Packages changed:
bash
boost-base
btrfsprogs (5.11 -> 5.12.1)
busybox (1.33.0 -> 1.33.1)
ca-certificates
ceph (16.2.0.91+g24bd0c4acf -> 16.2.3.26+g422932e923)
cockpit (238.1 -> 243)
containers-systemd (0.0+git20210407.9384691 -> 0.0+git20210507.9afe2a6)
elfutils (0.183 -> 0.184)
ethtool (5.10 -> 5.12)
glibc
grub2
installation-images-MicroOS (17.2 -> 17.3)
k9s (0.24.7 -> 0.24.9)
kernel-firmware (20210419 -> 20210503)
kernel-source (5.12.0 -> 5.12.3)
kexec-tools (2.0.21 -> 2.0.22)
kubernetes
kubernetes1.21
libXfixes (5.0.3 -> 6.0.0)
libcontainers-common
libpng16
libxkbcommon (1.2.1 -> 1.3.0)
libxml2
lua54
microos-tools (2.9 -> 2.10)
ncurses (6.2.20210424 -> 6.2.20210501)
nfs-utils
nvme-cli (1.13 -> 1.14)
oath-toolkit (2.6.6 -> 2.6.7)
open-iscsi
open-vm-tools
patterns-base
patterns-microos
python-Babel (2.9.0 -> 2.9.1)
python-psutil
python-six (1.15.0 -> 1.16.0)
python38 (3.8.9 -> 3.8.10)
python38-core (3.8.9 -> 3.8.10)
readline
rook (1.5.10+git4.g309ad2f64 -> 1.6.2+git0.ge8fd65f08)
runc (1.0.0~rc93 -> 1.0.0~rc94)
shim
snapper
sudo (1.9.6p1 -> 1.9.7)
sysuser-tools
=== Details ===
==== bash ====
- Add official patch bash51-005
* Fix two memory leaks when assigning arrays using compound assignment syntax.
- Add official patch bash51-006
* Make sure child processes forked to run command substitutions are in the
proper process group.
- Add official patch bash51-007
* The code to check readline versions in an inputrc file had the sense of the
comparisons reversed.
- Add official patch bash51-008
* Process substitution FIFOs opened by child processes as targets of redirections
were not removed appropriately, leaving remnants in the file system.
==== boost-base ====
Subpackages: boost-license1_76_0 libboost_thread1_76_0
- use https://
- Also exclude libboost_math_c99l and libboost_math_tr1l on ppc
==== btrfsprogs ====
Version update (5.11 -> 5.12.1)
Subpackages: btrfsprogs-udev-rules libbtrfs0
- Update to 5.12.1
* build: fix missing symbols in libbtrfs
* mkfs: check for minimal number of zones
* check: fix warning about cache generation when free space tree is enabled
* fix superblock write in zoned mode on 16K pages
- Update to 5.12
* libbtrfsutil: relicensed to LGPL v2.1+
* mkfs: zoned mode support (kernel 5.12+)
* fi df: show zone_unusable per profile type in zoned mode
* fi usage: show total amount of zone_unusable
* fi resize: fix message for exact size
* image: fix warning and enlarge output file if necessary
* core
* refactor chunk allocator for more modes
* implement zoned mode support: allocation and writes, sb log
* crypto/hash refactoring and cleanups
* refactoring and cleanups
* other
* test updates
* CI updates
* travis-ci integration disabled
* docker images updated, more coverage
* incomplete build support for Android removed
* doc updates
* chattr mode m for 'NOCOMPRESS"
* swapfile used from fstab
* how to add a new export to libbtrfsutil
* update status of mount options since 5.9
- Update to 5.11.1
* properly format checksums when a mismatch is reported
* check: fix false alert on tree block crossing 64K page boundary
* convert:
* refuse to convert filesystem with 'needs_recovery'
* update documentation to require fsck before conversion
* balance convert: fix raid56 warning when converting other profiles
* fi resize: improved summary
* other
* build: fix checks and autoconf defines
* fix symlink paths for CI support scripts
* updated tests
==== busybox ====
Version update (1.33.0 -> 1.33.1)
- update to 1.33.1:
* httpd: fix sendfile
* ash: fix HISTFILE corruptio
* ash: fix unset variable pattern expansion
* traceroute: fix option parsing
* gunzip: fix for archive corruption
- drop update_passwd_selinux_fix.patch, included upstream
- add upstream signing key and verify source signature
==== ca-certificates ====
- openssl command line tools are no longer required, p11-kit does
the job.
==== ceph ====
Version update (16.2.0.91+g24bd0c4acf -> 16.2.3.26+g422932e923)
Subpackages: ceph-common libcephfs2 librados2 librbd1 librgw2 python3-ceph-argparse python3-ceph-common python3-cephfs python3-rados python3-rbd python3-rgw
- Update to 16.2.3-26-g422932e923:
+ rebased on top of upstream pacific SHA1 381b476cb3900f9a92eb95d03b4850b953cfd79a
Pacific v16.2.3 release
see https://ceph.io/releases/v16-2-3-pacific-released/
* cephadm: normalize image digest in 'ls' output too
Pacific v16.2.2 release
see https://ceph.io/releases/v16-2-2-pacific-released/
- Update to 16.2.1-283-g9f37a4bec4:
+ rebased on top of upstream pacific SHA1 717ce59b76c659aaef8c5aec1355c0ac5cef7234
Pacific v16.2.1 release
see https://ceph.io/releases/v16-2-1-pacific-released/
* (bsc#1183074) - (CVE-2021-20288) ceph: Unauthorized global_id reuse
* (bsc#1184231) cephadm: Allow to use paths in all <_devices> drivegroup sections
==== cockpit ====
Version update (238.1 -> 243)
Subpackages: cockpit-bridge cockpit-system
- install all of pkg/lib in -devel package. Cockpit-machines needs more
- new version 243
https://cockpit-project.org/blog/cockpit-243.html
https://cockpit-project.org/blog/cockpit-242.html
https://cockpit-project.org/blog/cockpit-241.html
https://cockpit-project.org/blog/cockpit-240.html
https://cockpit-project.org/blog/cockpit-239.html
==== containers-systemd ====
Version update (0.0+git20210407.9384691 -> 0.0+git20210507.9afe2a6)
- Update to version 0.0+git20210507.9afe2a6:
* Add files for samba
==== elfutils ====
Version update (0.183 -> 0.184)
Subpackages: libasm1 libdw1 libelf1
- Update to version 0.184:
debuginfod: Use libarchive's bsdtar as the .deb-family file unpacker.
debuginfod-client: Client caches negative results. If a query for a
file failed with 404, an empty 000 permission
file is created in the cache. This will prevent
requesting the same file for the next 10 minutes.
Client objects now carry long-lived curl handles
for outgoing connections. This makes it more
efficient for multiple sequential queries, because
the TCP connections and/or TLS state info are kept
around awhile, avoiding O(100ms) setup latencies.
libdw: handle DW_FORM_indirect when reading attributes
translations: Update Polish translation.
==== ethtool ====
Version update (5.10 -> 5.12)
- update to new upstream release 5.12
* Feature: support lanes count (no option and -s)
* Fix: fix help message for master-slave parameter (-s)
* Fix: better error message for master-slave in ioctl code path
* Fix: get rid of compiler warnings in "make check"
==== glibc ====
Subpackages: glibc-locale-base
- nptl-db-libpthread-load-order.patch: nptl_db: Support different
libpthread/ld.so load orders (bsc#1184214, BZ #27744)
==== grub2 ====
Subpackages: grub2-arm64-efi grub2-snapper-plugin
- Fix plaintext password in grub config didn't work to unlock menu entry if
enabling secure boot in UEFI (bsc#1181892)
==== installation-images-MicroOS ====
Version update (17.2 -> 17.3)
- merge gh#openSUSE/installation-images#510
- openssh-server now uses /usr/etc for its config files
(bsc#1185709)
- 17.3
==== k9s ====
Version update (0.24.7 -> 0.24.9)
- Update to version 0.24.9:
* fix shell issue + bugz
* Dynamically load style for help from skin (#1113)
* Solarized light skin (#1114)
* Update docs
* add rel notes
* when k9s --insecure-skip-tls-verify is set, kubectl would set the same (#1101)
* Add Nord skin (#1103)
* wins palette
* Spelling (#1089)
* Allow to override build date with SOURCE_DATE_EPOCH (#1099)
* Create axual.yml (#934)
* Add gruvbox skins (#1088)
==== kernel-firmware ====
Version update (20210419 -> 20210503)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network
- Update to version 20210503 (git commit ecdfcf8e2ca1):
* i915: Add ADL-P DMC Support
* amdgpu: add new polaris 12 MC firmware
* firmware: nvidia: Add VIC firmware for Tegra194
* qcom: add gpu firmwares for sc7280
* brcm: Add a link to enable khadas VIM2's WiFi
* rtw89: 8852a: update fw to v0.13.8.0
* rtl_bt: Update RTL8852A BT USB firmware to 0xD9A8_7893
* qcom: Add venus firmware files for VPU-2.0
* qcom: update venus firmware files for v5.4
- Move adreno and modem firmware into kernel-firmware-qcom
subpackage
- Update license list and module aliases
- Update to version 20210426 (git commit fa0efeff4894):
* linux-firmware: Update firmware file for Intel Bluetooth AX210
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 9260
* linux-firmware: Update firmware file for Intel Bluetooth AX200
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Intel BT 7265: Fix Security Issues
* linux-firmware: Update firmware file for Intel Bluetooth 8265
* mrvl: prestera: Add Marvell Prestera Switchdev firmware 3.0 version
* rtw88: 8822c: Update normal firmware to v9.9.9
* brcm: add missing symlink for Pi Zero W NVRAM file
* amdgpu: update arcturus firmware from 21.10
* amdgpu: update navy flounder firmware from 21.10
* amdgpu: update sienna cichlid firmware from 21.10
* amdgpu: update vega20 firmware from 21.10
* amdgpu: update picasso firmware from 21.10
* amdgpu: update navi14 firmware from 21.10
* amdgpu: update green sardine firmware from 21.10
* amdgpu: update vega12 firmware from 21.10
* amdgpu: update navi12 firmware from 21.10
* amdgpu: update vega10 firmware from 21.10
* amdgpu: update renoir firmware from 21.10
* amdgpu: update navi10 firmware from 21.10
* amdgpu: update raven2 firmware from 21.10
* amdgpu: update raven firmware from 21.10
* rtl_nic: add new firmware for RTL8153 and RTL8156 series
==== kernel-source ====
Version update (5.12.0 -> 5.12.3)
- Revert "drm/qxl: do not run release if qxl failed to init"
(git-fixes).
- drm/amdgpu/display/dm: add missing parameter documentation
(git-fixes).
- drm/amdgpu/display: remove redundant continue statement
(git-fixes).
- ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable
(git-fixes).
- io_uring: update sq_thread_idle after ctx deleted (git-fixes).
- commit 6e5c933
- Linux 5.12.3 (bsc#1012628).
- bus: mhi: core: Fix check for syserr at power_up (bsc#1012628).
- bus: mhi: core: Clear configuration from channel context during
reset (bsc#1012628).
- bus: mhi: core: Sanity check values from remote device before
use (bsc#1012628).
- bus: mhi: core: Add missing checks for MMIO register entries
(bsc#1012628).
- bus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state
workqueue (bsc#1012628).
- bus: mhi: core: Fix MHI runtime_pm behavior (bsc#1012628).
- bus: mhi: core: Fix invalid error returning in mhi_queue
(bsc#1012628).
- nitro_enclaves: Fix stale file descriptors on failed usercopy
(bsc#1012628).
- dyndbg: fix parsing file query without a line-range suffix
(bsc#1012628).
- s390/disassembler: increase ebpf disasm buffer size
(bsc#1012628).
- s390/zcrypt: fix zcard and zqueue hot-unplug memleak
(bsc#1012628).
- s390/vfio-ap: fix circular lockdep when setting/clearing crypto
masks (bsc#1012628).
- s390/cio: remove invalid condition on IO_SCH_UNREG
(bsc#1012628).
- vhost-vdpa: fix vm_flags for virtqueue doorbell mapping
(bsc#1012628).
- tpm: acpi: Check eventlog signature before using it
(bsc#1012628).
- ACPI: custom_method: fix potential use-after-free issue
(bsc#1012628).
- ACPI: custom_method: fix a possible memory leak (bsc#1012628).
- ftrace: Handle commands when closing set_ftrace_filter file
(bsc#1012628).
- ARM: 9056/1: decompressor: fix BSS size calculation for LLVM
ld.lld (bsc#1012628).
- arm64: dts: marvell: armada-37xx: add syscon compatible to NB
clk node (bsc#1012628).
- arm64: dts: mt8173: fix property typo of 'phys' in dsi node
(bsc#1012628).
- ecryptfs: fix kernel panic with null dev_name (bsc#1012628).
- fs/epoll: restore waking from ep_done_scan() (bsc#1012628).
- reset: add missing empty function reset_control_rearm()
(bsc#1012628).
- mtd: spi-nor: core: Fix an issue of releasing resources during
read/write (bsc#1012628).
- Revert "mtd: spi-nor: macronix: Add support for mx25l51245g"
(bsc#1012628).
- mtd: spinand: core: add missing MODULE_DEVICE_TABLE()
(bsc#1012628).
- mtd: rawnand: atmel: Update ecc_stats.corrected counter
(bsc#1012628).
- mtd: physmap: physmap-bt1-rom: Fix unintentional stack access
(bsc#1012628).
- erofs: add unsupported inode i_format check (bsc#1012628).
- spi: stm32-qspi: fix pm_runtime usage_count counter
(bsc#1012628).
- spi: spi-ti-qspi: Free DMA resources (bsc#1012628).
- libceph: bump CephXAuthenticate encoding version (bsc#1012628).
- libceph: allow addrvecs with a single NONE/blank address
(bsc#1012628).
- scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1012628).
- scsi: lpfc: Fix rmmod crash due to bad ring pointers to
abort_iotag (bsc#1012628).
- scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()
(bsc#1012628).
- scsi: mpt3sas: Only one vSES is present even when IOC has
multi vSES (bsc#1012628).
- scsi: mpt3sas: Block PCI config access from userspace during
reset (bsc#1012628).
- mmc: uniphier-sd: Fix an error handling path in
uniphier_sd_probe() (bsc#1012628).
- mmc: uniphier-sd: Fix a resource leak in the remove function
(bsc#1012628).
- mmc: sdhci: Check for reset prior to DMA address unmap
(bsc#1012628).
- mmc: sdhci-pci: Fix initialization of some SD cards for Intel
BYT-based controllers (bsc#1012628).
- mmc: sdhci-tegra: Add required callbacks to set/clear CQE_EN
bit (bsc#1012628).
- mmc: block: Update ext_csd.cache_ctrl if it was written
(bsc#1012628).
- mmc: block: Issue a cache flush only when it's enabled
(bsc#1012628).
- mmc: core: Do a power cycle when the CMD11 fails (bsc#1012628).
- mmc: core: Set read only for SD cards with permanent write
protect bit (bsc#1012628).
- mmc: core: Fix hanging on I/O during system suspend for
removable cards (bsc#1012628).
- irqchip/gic-v3: Do not enable irqs when handling spurious
interrups (bsc#1012628).
- cifs: Return correct error code from smb2_get_enc_key
(bsc#1012628).
- cifs: fix out-of-bound memory access when calling smb3_notify()
at mount point (bsc#1012628).
- cifs: fix leak in cifs_smb3_do_mount() ctx (bsc#1012628).
- cifs: detect dead connections only when echoes are enabled
(bsc#1012628).
- cifs: fix regression when mounting shares with prefix paths
(bsc#1012628).
- smb2: fix use-after-free in smb2_ioctl_query_info()
(bsc#1012628).
- btrfs: handle remount to no compress during compression
(bsc#1012628).
- x86/build: Disable HIGHMEM64G selection for M486SX
(bsc#1012628).
- btrfs: fix metadata extent leak after failure to create
subvolume (bsc#1012628).
- intel_th: pci: Add Rocket Lake CPU support (bsc#1012628).
- btrfs: fix race between transaction aborts and fsyncs leading
to use-after-free (bsc#1012628).
- btrfs: zoned: fix unpaired block group unfreeze during device
replace (bsc#1012628).
- btrfs: zoned: fail mount if the device does not support zone
append (bsc#1012628).
- posix-timers: Preserve return value in clock_adjtime32()
(bsc#1012628).
- fbdev: zero-fill colormap in fbcmap.c (bsc#1012628).
- cpuidle: tegra: Fix C7 idling state on Tegra114 (bsc#1012628).
- bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices
first (bsc#1012628).
- staging: wimax/i2400m: fix byte-order issue (bsc#1012628).
- spi: ath79: always call chipselect function (bsc#1012628).
- spi: ath79: remove spi-master setup and cleanup assignment
(bsc#1012628).
- bus: mhi: pci_generic: No-Op for device_wake operations
(bsc#1012628).
- bus: mhi: core: Destroy SBL devices when moving to mission mode
(bsc#1012628).
- bus: mhi: core: Process execution environment changes serially
(bsc#1012628).
- crypto: api - check for ERR pointers in crypto_destroy_tfm()
(bsc#1012628).
- crypto: qat - fix unmap invalid dma address (bsc#1012628).
- usb: gadget: uvc: add bInterval checking for HS mode
(bsc#1012628).
- usb: webcam: Invalid size of Processing Unit Descriptor
(bsc#1012628).
- x86/sev: Do not require Hypervisor CPUID bit for SEV guests
(bsc#1012628).
- crypto: hisilicon/sec - fixes a printing error (bsc#1012628).
- genirq/matrix: Prevent allocation counter corruption
(bsc#1012628).
- usb: gadget: f_uac2: validate input parameters (bsc#1012628).
- usb: gadget: f_uac1: validate input parameters (bsc#1012628).
- usb: dwc3: gadget: Ignore EP queue requests during bus reset
(bsc#1012628).
- usb: xhci: Fix port minor revision (bsc#1012628).
- kselftest/arm64: mte: Fix compilation with native compiler
(bsc#1012628).
- ARM: tegra: acer-a500: Rename avdd to vdda of touchscreen node
(bsc#1012628).
- PCI: PM: Do not read power state in pci_enable_device_flags()
(bsc#1012628).
- kselftest/arm64: mte: Fix MTE feature detection (bsc#1012628).
- ARM: dts: BCM5301X: fix "reg" formatting in /memory node
(bsc#1012628).
- ARM: dts: ux500: Fix up TVK R3 sensors (bsc#1012628).
- x86/build: Propagate $(CLANG_FLAGS) to $(REALMODE_FLAGS)
(bsc#1012628).
- x86/boot: Add $(CLANG_FLAGS) to compressed KBUILD_CFLAGS
(bsc#1012628).
- efi/libstub: Add $(CLANG_FLAGS) to x86 flags (bsc#1012628).
- soc/tegra: pmc: Fix completion of power-gate toggling
(bsc#1012628).
- arm64: dts: imx8mq-librem5-r3: Mark buck3 as always on
(bsc#1012628).
- tee: optee: do not check memref size on return from Secure World
(bsc#1012628).
- soundwire: cadence: only prepare attached devices on clock stop
(bsc#1012628).
- perf/arm_pmu_platform: Use dev_err_probe() for IRQ errors
(bsc#1012628).
- perf/arm_pmu_platform: Fix error handling (bsc#1012628).
- random: initialize ChaCha20 constants with correct endianness
(bsc#1012628).
- usb: xhci-mtk: support quirk to disable usb2 lpm (bsc#1012628).
- fpga: dfl: pci: add DID for D5005 PAC cards (bsc#1012628).
- xhci: check port array allocation was successful before
dereferencing it (bsc#1012628).
- xhci: check control context is valid before dereferencing it
(bsc#1012628).
- xhci: fix potential array out of bounds with several
interrupters (bsc#1012628).
- xhci: prevent double-fetch of transfer and transfer event TRBs
(bsc#1012628).
- bus: mhi: core: Clear context for stopped channels from remove()
(bsc#1012628).
- bus: mhi: pci_generic: Implement PCI shutdown callback
(bsc#1012628).
- ARM: dts: at91: change the key code of the gpio key
(bsc#1012628).
- tools/power/x86/intel-speed-select: Increase string size
(bsc#1012628).
- platform/x86: ISST: Account for increased timeout in some cases
(bsc#1012628).
- clocksource/drivers/dw_apb_timer_of: Add handling for potential
memory leak (bsc#1012628).
- resource: Prevent irqresource_disabled() from erasing flags
(bsc#1012628).
- spi: dln2: Fix reference leak to master (bsc#1012628).
- spi: omap-100k: Fix reference leak to master (bsc#1012628).
- spi: qup: fix PM reference leak in spi_qup_remove()
(bsc#1012628).
- usb: dwc3: pci: add support for the Intel Alder Lake-M
(bsc#1012628).
- usb: gadget: tegra-xudc: Fix possible use-after-free in
tegra_xudc_remove() (bsc#1012628).
- usb: musb: fix PM reference leak in musb_irq_work()
(bsc#1012628).
- usb: core: hub: Fix PM reference leak in usb_port_resume()
(bsc#1012628).
- usb: dwc3: gadget: Check for disabled LPM quirk (bsc#1012628).
- tty: n_gsm: check error while registering tty devices
(bsc#1012628).
- intel_th: Consistency and off-by-one fix (bsc#1012628).
- phy: phy-twl4030-usb: Fix possible use-after-free in
twl4030_usb_remove() (bsc#1012628).
- crypto: sun4i-ss - Fix PM reference leak when
pm_runtime_get_sync() fails (bsc#1012628).
- crypto: sun8i-ss - Fix PM reference leak when
pm_runtime_get_sync() fails (bsc#1012628).
- crypto: sun8i-ce - Fix PM reference leak in sun8i_ce_probe()
(bsc#1012628).
- crypto: stm32/hash - Fix PM reference leak on stm32-hash.c
(bsc#1012628).
- crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c
(bsc#1012628).
- crypto: sa2ul - Fix PM reference leak in sa_ul_probe()
(bsc#1012628).
- crypto: omap-aes - Fix PM reference leak on omap-aes.c
(bsc#1012628).
- platform/x86: intel_pmc_core: Don't use global pmcdev in quirks
(bsc#1012628).
- spi: sync up initial chipselect state (bsc#1012628).
- btrfs: use btrfs_inode_lock/btrfs_inode_unlock inode lock
helpers (bsc#1012628).
- btrfs: fix race between marking inode needs to be logged and
log syncing (bsc#1012628).
- btrfs: fix exhaustion of the system chunk array due to
concurrent allocations (bsc#1012628).
- btrfs: do proper error handling in create_reloc_root
(bsc#1012628).
- btrfs: do proper error handling in btrfs_update_reloc_root
(bsc#1012628).
- btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s
(bsc#1012628).
- regulator: da9121: automotive variants identity fix
(bsc#1012628).
- drm: Added orientation quirk for OneGX1 Pro (bsc#1012628).
- drm/qxl: do not run release if qxl failed to init (bsc#1012628).
- drm/qxl: release shadow on shutdown (bsc#1012628).
- drm/ast: Fix invalid usage of AST_MAX_HWC_WIDTH in cursor
atomic_check (bsc#1012628).
- drm/amd/display: changing sr exit latency (bsc#1012628).
- drm/amd/display: Fix MPC OGAM power on/off sequence
(bsc#1012628).
- drm/amd/pm: do not issue message while write "r" into
pp_od_clk_voltage (bsc#1012628).
- drm/ast: fix memory leak when unload the driver (bsc#1012628).
- drm/amd/display: Check for DSC support instead of ASIC revision
(bsc#1012628).
- drm/amd/display: Don't optimize bandwidth before disabling
planes (bsc#1012628).
- drm/amd/display: Return invalid state if GPINT times out
(bsc#1012628).
- drm/amdgpu/display: buffer INTERRUPT_LOW_IRQ_CONTEXT interrupt
work (bsc#1012628).
- drm/amd/display/dc/dce/dce_aux: Remove duplicate line causing
'field overwritten' issue (bsc#1012628).
- scsi: lpfc: Fix incorrect dbde assignment when building target
abts wqe (bsc#1012628).
- scsi: lpfc: Fix pt2pt connection does not recover after LOGO
(bsc#1012628).
- scsi: lpfc: Fix status returned in lpfc_els_retry() error exit
path (bsc#1012628).
- scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN
(bsc#1012628).
- scsi: lpfc: Fix ADISC handling that never frees nodes
(bsc#1012628).
- drm/amd/pm/swsmu: clean up user profile function (bsc#1012628).
- drm/amdgpu: Fix some unload driver issues (bsc#1012628).
- sched/fair: Fix task utilization accountability in
compute_energy() (bsc#1012628).
- sched/pelt: Fix task util_est update filtering (bsc#1012628).
- sched/topology: fix the issue groups don't span domain->span
for NUMA diameter > 2 (bsc#1012628).
- kvfree_rcu: Use same set of GFP flags as does single-argument
(bsc#1012628).
- drm/virtio: fix possible leak/unlock virtio_gpu_object_array
(bsc#1012628).
- scsi: target: pscsi: Fix warning in pscsi_complete_cmd()
(bsc#1012628).
- media: ite-cir: check for receive overflow (bsc#1012628).
- media: drivers: media: pci: sta2x11: fix Kconfig dependency
on GPIOLIB (bsc#1012628).
- media: drivers/media/usb: fix memory leak in zr364xx_probe
(bsc#1012628).
- media: cx23885: add more quirks for reset DMA on some AMD IOMMU
(bsc#1012628).
- media: imx: capture: Return -EPIPE from
__capture_legacy_try_fmt() (bsc#1012628).
- atomisp: don't let it go past pipes array (bsc#1012628).
- power: supply: bq27xxx: fix power_avg for newer ICs
(bsc#1012628).
- extcon: arizona: Fix some issues when HPDET IRQ fires after
the jack has been unplugged (bsc#1012628).
- extcon: arizona: Fix various races on driver unbind
(bsc#1012628).
- media: venus: core, venc, vdec: Fix probe dependency error
(bsc#1012628).
- s390/qdio: let driver manage the QAOB (bsc#1012628).
- media: media/saa7164: fix saa7164_encoder_register() memory
leak bugs (bsc#1012628).
- media: gspca/sq905.c: fix uninitialized variable (bsc#1012628).
- media: v4l2-ctrls.c: initialize flags field of p_fwht_params
(bsc#1012628).
- power: supply: Use IRQF_ONESHOT (bsc#1012628).
- backlight: qcom-wled: Use sink_addr for sync toggle
(bsc#1012628).
- backlight: qcom-wled: Fix FSC update issue for WLED5
(bsc#1012628).
- drm/amdgpu: enable retry fault wptr overflow (bsc#1012628).
- drm/amdgpu: enable 48-bit IH timestamp counter (bsc#1012628).
- drm/amdgpu: mask the xgmi number of hops reported from psp to
kfd (bsc#1012628).
- drm/amdkfd: Fix UBSAN shift-out-of-bounds warning (bsc#1012628).
- drm/amd/display: Align cursor cache address to 2KB
(bsc#1012628).
- drm/amdgpu : Fix asic reset regression issue introduce by
8f211fe8ac7c4f (bsc#1012628).
- drm/amd/pm: fix workload mismatch on vega10 (bsc#1012628).
- drm/amd/display: Fix UBSAN warning for not a valid value for
type '_Bool' (bsc#1012628).
- drm/amd/display: DCHUB underflow counter increasing in some
scenarios (bsc#1012628).
- drm/amd/display: fix dml prefetch validation (bsc#1012628).
- drm/amd/display: Fix potential memory leak (bsc#1012628).
- scsi: qla2xxx: Always check the return value of
qla24xx_get_isp_stats() (bsc#1012628).
- drm/vkms: fix misuse of WARN_ON (bsc#1012628).
- block, bfq: fix weight-raising resume with !low_latency
(bsc#1012628).
- scsi: qla2xxx: Fix use after free in bsg (bsc#1012628).
- mmc: sdhci-esdhc-imx: validate pinctrl before use it
(bsc#1012628).
- mmc: sdhci-pci: Add PCI IDs for Intel LKF (bsc#1012628).
- mmc: sdhci-brcmstb: Remove CQE quirk (bsc#1012628).
- ata: ahci: Disable SXS for Hisilicon Kunpeng920 (bsc#1012628).
- drm/komeda: Fix bit check to import to value of proper type
(bsc#1012628).
- nvmet: return proper error code from discovery ctrl
(bsc#1012628).
- selftests/resctrl: Enable gcc checks to detect buffer overflows
(bsc#1012628).
- selftests/resctrl: Fix compilation issues for global variables
(bsc#1012628).
- selftests/resctrl: Fix compilation issues for other global
variables (bsc#1012628).
- selftests/resctrl: Clean up resctrl features check
(bsc#1012628).
- selftests/resctrl: Fix missing options "-n" and "-p"
(bsc#1012628).
- selftests/resctrl: Use resctrl/info for feature detection
(bsc#1012628).
- selftests/resctrl: Fix incorrect parsing of iMC counters
(bsc#1012628).
- selftests/resctrl: Fix checking for < 0 for unsigned values
(bsc#1012628).
- power: supply: cpcap-charger: fix small mistake in current to
register conversion (bsc#1012628).
- power: supply: cpcap-charger: Add usleep to cpcap charger to
avoid usb plug bounce (bsc#1012628).
- scsi: smartpqi: Use host-wide tag space (bsc#1012628).
- scsi: smartpqi: Correct request leakage during reset operations
(bsc#1012628).
- scsi: smartpqi: Add new PCI IDs (bsc#1012628).
- scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
(bsc#1012628).
- media: em28xx: fix memory leak (bsc#1012628).
- media: vivid: update EDID (bsc#1012628).
- media: uvcvideo: Fix XU id print in forward scan (bsc#1012628).
- media: uvcvideo: Support devices that report an OT as an entity
source (bsc#1012628).
- drm/msm/a6xx: Fix perfcounter oob timeout (bsc#1012628).
- drm/msm/dp: Fix incorrect NULL check kbot warnings in DP driver
(bsc#1012628).
- clk: socfpga: arria10: Fix memory leak of socfpga_clk on error
return (bsc#1012628).
- power: supply: generic-adc-battery: fix possible use-after-free
in gab_remove() (bsc#1012628).
- power: supply: s3c_adc_battery: fix possible use-after-free
in s3c_adc_bat_remove() (bsc#1012628).
- media: tc358743: fix possible use-after-free in
tc358743_remove() (bsc#1012628).
- media: adv7604: fix possible use-after-free in adv76xx_remove()
(bsc#1012628).
- media: i2c: adv7511-v4l2: fix possible use-after-free in
adv7511_remove() (bsc#1012628).
- media: i2c: tda1997: Fix possible use-after-free in
tda1997x_remove() (bsc#1012628).
- media: i2c: adv7842: fix possible use-after-free in
adv7842_remove() (bsc#1012628).
- media: platform: sti: Fix runtime PM imbalance in regs_show
(bsc#1012628).
- media: sun8i-di: Fix runtime PM imbalance in
deinterlace_start_streaming (bsc#1012628).
- media: dvb-usb: fix memory leak in dvb_usb_adapter_init
(bsc#1012628).
- media: gscpa/stv06xx: fix memory leak (bsc#1012628).
- sched/fair: Bring back select_idle_smt(), but differently
(bsc#1012628).
- sched/fair: Ignore percpu threads for imbalance pulls
(bsc#1012628).
- drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal
(bsc#1012628).
- drm/msm/mdp5: Do not multiply vclk line count by 100
(bsc#1012628).
- drm/amdgpu/ttm: Fix memory leak userptr pages (bsc#1012628).
- drm/radeon/ttm: Fix memory leak userptr pages (bsc#1012628).
- drm/amd/display: Fix debugfs link_settings entry (bsc#1012628).
- drm/amd/display: Fix UBSAN: shift-out-of-bounds warning
(bsc#1012628).
- drm/radeon: don't evict if not initialized (bsc#1012628).
- drm/amdkfd: Fix cat debugfs hang_hws file causes system crash
bug (bsc#1012628).
- amdgpu: avoid incorrect %hu format string (bsc#1012628).
- drm/amdgpu/display: fix memory leak for dimgrey cavefish
(bsc#1012628).
- drm/amd/display: Try YCbCr420 color when YCbCr444 fails
(bsc#1012628).
- drm/amdgpu: fix NULL pointer dereference (bsc#1012628).
- drm/amd/display: Update DCN302 SR Exit Latency (bsc#1012628).
- scsi: mpt3sas: Fix out-of-bounds warnings in
_ctl_addnl_diag_query (bsc#1012628).
- scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering
a LOGO response (bsc#1012628).
- scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp()
(bsc#1012628).
- scsi: lpfc: Fix error handling for mailboxes completed in
MBX_POLL mode (bsc#1012628).
- scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic
(bsc#1012628).
- mfd: intel-m10-bmc: Fix the register access range (bsc#1012628).
- mfd: da9063: Support SMBus and I2C mode (bsc#1012628).
- mfd: arizona: Fix rumtime PM imbalance on error (bsc#1012628).
- scsi: libfc: Fix a format specifier (bsc#1012628).
- perf: Rework perf_event_exit_event() (bsc#1012628).
- sched,fair: Alternative sched_slice() (bsc#1012628).
- block/rnbd-srv: Prevent a deadlock generated by accessing
sysfs in parallel (bsc#1012628).
- block/rnbd-clt: Fix missing a memory free when unloading the
module (bsc#1012628).
- io_uring: safer sq_creds putting (bsc#1012628).
- s390/archrandom: add parameter check for
s390_arch_random_generate (bsc#1012628).
- sched,psi: Handle potential task count underflow bugs more
gracefully (bsc#1012628).
- nvmet: avoid queuing keep-alive timer if it is disabled
(bsc#1012628).
- power: supply: cpcap-battery: fix invalid usage of list cursor
(bsc#1012628).
- ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer
(bsc#1012628).
- ALSA: hda/conexant: Re-order CX5066 quirk table entries
(bsc#1012628).
- ALSA: sb: Fix two use after free in snd_sb_qsound_build
(bsc#1012628).
- ALSA: usb-audio: Explicitly set up the clock selector
(bsc#1012628).
- ALSA: usb-audio: Add dB range mapping for Sennheiser
Communications Headset PC 8 (bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445 G7
(bsc#1012628).
- ALSA: hda/realtek: GA503 use same quirks as GA401 (bsc#1012628).
- ALSA: hda/realtek: fix mic boost on Intel NUC 8 (bsc#1012628).
- ALSA: hda/realtek - Headset Mic issue on HP platform
(bsc#1012628).
- ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops
(bsc#1012628).
- ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx
(bsc#1012628).
- tools/power/turbostat: Fix turbostat for AMD Zen CPUs
(bsc#1012628).
- btrfs: fix race when picking most recent mod log operation
for an old root (bsc#1012628).
- btrfs: fix a potential hole punching failure (bsc#1012628).
- arm64/vdso: Discard .note.gnu.property sections in vDSO
(bsc#1012628).
- Makefile: Move -Wno-unused-but-set-variable out of GCC only
block (bsc#1012628).
- riscv/kprobe: fix kernel panic when invoking sys_read traced
by kprobe (bsc#1012628).
- fs: fix reporting supported extra file attributes for statx()
(bsc#1012628).
- virtiofs: fix memory leak in virtio_fs_probe() (bsc#1012628).
- kcsan, debugfs: Move debugfs file creation out of early init
(bsc#1012628).
- ubifs: Only check replay with inode type to judge if inode
linked (bsc#1012628).
- f2fs: fix error handling in f2fs_end_enable_verity()
(bsc#1012628).
- f2fs: fix to avoid out-of-bounds memory access (bsc#1012628).
- mlxsw: spectrum_mr: Update egress RIF list before route's action
(bsc#1012628).
- openvswitch: fix stack OOB read while fragmenting IPv4 packets
(bsc#1012628).
- net/sched: sch_frag: fix stack OOB read while fragmenting IPv4
packets (bsc#1012628).
- ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe
failure (bsc#1012628).
- NFS: fs_context: validate UDP retrans to prevent shift
out-of-bounds (bsc#1012628).
- NFS: Don't discard pNFS layout segments that are marked for
return (bsc#1012628).
- NFSv4: Don't discard segments marked for return in
_pnfs_return_layout() (bsc#1012628).
- Input: ili210x - add missing negation for touch indication on
ili210x (bsc#1012628).
- jffs2: Fix kasan slab-out-of-bounds problem (bsc#1012628).
- jffs2: Hook up splice_write callback (bsc#1012628).
- iommu/vt-d: Force to flush iotlb before creating superpage
(bsc#1012628).
- powerpc/vdso: Separate vvar vma from vdso (bsc#1012628).
- powerpc/powernv: Enable HAIL (HV AIL) for ISA v3.1 processors
(bsc#1012628).
- powerpc/eeh: Fix EEH handling for hugepages in ioremap space
(bsc#1012628).
- powerpc/kexec_file: Use current CPU info while setting up FDT
(bsc#1012628).
- powerpc/32: Fix boot failure with CONFIG_STACKPROTECTOR
(bsc#1012628).
- powerpc: fix EDEADLOCK redefinition error in uapi/asm/errno.h
(bsc#1012628).
- powerpc/kvm: Fix PR KVM with KUAP/MEM_KEYS enabled
(bsc#1012628).
- powerpc/kvm: Fix build error when PPC_MEM_KEYS/PPC_PSERIES=n
(bsc#1012628).
- intel_th: pci: Add Alder Lake-M support (bsc#1012628).
- tpm: efi: Use local variable for calculating final log size
(bsc#1012628).
- tpm: vtpm_proxy: Avoid reading host log when using a virtual
device (bsc#1012628).
- crypto: arm/curve25519 - Move '.fpu' after '.arch'
(bsc#1012628).
- crypto: rng - fix crypto_rng_reset() refcounting when
!CRYPTO_STATS (bsc#1012628).
- md/raid1: properly indicate failure when ending a failed write
request (bsc#1012628).
- dm raid: fix inconclusive reshape layout on fast raid4/5/6
table reload sequences (bsc#1012628).
- fuse: fix write deadlock (bsc#1012628).
- mm: page_alloc: ignore init_on_free=1 for debug_pagealloc=1
(bsc#1012628).
- exfat: fix erroneous discard when clear cluster bit
(bsc#1012628).
- sfc: farch: fix TX queue lookup in TX flush done handling
(bsc#1012628).
- sfc: farch: fix TX queue lookup in TX event handling
(bsc#1012628).
- sfc: adjust efx->xdp_tx_queue_count with the real number of
initialized queues (bsc#1012628).
- rcu/nocb: Fix missed nocb_timer requeue (bsc#1012628).
- security: commoncap: fix -Wstringop-overread warning
(bsc#1012628).
- Fix misc new gcc warnings (bsc#1012628).
- smb3: when mounting with multichannel include it in requested
capabilities (bsc#1012628).
- smb3: if max_channels set to more than one channel request
multichannel (bsc#1012628).
- smb3: do not attempt multichannel to server which does not
support it (bsc#1012628).
- Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with
FUTEX_WAIT op") (bsc#1012628).
- futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI
(bsc#1012628).
- x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is
supported (bsc#1012628).
- kbuild: update config_data.gz only when the content of .config
is changed (bsc#1012628).
- ext4: annotate data race in start_this_handle() (bsc#1012628).
- ext4: annotate data race in jbd2_journal_dirty_metadata()
(bsc#1012628).
- ext4: fix check to prevent false positive report of incorrect
used inodes (bsc#1012628).
- ext4: do not set SB_ACTIVE in ext4_orphan_cleanup()
(bsc#1012628).
- ext4: always panic when errors=panic is specified (bsc#1012628).
- ext4: fix error code in ext4_commit_super (bsc#1012628).
- ext4: fix ext4_error_err save negative errno into superblock
(bsc#1012628).
- ext4: fix error return code in ext4_fc_perform_commit()
(bsc#1012628).
- ext4: allow the dax flag to be set and cleared on inline
directories (bsc#1012628).
- ext4: Fix occasional generic/418 failure (bsc#1012628).
- media: dvbdev: Fix memory leak in dvb_media_device_free()
(bsc#1012628).
- media: staging/intel-ipu3: Fix memory leak in imu_fmt
(bsc#1012628).
- media: staging/intel-ipu3: Fix set_fmt error handling
(bsc#1012628).
- media: staging/intel-ipu3: Fix race condition during set_fmt
(bsc#1012628).
- media: v4l2-ctrls: fix reference to freed memory (bsc#1012628).
- media: coda: fix macroblocks count control usage (bsc#1012628).
- media: venus: pm_helpers: Set opp clock name for v1
(bsc#1012628).
- media: venus: venc_ctrls: Change default header mode
(bsc#1012628).
- media: venus: hfi_cmds: Support plane-actual-info property
from v1 (bsc#1012628).
- media: venus: hfi_parser: Don't initialize parser on v1
(bsc#1012628).
- media: venus: hfi_parser: Check for instance after hfi platform
get (bsc#1012628).
- io_uring: remove extra sqpoll submission halting (bsc#1012628).
- io_uring: fix shared sqpoll cancellation hangs (bsc#1012628).
- io_uring: fix work_exit sqpoll cancellations (bsc#1012628).
- io_uring: Check current->io_uring in io_uring_cancel_sqpoll
(bsc#1012628).
- usb: gadget: dummy_hcd: fix gpf in gadget_setup (bsc#1012628).
- usb: gadget: Fix double free of device descriptor pointers
(bsc#1012628).
- usb: gadget/function/f_fs string table fix for multiple
languages (bsc#1012628).
- usb: dwc3: gadget: Remove FS bInterval_m1 limitation
(bsc#1012628).
- usb: dwc3: gadget: Fix START_TRANSFER link state check
(bsc#1012628).
- usb: dwc3: core: Do core softreset when switch mode
(bsc#1012628).
- usb: dwc2: Fix session request interrupt handler (bsc#1012628).
- PCI: dwc: Move iATU detection earlier (bsc#1012628).
- tty: fix memory leak in vc_deallocate (bsc#1012628).
- rsi: Use resume_noirq for SDIO (bsc#1012628).
- tools/power turbostat: Fix offset overflow issue in index
converting (bsc#1012628).
- tracing: Map all PIDs to command lines (bsc#1012628).
- tracing: Restructure trace_clock_global() to never block
(bsc#1012628).
- dm persistent data: packed struct should have an aligned()
attribute too (bsc#1012628).
- dm space map common: fix division bug in sm_ll_find_free_block()
(bsc#1012628).
- dm integrity: fix missing goto in bitmap_flush_interval error
handling (bsc#1012628).
- dm rq: fix double free of blk_mq_tag_set in dev remove after
table load fails (bsc#1012628).
- pinctrl: Ingenic: Add missing pins to the JZ4770 MAC MII group
(bsc#1012628).
- pinctrl: Ingenic: Add support for read the pin configuration
of X1830 (bsc#1012628).
- lib/vsprintf.c: remove leftover 'f' and 'F' cases from
bstr_printf() (bsc#1012628).
- thermal/drivers/cpufreq_cooling: Fix slab OOB issue
(bsc#1012628).
- thermal/core/fair share: Lock the thermal zone while looping
over instances (bsc#1012628).
- commit e0bb900
- sctp: delay auto_asconf init until binding the first addr
(CVE-2021-23133 bsc#1184675).
- Revert "net/sctp: fix race condition in sctp_destroy_sock"
(CVE-2021-23133 bsc#1184675).
- commit 6758015
- pinctrl: Add Xilinx ZynqMP pinctrl driver support (bsc#1185927).
- Update config files. (bsc#1185927)
- firmware: xilinx: Add pinctrl support (bsc#1185927).
- dt-bindings: pinctrl: Add binding for ZynqMP pinctrl driver
(bsc#1185927).
- pinctrl: Introduce MODE group in enum pin_config_param
(bsc#1185927).
- commit fce7e82
- Workaround for a crash in radeon driver (bsc#1185516).
- commit 66123af
- drm/i915/dp: Use slow and wide link training for everything
(bsc#1185601).
- commit 3d40a8d
- Delete patches.suse/Revert-drm-i915-Try-to-use-fast-narrow-link-on-eDP-a.patch
An upstream fix will follow
- commit 3da1f57
- Revert "drm/i915: Try to use fast+narrow link on eDP again
and fall back to the old max strategy on failure" (bsc#1185601).
- commit 6c0f44c
- Linux 5.12.2 (bsc#1012628).
- perf/core: Fix unconditional security_locked_down() call
(bsc#1012628).
- platform/x86: thinkpad_acpi: Correct thermal sensor allocation
(bsc#1012628).
- USB: Add reset-resume quirk for WD19's Realtek Hub
(bsc#1012628).
- USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet
(bsc#1012628).
- ALSA: usb-audio: Fix implicit sync clearance at stopping stream
(bsc#1012628).
- ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX
(bsc#1012628).
- ovl: allow upperdir inside lowerdir (bsc#1012628).
- ovl: fix leaked dentry (bsc#1012628).
- net: qrtr: Avoid potential use after free in MHI send
(bsc#1012628).
- bpf: Fix leakage of uninitialized bpf stack under speculation
(bsc#1012628).
- bpf: Fix masking negation logic upon negative dst register
(bsc#1012628).
- drm/i915: Disable runtime power management during shutdown
(bsc#1012628).
- net: usb: ax88179_178a: initialize local variables before use
(bsc#1012628).
- netfilter: conntrack: Make global sysctls readonly in non-init
netns (bsc#1012628).
- mips: Do not include hi and lo in clobber list for R6
(bsc#1012628).
- commit 85a2a31
- kernel-docs.spec.in: Build using an utf-8 locale.
Sphinx cannot handle UTF-8 input in non-UTF-8 locale.
- commit 0db6da1
- config: disable kfence by default (bsc#1185565)
Apperently the overhead of kfence is not as negligible as the help text
seemed to promise so that it seems more appropriate to disable kfence by
default by setting CONFIG_KFENCE_SAMPLE_INTERVAL to 0. Anyone who wants to
enable it can still do so using the kfence.sample_interval command line
parameter.
- commit 5d73dc7
- rpm/kernel-docs.spec.in: Add amscls as required for build.
[ 781s] ! LaTeX Error: File `amsthm.sty' not found.
- commit 1fd6a67
- Fix vanilla ppc64 build.
- commit f1085cb
- mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (bsc#1176576)
- commit 310b140
- mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (bsc#1176576)
- commit 3e41868
- rpm: drop /usr/bin/env in interpreter specification
OBS checks don't like /usr/bin/env in script interpreter lines but upstream
developers tend to use it. A proper solution would be fixing the depedency
extraction and drop the OBS check error but that's unlikely to happen so
that we have to work around the problem on our side and rewrite the
interpreter lines in scripts before collecting files for packages instead.
- commit 45c5c1a
- supported.conf: add USB Typec to installer (bsc#1184867)
- commit b13cba0
- scripts/git_sort/git_sort.py: Update nvme repositories
- commit e849c44
- Linux 5.12.1 (bsc#1012628).
- mei: me: add Alder Lake P device id (bsc#1012628).
- cfg80211: fix locking in netlink owner interface destruction
(bsc#1012628).
- iwlwifi: Fix softirq/hardirq disabling in
iwl_pcie_gen2_enqueue_hcmd() (bsc#1012628).
- USB: CDC-ACM: fix poison/unpoison imbalance (bsc#1012628).
- net: hso: fix NULL-deref on disconnect regression (bsc#1012628).
- commit 9f237a4
- powerpc/64: BE option to use ELFv2 ABI for big endian kernels
(BTFIDS vmlinux FAILED unresolved symbol vfs_truncate).
Update config files.
- commit 17ebdf1
- rpm/constraints.in: bump disk space to 45GB on riscv64
- commit f8b883f
- Update config files: fix armv7hl/lpae config (bsc#1152773)
CONFIG_OABI_COMPAT was left enabled mistakenly on lpae flavor, which
resulted in the disablement of CONFIG_SECCOMP_FILTER. Fix those.
CONFIG_OABI_COMPAT -> disabled
CONFIG_SECCOMP_FILTER=y
CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
Also corrected the following with the update:
CONFIG_HAVE_ARCH_AUDITSYSCALL=y
CONFIG_AUDITSYSCALL=y
CONFIG_FPE_NWFPE -> removed
CONFIG_FPE_NWFPE_XP -> removed
CONFIG_FPE_FASTFPE -> removed
- commit 644711e
==== kexec-tools ====
Version update (2.0.21 -> 2.0.22)
- Bump version to 2.0.21
- Drop patches from upstream git:
* kexec-tools-video-capability.patch
==== kubernetes ====
Subpackages: kubernetes-client kubernetes-kubeadm kubernetes-kubelet
- Bump kubernetes-*-minus1 to 1.20.6
==== kubernetes1.21 ====
Subpackages: kubernetes1.21-client kubernetes1.21-client-common kubernetes1.21-kubeadm kubernetes1.21-kubelet kubernetes1.21-kubelet-common
- Revert remove workaround in 10-kubeadm.conf - still needed [boo#1186125]
- Remove workaround in 10-kubeadm.conf for boo#1171770 causing sysctl values to be reset
==== libXfixes ====
Version update (5.0.3 -> 6.0.0)
- Update to version 6.0.0
* The big new feature here is support for the new
ClientDisconnectMode. From the corresponding
xorgproto announcement:
An X server that is started on demand (Xwayland) should ideally
also terminate when the last client disconnects. However, some
X11 clients that provide system services will linger around
forever, preventing that shutdown.
* With the new XFixes request, a client can designate itself as
to-be-terminated and the X server can ignore those clients when
counting the number of remaining clients. If no other clients
are left, the server can shut down.
* Note that this requires changes to the X server and each
client to work.
==== libcontainers-common ====
- Update common to 0.37.0
- Update podman to 3.1.2
- Update storage to 1.30.1
- Update image to 5.11.1
==== libpng16 ====
- install rpm macros in %{_rpmmacrodir} [bsc#1185661]
- call spec-cleaner
==== libxkbcommon ====
Version update (1.2.1 -> 1.3.0)
- Update to release 1.3.0
* `xkbcli list` was changed to output YAML instead of a
custom format.
* Fix segmentation fault in case-insensitive
`xkb_keysym_from_name` for certain values like the empty
string.
==== libxml2 ====
Subpackages: libxml2-2 libxml2-tools
- Security fix: [bsc#1185698, CVE-2021-3537]
* NULL pointer dereference in valid.c:xmlValidBuildAContentModel
* Add libxml2-CVE-2021-3537.patch
==== lua54 ====
- Add shared_link.patch: fix dynamic linking executable
- Stop building static library
==== microos-tools ====
Version update (2.9 -> 2.10)
- Update to version 2.10
- Fixes and improvements for SELinux support
- Add devel tools
==== ncurses ====
Version update (6.2.20210424 -> 6.2.20210501)
Subpackages: libncurses6 ncurses-utils terminfo-base
- Add ncurses patch 20210501
+ add a special case in the configure script to work around one of the
build-time breakages reported for OpenBSD 6 here:
https://www.mail-archive.com/bugs@openbsd.org/msg13200.html
There is no workaround for the other issue, a broken linker spec.
+ modify configure check for libtool to prevent accidental use of an
OpenBSD program which uses the same name.
+ update config.guess, config.sub
- Correct offsets of patch ncurses-6.2.dif
==== nfs-utils ====
Subpackages: libnfsidmap1 nfs-client
- Add 0001-Replace-all-var-run-with-run.patch
Use /run instead of /var/run
(bsc#1185170)
==== nvme-cli ====
Version update (1.13 -> 1.14)
- update to 1.14
* nvme-discover: add json output
* nvme: add support for lba status log page
* nvme: add support for endurance group event aggregate log
* nvme: add endurance group event configuration feature
* nvme: add latest opcodes for command supported and effects log
* zns: print select_all field for Zone Management Send
* print topology for NVMe nodes in kernel and path
* nvme: add support for predictable latency event aggregate log page
* nvme: add support for persistent event log page
* Show more async event config fields
==== oath-toolkit ====
Version update (2.6.6 -> 2.6.7)
Subpackages: liboath0 oath-toolkit-xml
- Update to version 2.6.7
* pam_oath: Support variables in usersfile string parameter.
These changes introduce the ${USER} and ${HOME} placeholder
values for the usersfile string in the pam_oath configuration
file. The placeholder values allow the user credentials file
to be stored in a file path that is relative to the user, and
mimics similar behavior found in google-authenticator-libpam.
The motivation for these changes is to allow for
non-privileged processes to use pam_oath (e.g., for 2FA with
xscreensaver). Non-privileged and non-suid programs are
unable to use pam_oath. These changes are a proposed
alternative to a suid helper binary as well.
* doc: Fix project URL in man pages.
* build: Drop use of libxml's AM_PATH_XML2 in favor of pkg-config.
* build: Modernize autotools usage.
Most importantly, no longer use -Werror with AM_INIT_AUTOMAKE
to make rebuilding from source more safe with future automake
versions.
* Updated gnulib files.
==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0
- Merge latest upstream, which added fix (bsc#1185930):
* Set default 'startup' to 'onboot' for FW nodes
==== open-vm-tools ====
Subpackages: libvmtools0
- Add open-vm-tools-pollGtk.patch: Fixes boo#1185103 GCC 11: open-vm-tools
package fails.
==== patterns-base ====
Subpackages: patterns-base-apparmor patterns-base-bootloader patterns-base-minimal_base
- Don't recommend syslinux and binutils in enhanced_base
==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap
Added the following to the pattern:
- glibc-locale to the desktop common pattern as it's necessary to
choose a different language in Gnome settings
- ModemManager to the DVD only pattern. So I can choose it in the
software section during install. For times there is no WiFi or
Ethernet, but a WWAN modem is available to the system.
==== python-Babel ====
Version update (2.9.0 -> 2.9.1)
- update to 2.9.1:
* The internal locale-data loading functions now validate the name of the
locale file to be loaded and only allow files within Babel's data directory.
==== python-psutil ====
- remove the dependency on net-tools, since it conflicts with
busybox-hostnmame which is default on MicroOS. boo#1184753
==== python-six ====
Version update (1.15.0 -> 1.16.0)
- update to 1.16.0:
- Port _SixMetaPathImporter to Python 3.10.
==== python38 ====
Version update (3.8.9 -> 3.8.10)
- Update to 3.8.10:
- Security
- bpo-43434: Creating a sqlite3.Connection object now also
produces a sqlite3.connect auditing event. Previously this
event was only produced by sqlite3.connect() calls. Patch
by Erlend E. Aasland.
- bpo-43472: Ensures interpreter-level audit hooks receive
the cpython.PyInterpreterState_New event when called
through the _xxsubinterpreters module.
- bpo-43075: Fix Regular Expression Denial of Service (ReDoS)
vulnerability in urllib.request.AbstractBasicAuthHandler.
The ReDoS-vulnerable regex has quadratic worst-case
complexity and it allows cause a denial of service when
identifying crafted invalid RFCs. This ReDoS issue is on
the client side and needs remote attackers to control the
HTTP server.
- Core and Builtins
- bpo-43105: Importlib now resolves relative paths when
creating module spec objects from file locations.
- bpo-42924: Fix bytearray repetition incorrectly copying
data from the start of the buffer, even if the data is
offset within the buffer (e.g. after reassigning a slice at
the start of the bytearray to a shorter byte string).
- Library
- bpo-43993: Update bundled pip to 21.1.1.
- bpo-43937: Fixed the turtle module working with non-default
root window.
- bpo-43930: Update bundled pip to 21.1 and setuptools to
56.0.0
- bpo-43920: OpenSSL 3.0.0: load_verify_locations() now
returns a consistent error message when cadata contains no
valid certificate.
- bpo-43607: urllib can now convert Windows paths with \\?\
prefixes into URL paths.
- bpo-43284: platform.win32_ver derives the windows version
from sys.getwindowsversion().platform_version which in turn
derives the version from kernel32.dll (which can be of
a different version than Windows itself). Therefore change
the platform.win32_ver to determine the version using the
platform module?s _syscmd_ver private function to return an
accurate version.
- bpo-42248: [Enum] ensure exceptions raised in _missing__
are released
- bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1
to suppress deprecation warnings. Python requires OpenSSL
1.1.1 APIs.
- bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants
(OpenSSL 3.0.0)
- bpo-43789: OpenSSL 3.0.0: Don?t call the password callback
function a second time when first call has signaled an
error condition.
- bpo-43788: The header files for ssl error codes are now
OpenSSL version-specific. Exceptions will now show correct
reason and library codes. The make_ssl_data.py script has
been rewritten to use OpenSSL?s text file with error codes.
- bpo-43655: tkinter dialog windows are now recognized as
dialogs by window managers on macOS and X Window.
- bpo-43534: turtle.textinput() and turtle.numinput() create
now a transient window working on behalf of the canvas
window.
- bpo-43522: Fix problem with hostname_checks_common_name.
OpenSSL does not copy hostflags from struct SSL_CTX to
struct SSL.
- bpo-42967: Allow bytes separator argument in
urllib.parse.parse_qs and urllib.parse.parse_qsl when
parsing str query strings. Previously, this raised
a TypeError.
- bpo-43176: Fixed processing of a dataclass that inherits
from a frozen dataclass with no fields. It is now correctly
detected as an error.
- bpo-34463: Fixed discrepancy between traceback and the
interpreter in formatting of SyntaxError with lineno not
set (traceback was changed to match interpreter).
- bpo-41735: Fix thread locks in zlib module may go wrong in
rare case. Patch by Ma Lin.
- bpo-26053: Fixed bug where the pdb interactive run command
echoed the args from the shell command line, even if those
have been overridden at the pdb prompt.
- bpo-36470: Fix dataclasses with InitVars and replace().
Patch by Claudiu Popa.
- bpo-28577: The hosts method on 32-bit prefix length
IPv4Networks and 128-bit prefix IPv6Networks now returns
a list containing the single Address instead of an empty
list.
- bpo-32745: Fix a regression in the handling of ctypes?
ctypes.c_wchar_p type: embedded null characters would cause
a ValueError to be raised. Patch by Zackery Spytz.
- Documentation
- bpo-43959: The documentation on the PyContextVar C-API was
clarified.
- bpo-43938: Update dataclasses documentation to express that
FrozenInstanceError is derived from AttributeError.
- bpo-43739: Fixing the example code in
Doc/extending/extending.rst to declare and initialize the
pmodule variable to be of the right type.
- Tests
- bpo-43842: Fix a race condition in the SMTP test of
test_logging. Don?t close a file descriptor (socket) from
a different thread while asyncore.loop() is polling the
file descriptor. Patch by Victor Stinner.
- bpo-43811: Tests multiple OpenSSL versions on GitHub
Actions. Use ccache to speed up testing.
- bpo-43791: OpenSSL 3.0.0: Disable testing of legacy
protocols TLS 1.0 and 1.1. Tests are failing with
TLSV1_ALERT_INTERNAL_ERROR.
- IDLE
- bpo-43655: IDLE dialog windows are now recognized as
dialogs by window managers on macOS and X Window.
- C API
- bpo-43962: _PyInterpreterState_IDIncref() now calls
_PyInterpreterState_IDInitref() and always increments
id_refcount. Previously, calling
_xxsubinterpreters.get_current() could create an
id_refcount inconsistency when
a _xxsubinterpreters.InterpreterID object was deallocated.
Patch by Victor Stinner.
- Reapplied patches:
- CVE-2019-5010-null-defer-x509-cert-DOS.patch
- F00102-lib64.patch
- SUSE-FEDORA-multilib.patch
- bpo-31046_ensurepip_honours_prefix.patch
- python-3.3.0b1-fix_date_time_compiler.patch
- Make sure to close the import_failed.map file after the exception
has been raised in order to avoid ResourceWarnings when the
failing import is part of a try...except block.
==== python38-core ====
Version update (3.8.9 -> 3.8.10)
Subpackages: libpython3_8-1_0 python38-base
- Update to 3.8.10:
- Security
- bpo-43434: Creating a sqlite3.Connection object now also
produces a sqlite3.connect auditing event. Previously this
event was only produced by sqlite3.connect() calls. Patch
by Erlend E. Aasland.
- bpo-43472: Ensures interpreter-level audit hooks receive
the cpython.PyInterpreterState_New event when called
through the _xxsubinterpreters module.
- bpo-43075: Fix Regular Expression Denial of Service (ReDoS)
vulnerability in urllib.request.AbstractBasicAuthHandler.
The ReDoS-vulnerable regex has quadratic worst-case
complexity and it allows cause a denial of service when
identifying crafted invalid RFCs. This ReDoS issue is on
the client side and needs remote attackers to control the
HTTP server.
- Core and Builtins
- bpo-43105: Importlib now resolves relative paths when
creating module spec objects from file locations.
- bpo-42924: Fix bytearray repetition incorrectly copying
data from the start of the buffer, even if the data is
offset within the buffer (e.g. after reassigning a slice at
the start of the bytearray to a shorter byte string).
- Library
- bpo-43993: Update bundled pip to 21.1.1.
- bpo-43937: Fixed the turtle module working with non-default
root window.
- bpo-43930: Update bundled pip to 21.1 and setuptools to
56.0.0
- bpo-43920: OpenSSL 3.0.0: load_verify_locations() now
returns a consistent error message when cadata contains no
valid certificate.
- bpo-43607: urllib can now convert Windows paths with \\?\
prefixes into URL paths.
- bpo-43284: platform.win32_ver derives the windows version
from sys.getwindowsversion().platform_version which in turn
derives the version from kernel32.dll (which can be of
a different version than Windows itself). Therefore change
the platform.win32_ver to determine the version using the
platform module?s _syscmd_ver private function to return an
accurate version.
- bpo-42248: [Enum] ensure exceptions raised in _missing__
are released
- bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1
to suppress deprecation warnings. Python requires OpenSSL
1.1.1 APIs.
- bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants
(OpenSSL 3.0.0)
- bpo-43789: OpenSSL 3.0.0: Don?t call the password callback
function a second time when first call has signaled an
error condition.
- bpo-43788: The header files for ssl error codes are now
OpenSSL version-specific. Exceptions will now show correct
reason and library codes. The make_ssl_data.py script has
been rewritten to use OpenSSL?s text file with error codes.
- bpo-43655: tkinter dialog windows are now recognized as
dialogs by window managers on macOS and X Window.
- bpo-43534: turtle.textinput() and turtle.numinput() create
now a transient window working on behalf of the canvas
window.
- bpo-43522: Fix problem with hostname_checks_common_name.
OpenSSL does not copy hostflags from struct SSL_CTX to
struct SSL.
- bpo-42967: Allow bytes separator argument in
urllib.parse.parse_qs and urllib.parse.parse_qsl when
parsing str query strings. Previously, this raised
a TypeError.
- bpo-43176: Fixed processing of a dataclass that inherits
from a frozen dataclass with no fields. It is now correctly
detected as an error.
- bpo-34463: Fixed discrepancy between traceback and the
interpreter in formatting of SyntaxError with lineno not
set (traceback was changed to match interpreter).
- bpo-41735: Fix thread locks in zlib module may go wrong in
rare case. Patch by Ma Lin.
- bpo-26053: Fixed bug where the pdb interactive run command
echoed the args from the shell command line, even if those
have been overridden at the pdb prompt.
- bpo-36470: Fix dataclasses with InitVars and replace().
Patch by Claudiu Popa.
- bpo-28577: The hosts method on 32-bit prefix length
IPv4Networks and 128-bit prefix IPv6Networks now returns
a list containing the single Address instead of an empty
list.
- bpo-32745: Fix a regression in the handling of ctypes?
ctypes.c_wchar_p type: embedded null characters would cause
a ValueError to be raised. Patch by Zackery Spytz.
- Documentation
- bpo-43959: The documentation on the PyContextVar C-API was
clarified.
- bpo-43938: Update dataclasses documentation to express that
FrozenInstanceError is derived from AttributeError.
- bpo-43739: Fixing the example code in
Doc/extending/extending.rst to declare and initialize the
pmodule variable to be of the right type.
- Tests
- bpo-43842: Fix a race condition in the SMTP test of
test_logging. Don?t close a file descriptor (socket) from
a different thread while asyncore.loop() is polling the
file descriptor. Patch by Victor Stinner.
- bpo-43811: Tests multiple OpenSSL versions on GitHub
Actions. Use ccache to speed up testing.
- bpo-43791: OpenSSL 3.0.0: Disable testing of legacy
protocols TLS 1.0 and 1.1. Tests are failing with
TLSV1_ALERT_INTERNAL_ERROR.
- IDLE
- bpo-43655: IDLE dialog windows are now recognized as
dialogs by window managers on macOS and X Window.
- C API
- bpo-43962: _PyInterpreterState_IDIncref() now calls
_PyInterpreterState_IDInitref() and always increments
id_refcount. Previously, calling
_xxsubinterpreters.get_current() could create an
id_refcount inconsistency when
a _xxsubinterpreters.InterpreterID object was deallocated.
Patch by Victor Stinner.
- Reapplied patches:
- CVE-2019-5010-null-defer-x509-cert-DOS.patch
- F00102-lib64.patch
- SUSE-FEDORA-multilib.patch
- bpo-31046_ensurepip_honours_prefix.patch
- python-3.3.0b1-fix_date_time_compiler.patch
- Make sure to close the import_failed.map file after the exception
has been raised in order to avoid ResourceWarnings when the
failing import is part of a try...except block.
==== readline ====
- Add official patch readline81-001 and its signature
* The code to check readline versions in an inputrc file had the sense of the
comparisons reversed.
==== rook ====
Version update (1.5.10+git4.g309ad2f64 -> 1.6.2+git0.ge8fd65f08)
- Update to v1.6.2
* Set base Ceph operator image and example deployments to v16.2.2
* Update snapshot APIs from v1beta1 to v1
* Documentation for creating static PVs
* Allow setting primary-affinity for the OSD
* Remove unneeded debug log statements
* Preserve volume claim template annotations during upgrade
* Allow re-creating erasure coded pool with different settings
* Double mon failover timeout during a node drain
* Remove unused volumesource schema from CephCluster CRD
* Set the device class on raw mode osds
* External cluster schema fix to allow not setting mons
* Add phase to the CephFilesystem CRD
* Generate full schema for volumeClaimTemplates in the CephCluster CRD
* Automate upgrades for the MDS daemon to properly scale down and scale up
* Add Vault KMS support for object stores
* Ensure object store endpoint is initialized when creating an object user
* Support for OBC operations when RGW is configured with TLS
* Preserve the OSD topology affinity during upgrade for clusters on PVCs
* Unify timeouts for various Ceph commands
* Allow setting annotations on RGW service
* Expand PVC size of mon daemons if requested
- Update to v1.6.1
* Disable host networking by default in the CSI plugin with option to enable
* Fix the schema for erasure-coded pools so replication size is not required
* Improve node watcher for adding new OSDs
* Operator base image updated to v16.2.1
* Deployment examples updated to Ceph v15.2.11
* Update Ceph-CSI to v3.3.1
* Allow any device class for the OSDs in a pool instead of restricting the schema
* Fix metadata OSDs for Ceph Pacific
* Allow setting the initial CRUSH weight for an OSD
* Fix object store health check in case SSL is enabled
* Upgrades now ensure latest config flags are set for MDS and RGW
* Suppress noisy RGW log entry for radosgw-admin commands
- Update to v1.6.0
* Removed Storage Providers
* CockroachDB
* EdgeFS
* YugabyteDB
* Ceph
* Support for creating OSDs via Drive Groups was removed.
* Ceph Pacific (v16) support
* CephFilesystemMirror CRD to support mirroring of CephFS volumes with Pacific
* Ceph CSI Driver
* CSI v3.3.0 driver enabled by default
* Volume Replication Controller for improved RBD replication support
* Multus support
* GRPC metrics disabled by default
* Ceph RGW
* Extended the support of vault KMS configuration
* Scale with multiple daemons with a single deployment instead of a separate deployment for each rgw daemon
* OSDs
* LVM is no longer used to provision OSDs
* More efficient updates for multiple OSDs at the same time
* Multiple Ceph mgr daemons are supported for stretch clusters
and other clusters where HA of the mgr is critical (set count: 2 under mgr in the CephCluster CR)
* Pod Disruption Budgets (PDBs) are enabled by default for Mon,
RGW, MDS, and OSD daemons. See the disruption management settings.
* Monitor failover can be disabled, for scenarios where
maintenance is planned and automatic mon failover is not desired
* CephClient CRD has been converted to use the controller-runtime library
==== runc ====
Version update (1.0.0~rc93 -> 1.0.0~rc94)
- Update to runc v1.0.0~rc94. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94
Breaking Changes:
* cgroupv1: kernel memory limits are now always ignored, as kmemcg has
been effectively deprecated by the kernel. Users should make use of regular
memory cgroup controls.
Regression Fixes:
* seccomp: fix 32-bit compilation errors
* runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
* runc start: fix "chdir to cwd: permission denied" for some setups
- Remove upstreamed patches:
- 0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch
==== shim ====
- shim-install: always assume "removable" for Azure to avoid the
endless reset loop (bsc#1185464)
- Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the
maximum variable size check for u-boot (bsc#1185621)
- Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
to handle ignore_db and user_insecure_mode correctly
(bsc#1185441)
==== snapper ====
Subpackages: libsnapper5
- fixed systemd sandboxing (gh#openSUSE/snapper#651)
==== sudo ====
Version update (1.9.6p1 -> 1.9.7)
- update to 1.9.7
* The "fuzz" Makefile target now runs all the fuzzers for 8192
passes (can be overridden via the FUZZ_RUNS variable). This makes
it easier to run the fuzzers in-tree. To run a fuzzer indefinitely,
set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz".
* Fixed fuzzing on FreeBSD where the ld.lld linker returns an
error by default when a symbol is multiply-defined.
* Added support for determining local IPv6 addresses on systems
that lack the getifaddrs() function. This now works on AIX,
HP-UX and Solaris (at least). Bug #969.
* Fixed a bug introduced in sudo 1.9.6 that caused "sudo -V" to
report a usage error. Also, when invoked as sudoedit, sudo now
allows a more restricted set of options that matches the usage
statement and documentation. GitHub issue #95.
* Fixed a crash in sudo_sendlog when the specified certificate
or key does not exist or is invalid. Bug #970
* Fixed a compilation error when sudo is configured with the
- -disable-log-client option.
* Sudo's limited support for SUCCESS=return entries in nsswitch.conf
is now documented. Bug #971.
* Sudo now requires autoconf 2.70 or higher to regenerate the
configure script. Bug #972.
* sudo_logsrvd now has a relay mode which can be used to create
a hierarchy of log servers. By default, when a relay server is
defined, messages from the client are forwarded immediately to
the relay. However, if the "store_first" setting is enabled,
the log will be stored locally until the command completes and
then relayed. Bug #965.
* Sudo now links with OpenSSL by default if it is available unless
the --disable-openssl configure option is used or both the
- -disable-log-client and --disable-log-server configure options
are specified.
* Fixed configure's Python version detection when the version minor
number is more than a single digit, for example Python 3.10.
* The sudo Python module tests now pass for Python 3.10.
* Sudo will now avoid changing the datasize resource limit
as long as the existing value is at least 1GB. This works around
a problem on 64-bit HP-UX where it is not possible to exactly
restore the original datasize limit. Bug #973.
* Fixed a race condition that could result in a hang when sudo is
executed by a process where the SIGCHLD handler is set to SIG_IGN.
This fixes the bug described by GitHub PR #98.
* Fixed an out-of-bounds read in sudoedit and visudo when the
EDITOR, VISUAL or SUDO_EDITOR environment variables end in an
unescaped backslash. Also fixed the handling of quote characters
that are escaped by a backslash. GitHub issue #99.
* Fixed a bug that prevented the "log_server_verify" sudoers option
from taking effect.
* The sudo_sendlog utility has a new -s option to cause it to stop
sending I/O records after a user-specified elapsed time. This
can be used to test the I/O log restart functionality of sudo_logsrvd.
* Fixed a crash introduced in sudo 1.9.4 in sudo_logsrvd when
attempting to restart an interrupted I/O log transfer.
* The TLS connection timeout in the sudoers log client was previously
hard-coded to 10 seconds. It now uses the value of log_server_timeout.
* The configure script now outputs a summary of the user-configurable
options at the end, separate from output of configure script tests.
Bug #820.
* Corrected the description of which groups may be specified via the
- g option in the Runas_Spec section. Bug #975.
==== sysuser-tools ====
- Use /usr/sbin/nologin instead of /sbin/nologin