as args * MINOR: Configure the `cpp` userdiff driver for *.[ch] in .gitattributes * BUG/MINOR: ssl/cli: potential null pointer dereference in "set ssl cert" * BUG/MEDIUM: mux-h1: Fix handling of responses to CONNECT other than 200-ok * BUG/MINOR: server: Be sure to cut the last parsed field of a server-state line * BUG/MINOR: server: Init params before parsing a new server-state line * BUG/MINOR: http-rules: Always replace the response status on a return action * BUG/MEDIUM: spoe: Resolve the sink if a SPOE logs in a ring buffer * BUG/MEDIUM: lists: Avoid an infinite loop in MT_LIST_TRY_ADDQ(). * DOC: explain the relation between pool-low-conn and tune.idle-pool.shared * BUILD: ssl: introduce fine guard for OpenSSL specific SCTL functions * BUG/MINOR: sample: Always consider zero size string samples as unsafe * BUG/MEDIUM: checks: don't needlessly take the server lock in health_adjust() * BUG/MINOR: checks: properly handle wrapping time in __health_adjust() * BUG/MINOR: session: atomically increment the tracked sessions counter * BUG/MINOR: server: Remove RMAINT from admin state when loading server state * CLEANUP: channel: fix comment in ci_putblk. * DOC: tune: explain the origin of block size for ssl.cachesize * BUG/MINOR: server: Don't call fopen() with server-state filepath set to NULL * BUG/MINOR: cfgparse: do not mention "addr:port" as supported on proxy lines * BUG/MINOR: stats: revert the change on ST_CONVDONE * BUG/MEDIUM: config: don't pick unset values from last defaults section * CLEANUP: deinit: release global and per-proxy server-state variables on deinit * BUG/MINOR: server: Fix server-state-file-name directive * BUG/MINOR: backend: hold correctly lock when killing idle conn * BUG/MINOR: tools: Fix a memory leak on error path in parse_dotted_uints() * BUG/MINOR: server: re-align state file fields number * BUG/MEDIUM: mux-h1: Always set CS_FL_EOI for response in MSG_DONE state * BUG/MINOR: http-ana: Don't increment HTTP error counter on internal errors * BUG/MINOR: intops: fix mul32hi()'s off-by-one * BUILD: ssl: guard SSL_CTX_set_msg_callback with SSL_CTRL_SET_MSG_CALLBACK macro * BUILD: ssl: guard SSL_CTX_add_server_custom_ext with special macro * BUILD: ssl: fix typo in HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT macro * MINOR: check: do not ignore a connection header for http-check send ==== hello-kubic ==== Version update (1.3 -> 1.4) - Change to go.mod - Set GO111MODULE=auto to build with go1.16+ * Default changed to GO111MODULE=on in go1.16 * Set temporarily until upstream has go.mod in top level directory * Drop BuildRequires: golang-packaging not currently using macros ==== installation-images-MicroOS ==== Version update (16.36 -> 16.56) - merge gh#openSUSE/installation-images#471 - ensure base modules are loaded before starting the rescue system (bsc#1183388) - 16.56 - merge gh#openSUSE/installation-images#469 - Add bcond to build debug iso (boo#1183264) - 16.55 - merge gh#openSUSE/installation-images#467 - Only create lib64 dirs if filesystem has it (boo#1183264) - 16.54 - merge gh#openSUSE/installation-images#468 - disable zram swap only if there's another swap active (bsc#1183276) - 16.53 - merge gh#openSUSE/installation-images#466 - susepaste only for Tumbleweed/Leap (bsc#1182212) - 16.52 - merge gh#openSUSE/installation-images#463 - Add susepaste to the rescue system (bsc#1182212) - Add susepaste to the inst-sys as well - susepaste dependency - 16.51 - merge gh#openSUSE/installation-images#465 - Prepare UsrMerge (boo#1029961) - remove explicit libblogger2 dep - clean up kernel module config - 16.50 - merge gh#openSUSE/installation-images#462 - support using zram device as root file system (jsc#SLE-17630) - 16.49 - merge gh#openSUSE/installation-images#464 - fix efi local boot entry on x86_64 (bsc#1182891) - 16.48 - merge gh#openSUSE/installation-images#460 - go back to plymouth-theme-tribar (bsc#1182755) - adjust spec file - 16.47 - merge gh#openSUSE/installation-images#459 - fix adapting grub.cfg for different architectures (bsc#1182593) - 16.46 - merge gh#openSUSE/installation-images#458 - Do not use shim on aarch64 for SLE Micro (based on SP2) - 16.45 - merge gh#openSUSE/installation-images#457 - fix kernel & initrd location for x86_64 (bsc#1182239) - 16.44 - fix library dependency check - 16.43 - drop linuxefi/initrdefi on x86_64 - enable shim on aarch64 - unify all EFI-using grub configurations into a single config file (bsc#1182239) - Use one grub.cfg for all ARM architectures - merge gh#openSUSE/installation-images#455 - allow wildcards in modinfo firmware names (bsc#1180336) - 16.42 - merge gh#openSUSE/installation-images#454 - spec: no longer have ports project for Leap since 15.3 - 16.41 - merge gh#openSUSE/installation-images#452 - remove some obsolete parts from installation-images (bsc#1182291) - rewrite check_libs script - fix zenworks image build - 16.40 - merge gh#openSUSE/installation-images#453 - Add kernel modules necessary for Raspberry Pi 4 (bsc#1180336) - 16.39 - merge gh#openSUSE/installation-images#449 - etc: update module.config to match 5.11 (bsc#1182301) - 16.38 - merge gh#openSUSE/installation-images#451 - Replace Raleway fonts by Poppins (jsc#SLE-14772) - 16.37 ==== iproute2 ==== Version update (5.10.0 -> 5.11) - Update to release 5.11 * tc: skip actions that don't have options attribute when printing * ip route: Print "trap" nexthop indication * dcb: new utility ==== irqbalance ==== Version update (1.7.0 -> 1.7.0+git20210222.9db8d5c) - Update to version 1.7.0+git20210222.9db8d5c: * ui: fix cpu/irq menu off by one * fix uint64_t printf format (use PRIu64) * Also fetch node info for non-PCI devices * Add hot pull method for irqbalance * Add log for hotplug appropriately * add irq hotplug feature for irqbalance * Remove some unused constant macros in constants.h * Add a deprecation notice for IRQBALANCE_BANNED_CPUS * Add IRQBALANCE_BANNED_CPULIST to env file * log correctly for isolated and nohz_full cpus * Update README.md * Add some examples for IRQBALANCE_BANNED_CPUS * Adjust how we determine if a cpu is online * activate_mapping: activate only online CPUs * add env variable to ban cpus using cpulist syntax * put arg parsing detail into parse_command_line() * Updating configure script to version 1.7.0 * Add strlen checking for IRQBALANCE_BANNED_CPUS * remove redundant "/" in SOCKET_TMPFS * Fix typo in service unit file * arm64: Add irq aff change check For aarch64, the PPIs format in /proc/interrputs can be parsed and add to interrupt db, and next, the number of interrupts is counted and used to calculate the load. Finally these interrupts maybe scheduled between the NUMA domains. * Correct typos in irqbalance.c * free cpu_ban_string when the next request come * improve irq migrate rule to avoid high irq load * make the option 'V' closer to the option with no arg ==== kdump ==== - kdump-query-systemd-network.service.patch: Query systemd network.service to find out if wicked is used (bsc#1182309). - kdump-check-explicit-ip-options.patch: Do not add network-related dracut options if ip= is set explicitly (bsc#1182309). ==== kernel-default-base ==== Version update (5.10.16 -> 5.11.6) - Add squashfs for kiwi installiso support (bsc#1182341) - Add fuse (boo#1182507) ==== kernel-source ==== Version update (5.10.16 -> 5.11.6) - Linux 5.11.6 (bsc#1012628). - nvme-pci: add quirks for Lexar 256GB SSD (bsc#1012628). - nvme-pci: mark Seagate Nytro XM1440 as QUIRK_NO_NS_DESC_LIST (bsc#1012628). - KVM: SVM: Clear the CR4 register on reset (bsc#1012628). - scsi: ufs: Fix a duplicate dev quirk number (bsc#1012628). - ASoC: Intel: sof_sdw: add quirk for HP Spectre x360 convertible (bsc#1012628). - ASoC: Intel: sof_sdw: reorganize quirks by generation (bsc#1012628). - PCI: cadence: Retrain Link to work around Gen2 training defect (bsc#1012628). - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch 10E (bsc#1012628). - ALSA: usb-audio: add mixer quirks for Pioneer DJM-900NXS2 (bsc#1012628). - ALSA: usb-audio: Add DJM750 to Pioneer mixer quirk (bsc#1012628). - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (bsc#1012628). - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (bsc#1012628). - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (bsc#1012628). - scsi: ufs: ufs-exynos: Use UFSHCD_QUIRK_ALIGN_SG_WITH_PAGE_SIZE (bsc#1012628). - scsi: ufs: ufs-exynos: Apply vendor-specific values for three timeouts (bsc#1012628). - scsi: ufs: Introduce a quirk to allow only page-aligned sg entries (bsc#1012628). - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (bsc#1012628). - scsi: ufs: Add a quirk to permit overriding UniPro defaults (bsc#1012628). - scsi: ufs-mediatek: Enable UFSHCI_QUIRK_SKIP_MANUAL_WB_FLUSH_CTRL (bsc#1012628). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1012628). - btrfs: don't flush from btrfs_delayed_inode_reserve_metadata (bsc#1012628). - btrfs: export and rename qgroup_reserve_meta (bsc#1012628). - arm64: Make CPU_BIG_ENDIAN depend on ld.bfd or ld.lld 13.0.0+ (bsc#1012628). - parisc: Enable -mlong-calls gcc option with CONFIG_COMPILE_TEST (bsc#1012628). - nvme-pci: mark Kingston SKC2000 as not supporting the deepest power state (bsc#1012628). - media: cedrus: Remove checking for required controls (bsc#1012628). - io_uring: don't take uring_lock during iowq cancel (bsc#1012628). - io_uring/io-wq: return 2-step work swap scheme (bsc#1012628). - io_uring/io-wq: kill off now unused IO_WQ_WORK_NO_CANCEL (bsc#1012628). - io_uring: get rid of intermediate IORING_OP_CLOSE stage (bsc#1012628). - fs: provide locked helper variant of close_fd_get_file() (bsc#1012628). - io_uring: deduplicate failing task_work_add (bsc#1012628). - io_uring: unpark SQPOLL thread for cancelation (bsc#1012628). - io_uring: deduplicate core cancellations sequence (bsc#1012628). - io_uring: fix inconsistent lock state (bsc#1012628). - commit 7358b30 - rpm/check-for-config-changes: comment on the list To explain what it actually is. - commit e94bacf - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (bsc#1012628). - rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list - commit 7b06a8c - rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans. - commit 67c6b55 - rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream. - commit 018b013 - Refresh patches.rpmify/kbuild-dummy-tools-fix-inverted-tests-for-gcc.patch. - Refresh patches.rpmify/kbuild-dummy-tools-support-MPROFILE_KERNEL-checks-fo.patch. Update upstream status. - commit c867c19 - Linux 5.11.5 (bsc#1012628). - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (bsc#1012628). - ALSA: usb-audio: use Corsair Virtuoso mapping for Corsair Virtuoso SE (bsc#1012628). - ALSA: usb-audio: Don't abort even if the clock rate differs (bsc#1012628). - ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1012628). - ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1012628). - tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with request_locality() (bsc#1012628). - tpm, tpm_tis: Decorate tpm_get_timeouts() with request_locality() (bsc#1012628). - btrfs: avoid double put of block group when emptying cluster (bsc#1012628). - btrfs: fix raid6 qstripe kmap (bsc#1012628). - btrfs: fix race between writes to swap files and scrub (bsc#1012628). - btrfs: fix race between swap file activation and snapshot creation (bsc#1012628). - btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1012628). - btrfs: tree-checker: do not error out if extent ref hash doesn't match (bsc#1012628). - btrfs: fix race between extent freeing/allocation when using bitmaps (bsc#1012628). - btrfs: validate qgroup inherit for SNAP_CREATE_V2 ioctl (bsc#1012628). - btrfs: free correct amount of space in btrfs_delayed_inode_reserve_metadata (bsc#1012628). - btrfs: fix spurious free_space_tree remount warning (bsc#1012628). - btrfs: unlock extents in btrfs_zero_range in case of quota reservation errors (bsc#1012628). - btrfs: fix warning when creating a directory with smack enabled (bsc#1012628). - PM: runtime: Update device status before letting suppliers suspend (bsc#1012628). - ring-buffer: Force before_stamp and write_stamp to be different on discard (bsc#1012628). - io_uring: ignore double poll add on the same waitqueue head (bsc#1012628). - dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size (bsc#1012628). - dm verity: fix FEC for RS roots unaligned to block size (bsc#1012628). - drm/amd/pm: correct Arcturus mmTHM_BACO_CNTL register address (bsc#1012628). - drm/amdgpu:disable VCN for Navi12 SKU (bsc#1012628). - drm/amdgpu: Only check for S0ix if AMD_PMC is configured (bsc#1012628). - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (bsc#1012628). - crypto - shash: reduce minimum alignment of shash_desc structure (bsc#1012628). - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (bsc#1012628). - RDMA/cm: Fix IRQ restore in ib_send_cm_sidr_rep (bsc#1012628). - RDMA/rxe: Fix missing kconfig dependency on CRYPTO (bsc#1012628). - IB/mlx5: Add missing error code (bsc#1012628). - ALSA: hda: intel-nhlt: verify config type (bsc#1012628). - ftrace: Have recordmcount use w8 to read relp->r_info in arm64_is_fake_mcount (bsc#1012628). - ia64: don't call handle_signal() unless there's actually a signal queued (bsc#1012628). - rsxx: Return -EFAULT if copy_to_user() fails (bsc#1012628). - iommu/tegra-smmu: Fix mc errors on tegra124-nyan (bsc#1012628). - iommu: Don't use lazy flush for untrusted device (bsc#1012628). - iommu/vt-d: Fix status code for Allocate/Free PASID command (bsc#1012628). - btrfs: zoned: use sector_t for zone sectors (bsc#1012628). - tomoyo: recognize kernel threads correctly (bsc#1012628). - r8169: fix resuming from suspend on RTL8105e if machine runs on battery (bsc#1012628). - commit d09469d - ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552). - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552). - commit f99c94c - kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862). - commit 7064b20 - Delete patches.rpmify/Kconfig-make-CONFIG_CC_CAN_LINK-always-true.patch. With dummy-tools, this is no longer needed. - commit 84a32d6 - Update config files. Just oldconfig. - commit e687fe8 - ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes). - commit be77cd2 - blacklist.conf: add a typo fix - commit 2ae3683 - Linux 5.11.4 (bsc#1012628). - ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (bsc#1012628). - ALSA: hda/realtek: Add quirk for Intel NUC 10 (bsc#1012628). - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (bsc#1012628). - phy: mediatek: Add missing MODULE_DEVICE_TABLE() (bsc#1012628). - tty: teach the n_tty ICANON case about the new "cookie continuations" too (bsc#1012628). - tty: teach n_tty line discipline about the new "cookie continuations" (bsc#1012628). - tty: clean up legacy leftovers from n_tty line discipline (bsc#1012628). - tty: fix up hung_up_tty_read() conversion (bsc#1012628). - tty: fix up iterate_tty_read() EOVERFLOW handling (bsc#1012628). - swap: fix swapfile read/write offset (bsc#1012628). - xen: fix p2m size in dom0 for disabled memory hotplug case (bsc#1012628). - xen-netback: respect gnttab_map_refs()'s return value (bsc#1012628). - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1012628). - scsi: iscsi: Verify lengths on passthrough PDUs (bsc#1012628). - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (bsc#1012628). - scsi: iscsi: Restrict sessions and handles to admin capabilities (bsc#1012628). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (bsc#1012628). - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (bsc#1012628). - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (bsc#1012628). - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (bsc#1012628). - sched/features: Fix hrtick reprogramming (bsc#1012628). - parisc: Bump 64-bit IRQ stack size to 64 KB (bsc#1012628). - ASoC: Intel: sof_sdw: detect DMIC number based on mach params (bsc#1012628). - ASoC: Intel: sof-sdw: indent and add quirks consistently (bsc#1012628). - perf/x86/kvm: Add Cascade Lake Xeon steppings to isolation_ucodes[] (bsc#1012628). - btrfs: fix error handling in commit_fs_roots (bsc#1012628). - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (bsc#1012628). - ALSA: usb-audio: Add DJM-450 to the quirks table (bsc#1012628). - ALSA: usb-audio: Add DJM450 to Pioneer format quirk (bsc#1012628). - nvme-tcp: add clean action for failed reconnection (bsc#1012628). - nvme-rdma: add clean action for failed reconnection (bsc#1012628). - nvme-core: add cancel tagset helpers (bsc#1012628). - f2fs: fix to set/clear I_LINKABLE under i_lock (bsc#1012628). - f2fs: handle unallocated section and zone on pinned/atgc (bsc#1012628). - media: uvcvideo: Allow entities with no pads (bsc#1012628). - drm/amd/amdgpu: add error handling to amdgpu_virt_read_pf2vf_data (bsc#1012628). - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (bsc#1012628). - ALSA: usb-audio: Add support for Pioneer DJM-750 (bsc#1012628). - ASoC: Intel: bytcr_rt5640: Add new BYT_RT5640_NO_SPEAKERS quirk-flag (bsc#1012628). - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (bsc#1012628). - drm/amdgpu: Add check to prevent IH overflow (bsc#1012628). - fs: make unlazy_walk() error handling consistent (bsc#1012628). - crypto: tcrypt - avoid signed overflow in byte count (bsc#1012628). - drm/hisilicon: Fix use-after-free (bsc#1012628). - wilc1000: Fix use of void pointer as a wrong struct type (bsc#1012628). - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (bsc#1012628). - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (bsc#1012628). - net: ipa: avoid field overflow (bsc#1012628). - staging: bcm2835-audio: Replace unsafe strcpy() with strscpy() (bsc#1012628). - staging: most: sound: add sanity check for function argument (bsc#1012628). - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (bsc#1012628). - Bluetooth: Add new HCI_QUIRK_NO_SUSPEND_NOTIFIER quirk (bsc#1012628). - net: sfp: add mode quirk for GPON module Ubiquiti U-Fiber Instant (bsc#1012628). - ath10k: fix wmi mgmt tx queue full due to race condition (bsc#1012628). - pktgen: fix misuse of BUG_ON() in pktgen_thread_worker() (bsc#1012628). - mt76: mt7615: reset token when mac_reset happens (bsc#1012628). - mt76: mt7915: reset token when mac_reset happens (bsc#1012628). - selftests/bpf: Remove memory leak (bsc#1012628). - Bluetooth: btusb: fix memory leak on suspend and resume (bsc#1012628). - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (bsc#1012628). - wlcore: Fix command execute failure 19 for wl12xx (bsc#1012628). - vt/consolemap: do font sum unsigned (bsc#1012628). - can: flexcan: add CAN wakeup function for i.MX8QM (bsc#1012628). - x86/reboot: Add Zotac ZBOX CI327 nano PCI reboot quirk (bsc#1012628). - staging: fwserial: Fix error handling in fwserial_create (bsc#1012628). - EDAC/amd64: Do not load on family 0x15, model 0x13 (bsc#1012628). - ath10k: prevent deinitializing NAPI twice (bsc#1012628). - ASoC: qcom: Remove useless debug print (bsc#1012628). - dt-bindings: net: btusb: DT fix s/interrupt-name/interrupt-names/ (bsc#1012628). - dt-bindings: ethernet-controller: fix fixed-link specification (bsc#1012628). - net: fix dev_ifsioc_locked() race condition (bsc#1012628). - net: psample: Fix netlink skb length with tunnel info (bsc#1012628). - net: hsr: add support for EntryForgetTime (bsc#1012628). - net: ag71xx: remove unnecessary MTU reservation (bsc#1012628). - net: dsa: tag_rtl4_a: Support also egress tags (bsc#1012628). - net/sched: cls_flower: Reject invalid ct_state flags rules (bsc#1012628). - net: bridge: use switchdev for port flags set through sysfs too (bsc#1012628). - mptcp: fix DATA_FIN generation on early shutdown (bsc#1012628). - mptcp: do not wakeup listener for MPJ subflows (bsc#1012628). - tcp: fix tcp_rmem documentation (bsc#1012628). - RDMA/rtrs-srv: Do not signal REG_MR (bsc#1012628). - RDMA/rtrs-clt: Use bitmask to check sess->flags (bsc#1012628). - RDMA/rtrs: Do not signal for heatbeat (bsc#1012628). - vfio/type1: Use follow_pte() (bsc#1012628). - mm/hugetlb.c: fix unnecessary address expansion of pmd sharing (bsc#1012628). - nbd: handle device refs for DESTROY_ON_DISCONNECT properly (bsc#1012628). - riscv: Get rid of MAX_EARLY_MAPPING_SIZE (bsc#1012628). - mptcp: fix spurious retransmissions (bsc#1012628). - net: fix up truesize of cloned skb in skb_prepare_for_shift() (bsc#1012628). - tomoyo: ignore data race while checking quota (bsc#1012628). - smackfs: restrict bytes count in smackfs write functions (bsc#1012628). - net/af_iucv: remove WARN_ONCE on malformed RX packets (bsc#1012628). - xfs: Fix assert failure in xfs_setattr_size() (bsc#1012628). - media: zr364xx: fix memory leaks in probe() (bsc#1012628). - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (bsc#1012628). - erofs: fix shift-out-of-bounds of blkszbits (bsc#1012628). - media: mceusb: sanity check for prescaler value (bsc#1012628). - udlfb: Fix memory leak in dlfb_usb_probe (bsc#1012628). - sched/core: Allow try_invoke_on_locked_down_task() with irqs disabled (bsc#1012628). - JFS: more checks for invalid superblock (bsc#1012628). - x86/build: Treat R_386_PLT32 relocation as R_386_PC32 (bsc#1012628). - iwlwifi: add new cards for So and Qu family (bsc#1012628). - net: usb: qmi_wwan: support ZTE P685M modem (bsc#1012628). - commit 43a5c33 - drm/amd/display: Add a backlight module option (bsc#1180749). - drm/amdgpu/display: handle aux backlight in backlight_get_brightness (bsc#1180749). - drm/amdgpu/display: don't assert in set backlight function (bsc#1180749). - drm/amdgpu/display: simplify backlight setting (bsc#1180749). - commit 24ee23f - ARMv6/v7: Update config files. (bsc#1183009) enable CONFIG_ARM_MODULE_PLTS to fix module loading issues - commit b3d2cd1 - rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended. - commit a1976d2 - blacklist.conf: add a /proc revert - commit 87aa54e - Linux 5.11.3 (bsc#1012628). - vmlinux.lds.h: add DWARF v5 sections (bsc#1012628). - vdpa/mlx5: fix param validation in mlx5_vdpa_get_config() (bsc#1012628). - debugfs: be more robust at handling improper input in debugfs_lookup() (bsc#1012628). - debugfs: do not attempt to create a new file before the filesystem is initalized (bsc#1012628). - driver core: auxiliary bus: Fix calling stage for auxiliary bus init (bsc#1012628). - scsi: libsas: docs: Remove notify_ha_event() (bsc#1012628). - scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1012628). - kdb: Make memory allocations more robust (bsc#1012628). - w1: w1_therm: Fix conversion result for negative temperatures (bsc#1012628). - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (bsc#1012628). - PCI: Decline to resize resources if boot config must be preserved (bsc#1012628). - virt: vbox: Do not use wait_event_interruptible when called from kernel context (bsc#1012628). - bfq: Avoid false bfq queue merging (bsc#1012628). - ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode (bsc#1012628). - zsmalloc: account the number of compacted pages correctly (bsc#1012628). - MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section (bsc#1012628). - vmlinux.lds.h: Define SANTIZER_DISCARDS with CONFIG_GCOV_KERNEL=y (bsc#1012628). - random: fix the RNDRESEEDCRNG ioctl (bsc#1012628). - ALSA: pcm: Call sync_stop at disconnection (bsc#1012628). - ALSA: pcm: Assure sync with the pending stop operation at suspend (bsc#1012628). - ALSA: pcm: Don't call sync_stop if it hasn't been stopped (bsc#1012628). - drm/i915/gt: One more flush for Baytrail clear residuals (bsc#1012628). - ath10k: Fix error handling in case of CE pipe init failure (bsc#1012628). - Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function (bsc#1012628). - Bluetooth: hci_uart: Fix a race for write_work scheduling (bsc#1012628). - Bluetooth: Fix initializing response id after clearing struct (bsc#1012628). - arm64: dts: renesas: beacon kit: Fix choppy Bluetooth Audio (bsc#1012628). - arm64: dts: renesas: beacon: Fix audio-1.8V pin enable (bsc#1012628). - ARM: dts: exynos: correct PMIC interrupt trigger level on Artik 5 (bsc#1012628). - ARM: dts: exynos: correct PMIC interrupt trigger level on Monk (bsc#1012628). - ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato (bsc#1012628). - ARM: dts: exynos: correct PMIC interrupt trigger level on Spring (bsc#1012628). - ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale Octa (bsc#1012628). - ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 family (bsc#1012628). - arm64: dts: exynos: correct PMIC interrupt trigger level on TM2 (bsc#1012628). - arm64: dts: exynos: correct PMIC interrupt trigger level on Espresso (bsc#1012628). - memory: mtk-smi: Fix PM usage counter unbalance in mtk_smi ops (bsc#1012628). - Bluetooth: hci_qca: Fix memleak in qca_controller_memdump (bsc#1012628). - staging: vchiq: Fix bulk userdata handling (bsc#1012628). - staging: vchiq: Fix bulk transfers on 64-bit builds (bsc#1012628). - arm64: dts: qcom: msm8916-samsung-a5u: Fix iris compatible (bsc#1012628). - net: stmmac: dwmac-meson8b: fix enabling the timing-adjustment clock (bsc#1012628). - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (bsc#1012628). - bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1012628). - firmware: arm_scmi: Fix call site of scmi_notification_exit (bsc#1012628). - arm64: dts: allwinner: A64: properly connect USB PHY to port 0 (bsc#1012628). - arm64: dts: allwinner: H6: properly connect USB PHY to port 0 (bsc#1012628). - arm64: dts: allwinner: Drop non-removable from SoPine/LTS SD card (bsc#1012628). - arm64: dts: allwinner: H6: Allow up to 150 MHz MMC bus frequency (bsc#1012628). - arm64: dts: allwinner: A64: Limit MMC2 bus frequency to 150 MHz (bsc#1012628). - arm64: dts: qcom: msm8916-samsung-a2015: Fix sensors (bsc#1012628). - cpufreq: brcmstb-avs-cpufreq: Free resources in error path (bsc#1012628). - cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in ->remove() (bsc#1012628). - arm64: dts: rockchip: rk3328: Add clock_in_out property to gmac2phy node (bsc#1012628). - ACPICA: Fix exception code class checks (bsc#1012628). - usb: gadget: u_audio: Free requests only after callback (bsc#1012628). - arm64: dts: qcom: sdm845-db845c: Fix reset-pin of ov8856 node (bsc#1012628). - soc: qcom: socinfo: Fix an off by one in qcom_show_pmic_model() (bsc#1012628). - soc: ti: pm33xx: Fix some resource leak in the error handling paths of the probe function (bsc#1012628). - staging: media: atomisp: Fix size_t format specifier in hmm_alloc() debug statemenet (bsc#1012628). - Bluetooth: drop HCI device reference before return (bsc#1012628). - Bluetooth: Put HCI device if inquiry procedure interrupts (bsc#1012628). - memory: ti-aemif: Drop child node when jumping out loop (bsc#1012628). - ARM: dts: Configure missing thermal interrupt for 4430 (bsc#1012628). - usb: dwc2: Do not update data length if it is 0 on inbound transfers (bsc#1012628). - usb: dwc2: Abort transaction after errors with unknown reason (bsc#1012628). - usb: dwc2: Make "trimming xfer length" a debug message (bsc#1012628). - staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules (bsc#1012628). - x86/MSR: Filter MSR writes through X86_IOC_WRMSR_REGS ioctl too (bsc#1012628). - arm64: dts: renesas: beacon: Fix EEPROM compatible value (bsc#1012628). - can: mcp251xfd: mcp251xfd_probe(): fix errata reference (bsc#1012628). - ARM: dts: armada388-helios4: assign pinctrl to LEDs (bsc#1012628). - ARM: dts: armada388-helios4: assign pinctrl to each fan (bsc#1012628). - arm64: dts: armada-3720-turris-mox: rename u-boot mtd partition to a53-firmware (bsc#1012628). - opp: Correct debug message in _opp_add_static_v2() (bsc#1012628). - Bluetooth: btusb: Fix memory leak in btusb_mtk_wmt_recv (bsc#1012628). - soc: qcom: ocmem: don't return NULL in of_get_ocmem (bsc#1012628). - arm64: dts: msm8916: Fix reserved and rfsa nodes unit address (bsc#1012628). - arm64: dts: meson: fix broken wifi node for Khadas VIM3L (bsc#1012628). - iwlwifi: mvm: set enabled in the PPAG command properly (bsc#1012628). - ARM: s3c: fix fiq for clang IAS (bsc#1012628). - optee: simplify i2c access (bsc#1012628). - staging: wfx: fix possible panic with re-queued frames (bsc#1012628). - ARM: at91: use proper asm syntax in pm_suspend (bsc#1012628). - ath10k: Fix suspicious RCU usage warning in ath10k_wmi_tlv_parse_peer_stats_info() (bsc#1012628). - ath10k: Fix lockdep assertion warning in ath10k_sta_statistics (bsc#1012628). - ath11k: fix a locking bug in ath11k_mac_op_start() (bsc#1012628). - soc: aspeed: snoop: Add clock control logic (bsc#1012628). - iwlwifi: mvm: fix the type we use in the PPAG table validity checks (bsc#1012628). - iwlwifi: mvm: store PPAG enabled/disabled flag properly (bsc#1012628). - iwlwifi: mvm: send stored PPAG command instead of local (bsc#1012628). - iwlwifi: mvm: assign SAR table revision to the command later (bsc#1012628). - iwlwifi: mvm: don't check if CSA event is running before removing (bsc#1012628). - bpf_lru_list: Read double-checked variable once without lock (bsc#1012628). - iwlwifi: pnvm: set the PNVM again if it was already loaded (bsc#1012628). - iwlwifi: pnvm: increment the pointer before checking the TLV (bsc#1012628). - ath9k: fix data bus crash when setting nf_override via debugfs (bsc#1012628). - selftests/bpf: Convert test_xdp_redirect.sh to bash (bsc#1012628). - ibmvnic: Set to CLOSED state even on error (bsc#1012628). - bnxt_en: reverse order of TX disable and carrier off (bsc#1012628). - bnxt_en: Fix devlink info's stored fw.psid version format (bsc#1012628). - xen/netback: fix spurious event detection for common event case (bsc#1012628). - dpaa2-eth: fix memory leak in XDP_REDIRECT (bsc#1012628). - net: phy: consider that suspend2ram may cut off PHY power (bsc#1012628). - net/mlx5e: Enable XDP for Connect-X IPsec capable devices (bsc#1012628). - net/mlx5e: Don't change interrupt moderation params when DIM is enabled (bsc#1012628). - net/mlx5e: Change interrupt moderation channel params also when channels are closed (bsc#1012628). - net/mlx5: Fix health error state handling (bsc#1012628). - net/mlx5e: Replace synchronize_rcu with synchronize_net (bsc#1012628). - net/mlx5e: kTLS, Use refcounts to free kTLS RX priv context (bsc#1012628). - net/mlx5: Disable devlink reload for multi port slave device (bsc#1012628). - net/mlx5: Disallow RoCE on multi port slave device (bsc#1012628). - net/mlx5: Disallow RoCE on lag device (bsc#1012628). - net/mlx5: Disable devlink reload for lag devices (bsc#1012628). - net/mlx5e: CT: manage the lifetime of the ct entry object (bsc#1012628). - net/mlx5e: Check tunnel offload is required before setting SWP (bsc#1012628). - mac80211: fix potential overflow when multiplying to u32 integers (bsc#1012628). - libbpf: Ignore non function pointer member in struct_ops (bsc#1012628). - bpf: Fix an unitialized value in bpf_iter (bsc#1012628). - bpf, devmap: Use GFP_KERNEL for xdp bulk queue allocation (bsc#1012628). - bpf: Fix bpf_fib_lookup helper MTU check for SKB ctx (bsc#1012628). - selftests: mptcp: fix ACKRX debug message (bsc#1012628). - tcp: fix SO_RCVLOWAT related hangs under mem pressure (bsc#1012628). - net: axienet: Handle deferred probe on clock properly (bsc#1012628). - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (bsc#1012628). - b43: N-PHY: Fix the update of coef for the PHY revision >= 3case (bsc#1012628). - bpf: Clear subreg_def for global function return values (bsc#1012628). - ibmvnic: add memory barrier to protect long term buffer (bsc#1012628). - ibmvnic: skip send_request_unmap for timeout reset (bsc#1012628). - ibmvnic: serialize access to work queue on remove (bsc#1012628). - net: dsa: felix: perform teardown in reverse order of setup (bsc#1012628). - net: dsa: felix: don't deinitialize unused ports (bsc#1012628). - net: phy: mscc: adding LCPLL reset to VSC8514 (bsc#1012628). - net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout (bsc#1012628). - net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning (bsc#1012628). - net: amd-xgbe: Reset link when the link never comes back (bsc#1012628). - net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP (bsc#1012628). - net: mvneta: Remove per-cpu queue mapping for Armada 3700 (bsc#1012628). - net: enetc: fix destroyed phylink dereference during unbind (bsc#1012628). - Bluetooth: Remove hci_req_le_suspend_config (bsc#1012628). - arm64: dts: broadcom: bcm4908: use proper NAND binding (bsc#1012628). - Bluetooth: hci_qca: Wait for SSR completion during suspend (bsc#1012628). - serial: stm32: fix DMA initialization error handling (bsc#1012628). - bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1012628). - selftests/bpf: Sync RCU before unloading bpf_testmod (bsc#1012628). - arm64: dts: qcom: sm8250: correct sdhc_2 xo clk (bsc#1012628). - arm64: dts: qcom: qrb5165-rb5: fix uSD pins drive strength (bsc#1012628). - tty: convert tty_ldisc_ops 'read()' function to take a kernel pointer (bsc#1012628). - tty: implement read_iter (bsc#1012628). - x86/sgx: Fix the return type of sgx_init() (bsc#1012628). - selftests/bpf: Don't exit on failed bpf_testmod unload (bsc#1012628). - arm64: dts: mt8183: rename rdma fifo size (bsc#1012628). - arm64: dts: mt8183: refine gamma compatible name (bsc#1012628). - arm64: dts: mt8183: Add missing power-domain for pwm0 node (bsc#1012628). - net: sfp: add workaround for Realtek RTL8672 and RTL9601C chips (bsc#1012628). - ARM: tegra: ouya: Fix eMMC on specific bootloaders (bsc#1012628). - arm64: dts: mt8183: Fix GCE include path (bsc#1012628). - Bluetooth: hci_qca: check for SSR triggered flag while suspend (bsc#1012628). - Bluetooth: hci_qca: Fixed issue during suspend (bsc#1012628). - soc: aspeed: socinfo: Add new systems (bsc#1012628). - net/mlx5e: E-switch, Fix rate calculation for overflow (bsc#1012628). - net/mlx5e: Enable striding RQ for Connect-X IPsec capable devices (bsc#1012628). - net/mlx5e: Fix CQ params of ICOSQ and async ICOSQ (bsc#1012628). - ibmvnic: change IBMVNIC_MAX_IND_DESCS to 16 (bsc#1012628). - net: ipa: initialize all resources (bsc#1012628). - net: phy: mscc: improved serdes calibration applied to VSC8514 (bsc#1012628). - net: phy: mscc: coma mode disabled for VSC8514 (bsc#1012628). - fbdev: aty: SPARC64 requires FB_ATY_CT (bsc#1012628). - drm/gma500: Fix error return code in psb_driver_load() (bsc#1012628). - drm: document that user-space should force-probe connectors (bsc#1012628). - gma500: clean up error handling in init (bsc#1012628). - drm/fb-helper: Add missed unlocks in setcmap_legacy() (bsc#1012628). - drm/panel: s6e63m0: Fix init sequence again (bsc#1012628). - drm/panel: mantix: Tweak init sequence (bsc#1012628). - drm/vc4: hdmi: Take into account the clock doubling flag in atomic_check (bsc#1012628). - drm/panel: s6e63m0: Support max-brightness (bsc#1012628). - crypto: sun4i-ss - linearize buffers content must be kept (bsc#1012628). - crypto: sun4i-ss - fix kmap usage (bsc#1012628). - crypto: arm64/aes-ce - really hide slower algos when faster ones are enabled (bsc#1012628). - hwrng: ingenic - Fix a resource leak in an error handling path (bsc#1012628). - media: allegro: Fix use after free on error (bsc#1012628). - ASoC: fsl_aud2htx: select SND_SOC_IMX_PCM_DMA (bsc#1012628). - kcsan: Rewrite kcsan_prandom_u32_max() without prandom_u32_state() (bsc#1012628). - drm: rcar-du: Fix PM reference leak in rcar_cmm_enable() (bsc#1012628). - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1012628). - drm: rcar-du: Fix the return check of of_parse_phandle and of_find_device_by_node (bsc#1012628). - drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if condition (bsc#1012628). - MIPS: c-r4k: Fix section mismatch for loongson2_sc_init (bsc#1012628). - MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0 (bsc#1012628). - drm/virtio: make sure context is created in gem open (bsc#1012628). - drm/fourcc: fix Amlogic format modifier masks (bsc#1012628). - media: ipu3-cio2: Build only for x86 (bsc#1012628). - media: i2c: ov5670: Fix PIXEL_RATE minimum value (bsc#1012628). - media: imx: Unregister csc/scaler only if registered (bsc#1012628). - media: imx: Fix csc/scaler unregister (bsc#1012628). - media: mtk-vcodec: fix error return code in vdec_vp9_decode() (bsc#1012628). - media: camss: Fix signedness bug in video_enum_fmt() (bsc#1012628). - media: camss: missing error code in msm_video_register() (bsc#1012628). - media: vsp1: Fix an error handling path in the probe function (bsc#1012628). - media: em28xx: Fix use-after-free in em28xx_alloc_urbs (bsc#1012628). - media: media/pci: Fix memleak in empress_init (bsc#1012628). - media: tm6000: Fix memleak in tm6000_start_stream (bsc#1012628). - media: aspeed: fix error return code in aspeed_video_setup_video() (bsc#1012628). - ASoC: cs42l56: fix up error handling in probe (bsc#1012628). - ASoC: qcom: qdsp6: Move frontend AIFs to q6asm-dai (bsc#1012628). - evm: Fix memleak in init_desc (bsc#1012628). - crypto: qat - replace CRYPTO_AES with CRYPTO_LIB_AES in Kconfig (bsc#1012628). - crypto: bcm - Rename struct device_private to bcm_device_private (bsc#1012628). - sched/fair: Avoid stale CPU util_est value for schedutil in task dequeue (bsc#1012628). - drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1012628). - media: imx7: csi: Fix regression for parallel cameras on i.MX6UL (bsc#1012628). - media: imx7: csi: Fix pad link validation (bsc#1012628). - media: ti-vpe: cal: fix write to unallocated memory (bsc#1012628). - MIPS: properly stop .eh_frame generation (bsc#1012628). - MIPS: Compare __SYNC_loongson3_war against 0 (bsc#1012628). - drm/tegra: Fix reference leak when pm_runtime_get_sync() fails (bsc#1012628). - drm/amdgpu: toggle on DF Cstate after finishing xgmi injection (bsc#1012628). - bsg: free the request before return error code (bsc#1012628). - macintosh/adb-iop: Use big-endian autopoll mask (bsc#1012628). - drm/amd/display: Fix 10/12 bpc setup in DCE output bit depth reduction (bsc#1012628). - drm/amd/display: Fix HDMI deep color output for DCE 6-11 (bsc#1012628). - media: software_node: Fix refcounts in software_node_get_next_child() (bsc#1012628). - media: lmedm04: Fix misuse of comma (bsc#1012628). - media: vidtv: psi: fix missing crc for PMT (bsc#1012628). - media: atomisp: Fix a buffer overflow in debug code (bsc#1012628). - media: qm1d1c0042: fix error return code in qm1d1c0042_init() (bsc#1012628). - media: cx25821: Fix a bug when reallocating some dma memory (bsc#1012628). - media: mtk-vcodec: fix argument used when DEBUG is defined (bsc#1012628). - mtd: phram: use div_u64_rem to stop overwrite len in phram_setup (bsc#1012628). - media: pxa_camera: declare variable when DEBUG is defined (bsc#1012628). - media: i2c/Kconfig: Select FWNODE for OV772x sensor (bsc#1012628). - ASoC: max98373: Fixes a typo in max98373_feedback_get (bsc#1012628). - sched/eas: Don't update misfit status if the task is pinned (bsc#1012628). - f2fs: fix null page reference in redirty_blocks (bsc#1012628). - f2fs: compress: fix potential deadlock (bsc#1012628). - ASoC: qcom: lpass-cpu: Remove bit clock state check (bsc#1012628). - ASoC: SOF: Intel: hda: cancel D0i3 work during runtime suspend (bsc#1012628). - perf/arm-cmn: Fix PMU instance naming (bsc#1012628). - perf/arm-cmn: Move IRQs when migrating context (bsc#1012628). - mtd: parser: imagetag: fix error codes in bcm963xx_parse_imagetag_partitions() (bsc#1012628). - crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error) (bsc#1012628). - crypto: talitos - Fix ctr(aes) on SEC1 (bsc#1012628). - irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#1012628). - mm: proc: Invalidate TLB after clearing soft-dirty page state (bsc#1012628). - ata: ahci_brcm: Add back regulators management (bsc#1012628). - ASoC: cpcap: fix microphone timeslot mask (bsc#1012628). - ASoC: codecs: add missing max_register in regmap config (bsc#1012628). - mtd: parsers: afs: Fix freeing the part name memory in failure (bsc#1012628). - mtd: rawnand: intel: Fix an error handling path in 'ebu_dma_start()' (bsc#1012628). - f2fs: fix to avoid inconsistent quota data (bsc#1012628). - drm/amdgpu: Prevent shift wrapping in amdgpu_read_mask() (bsc#1012628). - f2fs: fix a wrong condition in __submit_bio (bsc#1012628). - ASoC: qcom: Fix typo error in HDMI regmap config callbacks (bsc#1012628). - KVM: nSVM: Don't strip host's C-bit from guest's CR3 when reading PDPTRs (bsc#1012628). - drm/mediatek: Check if fb is null (bsc#1012628). - Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() (bsc#1012628). - ASoC: Intel: sof_sdw: add missing TGL_HDMI quirk for Dell SKU 0A5E (bsc#1012628). - ASoC: Intel: sof_sdw: add missing TGL_HDMI quirk for Dell SKU 0A32 (bsc#1012628). - ASoC: Intel: sof_sdw: add missing TGL_HDMI quirk for Dell SKU 0A3E (bsc#1012628). - locking/lockdep: Avoid unmatched unlock (bsc#1012628). - ASoC: qcom: lpass: Fix i2s ctl register bit map (bsc#1012628). - ASoC: rt5682: Fix panic in rt5682_jack_detect_handler happening during system shutdown (bsc#1012628). - ASoC: SOF: debug: Fix a potential issue on string buffer termination (bsc#1012628). - btrfs: clarify error returns values in __load_free_space_cache (bsc#1012628). - btrfs: fix double accounting of ordered extent for subpage case in btrfs_invalidapge (bsc#1012628). - MIPS: relocatable: Provide kaslr_offset() to get the kernel offset (bsc#1012628). - KVM: x86: Restore all 64 bits of DR6 and DR7 during RSM on x86-64 (bsc#1012628). - s390/zcrypt: return EIO when msg retry limit reached (bsc#1012628). - drm/vc4: hdmi: Move hdmi reset to bind (bsc#1012628). - drm/vc4: hdmi: Fix register offset with longer CEC messages (bsc#1012628). - drm/vc4: hdmi: Fix up CEC registers (bsc#1012628). - drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1012628). - drm/vc4: hdmi: Compute the CEC clock divider from the clock rate (bsc#1012628). - drm/vc4: hdmi: Update the CEC clock divider on HSM rate change (bsc#1012628). - drm/lima: fix reference leak in lima_pm_busy (bsc#1012628). - drm/virtio: fix an error code in virtio_gpu_init() (bsc#1012628). - drm/dp_mst: Don't cache EDIDs for physical ports (bsc#1012628). - hwrng: timeriomem - Fix cooldown period calculation (bsc#1012628). - crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key() (bsc#1012628). - io_uring: fix possible deadlock in io_uring_poll (bsc#1012628). - nvmet-tcp: fix receive data digest calculation for multiple h2cdata PDUs (bsc#1012628). - nvmet-tcp: fix potential race of tcp socket closing accept_work (bsc#1012628). - nvme-multipath: set nr_zones for zoned namespaces (bsc#1012628). - nvmet: remove extra variable in identify ns (bsc#1012628). - nvmet: set status to 0 in case for invalid nsid (bsc#1012628). - ASoC: SOF: sof-pci-dev: add missing Up-Extreme quirk (bsc#1012628). - ima: Free IMA measurement buffer on error (bsc#1012628). - ima: Free IMA measurement buffer after kexec syscall (bsc#1012628). - ASoC: simple-card-utils: Fix device module clock (bsc#1012628). - fs/jfs: fix potential integer overflow on shift of a int (bsc#1012628). - jffs2: fix use after free in jffs2_sum_write_data() (bsc#1012628). - ubifs: Fix memleak in ubifs_init_authentication (bsc#1012628). - ubifs: replay: Fix high stack usage, again (bsc#1012628). - ubifs: Fix error return code in alloc_wbufs() (bsc#1012628). - irqchip/imx: IMX_INTMUX should not default to y, unconditionally (bsc#1012628). - smp: Process pending softirqs in flush_smp_call_function_from_idle() (bsc#1012628). - drm/amdgpu/display: remove hdcp_srm sysfs on device removal (bsc#1012628). - Input: da7280 - fix missing error test (bsc#1012628). - Input: da7280 - protect OF match table with CONFIG_OF (bsc#1012628). - Input: imx_keypad - add dependency on HAS_IOMEM (bsc#1012628). - capabilities: Don't allow writing ambiguous v3 file capabilities (bsc#1012628). - HSI: Fix PM usage counter unbalance in ssi_hw_init (bsc#1012628). - power: supply: cpcap: Add missing IRQF_ONESHOT to fix regression (bsc#1012628). - clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL (bsc#1012628). - clk: meson: clk-pll: make "ret" a signed integer (bsc#1012628). - clk: meson: clk-pll: propagate the error from meson_clk_pll_set_rate() (bsc#1012628). - selftests/powerpc: Make the test check in eeh-basic.sh posix compliant (bsc#1012628). - regulator: qcom-rpmh-regulator: add pm8009-1 chip revision (bsc#1012628). - arm64: dts: qcom: qrb5165-rb5: fix pm8009 regulators (bsc#1012628). - quota: Fix memory leak when handling corrupted quota file (bsc#1012628). - i2c: iproc: handle only slave interrupts which are enabled (bsc#1012628). - i2c: iproc: update slave isr mask (ISR_MASK_SLAVE) (bsc#1012628). - i2c: iproc: handle master read request (bsc#1012628). - spi: cadence-quadspi: Abort read if dummy cycles required are too many (bsc#1012628). - clk: sunxi-ng: h6: Fix CEC clock (bsc#1012628). - clk: renesas: r8a779a0: Remove non-existent S2 clock (bsc#1012628). - clk: renesas: r8a779a0: Fix parent of CBFUSA clock (bsc#1012628). - HID: core: detect and skip invalid inputs to snto32() (bsc#1012628). - RDMA/siw: Fix handling of zero-sized Read and Receive Queues (bsc#1012628). - dmaengine: fsldma: Fix a resource leak in the remove function (bsc#1012628). - dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function (bsc#1012628). - dmaengine: owl-dma: Fix a resource leak in the remove function (bsc#1012628). - rtc: rx6110: fix build against modular I2C (bsc#1012628). - dmaengine: qcom: Always inline gpi_update_reg (bsc#1012628). - dmaengine: ti: k3-udma: Set rflow count for BCDMA split channels (bsc#1012628). - dmaengine: hsu: disable spurious interrupt (bsc#1012628). - mfd: bd9571mwv: Use devm_mfd_add_devices() (bsc#1012628). - power: supply: cpcap-charger: Fix missing power_supply_put() (bsc#1012628). - power: supply: cpcap-battery: Fix missing power_supply_put() (bsc#1012628). - scsi: ufs: Fix a possible NULL pointer issue (bsc#1012628). - power: supply: cpcap-charger: Fix power_supply_put on null battery pointer (bsc#1012628). - fdt: Properly handle "no-map" field in the memory region (bsc#1012628). - of/fdt: Make sure no-map does not remove already reserved regions (bsc#1012628). - RDMA/rtrs: Extend ibtrs_cq_qp_create (bsc#1012628). - RDMA/rtrs-srv: Release lock before call into close_sess (bsc#1012628). - RDMA/rtrs-srv: Use sysfs_remove_file_self for disconnect (bsc#1012628). - RDMA/rtrs-clt: Set mininum limit when create QP (bsc#1012628). - RDMA/rtrs-srv: Jump to dereg_mr label if allocate iu fails (bsc#1012628). - RDMA/rtrs: Call kobject_put in the failure path (bsc#1012628). - RDMA/rtrs-srv: Fix missing wr_cqe (bsc#1012628). - RDMA/rtrs-clt: Refactor the failure cases in alloc_clt (bsc#1012628). - RDMA/rtrs-srv: Init wr_cnt as 1 (bsc#1012628). - RDMA/rtrs: Fix KASAN: stack-out-of-bounds bug (bsc#1012628). - power: reset: at91-sama5d2_shdwc: fix wkupdbc mask (bsc#1012628). - rtc: s5m: select REGMAP_I2C (bsc#1012628). - dmaengine: idxd: set DMA channel to be private (bsc#1012628). - power: supply: fix sbs-charger build, needs REGMAP_I2C (bsc#1012628). - clocksource/drivers/ixp4xx: Select TIMER_OF when needed (bsc#1012628). - clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined (bsc#1012628). - module: harden ELF info handling (bsc#1012628). - spi: imx: Don't print error on -EPROBEDEFER (bsc#1012628). - RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (bsc#1012628). - IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex (bsc#1012628). - clk: sunxi-ng: h6: Fix clock divider range on some clocks (bsc#1012628). - platform/chrome: cros_ec_proto: Use EC_HOST_EVENT_MASK not BIT (bsc#1012628). - platform/chrome: cros_ec_proto: Add LID and BATTERY to default mask (bsc#1012628). - regulator: axp20x: Fix reference cout leak (bsc#1012628). - watch_queue: Drop references to /dev/watch_queue (bsc#1012628). - certs: Fix blacklist flag type confusion (bsc#1012628). - regulator: s5m8767: Fix reference count leak (bsc#1012628). - spi: atmel: Put allocated master before return (bsc#1012628). - regulator: s5m8767: Drop regulators OF node reference (bsc#1012628). - scsi: libsas: Remove notifier indirection (bsc#1012628). - scsi: libsas: Introduce a _gfp() variant of event notifiers (bsc#1012628). - scsi: mvsas: Pass gfp_t flags to libsas event notifiers (bsc#1012628). - scsi: isci: Pass gfp_t flags in isci_port_link_down() (bsc#1012628). - scsi: isci: Pass gfp_t flags in isci_port_link_up() (bsc#1012628). - scsi: isci: Pass gfp_t flags in isci_port_bc_change_received() (bsc#1012628). - power: supply: axp20x_usb_power: Init work before enabling IRQs (bsc#1012628). - power: supply: smb347-charger: Fix interrupt usage if interrupt is unavailable (bsc#1012628). - regulator: core: Avoid debugfs: Directory ... already present! error (bsc#1012628). - isofs: release buffer head before return (bsc#1012628). - watchdog: intel-mid_wdt: Postpone IRQ handler registration till SCU is ready (bsc#1012628). - auxdisplay: ht16k33: Fix refresh rate handling (bsc#1012628). - auxdisplay: Fix duplicate CHARLCD config symbol (bsc#1012628). - objtool: Fix error handling for STD/CLD warnings (bsc#1012628). - objtool: Fix retpoline detection in asm code (bsc#1012628). - objtool: Fix ".cold" section suffix check for newer versions of GCC (bsc#1012628). - scsi: lpfc: Fix ancient double free (bsc#1012628). - iommu: Switch gather->end to the inclusive end (bsc#1012628). - tools/testing/scatterlist: Fix overflow of max segment size (bsc#1012628). - RDMA/mlx5: Allow creating all QPs even when non RDMA profile is used (bsc#1012628). - IB/umad: Return EIO in case of when device disassociated (bsc#1012628). - IB/umad: Return EPOLLERR in case of when device disassociated (bsc#1012628). - KVM: PPC: Make the VMX instruction emulation routines static (bsc#1012628). - powerpc/kvm: Force selection of CONFIG_PPC_FPU (bsc#1012628). - powerpc/47x: Disable 256k page size (bsc#1012628). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1012628). - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1012628). - powerpc/time: Enable sched clock for irqtime (bsc#1012628). - powerpc: Fix build error in paravirt.h (bsc#1012628). - mmc: owl-mmc: Fix a resource leak in an error handling path and in the remove function (bsc#1012628). - mmc: sdhci-sprd: Fix some resource leaks in the remove function (bsc#1012628). - mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe (bsc#1012628). - mmc: renesas_sdhi_internal_dmac: Fix DMA buffer alignment from 8 to 128-bytes (bsc#1012628). - ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores (bsc#1012628). - i2c: qcom-geni: Store DMA mapping data in geni_i2c_dev struct (bsc#1012628). - i3c/master/mipi-i3c-hci: Specify HAS_IOMEM dependency (bsc#1012628). - amba: Fix resource leak for drivers without .remove (bsc#1012628). - iommu: Move iotlb_sync_map out from __iommu_map (bsc#1012628). - iommu: Properly pass gfp_t in _iommu_map() to avoid atomic sleeping (bsc#1012628). - IB/mlx5: Return appropriate error code instead of ENOMEM (bsc#1012628). - IB/cm: Avoid a loop when device has 255 ports (bsc#1012628). - tracepoint: Do not fail unregistering a probe due to memory failure (bsc#1012628). - rtc: zynqmp: depend on HAS_IOMEM (bsc#1012628). - platform/x86: intel_pmt: Make INTEL_PMT_CLASS non-user-selectable (bsc#1012628). - platform/x86: intel_pmt_telemetry: Add dependency on MFD_INTEL_PMT (bsc#1012628). - platform/x86: intel_pmt_crashlog: Add dependency on MFD_INTEL_PMT (bsc#1012628). - perf tools: Fix DSO filtering when not finding a map for a sampled address (bsc#1012628). - perf vendor events arm64: Fix Ampere eMag event typo (bsc#1012628). - RDMA/rxe: Fix coding error in rxe_recv.c (bsc#1012628). - RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (bsc#1012628). - RDMA/rxe: Correct skb on loopback path (bsc#1012628). - spi: stm32: properly handle 0 byte transfer (bsc#1012628). - mfd: altera-sysmgr: Fix physical address storing more (bsc#1012628). - mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq() (bsc#1012628). - powerpc/pseries/dlpar: handle ibm, configure-connector delay status (bsc#1012628). - powerpc/8xx: Fix software emulation interrupt (bsc#1012628). - powerpc/sstep: Fix load-store and update emulation (bsc#1012628). - powerpc/sstep: Fix darn emulation (bsc#1012628). - clk: qcom: gfm-mux: fix clk mask (bsc#1012628). - clk: qcom: gcc-sc7180: Mark the MM XO clocks to be always ON (bsc#1012628). - clk: qcom: gcc-msm8998: Fix Alpha PLL type for all GPLLs (bsc#1012628). - kunit: tool: fix unit test cleanup handling (bsc#1012628). - kselftests: dmabuf-heaps: Fix Makefile's inclusion of the kernel's usr/include dir (bsc#1012628). - RDMA/hns: Allocate one more recv SGE for HIP08 (bsc#1012628). - RDMA/hns: Bugfix for checking whether the srq is full when post wr (bsc#1012628). - RDMA/hns: Force srq_limit to 0 when creating SRQ (bsc#1012628). - RDMA/hns: Fixed wrong judgments in the goto branch (bsc#1012628). - RDMA/hns: Remove the reserved WQE of SRQ (bsc#1012628). - RDMA/siw: Fix calculation of tx_valid_cpus size (bsc#1012628). - RDMA/hns: Avoid filling sgid index when modifying QP to RTR (bsc#1012628). - RDMA/hns: Fix type of sq_signal_bits (bsc#1012628). - RDMA/hns: Add mapped page count checking for MTR (bsc#1012628). - RDMA/hns: Disable RQ inline by default (bsc#1012628). - clk: divider: fix initialization with parent_hw (bsc#1012628). - spi: pxa2xx: Fix the controller numbering for Wildcat Point (bsc#1012628). - powerpc/uaccess: Avoid might_fault() when user access is enabled (bsc#1012628). - powerpc/kuap: Restore AMR after replaying soft interrupts (bsc#1012628). - regulator: qcom-rpmh: fix pm8009 ldo7 (bsc#1012628). - clk: aspeed: Fix APLL calculate formula from ast2600-A2 (bsc#1012628). - selftests/ftrace: Update synthetic event syntax errors (bsc#1012628). - perf symbols: Use (long) for iterator for bfd symbols (bsc#1012628). - regulator: bd718x7, bd71828, Fix dvs voltage levels (bsc#1012628). - spi: dw: Avoid stack content exposure (bsc#1012628). - spi: Skip zero-length transfers in spi_transfer_one_message() (bsc#1012628). - printk: avoid prb_first_valid_seq() where possible (bsc#1012628). - perf symbols: Fix return value when loading PE DSO (bsc#1012628). - nfsd: register pernet ops last, unregister first (bsc#1012628). - svcrdma: Hold private mutex while invoking rdma_accept() (bsc#1012628). - ceph: fix flush_snap logic after putting caps (bsc#1012628). - RDMA/hns: Fixes missing error code of CMDQ (bsc#1012628). - RDMA/ucma: Fix use-after-free bug in ucma_create_uevent (bsc#1012628). - RDMA/rtrs-srv: Fix stack-out-of-bounds (bsc#1012628). - RDMA/rtrs: Only allow addition of path to an already established session (bsc#1012628). - RDMA/rtrs-srv: fix memory leak by missing kobject free (bsc#1012628). - RDMA/rtrs-srv-sysfs: fix missing put_device (bsc#1012628). - RDMA/rtrs-srv: Do not pass a valid pointer to PTR_ERR() (bsc#1012628). - Input: sur40 - fix an error code in sur40_probe() (bsc#1012628). - perf record: Fix continue profiling after draining the buffer (bsc#1012628). - perf unwind: Set userdata for all __report_module() paths (bsc#1012628). - perf intel-pt: Fix missing CYC processing in PSB (bsc#1012628). - perf intel-pt: Fix premature IPC (bsc#1012628). - perf intel-pt: Fix IPC with CYC threshold (bsc#1012628). - perf test: Fix unaligned access in sample parsing test (bsc#1012628). - Input: elo - fix an error code in elo_connect() (bsc#1012628). - sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set (bsc#1012628). - sparc: fix led.c driver when PROC_FS is not enabled (bsc#1012628). - Input: zinitix - fix return type of zinitix_init_touch() (bsc#1012628). - Input: st1232 - add IDLE state as ready condition (bsc#1012628). - ARM: 9065/1: OABI compat: fix build when EPOLL is not enabled (bsc#1012628). - Input: st1232 - fix NORMAL vs. IDLE state handling (bsc#1012628). - misc: eeprom_93xx46: Fix module alias to enable module autoprobe (bsc#1012628). - phy: rockchip-emmc: emmc_phy_init() always return 0 (bsc#1012628). - phy: cadence-torrent: Fix error code in cdns_torrent_phy_probe() (bsc#1012628). - misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users (bsc#1012628). - PCI: rcar: Always allocate MSI addresses in 32bit space (bsc#1012628). - soundwire: cadence: fix ACK/NAK handling (bsc#1012628). - pwm: rockchip: Enable APB clock during register access while probing (bsc#1012628). - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (bsc#1012628). - pwm: rockchip: Eliminate potential race condition when probing (bsc#1012628). - PCI: xilinx-cpm: Fix reference count leak on error path (bsc#1012628). - VMCI: Use set_page_dirty_lock() when unregistering guest memory (bsc#1012628). - PCI: Align checking of syscall user config accessors (bsc#1012628). - mei: hbm: call mei_set_devstate() on hbm stop response (bsc#1012628). - drm/msm: Fix MSM_INFO_GET_IOVA with carveout (bsc#1012628). - drm/msm: Add proper checks for GPU LLCC support (bsc#1012628). - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (bsc#1012628). - drm/msm/mdp5: Fix wait-for-commit for cmd panels (bsc#1012628). - drm/msm: Fix race of GPU init vs timestamp power management (bsc#1012628). - drm/msm: Fix races managing the OOB state for timestamp vs timestamps (bsc#1012628). - drm/msm/kms: Make a lock_class_key for each crtc mutex (bsc#1012628). - drm/msm/dp: trigger unplug event in msm_dp_display_disable (bsc#1012628). - vfio/iommu_type1: Populate full dirty when detach non-pinned group (bsc#1012628). - vfio/iommu_type1: Fix some sanity checks in detach group (bsc#1012628). - vfio-pci/zdev: fix possible segmentation fault issue (bsc#1012628). - ext4: fix potential htree index checksum corruption (bsc#1012628). - phy: USB_LGM_PHY should depend on X86 (bsc#1012628). - coresight: etm4x: Skip accessing TRCPDCR in save/restore (bsc#1012628). - nvmem: core: Fix a resource leak on error in nvmem_add_cells_from_of() (bsc#1012628). - nvmem: core: skip child nodes not matching binding (bsc#1012628). - drm/msm: Fix legacy relocs path (bsc#1012628). - soundwire: bus: use sdw_update_no_pm when initializing a device (bsc#1012628). - soundwire: bus: use sdw_write_no_pm when setting the bus scale registers (bsc#1012628). - soundwire: export sdw_write/read_no_pm functions (bsc#1012628). - soundwire: bus: fix confusion on device used by pm_runtime (bsc#1012628). - drm/msm/dp: Add a missing semi-colon (bsc#1012628). - misc: fastrpc: fix incorrect usage of dma_map_sgtable (bsc#1012628). - remoteproc/mediatek: acknowledge watchdog IRQ after handled (bsc#1012628). - mhi: Fix double dma free (bsc#1012628). - regmap: sdw: use _no_pm functions in regmap_read/write (bsc#1012628). - ext: EXT4_KUNIT_TESTS should depend on EXT4_FS instead of selecting it (bsc#1012628). - mailbox: sprd: correct definition of SPRD_OUTBOX_FIFO_FULL (bsc#1012628). - device-dax: Fix default return code of range_parse() (bsc#1012628). - PCI: pci-bridge-emul: Fix array overruns, improve safety (bsc#1012628). - PCI: cadence: Fix DMA range mapping early return error (bsc#1012628). - i40e: Fix flow for IPv6 next header (extension header) (bsc#1012628). - i40e: Add zero-initialization of AQ command structures (bsc#1012628). - i40e: Fix overwriting flow control settings during driver loading (bsc#1012628). - i40e: Fix addition of RX filters after enabling FW LLDP agent (bsc#1012628). - i40e: Fix VFs not created (bsc#1012628). - Take mmap lock in cacheflush syscall (bsc#1012628). - nios2: fixed broken sys_clone syscall (bsc#1012628). - i40e: Fix add TC filter for IPv6 (bsc#1012628). - i40e: Fix endianness conversions (bsc#1012628). - octeontx2-af: Fix an off by one in rvu_dbg_qsize_write() (bsc#1012628). - pwm: iqs620a: Fix overflow and optimize calculations (bsc#1012628). - ice: report correct max number of TCs (bsc#1012628). - ice: Account for port VLAN in VF max packet size calculation (bsc#1012628). - ice: Fix state bits on LLDP mode switch (bsc#1012628). - ice: update the number of available RSS queues (bsc#1012628). - dpaa_eth: fix the access method for the dpaa_napi_portal (bsc#1012628). - net: stmmac: fix CBS idleslope and sendslope calculation (bsc#1012628). - net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (bsc#1012628). - PCI: rockchip: Make 'ep-gpios' DT property optional (bsc#1012628). - vxlan: move debug check after netdev unregister (bsc#1012628). - wireguard: device: do not generate ICMP for non-IP packets (bsc#1012628). - wireguard: kconfig: use arm chacha even with no neon (bsc#1012628). - ocfs2: fix a use after free on error (bsc#1012628). - mm: memcontrol: fix NR_ANON_THPS accounting in charge moving (bsc#1012628). - mm: memcontrol: fix slub memory accounting (bsc#1012628). - mm/memory.c: fix potential pte_unmap_unlock pte error (bsc#1012628). - mm/hugetlb: fix potential double free in hugetlb_register_node() error path (bsc#1012628). - mm/hugetlb: suppress wrong warning info when alloc gigantic page (bsc#1012628). - mm/compaction: fix misbehaviors of fast_find_migrateblock() (bsc#1012628). - net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8081 (bsc#1012628). - r8169: fix jumbo packet handling on RTL8168e (bsc#1012628). - NFSv4: Fixes for nfs4_bitmask_adjust() (bsc#1012628). - KVM: SVM: Intercept INVPCID when it's disabled to inject #UD (bsc#1012628). - KVM: x86/mmu: Expand collapsible SPTE zap for TDP MMU to ZONE_DEVICE and HugeTLB pages (bsc#1012628). - cifs: Fix inconsistent IS_ERR and PTR_ERR (bsc#1012628). - arm64: Add missing ISB after invalidating TLB in __primary_switch (bsc#1012628). - i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition (bsc#1012628). - i2c: exynos5: Preserve high speed master code (bsc#1012628). - mm,thp,shmem: make khugepaged obey tmpfs mount flags (bsc#1012628). - mm: fix memory_failure() handling of dax-namespace metadata (bsc#1012628). - mm/rmap: fix potential pte_unmap on an not mapped pte (bsc#1012628). - proc: use kvzalloc for our kernel buffer (bsc#1012628). - csky: Fix a size determination in gpr_get() (bsc#1012628). - scsi: bnx2fc: Fix Kconfig warning & CNIC build errors (bsc#1012628). - scsi: sd: sd_zbc: Don't pass GFP_NOIO to kvcalloc (bsc#1012628). - block: reopen the device in blkdev_reread_part (bsc#1012628). - block: fix logging on capacity change (bsc#1012628). - ide/falconide: Fix module unload (bsc#1012628). - scsi: sd: Fix Opal support (bsc#1012628). - blk-settings: align max_sectors on "logical_block_size" boundary (bsc#1012628). - soundwire: intel: fix possible crash when no device is detected (bsc#1012628). - ACPI: property: Fix fwnode string properties matching (bsc#1012628). - ACPI: configfs: add missing check after configfs_register_default_group() (bsc#1012628). - cpufreq: ACPI: Set cpuinfo.max_freq directly if max boost is known (bsc#1012628). - HID: logitech-dj: add support for keyboard events in eQUAD step 4 Gaming (bsc#1012628). - HID: wacom: Ignore attempts to overwrite the touch_max value from HID (bsc#1012628). - Input: raydium_ts_i2c - do not send zero length (bsc#1012628). - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (bsc#1012628). - Input: joydev - prevent potential read overflow in ioctl (bsc#1012628). - Input: i8042 - add ASUS Zenbook Flip to noselftest list (bsc#1012628). - media: mceusb: Fix potential out-of-bounds shift (bsc#1012628). - USB: serial: option: update interface mapping for ZTE P685M (bsc#1012628). - usb: musb: Fix runtime PM race in musb_queue_resume_work (bsc#1012628). - usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (bsc#1012628). - usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt (bsc#1012628). - USB: serial: ftdi_sio: fix FTX sub-integer prescaler (bsc#1012628). - USB: serial: pl2303: fix line-speed handling on newer chips (bsc#1012628). - USB: serial: mos7840: fix error code in mos7840_write() (bsc#1012628). - USB: serial: mos7720: fix error code in mos7720_write() (bsc#1012628). - phy: lantiq: rcu-usb2: wait after clock enable (bsc#1012628). - ALSA: usb-audio: Correct document for snd_usb_endpoint_free_all() (bsc#1012628). - ALSA: usb-audio: Handle invalid running state at releasing EP (bsc#1012628). - ALSA: usb-audio: More strict state change in EP (bsc#1012628). - ALSA: usb-audio: Don't avoid stopping the stream at disconnection (bsc#1012628). - ALSA: usb-audio: Add implicit fb quirk for BOSS GP-10 (bsc#1012628). - ALSA: fireface: fix to parse sync status register of latter protocol (bsc#1012628). - ALSA: hda: Add another CometLake-H PCI ID (bsc#1012628). - ALSA: hda/hdmi: Drop bogus check at closing a stream (bsc#1012628). - ALSA: hda/realtek: modify EAPD in the ALC886 (bsc#1012628). - ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup (bsc#1012628). - MIPS: Ingenic: Disable HPTLB for D0 XBurst CPUs too (bsc#1012628). - MIPS: Support binutils configured with - -enable-mips-fix-loongson3-llsc=yes (bsc#1012628). - MIPS: VDSO: Use CLANG_FLAGS instead of filtering out '--target=' (bsc#1012628). - Revert "MIPS: Octeon: Remove special handling of CONFIG_MIPS_ELF_APPENDED_DTB=y" (bsc#1012628). - MIPS: compressed: fix build with enabled UBSAN (bsc#1012628). - Revert "bcache: Kill btree_io_wq" (bsc#1012628). - bcache: Give btree_io_wq correct semantics again (bsc#1012628). - bcache: Move journal work to new flush wq (bsc#1012628). - Revert "drm/amd/display: Update NV1x SR latency values" (bsc#1012628). - drm/amd/display: Add FPU wrappers to dcn21_validate_bandwidth() (bsc#1012628). - drm/amd/display: Remove Assert from dcn10_get_dig_frontend (bsc#1012628). - drm/amd/display: Add vupdate_no_lock interrupts for DCN2.1 (bsc#1012628). - Revert "drm/amd/display: reuse current context instead of recreating one" (bsc#1012628). - drm/amdkfd: Fix recursive lock warnings (bsc#1012628). - drm/amdgpu: fix CGTS_TCC_DISABLE register offset on gfx10.3 (bsc#1012628). - drm/amdgpu: Set reference clock to 100Mhz on Renoir (v2) (bsc#1012628). - drm/amdgpu: fix shutdown and poweroff process failed with s0ix (bsc#1012628). - drm/ttm: Fix a memory leak (bsc#1012628). - drm/nouveau/kms: handle mDP connectors (bsc#1012628). - drm/modes: Switch to 64bit maths to avoid integer overflow (bsc#1012628). - drm/sched: Cancel and flush all outstanding jobs before finish (bsc#1012628). - drm/panel: kd35t133: allow using non-continuous dsi clock (bsc#1012628). - drm/rockchip: Require the YTR modifier for AFBC (bsc#1012628). - ASoC: siu: Fix build error by a wrong const prefix (bsc#1012628). - selinux: fix inconsistency between inode_getxattr and inode_listsecurity (bsc#1012628). - erofs: initialized fields can only be observed after bit is set (bsc#1012628). - tpm_tis: Fix check_locality for correct locality acquisition (bsc#1012628). - tpm_tis: Clean up locality release (bsc#1012628). - KEYS: trusted: Fix incorrect handling of tpm_get_random() (bsc#1012628). - KEYS: trusted: Fix migratable=1 failing (bsc#1012628). - KEYS: trusted: Reserve TPM for seal and unseal operations (bsc#1012628). - btrfs: do not cleanup upper nodes in btrfs_backref_cleanup_node (bsc#1012628). - btrfs: do not warn if we can't find the reloc root when looking up backref (bsc#1012628). - btrfs: add asserts for deleting backref cache nodes (bsc#1012628). - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1012628). - btrfs: fix reloc root leak with 0 ref reloc roots on recovery (bsc#1012628). - btrfs: splice remaining dirty_bg's onto the transaction dirty bg list (bsc#1012628). - btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself (bsc#1012628). - btrfs: account for new extents being deleted in total_bytes_pinned (bsc#1012628). - btrfs: fix extent buffer leak on failure to copy root (bsc#1012628). - drm/i915/gt: Flush before changing register state (bsc#1012628). - drm/i915/gt: Correct surface base address for renderclear (bsc#1012628). - crypto: arm64/sha - add missing module aliases (bsc#1012628). - crypto: aesni - prevent misaligned buffers on the stack (bsc#1012628). - crypto: michael_mic - fix broken misalignment handling (bsc#1012628). - crypto: sun4i-ss - checking sg length is not sufficient (bsc#1012628). - crypto: sun4i-ss - IV register does not work on A10 and A13 (bsc#1012628). - crypto: sun4i-ss - handle BigEndian for cipher (bsc#1012628). - crypto: sun4i-ss - initialize need_fallback (bsc#1012628). - soc: samsung: exynos-asv: don't defer early on not-supported SoCs (bsc#1012628). - soc: samsung: exynos-asv: handle reading revision register error (bsc#1012628). - seccomp: Add missing return in non-void function (bsc#1012628). - arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) (bsc#1012628). - misc: rtsx: init of rts522a add OCP power off when no card is present (bsc#1012628). - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (bsc#1012628). - pstore: Fix typo in compression option name (bsc#1012628). - dts64: mt7622: fix slow sd card access (bsc#1012628). - arm64: dts: agilex: fix phy interface bit shift for gmac1 and gmac2 (bsc#1012628). - staging/mt7621-dma: mtk-hsdma.c->hsdma-mt7621.c (bsc#1012628). - staging: gdm724x: Fix DMA from stack (bsc#1012628). - staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table (bsc#1012628). - media: i2c: max9286: fix access to unallocated memory (bsc#1012628). - media: v4l: ioctl: Fix memory leak in video_usercopy (bsc#1012628). - media: ir_toy: add another IR Droid device (bsc#1012628). - media: ipu3-cio2: Fix mbus_code processing in cio2_subdev_set_fmt() (bsc#1012628). - media: marvell-ccic: power up the device on mclk enable (bsc#1012628). - media: smipcie: fix interrupt handling and IR timeout (bsc#1012628). - x86/virt: Eat faults on VMXOFF in reboot flows (bsc#1012628). - x86/reboot: Force all cpus to exit VMX root if VMX is supported (bsc#1012628). - x86/fault: Fix AMD erratum #91 errata fixup for user code (bsc#1012628). - x86/entry: Fix instrumentation annotation (bsc#1012628). - powerpc/prom: Fix "ibm,arch-vec-5-platform-support" scan (bsc#1012628). - rcu: Pull deferred rcuog wake up to rcu_eqs_enter() callers (bsc#1012628). - rcu/nocb: Perform deferred wake up before last idle's need_resched() check (bsc#1012628). - rcu/nocb: Trigger self-IPI on late deferred wake up before user resume (bsc#1012628). - entry: Explicitly flush pending rcuog wakeup before last rescheduling point (bsc#1012628). - entry/kvm: Explicitly flush pending rcuog wakeup before last rescheduling point (bsc#1012628). - kprobes: Fix to delay the kprobes jump optimization (bsc#1012628). - arm64: Extend workaround for erratum 1024718 to all versions of Cortex-A55 (bsc#1012628). - iommu/arm-smmu-qcom: Fix mask extraction for bootloader programmed SMRs (bsc#1012628). - mailbox: arm_mhuv2: Skip calling kfree() with invalid pointer (bsc#1012628). - arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into() fails (bsc#1012628). - arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (bsc#1012628). - arm64 module: set plt* section addresses to 0x0 (bsc#1012628). - arm64: spectre: Prevent lockdep splat on v4 mitigation enable path (bsc#1012628). - riscv: Disable KSAN_SANITIZE for vDSO (bsc#1012628). - watchdog: qcom: Remove incorrect usage of QCOM_WDT_ENABLE_IRQ (bsc#1012628). - watchdog: mei_wdt: request stop on unregister (bsc#1012628). - coresight: etm4x: Handle accesses to TRCSTALLCTLR (bsc#1012628). - mtd: spi-nor: sfdp: Fix last erase region marking (bsc#1012628). - mtd: spi-nor: sfdp: Fix wrong erase type bitmask for overlaid region (bsc#1012628). - mtd: spi-nor: core: Fix erase type discovery for overlaid region (bsc#1012628). - mtd: spi-nor: core: Add erase size check for erase command initialization (bsc#1012628). - mtd: spi-nor: hisi-sfc: Put child node np on error path (bsc#1012628). - fs/affs: release old buffer head on error path (bsc#1012628). - seq_file: document how per-entry resources are managed (bsc#1012628). - x86: fix seq_file iteration for pat/memtype.c (bsc#1012628). - mm: memcontrol: fix swap undercounting in cgroup2 (bsc#1012628). - mm: memcontrol: fix get_active_memcg return value (bsc#1012628). - hugetlb: fix update_and_free_page contig page struct assumption (bsc#1012628). - hugetlb: fix copy_huge_page_from_user contig page struct assumption (bsc#1012628). - mm/vmscan: restore zone_reclaim_mode ABI (bsc#1012628). - mm, compaction: make fast_isolate_freepages() stay within zone (bsc#1012628). - KVM: nSVM: fix running nested guests when npt=0 (bsc#1012628). - nvmem: qcom-spmi-sdam: Fix uninitialized pdev pointer (bsc#1012628). - module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols (bsc#1012628). - mmc: sdhci-esdhc-imx: fix kernel panic when remove module (bsc#1012628). - mmc: sdhci-pci-o2micro: Bug fix for SDR104 HW tuning failure (bsc#1012628). - powerpc/32: Preserve cr1 in exception prolog stack check to fix build error (bsc#1012628). - powerpc/kexec_file: fix FDT size estimation for kdump kernel (bsc#1012628). - powerpc/32s: Add missing call to kuep_lock on syscall entry (bsc#1012628). - spmi: spmi-pmic-arb: Fix hw_irq overflow (bsc#1012628). - mei: bus: block send with vtag on non-conformat FW (bsc#1012628). - mei: fix transfer over dma with extended header (bsc#1012628). - mei: me: emmitsburg workstation DID (bsc#1012628). - mei: me: add adler lake point S DID (bsc#1012628). - mei: me: add adler lake point LP DID (bsc#1012628). - gpio: pcf857x: Fix missing first interrupt (bsc#1012628). - mfd: gateworks-gsc: Fix interrupt type (bsc#1012628). - printk: fix deadlock when kernel panic (bsc#1012628). - exfat: fix shift-out-of-bounds in exfat_fill_super() (bsc#1012628). - zonefs: Fix file size of zones in full condition (bsc#1012628). - kcmp: Support selection of SYS_kcmp without CHECKPOINT_RESTORE (bsc#1012628). - thermal: cpufreq_cooling: freq_qos_update_request() returns < 0 on error (bsc#1012628). - cpufreq: qcom-hw: drop devm_xxx() calls from init/exit hooks (bsc#1012628). - cpufreq: intel_pstate: Change intel_pstate_get_hwp_max() argument (bsc#1012628). - cpufreq: intel_pstate: Get per-CPU max freq via MSR_HWP_CAPABILITIES if available (bsc#1012628). - proc: don't allow async path resolution of /proc/thread-self components (bsc#1012628). - s390/vtime: fix inline assembly clobber list (bsc#1012628). - virtio/s390: implement virtio-ccw revision 2 correctly (bsc#1012628). - um: mm: check more comprehensively for stub changes (bsc#1012628). - um: defer killing userspace on page table update failures (bsc#1012628). - irqchip/loongson-pch-msi: Use bitmap_zalloc() to allocate bitmap (bsc#1012628). - f2fs: fix out-of-repair __setattr_copy() (bsc#1012628). - f2fs: enforce the immutable flag on open files (bsc#1012628). - f2fs: flush data when enabling checkpoint back (bsc#1012628). - cifs: fix DFS failover (bsc#1012628). - cifs: check all path components in resolved dfs target (bsc#1012628). - cifs: introduce helper for finding referral server to improve DFS target resolution (bsc#1012628). - cifs: fix nodfs mount option (bsc#1012628). - cifs: fix handling of escaped ',' in the password mount argument (bsc#1012628). - sparc32: fix a user-triggerable oops in clear_user() (bsc#1012628). - perf stat: Use nftw() instead of ftw() (bsc#1012628). - spi: fsl: invert spisel_boot signal on MPC8309 (bsc#1012628). - spi: spi-synquacer: fix set_cs handling (bsc#1012628). - gfs2: fix glock confusion in function signal_our_withdraw (bsc#1012628). - gfs2: Don't skip dlm unlock if glock has an lvb (bsc#1012628). - gfs2: Lock imbalance on error path in gfs2_recover_one (bsc#1012628). - gfs2: Recursive gfs2_quota_hold in gfs2_iomap_end (bsc#1012628). - dm: fix deadlock when swapping to encrypted device (bsc#1012628). - dm table: fix iterate_devices based device capability checks (bsc#1012628). - dm table: fix DAX iterate_devices based device capability checks (bsc#1012628). - dm table: fix zoned iterate_devices based device capability checks (bsc#1012628). - dm writecache: fix performance degradation in ssd mode (bsc#1012628). - dm writecache: return the exact table values that were set (bsc#1012628). - dm writecache: fix writing beyond end of underlying device when shrinking (bsc#1012628). - dm era: Recover committed writeset after crash (bsc#1012628). - dm era: Update in-core bitset after committing the metadata (bsc#1012628). - dm era: Verify the data block size hasn't changed (bsc#1012628). - dm era: Fix bitset memory leaks (bsc#1012628). - dm era: Use correct value size in equality function of writeset tree (bsc#1012628). - dm era: Reinitialize bitset cache before digesting a new writeset (bsc#1012628). - dm era: only resize metadata in preresume (bsc#1012628). - drm/i915: Reject 446-480MHz HDMI clock on GLK (bsc#1012628). - kgdb: fix to kill breakpoints on initmem after boot (bsc#1012628). - ipv6: silence compilation warning for non-IPV6 builds (bsc#1012628). - net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending (bsc#1012628). - wireguard: selftests: test multiple parallel streams (bsc#1012628). - wireguard: queueing: get rid of per-peer ring buffers (bsc#1012628). - net: sched: fix police ext initialization (bsc#1012628). - net: qrtr: Fix memory leak in qrtr_tun_open (bsc#1012628). - net_sched: fix RTNL deadlock again caused by request_module() (bsc#1012628). - ARM: dts: aspeed: Add LCLK to lpc-snoop (bsc#1012628). - Update config files. - commit 39714eb - rpm/check-for-config-changes: ignore more configs Specifially, these: * CONFIG_CC_HAS_* * CONFIG_CC_HAVE_* * CONFIG_CC_CAN_* * CONFIG_HAVE_[A-Z]*_COMPILER * CONFIG_TOOLS_SUPPORT_* are compiler specific too. This will allow us to use super configs using kernel's dummy-tools. - commit d12dcbd - config: arm64: sync xgmac-mdio config with SLE - commit 277fee9 - config: arm64: sync coresight configs with SLE - commit b4d272d - Update config files. Refresh with dummy-tools. - commit 433c0e0 - kbuild: dummy-tools, fix inverted tests for gcc (bsc#1181862). - commit 19ed7d5 - config: riscv64: enable EFI_STUB for vanilla - commit bcd346c - Linux 5.11.2 (bsc#1012628). - KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped() (bsc#1012628). - mm: provide a saner PTE walking API for modules (bsc#1012628). - KVM: do not assume PTE is writable after follow_pfn (bsc#1012628). - KVM: x86: Zap the oldest MMU pages, not the newest (bsc#1012628). - hwmon: (dell-smm) Add XPS 15 L502X to fan control blacklist (bsc#1012628). - arm64: tegra: Add power-domain for Tegra210 HDA (bsc#1012628). - Bluetooth: btusb: Some Qualcomm Bluetooth adapters stop working (bsc#1012628). - ntfs: check for valid standard information attribute (bsc#1012628). - usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable (bsc#1012628). - USB: quirks: sort quirk entries (bsc#1012628). - HID: make arrays usage and value to be the same (bsc#1012628). - bpf: Fix truncation handling for mod32 dst reg wrt zero (bsc#1012628). - commit 6fd6105 - config: refresh - fix misspelled USB gadget debugging options - commit 20be8e3 - Update config files. Update config files. Enable USB_GADGET(jsc#SLE-14042) - supported.conf: After discussion what the feature request implied, it was decided that gadget mode is also needed on x86_64 - commit 4adcbc0 - macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). Since rpm 4.16 files installed during build phase are lost. - commit d0b887e - update mainline references - update mainline references: patches.suse/drm-bail-out-of-nouveau_channel_new-if-channel-init-.patch patches.suse/floppy-reintroduce-O_NDELAY-fix.patch patches.suse/media-uvcvideo-Accept-invalid-bFormatIndex-and-bFram.patch - commit 4eacbc9 - Linux 5.11.1 (bsc#1012628). - Xen/x86: don't bail early from clear_foreign_p2m_mapping() (bsc#1012628). - Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (bsc#1012628). - Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (bsc#1012628). - Xen/gntdev: correct error checking in gntdev_map_grant_pages() (bsc#1012628). - xen/arm: don't ignore return errors from set_phys_to_machine (bsc#1012628). - xen-blkback: don't "handle" error by BUG() (bsc#1012628). - xen-netback: don't "handle" error by BUG() (bsc#1012628). - xen-scsiback: don't "handle" error by BUG() (bsc#1012628). - xen-blkback: fix error handling in xen_blkbk_map() (bsc#1012628). - tty: protect tty_write from odd low-level tty disciplines (bsc#1012628). - Bluetooth: btusb: Always fallback to alt 1 for WBS (bsc#1012628). - commit 3652ea1 - arm: Update config files. Set CONFIG_WATCHDOG_SYSFS to true (bsc#1182560) - commit 702d1a3 - rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439) - commit b74d860 - Update config files: Set reset-raspberrypi as builtin (bsc#1180336) This driver is needed in order to boot through USB. Ideally the kernel module should be selected by dracut, but it's not. So make it builtin until the relevant dracut fixes are available. - commit 8186eab - series.conf: cleanup - move patches on the way to mainline into respective section patches.suse/drm-bail-out-of-nouveau_channel_new-if-channel-init-.patch patches.suse/media-uvcvideo-Accept-invalid-bFormatIndex-and-bFram.patch patches.suse/media-dvb-usb-Fix-memory-leak-at-error-in-dvb_usb_de.patch patches.suse/media-dvb-usb-Fix-use-after-free-access.patch patches.suse/media-pwc-Use-correct-device-for-DMA.patch - commit 8309a4e - kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ("rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).") - commit 606c9d1 - rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058) - commit c29e77d - Refresh patches.suse/drm-bail-out-of-nouveau_channel_new-if-channel-init-.patch. - Refresh patches.suse/media-uvcvideo-Accept-invalid-bFormatIndex-and-bFram.patch. Update upstream status. - commit 1916d9d - Update to 5.11 final - refresh configs - commit 253d8c6 ==== krb5 ==== Version update (1.18.3 -> 1.19.1) - Update to 1.19.1 * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. - Update to 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the "password" and "verify" options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). ==== libcontainers-common ==== - Require util-linux-systemd for %post scripts (findmnt) (boo#1182998) - Update commonver to 0.35.1 - Update podmanver to 3.0.1 - Update storagever to 1.24.8 - Update imagever to 5.10.4 ==== libpng16 ==== - enable hardware optimizations (such as SSE) ==== libxcrypt ==== Version update (4.4.17 -> 4.4.18) - Update to version 4.4.18 * Fix conversion error in lib/alg-gost3411-core.c ==== libxml2 ==== Subpackages: libxml2-2 libxml2-tools - Fails to build against Python 3.9: * Add upstream commit that fixes the issue https://github.com/GNOME/libxml2/commit/e4fb36841800038c289997432ca547c9bfef9db1 - Add patch libxml2-python39.patch ==== libzypp ==== Version update (17.25.7 -> 17.25.8) - Try to provide a mounted /proc in --root installs (bsc#1181328) Some systemd tools require /proc to be mounted and fail if it's not there. - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - version 17.25.8 (22) ==== lua54 ==== - Add upstream-bugs.patch and upstream-bugs-test.patch to fix bugs 2,3,4 for build and tests respectively. ==== mozilla-nss ==== Version update (3.60.1 -> 3.61) - Add nss-btrfs-sqlite.patch to address bmo#1690232 - update to NSS 3.61 * required for Firefox 86 * bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key values under certain conditions. * bmo#1684300 - Fix default PBE iteration count when NSS is compiled with NSS_DISABLE_DBM. * bmo#1651411 - Improve constant-timeness in RSA operations. * bmo#1677207 - Upgrade Google Test version to latest release. * bmo#1654332 - Add aarch64-make target to nss-try. ==== mozjs78 ==== Version update (78.7.0 -> 78.8.0) - Update to version 78.8.0esr: + Fix build with Rust 1.50. ==== multipath-tools ==== Version update (0.8.5+12+suse.3b0e9ca -> 0.8.5+26+suse.2cbedfd) Subpackages: kpartx libmpath0 - Update to version 0.8.5+26+suse.2cbedfd: Avoid "illegal request" errors on non-RDAC storage (bsc#bsc#1182072, bsc#1177371) - Update to version 0.8.5+23+suse.c11b054: * multipath -U: reduce log level of "adding new path" message (bsc#1181435) - Update to version 0.8.5+22+suse.e1e3c48: * multipath-tools tests: fix stringop-overflow build errors with gcc 11 (bsc#1181877) * README moved to README.md (has been converted to markdown upstream) ==== netcfg ==== - services-create.pl: Switch to https (bsc#1182395) ==== nfs-utils ==== Subpackages: libnfsidmap1 nfs-client - Include nfsd kernel module Requires (bsc#1089118) - Update to version 2.5.3 https://mirrors.edge.kernel.org/pub/linux/utils/nfs-utils/2.5.3/2.5.3-Changelog ==== openssl-1_1 ==== Version update (1.1.1h -> 1.1.1j) - Fix unresolved error codes [bsc#1182959] - Update patches: * openssl-1.1.1-fips.patch * openssl-1.1.1-evp-kdf.patch - Update to 1.1.1j * Fixed the X509_issuer_and_serial_hash() function. It attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it was failing to correctly handle any errors that may occur while parsing the issuer field [bsc#1182331, CVE-2021-23841] * Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING padding mode to correctly check for rollback attacks. * Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate functions. Previously they could overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call would be 1 (indicating success), but the output length value would be negative. This could cause applications to behave incorrectly or crash. [bsc#1182333, CVE-2021-23840] * Fixed SRP_Calc_client_key so that it runs in constant time. The previous implementation called BN_mod_exp without setting BN_FLG_CONSTTIME. This could be exploited in a side channel attack to recover the password. Since the attack is local host only this is outside of the current OpenSSL threat model and therefore no CVE is assigned. - Rebase patches: * openssl-1.1.1-fips.patch * openssl-1.1.0-issuer-hash.patch * openssl-1.1.1-evp-kdf.patch - Removed patch because it was causing problems with other servers. * openssl-zero-pad-DHE-public-key.patch * bsc#1181796 - Zero pad the DHE public key in ClientKeyExchange for interoperability with Windows Server 2019. * openssl-zero-pad-DHE-public-key.patch * bsc#1181796 * sourced from https://github.com/openssl/openssl/pull/12331/files - Add version guards for the crypto-policies - Disable test_srp subsection from 90-test_sslapi.t test - Use SECLEVEL 2 in 80-test_ssl_new.t - Add patches: * openssl-1_1-use-seclevel2-in-tests.patch * openssl-1_1-disable-test_srp-sslapi.patch - Allow SHA1 in SECLEVEL 2 in non-FIPS mode - Add openssl-1_1-seclevel.patch - Require the crypto-policies package [bsc#1180051] - Update to 1.1.1i (bsc#1179491) * Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971) - Refresh openssl-1.1.1-fips-post-rand.patch ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-bootloader patterns-base-minimal_base - Require shim and mokutil on AArch64 as well now (boo#1183181) - Fix bug in create_32bit-patterns_file.pl leading to bogus "Recommends: pattern()-32bit" - Skip selinux pattern in pre_checkin.sh - Ignore boolean deps in create_32bit-patterns_file.pl for now - Run pre_checkin.sh, was overdue - Drop unneeded condition in %install - Recommend issue-generator on Leap as well - Recommend hostname, else you don't get it installed without installed YaST - Move shadow from required to recommended, it not needed for a functional base system and there are alternate solutions, so allow users to install them. - Suggest pulseaudio, so that zypp has something to base the decision on when choosing between pulseaudio and pipewire-pulseaudio (boo#1182730). ==== pcre ==== - Copy pcre_jit_test only if jit is enabled ==== podman ==== Version update (2.2.1 -> 3.0.1) Subpackages: podman-cni-config - Drop obsolete varlink.patch - Update to v3.0.1 * Changes - Several frequently-occurring WARN level log messages have been downgraded to INFO or DEBUG to not clutter terminal output. Bugfixes - Fixed a bug where the Created field of podman ps --format=json was formatted as a string instead of an Unix timestamp (integer) (#9315). - Fixed a bug where failing lookups of individual layers during the podman images command would cause the whole command to fail without printing output. - Fixed a bug where --cgroups=split did not function properly on cgroups v1 systems. - Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail (#9393). - Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume (#9415). - Fixed a bug where Podman would treat the --entrypoint=[""] option to podman run and podman create as a literal empty string in the entrypoint, when instead it should have been ignored (#9377). - Fixed a bug where Podman would set the HOME environment variable to "" when the container ran as a user without an assigned home directory (#9378). - Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause podman pod create to panic (#9374). - Fixed a bug where the --runtime option was not properly handled by the podman build command (#9365). - Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed. - Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed (#9387). - Fixed a bug where the podman generate systemd --new command would incorrectly escape %t when generating the path for the PID file (#9373). - Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in (#9191). - Fixed a bug where some options of the podman build command (including but not limited to --jobs) were nonfunctional (#9247). * API - Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 (#9351). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port. - Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred. - Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry (#9232). - The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the docker-java library. * Misc - Updated Buildah to v1.19.4 - Updated the containers/storage library to v1.24.6 - Changes from v3.0.0 * Features - Podman now features initial support for Docker Compose. - Added the podman rename command, which allows containers to be renamed after they are created (#1925). - The Podman remote client now supports the podman copy command. - A new command, podman network reload, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via firewall-cmd --reload). - Podman networks now have IDs. They can be seen in podman network ls and can be used when removing and inspecting networks. Existing networks receive IDs automatically. - Podman networks now also support labels. They can be added via the --label option to network create, and podman network ls can filter labels based on them. - The podman network create command now supports setting bridge MTU and VLAN through the --opt option (#8454). - The podman container checkpoint and podman container restore commands can now checkpoint and restore containers that include volumes. - The podman container checkpoint command now supports the --with-previous and --pre-checkpoint options, and the podman container restore command now support the --import-previous option. These add support for two-step checkpointing with lowered dump times. - The podman push command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails. - The podman generate kube command can now be run on multiple containers at once, and will generate a single pod containing all of them. - The podman generate kube and podman play kube commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML (#9132). - The podman generate kube command now properly supports generating YAML for containers and pods creating using host networking (--net=host) (#9077). - The podman kill command now supports a --cidfile option to kill containers given a file containing the container's ID (#8443). - The podman pod create command now supports the --net=none option (#9165). - The podman volume create command can now specify volume UID and GID as options with the UID and GID fields passed to the the --opt option. - Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in containers.conf and use them to create volumes with podman volume create --driver. - The podman run and podman create commands now support a new option, --platform, to specify the platform of the image to be used when creating the container. - The --security-opt option to podman run and podman create now supports the systempaths=unconfined option to unrestrict access to all paths in the container, as well as mask and unmask options to allow more granular restriction of container paths. - The podman stats --format command now supports a new format specified, MemUsageBytes, which prints the raw bytes of memory consumed by a container without human-readable formatting #8945. - The podman ps command can now filter containers based on what pod they are joined to via the pod filter (#8512). - The podman pod ps command can now filter pods based on what networks they are joined to via the network filter. The podman pod ps command can now print information on what networks a pod is joined to via the .Networks specifier to the --format option. - The podman system prune command now supports filtering what containers, pods, images, and volumes will be pruned. - The podman volume prune commands now supports filtering what volumes will be pruned. - The podman system prune command now includes information on space reclaimed (#8658). - The podman info command will now properly print information about packages in use on Gentoo and Arch systems. - The containers.conf file now contains an option for disabling creation of a new kernel keyring on container creation (#8384). - The podman image sign command can now sign multi-arch images by producing a signature for each image in a given manifest list. - The podman image sign command, when run as rootless, now supports per-user registry configuration files in $HOME/.config/containers/registries.d. - Configuration options for slirp4netns can now be set system-wide via the NetworkCmdOptions configuration option in containers.conf. - The MTU of slirp4netns can now be configured via the mtu= network command option (e.g. podman run --net slirp4netns:mtu=9000). * Security - A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. * Changes - Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull. - The podman load command no longer accepts a NAME[:TAG] argument. The presence of this argument broke CLI compatibility with Docker by making docker load commands unusable with Podman (#7387). - The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more here. - The legacy Varlink API has been completely removed from Podman. - The default log level for Podman has been changed from Error to Warn. - The podman network create command can now create macvlan networks using the --driver macvlan option for Docker compatibility. The existing --macvlan flag has been deprecated and will be removed in Podman 4.0 some time next year. - The podman inspect command has had the LogPath and LogTag fields moved into the LogConfig structure (from the root of the Inspect structure). The maximum size of the log file is also included. - The podman generate systemd command no longer generates unit files using the deprecated KillMode=none option (#8615). - The podman stop command now releases the container lock while waiting for it to stop - as such, commands like podman ps will no longer block until podman stop completes (#8501). - Networks created with podman network create --internal no longer use the dnsname plugin. This configuration never functioned as expected. - Error messages for the remote Podman client have been improved when it cannot connect to a Podman service. - Error messages for podman run when an invalid SELinux is specified have been improved. - Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace. - Pod infra containers now respect default sysctls specified in containers.conf allowing for advanced configuration of the namespaces they will share. - SSH public key handling for remote Podman has been improved. * Bugfixes - Fixed a bug where the podman history --no-trunc command would truncate the Created By field (#9120). - Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the Networks field of the output of podman inspect (#6618). - Fixed a bug where, under some circumstances, container working directories specified by the image (via the WORKDIR instruction) but not present in the image, would not be created (#9040). - Fixed a bug where the podman generate systemd command would generate invalid unit files if the container was creating using a command line that included doubled braces ({{ and }}), e.g. --log-opt-tag={{.Name}} (#9034). - Fixed a bug where the podman generate systemd --new command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. podman run -dt) (#8847). - Fixed a bug where the podman generate systemd --new command could generate unit files that did not handle Podman commands including some special characters (e.g. $) (#9176 - Fixed a bug where rootless containers joining CNI networks could not set a static IP address (#7842). - Fixed a bug where rootless containers joining CNI networks could not set network aliases (#8567). - Fixed a bug where the remote client could, under some circumstances, not include the Containerfile when sending build context to the server (#8374). - Fixed a bug where rootless Podman did not mount /sys as a new sysfs in some circumstances where it was acceptable. - Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error. - Fixed a bug where the podman play kube command did not properly handle CMD and ARGS from images (#8803). - Fixed a bug where the podman play kube command did not properly handle environment variables from images (#8608). - Fixed a bug where the podman play kube command did not properly print errors that occurred when starting containers. - Fixed a bug where the podman play kube command errored when hostNetwork was used (#8790). - Fixed a bug where the podman play kube command would always pull images when the :latest tag was specified, even if the image was available locally (#7838). - Fixed a bug where the podman play kube command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable (#8710). - Fixed a bug where the podman generate kube command incorrectly populated the args and command fields of generated YAML (#9211). - Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared /etc/hosts file every time the container restarted (#8921). - Fixed a bug where the podman search --list-tags command did not support the --format option (#8740). - Fixed a bug where the http_proxy option in containers.conf was not being respected, and instead was set unconditionally to true (#8843). - Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers (#8798). - Fixed a bug where the podman images command would break and fail to display any images if an empty manifest list was present in storage (#8931). - Fixed a bug where locale environment variables were not properly passed on to Conmon. - Fixed a bug where Podman would not build on the MIPS architecture (#8782). - Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a --uidmap option that included a mapping beginning with UID 0. - Fixed a bug where the podman logs command using the k8s-file backend did not properly handle partial log lines with a length of 1 (#8879). - Fixed a bug where the podman logs command with the --follow option did not properly handle log rotation (#8733). - Fixed a bug where user-specified HOSTNAME environment variables were overwritten by Podman (#8886). - Fixed a bug where Podman would applied default sysctls from containers.conf in too many situations (e.g. applying network sysctls when the container shared its network with a pod). - Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores (#8176). - Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host (#8506). - Fixed a bug where the --privileged option to podman run and podman create would, under some circumstances, not disable Seccomp (#8849). - Fixed a bug where the podman exec command did not properly add capabilities when the container or exec session were run with --privileged. - Fixed a bug where rootless Podman would use the --enable-sandbox option to slirp4netns unconditionally, even when pivot_root was disabled, rendering slirp4netns unusable when pivot_root was disabled (#8846). - Fixed a bug where podman build --logfile did not actually write the build's log to the logfile. - Fixed a bug where the podman system service command did not close STDIN, and could display user-interactive prompts (#8700). - Fixed a bug where the podman system reset command could, under some circumstances, remove all the contents of the XDG_RUNTIME_DIR directory (#8680). - Fixed a bug where the podman network create command created CNI configurations that did not include a default gateway (#8748). - Fixed a bug where the podman.service systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started (#8751). - Fixed a bug where, if the TMPDIR environment variable was set for the container engine in containers.conf, it was being ignored. - Fixed a bug where the podman events command did not properly handle future times given to the --until option (#8694). - Fixed a bug where the podman logs command wrote container STDERR logs to STDOUT instead of STDERR (#8683). - Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag (#8547). - Fixed a bug where container capabilities were not set properly when the --cap-add=all and --user options to podman create and podman run were combined. - Fixed a bug where the --layers option to podman build was nonfunctional (#8643). - Fixed a bug where the podman system prune command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to podman system prune (#7990). - Fixed a bug where the --publish option to podman run and podman create did not properly handle ports specified as a range of ports with no host port specified (#8650). - Fixed a bug where --format did not support JSON output for individual fields (#8444). - Fixed a bug where the podman stats command would fail when run on root containers using the slirp4netns network mode (#7883). - Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication (#8498). - Fixed a bug where the podman stats command would fail if the system did not support one or more of the cgroup controllers Podman supports (#8588). - Fixed a bug where the --mount option to podman create and podman run did not ignore the consistency mount option. - Fixed a bug where failures during the resizing of a container's TTY would print the wrong error. - Fixed a bug where the podman network disconnect command could cause the podman inspect command to fail for a container until it was restarted (#9234). - Fixed a bug where containers created from a read-only rootfs (using the --rootfs option to podman create and podman run) would fail (#9230). - Fixed a bug where specifying Go templates to the --format option to multiple Podman commands did not support the join function (#8773). - Fixed a bug where the podman rmi command could, when run in parallel on multiple images, return layer not known errors (#6510). - Fixed a bug where the podman inspect command on containers displayed unlimited ulimits incorrectly (#9303). - Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories (#6003). API - Libpod API version has been bumped to v3.0.0. - All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error (#8865). - The Compat API for Containers now supports the Rename and Copy APIs. - Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses. - Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a "no such file" error if an invalid executable was passed) (#8281) - Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored (#8649). - Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. container:, correctly. - Fixed a bug where the Compat Create API for Containers did not set container name properly. - Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in containers.conf is now used). - Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker. - Fixed a bug where Podman did not properly clean up after calls to the Events API when the journald backend was in use, resulting in a leak of file descriptors (#8864). - Fixed a bug where the Libpod Pull endpoint for Images could fail with an index out of range error under certain circumstances (#8870). - Fixed a bug where the Libpod Exists endpoint for Images could panic. - Fixed a bug where the Compat List API for Containers did not support all filters (#8860). - Fixed a bug where the Compat List API for Containers did not properly populate the Status field. - Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters (#7102). - Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response (#8758). - Fixed a bug where the Compat Load API for Images did not properly clean up temporary files. - Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified. - Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope. - Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did. * Misc - Updated Buildah to v1.19.2 - Updated the containers/storage library to v1.24.5 - Updated the containers/image library to v5.10.2 - Updated the containers/common library to v0.33.4 ==== polkit ==== Subpackages: libpolkit0 - Move /etc/dbus-1/system.d to /usr/share/dbus-1/system.d, the first location is only for admin changes - Move pam configuration to /usr/etc/pam.d ==== procps ==== Subpackages: libprocps8 - Don't install translated man pages for non-installed binaries (uptime, kill). - Remove /usr/share/man/uk dir to file list for lang sub package: It's now provided by filesystem. ==== psmisc ==== - Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch * Fix bsc#1178407: fuser does not show open kvm storage image files such as qcow2 files. Patch from Ali Abdallah ==== python-Babel ==== - Substitute broken %ifpython3 macro ==== python-importlib-metadata ==== Version update (3.4.0 -> 3.7.0) - update to 3.7.0: * #131: Added ``packages_distributions`` to conveniently resolve a top-level package or module to its distribution(s). * #284: Introduces new ``EntryPoints`` object, a tuple of ``EntryPoint`` objects but with convenience properties for selecting and inspecting the results: - ``.select()`` accepts ``group`` or ``name`` keyword parameters and returns a new ``EntryPoints`` tuple with only those that match the selection. - ``.groups`` property presents all of the group names. - ``.names`` property presents the names of the entry points. - Item access (e.g. ``eps[name]``) retrieves a single entry point by name. ``entry_points`` now accepts "selection parameters", same as ``EntryPoint.select()``. ``entry_points()`` now provides a future-compatible ``SelectableGroups`` object that supplies the above interface but remains a dict for compatibility. In the future, ``entry_points()`` will return an ``EntryPoints`` object, but provide for backward compatibility with a deprecated ``__getitem__`` accessor by group and a ``get()`` method. If passing selection parameters to ``entry_points``, the future behavior is invoked and an ``EntryPoints`` is the result. Construction of entry points using ``dict([EntryPoint, ...])`` is now deprecated and raises an appropriate DeprecationWarning and will be removed in a future version. * #280: ``entry_points`` now only returns entry points for unique distributions (by name). ==== python-jsonpointer ==== Version update (2.0 -> 2.1) - update to 2.1: * py 3.7-3.9 support * Avoid converting readme to rST for PyPI upload * Fix typos in messages * Use SVG versions of status icons in README.md ==== python-more-itertools ==== Version update (8.6.0 -> 8.7.0) - update to 8.7.0: * New functions * :func:`convolve` * :func:`product_index`, :func:`combination_index`, and :func:`permutation_index` * :func:`value_chain` * Changes to existing functions * :func:`distinct_combinations` now uses a non-recursive algorithm * :func:`pad_none` is now the preferred name for :func:`padnone`, though the latter remains available. * :func:`pairwise` will now use the Python standard library implementation on Python 3.10+ * :func:`sort_together` now accepts a ``key`` argument * :func:`seekable` now has a ``peek`` method, and can indicate whether the iterator it's wrapping is exhausted * :func:`time_limited` can now indicate whether its iterator has expired * The implementation of :func:`unique_everseen` was improved * Other changes: * Various documentation updates ==== python-networkx ==== - Refine the optional test dependencies. We want to test python39 in the future. - Re-enable Python 3.6 builds without optional dependencies - Add test dependencies lxml, pandas and pygraphviz ==== python-packaging ==== Version update (20.8 -> 20.9) - update to 20.9: * Run [isort](https://pypi.org/project/isort/) over the code base (:issue:`377`) * Add support for the ``macosx_10_*_universal2`` platform tags (:issue:`379`) * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()`` ==== python-pytz ==== - Bump tzdata_version ==== python-pyzmq ==== - Clean up of SPEC file, while investigating test suite errors. ==== python-zipp ==== Version update (3.4.0 -> 3.4.1) - update to 3.4.1: * refresh packaging ==== python38 ==== Version update (3.8.7 -> 3.8.8) - Update to 3.8.8: - bpo#42938 (bsc#1181126): Avoid static buffers when computing the repr of ctypes.c_double and ctypes.c_longdouble values. This issue was assigned CVE-2021-3177. - bpo#42967 (bso#1182379): Fix web cache poisoning vulnerability by defaulting the query args separator to &, and allowing the user to choose a custom separator. This issue was assigned CVE-2021-23336. - Remove bsc1167501-invalid-alignment.patch and CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch, which were included into the upstream tarball. ==== python38-core ==== Version update (3.8.7 -> 3.8.8) Subpackages: libpython3_8-1_0 python38-base - Update to 3.8.8: - bpo#42938 (bsc#1181126): Avoid static buffers when computing the repr of ctypes.c_double and ctypes.c_longdouble values. This issue was assigned CVE-2021-3177. - bpo#42967 (bso#1182379): Fix web cache poisoning vulnerability by defaulting the query args separator to &, and allowing the user to choose a custom separator. This issue was assigned CVE-2021-23336. - Remove bsc1167501-invalid-alignment.patch and CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch, which were included into the upstream tarball. ==== rakkess ==== Version update (0.4.4 -> 0.4.7) - Update to version 0.4.7: * Fix Makefile * Create tag v0.4.7 * Upgrade dependencies (#125) * Remove UPX postprocessing for Darwin builds (#124) * Create tag v0.4.6 * Update dependencies k8s -> 0.19.4 (#105) * Bump golangci-lint to 1.31.0 (#94) * Bump github.com/spf13/cobra from 1.0.0 to 1.1.0 (#93) * Bump k8s dependencies from 0.18.8 to 0.19.2 (#91) * Create tag v0.4.5 ==== raspberrypi-firmware ==== Version update (2021.01.21 -> 2021.03.10) - Fix previous change. No need to set DWC2 in host mode. OTG works fine on production CM4 IO boards. It was being tested earlier on a pre-release development board. (bsc#1183241) - Run pre_checkin.sh, which fixed some style issues. - Set CM4's DWC2 in host mode by default (bsc#1183241) - Update to 0591568b29 (2021-03-10) (bsc#1183444): * firmware: video_decode lockup handling * firmware: isp: Initialise extras to avoid vpitch being random * firmware: usb: Fix dropouts with USB ethernet gadget * firmware: imx477: Allow long exposures for the binned modes. * firmware: arm_dispmanx: Use ALPHA_MIX flag * firmware: power: Refactor the interface to the PMICs * firmware: platform: vl805: Get BAR2 address from PCIe BAR2 registers * firmware: arm_loader: Return all borrowed DMA channels - Fix typo s/pannel/panel/ - Enable bluetooth over PL011 by default (jsc#SLE-17223) - Enable VC4 by default on RPi4 (jsc#SLE-12151) ==== raspberrypi-firmware-config ==== Version update (2021.01.21 -> 2021.03.10) - Fix previous change. No need to set DWC2 in host mode. OTG works fine on production CM4 IO boards. It was being tested earlier on a pre-release development board. (bsc#1183241) - Run pre_checkin.sh, which fixed some style issues. - Set CM4's DWC2 in host mode by default (bsc#1183241) - Update to 0591568b29 (2021-03-10) (bsc#1183444): * firmware: video_decode lockup handling * firmware: isp: Initialise extras to avoid vpitch being random * firmware: usb: Fix dropouts with USB ethernet gadget * firmware: imx477: Allow long exposures for the binned modes. * firmware: arm_dispmanx: Use ALPHA_MIX flag * firmware: power: Refactor the interface to the PMICs * firmware: platform: vl805: Get BAR2 address from PCIe BAR2 registers * firmware: arm_loader: Return all borrowed DMA channels - Fix typo s/pannel/panel/ - Enable bluetooth over PL011 by default (jsc#SLE-17223) - Enable VC4 by default on RPi4 (jsc#SLE-12151) ==== raspberrypi-firmware-dt ==== Version update (2021.01.22 -> 2021.03.15) - Update to 16991af20b (2021-03-15) (bsc#1183238): * overlays: Add pcie-32bit-dma overlay - Introduce enable-bt-overlay.dts (bsc#1182759) ==== rbac-lookup ==== Version update (0.3.2 -> 0.6.3) - Update to 0.6.3 * Update dependencies * Fix logic with service accounts * Update for kube 1.18 and client-go 1.18 * adding kubeconfig command line option * Service account namespace output ==== rdma-core ==== Version update (31.3 -> 33.1) Subpackages: libefa1 libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1 - Update to rdma-core v33.1 - No release notes available - Drop support for libnes - Drop support for libnes by removing patch: - Revert-libnes-Remove-libnes-from-rdma-core.patch - Refresh patches against latest sources: - Revert-libcxgb3-Remove-libcxgb3-from-rdma-core.patch - cxgb3-nes-fix-declaration-of-free_context.patch has been replaced by cxgb3-fix-declaration-of-free_context.patch - Add patches for cxgb3 support against newest API - cxgb3-fix-support-for-new-uquery-API.patch - Enable LTO support - Trigger udevadm in rdma-ndd %post (bsc#1182391) ==== rebootmgr ==== Version update (1.3 -> 1.3.1) - Update to version 1.3.1 - Move all dbus config files to /usr/share/dbus-1 ==== rook ==== Version update (1.4.5+git5.ge3c837f8 -> 1.5.7+git4.gae949004e) - Update to v1.5.7 * Ceph * CSI Troubleshooting Guide (#7157) * Print device information in OSD prepare logs (#7194) * Expose vault curl error in the OSD init container for KCS configurations (#7193) * Prevent re-using a device to configure an OSD on PVC from a previous cluster (#7170) * Remove crash collector if all Ceph pods moved off a node (#7160) * Add helm annotation to keep CRDs in the helm chart during uninstall (#7162) * Bind mgr modules to all interfaces instead of pod ip (#7151) * Check for orchestration cancellation while waiting for all OSDs to start (#7112) * Skip pdb reconcile on create and delete events (#7155) * Silence harmless errors in log when the operator is still initializing (#7056) * Add --extra-create-metadata flag to the CSI driver (#7147) * Add deviceClass to the object store schema (#7132) * Simplify the log-collector container name (#7133) * Skip csi detection if CSI is disabled (#6866) * Remove Rook pods stuck in terminating state on a failed node (#6999) * Timeout for rgw configuration to prevent stuck object store when no healthy OSDs (#7075) * Update lib bucket provisioner for OBCs (#7086) - Drop csi-images-SUSE.patch - Derive CSI and sidecar image versions from code defaults rather than images found in the build service - Update to v1.4.7 * Ceph * Log warning about v14.2.13 being an unsupported Ceph version due to errors creating new OSDs (#6545) * Disaster recovery guide for PVCs (#6452) * Set the deviceClass for OSDs in non-PVC clusters (#6545) * External cluster script to fail if prometheus port is not default (#6504) * Remove the osd pvc from the osd purge job (#6533) * External cluster script added additional checks for monitoring endpoint (#6473) * Ignore Ceph health error MDS_ALL_DOWN during reconciliation (#6494) * Add optional labels to mon pods (#6515) * Assert type for logging errors before using it (#6503) * Check for orphaned mon resources with every reconcile (#6493) * Update the mon PDBs if the maxUnavailable changed (#6469) * NFS * Update documentation and examples (#6455) - Drop OFFSET from cephcsi image tag - Update helm chart to use appropriate version prefix for the final registry destination (e.g. registry.suse.com or registry.opensuse.org) - Improve consistency with image tags - Update to v1.4.6 * Support IPv6 single-stack (#6283) * Only start a single CSI provisioner in single-node test clusters (#6437) * Raw mode OSD on LV-backed PVC (#6184) * Capture ceph-volume detailed log in non-pvc scenario on failure (#6426) * Add --upgrade option to external cluster script (#6392) * Capture stderr when executing ceph commands and write to log (#6395) * Reduce the retry count for the bucket health check for more accurate status (#6408) * Prevent closing of monitoring channel more than once (#6369) * Check underlying block status for encrypted OSDs (#6367) - Add 'latest' and appVersion tags to helm chart - Include sample manifests in helm chart - Set the helm chart version to the rook version - Minor fix to helm chart to ensure SemVer formatting - Fix typo in sample cluster.yaml - Update the operator.yaml ConfigMap to reflect the default SUSE images that are used rather than upstreams. - Fix indentation of patch tabs to match original ==== rpm ==== Subpackages: librpmbuild9 - Remove debugedit.diff and include dwarf5.diff in order to support debug DWARF 5 that will be added with GCC 11. ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-standalone-formulas-configuration - virt.network_update: handle missing ipv4 netmask attribute - Added: * virt.network_update-handle-missing-ipv4-netmask-attr.patch - Set distro requirement to oldest supported version in requirements/base.txt - Added: * 3002-set-distro-requirement-to-oldest-supported-vers.patch - Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474) - Don't require python3-certifi - Added: * do-not-monkey-patch-yaml-bsc-1177474.patch - Fix race conditions for corner cases when handling SIGTERM by minion (bsc#1172110) - Added: * prevent-race-condition-on-sigterm-for-the-minion-bsc.patch - Allow extra_filerefs as sanitized kwargs for SSH client - Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) - Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) - Implementation of suse_ip execution module to prevent issues with network.managed (bsc#1099976) - Add sleep on exception handling on minion connection attempt to the master (bsc#1174855) - Allows for the VMware provider to handle CPU and memory hot-add in newer versions of the software. (bsc#1181347) - Always require python-certifi (used by salt.ext.tornado) - Bring missing part of async batch implementation back (bsc#1182382) (CVE-2021-25315) - Added: * implementation-of-suse_ip-execution-module-bsc-10999.patch * fix-regression-on-cmd.run-when-passing-tuples-as-cmd.patch * async-batch-implementation-fix-320.patch * add-sleep-on-exception-handling-on-minion-connection.patch * allow-extra_filerefs-as-sanitized-kwargs-for-ssh-cli.patch * fix-for-some-cves-bsc1181550.patch * fixes-56144-to-enable-hotadd-profile-support.patch - Always require python3-distro (bsc#1182293) ==== selinux-policy ==== Version update (20210111 -> 20210223) Subpackages: selinux-policy-targeted - Update to version 20210223 - Change name of tar file to a more common schema to allow parallel installation of several source versions - Adjust fix_init.patch ==== snapper ==== Subpackages: libsnapper5 - updated translations (bsc#1149754) ==== sqlite3 ==== Version update (3.34.1 -> 3.35.0) - update to 3.35.0: * Added built-in SQL math functions(). (Requires the -DSQLITE_ENABLE_MATH_FUNCTIONS compile-time option.) * Added support for ALTER TABLE DROP COLUMN. * Generalize UPSERT: * Allow multiple ON CONFLICT clauses that are evaluated in order, * The final ON CONFLICT clause may omit the conflict target and yet still use DO UPDATE. * Add support for the RETURNING clause on DELETE, INSERT, and UPDATE statements. * Use less memory when running VACUUM on databases containing very large TEXT or BLOB values. It is no longer necessary to hold the entire TEXT or BLOB in memory all at once. * Add support for the MATERIALIZED and NOT MATERIALIZED hints when specifying common table expressions. The default behavior was formerly NOT MATERIALIZED, but is now changed to MATERIALIZED for CTEs that are used more than once. * The SQLITE_DBCONFIG_ENABLE_TRIGGER and SQLITE_DBCONFIG_ENABLE_VIEW settings are modified so that they only control triggers and views in the main database schema or in attached database schemas and not in the TEMP schema. TEMP triggers and views are always allowed. * Query planner/optimizer improvements * Enhance the ".stats" command to accept new arguments "stmt" and "vmstep", causing prepare statement statistics and only the virtual-machine step count to be shown, respectively. * Add the ".filectrl data_version" command. * Enhance the ".once" and ".output" commands so that if the destination argument begins with "|" (indicating that output is redirected into a pipe) then the argument does not need to be quoted. * Fix a bug in the IN-operator optimization of version 3.33.0 that can cause an incorrect answer. * Fix incorrect answers from the LIKE operator if the pattern ends with "%" and there is an "ESCAPE '_'" clause. ==== sssd ==== Version update (2.4.0 -> 2.4.2) Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Update to release 2.4.2 * Default value of "user" config option was fixed into accordance with man page, i.e. default is "root". * pam_sss_gss now support authentication indicators to further harden the authentication. - Pass --with-pid-path=%{_rundir} to configure: adjust rundir according the distro settings, i.e. /run on modern systems. Eliminates a systemd warning like this one in the journal: Feb 12 12:33:32 zeus systemd[1]: /usr/lib/systemd/system/sssd.service:13: PIDFile= references a path below legacy directory /var/run/, updating /var/run/sssd.pid ? /run/sssd.pid; please update the unit file accordingly. - Update to release 2.4.1 * New PAM module pam_sss_gss for authentication using GSSAPI. * case_sensitive=Preserving can now be set for trusted domains with AD and IPA providers. * krb5_use_subdomain_realm=True can now be used when sub-domain user principal names have upnSuffixes which are not known in the parent domain. SSSD will try to send the Kerberos request directly to a KDC of the sub-domain. * SYSLOG_IDENTIFIER was renamed to SSSD_PRG_NAME in journald output, to avoid issues with PID parsing in rsyslog (BSD-style forwarder) output. * Added pam_gssapi_check_upn to enforce authentication only with principal that can be associated with target user. * Added pam_gssapi_services to list PAM services that can authenticate using GSSAPI. ==== supportutils ==== - Fixed mismatched taint flags (bsc#1178491) - Removed redundant fdisk code that can cause timeout issues (bsc#1181679) - Supportconfig processes -f without hanging (bsc#1182904) - Remove net-tools from requires, it does not contain any tool anymore used by supportutils pr#96 - Collect logs for power specific components (using iprconfig) pr#94 (bsc#1182950) + Additional nvme information + Additional kdump configuration and logs ==== system-users ==== Subpackages: system-group-hardware system-group-kvm system-user-nobody - Revert /var/lib/ntp to the ownership and permissions it had in the ntp package. It should be owned by root and not be writable by the ntp user, because it is the base of ntpd's chroot envoronment and the ntp user is not supposed to log in anyway. ==== systemd ==== Version update (246.10 -> 246.11) Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Import commit 9753d1c17545a5d46530696cb14254f5f12024f1 (merge of v246.11) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/134cf1c8bc3e361a2641161aa11ac2b5b990480b...9753d1c17545a5d46530696cb14254f5f12024f1 - Rebase 0001-conf-parser-introduce-early-drop-ins.patch - Import commit 13bc08870147b35f87cefb074aec22e767b7ac04 846d61e0a1 boot: Move console declarations to missing_efi.h 171a37228b boot: Add startswith() and endswith() functions with no_case variants 0fad9f309a boot: Drop unnecessary braces c38bbb0874 boot: Fix void pointer arithmetic warning 438210924b boot: Replace raw efivar gets with typed variants e46cb3e4a0 boot: Add efivar_get/set_uint64_le() functions e16bee35c8 boot: Rename efivar_get/set_int() to efivar_get/set_uint_string() 2808d0e9a3 boot: Tighten scope of variables used in loops d3f3d57743 boot: Add efivar_get_boolean_u8() 0551ecce71 boot: Make all efivar util functions take the guid as an argument 8376ba3b9f boot: Turn all guid constants into C99 compound initializers 166fc2dad2 boot: Enable C99 c87d66e261 boot: Move Secure Boot logic to new file da7bba9438 udev: fix memleak e06139117c nspawn: make rootfs relative to oci bundle path (bsc#1182598) 8ba587d46c PATCH] Always free deserialized_subscribed on reload (bsc#1180020) - Make sure the udev socket units are reloaded during udev package updates - fix-machines-btrfs-subvol.sh is only shipped when machined is built - systemd requires aaa_base >= 13.2 This dependency is required because 'systemctl {is-enabled,enable,disable} " ends up calling systemd-sysv-install which in its turn calls "chkconfig - -no-systemctl". aaa_base package has a weird versioning but the '--no-systemctl' option has been introduced starting from SLE12-SP2-GA, which shipped version "13.2+git20140911.61c1681". Spotted in bsc#1180083. ==== systemd-default-settings ==== Version update (0.5 -> 0.7) Subpackages: systemd-default-settings-branding-SLE systemd-default-settings-branding-openSUSE - Import 0.7 2a61f77 Convert our configuration file dropins into 'early' ones - Import 0.6 d3fab7c Introduce SLE-Micro branding ==== toolbox ==== Version update (2.1+git20210203.a669e3a -> 2.1+git20210305.ca2bc53) - Update to version 2.1+git20210305.ca2bc53: * Avoid copying the user setup script with 'podman cp' - Update to version 2.1+git20210226.daeb191: * Set trap only after option parsing (#22) - Update to version 2.1+git20210225.5c541c8: * Check sub{u,g}id if rootless, and fail early if they're not setup * Fix creating a container with a specific name with `-c` - Update to version 2.1+git20210208.a720b25: * Alleviate the need for zypper in the user toolbox script * Consolidate logging and help debugging of the user toolbox's script * Export machine-id and IPC inside the toolbox (IPC, user only) * Fix (more) formatting... ==== transactional-update ==== Version update (3.1.4 -> 3.2.0) Subpackages: dracut-transactional-update libtukit0 transactional-update-zypp-config tukit - Version 3.2.0 - tukit: Add new command 'callext' to execute an application while the snapshot is mounted. '{}' as a parameter will be replaced with the path of the bind mount. - Fix --drop-if-no-change [boo#1182525] - Check whether self-updated version is executable (e.g. on noexec /tmp) [bsc#1173842] - Fix overlay synchronisation with SELinux (again) - Always overwrite supplemental files (e.g. for network configuration) even if they exist in the snapshot already [boo#1182544] - Improve logging and error messages ==== u-boot-rpiarm64 ==== Subpackages: u-boot-rpiarm64-doc - Fix confname assignment for zynqmp and zynq case (bsc#1182962) - Guard 'export BL31' for sun50i_h6 and sun50i_a64 with '%{with uboot_atf}' condition (bsc#1182962) - update_git.sh: use safe tmp directories, use authenticated https:// procotol. - Build with arm-trusted-firmware for Tumbleweed - Drop unused uboot_atf_pine64 option ==== userspace-rcu ==== Version update (0.12.1 -> 0.12.2) - update to 0.12.2: * fix: exclude clang from GCC version blacklists * aarch64: blacklist gcc prior to 5.1 * Fix: configure: support Autoconf 2.70 * fix: bump tests thread limit to 4096 * cleanup: Improve wording of CONFIG_RCU_DEBUG description * fix: explicitly include urcu/config.h in files using CONFIG_RCU_ defines * Fix typo in README.md * fix: add -lurcu-common to pkg-config libs for each flavor * call_rcu: Fix race between rcu_barrier() and call_rcu_data_free() ==== vim ==== Version update (8.2.2411 -> 8.2.2607) Subpackages: vim-data-common vim-small - Updated to version 8.2.2607, fixes the following problems * Focus events end Insert mode if 'esckeys' is not set. * Vim9: "..=" not always recognized. * Vim9: Function name is not recognized. * Vim9: no error if variable is defined for existing function. * Second time a preview popup is opened highlight is not set. (Gabriel Dupras) * 'fillchars' "stl" and "stlnc" items must be single byte. * Tests fail when run as root. * Test may leave file behind. * Vim9: crash when getting the types for a legacy function. * Vim9: using invalid pointer for error message. * Vim9: crash when calling partial with wrong function. * Vim9: a function name with "->" in the next line doesn't work. * Vim9: defining a :func function checks for white space after a comma in the arguments. * Compiler warning for type conversion. * Lua cannot handle a passed in lambda. * Vim9: crash in garbagecollect after for loop. * Vim9: checking vararg type is wrong when function is auto-loaded. * Vim9: sourcing Vim9 script triggers a redraw. * Vim9: screendump test fails on MS-Windows. * Vim9: cannot compare result of getenv() with null. * Vim9: type error for assigning the result of list concatenation to a list. * Vim9: illegal memory access. * Process id may be invalid. * Recover test fails on FreeBSD. * Build failure with tiny features. * Recover test hangs in the GUI. * Vim9: default argument value may cause internal error. * Poke files are not recognized. * Code coverage could be improved. * List of distributed files is incomplete. * Alternate buffer added to session file even when it's hidden. * Setting 'winminheight' may cause 'lines' to change. * :doautocmd may confuse scripts listening to WinEnter. * Vim9: "import * as" does not work at script level. * Vim9: :open does not need to be supported. * Build failure. * Vim9: crash when putting an unknown type in a dictionary. (Yegappan Lakshmanan) * Memory usage test often fails on FreeBSD. * Vim9: continue doesn't work if :while is very first command. (Yegappan Lakshmanan) * Vim9: no effect if user command is also a function. * GUI-specific command line arguments not tested. * Vim9: string index and slice does not include composing chars. * strchars() defaults to counting composing characters. * strcharpart() cannot include composing characters. - Updated to version 8.2.2564, fixes the following problems * Not all fields in "cstack" are initialized which might cause a crash. * Crash when using :all while using a cmdline window. (Zdenek Dohnal) * Using freed memory when closing the cmdline window. * No way to check for the cmdwin feature, cmdline_hist is now always enabled. * May get stuck in command line window state. * Condition stack values may be used when not set. * Color not changed if ModeMsg highlight is set in InsertEnter autocmd event. (Paul Swanson) * Autocmd test was failing on MS-Windows with GUI. * Too many problems with using all autocommand events. * Double free when using autocommand with "argdel". (Houyunsong) * Crash when deleting with line number out of range. (Houyunsong) * Missing error message. * Some tests are known to cause an error with ASAN. * Cursor on invalid line with range and :substitute. * Allowing 'completefunc' to switch windows causes trouble. * Can still switch windows for 'completefunc'. * FocusGained does not work when 'ttymouse' is empty. * :goto does not work correctly with text properties. (Sam McCall) * :vimgrep expands wildcards twice. * Warning for -fno-strength-reduce with Clang 11. * Libvterm tests are executed even when libtool doesn't work. * Opening cmdline window gives error in BufLeave autocommand. * Vim9: no error when compiling str2nr() with a number. * setline() gives an error for some types. * Vim9 script test is a bit flaky. * Deprecation warnings with default configuration. * Out of bounds compiler warning. - vim-changelog.sh: * use https:// URL for authenticity. For this URL needs to be changed to nluugl.nl which is the actual server behind this and the SSL certificate only works for this URL. * Check for number of arguments. * Maintain leading zeroes in version arguments, otherwise things like `vim-changelog.sh 0007 0010` fail to work. - install suse vimrc in /usr (boo#1182324, vim-8.2.2411-globalvimrc.patch). Add back some settings from defaults.vim that were in suse.vimrc before - prevent double loading of spec.vim ==== wicked ==== Version update (0.6.64 -> 0.6.65) Subpackages: wicked-service - version 0.6.65 - ifconfig: differentiate if to re-trigger dad on address updates (bsc#1177215) - client: parse sysctl files in the correct order (bsc#1181186) - ifup: fix for set up with unenslave from unconfigured master (boo#954329) - rpm: prepare for new builds using usrmerged rpm macro (boo#1029961) - rpm: Let wicked-service also provide service(network) - cleanup: remove obsolete use-nanny=false (gh#openSUSE/wicked#815) - dbus: add variant container, generic object-path and uint32 array macros ==== wpa_supplicant ==== - Fix systemd device ready dependencies in wpa_supplicant@.service file. (see: https://forums.opensuse.org/showthread.php/547186-wpa_supplicant-service-fails-on-boot-succeeds-on-restart?p=2982844#post2982844) - Add CVE-2021-27803.patch -- P2P provision discovery processing vulnerability (bsc#1182805) ==== xfsprogs ==== Version update (5.10.0 -> 5.11.0) - update to v5.11.0: - xfs_admin: don't hide xfs_repair output when upgrading - man: document attr2, ikeep option deprecation in xfs.5 - mkfs: make use of xfs_validate_stripe_geometry() - mkfs: fix wrong inobtcount usage error output - xfs_repair: enable bigtime upgrade via repair - xfs_repair: enable inobtcount upgrade via repair - xfs_repair: set NEEDSREPAIR on first write - xfs_repair: clear the needsrepair flag when done - xfs_repair: check dquot id and type - xfs_fsr: Verify bulkstat version in qsort's cmp() - xfs_fsr: Interpret args of qsort's cmp() correctly - xfs_scrub: load and unload libicu properly - xfs_scrub: various fixes - xfs_admin: support adding features to V5 filesystems - xfs_admin: support filesystems with realtime devices - man: mark all deprecated V4 format options - misc: fix valgrind complaints - xfs_db: disallow label/uuid setting if NEEDSREPAIR - xfs_db: show NEEDSREPAIR in check & version commands - xfs_db: add an ls command - xfs_db: add a directory path lookup command - libxfs changes merged from kernel 5.11 ==== yast2 ==== Version update (4.3.51 -> 4.3.59) - Use meaningful button labels when asking the user if would like to continue when an installation client is missing (related to bsc#1180594). - 4.3.59 - save_y2logs: Make modified content of log files just warning instead of fatal (bsc#1182710 see comment 2) - 4.3.58 - Ask the user if would like to continue when an installation client is missing (related to bsc#1180594). - 4.3.57 - Fix backward compatibility for focus parameter of Report.AnyQuestion/Report.ErrorAnyQuestion (bsc#1183011) - 4.3.56 - Fixed bug introduced while adding auto wrapping (bsc#1179893) - 4.3.55 - Use Auto Wrapping of long lines for Yast2::Popup and Yast::Report (bsc#1179893) - 4.3.54 - Do not use the 'installation-helper' binary to create snapshots during installation or offline upgrade (bsc#1180142). - Add a new exception to properly handle exceptions when reading/writing snapshots numbers (related to bsc#1180142). - 4.3.53 - Added supported migration "openSUSE Leap 15.3" -> SLES (in 15.3 the product has been renamed from "openSUSE" to "Leap") (bsc#1181773) - 4.3.52 ==== zstd ==== Version update (1.4.8 -> 1.4.9) - Update to version 1.4.9 * https://github.com/facebook/zstd/releases/tag/v1.4.9 * >2x Faster Long Distance Mode * New Experimental Decompression Feature: ZSTD_d_refMultipleDDicts * bug: Use umask() to Constrain Created File Permissions * bug: Make Simple Single-Pass Functions Ignore Advanced Parameters * cli: Fix --output-dir-mirror's Rejection of ..-Containing Paths * cli: Allow Input From Console When -f/--force is Passed ==== zypper ==== Version update (1.14.42 -> 1.14.43) Subpackages: zypper-needs-restarting - doc: give more details about creating versioned package locks (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) - version 1.14.43